Hello and welcome to TSD, your regular blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- One of the interesting talks from Black Hat / Defcon this year, was a Microsoft Office macro based hack for MacOS from Patrick Wardle. Wardle spoke with Vice to provide more details. Watch his Defcon talk on Youtube. Make sure you have the latest updates for both Office and Mac as this is now fixed.
- Do you use TeamViewer on Windows? Update now as they just patched a bug that expanded your team to remote unauthenticated users. More info at BleepingComputer.
- 2 weeks ago in TSD-19, we mentioned Tillie Kottmann and their various security as code leaks. Since then they have been removed from Twitter and posted 20GB of internal Intel docs according to BleepingComputer.
- Watch the rest of Defcon videos up on Youtube if you haven’t seen them yet!
Owl fun and facts:
The above is detail from The Garden of Earthly Delights painted by the Early Netherlandish master Hieronymus Bosch. During Bosch’s time, the owl was not nearly as well regarded today or during ancient Greece and their association with Athena. Owls often appeared in his paintings as “All of them painted in a very realistic manner keep a watchful eye”. Daily Art Magazine delves more into Bosch’s various paintings and their oft included subject.
A Shout Out:
Rob Ragan from Bishop Fox presented at Black Hat this year and released a brand new tool called Smogcloud. From Smogcloud on GitHub:
“Find exposed AWS cloud assets that you did not know you had. A comprehensive asset inventory is step one to any capable security program. We made smogcloud to enable security engineers, penetration testers, and AWS administrators to monitor the collective changes that create dynamic and ephemeral internet-facing assets on a more frequent basis.”
This is another great tool you can add to your security as code arsenal for continuous monitoring. Go check it out today!
That’s owl for now!