Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
- As we find more about the SolarWinds based breach, KrebsOnSecurity ponders the role of a VMWare flaw that may have been used in conjunction. Microsoft meanwhile says no production services or data was compromised but they did have Orion installed. Microsoft also worked with FireEye to turn one of the callback domains into a killswitch according to KrebsOnSecurity. Microsoft also posted a detailed analysis of Solorigate. Meanwhile ZDNet is reporting a second group targeted SolarWinds as well. The president elect continues to push on the attack, vowing to make it a priority when coming into office. Meanwhile, the current administration does not have a unified message on who was responsible via CNET. Sanctions and “substantial costs” have both been talked about according to CNN. Day 1 for Joe Biden is 29 days away, so we’ll likely have to wait until then to see what the executive level of the US government imposes.
- ZDNet is reporting on a new disclosure from an academic group, they found that “At least 36 Al Jazeera journalists, producers, anchors, and executives, along with a journalist at London-based Al Araby TV, had their iPhones hacked using a no-user-interaction zero-day vulnerability in the iOS iMessage app”. The Citizen Lab claims it was developed and sold by The NSO Group.
- Foreign Policy has an interesting 3 part series on China uncovering American spy networks and exposing CIA operatives in Africa and Europe.
- Finally, Motherboard details brand new charges from the Department of Justice for an executive with Zoom for all sorts of dealings working directly with the Chinese Communist Party to disrupt dissidents use of Zoom. Zoom also put out their own account of the situation. This is all way too much to handle right now.
Owl fun and facts:
A Shout Out:
Kelly Shortridge looked at security practices related to FireEye and their discovery of the SolarWinds hack here. In short, enable 2FA to make things harder. “Attackers will choose the easiest, low-cost path when possible.” Kelly and co author Verica CEO, Aaron Rinehart, expand on these points and more in their brand new book out with O’Reilly Security Chaos Engineering. The book is free as it is sponsored by Verica. Get your copy here and learn about adding resilience to your infrastructure with a focus on security.