The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. TRITON Actor TTP Profile, Custom Attack Tools, Detections, and
ATT&CK Mapping (Fire Eye Threat Research , Apr 10 2019)
FireEye can now confirm that we have uncovered and are responding to an additional intrusion by the attacker behind TRITON at a different critical infrastructure facility.
2. US Government Warns of New North Korean Malware (Infosecurity Magazine, Apr 11 2019)
Hoplight backdoor uses proxies to hide C&C comms
3. Hackers Could Read Your Hotmail, MSN, and Outlook Emails by Abusing Microsoft Support (Motherboard, Apr 14 2019)
Hackers abused a Microsoft customer support portal that allowed them to read the emails of any non-corporate account.
8,000 Security News Articles
Since I started this curated newsletter in June 2017, I’ve clipped ~8,000 articles and narrowed them down into the best 20 per day. This is my favority way to stay abreast of the industry. Readers like you make this all worthwhile.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Get Ready for the First Wave of AI Malware (SecurityWeek, Apr 09 2019)
“…over the next two to three years, I see six economically viable and “low hanging fruit” uses for AI infused malware – all focused on optimizing efficiency in harvesting valuable data, targeting specific users, and bypassing detection technologies.”-CSO of Microsoft’s Cloud and AI Security division
5. One Month, 500,000 Face Scans: How China Is Using A.I. to Profile a Minority (- The New York Times, Apr 16 2019)
In a major ethical leap for the tech world, Chinese start-ups have built algorithms that the government uses to track members of a largely Muslim minority group.
6. Amazon Workers Are Listening to What You Tell Alexa (Bloomberg.com, Apr 16 2019)
A global team reviews audio clips in an effort to help the voice-activated assistant respond to commands.
*Cloud Security, DevOps, AppSec*
7. 122+ announcements from Google Cloud Next ‘19 (Google Cloud Blog, Apr 12 2019)
“It was a lot to digest, but we’ve boiled it down here into all the announcements from the week across infrastructure, application development, data management, smart analytics and AI, productivity, partnerships, and more.”
8. Majority of Hotel Websites Leak Guest Booking Info (Dark Reading, Apr 10 2019)
Third parties such as ad, search engine, and analytics firms often have access to guest name, address, phone numbers, credit cards and other data, Symantec says.
9. Microsoft’s Edge browser reborn after Chromium makeover (Naked Security – Sophos, Apr 15 2019)
After three years of embarrassing rejection, might Microsoft’s newly-Chromed Edge browser be on the up?
*Identity Mgt & Web Fraud*
10. Feeling Safe in the Surveillance State (The New York Times, Apr 13 2019)
In China, where facial recognition cameras are celebrated as a national triumph, many citizens convince themselves that everywhere else is filled with danger.
11. ‘Land Lordz’ Service Powers Airbnb Scams (Krebs on Security, Apr 14 2019)
“Scammers who make a living swindling Airbnb.com customers have a powerful new tool at their disposal: A software-as-a-service offering called “Land Lordz,” which helps automate the creation and management of fake Airbnb Web sites and the sending of messages to advertise the fraudulent listings.”
12. How password-less security benefits helpdesks (Help Net Security, Apr 12 2019)
Ask any helpdesk team lead about the most frequent requests from employees, and password resets will rank highest. Forrester Research determined that large organizations spend up to $1 million per year on staffing and infrastructure to handle password resets alone.
13. Security experts irked U.S. prosecutors used anti-hacking law to nab Julian Assange (Washington Post, Apr 12 2019)
A faction of lawyers and cybersecurity experts are irked by the way prosecutors used the country’s main anti-hacking law to bring charges against WikiLeaks founder Julian Assange.
14. US Government Admits It Doesn’t Know If Assange Cracked Password For Manning (Motherboard, Apr 15 2019)
An FBI agent admitted in a newly unsealed court document that the Department of Justice does not know whether Assange’s offer to help Manning came to fruition.
15. China Spying on Undersea Internet Cables (Schneier on Security, Apr 15 2019)
“Supply chain security is an insurmountably hard problem. The recent focus is on Chinese 5G equipment, but the problem is much broader. This opinion piece looks at undersea communications cables.”