Privacy nightmare for UK gun owners while a privacy win for many from the FTC, an IOT botnet’s operators have been arrested but it will live on, Atlassian’s Confluence needs to be patched ASAP and finally another Solar Winds victim quietly comes forward. In owl news we look to a rescue operation in Lake Tahoe and finally CNCF security group has debuted a practitioner’s guide for cloud security.
- In a privacy nightmare, a UK gun owner forum was hacked which includes location data that has since been released to the point where people have imported it into Google Earth. No word on why the forum had such detailed location data. Read more at The Register
- In a first, the FTC voted to ban stalkerware maker SpyFone after exposing user data in S3. Others have also been breached, so we will see if this sets a precedent. Read more at CyberScoop.
- According to Chinese tech giant Qihoo 360’s network security firm Netlab, the authors of the Mozi iot botnet have been arrested. Details of the arrests have not been made pubic. Even though the operators have been arrested, it is expected to take months to die out. Read more at The Record.
- US Cybercom warned before the long weekend that there was an ongoing exploit of Atlassian’s on premise version of Confluence that needed to be patched ASAP. Hopefully you weren’t affected by this or were able to patch quickly. Read more at ZDNet.
- Nearly a year after the solar winds espionage operation, Autodesk filed a report with the SEC admitting that they were also affected but noted no customer data was affected. CyberScoop has more.
Owl fun and facts:
Staying in California again this week for owl news, here is a story about a wild animal refuge in Lake Tahoe that was responsible for saving all sorts of animals from the fires. Lake Tahoe Wildlife Care in South Lake Tahoe scrambled to save all of their animals and were able to get out quickly. ‘They coaxed animals into transport crates, sometimes with inventive methods. “The owl’s treat is a piece of salmon. You know the owl is going to go in the cage to get the piece of salmon,”’ Read the full story at The Guardian.
A Shout Out:
The Cloud Native Computing Foundation (CNCF) Technical Advisor Group for security (TAG-Security) has released a practitioner’s guide for cloud native security called the Cloud Native Security Map. The map outlines a number of tools to put in place to practically achieve the goals outlined in the whitepaper. Anyone can contribute to CNCF TAG-Security, you can start by heading to their GitHub to find out more. Check out the CNSMap website to learn more.
TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
Please reach out to us directly, via firstname.lastname@example.org or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!
That’s owl for now!