January 14, 2022
David Redekop

TWINN Security News January 10

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

This week we focus on the difficult challenge ahead of public software libraries and scripts that thousands of companies and developers are trusting. It makes sense. Open source developers make a useful javascript library available to us that saves us hundreds of hours of work, why not use it, right? This past holiday, many security professionals worked long hours on the log4j vulnerability mitigation and now we even have the FTC warning as of this week:

FTC warns companies to remediate Log4j security vulnerability. We know of at least 14 companies that received this warning, as though it’s a precursor to potential charges if they’re found not to take action.

Open source developer corrupts widely-used libraries, affecting tons of projects. It seems as though this is only the beginning of open source developers of popular libraries suddenly using their platform for another purpose, leaving devices at risk all over the world.

Albuquerque impacted by ransomware attack on Bernalillo County government. Seems like a week can never pass without one major story like this. Sadly, the ones that hit our news radar is only the tip of the iceberg. Ransomware is going strong.

The Mac Malware of 2021. I wanted to share this for those that live exclusively on a Mac and have had some sense of additional safety and security by platform choice. As the Mac is targeted more and more, we will also continue to see threats. Stay updated and run Zero Trust everywhere as the best mitigation against both current and future threats.

Norton 360 Now Comes With a Cryptominer. We’re not sure if we should laugh or cry about this one.

Did you know?

iOS App Privacy Report is awesome. Go to Settings -> Privacy -> Scroll to the bottom for App Privacy Report -> See the App Network Activity by the domains it contacts. If you’re behind Zero Trust Connectivity, the third party ads and trackers won’t have been successful, but it sure is revealing what each app does.

For a video version of this, see https://youtu.be/SmM4MtzeiAM

Need an IT professional? Request service today.