July 27, 2020
David Redekop

This Week In Nerd News – July 27, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to:

SIGRed is a 15-year-old Windows DNS Server vulnerability.

When exploited, this is wormable. The last major wormable exploit brought us Wannacry, so this one is worth taking seriously with patching and mitigations. Kevin Beaumont wrote a nice blog titled Detecting DNS CVE-2020–1350 exploitation attempts in Azure Sentinel.

DNS, which is often described as the “phonebook of the internet”, is a network protocol for translating human-friendly computer hostnames into IP addresses. Because it is such a core component of the internet, there are many solutions and implementations of DNS servers out there, but only a few are extensively used.

 

Read More: SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers

Mozilla suspends Firefox Send service while it addresses malware abuse.

send.firefox.com is still down.

Mozilla has temporarily suspended the Firefox Send file-sharing service as the organization investigates reports of abuse from malware operators and while it adds a “Report abuse” button.

 

Read More: Mozilla suspends Firefox Send service while it addresses malware abuse 

Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data.

While this is very serious, most ISPs have these interfaces available only on management networks and not easily exploited from a public vantage point.

Two security researchers said this week that they found severe vulnerabilities and what appears to be intentional backdoors in the firmware of 29 FTTH OLT devices from popular vendor C-Data.

 

Read More: Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data 

Garmin outage caused by confirmed WastedLocker ransomware attack.

Sunday night, the website was down, but as of Monday morning, the signin appears to be functional again at Garmin.

Wearable device maker Garmin shut down some of its connected services and call centers on Thursday following what the company called a worldwide outage, now confirmed to be caused by a WastedLocker ransomware attack.

Garmin’s product line includes GPS navigation and wearable technology for the automotive, marine, aviation, marine, fitness, and outdoor markets.

 

Read More: Garmin outage caused by confirmed WastedLocker ransomware attack

How to Survive a Ransomware Attack Without Paying the Ransom.

This mirrors so many incidents we’ve responded to in the last few years, albeit at a smaller scale, it is worth reading to find the biggest “bank for the buck” when it comes to being proactive.

At around midnight Oslo time on March 19, 2019, computers owned by Norsk Hydro ASA, a large aluminum manufacturer, started encrypting files and going offline en masse. It took two hours before a worker at its operations center in Hungary realized what was happening. He followed a scripted security procedure and took the company’s entire network offline—including its website, email system, payroll, and everything else. By then, a lot of damage was already done. Five hundred of Hydro’s servers and 2,700 of its PCs had been rendered useless, and a ransom note was flashing on employees’ computer screens.

 

Read More: How to Survive a Ransomware Attack Without Paying the Ransom

Did you know?

Working, Studying and Living at home is yielding cool services/app like Yousician. Whether or not your family is musically inclined, this is far more productive than Fortnite.