Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
- SentinelOne uncovered a bug in Windows Defender that has been lurking there for 12 years! Updates should happen automatically. Read more about it at BleepingComputer.
- Oh man, this was a super interesting article from Alex Birsan about dependencies and bug bounties for major companies. Turns out, within 48 hours, 275+ copycat packages were uploaded according to BleepingComputer.
- China is also suspected to have broken into the National Finance Center using a flaw in SolarWinds according to Reuters.
- Google issued a warning to any developers using an SDK that would sell location data without user consent after an expose by Motherboard. The expose by Motherboard found that Muslim prayer app was using an SDK that was selling location data and was linked to ICE among others.
- Minneapolis joined a growing list of cities banning facial recognition software. Minneapolis is one of many cities known to have a relationship with ClearviewAI. Read more at TechCrunch.
Owl fun and facts:
If you ever find yourself in New Orleans, you may see one at City Park. Owls that can be found in Louisiana are the Common Barn Owl, the Eastern Screech-Owl, the Great Horned Owl and the Barred Owl.
Joyeux Mardi Gras! Laissez les bons temps rouler!
A Shout Out:
Today’s shoutout is a policy as code feature “that ONLY allows AWS services that are compliant with your preferred compliance frameworks.” Gone are the days of spreadsheets and instead let this policy as code generator from Kinnaird McQuade and Jason Dyke. Read more from Kinnaird here. Get started with it on Github here.
Jason has been on a roll lately as we just featured his GCP Unused Service Account Lister in TSD-46.