January 27, 2020
David Redekop

This Week In Nerd News – January 27, 2020

Your weekly top 5 “What the heck?” technical and security issues Nerds should pay attention to:

BlueKeep use keeps growing

in cryptocurrency mining and reverse shells.

The BlueKeep remote code execution vulnerability in the Windows Remote Desktop Services is currently exploited in the wild. Vulnerable machines exposed to the web are apparently compromised for cryptocurrency mining purposes.

The attempts have been recorded by honeypots that expose only port 3389, specific for remote assistance connections via the Remote Desktop Protocol (RDP).

 

Read More: Windows BlueKeep RDP Attacks Are Here, Infecting with Miners

 

Windows 7 users vulnerable in IE

and may never be fixed for out-of-support licenses.

Internet Explorer is dead, but not the mess it left behind.

Microsoft earlier today issued an emergency security advisory warning millions of Windows users of a new zero-day vulnerability in Internet Explorer (IE) browser that attackers are actively exploiting in the wild — and there is no patch yet available for it.

The vulnerability, tracked as CVE-2020-0674 and rated moderated, is a remote code execution issue that exists in the way the scripting engine handles objects in memory of Internet Explorer and triggers through JScript.dll library.

 

Read More: Microsoft Warns of Unpatched IE Browser Zero-Day That’s Under Active Attacks

 

Endpoint Security (TrendMicro) zero-day

was used to hack Mitsubishi.

Chinese hackers have used a zero-day in the Trend Micro OfficeScan antivirus during their attacks on Mitsubishi Electric, ZDNet has learned from sources close to the investigation.

Trend Micro has now patched the vulnerability, but the company did not comment if the zero-day was used in other attacks beyond Mitsubishi Electric.

 

Read More: Trend Micro antivirus zero-day used in Mitsubishi Electric hack 

 

Microsoft Edge (Chromium-based) is out

(even for macOS) and may be the safest browser (for now).

Resource: Microsoft Edge

 

MFA (add Multi-Factor Authentication) to all your accounts or thieves will.

Happened to my own sister-in-law this weekend.

Resource: Tweet

Need an IT professional? Request service today.