Hello and welcome to TSD, your regular blog post with top of mind security issues! TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Hi Cyraloons and welcome to week 11 of TSD, your regular email / blog post with top of mind security issues, a few security tips for both work and home and at least 1 fun thing related to owls.
Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- On Saturday, unc0ver released v5.0 utilizing the “first 0day jailbreak released since iOS 8.” The jailbreak works on all current versions of iOS from 11.0 – 13.5. In other iOS news, Motherboard is reporting that “security researchers, hackers, and bloggers, have had access to an early version of the new iOS 14 for months.”
- In TSD-05, we highlighted a story from KrebsOnSecurity about the potential for fraud of the Economic Impact Payment for Coronavirus Tax Relief Act and as was expected a number of states, including Washington State according to the Seattle Times have been bilked of “hundreds of millions of dollars.” One of the most egregious cases involves “259 different variations of a single email address” using dot in various parts of the email address because GMail ignores it. Read on for the full report from Agari Data.
- Are you a developer that needs help fixing security flaws in your code? If you’re a malware developer KrebsonSecurity has uncovered a service specifically for you! “RedBear’s service is marketed not only to malware creators, but to people who rent or buy malicious software and services from other cybercriminals. A chief selling point of this service is that, crooks being crooks, you simply can’t trust them to be completely honest.” Secure development, we’re all trying to get better. I wonder if they also use Jira and Confluence to track their bugs? Read the full story from KrebsOnSecurity
Owl fun and facts:
Jibini can’t believe it’s Tuesday already and is a mere 13 day old Verreaux eagle owl, more commonly known as a milky eagle owl. Jibini means cheese in Swahili, one of the languages spoken in sub-Saharan Africa where this owl is a native species. He’s currently feasting on “messus pieces” but in the wild he could grow large enough to snack on small monkeys. Check out the original image, more facts, and see his massive size at only 3 months at Woodland Park Zoo.
A Shout Out:
Listen to your little bird’s “Whispers” with “a static code analysis tool designed for parsing various common data formats in search of hardcoded credentials and dangerous functions” from Skyscanner Engineering. Skyscanner has previously released Sonar Secrets to integrate with SonarQube in your development pipeline. Be sure to check out their full pipeline of other tools you could be using to secure your code as well. Read more about what Whispers advanced secret detection can do. Then go ahead and download Skyscanner Whispers from Github.
That’s owl for now!