Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
- Christopher Krebs, former director of CISA, was interviewed for 60 Minutes to restate the opinion, that got him fired, that the 2020 election was the “most secure in American history”. The Washington Post is hosting an interview with Krebs on Wednesday if you’re hoping to hear more from him. Hopefully at some point in the future we can have a thoughtful conversation about voting technology and security.
- Microsoft had a bug in XBox Live that allowed at least one attacker to determine the private email address behind any gamer tag. The hacker reached out to Motherboard and confirmed the existence. Microsoft initially wrote off the bug when it was reported but actually quickly fixed it after they reached out.
- Microsoft Threat Intelligence posted a highly detailed blog about a nation-state actor and a full breakdown of their TTPs including direct reference to MITRE ATT&CK techniques.
- The Supreme Court will soon be ruling on the Computer Fraud and Abuse Act (CFAA) potentially putting limits on the Reagan era computer hacking law. In many cases the vague language of the law has often been interpreted rather narrowly but there are cases such as Aaron Swartz and the current case where it has not. Read more at Ars Technica.
- According to Checkpoint, phishing appearing to come from Amazon, FedEx and DHL has increased dramatically in November. Phishing tends to follow trends to make it more appealing, so please keep an eye out for these scams!
- Ransomware continues to be front and center with even more victims this week. One of the largest fertility networks in the US, US Fertility, confirmed a data stealing ransomware attack, potentially picking up protected health files according to TechCrunch. Manchester United, the famous football club, was also seemingly hit by a ransomware attack but they’re not releasing much information about it according to the BBC. Finally, Baltimore County public schools are set to resume classes tomorrow after being closed possibly due to a Ryuk attack according to the Baltimore Sun.
- Finally, Cyberscoop talked to former US officials about Biden’s pick for DHS, Alejandro Mayorkas, that say he took cybersecurity issues seriously when he was deputy of the department. Tim Starks also provides context from his interview with Mayorkas about what he thought was still left to do after the Obama administration.
Owl fun and facts:
These two owls are one and the same at just 4 months apart! This is Augusta, a female snowy owl born in July with her brother Lumi at Woodland Park Zoo in Seattle. In comparison to her brother, Augusta and most female snowy owls tend to have more dark markings while the males tend to be whiter. In general, snowy owls tend to stay very far north in the Arctic, every few years an “irruption” event tends to happen where many more will come much farther south. The last time Seattle saw such an event was 2013 – 2014. Meanwhile, a single snowy has been seen in the Seattle area this year so far according to the Seattle Times, so not quite an irruption yet this year.
A Shout Out:
The Raspbernetes project has a Github repo full of Kubernetes security policies. “This repository provides a security policies library that is used for securing Kubernetes clusters configurations. The security policies are created based on CIS Kubernetes benchmark and rules defined in Kubesec.io.” The policies are all written in Rego, tested using OPA and can be deployed using Conftest or Gatekeeper. Love to see repos like this supporting policy as code!
Check them out on GitHub today.
That’s owl for now!