January 31, 2022
David Redekop

TWINN Security News January 31

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

I would like to talk about our location data. By default, our smart phones we carry in our pockets collect an extreme amount of precise location data. In fact, we have to go out of our way to find the many ways that we leave digital trails everywhere. And this isn’t a situation of “If you have nothing to hide, you shouldn’t be worried” scenario. Then you add our pandemic situation to this, and it has had the result of being used as an excuse to scale up citizen surveillance. Because the data already exists. There’s nothing that needs to be invented. Nothing that requires to be deployed. Only someone to ask for such data, and under the guise of anonymous data, it is easy to obtain. Now here’s what our country of Canada has done:

Ottawa’s use of our location data raises big surveillance and privacy concerns. It should concern us all, and we must act accordingly now that we all know this.

Zerodium looks to buy zero-days in Outlook and Thunderbird email clients. The $200,000 – $400,000 reward for finding vulnerabilities in some of the world’s most popular email programs tells us a lot. Even staying up-to-date on those programs isn’t sufficient anymore. Doing your email in a browser is actually the safest path today.

This NFT on OpenSea Will Steal Your IP Address. More about NFTs later, but here’s an interesting nefarious use of NFT makers in a marketplace.

Hackers Using Device Registration Trick to Attack Enterprises with Lateral Phishing. This multi-phase approach is all about taking advantage of companies’ BYOD policies that allow non-managed devices to join a network. With Zero Trust, this can be mitigated while allowing BYOD to continue.

Office of Management and Budget Releases Federal Strategy to Move the U.S. Government Towards a Zero Trust Architecture. To us, this is obviously good news.

Did you know? 

There’s a neutral video about NFTs: https://youtu.be/YQ_xWvX1n9g (ok about as neutral as you can possibly get, I would assert)

For a video version of this, see: https://youtu.be/_m6oaaw8ifg