April 11, 2022
David Redekop

TWINN Security News April 11

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

Let’s briefly talk about network routers and their place in our insecure world. With a router’s position having one foot inside and one foot outside your network, it is in a place of trust. It has certain responsibilities that it be reliable, incorruptible, not hackable, it shouldn’t even be available to the Internet. When someone knocks on its ports, there should be no answer. And yet, we keep seeing router-based vulnerabilities that shouldn’t even be an issue such as this story:

WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers. Their justification is that they operated on the FBI’s dictated schedule, but in reality, proper implementation of any router should make it stealthy and unreachable from the internet, regardless of discovered vulnerabilities. Zero Trust comes to mind.

Microsoft Obtains Court Order to Take Down Domains Used to Target UkraineSandworm botnet disrupted with the support of the Justice Department. It’s worth noting, that a properly-protected network already enjoyed sinkholing before all of this. When the domains were publicly sinkholed, though, everyone benefits!

Hydra: How German police dismantled Russian darknet site. While the perpetrators are not yet known, this 6-year-old darkweb site has finally been shut down. In a takedown like this, authorities get all the data on the servers. Here’s hoping that the awareness that the seized customer-identifying data is now available to law enforcement, will be a deterrent.

Hackers breach MailChimp’s internal tools to target crypto customers. As cryptocurrency ecosystems are still evolving, cyber criminals keep looking and often finding ways of stealing. Be careful with your wallets and follow the best security practices.

Trend says hackers have weaponized SpringShell to install Mirai malware. This is a cog in the wheel of what makes cyber attacks possible. Sometimes one moving part gets ahead of another and then lies ready to be used when the opportunity presents itself to the criminal.

Did you know?

Microsoft Details New Security Features for Windows 11. Several features mirror those found on macOS and will make it that much more difficult for traditional hacks to occur.

For a video version of this see: https://youtu.be/DsgLRnx7GWY