15 Bullet Friday – The Best Security News of the Week – 2019.04.12

The Top 15 Security Posts – Vetted & Curated

*Threats & Defense*
1. NSA Releases Reverse Engineering Tool’s Source Code (SecurityWeek, Apr 08 2019)
The National Security Agency (NSA) has made the source code for its “Ghidra” reverse engineering tool available for everyone.

2. Half of Cyber-Attacks Involve the Supply Chain (Infosecurity Magazine, Apr 02 2019)
Carbon Black claims island hopping and counter-incident response is growing

3. How the ‘New York Times’ Protects its Journalists From Hackers and Spies (Motherboard, Apr 08 2019)
The New York Times has beefed up its cybersecurity team in recent years, including with the hire of Runa Sandvik, a former hacker who used to work for the anonymization network the Tor Project, and who once hacked a smart gun.

8,000 Security News Articles
Since I started this curated newsletter in June 2017, I’ve clipped ~8,000 articles and narrowed them down into the best 20 per day. This is my favority way to stay abreast of the industry. Readers like you make this all worthwhile.
Thanks! – Lucas Samaras

Share on Twitter Facebook LinkedIn

*AI, IoT, & Mobile Security*
4. Well-funded surveillance operation infected both iOS & Android (Ars Technica, Apr 08 2019)
Malware that stole contacts, audio, location and more was under development for years.

5. Major Vulnerability Potentially Impacted 150 Million Smartphone Users Worldwide (Motherboard, Apr 04 2019)
Researchers discovered a since-patched vulnerability in an app pre-installed on smartphones made by Xiaomi.

6. How Android Fought the Chamois Botnet—and Won (Wired, Apr 09 2019)
The Chamois botnet once infected 20 million Android devices. Here’s how Google finally tore it up.

*Cloud Security, DevOps, AppSec*
7. To DevSecOps or not to DevSecOps? (Help Net Security, Apr 03 2019)
“Security teams must commit to cultural changes to be successful in a DevSecOps world – they need to gain a better understanding of the business environment impacting their organizations and re-imagine their own role as risk management consultants supporting aggressive innovation. Governance and compliance will still remain significant drivers in the role, but the primary focus has to be on support for their DevOps teams…”

8. A New Approach to Application Security Testing (Dark Reading, Apr 09 2019)
If the appsec industry were to develop a better AST solution from scratch, what would it look like?

9. Hackers Can Add, Remove Cancer From CT Scans: Researchers (SecurityWeek, Apr 05 2019)
A team of researchers has demonstrated that hackers can modify 3D medical scans to add or remove evidence of a serious illness, such as cancer.

*Identity Mgt & Web Fraud*
10. How Banksy Authenticates His Work (RepRage, Apr 11 2019)
That torn-in-half banknote though? Never mind signatures, embossing or wax seals. The Di Faced Tenner is doing all the authentication heavy lifting here. The tear is what uniquely separates the private key, the half of the note kept secret under lock and key at Pest Control, with the public key. The public key is the half of the note attached to the authentication certificate which gets passed on with the print, and allows its authenticity to be easily verified. (credit to Bruce Schneier for finding this story)

11. How web forms can steal your bandwidth and harm your brand (Naked Security – Sophos, Apr 11 2019)
Got a mailing list? Ever signed up for one? Ever stopped to think how a crook could abuse the security-related confirmation process?

12. SEC Allows Shareholder Votes on Amazon Facial “Rekognition” (SecurityWeek, Apr 08 2019)
Amazon shareholders will get the opportunity to vote on two non-binding shareholders’ resolutions concerning the Amazon Rekognition facial recognition system.

*CISO View*
13. A Year Later, Cybercrime Groups Still Rampant on Facebook (Krebs on Security, Apr 08 2019)
“Almost exactly one year ago, KrebsOnSecurity reported that a mere two hours of searching revealed more than 100 Facebook groups with some 300,000 members openly advertising services to support all types of cybercrime, including spam, credit card fraud and identity theft. Facebook responded by deleting those groups. Last week, a similar analysis led to the takedown of 74 cybercrime groups operating openly on Facebook with more than 385,000 members.”

14. Mysterious Hackers Hid Their Swiss Army Spyware for 5 Years (Wired, Apr 09 2019)
The TajMahal spyware includes more than 80 distinct spy tools, and went undetected for five years.

15. Hackers attacked California DMV voter registration system marred by bugs, glitches (LA Times, Apr 12 2019)
Programmers warned that the 2018 launch of California’s “motor voter” system could be a debacle, but state officials rolled it out anyway, according to interviews and an exclusive Times review of documents. The launch occurred even after engineers detected signs of an international hacking attempt.

Share on facebook
Share on twitter
Share on linkedin