Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via firstname.lastname@example.org or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- President Biden continues to fill out his cybersecurity team including Jen Easterly for National Cyber Director, and Rob Silvers as the head of CISA via Reuters.
- Malwarebytes announced they were targeted by the same threat actors that hit Solarwinds but “the attacker only gained access to a limited subset of internal company emails” via the Malwarebytes blog. Me reading this while looking at the Malwarebytes icon on my computer.
- Sonicwall announced they had been breached by a zero day in their own product and their investigation is ongoing. Read more here.
- Do you have an account with Teespring? Someone just leaked details from their site from a breach disclosed in December via ZDNet.
- An ongoing campaign against security researchers has been identified by the Threat Analysis Group from Google. The actors in question spawned research blogs, Twitter accounts and LinkedIn profiles to signal boost their purported exploits. They then reached out to researchers to “collaborate” inducing them to install malware via a shared project file or via their blog. Read more for the links to the blog, Twitter and LinkedIn Profiles.
- In a disclosure to a congressional investigation, an arm of the military intelligence community admitted to buying location data from smartphone apps and using it to search for movements by Americans. The NYTimes has more.
- Finally Rachel Tobac and friends wrote and sang a sea shanty of password reuse and then dropped an electro-shanty remix!
Owl fun and facts:
Above is a Ural Owl (Strix uralensis) photographed in southern Finland by Janne Loisa. The Ural Owl contains multiple subspecies and ranges from Norway all the way to Japan and parts of central Europe. As you may be able to tell, the Ural Owl is unique in that it has an exceptionally long tail. The Ural Owl is currently designated of Least Concern via Wikipedia.
A Shout Out:
Mark Manning and Clint Gibler of tl;dr sec have what promises to be the first in a series of new guest posts / security guides to be published on tl;dr sec.
“The guide ramps you up on Kubernetes terms and how the pieces fit together if you’re new, then dives into how to get the lay of the land of your Kubernetes environment and how to take a measured approach to meaningfully reduce your security risk.
It’s approachable, actionable, and downright funny. Here’s a taste:”
Read the guide here and congrats to Clint and tl;dr sec on passing 5,000 subscribers! Like or retweet his announcement and he’ll be donating to Feed America.