Avoid Root Canals In Security

Table of Contents

• ESSAY: Avoid Root Canals In Security

• In Other News

  • Data Compromised due to Zapier Employee 2FA “Misco …

  • All the Cloud Security Tools

  • ByBit Interim Investigation Report Reveals Details …

• Non-Security

  • Learning mindfulness and meditation

ESSAY: Avoid Root Canals In Security

I was recently told I needed a root canal, and I was devastated. 

Why? (Tell you in a minute)

I knew I had a cavity, and I needed to make an appointment.

I knew (albeit only in late December) that dental insurance resets on Jan 1st and use it or lose it.

I knew that if I don’t do anything it could get worse.

But I did nothing.

I didn’t prioritize it.

But why was this devastating?

Because I should have known better and it could have been easily prevented.

As a security person that’s always trying to warn people about best practices and threats (internal and external), and believes in preventative controls and security measures, I felt a level of shame for not doing better.

An easy fix (cavity) was easily preventative (appointment) and is now infected and needs a root canal, because I took no action.

Don’t let this happen with your security.

You know your employees are using personal computers with no restrictions..

You give all your engineers full IAM admin privileges like candy.

Your users keep getting phished and smished, but you have no training for them.

Your web app pentest had several critical vulnerabilities, but they are still not fixed.

Your RDS database, the core of your company, is not triple backed up in different regions and separate cloud accounts, or even local backup.

Your code is 20+ minor versions behind the latest release in the major version.

You don’t capture any logs.

Your logs are capturing usernames and passwords that everyone can access cause it’s in debug mode.

Your public links are accessible to the world and don’t expire.

Don’t let a bunch of little things become a root canal.

In Other News

Data Compromised due to Zapier Employee 2FA “Misconfiguration”

Zapier has access to a lot of data! I’m really curious on what this “misconfiguration” is exactly. What’s also interesting is how client data was “inadvertently” copied for debugging. I can’t find any post-mortem info on the Zapier website, but will be waiting for one!

The Verge: Zapier says someone broke into its code repositories and may have accessed customer data

All the Cloud Security Tools

An excellent collections of open source cloud security tools. What I love about this site is that you can sort by last updated! So many tools end up getting neglected and ending up in GitHub heaven.

CloudSec Tools

ByBit Interim Investigation Report Reveals Details in $1.4B Hack

More details are out regarding the $1.4Bn stolen in the cold wallet transfer attack mentioned last week.

Below are Key Findings verbatim from the report:

• Forensic investigation of all hosts used to initiate and sign the transaction revealed malicious JavaScript code injected to a resource served from Safe{Wallet}’s AWS S3 bucket.

• Resource modification time and publicly available web history archives suggest the injection of the malicious code was performed directly to Safe{Wallet}’s AWS S3 bucket.

• Initial analysis of the injected JavaScript code suggests it’s primary objective is to manipulate transactions, effectively changing the content of the transaction during the signing process.

• Additionally, the analysis of the injected JavaScript code identified an activation condition designed to execute only when the transaction source matches one of two contract addresses: Bybit’s contract address and a currently unidentified contract address, likely associated with a test contract controlled by the threat actor.

• Two minutes after the malicious transaction was executed and published, new versions of the JavaScript resources were uploaded to Safe{Wallet}’s AWS S3 bucket. These updated versions had the malicious code removed. • The highlighted initial findings suggest the attack originated from Safe{Wallet}’s AWS infrastructure.

• Thus far, the forensics investigation did not identify any compromise of Bybit’s infrastructure.

Non-Security

Learning mindfulness and meditation

While I’ve been aware of the art of being present and mindfulness for a couple years now, I think I really need double down on this and increase this muscle, as I’m just entry level right now. This is a good overview of the different types.

Have a great week!

About Ayman

Ayman Elsawah is a cybersecurity veteran with over 20+ years of experience in cybersecurity.

He is a Fractional CISO for High Growth Cloud Based SaaS companies with technical coverage areas including Zero Trust Architecture, Identity and Access Management, and Product Security.

He’s also an author, podcast host, and public speaker. He’s also the co-host of SC Media’s Enterprise Security Weekly with Adrian Sanabria. He is currently working on his own Youtube channel as well.

He’s a coffee aficionado and likes to take an empathetic and relatable approach towards information security management.