Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- Linux Mint fixed a vulnerability found by 2 kids that allowed them to crash the screensaver and access the desktop via ZDNet.
- A website launched last week supposedly selling hacked data from Microsoft, Cisco, FireEye and Solar Winds that may have been related to the Solar Winds breach. Read more at BleepingComputer.
- BugTraq, one of the first email lists focused on vulnerability disclosure, announced they were shutting down, but reversed course in a matter of days. Read more about it at ZDNet.
- CISA has officially endorsed ad blockers for all government agencies to protect against malvertising, which follows similar guidelines from the NSA in 2018 as well via cyberscoop. Read the full guide from CISA here.
- The FBI is investigating a claim that a woman “stole a laptop or hard drive from Speaker Nancy Pelosi’s office and intended to sell it to Russians” via Politico.
- President elect Biden continues to fill out his appointments seemingly to signal a focus on cybersecurity for the incoming administration. After the cybersecurity role was eliminated in 2018, Anne Neuberger, the current director of cybersecurity for the NSA will be joining the National Security Council (NSC) in a newly created role according to Politico. Meanwhile, Rob Joyce will be replacing Neuberger at the NSA according to cyberscoop.
Owl fun and facts:
Back in TSD-28, we mentioned a proposed rules change to reduce the critical habitat for the Northern Spotted Owl in the northwest by 200,000 acres. Instead in a last minute change, “the feds shocked just about everyone by removing from protected status not just the 200,000 acres in Oregon, but 3.4 million acres across three states — more than a third of the land set aside for the owl.” The Seattle Times has more.
A Shout Out:
Darkbit is back with another awesome open source tool release called OpenCSPM. OpenCSPM…”aims to make continuous cloud security posture assessments of cloud environments a practical reality for security and compliance teams alike. It offers a unique approach to manage the firehose of security and compliance check results that can even modest AWS and GCP environments can surface, and its control definitions allow for simple yet powerful levels of introspection of its graph data model.”
Read more about OpenCSPM here and download it on GitHub to get started!