The Security Digest: Week 8
Hello and welcome to TSD, your regular blog post with top of mind security issues! TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Hi Cyraloons and welcome to another week of TSD, your regular email / blog post with top of mind security issues, a few security tips for both work and home and at least 1 fun thing related to owls.
- This CTF is out of this world! The US Air Force wants you to Hack-A-Sat. Yes, literally hack a satellite. You’ll need to register for qualifications that start on May 22nd. More info, and registration available at Hack-A-Sat.
- ZDNet reviewed SEC documents since the beginning of 2019 and found that over 1000+ companies have “started listing ransomware as a forward-looking risk factor in their reports to the SEC.” There appears to be a two part reason that this is the case: 1) Ransomware has made headlines repeatedly with major incidents. 2) In 2018, the SEC published guidance that companies need to improve their filings related to cybersecurity and included ransomware as a potential threat vector. More info at ZDNet.
- The latest alert from the Cybersecurity and Infrastructure Security (CISA) is focusing on Microsoft Office 365 (O365) product for secure remote work. The recommendations include multi-factor authentication, Unified Audit Log (UAL) and proper permissions for all users. If you’re using O365, read the full alert at National Cyber Awareness System.
- “It’s not just Zoom.” Consumer Reports reviewed the privacy policies of the other major videoconferencing platforms. Not surprisingly, “from a privacy point of view, none of these options are great”. Read the full report at Consumer Reports.
- ICANN voted to reject the sale of the .ORG registry to Ethos Capital. A wide ranging number of companies and organizations signed on to call for ICAAN to reject the sale. Notable Internet and Software foundations included Apache Software Foundation, Drupal, EFF, Free Software Foundation, GNOME, NetBSD, OpenStack Foundation, Tor and many more. Read the full statement from ICANN.
Owl fun and facts:
Barred Owls are named for the bars of brown on their feathers. Barred Owls are native to the eastern portion of North America but now can be found on the west coast competing with the endangered Spotted Owl. Read more about their plight at Smithsonian Mag.
Purchase these wonderful Bard Owl cards from Katrinas cards
A Shout Out:
SkyWrapper “is an open-source project which analyzes behaviors of temporary tokens created in a given AWS account”. SkyWrapper was written by Omer Tsarfati from CyberArk Labs. Read more about it at Wild Temporary Tokens and Where to Find Them – AWS Edition.
That’s owl for now!
Fernando Pereira got his Ph.D at the University of California, Los Angeles, in 2008. Since 2009 he is an associate professor at the Department of …
The Security Digest: Week 31
Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, …