Skip to main content

Friday Five 9/10

by Chris Brook on Friday September 10, 2021

Contact Us
Free Demo

The latest Windows zero day, ProtonMail under fire, and creating a more diverse cybersecurity workforce - catch up on the infosec news of the week with the Friday Five!

1. Researchers Play Leading Role in Detecting Cloud Misconfiguration by Kelly Sheridan

We've come a long way from 2017 and 2018, when it seems like every week news came of a poorly secured Amazon S3 storage bucket leaking personal or corporate data. The wave of improperly configured buckets prompted many across the industry to ask just how secure are these cloud storage services? Amazon and Elasticsearch, whose databases have had their own security issues over the years, have made big advances in addressing configuration problems but there's inevitably data loss. According to a new Rapid7 report, there were 121 cases involving data exposure last year. As reported in DarkReading, thankfully most of the cases, 62%, were ferreted out by researchers, not malicious hackers. The best word of advice here comes later in the article: Always check up on old configurations, especially if you're setting up a new bucket and expecting older ones to fall in line with the newer configurations.

Read more

2. Congress Is Warning That the Federal Government Remains Vulnerable to Cyberattacks by Dan Lips

Another fairly straight forward alert here via the FBI. This one warning that companies in the food and agriculture sector should be weary of ransomware attacks; but there's more than meets the eyes here. Lost in the warning is news that earlier this year a ransomware attack at one US-based farm cost them a whopping $9 million. While the loss wasn't tied to the farm paying a ransom - it stemmed from the farm having to temporarily shutdown their farming operations - it's still a pretty penny to pay. According to the FBI's warning, attackers were able to infiltrate their servers by gaining admin level access after using compromised credentials. We're constantly reminded to change our passwords; unfortunately it cost these victims $9 million.

Read more

3. ProtonMail Under Fire For Sharing ClActivist Data With French Authorities by Karl Bode

If you’ve been using ProtonMail under the guise it provides “anonymous email’ and the utmost in privacy, you may want to reconsider and determine whether it fits your threat model. News broke this week that the service was forced to reveal a user's IP address after it received a demand from the Swiss court system asking who created an email account associated with protesting gentrification and climate inaction. “There was no legal possibility to resist or fight this particular request,” the company said in a blog post this week. While this may be the case - the company said it was a legally binding order from Swiss authorities - as Vice points out, it's difficult to argue it doesn't run counter to how ProtonMail bills itself. The company used to say it didn't collect IP logs. A recent revision to its privacy policy reflects its softened stance: “ProtonMail is email that respects privacy and puts people (not advertisers) first. Your data belongs to you, and our encryption ensures that."

Read more

4. Microsoft Confirms Serious New Windows 10 Attack—Here’s How To Stop It by Davey Winder

We wrote about the latest Windows zero day vulnerability earlier this week but as with any zero day, it's so serious it bears reiterating and linking to more reading on the subject. Reported to Microsoft over the weekend, the story's gained traction throughout the week with experts like Dave Maynor pointing out on Thursday that the vulnerability has "evasion of work arounds, can execute from a remotely hosted CAB, 0 detection rate on EDRs, potential for execution with minimal interaction." "This is bad,” Maynor adds. To reiterate, there's no patch for the issue – a bug in the Internet Explorer browser rendering engine, MSHTML - but there's a variety of workarounds and mitigations organizations should employ. As these mitigations have proven somewhat unreliable over the last few days, It's worth reminding employees to only open attachments from trusted sources until a fix is published. It’d be a quick turnaround but it's possible that one arrives in MIcrosoft's Patch Tuesday round of updates next week.

Read more

5. How to Bust Through Barriers for a More Diverse Cybersecurity Workforce by Williesha Morris

An important read in DarkReading via Williesha Morris on significant work being done by groups like the International Consortium of Minority Cybersecurity Professionals (ICMCP) and Blacks in Cybersecurity (BIC) when it comes to giving Black cybersecurity professionals a voice. While the piece lauds the work of these groups – and it’s worth reading up on their accomplishments - there's valuable advice here via Devo's Julian Waits, who says that white industry professionals need to enter spaces as mentors and highlight the ways the lack of diversity hurts the industry. “Expanding the pool of people to hire from means finding more talented individuals. Hiring individuals with different backgrounds results in teams with different ideas and complementary skills, which makes for stronger and better teams,” Morris writes.

Read more

Tags:  Cybersecurity Vulnerabilities Privacy Government Cloud Security

Recommended Resources

The Definitive Guide to DLP

  • The seven trends that have made DLP hot again
  • How to determine the right approach for your organization
  • Making the business case to executives

The Definitive Guide to Data Classification

  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business