Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
- Have you patched Chrome again? And again? And again? 2 more zero days have been patched with 5 total in the past 3 weeks via ZDNet. Be sure to upgrade ASAP if you see the upper right hand corner with an orange or red icon.
- Microsoft has called out 3 state sponsored hacking groups targeting 7 different COVID-19 vaccine makers around the world. The attacks range from brute force to password spray to spear phishing. Read more at ZDNet.
- Remember when the most important security threat facing the US was TikTok? Turns out the government department responsible for reviewing the deal hasn’t responded to the interested parties, so the courts keep extended the deadline again via engadget.
- Speaking of security, privacy and apps, Vice has a story about the US military purchasing location data from a wide variety of apps including a “Muslim prayer and Quran app that has more than 98 million downloads worldwide”. The story also provides an overview of the the companies selling the data and how their business model works. The app makers for the prayer app later offered an apology and vowed to not sell the data any longer via Vice.
Owl fun and facts:
In these socially distant times, a new celebrity is taking the stage in NYC. This barred though has taken up residence in Central Park instead of on Broadway. The NYTimes has a profile of Barry the barred owl and his daytime antics delighting those who can catch a glimpse. “Practically vogueing, he stares, preens and swoops into the shallow stream to wash and flick his feathers. Barry will turn his head 270 degrees right and left and up above to check for his archenemy, the hawk.” Barred owls are primarily known for nesting in tree hollows and typically lay 2 – 3 eggs.
A Shout Out:
The Open Source Security Foundation has just launched a brand new tool on Github called Security Scorecards for Open Source Projects. “The goal of Scorecards is to auto-generate a “security score” for open source projects to help users as they decide the trust, risk, and security posture for their use case.”
Download it from GitHub today.
That’s owl for now!