The Top 15 Security Posts – Vetted & Curated

*Threats & Defense*
1. House Democrats list states with weakest election security in new report (Washington Post, Jul 16 2018)
House Democrats are trying to ramp up pressure to send more election security funding to states by spotlighting the ones they say are most vulnerable going into November.

2. Hacker Exploits 2-Year Old Router Issue To Steal Sensitive US Military Data (Dark Reading, Jul 11 2018)
A moderately skilled hacker managed to steal export-restricted data pertaining to the Reaper drone and Abrams tank from computers belonging to two US Army officials.

3. Department of Commerce Report on the Botnet Threat (Schneier on Security, Jul 11 2018)
“Last month, the US Department of Commerce released a report on the threat of botnets and what to do about it. I note that it explicitly said that the IoT makes the threat worse, and that the solutions are largely economic.”

*AI, IoT, & Mobile Security*
4. Telefonica breach leaves data on millions exposed (SC Magazine, Jul 16 2018)
Hackers exploited a flaw at Spanish operator Telefonica early Monday and likely exposed all the personal data of millions of the company’s customers.

5. How to spoof someone’s GPS navigation to send them the wrong way (Naked Security – Sophos, Jul 17 2018)
Researchers have for the first time demonstrated that it’s possible to spoof turn-by-turn GPS road navigation to send users to specific wrong locations.

6. Advanced Mobile Malware Campaign in India uses Malicious MDM (Cisco, Jul 17 2018)
Cisco Talos has identified a highly targeted campaign against 13 iPhones which appears to be focused on India. The attacker deployed an open-source mobile device management (MDM) system to control enrolled devices.

*Cloud Security, DevOps, AppSec*
7. Voting Machines with Remote-Access software on States’ Systems (Motherboard, Jul 18 2018)
Remote-access software and modems on election equipment ‘is the worst decision for security short of leaving ballot boxes on a Moscow street corner.’

8. How Google’s Safe Browsing Helped Build a More Secure Web (Wired, Jul 17 2018)
You may not have heard of Safe Browsing, but it’s made the web more secure for over a decade. Here’s its story, from the people who built it.

9. HackerOne Bug Bounty Programs Paid Out $11 Million in 2017 (SecurityWeek, Jul 12 2018)
HackerOne hosts roughly 1,000 programs that over the past years have received over 72,000 vulnerability reports from researchers in more than 100 countries. The bounties paid out since the launch of the company until June 2018 reached over $31 million.

*Identity Mgt & Web Fraud*
10. LabCorp Breach – Millions of Health Records at Risk (Infosecurity Magazine, Jul 18 2018)
LabCorp has shut down its systems after a suspected network breach, which could have put millions of health records at risk

11. Facial recognition technology: The need for public regulation and corporate responsibility (Microsoft, Jul 16 2018)
Facial recognition will require the public and private sectors alike to step up – and to act.

12. The SIM Hijackers (Motherboard, Jul 17 2018)
Meet the hackers who flip seized Instagram handles and cryptocurrency in a shady, buzzing underground market for stolen accounts and usernames. Their victim’s weakness? Phone numbers.

*CISO View*
13. Russia Publishes Only 10% of CVEs (Infosecurity Magazine, Jul 17 2018)
Report finds Russia’s vulnerability database, while highly focused, is incomplete and slow

14. SOAR-native SOC, Can This Work? (Gartner Blog Network, Jul 13 2018)
Now, can this go well? Or will it explode just like IT GRC did when adopted with no risk management program or knowledge? Kaboom!

15. Suing South Carolina Because Its Election Machines Are Insecure (Schneier on Security, Jul 19 2018)
A group called Protect Democracy is suing South Carolina because its insecure voting machines are effectively denying people the right to vote.