Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via firstname.lastname@example.org or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- Tuesday was Patch Tuesday for Microsoft and Friday 2 more updates showed up that could potentially allow remote code execution (RCE) for Windows 10 and Visual Studio users. Update ASAP! Read more at ZDNet.
- Emotet meanwhile is taking advantage of users updating by imitating Windows updates to actually download the malware. Be on the alert and check out the screenshots gathered by ZDNet. Per some of the recent reports, this has been used in spam messages to actually download TrickBot which survived Microsoft’s takedown, via ZDNet, that we mentioned last week in TSD-30.
- The Department of Justice has charged 6 members of Russia’s GRU for their involvement in NotPetya, OlympicDestroyer and more. In total, there are 7 separate major incidents in the indictment. One of those indicted was also indicted by Robert Mueller. Read more at ZDNet.
- Worth it for the stock photo alone of an anonymous / Robin Hood mashup, the BBC is reporting that a ransomware group has donated $10,000 each to Children International and The Water Project.
- NPM removed 4 packages it found opening reverse shells on remote user’s computers after being downloaded. 3 of the 4 shared exactly the same code yet had different manifests. Between the 4 they had attracted over 1000 downloads. Read more at Bleeping Computer.
- Finally, way back in early TSD we used to mention Zoom nearly every week. Zoom is back as they are now rolling out a preview of their end-to-end encryption (E2EE) next week. Hosts will be responsible for enabling it and at current a number of features do not work as is. Still, after acquiring Keybase, (TSD-09), it’s exciting to see this first rollout. Read more at ThreatPost.
Owl fun and facts:
This is a Western Screech Owl. “This compact raptor is one of the smallest owl species in North America with a range that extends all the way from southern Alaska down to Nicaragua. Despite its name, the Western Screech Owl does not screech, but makes a series of toots and an occasional soft hooting.” Image and text via Lindsay Wildlife Experience in Walnut Creek, CA. If you make a trip to Lindsay, you can see Cypress who was brought their as a 3 day old owlet and has lived there ever since.
A Shout Out:
Servian released an interesting tool for AWS that can auto remediate security issues using AWS Config. Some of the interesting things it can auto remediate include making sure RDS instances are not publicly accessible and deleting any 0.0.0.0/0 rules for RDP connections. It looks like the project was released about a year ago though and there hasn’t been too many updates. Still a really interesting example of security as code via AWS.
That’s owl for now!