Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via firstname.lastname@example.org or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- The SolarWind hackers did get access to Microsoft source code but only had view access to the code. Microsoft downplayed the significance of this and has said their investigation is still ongoing via ZDNet.
- Do you have a Zyxel firewall or VPN gateway? If so, update ASAP as it had a default backdoor user that is now being actively scanned across the Internet. This is the second time Zyxel was found to have secret accounts in 2016. Read more and find out what products are affected at ZDNet.
- TMobile announced their 4th data breach since 2018. The breach exposed some call records but did not expose financial data. Read their full statement here and more about it at Bleeping Computer.
- Ticketmaster will pay a $10 million fine after an employee used their credentials from a rival while working for Ticketmaster.
Owl fun and facts:
It’s #NationalBirdDay and The Met Museum posted this awesome specimen on their Instagram. This shield is from Germany ca 1500!
A Shout Out:
In a post a few weeks back we talked about the latest BSIMM report and Security as part of quality. We wanted to also highlight the OWASP SAMM project and if you enjoyed our post, take a look at the post Brian Glas wrote for the OWASP SAMM project comparing the 2.