Cyber Security

TWINN Security News November 29
by Niles Nerd

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to:

GoDaddy data breach impacts 1.2 million WordPress site owners. What a way to start out your week, I know! The worst part of this story is that victims will have a difficult time to find out how far this spread. For example, the SSL certificate keys, if compromised, could have been exploited in ways that cannot be tracked. The initial breach came from a compromised password. So many lessons in this story that we can learn from.

Malware now trying to exploit new Windows Installer zero-day. Since this attack bypasses the Windows Installer patch, a wide-ranging campaign appears possible and likely being planned. Every single version of Windows is affected. The best way to be vigilant is to already have a ZeroTrust in place and disallow any software installation during this high-risk period until this new vulnerability is patched properly.

Facebook to delay full E2EE rollout until ‘sometime in 2023’. We see this in the industry over and over. There’s no advantage to Facebook/Meta to do this any faster, as it does not allow them to directly sell any more advertising. However, it is a good reminder that communication on Facebook simply isn’t secure or private and may never be.

How Threat Actors Get Into OT Systems. Spoiler alert: via network intrusions and via removable media. It turns out that ZeroTrust Connectivity disrupts both from doing damage. When an OT device has the principle of least privilege applied, it leaves even removable storage attacks completely crippled and unable to spread or reach their Command & Control (c2) servers, effectively neutering such potential threats.

Scammers are destroying lives, one gift card fraud at a time. Here’s who’s fighting back. Here’s a feel-good story about gift card fraud getting challenged. When a scammer gets conned, we all win. Jim Browning has an fascinating series on Tech Support Scams as well that is worth watching, even if from the perspective of understanding how such facilities operate.

Did you know? 

There’s a free product price tracker at camelcamelcamel.com and if you use the Brave browser, it’s even safe from third party tracking! Perfect if you’re looking for a specific product for a special someone and want to get it at the best price possible.

For a video version of this see https://youtu.be/QEbEK7n-hU0 

Related Posts

TWINN Security News January 17

TWINN Security News January 17

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to. Today our focus is on RATs, or Remote Access Trojans. RATs are one of the most powerful tools in a cyber criminals bag of tricks. They’ve existed...

TWINN Security News January 10

TWINN Security News January 10

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to: This week we focus on the difficult challenge ahead of public software libraries and scripts that thousands of companies and developers are...

TWINN Security News January 3

TWINN Security News January 3

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to: In 2022, I’ll have more of a focus on one key story for my TWINN each Monday. The feature story today is around SIM swapping. It’s an attack vector...