New Webinar: Leaky S3 Buckets- How to Simplify Access and Stop the Spill·Watch now
Blog

The Security Digest: #51

Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.

Check back here every Tuesday for more TSD or sign up below to stay in the loop!

Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!

  • The Exchange hack we mentioned in TSD-50 has now turned into a major worldwide event with KrebsOnSecurity breaking the news that hundreds of thousands of organizations affected worldwide. KrebsOnSecurity has put together a full known timeline going back to early January.
  • Are you overwhelmed by these zero days? You’re not alone, Ryan Naraine of SecurityConversations counts 14 in the wild and we haven’t made it out of Q1.
  • Speaking of, update your iPhone ASAP to 14.4.1 to fix some major vulnerabilities. 9to5Mac has more.
  • Also, today is Patch Tuesday. ZDNet runs down an overview of the 89 flaws fixed.
  • The Malaysian Air breach we mentioned in TSD-50, seems to have been part of a much larger breach of SITA. “SITA is one of the largest aviation IT companies in the world, said to be serving around 90% of the world’s airlines, which rely on the company’s passenger service system Horizon to manage reservations, ticketing and aircraft departures.” TechCrunch has more.
  • A forum post found by BleepingComputer is now offering to call the media and business partners of ransomware victims if they don’t pay up.
  • Procurement records show that an Air National Guard outpost in Iowa purchased the app location data Locate X for “missions requirements overseas.” Motherboard has the full story.
  • BREAKING: A group gained access to thousands of surveillance cameras from Verkada including Tesla, hospitals, jails and more. Bloomberg has the scoop
  • Finally, hopefully you won’t need this, but if you do this is an important article on How to Shut Stalkers Out of Your Tech.

Owl fun and facts:

This past weekend was the International Festival of Owls in Houston, Minnesota.

“The International Festival of Owls originally started as a “hatch-day” party for Alice the Great Horned Owl in 2003.  Alice is a permanently injured, human-imprinted owl who started her working career at the Houston Nature Center.  Since she was the only live animal at the center she quickly became the center of attention. She began working at the International Owl Center in 2015 and is now semi-retired.”

This year the World Owl Hall of Fame recognized the founder of the International Festival of Owls and the International Owl Center as well as her groundbreaking research into Great Horned Owl vocalization, Karla Bloem. Congratulations Karla!

A Shout Out:

An open source, security as code, SecOps automation tool with an owl for a logo? I think that checks all of our boxes hear for shout outs. Patrowl is just that and they just recently announced their latest project PatrowlHears.

“PatrowlHears provides a unified source of vulnerability, exploit and threat Intelligence feeds. Users accesses a comprehensive and continuously updated vulnerability database scored and enriched with exploit and threat news information.”

Checkout their GitHub repo and take a look at owl of Patrowl.

That’s owl for now!

CyralWeeklySecurityDigest_HeroImage
Subscribe to our Blog

Get stories about data security delivered directly to your inbox

Try Cyral

Get Started in Minutes with our Free Trial