Cyber Security

TWINN Security News October 4
by Niles Nerd

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to. Let’s try a week without ransomware stories…

Hundreds of scam apps hit over 10 million Android devices. This trend apparently has never stopped, mostly around premium SMS fraud. One way is to turn OFF SMS at the carrier level, which is starting to sound more and more appealing each day.

Portpass app may have exposed hundreds of thousands of users’ personal data. Any rushed data sharing initiative carries risk, and here we see how up to 650,000 Canadians may have had their personal data exposed already.

More Than 90% of Q2 Malware Was Hidden in Encrypted Traffic. If this isn’t a call for proper security posture, I’m not sure what is. What this means is that traditional firewalls that rely on deep packet inspection are now 92% ineffective at discovering malware.

Apple forgot to sanitize the Phone Number field for lost AirTags. You can specify a lost airtag’s phone number so good samaritans can reach you, but the field can specify code that leads such good samaritans to a malicious place. Oof. Ouch. For now, just don’t reporto any lost airtags and you’ll be safe from being taken somewhere you don’t want to be.

Fortinet, Shopify and more report issues after the root CA certificate from Lets Encrypt expires. Last week we covered this as a warning and notice and sure enough, many services failed, but for the most part, web services were fairly quickly restored when systems administrators saw the problems. And it’s hard to tell how many end users were impacted, but most of us are ok, apparently.

Did you know? 

There’s a Multibillion-Dollar Market for Your Phone’s Location Data. We all ought to think about how we feed the market by default and what we can do to turn it off. For starters, review all apps that have any ability to track you, and any browsers you use that don’t have tracker blockers.

For a video version of this see: https://youtu.be/uyxhyjlGdT4

Related Posts

TWINN Security News October 11

TWINN Security News October 11

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to: Company That Routes Billions of Text Messages Quietly Says It Was Hacked. For five years! While we’ve known for a while that there’s no encryption...

TWINN Security News September 27

TWINN Security News September 27

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to: Exchange/Outlook autodiscover bug exposed 100,000+ email passwords. Oh ouch. Back in 2007 when Microsoft created this protocol, it wasn’t yet a...

TWINN Security News September 20

TWINN Security News September 20

Welcome to this week in NerdNews (TWINN). Your weekly top 5 technical and security issues Nerds should pay attention to: Warning: Update Chrome Now As Hackers Attack Two Major Vulnerabilities In Google Browser. Might be a good time to use Brave instead as an alternate...