Did you miss Cyber Security Summit - Miami? Check out our session →·Watch on Demand
Cyral
Blog

The Security Digest: #73

Patch Tuesday is here, DarkSide has rebranded, Federal agencies are running legacy systems, Conti ransomware manuals leaked, US is not banning ransomware payments, read more about Pegasus and the Pwnie Awards happened last week and all of the Defcon videos are already up! In owl news we pay respects to Barry the barred owl of Central Park and finally, the NSA and CISA have released a K8s hardening guide.

  • Today is everyones favorite day, Microsoft Patch Tuesday! 51 total vulnerabilities are fixed including 13 remote code execution fixes for PrintNightmare and more. Read more at BleepingComputer.
  • The ProxyShell technical details for Microsoft Exchange were released last week at Black Hat and the scanners are out in full force, patch ASAP. Read more at BleepingComputer.
  • Are you using Chrome? See the update in the right hand corner? Update ASAP if you haven’t yet as they patched a bug that allows remote takeover last week.
  • With news that DarkSide has rebranded into BlackMatter, KrebsOnSecurity looks into the ever revolving door of other ransomware reorgs that have happened through the years.
  • A Senate report expresses major concern across 7 of 8 agencies audited including that they use legacy systems without security updates. Read more about the report at CyberScoop
  • Oh boy, a disgruntled ransomware affiliate leaked technical manuals, IP addresses and more for the Conti ransomware gang. The IPs are for the command and control centers, so if you’re blocking or searching check this out ASAP via The Record.
  • Cobalt Strike used by red teamers and groups like Conti has a major flaw that could allow for easy takedown of the servers as found by SentinelOne. Read more at ArsTechnica.
  • There was talk about banning ransomware payments, but US officials have backed away from the idea partially due to the transparency of cryptocurrency payments and in consultation with the ransomware task force via CyberScoop
  • Security firm Group-IB published information about a malware delivery platform dubbed Prometheus that was advertised for as little as $30 for 2 days of access. Read more about this platform at The Record.
  • If you’re still looking for more information about NSO’s Pegasus spyware, Kim Zetter does a full breakdown of it.
  • More fun from Hacker Summer Camp, the Pwnie Awards! Lamest vendor response of course goes to Cellebrite. Check out this tweet thread by Dhiraj for the rest.
  • Speaking of Defcon, all the videos are already up on YouTube!

Owl fun and facts:

NYC’s Central Park Barry the barred owl has passed away. An informal vigil was held yesterday and hundreds showed up to pay their respects with flowers and murals. Barry’s celebrity in the Big Apple as “only one or two owls are found in Central Park each year”. Read more about barred owls at AllAboutBirds and read more about Barry at NPR.

A Shout Out:

The NSA and CISA have released a joint report on hardening Kubernetes. High level overview is what you would expect with scanning containers and Pods for vulns and misconfiguration, least privilege, authentication and authorization and logging. Check the full 59 page guide out here.

About:

TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.

Check back here every Tuesday for more TSD or sign up below to stay in the loop!

Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!

That’s owl for now!