WTH Security News July 27, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to: SIGRed is a 15-year-old Windows DNS Server vulnerability. When exploited, this is wormable. The last major wormable exploit brought us Wannacry, so this one is worth taking seriously with patching and mitigations. Kevin Beaumont wrote a nice blog titled Detecting DNS CVE-2020–1350 exploitation attempts…

Details

WTH Security News July 13, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to: CVE-2020-1425 and CVE-2020-1457 are Emergency Windows Updates. However, they are available only from the Microsoft Store. They both address a critical Microsoft Windows Codecs Library Remote Code Execution Vulnerability. Cyber Command backs ‘urgent’ patch for F5 security vulnerability. Here’s a major bug in widely used networking gear…

Details

WTH Security News July 6, 2020

100s of millions of devices, including medical, vulnerable to attack. Dubbed Ripple20 (research source), these are zero-day vulnerabilities that may or may not ever be patched. More reason than ever to have proper network isolation, NAC (Network Access Control) and Egress control. How police secretly took over a global phone network for organized crime. Lesson: believing…

Details

WTH Security News June 29, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to: The Internet’s New Arms Dealers: Malicious Domain Registrars. Google removed 106 malicious Chrome extensions collecting sensitive user data. It is worth noting that DTTS� (Don’t Talk To Strangers) prevents these extensions from working even when installed. Netgear Routers need urgent replacement or…

Details

WTH Security News June 15, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to: CallStranger vulnerability lets attacks bypass security systems and scan LANs. CallStranger is a good reminder that we usually don’t need uPnP in business. Test yours at ShieldsUp. The apropos-named and patented Don’t Talk To Strangers (DTTS) allows uPnP to be enabled without the CallStranger risk.…

Details