go to sections menu

This week in the security landscape, News ending August 29th 2020 from blog The Technology blog and podcast

This is for the technology blog and podcast Commentary, articles, and podcasts

header picture for Ingegno theme

You are here: article commentary > This week in the security landscape, News ending August 29th 2020

Go to Homepage, contents or to navigation menu

This week in the security landscape, News ending August 29th 2020

Welcome to this week in the Security Landscape. I’ve decided to try and do something each week in regards to the Security Landscape, and model it after the blog post “This Week in Security news” which highlights articles around the landscape.

If you’d like something featured in this set, please feel free to contact me with a link to the piece, and we’ll take it from there.

In an upcoming Security Box, Michael in Tennessee talks to us about Microsoft as part of many things in the landscape that caught his attention. Microsoft Put Off Fixing Zero Day for 2 Years is the article title written by Krebs on Security. Michael went in to this as part of his segment for the box, and it is just aweful. How could Microsoft go and claim everyone is fixed, but yet, they can’t answer the question of why they took two years to acknowledge the flaw?

A security flaw in the way Microsoft Windows guards users against malicious files was actively exploited in malware attacks for two years before last week,
when Microsoft finally issued a software update to correct the problem.

There are links to prior information, but I said in the audio that it was fixed in July but it was fixed in August. Let me remind you that if they continue at this pace, we’ll have over 1300 patches for Windows itself. Michael indicates that this is as bad as Android was all those years ago. Oh boy!

Speaking of this week in Security News, Trend Micro has a deluge of things in this week as usual. One of the items talks about Ransomware going Corporate. We knew that was going to be the case, and its a good thing they’re leaving us individuals alone at least for now. The problem with the fact we’re working from home, according to this week’s news, is that the actors are now probing our home routers. One of the big questions I have asks the question on how we know whether our routers and devices our ISP’s and other vendors gives us is really as up-to-date as possible? This is going to be a continuing question. I just don’t understand this at all.

Also, as part of this week in Security news, Trend Micro is teaming up with a company to fight open source security problems. Trend has been in this business for many years, and so they have the inside knowledge of all of this. This is going to get interesting for the partnership.

Autodesk is a piece of software on the internet that allows people to keep track of various things. A recent article talks about their big-time problem in a cyber espianage attack. Trend Micro also covers the CVE that is well over 2 years that got fixed.

For a complete article rundown of this week in security news from Trend, This Week in Security News: Trend Micro and Snyk Partner to Fight Open Source Security Flaws and Ransomware Has Gone Corporate is the article, and please decide what might interest you.

Krebs on Security has been busy with various articles as of late we’ll cover as part of this week in the landscape. One article we’re taking a look at right now talks about hacked accounts. Sendgrid Under Siege from Hacked Accounts is the article title and this can’t necessarily be good.

Email service provider Sendgrid is grappling with an unusually large number of customer accounts whose passwords have been cracked, sold to spammers, and
abused for sending phishing and email malware attacks. Sendgrid’s parent company Twilio says it is working on a plan to require multi-factor authentication
for all of its customers, but that solution may not come fast enough for organizations having trouble dealing with the fallout in the meantime.

The long and the short of it? This company got targeted and their email accounts are sending out malicious content and they’re whitelisted as a safe sending agency. Maybe the Internet needs to fix this if that’s going to continue to be a problem.

Many companies use Sendgrid to communicate with their customers via email, or else pay marketing firms to do that on their behalf using Sendgrid’s systems.
Sendgrid takes steps to validate that new customers are legitimate businesses, and that emails sent through its platform carry the proper digital signatures
that other companies can use to validate that the messages have been authorized by its customers.

But this also means when a Sendgrid customer account gets hacked and used to send malware or phishing scams, the threat is particularly acute because a
large number of organizations allow email from Sendgrid’s systems to sail through their spam-filtering systems.

To make matters worse, links included in emails sent through Sendgrid are obfuscated (mainly for tracking deliverability and other metrics), so it is not
immediately clear to recipients where on the Internet they will be taken when they click.

To view this article in full please find the article title above. This is going to get very interesting.

Leah Bachmann is a member of Lastpass who does blogging for the agency of lots of various topics. This one is in regards to fighting identity theft. On the question of why pople would want to take someone’s identity, several bullet points are given.

  • open new credit cards
  • Charge purchases to existing credit cards
  • take out auto loans in your name
  • claim your tax refunds
  • open new cell phone accounts
    Submit fraud in regards to insurance claims

As people who are disable who read this blog, getting loans for cars when we can’t drive worries me. Getting new credit cards worry me too, because we don’t even know what is even going on until it is too late.

Here are 6 items that are highlighted

  • Place fraud alerts with the major credit bureaus
  • Monitor for stolen personal information
  • keep your devices clean and up to date
  • Stay suspicious on people asking for personal information
  • review accounts and statements
  • protect accounts with long, generated passwords and other security measures

There is stuff in each of these sections, and I do a lot of these. The question is, why should I place a fraud alert with the bureaus that got breached already? We’re already doomed already. For the full article Fighting Identity Theft is the article title. Have fun with this one!

Next, two articles talk about voice phishing. Phishing was discussed on an earlier program of the security box. This is going to be the new normal I’m afraid. I don’t really understand the motive

Both articles should be read in full, its something that I want to get out there. Both articles come from Krebs on security and they link to lots of various stuff.

Finally, I want to highlight a two-part article talking about a criminal that wants to turn his life around. We’ve covered this guy on the technology podcast, and what I saw this week really is awesome.

Both Krebs articles here is quite interesting. First part is the story, the second is an eye opener. I always like to see stories like this one, and I hope that within this next year, we can see more stories like this. Please contact me with anything you see, and we’ll see what we can do. Some of these may be included in podcasts, others may not. You never know!

Informazioni sull'articolo

This week in the security landscape, News ending August 29th 2020 was released on August 29, 2020 at 6:30 pm by tech in article commentary.
Last modified: August 29, 2020.

Comments (0)

No comments yet.

Leave a comment

You must be logged in to post a comment.

go to sections menu

navigation menu

go to sections menu