April 19, 2021
David Redekop

This Week In Nerd News – April 19, 2021

Your weekly top 5 technical and security issues Nerds should pay attention to:

YouTube video

The Untold Story Of The SolarWinds Hack.

It all started in September 2019 with a PoC to see if malicious actors could introduce one line of harmless code into production Orion software.

The routine software update may be one of the most familiar and least understood parts of our digital lives. A pop-up window announces its arrival and all that is required of us is to plug everything in before bed. The next morning, rather like the shoemaker and the elves, our software is magically transformed.

 

Read More: A ‘Worst Nightmare’ Cyberattack: The Untold Story Of The SolarWinds Hack

 

FBI Accesses Computers Around Country to Delete Microsoft Exchange Hacks.

Unprecedented action by federal law enforcement to reach into potentially-unsuspecting companies’ Exchange Servers to remove attackers’ shells.

On Tuesday the Department of Justice announced the FBI was given approval to access hundreds of computers across the United States running vulnerable versions of Microsoft Exchange Server software to remove web shells left by hackers who had earlier penetrated the systems.

 

Read More: FBI Accesses Computers Around Country to Delete Microsoft Exchange Hacks

 

Parents were at the end of their chain — then ransomware hit their kids’ schools.

We see parts of the actual chat dialogue with the cyber criminals and how they came up with the $40,000,000 ransom number.

Resource: Parents were at the end of their chain — then ransomware hit their kids’ schools.

 

You Can’t Hide Whether You Are Online on WhatsApp—And That’s a Problem.

Just this week’s reason not to support Mr. Zuckerberg’s companies.

There is absolutely no way to hide whether you are online on WhatsApp, not just to your contacts, but literally anyone on the internet. This leaves the door open for stalkers to find out whether a user is online, and potentially even if that user is talking to someone else.

 

Read More: You Can’t Hide Whether You Are Online on WhatsApp—And That’s a Problem

 

100 million more IoT devices are exposed—and they won’t be the last.

This is a long road ahead, but applying Zero Trust Network Access and isolation strategies is the only answer.

Over the last few years, researchers have found a shocking number of vulnerabilities in seemingly basic code that underpins how devices communicate with the Internet. Now, a new set of nine such vulnerabilities are exposing an estimated 100 million devices worldwide, including an array of Internet-of-things products and IT management servers. The larger question researchers are scrambling to answer, though, is how to spur substantive changes—and implement effective defenses—as more and more of these types of vulnerabilities pile up.

 

Read More: 100 million more IoT devices are exposed—and they won’t be the last

 

Did you know?

There’s an excellent open source RSS reader at NetNewsWire

Need an IT professional? Request service today.