This Week In Nerd News - September 28, 2020

One of this year’s most severe Windows bugs is now under active exploit.

For the third week in a row, this makes it to our top 5. That’s how bad ZeroLogon is. Remember, in seconds, an unauthenticated user can change Active Directory credentials of any user.

One of the highest-impact Windows vulnerabilities patched this year is now under active exploitation by malicious hackers, Microsoft warned overnight, in a development that puts increasing pressure on laggards to update now.

Foreign Hackers Cripple Texas County’s Email System.

The malware attack, which sent fake email replies to voters and businesses, spotlights an overlooked vulnerability in counties that don’t follow best practices for computer security.

“LokiBot,” the malware that steals your most sensitive data, is on the rise.

“Persistent malicious” activity sees a “notable increase” since July, feds say.

Federal and state officials are seeing a big uptick in infections coming from LokiBot, an open source DIY malware package for Windows that’s openly sold or traded for free in underground forums. It steals passwords and cryptocurrency wallets, and it can also download and install new malware.

Govt. Services Firm Tyler Technologies Hit in Apparent Ransomware Attack.

Tyler Technologies, a Texas-based company that bills itself as the largest provider of software and technology services to the United States public sector, is battling a network intrusion that has disrupted its operations.

The company declined to discuss the exact cause of the disruption, but their response so far is straight out of the playbook for responding to ransomware incidents.

Plano, Texas-based Tyler Technologies [NYSE:TYL] has some 5,300 employees and brought in revenues of more than $1 billion in 2019. It sells a broad range of services to state and local governments, including appraisal and tax software, integrated software for courts and justice agencies, enterprise financial software systems, public safety software, records/document management software solutions and transportation software solutions for schools.

Coffee Maker Ransomware

To end it off on a not-so-funny note, we used to joke about ransomwaring Coffee makers. Well it’s here.

The IoT or Internet of Things explosion brought about a new generation of devices and appliances that could what we previously only saw in science fiction. Almost all of their abilities, however, relied on connecting to the Internet or at least to your home network. Security experts have warned about the risks of such connected devices but while owners themselves may take some precaution, all of that gets thrown out the window if the manufacturer itself doesn’t even meet the basic security requirements.