Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
- The latest from the US investigation into the SolarWinds breach says 9 government agencies and 100 companies were breached. Read more at ZDNet.
- The US Justice Department unsealed indictments for alleged members of a DPRK-sponsored cybercrime group aka the Lazarus Group aka APT 38. This group is allegedly responsible for the 2014 Sony Pictures hack, WannaCry and the theft of over $200 million. KrebsOnSecurity has more.
- Fallout continues from what appears to be a sprawling hack of the firm Accellion and their now end of life file transfer product FTA. The latest victim is the Kroger chain of grocery stores. Prominent law firm Jones Day meanwhile was hit multiple times and ransomware operators have now published several gigabytes of their data. Washington State’s auditors office was one of the earliest publicly disclosed breaches at the beginning of February after having warned other State agencies according to the Seattle Times. Other victims include the University of Colorado, Australia’s financial regulator and the Reserve Bank of New Zealand.
- A researcher found an issue with the Brave browser whereby it was accidentally leaking .onion addresses in DNS traffic. The stable build has the fix now. Read more at ZDNet
- Yikes, do you have an Android phone? Does it have the ShareIt app? TrendMicro published a report that found several security flaws that may make you want to uninstall it right now. Read more at ArsTechnica
- Security researchers have found a new malware strain for Macs called Silver Sparrow. Based on a collaborative report from Red Canary, Malwarebytes and Carbon Black, the researchers have found it has infected nearly 30,000 endpoints across 153 countries and even infecting newer Macs with M1 chips. The malware hasn’t delivered an actual payload yet so no one is sure what it was designed for. Apple has already revoked the developer certificates to prevent further spread. Read more at ArsTechnica.
Owl fun and facts:
Following up on TSD-44, and the ongoing saga of Northern Spotted Owl protections on the West Coast, Western Democrats requested and received a second review from the current Biden administration on the last minute rule change. The ruling from the Interior Department on January 15th, shocked nearly everyone which lifted critical habitat protection from 3.4 million acres over the original proposed 200,000. The rule was set to go into effect on March 15th but has been delayed pending the review. Read more at OPB.
A Shout Out:
Cloudlist is a multi-cloud tool for getting Assets (Hostnames, IP Addresses) from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts.
Download cloudlist on GitHub today. ProjectDiscovery just announced a seed round and are going full time working on their open source security automation platform. Security as code and automation? We’re sold! Congrats!