Chaos unfolded for a meat producer over the weekend, likely from what else but ransomware. Suspected Solar Winds hackers are back, VPN breaches from state sponsored hackers, a wiper is masquerading as ransomware and a silicon based security issue with M1 chips. In owl news, we check in on the western screech owl in Canada and finally shoutout a rewrite of policy as code tool CloudFormation Guard.
- The NY MTA hack was due to a Pulse Secure VPN zero day but failed to get any customer or employee data via BleepingComputer. This puts a name to one of the companies affected in the report we mentioned last week in TSD-63 from Mandiant / FireEye.
- Speaking of FireEye and Mandiant, FireEye the product company that bought Mandiant in 2014 is selling the FireEye product and name to focus on Mandiant Solutions via CNBC
- The Supreme Court ruled on the CFAA limiting the scope, read more at Ars Technica
- The US government announced that they were going to treat ransomware like terrorism, read more at Mashable
- Wired has a story on how NYC has 15,000 cameras
Owl fun and facts:
Look at that owl, that owl is owlsome. You might be able to see this owl in Montana.
A Shout Out:
“Project Lockdown is a collection of serverless event-driven auto remediation Cloud Functions designed to react to unsecure resource creations or configurations. Project Lockdown is meant to be deployed in a GCP environment and has the capabilities to monitor and remediate across your entire Organization hierarchy in a matter of seconds.”
TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.
Check back here every Tuesday for more TSD or sign up below to stay in the loop!
That’s owl for now!
*** This is a Security Bloggers Network syndicated blog from Blog – Cyral authored by Daniel Tobin. Read the original post at: https://cyral.com/blog/tsd-the-security-digest-64/