Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:
Exchange/Outlook autodiscover bug exposed 100,000+ email passwords. Oh ouch. Back in 2007 when Microsoft created this protocol, it wasn’t yet a “Security First” kind of thought process. It’s unclear how this bug will ever be solved for good, because autodiscover client software is so widely distributed. Every single company on Exchange or Office365 is vulnerable to this unless you use MFA if you aren’t already. Start today.
2021 has broken the record for zero-day hacking attacks. This trend is a little scary, but it is definitely a complicated trend, partly because we as defenders have better platforms today but also security researchers are working for bounties while zero days fetch more money in the black market than ever.
Zero-day flaw allows remote code execution even on fully-patched Macs. A security researcher found that Apple has only partially fixed a security flaw affecting all versions of macOS. The company tried to fix the problem silently but failed to do so, leaving millions of Macs vulnerable to remote code execution without any warning or prompt. For now, on a Mac, don’t open any attachments ending in .inetloc.
Let’s Encrypt’s Root Certificate is expiring! On Thursday of this week at 10:01:15, a good chunk of the internet will break for devices, including
OpenSSL <= 1.0.2
Windows < XP SP3
macOS < 10.12.1
iOS < 10 (iPhone 5 is the lowest model that can get to iOS 10)
Android < 7.1.1 (but >= 2.3.6 will work if served ISRG Root X1 cross-sign)
Mozilla Firefox < 50
Ubuntu < 16.04
Debian < 8
Java 8 < 8u141
Java 7 < 7u151
NSS < 3.26
Amazon FireOS (Silk Browser)
Thousands of Netgear routers can be hacked — here’s what to do. Ironically it is parental control software that’s at the root of this hackability. If you have any one of the affected models, you want to upgrade and patch the firmware as soon as possible.
Did you know?
Even The NSA and CIA Use Ad Blockers Because Online Advertising Is So Dangerous. One of the simplest ways to have this built in is to switch to the Brave browser. Enjoy your journey of safer browsing! And, of course, on the mobile side of things you need router-based ad blocking so I will of course, shamelessly let you know adam:ONE is your best option.
For a video version of this see: https://youtu.be/JV8OUm56Edc