Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
- Russian criminals began deploying Ryuk ransomware against hospitals and other care facilities last week prompting the FBI, DHS and HHS to warn of an imminent attack with at least 5 being hit so far via KrebsOnSecurity.
- Microsoft announced they detected and worked to stop Iranian threat actors targeting potential attendees of two upcoming conferences for world leaders.
- Last week we mentioned Maddie Stone at Project Zero, and this week P0 disclosed a Windows zero day under active exploit. Updates are expected November 10th, on Microsoft’s normal Patch Tuesday via Ars Technica.
- Last week we mentioned an Nvidia RCE and a brief mention of a get out the vote stream of Among Us on Twitch. Days later Among Us was hit by bots in a spam campaign in a publicity stunt. We’ve found the impostor via Wired.
- Business is good for at least one startup per their latest funding round: “Grayshift, The Startup That Breaks Into iPhones For The Feds, Raises $47 Million”, via Forbes. Read more about Grayshift at Vice.
Owl fun and facts:
Have you heard about the blue owl from the Philippines or maybe Madagascar? Snopes is on the case and found the original photo is of a Guatemalan Pygmy Owl from The Owl Pages. This pygmy owl is debated on whether it is a distinct species or a subspecies. This owl’s home turf is Southern Mexico, Guatemala and Honduras. It grows to a maximum heigh of 7 inches and is partly diurnal.
A Shout Out:
CrowdSec is a Go based replacement to the popular Fail2Ban and much more. “Once detected you can remedy threats with various bouncers (block, 403, Captchas, etc.) and the blocked IPs are shared among all users to further improve their security.” They even have a number of integrations and can trigger actions in places like CloudFlare, WordPress or Nginx.
Daniel Miessler also has a great intro article on what it is and how to set it up.
That’s owl for now!