July 13, 2020
Niles Nerd

WTH Security News July 13, 2020

Your weekly top 5 technical and security issues Nerds should pay attention to:

CVE-2020-1425 and CVE-2020-1457 are Emergency Windows Updates. However, they are available only from the Microsoft Store. They both address a critical Microsoft Windows Codecs Library Remote Code Execution Vulnerability.

Cyber Command backs ‘urgent’ patch for F5 security vulnerability. Here’s a major bug in widely used networking gear which, if you haven’t patched your enterprise environment, you’re probably already a victim, according to @CISAKrebs.

Microsoft secretly seized domains used in COVID-19-themed email cyberattacks. A U.S. federal court has allowed Microsoft to seize and take over a number of malicious domains used in a large-scale business email compromise (BEC) attack targeting victims in dozens of countries. The prevalence of this is no surprise if you ever look at certstream (real-time SSL certificate registrations) filtered by trademark strings.

The hidden trackers in your phone, explained. How covert code enables your phone’s apps to spy on you. Note that you’re tracked by default. It will take conscious action on your part to slow it down or stop it altogether.

Glupteba is state-of-the-art malware. Lest we rest, thinking traditional defenses are good enough against cybercrime. Steve Gibson will be covering Glupteba in detail on Security Now Episode #775 tomorrow.

Did you know?

Open Source Canary is at https://github.com/thinkst/opencanary

“OpenCanary is a daemon that runs several canary versions of services that alerts when a service is (ab)used.” When our young sons asked me what a canary is, I tell them it’s a smoke alarm.