Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- So, what if you were able to compromise a legitimate IT management app that gave you full access to everything for potentially 18K customers across a wide swath of government and Fortune 500 since March? Where would you begin? Well, you could start with taking 300 proprietary hacking tools from FireEye. Who would be able to do this? One security firm, Volexity, thinks that it’s the same group that was able to compromise a think tank 3 separate times even though they had Duo for multi factor authentication. FireEye is tracking the actors as UNC2452 and using malware they call SUNBURST. For others, the general expectation that it’s the Lazy Bear group from Russia. Microsoft also has a detailed post about the attack and steps to take to start to recover from it. Reuters reported the tip of the iceberg on Sunday morning, noting that US Treasury and Commerce departments were being monitored. A Krebsless CISA and DHS are also suspected to be affected as well according to Politico. CISA has issued an emergency directive covering the breach with steps to take if you are affected. #HugOps to all those that are and will be dealing with this for the foreseeable future.
- Did you get a password reset email from Spotify? Turns out they had a bug since April 9 and didn’t notice until November. TechCrunch digs into the data breach notification filed in California to find that passwords and other information may have been exposed to business partners. I would have hoped that wasn’t possible, but hey, make sure you use a password manager so every password can be unique.
- Cyberscoop digs into a report that a group known as MoleRATs used services like “Facebook and Dropbox to obscure their malicious activity and exfiltrate data, according to Cybereason.”
- Microsoft reported on a widespread malware campaign “distributing an evolved browser modifier malware at scale since at least May 2020. At its peak in August, the threat was observed on over 30,000 devices every day”. The affected devices were primarily clustered in Europe and India but existed worldwide.
Owl fun and facts:
The US Fish and Wildlife will not upgrade the status of the Northern Spotted Owl to endangered despite the species decline. “The agency said the species’ continued decline warrants a reclassification from “threatened” to “endangered’’ but it elected against taking that step because it considers other listed species to be higher priorities.” via OPB
A Shout Out:
The OWASP Web Security Testing Guide announced the release of version 4.2, the first version to be released and collaboratively worked in in GitHub. “Since then, over 61 new contributors pushing over 600 commits have helped to make the WSTG better than ever. Version 4.2 of the Web Security Testing Guide introduces new testing scenarios, updates existing chapters, and offers an improved reading experience with a clearer writing style and chapter layout. Readers will enjoy easier navigation and consistent testing instructions.”
Read the OWASP Web Security Testing Guide now!