T-Mobile had a massive data breach, an LA based COVID testing firm was inadvertently leaking data, sensitive data may fall into Taliban hands, John Oliver digs into ransomware and more of the latest info security news. In Australia, a researcher is looking for the barking owl and finally Cloud Security Guy Chris Farris has released a step by step guide to setting up AWS Organizations.
- Are you a T-Mobile customer? A data dump of 100 million records with 30 million supposedly including Social Security Numbers has shown up on an underground forum. T-Mobile has reportedly found the backdoor access and shut it down and has confirmed the breach. KrebsOnSecurity digs into who might have actually perpetrated the breach and names names. Read the original article at Motherboard
- If you have had COVID testing in LA, a startup took down their site after they were vulnerable to an incremental ID attack. Read more at TechCrunch.
- ThroughTek Kalay network products including baby monitors and web cameras have a bug allowing remote attackers to eavesdrop on audio and video and control the device. Read more about it here.
- Check Point Research looked into the attacks on Iranian Railway systems and found that they were politically motivated and not the result of a nation-state attack. Read more at the Check Point Research blog.
- One potential fallout from the quick exit for the US in Afghanistan is the concern around leaving sensitive information. Agencies were ordered to start destroying sensitive information but much of the information was already shared with the former government and other agencies. The Washington Post has more
- The SEC has fined educational company Pearson for improperly disclosing a major data breach at multiple steps in the process. Read more at CyberScoop.
- KrebsOnSecurity looks at a new service for criminals to check whether or not they’re cryptocurrency might be flagged by law enforcement
- 2 small town Maine sewage plants were hit with ransomware recently. Read more at AP.
- Speaking of ransomware, Last Week with John Oliver did a segment on it. This segment originally aired on HBO.
Owl fun and facts:
A researcher is focused on finding the barking owl in Australia “whose calls are often confused with the woofs of a dog — and even the screams of a human… their preferred habitat is remote dry open eucalypt forest and woodland, which can also be home to koalas and quolls.” If you’re in Australia, you can help particpate in owl research with Hoot Detective. Read more about this important work from researcher Candice Larkin at Australia’s ABC News.
A Shout Out:
Cloud Security Guy Chris Farris has released his AWS Organizations Checklist for 2021 on all the best practices when securing an AWS organization. Everything from multi account for logging and security to delegated admin for various services and more. He’s also included helpful CloudFormation Templates and / or shell scripts to help automate the process. Check it out on his blog ChrisFarris.com
TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via firstname.lastname@example.org or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
That’s owl for now!