May 23, 2022
David Redekop

TWINN Security News May 23

Botnets now shape public opinion. More specifically, the people in control of botnets influence trends on social media. It’s a brand new age of information warfare that scales the entirety of our planet. If this doesn’t get our attention, I don’t know what will.

So how does this even work? It turns out that because there are so many ways that insecure devices can have malware slipped into them, such devices can create virtual clicks – ones that happen without the user actively participating – resulting in machine algorithms arriving at a conclusion of popularity of certain content.

Welcome to TWINN #73. Your weekly top 5 technical and security issues Nerds should pay attention to.

This Russian Botnet Is Capable of Manipulating Social Media Trends on a ‘Massive Scale,’ Report Claims. The takeaway here is that distributed risks like this require distributed and custodial protection. The Zero Trust philosophy is none too early and we should all accelerate the adoption of it.

America’s small businesses aren’t ready for a cyberattack. When only 5% of small business owners report cybersecurity risk to their business, it is a clear indication that we are going to be in this predicament for a while.

PDF smuggles Microsoft Word doc to drop Snake Keylogger malware. Since very few organizations email policies block PDF attachments, this is another example of where a Zero Trust approach protects your network. Even before this threat was discovered, this URL would have been unreachable, and therefore cutting off the payload.

When Your Smart ID Card Reader Comes With Malware. This one is recommended full reading to all, but suffice it to say that any hardware that requires a separate driver should be vetted the way this guy did.

Researchers Find Backdoor in School Management Plugin for WordPress. Oh boy. A popular plugin, rate 10 out of 10 for severity. Luckily the free version of it is not impacted, only the licensed version. This is a good time to review all Wordpress plugins for security.

Did you know?

The Justice Department has a new policy for prosecuting cases under US computer hacking laws. The policy for the first time directs that  good-faith security research should not be charged.

For a video version of this, see: 

Need an IT professional? Request service today.