November 29, 2021
Niles Nerd

TWINN Security News November 29

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

GoDaddy data breach impacts 1.2 million WordPress site owners. What a way to start out your week, I know! The worst part of this story is that victims will have a difficult time to find out how far this spread. For example, the SSL certificate keys, if compromised, could have been exploited in ways that cannot be tracked. The initial breach came from a compromised password. So many lessons in this story that we can learn from.

Malware now trying to exploit new Windows Installer zero-day. Since this attack bypasses the Windows Installer patch, a wide-ranging campaign appears possible and likely being planned. Every single version of Windows is affected. The best way to be vigilant is to already have a ZeroTrust in place and disallow any software installation during this high-risk period until this new vulnerability is patched properly.

Facebook to delay full E2EE rollout until ‘sometime in 2023’. We see this in the industry over and over. There’s no advantage to Facebook/Meta to do this any faster, as it does not allow them to directly sell any more advertising. However, it is a good reminder that communication on Facebook simply isn’t secure or private and may never be.

How Threat Actors Get Into OT Systems. Spoiler alert: via network intrusions and via removable media. It turns out that ZeroTrust Connectivity disrupts both from doing damage. When an OT device has the principle of least privilege applied, it leaves even removable storage attacks completely crippled and unable to spread or reach their Command & Control (c2) servers, effectively neutering such potential threats.

Scammers are destroying lives, one gift card fraud at a time. Here’s who’s fighting back. Here’s a feel-good story about gift card fraud getting challenged. When a scammer gets conned, we all win. Jim Browning has an fascinating series on Tech Support Scams as well that is worth watching, even if from the perspective of understanding how such facilities operate.

Did you know? 

There’s a free product price tracker at camelcamelcamel.com and if you use the Brave browser, it’s even safe from third party tracking! Perfect if you’re looking for a specific product for a special someone and want to get it at the best price possible.

For a video version of this see https://youtu.be/QEbEK7n-hU0