The security overview: # 80 – Security Boulevard


A high-profile film worth discussing WikiLeaks, a record year for zero days, another major problem with Exchange and a brute force bug in Azure AD, an update of Chrome as soon as possible, a Good Samaritan bug in AirTags and a possible update to strengthen CISA. In owl news they replace pigeons in the peace process and, finally, Truffle Security has a Chrome extension to find keys in the frontend JavaScript.

  • Yahoo News reports a high-level CIA discussion to kidnap or even murder Julian Assange in retaliation for the release of the Vault 7 hacking tools in 2017. One official describes some of the Assange-related concerns as a “prison break movie.” Read more at Yahoo News.
  • MIT Technology Review looks at a record year of zero days with 66 announced so far. The reasons are varied, from more flashlights finding bugs that were already there, to the exploit market and more. Software clearly needs fewer zero days, but I would rather have known zero days than the unknown zero days that are already out there.
  • Amit Serper Guardicore discovered a major flaw in Exchange that has leaked hundreds of thousands of credentials for years. Someone also set up a page to monitor people registering these domains at Read more about this at The Register
  • Secureworks has published a recommendation for a brute force bug in Azure Active Directory that is not being logged. Microsoft has yet to answer. Read more on ArsTechnica
  • Update Chrome ASAP as Google released an emergency solution for a zero-day that is being actively exploited. I just had to manually look it up today to get 94.0.4606.61. Read more under Bleeping Computer
  • Researchers have discovered a bug in Apple AirTags that could lead to a phishing attack against a Good Samaritan who finds you. Read more under KrebsOnSecurity
  • In an important area to watch, senators are developing laws that would update the Federal Law on the Modernization of Information Security (FISMA) and strengthen the role of the CISA. The legislation is still in committee so it will be interesting to see what comes out and gets passed by Congress. Read more in the SC magazine.

Owl fun and facts:

Professor Imad Chirkawi with an owl

A professor in Israel has worked with authorities in Cyprus, Greece, Jordan and the Palestinian Authority, and now Morocco, to replace owls with pesticides for organic farming.

“We see that the owl replaces the dove as a harbinger of peace and proves once again that birds have no geographical boundaries,” said the professor. “I’m happy to see the vision take shape”
So far, around 5,000 nest boxes have been set up in the Golan Heights, Galilee, Hula Valley, Jezreel Valley, Beit Shean Valley, the Sharon Region, Judea and the south.
The project was successful in minimizing the use of toxic chemicals in Israeli agriculture and is expected to be further reduced in the future.

Read more about the history of the program at Nature and about this new development from The Jerusalem Post

An exclamation:

Truffle Security released a Chrome extension to find keys in JavaScript to build on their Truffle Hog suite of secret finding tools. Read more about the Chrome extension and check out the TruffleHog tool suite over at Truffle Security.


TSD began as an internal newsletter that our security manager Daniel Tobin distributed to the team every Tuesday. It turned out to be a great resource for all of us so we figured, why not share it with all of you? We hope this will make you a little more secure.

Check back here every Tuesday to find out more about TSD, or sign up below to stay tuned!

Please contact us directly via [email protected] or on Twitter at @ dant24 for questions, concerns, tips or anything else!

This is owl for now!

The Security Digest: # 80 post first appeared on Cyral.

*** This is a syndicated blog from the Security Bloggers Network by Blog – Cyral, written by Daniel Tobin. Read the original post at:

Source link


About Author

Leave A Reply