May 25, 2020
David Redekop

This Week In Nerd News – May 25, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to:

The Nigerian fraudsters ripping off the unemployment system.

“Scattered Canary” group is scamming vital benefits programs amid the pandemic. Not just America. Affects Canadians as well, so we need to all be on alert, whether or not you are employed.

As millions of people around the United States scrambled in recent weeks to collect unemployment benefits and disbursements through the federal CARES Act, officials warned about the looming threat of COVID-19-related scams online. Now they’re here.

 

Read More: The Nigerian fraudsters ripping off the unemployment system

 

GrayKey iPhone unlocker poses serious security concerns.

The silver lining for security-minded businesses that take advantage of Apple Business Manager (formerly DEP), a stolen device is never usable by the thief unless and if the MDM (Mobile Device Management) releases it. Blackberry invented MDM concept, but Apple has advanced it to the point of making an ABM/MDM-protected iOS device the most secure mobile phone.

Ever since the case of the San Bernadino shooter pitted Apple against the FBI over the unlocking of an iPhone, opinions have been split on providing backdoor access to the iPhone for law enforcement. Some felt that Apple was aiding and abetting a felony by refusing to create a special version of iOS with a backdoor for accessing the phone’s data. Others believed that it’s impossible to give backdoor access to law enforcement without threatening the security of law-abiding citizens.

 

Read More: GrayKey iPhone unlocker poses serious security concerns

 

Bluetooth flaw exposes countless devices to BIAS attacks.

With social distancing this is less of a concern than it otherwise would be. But for the very security-conscious, find a place outside of bluetooth range from anyone to do new-device pairing.

A team of academics has uncovered a new vulnerability in the Bluetooth wireless communication protocol that exposes a wide range of devices, such as smartphones, laptops, and smart-home devices, to the so-called Bluetooth Impersonation AttackS (BIAS).

 

Read More: Bluetooth flaw exposes countless devices to BIAS attacks

 

iOS 13.5 Jailbreak #unc0ver v5.0.1 is now out.

However, it is crazy that anyone who isn’t doing security testing would want to use this. Considering Zerodium’s recent statements on not accepting new submissions, there are enough iOS vulnerabilities out there that everyone would want to keep iOS patched.

Resource: The most advanced jail​break tool.

 

NSO Group Impersonated Facebook to Help Clients Hack Targets.

As we know, this is possible because phishing remains a successful part of any attackers’ strategy. For those concerned, the only mitigation against this is adaptive white/allow listing on Internet domain names.

Infamous Israeli surveillance firm NSO Group created a web domain that looked as if it belonged to Facebook’s security team to entice targets to click on links that would install the company’s powerful cell phone hacking technology, according to data analyzed by Motherboard.

 

Read More: NSO Group Impersonated Facebook to Help Clients Hack Targets

 

Did you know?

You’re saying it wrong: How to say oft-mispronounced tech terms. I personally didn’t even know about the specific pronunciation for Qi (the wireless charging standard).

Need an IT professional? Request service today.