Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:
SolarWinds Hackers Continue to Hit Technology Companies, Says Microsoft. We already know that supply chain attacks are an area of concern going forward. Now it seems the same group behind Solarigate is continuing to hit companies. It is clear that our collective defenses are not yet where they need to be.
FIS’s Worldpay Replaces PAX Terminals Over Security Concerns. This is after Brian Krebs reported that the FBI Raids Chinese Point-of-Sale Giant PAX Technology. There’s too much to unpack during this segment but it’s worth a read in detail.
Location Data Firm Got GPS Data From Apps Even When People Opted Out. The lesson in this one is that relying on apps alone not to track you has shown us time and again, that it doesn’t work. However, what these data brokers do have in common is that they use domains that can be filtered. HUQ, for example, uses api.huq.io which is blocked by default with default deployments of adam:ONE, for example and probably with other security filters as well.
Node poisoning: hijacked package delivers coin miner and credential-stealing backdoor. Millions of developers and system administrators have their work cut out to see what damage may have incurred after this backdoor.
Microsoft reports SIP-bypassing “Shrootless” vulnerability in macOS. As much as we are frustrated with insecurity of all vendors, including Apple, we give them one compliment: they generally patch fast, though not always. It does mean that you do need to stay current and updated at all times, no matter what platform you’re on. Either choose a management platform so it’s done for you, or you do it yourself, but it is a necessary part to maintain a security posture.
Did you know?
The app on your mac you maybe didn’t know you needed is rectangleapp.com. Even though others exist, such as Magnet, I find the keyboard shortcut defaults on rectangleapp just so perfect when you’re working with multiple apps or browser windows you want to see at the same time, but want to maximize the real estate and minimize distractions.
For a video version of this see https://youtu.be/KOTbWz3II2U