December 7, 2020
David Redekop

This Week In Nerd News – December 7, 2020

Your top 5 security articles to pay attention to this week:

YouTube video

Citizen Lab finds surveillance tech that can find you with just a phone number.

This may generate a new need and want for increased privacy, now that we know how many governments have been using this service to locate citizens, albeit unlawfully.

The public discussion around surveillance and tracking largely focuses on well known technical means, such as targeted hacking and network interception. However, other forms of surveillance are regularly and extensively used by governments and third parties to engage in cross-border surveillance and monitoring.


Read More: Running in Circles


It’s hard to keep a big botnet down: TrickBot sputters back toward full health.

Just a reminder that DTTS® (Don’t Talk To Strangers®) stops 100% of TrickBot c2 connections.

Mounting evidence suggests that TrickBot, the vast botnet that both U.S. Cyber Command and a Microsoft-led coalition sought to disable around the 2020 elections, is on the mend and evolving.


Read More: It’s hard to keep a big botnet down: TrickBot sputters back toward full health


A Broken Piece of Internet Backbone Might Finally Get Fixed.

Fixing the internet is sometimes likened to open heart surgery. This fix is important because BGP (Border Gateway Protocol) remains an attack vector.

Originally launched for network operators in 2014, the MANRS initiative has expanded to also address the unique needs of Internet Exchange Points (IXPs) in 2018 and Content Delivery Networks (CDNs) and Cloud Providers in 2020.

Today, the group of CDN & Cloud Provider Participants is eager to further efforts toward secure routing for the Internet by extending that Programme’s MANRS Actions.


Read More: We Can Do More for Routing Security, Say Participants in the MANRS CDN & Cloud Provider Programme


‘Smart’ doorbells for sale on Amazon, eBay came stocked with security vulnerabilities.

If ‘smart’ devices are important enough to have, the least we must do is place them on dedicated “Insecure IoT” network segments, ie separate VLANs.

Holiday shoppers looking for a wireless-connected doorbell might want to take a closer look at the device’s security features.

The U.K.-based security company NCC Group and consumer advocacy group Which? have found vulnerabilities in 11 “smart” doorbells sold on popular platforms like Amazon and eBay. One flaw could allow a remote attacker to break into the wireless network by swiping login credentials. Another critical bug, which has been around for years, could enable attackers to intercept and manipulate data on the network.


Read More: ‘Smart’ doorbells for sale on Amazon, eBay came stocked with security vulnerabilities


Researchers Bypass Next-Generation Endpoint Protection.

This is why we do defense in depth.

Just because your endpoint security product employs machine learning (ML) doesn’t mean it can’t be manipulated to miss malware, new research shows.


Read More: Researchers Bypass Next-Generation Endpoint Protection


Did you know?

There’s a virtual cyber security escape room. Enjoy!

Need an IT professional? Request service today.