Silicon Valley CISO Investments invests in Cyral·Read the press release
Blog

The Security Digest: Week 19

CyralWeeklySecurityDigest_HeroImage

Hello and welcome to TSD, your regular blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.

Check back here every Tuesday for more TSD or sign up below to stay in the loop!

Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!

  • According to ArsTechnica, as of Wednesday over 1,000 unsecured databases have been hit with an ongoing attack that permanently deletes all data and leaves “meow” as it’s calling card. This was found after a researcher found the “no log” VPN service, UFO VPN, left their logs unsecured.
  • According to ZDNet, “an unknown vigilante hacker has been sabotaging the operations of the recently-revived Emotet botnet by replacing Emotet payloads with animated GIFs, effectively preventing victims from getting infected.”
  • Did your Garmin device recently stop syncing? TechCrunch is reporting that the issue was due to a ransomware attack. And apparently they received the key. This brings up an interesting conundrum as the Treasury Department has sanctioned Evil Corp, the group responsible for the malware, which would prevent Garmin from paying the ransom. According to the article, they “did not directly make a payment to the hackers”. Hmm…
  • When security as code goes wrong: BleepingComputer is reporting that Tillie Kottmann has been collecting source code from tools like publicly accessible SonarQube installations and other means and publicly posting it. Reports say that over 50 companies are affected so far from banks to Microsoft, Adobe, Lenovo and many more. This is a good reminder that you should not hard code credentials in your code in case it ever gets leaked.

Owl fun and facts:

This image has an empty alt attribute; its file name is lusNmaB.jpg

“An extinct species of giant owl that lived 40,000 years ago (Pleistocene epoch) and preyed on smaller owls has been identified from fossils found in the Cangagua Formation in the Chimborazo province of Ecuador. Named Asio ecuadoriensis, the ancient bird was more than 70 cm (2.3 feet) tall and had a wingspan of over 1.5 m (4.9 feet)” via SciNews.

A Shout Out:

This image has an empty alt attribute; its file name is Screen-Shot-2020-07-21-at-2.08.30-PM-1.jpg

TheHive 4.0 was released yesterday. New features include “Siloed or collaborative multi-tenancy, RBAC, 2FA, TheHiveFS, incident sharing”. If you haven’t head of TheHive, it is a “scalable, open source and free Security Incident Response Platform.” TheHive is a great way to manage, triage and collaboratively work together on incidents from observables. TheHive is one of over 60 integrations we support out of the box.

That’s owl for now!

Stay Connected