This Week In Nerd News - February 3, 2020

Researcher Finds Over 60 Vulnerabilities in Physical Security Systems.

Most of our favourite vendors are on that list.

The DHS’s Cybersecurity and Infrastructure Security Agency (CISA) recently published an advisory to warn users of Honeywell’s MAXPRO video management system (VMS) and network video recorder (NVR) products that Austria-based researcher Joachim Kerschbaumer had identified two serious vulnerabilities that could allow hackers to take control of affected systems.

Hackers love .XYZ domains.

Spam never went away. And it continues to be on the rise for an obvious reason: spam still works. And the abundance of spam coming from .xyz and other new TLDs (top-level domains) helps explain why this dirty trick remains so effective.

Microsoft Leaves 250M Customer Service Records Open to the Web.

Misconfigured Microsoft cloud databases containing 14 years of customer support logs exposed 250 million records to the open internet for 25 days. The account info dates back as far as 2005 and is as recent as December 2019 — and exposes Microsoft customers to phishing and tech scams.

Tomato Routers under attack.

I wouldn’t be surprised if we had many nerds running vulnerable versions.

Internet routers running the Tomato alternative firmware are under active attack by a self-propagating exploit that searches for devices using default credentials. When credentials are found and remote administration has been turned on, the exploit then makes the routers part of a botnet that’s used in a host of online attacks, researchers said on Tuesday.