Hello and welcome to TSD, your regular blog post with top of mind security issues! TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Hi Cyraloons and welcome to another week of TSD, your regular email / blog post with top of mind security issues, a few security tips for both work and home and at least 1 fun thing related to owls.
Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- Defcon is cancelled. No seriously, The Dark Tangent officially announced that Blackhat and Defcon are actually cancelled this year. Hack-a-Sat, which we mentioned in The Security Digest: Week 8, and a number of other virtual meetups and villages will be happening remotely though. Read the full statement on the Defcon forum
- The United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC) issued a rare joint alert that “APT Groups Target Healthcare and Essential Services.” Read the full alert at US Cert: APT Groups Target Healthcare and Essential Services.
- A high severity Saltstack vulnerability published April 30th continues to wreak havoc across the Internet. The latest company to be affected is Algolia, “which provides an on-demand search function for large-scale websites (such as Twitch, Hacker News, or Stripe).” This follows notifications from Ghost, LineageOS, DigiCert, XenOrchestra and more. In their original advisory, F-Secure found more than 6,000 Salt master servers publicly exposed. Make sure your Salt master isn’t exposed ASAP, and if it is, check to see if you have cryptominers in your network. More info at ZDNet.
- Zoom acquired Keybase to “build end-to-end encryption that can reach current Zoom scalability.” Could this be a direct impact of Alex Stamos joining? Read the full annoucement on the Zoom Blog.
- Violet Blue also wrote a good overview of the current state of video call apps and their privacy settings over at Engadget
- Thunderspy is a just announced vulnerability from Bjorn Ruytenberg from Eindhoven University of Technology against Windows and Linux computers with Thunderbolt ports from 2019 and before. This attack requires physical access, screwdrives and hardware to be able to gain access to a sleeping or locked computer even if it has full disk encryption. Thunderspy is definitely one of the coolest names for a recent vulnerability. Generate your own cool name at the Vulnerability Name Generator. Learn more about this attack and download Spycheck to see if your computer is vulnerable at Thunderspy.io
Owl fun and facts:
Male Snowy Owls are barred with dark brown when they’re young and get whiter as they get older. Females keep some dark markings throughout their lives. Although the darkest males and the palest females are nearly alike in color, the whitest birds—including the ones that played Harry Potter’s Hedwig—are always males and the most heavily barred ones are always females. Find more bird facts at The Cornell Lab’s All About Birds
Happy belated Mothers Day to all! This drawing is from Natalie Wallington based on an original photo by Tony Hisgett. See more of Natalies creations at her Etsy shop Raspberry Cloud Studio
A Shout Out:
Conftest allows you to write policy tests against your configuration infrastructure as code using Open Policy Agent. Conftest was developed by Gareth Rushgrove and debuted at KubeCon last year. With the increasing popularity, conftest is in the process of officially joining the OPA project as part of the CNCF. Congrats to Gareth and Conftest! Read the full announcement on Gareth’s Twitter.
That’s owl for now!
