Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:
In 2022, I’ll have more of a focus on one key story for my TWINN each Monday. The feature story today is around SIM swapping. It’s an attack vector that is not addressed with zero trust, isn’t fixed with security awareness training and is not solved with an app. SIM swapping is literally about socially-engineering your cellular carrier by pretending to be you with information such as your phone number, address and date of birth.
T-Mobile confirms SIM swapping attacks led to breach. This isn’t the first time. A few years ago, a well-documented criticism was backed up by real stories of financial loss. Even though Account Takeover Protection isn’t on by default, it is available with T-Mobile and with most carriers now. This is the year, the month, the week where you need to protect your phone number from SIM swapping.
Google warns that NSO hacking is on par with elite nation-state spies. We didn’t need Google to confirm this because we see successful Pegasus has been at spying on iPhones (at least ones that aren’t protected by Zero Trust connectivity).
Cloud Security Breaches and Vulnerabilities: 2021 in Review. This is quite a list and a reminder not to get calloused about security alerts.
A Year in Microsoft Bugs: The Most Critical, Overlooked & Hard to Patch. A wise approach may be to use this to forecast 2022 and how our security posture should be proactively strengthened. Attacks only get more sophisticated over time.
Microsoft Issues Fix for Exchange Y2K22 Bug That Crippled Email Delivery Service. Looks like we just never stop dealing with date check problems which tend to surface on year rollovers, daylight saving time changes, etc.
Did you know?
If you like to use DNS-based filtering, you can combine a number of service providers with DNSharmony. Combine Quad9, CleanBrowsing Security Filter, and even PiHole and get the best of all worlds!
For a video version of this, see https://youtu.be/qCczEXoDkKI
