December 28, 2020
Niles Nerd

WTH Security News December 28, 2020

Last one this year… enjoy!

Your weekly top 5 technical and security issues Nerds should pay attention to:

SOLARWINDS HACK INFECTED CRITICAL INFRASTRUCTURE, INCLUDING POWER INDUSTRY. At least 15 critical infrastructure firms in the electric, oil, and manufacturing industries were running the backdoored SolarWinds Orion software (per @kimzetter).

Suspected Russian hackers used Microsoft vendors to breach customers. Reuters says that the hackers behind the SolarWinds breach used access to Microsoft resellers to penetrate targets that weren’t backdoored by SolarWinds at all. The hackers used access to the reseller, which sells Office licenses but also has access to client systems for maintenance and customer support, to try to read the Office 365 cloud email belonging to cybersecurity giant CrowdStrike. Luckily, CrowdStrike only uses Office desktop apps and not Office 365 for its email. Had it been, it would’ve been “game over,” per a source speaking to Reuters. (per @ZackWhittaker)

Law enforcement take down three bulletproof VPN providers. VPN technology is an important resource. Choosing your vendor is like navigating a minefield.

Amazon Gift Card Scam Delivers Dridex This Holiday Season. We all need reminders that something too good to be true, probably is.

GoDaddy Employees Were Told They Were Getting a Holiday Bonus. It Was Actually a Phishing Test. Interesting twist in this story: normally staff are educated, but here it’s the execs who did some learning.

Did you know?

Zoom update adds support for Apple’s Arm silicon M1-based Macs. Finally, a long-lasting battery on a light-weight laptop for long remote zoom meetings 🙂

For a video version of the above, plus a fun personal tobogganing clip, check out