Hello and welcome to TSD, your weekly blog post with top of mind security issues. TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
- Experian had an open API that exposed credit scores for most Americans according to KrebsOnSecurity.
- Apple announced 2 more 0-days that were actively being exploited via ArsTechnica. Ryan Naraine now counts 27 0-days with Apple responsible for 22%.
- The Pulse Secure VPN hack has claimed the US government as a victim according to Reuters. Bleeping Computer has more including noting that there is a fix for the 0-day and they’ve released a tool to check if your VPN has been modified.
- KrebsOnSecurity reports on “a 81-page report delivered to the Biden administration this week, top executives from Amazon, Cisco, FireEye, McAfee, Microsoft and dozens of other firms joined the U.S. Department of Justice (DOJ), Europol and the U.K. National Crime Agency in calling for an international coalition to combat ransomware criminals, and for a global network of ransomware investigation hubs.”
Owl fun and facts:
Exciting news out of Borneo as the “Bornean subspecies of Rajah scops owl (Otus brookii brookii), documented in the wild for the first time since 1892, may be its own unique species and deserving of a conservation designation.” Read more about this 125 year discovery in the making at The Smithsonian National Zoo.
A Shout Out:
ProjectDiscovery has released a GitHub action for security as code automatic vulnerability discovery. GitHub offers 2000 minutes of actions free per month, so you can start today for free. Read more at ProjectDiscovery.io.
That’s owl for now!