Your weekly top 5 technical and security issues Nerds should pay attention to:
FBI, DHS to go public with suspected North Korean hacking tools. This details activity from Hidden Cobra hackers and will benefit blue teams and defenders everywhere.
Security Flaws in Adobe Acrobat Reader Allow Malicious Program to Gain Root on macOS Silently. Stick to macOS Preview, if possible, for all PDF views and edits.
Zerodium will not be accepting any new iOS exploits for now. Even “Prices for iOS one-click chains (e.g. via Safari) without persistence will likely drop in the near future.” This is not a good trend for iOS security perception/reality. Time to look for additional defensive layers.
Thunderspy: What it is, why it’s not scary, and what to do about it. Still worth being aware. Steve Gibson also covered it on SecurityNow! Episode 766.
Ransomware Hit ATM Giant Diebold Nixdorf. The company says the hackers never touched its ATMs or customer networks, and that the intrusion only affected its corporate network.
Did you know?
Windows 10 quietly got a built-in network sniffer called pktmon (auto-correct wants me to know they meant to call it Pokemon). In Linux and macOS we’ve had tcpdump for a while, but Pokemon will replace wireshark for many use cases now.