Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
- Solarwinds was only the tip of the iceberg as CISA chief Brandon Wales told The Wall Street Journal that the attackers “gained access to their targets in a variety of ways”. Meanwhile 4 more companies, Mimecast, Palo Alto Networks, Qualys, and Fidelis, announced they were targeted as part of the attack according to ZDNet.
- Meanwhile the US Courts are making changes that require sensitive material be printed out and hand delivered as opposed to filed electronically in the wake of their breach. The full damage to the legal system is still yet unknown while Senators are pressing for more information via AP News.
- GRIMM researchers have uncovered flaws in an open source library used by DoD and intelligence community in satellite imagery transport. Read more at SC Magazine.
- Emotet infrastructure “has been taken down following a global law enforcement operation that was two years in planning” via ZDNet. Emotet typically gained a foothold via malware infected word documents via phishing. From their, the operators would lease access for distribution of other malware such as Ryuk ransomware or the Trickbot banking trojan. Additionally, authorities plan a mass uninstall on April 25th via ZDNet.
- If you haven’t, update your iPhone and iPad ASAP as Katie Moussouris, CEO and founder of cybersecurity firm Luta Security was quoted in CBS news “Your regular web browsing may cause you to be held compromised, without having to do really much of anything else.”
- President Biden’s pick for CISO for his election campaign has become the Federal CISO according to CyberScoop.
Owl fun and facts:
Not seen since 1890, a Snowy Owl graced Central Park and caused quite a stir this past week. Read more at The NY Times.
A Shout Out:
Jason Dyke from ScaleSec just released a brand new tool for GCP. “If you use #GCP and have the Recommender service enabled, I wrote a quick script to check your entire GCP org for service accounts that have not been authenticated in the past 90 days. It will output the SA email and the project number. Enjoy!”
Download it on Github