Your weekly top 5 technical and security issues Nerds should pay attention to:
CISA Statement on the Colonial Pipeline Ransomware Incident. This underscores the threat that ransomware poses to organizations regardless of size or sector.
Severe vulnerabilities in Dell firmware update driver found and fixed. But who updates their Dell firmware? We obviously all should.
Apple reports 2 iOS 0-days that let hackers compromise fully patched devices. That’s why 14.5.1 upgrade is essential, if you haven’t done so yet. Other mitigations such as zero trust network access also limit future exposure to yet-unknown Webkit vulnerabilities.
CISA Publishes Analysis on New ‘FiveHands’ Ransomware. Attackers used publicly available tools, FiveHands ransomware, and SombRAT to successfully target an organization, officials report.
Pirates pave way for Ryuk ransomware. Downloading pirated software has never been more dangerous.
Did you know?
Over 128-million iPhones had an XcodeGhost-compiled app installed and notification to impacted users never happened. While this is no longer a threat today, it really brings home the need to apply zero trust even to iOS apps.
For a video version of this, see https://youtu.be/gAYAwBDqAn0