The Security Digest: #43
Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
- TeamCity was maybe involved in the SolarWinds hack, ZDNet looks into conflicting reports. US officials issued a statement the hack was “likely” from Russia via APNews. KrebsOnSecurity is reporting on countless sealed documents that may have been accessed in the breach.
- Oops, Nissan left a Bitbucket server out in the wild with admin/admin credentials via ZDNet.
- Trump issued a new order last week to ban 8 different Chinese apps including Alipay via Reuters. Anyone seen Jack Ma to let him know? NPR digs into why he’s been missing.
- #HugOps to Capitol IT and security staff trying to figure out what happened after the events of last week, Wired has more. Parler meanwhile had pretty much every service yanked from it since the Wednesday insurrection and a few enterprising individuals noticed that Twilio was the first to go which eventually led to admin accounts on Parler and downloading all of their data including driver licenses according to this 2600 FB Group EDIT: Seems like instead they just auto incremented posts via Wired. And finally, Clearview, the facial recognition app, also let everyone know that their usage has spiked since the insurrection via The Verge.
Owl fun and facts:
Above is a Northern Hawk Owl spotted near Watson Lake on the Kenai Peninusla of Alaska.
“Northern Hawk Owls (Surnia ulula) live around the world in boreal forests of the far north. There are three subspecies — two in Asia and one in North America.
Being nonmigratory, Northern Hawk Owls will remain within localized areas until prey becomes scarce, driving them to leave in search of locations with more productive hunting.”
Read more about this Northern Hawk Owl at the Peninsula Clarion.
A Shout Out:
A brand new mostly free course focused on “Machine Learning for Security” debuted at the end of last week. “This course teaches machine learning concepts and techniques through practical tutorials and plain-English explanation, culminating in projects focused on cyber security. Projects such as: email malware collection, facial recognition for OSINT and threat prediction and others.” Check out security.kiwi to get started and access more content by becoming a patron!
The Security Digest: #44
Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, …
A case against automatic query rewriting for Data Cloud Security
Companies that are investing in Data Cloud, are often very concerned about preventing malicious access to their databases. Some common concerns we hear are: “I’m …