Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
- It’s been a big week for 500 million user data breaches as LinkedIn joined the party. 500+ million user data dump was put up for sale but LinkedIn says it was all public information via SC Magazine.
- Clubhouse also claimed feature not bug after 1.3 million of their users details were offered up for grabs via ThreatPost
- Facebook meanwhile has another phone number database circulating separately according to Motherboard. Currently the database can be accessed via a Telegram bot that will give out information of users that liked a specific page. Wired meanwhile delves into the Facebook data leak to find the source not being any of the previous massive data leaks, but instead a flaw in the contact importer functionality.
- The annual Pwn2Own contest resulted in a 3 way tie and zero day announcements in Zoom, Exchange, and Teams for the winners. Alisa Esage made history as the first woman with a win, but was only awarded partial points due to the contest rules. Read more at The Hacker News.
- Are you using Cisco small business routers? A remote code execution (RCE) was announced but will not be fixed as customers are encouraged to upgrade their devices. Meanwhile, they also announced another RCE in SD-WAN software that they are releasing patches for. Read more at The Hacker News.
- Finally, Buzzfeed News delves deep into Clearview AI usage as they offered free trials with over 7,000 users and close to 2,000 public agencies. When contacted by Buzzfeed “leaders at these agencies were unaware that employees were using the tool”.
Owl fun and facts:
If you’re in the San Antonio area, keep an eye out for this bar owl at pet friendly Hops & Hounds. The barred owl family has recently moved in across the street with one occasionally being aggressive to protect the expected nest. This barred owl cannot be barred from the bar as it is a protected species, so enjoy the patio and the views and keep your pets do not imitate the owl as this is what it may be upsetting the owl. Read more at MySA.
A Shout Out:
Bridgecrew Checkov 2.0 has just been released and is the first infrastructure as code (IaC) security as code scanner to have dependency awareness. Checkov also supports scanning Dockerfiles and has nearly 250 new policy as code policies out of the box.
Read the announcement and download Checkov 2.0.0 today.
That’s owl for now!