December 21, 2020
Niles Nerd

WTH Security News December 21, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to:

Dozens of journalists’ iPhones hacked with NSO ‘zero-click’ spyware, says Citizen Lab. I know this is starting to sound like it’s the same song over and over. Same with the mitigation. Effective egress control is the only mitigation.

Microsoft is reportedly added to the growing list of victims in SolarWinds hack. In response to the report, Microsoft said it had detected a backdoored version of SolarWinds software in its network but had uncovered no evidence it was used to compromise the company’s production system or access customer data

Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor. This is the most important story of the week. The most important story of 2020.

Apple’s App ‘Privacy Labels’ Are Here—and They’re a Big Step Forward. It remains unclear how effective the warnings will be, but the attempt alone is a promising development.

Facebook tracks ‘OceanLotus’ hackers to IT firm in Vietnam. The announcement on Friday is the first time Facebook has publicly exposed an offensive hacking operation and, if confirmed, would be a rare case of suspected state-backed cyberspies being tracked to a specific organisation.

Did you know?

Finally, there’s true E2E (End to End) encryption for group video calling in Signal: Signal adds support for encrypted group video calls

For a video version of the above, go to: