The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. At Gathering of Spy Chiefs, U.S., Allies Agreed to Contain Huawei (WSJ, Dec 17 2018)
Spy chiefs from the West’s most powerful intelligence alliance agreed in a July meeting in Canada they needed to contain Huawei Technologies Co.
2. NHS Fax Ban Set to Improve Security from 2020 (Infosecurity Magazine, Dec 11 2018)
“Fax machines provide a large surface area for human error and consequently data breaches when used to transfer sensitive data, as they can’t offer assurance over how the data is picked up and used at the receiving end, or a safety net to allow for user error when dialing,” he explained. “When used to transfer confidential information, there is a significant risk of a data breach.”
3. Iranian Hackers Target Nuclear Experts, US Officials (Dark Reading, Dec 14 2018)
Hackers ramp up efforts to infiltrate email accounts of Americans responsible for enforcing severe economic sanctions on Iran.
Tell Your Friends
If you’re enjoying Mosaic’s independent news curation, forward it to a friend today. “Hey, instead of sifting through vendor marketing and duplicate news, I found this curated news feed from Mosaic Security Research. Check it out.”
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Nvidia’s Scary AI Generates Humans That Look 100% Real (Tom’s Guide, Dec 18 2018)
New Nvidia AI technology defies belief by creating 100% realistic synthetic humans, cats, and even cars.
5. Text CAPTCHAs easily beaten by neural networks (Naked Security – Sophos, Dec 12 2018)
As CAPTCHA-haters know to their frequent irritation, the death of the text-based Completely Automated Procedures for Telling Computers and Humans Apart tends to be exaggerated.
6. Google Unveils New Encryption Features for Android Developers (SecurityWeek, Dec 14 2018)
Security-minded Android application developers can better secure user data, thanks to new cryptographic features in Android 9.0, Google says.
*Cloud Security, DevOps, AppSec*
7. Government Sites Across World Leaked User Data, Russia Firm Says (Bloomberg, Dec 17 2018)
At least 40,000 civilian and military users of government websites in the U.S. and more than 30 other countries have had their credentials leaked online, exposing them to potential criminal attacks, according to Group-IB, a Russian cyber-forensics firm.
8. Exploring container security: Let Google do the patching with new managed base images (Cloud Blog, Dec 19 2018)
“With managed base images, we’ll provide base images for these common OSes, and patch them automatically. As long as the FROM field in your Dockerfile points to `$distro:latest` from Cloud Marketplace, you know that these images have been remediated with the most recently available patches from upstream.”
9. Firestarter: Invent Security Review (Securosis Blog, Dec 18 2018)
“It’s that time of year again. The time when Amazon takes over our lives. No, not the holiday shopping season but the annual re:Invent conference where Amazon Web Services takes over Las Vegas (really, all of it) and dumps a firehouse of updates on the world. Listen in to hear our take on new services like Transit Hub, Security Hub, and Control Tower.”
*Identity Mgt & Web Fraud*
10. Facebook Carved an Opening for Tech Giants (The New York Times, Dec 19 2018)
Internal documents show that the social network gave Microsoft, Amazon, Spotify and others far greater access to people’s data than it has disclosed.
11. Extortion Email Causes Widespread Panic Across US (Infosecurity Magazine, Dec 14 2018)
Universities and offices were evacuated after receiving a bomb threat in an email hoax.
12. Real-Time Attacks Against Two-Factor Authentication (Schneier on Security, Dec 14 2018)
“Attackers are targeting two-factor authentication systems…This isn’t new. I wrote about this exact attack in 2005 and 2009.”
13. US ballistic missile systems have very poor cyber-security (ZDNet, Dec 18 2018)
DOD report finds no antivirus, no data encryption, no multifactor authentication.
14. A Chief Security Concern for Executive Teams (Krebs on Security, Dec 18 2018)
Virtually all companies like to say they take their customers’ privacy and security seriously, make it a top priority, blah blah. But you’d be forgiven if you couldn’t tell this by studying the executive leadership page of each company’s Web site. That’s because very few of the world’s biggest companies list any security executives in their highest ranks. Even among top tech firms, less than half list a chief technology officer (CTO). This post explores some reasons why this is the case, and why it can’t change fast enough.
15. No Evidence’ of Huawei Spying, Says German IT Watchdog (SecurityWeek, Dec 17 2018)
Germany’s IT watchdog has expressed scepticism about calls for a boycott of Chinese telecoms giant Huawei, saying it has seen no evidence the firm could use its equipment to spy for Beijing, news weekly Spiegel reported Friday.