Your weekly top 5 technical and security issues Nerds should pay attention to:
The Internet’s New Arms Dealers: Malicious Domain Registrars. Google removed 106 malicious Chrome extensions collecting sensitive user data. It is worth noting that DTTS� (Don’t Talk To Strangers) prevents these extensions from working even when installed.
Netgear Routers need urgent replacement or upgrades. Steve Gibson writes “An unpatched zero-day vulnerability exists in 79 Netgear router models. The vulnerability allows an attacker to take full control over any of 79 Netgear devices from within the LAN… Even from code running inside a user’s web browser.” in Security Now 772 show-notes.
Distribute Denials of Service continue to grow. Even though such reports aren’t in our daily news cycle anymore, the ability of malicious actors continues to grow as we can see in this Amazon AWS report.
Former Maersk employee details the notPetya malware attack. It really is worth it to read this, and especially the lessons learned part. The Principle of Least Privilege, for example.
Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files. While the threat hunters and anti-malware can catch this now that it’s known, these types of threats are proactively blocked using a “block-all, allow some” philosophy instead.
Did you know?
Activation locks on iPads are rendering them absolutely useless. However, MDM devices via ABM (Apple Business Manager), formerly DEP are immune to this. A malicious person with access to your device cannot brick an ABM device with activation lock. This alone makes MDM a worthwhile standard for any business-owned iOS devices.