Your weekly top 5 technical and security issues Nerds should pay attention to: CallStranger vulnerability lets attacks bypass security systems and scan LANs. CallStranger is a good reminder that we usually don’t need uPnP in business. Test yours at ShieldsUp. The apropos-named and patented Don’t Talk To Strangers (DTTS) allows uPnP to be enabled without the CallStranger risk.…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: The Impending Doom of Expiring Root CAs and Legacy Clients. If you think forgetting to renew a domain is painful, wait till you see what’s in store for the masses when a 20 or 25-year old self-signed root Certificate Authority expires. Major…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: Zero-day in Sign in with Apple. Glad this is fixed, glad Apple paid out $100,000 to a responsible researcher, but this is a good lesson in slow adoption of anything new that claims security at the outset. Cisco security breach hits corporate…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: The Nigerian fraudsters ripping off the unemployment system. “Scattered Canary” group is scamming vital benefits programs amid the pandemic. Not just America. Affects Canadians as well, so we need to all be on alert, whether or not you are employed. GrayKey iPhone…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: FBI, DHS to go public with suspected North Korean hacking tools. This details activity from Hidden Cobra hackers and will benefit blue teams and defenders everywhere. Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently. Stick…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: Zoom acquires Keybase to get end-to-end encryption expertise. Seems like a talent-acquisition/acqui-hire only by the accounts of Keybase. If so, sad for Keybase fans. Samsung patches 0-click vulnerability impacting all smartphones sold since 2014. This is significant. Anyone you love with a…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: Attackers exploit 0-day code-execution flaw in the Sophos firewall. Such a critical lesson in this for *us* is to never have webadmin publicly exposed. Google Play has been spreading advanced Android malware for years. Advanced hacker group seeded market with at least…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: Hackers target oil producers as they struggle with a record glut of crude. Ministers plan to give more UK public bodies power to access phone data. Meanwhile, during the same week, Israel halts police phone tracking over privacy concerns. A single line of…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: Microsoft April 2020 Patch Tuesday fixes 3 zero-days, 15 critical flaws. For SecurityNow listeners, you already knew about a number of these over a week ago, and hopefully applied mitigation techniques. Ring 0 of fire: Does Riot Games’ new anti-cheat measure go…
DetailsYour weekly top 5 technical and security issues Nerds should pay attention to: PayPal and Venmo Are Letting SIM Swappers Hijack Accounts. Use better MFA or use virtual numbers for SMS that aren’t hijackable. Apple and Google are launching a joint COVID-19 tracing tool for iOS and Android. Very interesting read and take and again…
Details
