Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter 1 year ago that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- Did you update your iOS devices to 14.4.1 to fix the active exploits we mentioned in TSD-51? You’re in luck because now you can update your iOS devices to 14.4.2 to fix the current zero day exploits currently being targeted. This is the 7th zero-day patched within the last 5 months. Read more at BleepingComputer.
- In TSD-53, we mentioned a report from Google about tracking a group that burned 11 zero days in 9 months, it turns out that group was actually “Western government operatives actively conducting a counterterrorism operation” according to MIT Technology Review.
- Supply chain attacks are just so in right now with the latest being threat actors that pushed malicious code to PHP. The commits were quickly reverted and PHP has migrated their code to GitHub from their own infrastructure. Read more at BleepingComputer.
- Facebook announced they disrupted an ongoing operation targeting Uyghurs on their platform. The social engineering campaign targeted less than 500 users to infect Android and iOS devices with malware. Read more at NPR.
- A whistleblower contacted KrebsOnSecurity to sound the alarm that the Ubqiuiti breach was much worse than thought.
- Finally, the “FBI paid a non-profit organization focused on unmasking child predators $250,000 for access to a series of hacking tools, according to public procurement records viewed by Motherboard.”
Owl fun and facts:
“Ornithologists from the United States, Brazil and Finland have described two new species of the owl genus Megascops from the Amazon and Atlantic forests.
Megascops is the most species-rich owl genus in the Americas, with 21 species currently recognized.
The genus comprises small- to medium-sized owls — commonly known as screech owls for their piercing calls — inhabiting a wide variety of habitats.”
Read more about it at Sci-News
A Shout Out:
“Kubestriker performs numerous in depth checks on kubernetes infra to identify the security misconfigurations and challenges that devops engineers/developers are likely to encounter when using Kubernetes, especially in production and at scale.
kubestriker is Platform agnostic and works equally well across more than one platform such as self hosted kubernetes, Amazon EKS, Azure AKS, Google GKE etc.”
Check out Kubestriker on GitHub.
That’s owl for now!