February 21, 2022
David Redekop

TWINN Security News February 21

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

This week our focus is on a tactic that has allowed cyber criminals to steal money from people and organizations for decades. To this day, it is still a go-to strategy, and it’s called Business Email Compromise, or BEC for short. After a criminal gang has done sufficient recon work in a targeted victim organization, they know the names of individuals that have the authority to send and receive money transfers. Once an email account of such a person is compromised, the scam can be carried out via a virtual meeting platform:

Cybercriminals Using Virtual Meeting Platforms to Wage BEC Attacks. The FBI has a Public Service Announcement Business Email Compromise: Virtual Meeting Platforms.

Home Security Systems Vulnerable to Hacking. You’ll see many of the brands you recognize here including Ring, SimpliSafe, Cover, Eufy and Abode Iota. Consider your threat level to decide if your DIY security is sufficient.

Hacking group is on a tear, hitting US critical infrastructure and SF 49ers. BlackByte (the name of the ransomware criminal group) says it’s holding NFL team’s data hostage. The FBI issues its own warning.

US says Russian state hackers lurked in defense contractor networks for months. It’s a good thing that going forward, Zero Trust is rapidly becoming the standard so these types of stories can slow down or even come to a stop at some point.

‘Zero-Click’ Hacks Are Growing in Popularity. There’s Practically No Way to Stop Them. The headline is correct if you only consider traditional protection, but ZeroTrust Connectivity absolutely does protect properly-protected devices. For example, ZeroTrust-protected iOS devices were never able to be remotely controlled or C2-connected by Pegasus, so no exfiltration commands could be sent or received. If history projects the future, software vulnerabilities will always be found, hence an out-of-band protection mechanism is needed. That’s where Zero Trust comes in.

Did you know?

There’s a really good way to use your iPhone as a webcam for any app. It is a $5 app called Shoot Pro Webcam for Mac & PC. Sometimes you need a second camera to demonstrate an alternate view, or simply have the versatility of placing your webcam at another location.

For a video version of this see: https://youtu.be/c-RU32HODag