September 28, 2020
David Redekop

This Week In Nerd News – September 21, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to:

YouTube video

ZOOM finally supports 2FA natively.

Many of us have been using Single Sing-on by using Google logins and MFA-protecting such accounts, but now zoom.us offers it natively on their own accounts, supporting both SMS and several 2FA apps.

Resource: Zoom – Managing two-factor authentication (2FA)

 

Billions of devices vulnerable to new ‘BLESA’ Bluetooth security flaw.

New BLESA attack goes after the often ignored Bluetooth reconnection process, unlike previous vulnerabilities, most found in the pairing operation.

Billions of smartphones, tablets, laptops, and IoT devices are using Bluetooth software stacks that are vulnerable to a new security flaw disclosed over the summer.

 

Read More: Billions of devices vulnerable to new ‘BLESA’ Bluetooth security flaw 

 

Ransomware attack at German hospital leads to death of patient.

A person in a life-threatening condition passed away after being forced to go to a more distant hospital due to a ransomware attack.

On September 10th, the University Hospital Düsseldorf (UKD) in Germany suffered a ransomware attack after threat actors compromised their network a software vulnerability in “a commercial add-on software that is common in the market and used worldwide.”

 

Read More: Ransomware attack at German hospital leads to death of patient

 

New Windows exploit lets you instantly become admin. Have you patched?

This is a repeat from last week, but… Zerologon lets anyone with a network toehold obtain domain-controller password.

Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization’s crown jewels—the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network.

 

Read More: New Windows exploit lets you instantly become admin. Have you patched?

 

Five Chinese nationals, two Malaysians charged in connection with global hacking campaign.

The accused Chinese hackers allegedly compromised technology providers and installed software backdoors in their networks, giving themselves a portal to collect information. The operation is linked to an advanced persistent threat group known as APT41.

Five Chinese nationals working as part of a well-resourced hacking group and two Malaysian nationals have been charged in connection with a global hacking campaign that hit hundreds of targets in the U.S. and around the world in multiple industries, the Department of Justice announced Wednesday.

 

Read More: Five Chinese nationals, two Malaysians charged in connection with global hacking campaign

 

Did you know?

Mackup is an amazing macOS tool that:

  • Back ups your application settings in a safe directory (e.g. Dropbox)
  • Syncs your application settings among all your workstations
  • Restores your configuration on any fresh install in one command line

Need an IT professional? Request service today.