Hello and welcome to the 52nd TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter 1 year ago that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure. Take a look back at TSD-01 to see where it all began!
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- The Exchange ProxyLogin situation has gone from very bad to worse over the past week. Proof of Concept exploit code was published to Microsoft owned Github and then taken down by GitHub via Vice. Meanwhile, DearCry is a brand new ransomware that takes advantage of the flaw to deploy itself to vulnerable servers via Bleeping Computer. The rabbit hole goes deep as a half dozen groups are exploiting the same zero-day which is odd to say the least… via ArsTechnica. With these 6 different groups all with the same zero-day, they have actually been fighting for control of the now 100,000+ infected servers. And if you know of anyone that still needs help with mitigation, Microsoft just released 1 click tool via BleepingComputer.
- One way to take down infrastructure used by various hacking groups? An actual data center fire like that of OVH in France. According to Vice, multiple groups including those linked to Vietnam and Iran were affected.
- Linux can be affected by malware too and is currently being targeted by a group linked to China according to BleepingComputer.
- Another day this year, another Chrome zero day patched. Click update ASAP before it turns red and angry. Read more at ThreatPost.
- One of the people responsible for the massive Verkada camera breach we mentioned in TSD-51, was raided by the police and later spoke with Vice.
- Vice has another scary story about people being able to steal your phone number without SIM swapping. The whole thing seems a bit hokey…
Owl fun and facts:
Above is a Barn Owl in the rafters of an actual barn. TheHorse.com advocates that horse owners build nest boxes to help encourage Barn Owls to nest in your horse barn as “A barn owl family will consume nearly 2,000 mice or other rodents in just a couple of months.” This makes me happy to see this awesome solution for horse owners solve their mice problem with Owls!
A Shout Out:
Netflix has just released 2 companion policy / security as code tools for managing multi account access to AWS: ConsoleMe (pronounced: kuhn-soul-mee), and its CLI utility, Weep (pun intended)!
“ConsoleMe allows users to access the AWS console through the use of temporary IAM role credentials. After the user authenticates, ConsoleMe determines which roles they’re authorized to access based on their identity and group memberships.”
That’s owl for now!