March 23, 2020
David Redekop

This Week In Nerd News – March 23, 2020

Your weekly top 5 technical and security issues you should pay attention to:

Shadowserver, a critical internet safeguard, is running out of time and money.

The work they do in conjunction with network operators, security researchers, law enforcement, and technology vendors is a mainstay of internet security work today.

Resource: ShadowServer

 

Google’s Advanced Protection program for high-risk users now includes malware protection.

Protection cannot be circumvented [easily] to limit 3rd party app installs.

Google is expanding the feature set for its Advanced Protection Program, a security offering that helps safeguard Google Accounts of those at risk for targeted attacks — like politicians, journalists, activists, business leaders and others. The program already provides an increased level of protection for these accounts by limiting access to data, blocking fraudulent account access, supporting the use of physical security keys and more. Today, Google is adding new malware protections to the program, as well.

 

Read More: Google’s Advanced Protection program for high-risk users now includes malware protection

 

Huntress Labs’ Kyle Hanslovan on how his team tricked a hacker into being arrested.

If you know of any blackhats, let them know the future is brighter in fighting crime.

Huntress Labs Co-Founder and CEO Kyle Hanslovan talks with CyberScoop Editor-in-Chief Greg Otto on how his company found a hacker breaking into a managed service provider’s (MSP) network, then socially engineered the group into turning themselves in.

 

Read More: Huntress Labs’ Kyle Hanslovan on how his team tricked a hacker into being arrested

 

Security Breach Disrupts Fintech Firm Finastra.

Stakes just keep getting higher.

Finastra, a company that provides a range of technology solutions to banks worldwide, said today it was shutting down key systems in response to a security breach discovered this morning. The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks.

 

Read More: Security Breach Disrupts Fintech Firm Finastra

 

Critical bugs in dozens of Zyxel and Lilin IoT models under active exploit.

All the more reason for CIS20 foundational controls, especially #9.

Criminals are exploiting critical flaws to corral Internet-of-things devices from two different manufacturers into botnets that wage distributed denial-of-service attacks, researchers said this week. Both DVRs from Lilin and storage devices from Zyxel are affected, and users should install updates as soon as possible.

 

Read More: Critical bugs in dozens of Zyxel and Lilin IoT models under active exploit

 

Did you know?

List of Free Software and Services During Coronavirus Outbreak. There are many more, but that’s an amazing list from Bleeping Computer.

Need an IT professional? Request service today.