Ransomware mules get nabbed, Chinese espionage campaign was larger than initially reported, security requirements too onerous for nuclear contractors, water treatment plants are likely incredibly insecure, a dark market for cookies and and massive data leak results in a farcial fine. In owl news, LSU researchers have been tracking barred owls and finally query your cloud resources like it was 1992 using Steampipe.
- Ukrainian police nabbed 6 allegedly part of the CLOP ransomware group. This group victims “this year alone include Stanford University Medical School, the University of California, and University of Maryland”. Read more at KrebsOnSecurity
- The Chinese espionage campaign that targeted the NYC MTA among others was more sweeping than initially reported. Dozens of others were targeted including Verizon and the largest water agency in the US. Read more at AP News.
- The Department of Energy is revising cybersecurity requirements for nuclear administrator subcontractors after they proved to be too onerous. This is part of an overall practice started by Congress a decade ago to remove onerous requirements. One contractor has already dealt with ransomware recently, let’s hope that these requirements don’t open up more contractors to ransomware. Read more at NextGov.
- NBC News has a report on the poor security affecting many water treatment plants around the US and the numerous unreported security events they have had. KrebsOnSecurity also looks into water plant security
- Motherboard does a deep dive into the marketplace where the EA hackers purchased the Slack cookies that we mentioned in TSD-65.
- Finally, First American Financial earned $7.1 billion last year and was found to be leaking 800 million documents in May 2019. The SEC concluded their investigation and fined them under $500,000… via KrebsOnSecurity
Owl fun and facts:
Researchers at LSU have caught and tagged a number of barred owls in the area near their campus to study their movements. “They noticed barred owls have a very small home range and don’t travel very far at all. “These guys are homebodies,” Jirinec said.” If you’re ever in the area, they suggest heading out to Bluebonnet Swamp to catch a glimpse of them.
A Shout Out:
Query your cloud resources with SQL using Steampipe. Steampipe utilizes plugins allowing you to use SQL to live query your various cloud resources. Answer questions like “What security groups are open to the world?” and “Which users have MFA enabled right now?”. The possibilities are endless and easily scriptable to get away from out of date inventory lists and more. Turbot also released a plugin that will scan your Zoom account for CIS benchmarks. Download it on GitHub today.
TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
That’s owl for now!