Cyber Security

TWINN Security News December 13
by Niles Nerd

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

The Log4Shell 0-day, four days on: What is it, and how bad is it really? Yes it really is so bad that it will likely ruin many people’s holidays. I hate to have to say this, but if apache servers running log4j are behind a zero trust connectivity service, it disables the attackers’ ability to bring in malicious payloads from the outside of a network. However, most public-facing web servers do not have any egress control. And because it is so bad, it leads us into our next story:

Hackers’ Log4Shell Malware Attacks Shuts Down Thousands of Government Websites. This one made me smile. When you cannot mitigate a risk quickly enough, you shut it down. Specifically in Canada where many services are down today. At least they’re not available to be hacked, so that’s good.

Huntress Log4Shell Vulnerability Tester. For anyone and everyone involved in patching the vulnerabilities, here’s a tester, with source code available.

300,000 MikroTik routers are ticking security time bombs, researchers say. In some parts of the world, these are the most commonly-used routers. And because updating them isn’t the easiest thing in the world, over 300,000 remain vulnerable.

Microsoft seizes domains used by “highly sophisticated” hackers in China. Over 10,000 malicious domains used in various criminal campaigns have been disabled. While anyone with a Zero Trust Connectivity approach would have been protected all along, this benefits everyone, even those without any security filtering at all. Good move, Microsoft!

Did you know? 

How to deal with a site with a broken certificate is an excellent guide on understanding certificate problems.

For a video version of this see https://youtu.be/c1ZITqXfclg

Related Posts

TWINN Security News January 17

TWINN Security News January 17

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to. Today our focus is on RATs, or Remote Access Trojans. RATs are one of the most powerful tools in a cyber criminals bag of tricks. They’ve existed...

TWINN Security News January 10

TWINN Security News January 10

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to: This week we focus on the difficult challenge ahead of public software libraries and scripts that thousands of companies and developers are...

TWINN Security News January 3

TWINN Security News January 3

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to: In 2022, I’ll have more of a focus on one key story for my TWINN each Monday. The feature story today is around SIM swapping. It’s an attack vector...