Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- Hope you already patched your Windows AD domain controllers over the weekend or before as the patch was released in August. Zerologon gets a 10.0 CVSS score and allows anyone with access to login to an unpatched AD instant access. Ars Technica has more. Secura wrote up technical details about it and published a POC to test if your AD instances are still vulnerable on Github. Even CISA issued an emergency directive urging everyone to patch.
- KrebsOnSecurity digs into the indictment of “seven Chinese nationals for a decade-long hacking spree that targeted more than 100 high-tech and online gaming companies”. One of the interesting tidbits here is they allege a “supply chain” attack as one of those indicted was the owner of anti virus firm that was profiled by Krebs in 2012.
- Add another bug never to be fixed in IoT devices and beyond as researchers have looked at BLE aka Bluetooth Low Energy and found that the spec is poorly worded and reconnection is insecure in numerous implementations. The researchers have dubbed it BLESA and say it affects billions of devices. Read more at ZDNet.
- Are you running Firefox on your mobile device? Make sure you update ASAP as a security researcher from GitLab found a bug that could hijack any Firefox users on the same network. Read more at ZDNet.
- Motherboard has a story about the Trump campaign buying mobile data to be able track voters. This data comes from a 3rd party that provides analytics and mapping to various apps and then sells the data they receive. Motherboard then points to a CEO of another firm that sold similar data in 2016: “worked with Republicans to track people’s locations near Evangelical churches over the course of a six-month period, and then also tracked their locations on election day. “We were telling the ground team who showed up to vote and who hadn’t yet,” Mobilewalla CEO Anindya Datta said in a 2017 podcast. Campaigns were then able to send alerts to presumed Evangelicals (who overwhelmingly vote Republican), reminding them to go vote.” This has been an ongoing story as can be seen from this story on The Intercept.
- And finally, Oracle is or isn’t buying TikTok with the president’s blessing or not, Ars Technica has a good rundown of all the questions and answers or at least current answers. WeChat meanwhile needed a judge to block App Store bans. More info at The Verge on both. Blocking apps from app stores for security concerns seems like a good way to introduce security concerns but what do I know?
Owl fun and facts:
The powerful owl (Ninox strenua) is Australia’s largest owl. Their wingspan can reach 55 inches (140 cm). Read more about this awesome owl, listen to what the chicks sound like and find out how you can get involved in the Powerful Owl Project if you live in Australia over at Cosmos Magazine.
A Shout Out:
CNCF project Falco recently released v0.25 and it has a ton of new features including rules improvements, community involvement, gRPC support and driver improvement.
“The Falco Project, originally created by Sysdig, is a CNCF open source cloud native runtime security tool. The premise behind the tooling is fairly straightforward, but the details are another story. Essentially, Falco makes it easy to consume kernel events, and enrich those events with information from Kubernetes and the rest of the stack. Falco has a rich rule set of security rules specifically built for Kubernetes, Linux, and cloud-native stacks. If a rule is violated in a system, Falco will send an alert notifying the user of the violation and its severity.”
Check out their full post on the CNCF blog and then head over to Github to check out Falco.
That’s owl for now!