Your weekly top 5 technical and security issues Nerds should pay attention to:
SIGRed is a 15-year-old Windows DNS Server vulnerability. When exploited, this is wormable. The last major wormable exploit brought us Wannacry, so this one is worth taking seriously with patching and mitigations. Kevin Beaumont wrote a nice blog titled Detecting DNS CVE-2020–1350 exploitation attempts in Azure Sentinel.
send.firefox.com is still down. Mozilla suspends Firefox Send service while it addresses malware abuse.
Backdoor accounts discovered in 29 FTTH devices from Chinese vendor C-Data. While this is very serious, most ISPs have these interfaces available only on management networks and not easily exploited from a public vantage point.
Garmin outage caused by confirmed WastedLocker ransomware attack. Sunday night, the website was down, but as of Monday morning, the signin appears to be functional again at https://connect.garmin.com/signin/.
How to Survive a Ransomware Attack Without Paying the Ransom. This mirrors so many incidents we’ve responded to in the last few years, albeit at a smaller scale, it is worth reading to find the biggest “bank for the buck” when it comes to being proactive.
Did you know?
Working, Studying and Living at home is yielding cool services/app like Yousician. Whether or not your family is musically inclined, this is far more productive than Fortnite.