Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- Goodbye 2020! 2020 felt like a decade at least and we’re overwhelmed from everything that happened. We’re excited for 2021 and the major gains we saw from our 2020 Security as Code Tool picks.
- The fallout and analysis from the Solar Winds hack keeps coming. FireEye published a ton more technical details. Microsoft published a how to use Defender to respond to the attack. CERT published an RCE bypass vulnerability for SolarWinds Orion. Meanwhile The Intercept is reporting on critical infrastructure that was infected. And Reuters is reporting that the attackers breached companies via a Microsoft reseller. This entire thing is deep and I haven’t even yet fathomed how much info they already have.
- A man spent 10 days in jail after a New Jersey police department relied on Clearview facial recognition that has since been banned in the state according to NJ.com. Meanwhile, a NY school district that has been using facial recognition technology is ordered to stop according to BuzzFeed news.
Owl fun and facts:
Happy New Year from Owl of Us by Glen Holbrook. Buy the print at FineArtAmerica.
A Shout Out:
Finally, a best of list from Motherboard featuring some of the best stories of 2020 as well as Risky Biz’s interview with Chris Krebs and finally Zack Whittaker’s This Week in Security which I definitely ready every week.