Did you miss Cyber Security Summit - Miami? Check out our session →·Watch on Demand
Cyral
Blog

The Security Digest: #76

Chaos abounds with a cross Azure account attack, phishing continues, T-Mobile offers up more apologies, Ragnarok quits, the Razers edge involves a mouse, spam is still dangerous and Hafnium was a loud AI stealing operation. In owl news, a northern pygmy is saved and finally how many tasks can you swipe on the cloud security kanban?

  • Wiz Research Team announced #ChaosDB and lots of people had opinions and comments. The exploit as described by the team is that it allows “any Azure user full admin access (read, write, delete) to another customers Cosmos DB instances without authorization”. A “trivial exploit” allowing for cross logical account access in the cloud? That’s a whammy!
  • Microsoft is warning of a wide ranging credential phishing attack that is using open email redirects. These are common among marketing emails and take advantage of this by setting a legitimate domain which redirects to an attacker controlled domain. Keep an eye out for these wary emails in case they make it your inbox
  • T-Mobile CEO says he “brute forced” his way through their environment according to BleepingComputer. The investigation is ongoing but a 21 year old already spoke with The Wall Street Journal and claimed to be responsible which matches the report we mentioned in TSD-74.
  • Ragnarok ransomware seems to have shut down and offered up the decryption key in what appears to be an unplanned operation according to BleepingComputer.
  • After all the fun devices and movie style hacks, turns out, you don’t need much more than just a mouse to hack Windows computers according to the full write up on BleepingComputer.
  • Back before ransomware was everywhere, the typical cyber crime issue was redirecting funds from companies directly to attacker controlled bank accounts. Unfortunately for one New Hampshire town, this is still happening as they lost $2.3 million. If you have the keys to the bank, make sure you double check before you make that transfer. Read more at BleepingComputer.
  • NPR has put out an incredible article about the Hafnium attacks and of course this was just not just a standard spying campaign, but specifically targeted for AI research for the Chinese operation. If you want to know more, the US Army has put out a report on Chinese Tactics. Meanwhile CISA is urgently encouraging people to patch the latest ProxyShell issue.

Owl fun and facts:

An injured northern pygmy owl is not reading a label of a soda can, but the tiny creature is dwarfed by the can showing its relative size. ((SPCA Monterey County) via Monterey Herald

A tiny northern pygmy owl was rescued in the Carmel Highlands. Luckily for the owl the rescuers contacted their neighbor who is a fellow member of the Ventana Wildlife Society and was able to help safely transport the injured owl. According to AllAboutBirds, “The Northern Pygmy-Owl may be tiny, but it’s a ferocious hunter with a taste for songbirds.”

A Shout Out:

The Art of Service put out a Cloud Security Kanban for where to get started on your current or impending cloud journey. How many tasks can you move to done?

About:

TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.

Check back here every Tuesday for more TSD or sign up below to stay in the loop!

Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!

That’s owl for now!