March 30, 2020
David Redekop

This Week In Nerd News – March 30, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to:

Windows code-execution zeroday is under active exploit

Microsoft warns. Note the mitigations available.

Attackers are actively exploiting a Windows zero-day vulnerability that can execute malicious code on fully updated systems, Microsoft warned on Monday.

 

Read More: Windows code-execution zeroday is under active exploit, Microsoft warns

 

Cybersecurity experts come together to fight coronavirus-related hacking.

Good info published which we can use to protect clients better.

An international group of nearly 400 volunteers with expertise in cybersecurity formed on Wednesday to fight hacking related to the novel coronavirus.

 

Read More: Cybersecurity experts come together to fight coronavirus-related hacking

 

HHS.gov Open Redirect Used by Coronavirus Phishing to Spread Malware.

Remember: whitelisting completely removes this threat which is quite commonly deployed on high-traffic sites.

An HHS.gov open redirect is currently being used by attackers to push malware payloads onto unsuspecting victims’ systems with the help of coronavirus-themed phishing emails.

Open redirects are web addresses that automatically redirect users between a source website and a target site, and are regularly used by malicious actors to send their targets to phishing landing pages or to deliver malware payloads under the guise of legitimate services.

HHS.gov is the website of the U.S. Department of Health & Human Services which makes this specific open redirect the perfect tool to lure in potential victims.

 

Read More: HHS.gov Open Redirect Used by Coronavirus Phishing to Spread Malware

 

>4,000 Android apps silently access your installed software.

Android’s installed application methods, or IAMs, are application programming interfaces that allow apps to silently interact with other programs on a device. No permissions needed.

More than 4,000 Google Play apps silently collect a list of all other installed apps in a data grab that allows developers and advertisers to build detailed profiles of users, a recently published research paper found.

The apps use an Android-provided programming interface that scans a phone for details about all other apps installed on the phone. The app details—which include names, dates they were first installed and most recently updated, and more than three-dozen other categories—are uploaded to remote servers without permission and no notification.

 

Read More: >4,000 Android apps silently access your installed software

 

Google sends “we see you” message to Russia’s Sandworm hackers.

Note the attackers’ heavy use of Internet Explorer. Make sure IE is not used unless absolutely necessary for legacy apps/services/sites.

Google’s Threat Analysis Group (TAG) works to counter targeted and government-backed hacking against Google and the people who use our products. Following our November update, today we’re sharing the latest insights to fight phishing, and for security teams, providing more details about our work identifying attacks against zero-day vulnerabilities.

 

Read More: Identifying vulnerabilities and protecting you from phishing

 

Did you know?

Blinkshell (MOSH + SSH) allows you to keep your iOS ssh sessions across disconnects, LTE-to-WiFi transitions and vice-versa, etc.