Did you miss our last 451 Research Webinar? Watch on demand now!·Watch Now
Cyral
Blog

The Security Digest: #83

Details on the Coinbase thieves emerge, The Governor of Missouri wants to prosecute HTML hackers, zero days fall at Tianfu Cup, ransomware payments dwarf other years and took down a group of TV stations, luminary security researchers publish on Apple’s scanning, Acer was hit twice, Buffalo schools are paying $10 million to cleanup ransomware and finally keep an eye out for fake benefits sites. In Owl news we look to Napa Valley and researchers use of owls for rodent control and finally an RBAC tool to contain the complexity of K8s.

  • KrebsOnSecurity looks into the methods thieves used to steal one time passwords and gain access to Coinbase accounts
  • Reporters in Missouri discovered a website with Social Security Numbers in the HTML source code and now the Governor is threatening to prosecute the “hackers”. I really hope this settles down, but he seems to just be ratcheting things up. Read more at KrebsOnSecurity
  • At Tianfu Cup, China’s Pwn2Own equivalent, researchers demonstrated zero days for Windows 10, Ubuntu, iOS 15, Chrome and more. Read more at The Record
  • Ransomware payments from the first half of the year exceeded all of 2020’s payments according to the Treasury Department financial crimes unit. Coindesk has the full story
  • Ransomware knocked off Sinclair Broadcasting Sunday morning interrupting the broadcast of NFL games, morning news shows and more. Read more at The Record
  • A group of security research luminaries gathered together to write a 46 page document skewering Apple’s CSAM scanning technology. Ross Anderson provides a good overview and you can download the full paper, Bugs in our Pockets: The Risks of Client-Side Scanning from Arxiv. The full list of authors is Hal Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh, Matt Blaze, Jon Callas, Whitfield Diffie, Susan Landau, Peter G. Neumann, Ronald L. Rivest, Jeffrey I. Schiller, Bruce Schneier, Vanessa Teague and Carmela Troncoso.
  • Acer has had a bad week getting hit twice by the same threat actor. Read more at BleepingComputer.
  • The Buffalo News is reporting that the total cost to respond to and beef up security after a ransomware attack at Buffalo Public Schools will total $10 million.
  • Finally, the FBI has warned about fake sites posing as sites offering unemployment benefits. Keep an eye out and be ever vigilant. Read more at Bleeping Computer

Owl fun and facts:

Humboldt State graduate student Jaime Carlino bands a barn owl nestling. (Photo by Laura Echávez)

Bay Nature Magazine has just published a story about Humboldt State researchers on the use of owls as natural predators for Napa Valley vintners. As of January, a key rodentcide had been banned in California for the affects it had on upper predatory animals like owls. The research will both monitor their effectiveness at taming the rodent population and keep an eye on the owls as well.

A Shout Out:

RBAC Tool from Rapid 7 “simplifies querying and creation of RBAC policies.” This is an open source suite of tools ranging from visualization to analysis and highlighting risky permissions to generating roles and more.

About:

TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.

Check back here every Tuesday for more TSD or sign up below to stay in the loop!

Please reach out to us directly, via security@cyral.com or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!

That’s owl for now!