November 23, 2020
David Redekop

This Week In Nerd News – November 23, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to:

YouTube video

How the U.S. Military Buys Location Data from Ordinary Apps.

The trouble with free apps. The app makers must make revenue somewhere and selling data is lucrative.

A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people’s personal data to brokers, contractors, and the military.

 

Read More: How the U.S. Military Buys Location Data from Ordinary Apps

Windows 10: Microsoft reveals Pluton security chip – ‘Expect Patch Tuesday-type updates’.

Microsoft promises Pluton will make it easier to keep system firmware up to date, for example, in cases when TPM firmware for separate security processors is required.

Microsoft is working with chip makers like Intel to bring its Pluton security processor to all Windows 10 PCs.

 

Read More: Windows 10: Microsoft reveals Pluton security chip – ‘Expect Patch Tuesday-type updates’ 

Firefox 83 introduces HTTPS-Only Mode.

This is an interesting development as we’re shifting more and more of our traffic in transit to be encrypted. This will have the desired impact of shifting website owners to move to https.

Security on the web matters. Whenever you connect to a web page and enter a password, a credit card number, or other sensitive information, you want to be sure that this information is kept secure. Whether you are writing a personal email or reading a page on a medical condition, you don’t want that information leaked to eavesdroppers on the network who have no business prying into your personal communications.

 

Read More: Firefox 83 introduces HTTPS-Only Mode 

More than 245,000 Windows systems still remain vulnerable to BlueKeep RDP bug.

If there’s any assurance that cybercrime will continue to grow in the foreseeable future, it is that we are not patching.

Millions of computers and servers across the globe remain unpatched for some of today’s most dangerous bugs.

 

Read More: More than 245,000 Windows systems still remain vulnerable to BlueKeep RDP bug 

New tool automates phishing attacks that bypass 2FA.

SMS-based 2FA now offers less security value than ever. Time to switch to better 2FA everywhere you can. On the other hand, if you’re in White or Allow-listing mode on adam:ONE, that’s a complimentary protection layer.

Trust in two-factor authentication has slowly eroded in the last month after release of Amnesty International report and Modlishka tool.

 

Read More: New tool automates phishing attacks that bypass 2FA 

Did you know?

There’s a graphical command-line historical ping command called gping. On macOS just “brew install gping” after you’ve installed Homebrew. You’re welcome.

Need an IT professional? Request service today.