The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. Ransomware Sees Further Decline, Banking Trojan Use Steps Up (Infosecurity Magazine, Feb 07 2019)
Ransomware message volumes dropped significantly from Q2 to Q4 “suggesting that ransomware campaigns did not generate sufficient returns for threat actors to continue distributing them at scale.”
2. Ransomware Attack Via MSP Locks Customers Out of Systems (Dark Reading, Feb 07 2019)
Despite the trend mentioned above, ransomware attacks still occur. A vulnerable plugin for a remote management tool gave attackers a way to encrypt systems belonging to all customers of a US-based MSP.
3. Speak Up Malware Targets Linux, Mac in New Campaign (Infosecurity Magazine, Feb 04 2019)
New malware injects backdoor Trojan by exploiting known vulnerabilities.
8,000 Security News Articles
Since I started this curated newsletter in June 2017, I’ve clipped ~8,000 articles and narrowed them down into the best 20 per day. This is my favority way to stay abreast of the industry. Readers like you make this all worthwhile.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Apple patches FaceTime bug and pays teenager who uncovered it (WeLiveSecurity, Feb 12 2019)
While the bounty amount has not yet been disclosed, Apple have said that, on top of a monetary reward, it will also provide a gift that will go towards his education.
5. How Hackers and Scammers Break into iCloud-Locked iPhones (Motherboard, Feb 06 2019)
In a novel melding of physical and cybercrime, hackers, thieves, and even independent repair companies are finding ways to “unlock iCloud” from iPhones.
6. Will Trump’s New Artificial Intelligence Initiative Make The U.S. The World Leader In AI? (Forbes, Feb 12 2019)
The tech world got a surprise on Monday when the Trump administration announced an executive order that would create an American AI Initiative designed to dedicate resources and funnel investments into research on artificial intelligence (AI). But what does it all mean?
*Cloud Security, DevOps, AppSec*
7. Linux container bug could eat your server from the inside – patch now! (Sophos, Feb 12 2019)
Crooks could take over your network thanks to a critical bug in a popular Linux containerisation toolkit… here’s what you need to know.
8. Google Open Sources Fuzzing Platform (SecurityWeek, Feb 08 2019)
Google announced this week that it has open sourced ClusterFuzz, the fuzzing infrastructure it built to help finding memory corruption bugs in Chrome.
9. “Catastrophic” hack on email provider destroys almost two decades of data (Ars Technica, Feb 12 2019)
VFEmail says data for virtually all US users is gone for good.
*Identity Mgt & Web Fraud*
10. US Air Force Defector Allegedly Helped Iran Hack Americans (Wired, Feb 13 2019)
In an astonishing indictment, the DOJ details how Monica Witt allegedly turned on her former counterintelligence colleagues.
11. 31 AGs ask FTC to update Identity Theft Rules (SC Magazine, Feb 13 2019)
Attorneys general from 31 states have asked the Federal Trade Commission (FTC) to update its Identity Theft Rules. Noting the proliferation of identity theft and consumers’ inability to divine how information stolen from breaches is being used, the AGs said that the rules – also known as the Red Flags Rule and the Card Issuers Rule.
12. UK Data Intelligence Firm to Acquire IDology for $300 Million (SecurityWeek, Feb 13 2019)
UK-based Identity Data Intelligence specialist GBG has agreed to acquire the Atlanta-based identity verification and fraud prevention services provider IDology for $300 million in cash.
13. We Need More Transparency in Cybersecurity (Dark Reading, Feb 08 2019)
Security has become a stand-alone part of the corporate IT organization. That must stop, and transparency is the way forward.
14. Malta’s leading bank resumes operations after cyberheist-induced shutdown (WeLiveSecurity, Feb 15 2019)
Bank of Valetta, which went dark for a day after the fraudulent transfers of €13 million, is now looking to get the money back
15. We’re doubling down.’ DHS insists it’s not reducing election security efforts (Washington Post, Feb 15 2019)
Chris Krebs, who leads DHS’s Cybersecurity and Infrastructure Security Agency, was punching back Thursday against a Daily Beast report citing anonymous staffers who said the department was reducing its election security efforts following the midterms to invest more in border security and other Trump administration priorities.