January 11, 2021
Niles Nerd

TWINN Security News January 11, 2021

Your weekly top 5 technical and security issues Nerds should pay attention to:

Telegram feature exposes your precise address to hackers. Telegram, the not-so-secure messaging app, has a vulnerability that exposes users’ precise geolocation — but Telegram has no plans to fix it. I know fleeing WhatsApp users are looking for a better home, but Telegram isn’t it.

Ransomware Victims’ Data Published via DDoSecrets. This is Wikileaks’ successor, but unfortunately with even less discernment. The lesson in all of this is to take security seriously so your company data is never exfiltrated in the first place.

Malware Developers Refresh Their Attack Tools. The LokiBot increases in sophistication but still relies on egress for several stages, so proper controls can still provide 100% protection.

Cryptocurrency stealer for Windows, macOS, and Linux went undetected for a year. If you’re the holder of crypto currency, treat it like you would your real wallet, especially one that has cash in it.

Cobalt Strike & Metasploit Tools Were Attacker Favorites in 2020. These are readily-available tools marketed towards “red teams”, or adversary emulators, no wonder criminals use them in the real world.

Did you know? 

Ecosia.org is a search engine that “plants trees with your searches”. It’s very effective. However, it does not offer a safe search function.

For a video version of this TWINN post, see https://youtu.be/dPi84g2ecHY