June 13, 2022
David Redekop

This Week in NerdNews – June 13, 2022

Your weekly top 5 technical and security issues Nerds should pay attention to:

Many of us have a love-hate relationship with security conferences. RSA is arguably the world’s biggest one of its kind. After spending last week there, including presentations of our own on behalf of ADAMnetworks, it is clear that marketing departments have big budgets, yet leave mysteries up to journalists to uncover. And, from experience, we know that…

Where there’s mystery there may be a menace – or at least risk thereof.

YouTube video

OMIGOD: Cloud providers still using secret middleware

This just means the attack surface on cloud infrastructure is much larger than we are aware of, and therefore, a proactive security posture is a key to protection, as always.

RSA CONFERENCE IN BRIEF Researchers from Wiz, who previously found a series of four serious flaws in Azure’s Open Management Infrastructure (OMI) agent dubbed “OMIGOD,” presented some related news at RSA: Pretty much every cloud provider is installing similar software “without customer’s awareness or explicit consent.”

Read More: OMIGOD: Cloud providers still using secret middleware

Gone in 130 seconds: New Tesla hack gives thieves their own personal key.

We’re sure that the Tesla security team is saying “why didn’t we think of that attack vector”. In the meantime, you may want to think twice before giving the parking attendant your Tesla-issued NFC card.

Last year, Tesla issued an update that made its vehicles easier to start after being unlocked with their NFC key cards. Now, a researcher has shown how the feature can be exploited to steal cars.

Read More: Gone in 130 seconds: New Tesla hack gives thieves their own personal key

US ISPs and Telecoms have been hacked over the past 2 years

I can confirm the majority of my own Exchange honeypot exploitation attempts come from China.

U.S. agencies on Tuesday offered new details about how Chinese state-sponsored hackers have used publicly known vulnerabilities to target internet service providers and major telecommunications firms around the globe over the last two years.

Read More: US agencies detail the digital ‘plumbing’ used by Chinese state-sponsored hackers

Evasive phishing mixes reverse tunnels and URL shortening services.

As attacks keep on getting more sophisticated, this one takes a significant leap forward, but now requires us to consider even URL shorteners to be suspect, especially ones that redirect to reverse tunneling domains. It moves useful products like ngrok to a more questionable status. Still a useful product for legitimate purposes, but now it makes it a double-edged sword.

Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners for large-scale phishing campaigns, making the malicious activity more difficult to stop.

Read More: Evasive phishing mixes reverse tunnels and URL shortening services

About Follina. Microsoft is quiet while Qbot weaponizes it

About Follina. Microsoft is quiet while Qbot weaponizes it. Last week we didn’t see this being used in the wild yet. Still, now we are seeing it in use, so manual mitigation is essential if you don’t want to protect yourself from a simple commonly-allowed email attachment exploitation.

Miscreants are reportedly exploiting the recently disclosed critical Windows Follina zero-day flaw to infect PCs with Qbot, thus aggressively expanding their reach.

Read More: Now Windows Follina zero-day exploited to infect PCs with Qbot

Did you know?

In iOS16, you can edit or cancel a message you’ve sent up to 15 mins after-the-fact. The number of times I respond or message the wrong person will save me many “oops, wrong person” apologies.

David Redekop

Written & presented by David Redekop. Co-Founder & Chief Technology Office of Nerds On Site & Founder & CEO of Adam Networks.

Need an IT professional? Request service today.