Hello and welcome to TSD, your regular blog post with top of mind security issues! TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Hi Cyraloons and welcome to another week of TSD, your regular email / blog post with top of mind security issues, a few security tips for work, home and protest and at least 1 fun thing related to owls.
- Anonymous is back or not, maybe? You too can join Anonymous. Vice recaps most of the recent activity associated with Anonymous and talks to Gabriella Coleman who wrote a book on Anonymous. Read the full article at Motherboard. Since this article, a Twitter account purpotedly associated with Anonymous announced they had taken down the Buffalo PD website in retaliation for the 75 year old man whow was knocked down.
- Breach notifications continue to trickle out from the fallout of the release of data from 11 different comapnies by the Shiny Hunters hacking group. The latest are notifications from Minted and Home Chef. If you have an account at any of these companies, please change your password immediately, especially if it is being reused. We can’t possibly advocate enough for using a password manager to store unique passwords across different accounts. Credential stuffing, or reusing leaked passwords across different services, continues to be a highly effective way to be able to gain access to accounts across different services. Read the full report on BleepingComputer
- Following up on the story in TSD-11 about the fraud affecting a number of states, The Seattle Times is reporting that Washington state “had recovered more than $300 million of the stolen funds and blocked thieves from stealing “hundreds of millions” of additional dollars” which has further delayed legitimate payments. APT Groups Target Healthcare and Essential Services.
- Cisco is the latest company to announce they’ve also had servers compromised by the SaltStack vulnerability we first mentioned in TSD-9. 6 of their servers were compromised and they released patches for 2 of their products. Read the full story at BleepingComputer
- As Eva put it on Twitter: “You may be thinking “hey, I know about security. I want to go out and help vulnerable organizations and populations protect themselves.” I recommend starting by checking out the Security Education Companion“
- If you’re out at a protest, you may want to review EFF’s guide to surveilance self defense. A number of these suggestions are great even if you’re not at a protest. Remember, biometrics are not protected under 5th ammendment laws, so if you have a finger or face unlock enabled, you can be forced to unlock your phone. Passwords are considered something you know, and therefore are not required to divulge. Once you’ve reviewed what to protect yourself against surveilance, read their guide to identify visible and invisible means of surveilance as well.
Owl fun and facts:
Coba is a spectacled owl and is shocked from what has happened. Spectacled owls are found in Mexico, Central America, Trinidad and Tobago, and South America. Coba is laid-back and has an easy personality. He likes to eat dead mice and quail, and he loves it when his keepers give him head scratches. Book your next ZOOm call with Coba or a number of other animal ambassadors with the Woodland Park Call of the Wild.
2 Shout Outs:
This week’s security shoutout is a triple threat featuring SummitRoute’s annual update to their AWS Security Maturity Roadmap. One of the awesome updates includes adding the newsletters CloudSecList by Marco Lancini and tl;dr sec by Clint Gibler. One of the others way to keep up with news is to join the Cloud Security Forum slack, reach out to me on Twitter at @dant24 for an invite.
That’s owl for now!