News: Cyral Named a 2021 “Best Place to Work in the Bay Area”·Learn more!
Blog

The Security Digest: #47

CyralWeeklySecurityDigest_HeroImage

Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.

Check back here every Tuesday for more TSD or sign up below to stay in the loop!

Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!

  • Breaking news on Monday coming out of the Tampa Bay area where local officials say “Someone remotely accessed a computer for the city’s water treatment system and briefly increased the amount of sodium hydroxide, also known as lye, by a factor of more than 100” via Tampa Bay Times. Reuters meanwhile is reporting the remote access software was TeamViewer. Lesley Carhart puts this attack into some perspective with a tale from 2000. And if you’re interested to see what barely secured water system control systems look like ICS security researcher Marcin Dudek has you covered. Kevin Collier goes beyond the tweets and publishes a real news article for NBC about our woefully under resourced water utilities.
  • Did you restart Chrome yet? If not do it ASAP as they patched zero days more at Threatpost
  • Twitter, Facebook / Instagram and TikTok all took steps to crack down on those that traffic in highly coveted hacked accounts according to KrebsOnSecurity. These users are members of the same forum that was responsible for the major Twitter hack from late last year.
  • Another ransomware operator shutdown and posted all the decryption keys after seeing the recent takedowns of Emotet and Netwalker according to Bleeping Computer.
  • KrebsOnSecurity is reporting on a major takedown of “one of the world’s largest phishing services” by authorities in Ukraine with support from the FBI and authorities in Australia.
  • It’s Patch Tuesday, Microsoft has 56 fixes including a zero day via ZDNet.
  • Finally, Canada’s top privacy watchdog ruled that Clearview AI has violated Canadian privacy law. “What Clearview does is mass surveillance and it is illegal”. Read more at TechCrunch.

Owl fun and facts:

Above is a barn owl baby caught on camera reacting to hearing thunder for the first time. British painter Robert Fuller uploaded this delightful video and has a full blog about barn owls and his nest cameras.

Today is a double feature as we’re also highlighting a Barn Owl release video from Lindsay Wildlife in Walnut Creek, California.

Finally, did you celebrate SuperbOwl Sunday? What’s your favorite Superb Owl?

A Shout Out:

Prowler is a command line tool for AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark (49 checks) and has more than 100 additional checks including related to GDPR, HIPAA, PCI-DSS, ISO-27001, FFIEC, SOC2 and others.”

With the release of AWS CloudShell, you can now runner prowler in seconds. No configuration, just download and execute. Check it out at Toni’s blog blyx.com.

Stay Connected