Upcoming Event: PagerDuty Summit 2021·Register for Free Today!
Blog

The Security Digest: #63

CyralWeeklySecurityDigest_HeroImage

Chaos unfolded for a meat producer over the weekend, likely from what else but ransomware. Suspected Solar Winds hackers are back, VPN breaches from state sponsored hackers, a wiper is masquerading as ransomware and a silicon based security issue with M1 chips. In owl news, we check in on the western screech owl in Canada and finally shoutout a rewrite of policy as code tool CloudFormation Guard.

  • JBS, one of the largest meat producers in the world was the “target of an organized cybersecurity attack, affecting some of the servers supporting its North American and Australian IT systems” according to their own press release. The investigation is ongoing, but it is widely speculated to be a ransomware issue from threat actors in Russia. Read more at Bleeping Computer.
  • Microsoft announced it uncovered a new attack it says is linked to the same group that was responsible for the Solar Winds hack, this time breaking into a USAID Constant Contact account for a spearphishing campaign.
  • New details have emerged about a Chinese espionage operation against US and European targets in transportation and telecom firms after breaching Pulse Secure VPN according to FireEye. CyberScoop has more.
  • In more state sponsored / VPN news, the FBI released a report saying a municipal government was hacked via an unpatched Fortinet VPN. Patch, patch and patch as this seemed more of a scan and find than specifically targeted via The Record.
  • A new type of ransomware, wait, it’s actually a wiper that is hitting Israeli targets according to SentinelOne researchers. They are tracking the group as Agrius which has unconfirmed links to an Iranian group.
  • A researcher found a silicon based issue with the new Apple M1 chips allowing for covert channel communication between malicious apps naming it M1racles. The vulnerability is at this point more interesting than concerning for most at this point. Read more at Ars Technica and the full writeup at the M1racles site.

Owl fun and facts:

A western screech owl photographed on May 21, 2021 near the Eden Camp blockade. Photo by Royann Petrell

Above is a Western Screech Owl. From AllAboutBirds: “Western Screech-Owls are small owls with stocky bodies. They have somewhat square heads, almost no neck, and conspicuous ear tufts. The tail is short.”

In British Columbia, reported nesting sightings of the owl are credible in a controversial logging operation in Fairy Creek. “In the coming days, staff will attempt to find any owl nests, the ministry said.” Read more at Canada’s National Observer.

A Shout Out:

“AWS CloudFormation Guard is an open-source general-purpose policy-as-code evaluation tool. It provides developers with a simple-to-use, yet powerful and expressive domain-specific language (DSL) to define policies and enables developers to validate JSON- or YAML- formatted structured data with those policies.

Guard 2.0 release is a complete re-write of the earlier 1.0 version to make the tool general-purpose. With Guard 2.0, developers can continue writing policies for CloudFormation Templates.”

Get started with CloudFormation Guard on GitHub today.

About:

TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.

Check back here every Tuesday for more TSD or sign up below to stay in the loop!

Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!

That’s owl for now!

Stay Connected