ISPs are harvesting data, REvil taken down, ransomware hits Halloween candy maker, ransomware operator hired legit security researchers, devices with a GPS library bug could revert to 2002, Russian SolarWinds attackers are still at it, hacking tools limited and Truth Social had a free pentest before it was even announced. In owl news, an owl not confirmed seen for 150 years was recently photographed and finally OSQuery 5.0 is out with a ton of new features from Trail of Bits and more.
- An FTC report on advertising by ISPs shows that many are harvesting vast amounts of data. The report is simply that and no rules are proposed at this time to limit this data harvesting. Read more at Motherboard
- A multi country effort took down the infrastructure for the REvil ransomware gang according to officials and the admin. Read more at Reuters
- First they came for our gas and then they came for our meat processing plants and now ransomware operators have come for a manufacturer of candy corn? Regardless of what you think of candy corn, I hope we can all agree this has gone too far. Thankfully they’re back at near capacity. Read more at Gizmodo
- Ransomware group FIN7 setup a fake security company to hire security researchers to ultimately use them in ransomware attacks according to research from Gemini Advisory and Microsoft. Read more at The Record
- CISA is warning about a bug in a GPS library could switch some dates back to 2002 if not updated. Read more at The Record
- Microsoft is warning that the Russian based attackers that targeted SolarWinds have infiltrated at least 14 IT supply chain firms since May. Read more at BleepingComputer
- The Department of Commerce announced new controls that would target the export of hacking tools without license to certain countries. There is some concern about legitimate prevention of research but overall, many have found there is quite a bit of nuance to it to strike the right balance. Read more at The Washington Post
- The truth about Truth Social is that it’s just using a fork of Mastodon and has little in the way of preventing random people creating donaldtrump and mikepence user names before it is even officially launched. The maintainer of Mastodon is examining whether hiding their use of Mastodon violates the license. Read more at Motherboard.
Owl fun and facts:
Shelley’s Eagle Owl has been seen and photographed for the first time in 150 years! “There have been occasional reports over recent decades from people believing they have heard or briefly seen Shelley’s Eagle Owl from a few different localities across West and Central Africa from Liberia to Angola…The pair only saw the bird perched for 10-15 seconds but in that time managed to take photographs that confirm the identification due to its distinctive black eyes, yellow bill, and huge size, which in combination rule out all other African forest owls.” Read more at The Imperial College of London.
A Shout Out:
Endpoint visibility tool osquery has recently released 5.0 with major improvements including “an EndpointSecurity-based process events table for macOS”. Security firm Trail of Bits has been instrumental in contributing to osquery and has a full rundown of everything in the new version which you can read on the Trail of Bits blog.
About:
TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
That’s owl for now!