Cyber Security

TWINN Security News August 9
by Niles Nerd

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

The privacy battle Apple isn’t fighting. For at least a decade, privacy advocates dreamed of a universal, legally enforceable “do not track” setting. So why isn’t Apple helping its customers take advantage of it? This is the question and there’s more detail in that piece. There’s no mention of Apple Private Relay, which is part of iOS15 with iCloud+ accounts, which offers only a little IP-based privacy, nothing else and I wrote more on that here: adamnet.io/privaterelay

New bank-fraud malware called Vultur infects thousands of devices. This is a really interesting use case of a local on-device VNC service that interacts with the malware to send screenshots to the attacker. It is a simple method of combining a few legitimate pieces of software together along with some scripting and lo and behold, the attacker has your Android screenshots.

Feds list the top 30 most exploited vulnerabilities. Many are years old. It’s as though patching and updating is falling on deaf ears. No wonder cybercrime continues to grow.

Critical Cobalt Strike bug leaves botnet servers vulnerable to takedown. While this is good news for law enforcement, it is important to note that Cobalt Strike servers are, in every case I’ve ever investigated, contacted by IP rather than a fully-qualified domain name. In other words, such IP addresses are strangers, and this is yet another case where DTTS is effective even before a set of IPs are known as cobalt strike team servers.

With help from Google, impersonated Brave.com website pushes malware. This one is crazy and the security industry has warned for years that domains with punycode characters are a simple way of deploying phishing and deception schemes, and here’s an example of that.

Did you know?

Apple confirms it will begin scanning iCloud Photos for child abuse images. A little controversial, but I believe Apple is doing the right thing in this case, and doing it the right way on-device.

For a video version of TWINN#32, visit https://youtu.be/BP_yX_x9gCc

Related Posts

TWINN Security News September 20

TWINN Security News September 20

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to: Warning: Update Chrome Now As Hackers Attack Two Major Vulnerabilities In Google Browser. Might be a good time to use Brave instead as an alternate...

Google Chrome urgent update – 11 security fixes

Google Chrome urgent update – 11 security fixes

    Google Chrome urgent update - 11 security fixes   On Monday September 13, 2021 Google Chrome released update 93.0.4577.82 for windows. This update fixes 11 security issues all classified as High risk. A note on the update did specify that google is...

TWINN Security News September 13

TWINN Security News September 13

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to: Wide-ranging SolarWinds probe sparks fear in Corporate America. This pressure on C-level executives is very real that culpability may be exposed....