Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:
FBI Shares Hive Ransomware IoCs in New Alert. We are starting to see a trend where early visibility into indicators of compromise are shared and this is good. Now, if you’ve already been living in a ZeroTrust environment with DTTS® then the darkweb isn’t accessible. And in allow-listing mode, the anonymous file downloads don’t auto-allow either, so proactive protection is available against this new ransomware.
Need to get root on a Windows box? Plug in a Razer gaming mouse. Frightening for network administrators responsible to keep computers free from malicious activity, but this is real.
Bahraini Government Hacks Activists with NSO Group Zero-Click iPhone Exploits. In particular, they used an iMessage zero day that Citizenlab calls FORCEDENTRY. Once again, an infected phone would connect to Command & Control servers at IPs like 172[.]105[.]89[.]243 but in environments and devices with DTTS®, that connection never succeeds.
La Puente man steals 620,000 iCloud photos in plot to find images of nude women. This is egg on Apple’s face because the thief did all of this from his own home internet connection, did not use a VPN and logged into hundreds of distinct iCloud accounts. Our hope and request is also that Apple will upgrade the 2FA options, drop SMS and add hardware security keys very soon.
Phishing campaign uses UPS.com XSS vuln to distribute malware. Even the trained security person may not spot such malware download this without careful examination. However, the good news is that in a zero trust, adaptive allow-listing mode, the download never happens.
Did you know?
I turned 50. One of our sons gave me a birthday card that I got permission to share with you today. It is the attention to detail and amount of easter eggs in there that are neat and my personal lesson out of this is wow, do our children ever observe us more than we realize. See you can spot them, or watch the video for it.
For a video version of this, see https://youtu.be/LvFdCBMlZ5o