Did you miss Cyber Security Summit - Miami? Check out our session →·Watch on Demand
Cyral
Blog

The Security Digest: #72

Fallout from the Pegasus Project has started as more details emerge and another Israeli spyware firm with American venture money is profiled, plus the return of Darkside, details emerge about the Justice Department hack, PyPi has more malware, QR codes are probably tracking you, CISA has the top 30 vulnerabilities and that massive infrastructure bill has set aside funds for cybersecurity. In owl news, we look at a tiny owl from the Pacific Northwest and finally CISA has released an open source asset inventory tool.

  • The first fallout from the Pegasus Project has resulted in the Israeli government visiting the NSO office and suspending certain clients for “misuse” via NPR. Meanwhile Le Monde is reporting that they found Pegasus on French journalists as tweeted in English by @runasand
  • Speaking of Israeli surveillance companies, Paragon Solutions claims to “to give police the power to remotely break into encrypted instant messaging communications, whether that’s WhatsApp, Signal, Facebook Messenger or Gmail”. The firm is backed by Boston based Battery Ventures. Forbes has more on this stealth startup.
  • DarkSide ransomware seems to have rebranded as BlackMatter according to researchers. Read more at BleepingComputer.
  • More details are out on the hack of federal prosecutors across the country. “80% of Microsoft email accounts used by employees in the four U.S. attorney offices in New York were breached. All told, the Justice Department said 27 U.S. Attorney offices had at least one employee’s email account compromised.” Read more at AP News.
  • The NYTimes is reporting how the QR codes that popped up everywhere during the pandemic often have tracking in them but not many details are known.
  • Packages on Python’s PyPi server have been found to be stealing credit card numbers and discord tokens according to researchers. Read more at BleepingComputer
  • CISA has released the top 30 vulnerabilities exploited in the past 2 years. Top vulnerabilities for 2020 included a number of VPN services. 2021 has seen a number of ones we’ve covered here including Exchange and Accellion. Read more at BleepingComputer
  • Finally, the massive bipartisan infrastructure bill also includes a number of provisions for cybersecurity per Eric Geller.

Owl fun and facts:

Public Domain, https://commons.wikimedia.org/w/index.php?curid=539651

This tiny owl is a Flammulated Owl found in the Pacific Northwest:

“This diminutive owl is one of the smallest in North America, with a body mass of about 1.9 ounces. It has dark eyes, brown plumage with darker and reddish variegations, and small ear tufts.

The Flammulated owl is unique among owls in the Pacific Northwest in that it preys almost exclusively on insects and is a neotropical migrant. Additionally, the pitch of its rather ventriloquial hoot is among the lowest of all North American owls.”

Read more about this tiny owl and other owls in Oregon at the Oregon Department of Fish & Wildlife

A Shout Out:

The Cybersecurity and Infrastructure Security Agency (CISA) has released an awesome new tool called Crossfeed that “lets you monitor and discover your public-facing infrastructure, as well as bring better visibility to vulnerabilities.” Asset inventory is still the number one security measure you can take and still one that many companies are failing at as you see in many of the latest ransomware attacks. Whether it was a deprecated VPN or a deprecated Apache struts application for another major hack a few years ago. Asset inventory should be number one priority. Download Crossfeed today at GitHub and check out the Crossfeed docs.

About:

TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.

Check back here every Tuesday for more TSD or sign up below to stay in the loop!

Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!

That’s owl for now!