Hello and welcome to TSD, your regular blog post with top of mind security issues! TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Hi Cyraloons and welcome to another week of TSD, your regular email / blog post with top of mind security issues, a few security tips for both work and home and at least 1 fun thing related to owls.
Please reach out to us directly, via firstname.lastname@example.org or on twitter at @dant24 if you have any questions, concerns, tips or anything else!
- Windows computers are being targeted with an unpatched exploit via malicious documents. The bug can be exploited via opening the document or even viewed in Windows Preview. Microsoft announced that the patch will be out on the next Patch Tuesday on April 14. Read the rest at TechCrunch
- D-Link and Linksys home routers are being hacked to point to coronavirus themed malware that will pop up when a user tries to visit a legitimate website. The pop up will ask the user to install an app to learn more about coronavirus. If you have one of these at home, make sure that you are not using the default credentials, are not reusing passwords and be sure to check your DNS settings via BleepingComputer
- Malwarebytes has identified attacks against Tupperware[.]com and Peta[.]com that compromised their official online stores allowing attackers to steal credit card numbers of shoppers. A full technical writeup on the Tupperware hack can be found here. More info on the PETA attack can be found here here
- A US hospitality provider was mailed a USB thumb drive designed to install malware and siphon off financial data. If you ever find a USB thumb drive, it’s best to not plug it in. Read more at TechCrunch
Owl fun and facts:
Many owls are nocturnal and sleep during the day, but the snowy owl has been seen hunting during the day and at night as well.
A Shout Out:
Tanya aka SheHacksPurple has just released her new site SheHacksPurple.dev an online learning resource dedicated to teaching Application Security, DevSecOps, and Cloud Security. Be sure to check out the slides from her BSidesSF talk Security Learns to Sprint.
That’s owl for now!