Ransomware continues to dominate the news with new capabilities and more chaos. We’re also tracking continued announcements from previously announced breaches, DBIR, news on Solar Winds, updates and more. In owl news, a dinosaur that has similar sight and hearing. Finally, a security as code tool to map IAM access for users and now for Lambda as well.
- New week, new ransomware capabilities as the latest version of MountLocker “may be the first “corporate ransomware for professionals” to use these APIs to perform built-in reconnaissance and spreading to other devices”. MountLocker is also Ransomware-as-a-Service with affiliates responsible for finding initial victims and the developers hosting the infrastructure. Read more at BleepingComputer.
- Air India is the latest to announce they were affected by the SITA breach mentioned in TSD-51. Malaysia was the first to announce that 9 years of data was exposed, for Air India, it was 10 years of data affecting 4.5 million people. Read more at Reuters.
- Mercari is the latest to announce their fallout from the Codecov supply chain hack with customer and employee records being breached according to BleepingComputer.
- The CEO of Solar Winds spoke at RSA and said they saw activity dating back to January 2019, far earlier than previously announced and he also apologized for blaming the intern. CyberScoop has more.
- Updates abound following recent updates for Chrome, and Microsoft, Apple just released fixes for Macs and TVs that “may have actively been exploited” including the potential for covert screen recordings. Read more at BleepingComputer. Android also noted their fixes for security vulnerabilities “may be under limited, targeted exploitation”. Patch, patch, patch.
- Andy Greenberg writes for Wired ($) the back story of the great RSA hack in 2011 now that NDAs have expired from key employees.
- Daniel Miessler posted on his anlaysis of the Verizon’s annual Data Breach Investigation Report (DBIR)
- Following up on Vizio, Wired ($) has a story about the fight between Roku and Youtube and their licensing deal and how it all relates back to connected TVs.
Owl fun and facts:
A recent study on Shuvuuia deserti has revealed that “its inner ear bones shows that it may have been a nocturnal hunter, like modern owls.” Specifically, “they found that the only bird with a lagena even approaching the same size as S. deserti‘s was the barn owl (Tyto alba), a nocturnal hunter with extraordinary hearing and night vision.”
A Shout Out:
iamlive is a tool that let’s you “generate an IAM policy from AWS calls using client-side monitoring (CSM) or embedded proxy”. By utilizing this security as code / policy as code tool, you can generate exact IAM policy to practice least privilege. He also has also just released an iamlive Lambda extension that can do the same thing for your Lambda execution environment!
About:
TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
That’s owl for now!
