Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via firstname.lastname@example.org or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- “Just another Tuesday” was how CISA officials described election day. There were attacks but no major disruptions by foreign actors per officials via NPR
- Project Zero disclosed 3 more major zero days actively being exploited, this time in Apple iOS. Update your iPhone ASAP! Read more at Ars Technica
- Russian criminals began deploying Ryuk ransomware against hospitals and other care facilities last week prompting the FBI, DHS and HHS to warn of an imminent attack with at least 5 being hit so far via KrebsOnSecurity.
- Mashable made their own news after they confirmed that their user database was posted online. They said that no passwords were involved. Have I Been Pwned reports that 76% of accounts were already in their database. Read more about the breach at Port Swigger.
- Back in TSD-19, we mentioned a researcher sounding the alarm about public SonarQube installations, this week the FBI made public an alert they sent out highlighting the same issue per ZDNet.
Owl fun and facts:
These two are Mexican spotted owls and are currently listed as threatened. A long running lawsuit brought by an environmental group has been finally settled with federal agencies agreeing to monitor millions of acres for presence of these owls. The Mexican spotted owl can be found in Colorado, Utah, New Mexico and Arizona. Read more at AZCentral.
A Shout Out:
Tanya Janca aka SheHacksPurple has a brand new book out on Wiley called Alice & Bob Learn Application Security. Buy it now from Wiley or from Amazon. If you’re looking for more great appsec content, be sure to check out her learning platform WeHackPurple.
That’s owl for now!