Your weekly top 5 technical and security issues Nerds should pay attention to: Zerologon attack lets hackers take over enterprise networks. Or smaller networks. Or any Active Directory that isn’t patched. If an environment carries the risk of a potential implant attack, additional preventive measures of zero trust are a must. Equinix data center giant…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: Facebook complains, Apple responds: iOS 14’s big privacy change gets postponed. The company says the change is still coming, but it hasn’t said when. Gives developers time to adjust to asking for permission. Typosquatting Intensifies Ahead of US Election. Mistyped URLs can…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: U.S. indicts Russian for attempted ransomware attack on Tesla factory. Instead of accepting a million dollar bribe for using employee access to assist in the attack, the employee reported it to the FBI. Chinese-Made Smartphones Are Secretly Stealing Money From People Around…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: Microsoft Put Off Fixing Zero Day for 2 Years. Steve Gibson weighs in on Security Now Episode #780 as well. Really not surprising that Red Teams (adversary emulators that test your defenses) have been so successful of late on any windows network. Google fixes…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: The Secret SIMs Used By Criminals to Spoof Any Number. A must-read. However, it isn’t that difficult to spoof a number right from your mobile without a special SIM card. A cursory search finds us Spoofcard, Spooftel, Spoofbox, Spoof my Phone, all of which have free…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: Snapdragon chip flaws put >1 billion Android phones at risk of data theft. You can’t make this stuff up. Canon confirms ransomware attack in internal memo. Canon has suffered a ransomware attack that impacts numerous services, including Canon’s email, Microsoft Teams, USA…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: There’s a Hole in the Boot. I predict this is the most critical news of the week as it will take many years for this vulnerability to be patched across the board. This will likely result in attackers and red teams utilizing…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: SIGRed is a 15-year-old Windows DNS Server vulnerability. When exploited, this is wormable. The last major wormable exploit brought us Wannacry, so this one is worth taking seriously with patching and mitigations. Kevin Beaumont wrote a nice blog titled Detecting DNS CVE-2020–1350 exploitation attempts…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: Emotet Returns After Five Month Hiatus. Known as a versatile and widely disruptive threat, early versions of Emotet had a module that was used to commit banking fraud, and for years, the malware was widely classified as a banking Trojan. Just another…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: CVE-2020-1425 and CVE-2020-1457 are Emergency Windows Updates. However, they are available only from the Microsoft Store. They both address a critical Microsoft Windows Codecs Library Remote Code Execution Vulnerability. Cyber Command backs ‘urgent’ patch for F5 security vulnerability. Here’s a major bug in widely used networking gear…
Details
