The Security Digest: #81 - Security Boulevard

SBN The Security Digest: #81

A backend system for text messages was breached for 5 years, It’s Cybersecurity Awareness Month: Do your part. #BeCyberSmart, the Pandora Papers is a massive data leak of tax haven files, Coinbase MFA was bypassed, Intercept looks at hacked data around COVID-19, patch Apache and Android ASAP, President Biden announced a multi country ransomware coalition and Facebook was not hacked. Owls are a spooky symbol of halloween based on folklore and finally Phrack is back!

  • A company that handles billions of text messages reported to the SEC that it was hacked and the attackers had access for years. The hack began in May 2016 but they did not notice until May 2021. Read more of the report at Motherboard.
  • It’s Cybersecurity Awareness Month, now in its 18th year! The evergreen theme is “Do your part. #BeCyberSmart” and is the theme for this week. CISA has released a number of tip sheets including Cyber Secure at Work, Safe Travel, Multi-Factor Authentication (MFA), Online Privacy, Protecting Your Digital Home, Creating Passwords and Social Media Cybersecurity. You can also check out the proclamation from the President on Whitehouse.gov
  • In what is billed as “the largest investigation in journalism history”, The Pandora Papers is the most expansive leak of tax haven files.
  • Hackers were able to bypass MFA in Coinbase and steal funds from 6000 users. Read more at The Record
  • A hacker leaked data to The Intercept revealing various partisan issues related to COVID-19.
  • If you’re running Apache, check your version as there is a zero day vulnerability that could expose sensitive information. Read more at BleepingComputer
  • Android rolled out their October update with 41 fixes including 3 critical. Update ASAP! Read more at BleepingComputer
  • President Biden announced a 30 country coalition to fight against ransomware late last week. Read more at BleepingComputer
  • And finally, Facebook, Instagram and WhatsApp all went down to an internal faulty configuration change and were not hacked as some initial rumors said. KrebsOnSecurity has a good overview of the information known about the change to BGP. In the meantime, a Twitter user caught the scene outside of Facebook HQ.

Owl fun and facts:

Yahoo has a fun article about why owls are a symbol of Halloween according to folklorists.

DevOps Experience

A Shout Out:

Phrack is back! The legendary zine has published their first issue in 5 years. Phrack was first published in 1985. Check out Phrack Issue 70.

About:

TSD began as an internal newsletter that our Security Lead, Daniel Tobin, would circulate to the team each Tuesday. It proved to be a great resource for all of us so we thought, why not share it with all of you? Our hope is that it helps make you just a bit more secure.

Check back here every Tuesday for more TSD or sign up below to stay in the loop!

Please reach out to us directly, via [email protected] or on Twitter at @dant24 if you have any questions, concerns, tips or anything else!

That’s owl for now!

The post The Security Digest: #81 appeared first on Cyral.

*** This is a Security Bloggers Network syndicated blog from Blog – Cyral authored by Daniel Tobin. Read the original post at: https://cyral.com/blog/tsd-the-security-digest-81/