Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
- Hopefully, you’ve already patched VMWare vCenter for CVE-2021-21972, rated 9.8 out of 10, as scanners are already out in full force after at least 6 different proof of concept exploits appeared according to ArsTechnica.
- Microsoft announced that Hafnium, a Chinese based threat actor, had used multiple previously unknown exploits against Exchange Server and have released patches that you should apply ASAP.
- BleepingComputer is reporting that Malaysia Airlines has begun notifying members of their frequent flyer program after they uncovered a 9 year long data breach.
- Wired details how far-right platform Gab was hacked reportedly via SQL injection, and DDoSecrets will be making their private data available to journalists and researchers. Andy Greenberg wrote the article and contacted Gab about the hack and the CEO responded with slurs…
- Wired has summarized the latest report from Dragos about Russian intrusions into the US power grid including the fact that “Kamacite has repeatedly targeted US electric utilities, oil and gas, and other industrial firms since as early as 2017.”
- KrebsOnSecurity details “A company that rents out access to more than 10 million Web browsers so that clients can hide their true Internet addresses has built its network by paying browser extension makers to quietly include its code in their creations”.
- KrebsOnSecurity just posted a story about payroll / HR company PrismHR seems to have suffered a ransomware attack that could prevent hundreds, if not thousands of companies from being able to process payroll this week.
- According to The Washington Post, ICE has reportedly used a database from Thomson Reuters that houses hundreds of millions of utility records to pursue immigration violations. The DOJ, Homeland Security and DoD all have purchases associated with this database as well.
Owl fun and facts:
Researchers have just published an article after tracking Powerful owls in Australia and have found that they are increasingly found in urban areas. “Powerful owls are Australia’s largest, measuring 65 centimeters from head to tail and weighing a hefty 1.6 kilograms. They’re found in Australia’s eastern states, except for Tasmania.” The owls had been previously thought to only live in old growth forests, but those forests are diminishing and the owls are finding new homes. Read the summary of the research at Phys.org.
A Shout Out:
Marco Lancini, the author behind CloudSecList, released his latest entry into this “Continuous Visibility into Ephemeral Cloud Environments” blog series. Security Logging in Cloud Environments – AWS is a reference architecture for using only AWS services to be able to enable security logging for a multi-account AWS environment. This is a great overview as well hitting on key points even if you are already using AWS cloud logging like enabling S3 Object Lock in Compliance Mode for logs stored in S3.