The Top 15 Security Posts – Vetted & Curated

*Threats & Defense*
1. PROPagate Code Injection Seen in the Wild (Schneier on Security, Jul 09 2018)
This can be used to inject code and drop files while also hiding the fact it has happened, making it a useful, stealthy attack.

2. New macOS Malware Targets Crypto-Currency Users (SecurityWeek, Jul 03 2018)
A new piece of macOS malware has been observed being distributed via crypto-currency related Slack or Discord chat groups, security researchers warn.

3. German web hosting firm DomainFactory suffers data breach (Help Net Security, Jul 09 2018)
DomainFactory, one of the largest web hosting companies in Germany, has suffered a data breach.

*AI, IoT, & Mobile Security*
4. Timehop Data Breach Hits 21 Million Users (SecurityWeek, Jul 09 2018)
New York-based Timehop has created an application that shows users the photos, videos and posts they shared on the current day in previous years on Facebook, Instagram, Twitter and other websites.

5. The Ability to Fake Voice and Video is About to Change Everything (Daniel Miessler, Jul 09 2018)
“Most people think the way AI is going to significantly impact society is by taking all our jobs or creating robots that try to kill everyone. But while we focus on all the distant or unlikely impacts of artificial intelligence we’re about to get completely blindsided by a very real and practical one.”

6. ZTE appoints new C-suite to comply with U.S. settlement, resumes some operations (SC Magazine, Jul 05 2018)
ZTE tapped Xu Ziyang as CEO, replacing Zhao Xianming, and other executives, in an attempt to comply with the terms of a settlement that would lift a seven-year ban imposed by the U.S. in April.

*Cloud Security, DevOps, AppSec*
7. The aftermath of the Gentoo GitHub hack (Network World Security, Jul 10 2018)
A password guess and five days offline have left not only Gentoo’s GitHub admins, but all of us, with some things to think about.

8. Another Linux distro poisoned with malware (Naked Security – Sophos, Jul 11 2018)
This time, the malware poisoning happened to Arch Linux, another distro we’d characterise as hard-core, though very much more widely used than Gentoo.

9. Survey Finds DevOps Playing Key Role in Cloud Migration (DevOps, Jul 11 2018)
When it comes to lifting and shifting applications into the public cloud, too many organizations are still engaged in “wishful thinking.” Most applications migrating to the cloud will need to reworked to one degree or another, Lyman said.

*Identity Mgt & Web Fraud*
10. Identiverse 2018 Recap – Identities Cambrian Moment (Ping Identity, Jul 12 2018)
Artificial intelligence is heating up and getting woven into the fabric of the identity conversation. Identiverse was no exception, and there were a number of sessions that explored how AI is starting to make identity smarter. At Identiverse, we announced our strategic acquisition of API cybersecurity provider Elastic Beam and the launch of PingIntelligence for APIs.

11. UK Reveals Plan for a Centralized Biometric Database That Sounds Like an Absolute Nightmare (Gizmodo, Jul 10 2018)
The UK government’s Home Office released a report this week announcing plans for a forthcoming centralized biometric database of its citizens, compiling DNA, fingerprint, face, and possibly even voice data for law enforcement to access and share…

12. Centrify’s Next Strategic Step Forward with Thoma Bravo (Centrify, Jul 10 2018)
“We couldn’t be more thrilled to partner with this world class investor who has invested in other great cybersecurity companies like SailPoint, McAfee, Barracuda and others.”

*CISO View*
13. Chinese Wind Turbine Manufacturer Gets Max. Fine for Source Code Theft (Dark Reading, Jul 09 2018)
Sinovel Wind Group has been sentenced for stealing trade secrets from the company formerly known as American Superconductor Inc.

14. What Is “SIEM+” Or “Can We Have A Cyber Defense Platform?” (Gartner Blog Network, Jul 06 2018)
Contrary to what some “analytics” or “AI” vendors will have us believe, SIEM in 2018 is not the SIEM of our grandfathers. In 2002, when I was first initiated into the dark arts of SIEM, it was very different (it was called either SIM or SEM back in the B.C. era – that is, Before Compliance).

15. WPA3 (Schneier on Security, Jul 12 2018)
Everyone is writing about the new WPA3 Wi-Fi security standard, and how it improves security over the current WPA2 standard. This summary is as good as any other