TWINN Security News May 09

Nerds On Site
Article Written By David Redekop


Founded In


5-Star Reviews

4.83 / 5

Satisfaction Rating

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

Let’s talk about phishing. The number of successful phishing incidents continues to grow year after year. In 2020, there were 241,342 incidents reported to the FBI. In 2021, that number rose by 34% to 323,972. Why is it still on the rise? This reminds me of when William Sutton was asked why he robbed banks. His famously recorded response was “Because that’s where the money is.” The same would apply today, but if I were asked why phishing is still on the rise, it is because victims let it happen. The truth is that prevention is absolutely possible, but this story today illustrates why and how it still keeps on happening:

Man Convicted in Phishing Scam that cost U.S. DOD $23.5M. With transactions of this size, there are often sufficient road blocks that prevent the thief from getting away with it, but it’s the 5 and 6-figure thefts that are so often not recoverable.

Over 200 Spanish mobile numbers ‘possible targets of Pegasus spyware’. What’s important to recognize here is that this need not happen. We do have mitigations that can match any threat level. It is possible and done on a regular basis that high value assets are protected with appropriate guard rails using Zero Trust principles.

Heroku to begin user password reset almost a month after GitHub OAuth token theft. The reason this is an important story for us to pay attention to is that a significant amount of apps on your phone are likely run by Heroku infrastructure. From a mobile device user’s point of view, this is a supply-chain attack you have no control over, but keep an eye out for more breach reports.

U.S. considers imposing sanctions on China’s Hikvision. For years we have protected client networks that use Hikvision equipment. By default, many of their products relay video feeds via China. That alone makes many westerners uneasy and it can be prevented, again using a Zero Trust approach and preventing the exfiltration. That is, if keeping this equipment running is even considered.

Google releases Indicators of Compromise (IoC) details. What’s interesting here is that very few of these domains even today are blocked by traditional threat intelligence. However, when you take a zero trust approach, 100% of these IOCs are disallowed, even before Google released them as IOCs.

Did you know?

LinkedIn Learning is a massive training resource that is highly structured. The best news is that most likely your local public library card gets you free access. Do a search for “Linked In Learning” + your library town name and you’ll find the starting point (e.g. London Public Library. And enjoy!

For a video version of this, see:

You May Also Like…

About Nerds On Site

On-site & remote IT support in Canada & the United States

Hey from Nerds On Site! We’re a leading digital technology and IT support provider. Our highly trained technicians and engineers can provide fast and efficient on-site and remote IT services for business and residential needs.

For business clients, we can ensure that your computing infrastructure runs at its optimum levels – regardless of scope or size. We have you covered, from installing new hardware to setting up virtual offices or providing sophisticated cyber security solutions. We’ll help you troubleshoot technical issues quickly and efficiently, so you can focus on what matters most, running your business operations.

Residential Clients will also benefit from our knowledgeable team, who offer a range of IT solutions tailored to fit their home’s technology needs. Whether it’s helping Clients restore computer systems that seem to be running slow or providing solutions for wireless connectivity in the home, we ensure that all devices are working optimally.

We make IT more productive, profitable and pleasurable for our Clients in North America and beyond! Call us today to find out more.


Choosing the Right IT Support

At Nerds On Site Client satisfaction always comes first. We don't want to just be your one-time IT provider, we want to be your forever Nerds whenever you need us.

Nerds On Site London Tick

Client Satisfaction Always Comes First

Nerds On Site London Tick

Available Everyday, Evenings & Weekends

Nerds On Site London Tick

Local Nerds, Global Team

Nerds On Site London Tick

By The Solution Pricing

Nerds On Site London Tick

We speak Normal Speak, not "Nerd Speak"

Nerds On Site London Tick

No Travel Fees or Hidden Costs

Business Client Reviews

A 96.4% Satisfaction rating based on 29,000 + reviews

"My Nerd always delivers highly professional services and meets my small business needs. He is extremely intelligent, experienced and very personable. As usual, I would not hesitate to recommend his services to other businesses."

Frank J

Nerds On Site Client

"My Nerd is always prompt and professionally responsive. I feel like he takes a personal vested interest in our account. I trust him completely and have experienced the benefit of following his recommendations. Our business would not be the success it is, without his contribution."

Corinne L

Nerds On Site Client

"Our Nerd responds quickly to requests for service. He provides recommendations that are appropriate for our current equipment as well as 'plan ahead' advice. He is always pleasant and accommodating. We are very pleased to have Nerds caring us."

Kim M

Nerds On Site Client

For Immediate Support