June 15, 2020
David Redekop

This Week In Nerd News – June 15, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to:

CallStranger vulnerability lets attacks bypass security systems and scan LANs.

CallStranger is a good reminder that we usually don’t need uPnP in business. Test yours at ShieldsUp. The apropos-named and patented Don’t Talk To Strangers (DTTS) allows uPnP to be enabled without the CallStranger risk.

A severe vulnerability resides in a core protocol found in almost all internet of things (IoT) devices.

The vulnerability, named CallStranger, allows attackers to hijack smart devices for distributed denial of service (DDoS) attacks, but also for attacks that bypass security solutions to reach and conduct scans on a victim’s internal network — effectively granting attackers access to areas where they normally wouldn’t be able to reach.

 

Read More: CallStranger vulnerability lets attacks bypass security systems and scan LANs

 

Plundering of crypto keys from ultrasecure SGX sends Intel scrambling again.

Intel’s speculative execution flaws go deeper and are harder to fix than we thought.

For the past two years, modern CPUs—particularly those made by Intel—have been under siege by an unending series of attacks that make it possible for highly skilled attackers to pluck passwords, encryption keys, and other secrets out of silicon-resident memory. On Tuesday, two separate academic teams disclosed two new and distinctive exploits that pierce Intel’s Software Guard eXtension, by far the most sensitive region of the company’s processors.

 

Read More: Plundering of crypto keys from ultrasecure SGX sends Intel scrambling again

 

Senate Intelligence Committee wants DNI to investigate commercial spyware threats.

When a topic reaches this level of attention, it’s significant.

The Senate Intelligence Committee quietly approved a measure last week that would require the Director of National Intelligence to submit a report to Congress on the threats posed by foreign governments’ and entities’ use of commercially available surveillance software.

 

Read More: Senate Intelligence Committee wants DNI to investigate commercial spyware threats

 

Here’s what that Capital One court decision means for corporate cybersecurity.

Much more accountability and reputation impact for individuals under whose watch an attack occurred.

When a judge ruled last month that Capital One must provide outsiders with a third-party incident response report detailing the circumstances around the bank’s massive data breach, the cybersecurity world took notice.

 

Read More: Here’s what that Capital One court decision means for corporate cybersecurity

 

Facebook worked with cybersecurity experts to quietly help the FBI hack a child predator.

The narrative sounds like they did a good thing, but who was the enabler of this predator to begin with?

Facebook paid cybersecurity experts to develop a hacking tool that it then shared with the FBI to help the agency hack a user who was using its platform to extort, threaten and harass underage girls, Vice reported on Wednesday.

 

Read More: Facebook worked with cybersecurity experts to quietly help the FBI hack a child predator

 

Did you know?

‘dot’ glitch lets you watch ad-free YouTube videos. For now. Enjoy it while it lasts.

Need an IT professional? Request service today.