15 Bullet Friday – The Best Security News of the Week – 2019.05.10

The Top 15 Security Posts – Vetted & Curated

*Threats & Defense*
1. Defending Democracies Against Information Attacks (Schneier on Security, Apr 30 2019)
“In this short paper, we undertake a more modest task: providing policy advice to improve the resilience of democracy against these attacks. Specifically, we can show how policy makers not only need to think about how to strengthen systems against attacks, but also need to consider how these efforts intersect with public beliefs­ — or common political knowledge­ — about these systems, since public beliefs may themselves be an important vector for attacks.”

2. Someone Is Hacking GitHub Repositories and Holding Code Ransom (VICE US, May 03 2019)
Hackers are trying a novel approach to extort developers of some money.

3. A cyberattack just disrupted grid operations in the U.S. But it could have been far worse. (Washington Post, May 06 2019)
It raised concerns about the potential for a far more powerful attack.

8,000 Security News Articles
Since I started this curated newsletter in June 2017, I’ve clipped ~8,000 articles and narrowed them down into the best 20 per day. This is my favority way to stay abreast of the industry. Readers like you make this all worthwhile.
Thanks! – Lucas Samaras

Share on Twitter Facebook LinkedIn

*AI, IoT, & Mobile Security*
4. Half a face enough for recognition technology (ScienceDaily, May 01 2019)
Facial recognition technology works even when only half a face is visible, researchers have found.

5. Millions of consumer smart devices exposed by serious security flaw (Naked Security – Sophos, May 01 2019)
This IoT software flaw could render millions of consumer devices, including baby monitors and webcams, open to remote discovery and hijack.

6. Verizon, T-Mobile, Sprint, and AT&T Hit With Class Action Lawsuit Over Selling Customers’ Location Data (VICE, May 04 2019)
The lawsuits come after a Motherboard investigation showed AT&T, Sprint, and T-Mobile sold phone location data that ended up with bounty hunters, and The New York Times covered an instance of Verizon selling data.

*Cloud Security, DevOps, AppSec*
7. Principles and best practices for data governance in the cloud (Google, May 02 2019)
Every enterprise should think about the entire data governance lifecycle, including data intake and ingestion, cataloging, persistence, retention, storage management, sharing, archiving, backup, recovery, disposition, and removal and deletion.

8. Password Reuse, Misconfiguration Blamed for Repository Compromises (Dark Reading, May 06 2019)
Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers’ repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.

9. On Security Tokens (Schneier on Security, May 01 2019)
“Mark Risher of Google extols the virtues of security keys: I’ll say it again for the people in the back: with Security Keys, instead of the *user* needing to verify the site, the *site* has to prove itself to the key. Good security these days is about human factors; we have to take the onus off of the user as much as we can. Furthermore, this “proof” from the site to the key is only permitted over close physical proximity (like USB, NFC, or Bluetooth). Unless the phisher is in the same room as the victim, they can’t gain access to the second factor.”

*Identity Mgt & Web Fraud*
10. Google Prepares to Launch New Privacy Tools to Limit Cookies (WSJ, May 07 2019)
Google is set to unveil a new way to limit the use of browser-tracking cookies, a move that could strengthen the search giant’s advertising dominance and deal a blow to other digital-marketing companies.

11. Facebook deletes more accounts linked to Russia (Reuters, May 07 2019)
Facebook Inc said on Monday it had removed multiple pages, groups and accounts linked mostly to Russia that were used to spread misleading information on the social network and its Instagram service.

12. Google offers auto-delete option for location, web tracking history (Help Net Security, May 03 2019)
Google has added a control option to users’ accounts that will allow them to instruct the company to auto-delete their location history, browsing and search data once a certain length of time has passed.

*CISO View*
13. Verizon Publishes 2019 Data Breach Investigations Report (#DBIR) (SecurityWeek, May 08 2019)
A must read for security pros.

14. How Chinese Spies Got the N.S.A.’s Hacking Tools, and Used Them for Attacks (NY Times, May 06 2019)
Chinese intelligence agents acquired National Security Agency hacking tools and repurposed them in 2016 to attack American allies and private companies in Europe and Asia, a leading cybersecurity firm has discovered. The episode is the latest evidence that the United States has lost control of key parts of its cybersecurity arsenal.

15. A New Era of Warfare Begins as Cyberattack Leads to Airstrikes (Gizmodo, May 06 2019)
For the first time ever, a government announced publicly that it had used immediate lethal physical force in response to a cyberattack. Israeli military officials announced on Sunday that it launched air strikes to respond to an alleged “Hamas cyber offensive against Israeli targets.”

Share on facebook
Share on twitter
Share on linkedin