February 14, 2022
David Redekop

TWINN Security News February 14

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

First, Happy Valentines! I hope you enjoyed the Cryptobowl, er, I mean Superbowl! Today there’s some good news to start with, including our focus on a key Microsoft decision, but more on that in a moment.

When we analyze the initial method of attack in any incident response project, it is amazing how often it is via a Microsoft Office document that has been emailed to an intended victim, asking the victim to enable macros. From a security point of view, IT managers and security staff have been asking everyday working professionals to be careful with attachments for this very reason. Since Microsoft documents do need to be legitimately shared via email attachments, they cannot be filtered in transit as it would cripple the workflow of millions of businesses.

To seriously cripple the cyber criminals’ future ability to use this as a method of attack… we do have some really good news today:

Microsoft is doing the whole world serious cybergood! That is my own headline, it would make my grammar teachers cringe, I know. This will likely break the workflow of some businesses who use gmail or other free email accounts in a business context, but that will be easily overcome as the overall approach will save many computer lives 🙂

14 out of 15 US Cabinet Departments have purchased phone unlocking tech. This should concern us all, especially in the absence of transparency on how it is being used.

After lying low, SSH botnet mushrooms and is harder than ever to take down. This reminds me of Bruce Schneier’s frequently used line: “Attacks only ever get better.”

Health sites let ads track visitors without telling them. This is actually a common practice among sites of all kinds. It just highlights the importance of having a layer of web filtering security that works across all devices, especially the world’s most popular mobile brower: iOS Safari.

Password-guessing became last year’s weapon of choice. This is known as credential-stuffing where various passwords are attempted, starting with commonly-used passwords, or passwords that have been exposed on the darkweb. Now would be a good time to check your own email account at haveibeenpwned.com to see what information of yours is available online.

Did you know? 

Previous ransomware victims get free recovery keys. For many it may be too little too late, but it’s still good news worth sharing that if you were a victim of Maze + Egregor + Sekhmet ransomware strains and never paid up, these keys will allow you to now recover without paying the ransom.

For a video version of this, see: https://youtu.be/-jqZTGZQ2L0