The Top 15 Security Posts – Vetted & Curated

*Threats & Defense*
1. Hackers breached 3 US antivirus companies, researchers reveal (Ars Technica, May 09 2019)
In a report published Thursday, researchers at the threat-research company Advanced Intelligence (AdvIntel) revealed that a collective of Russian and English-speaking hackers are actively marketing the spoils of data breaches at three US-based antivirus software vendors.

2. Verizon’s data breach report: What the numbers say (WeLiveSecurity, May 13 2019)
69% of attacks are perpetrated by outsiders
39% of all attacks are perpetrated by organized criminal groups
23% of bad actors are identified as nation-state or state affiliated
43% of breaches involved small businesses victims
52% of breaches involved hacking
33% included social attacks
28% involved malware

3. Unhackable? New chip makes the computer an unsolvable puzzle (Help Net Security, May 07 2019)
A new computer processor architecture that could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete, has been developed at the University of Michigan.

8,000 Security News Articles
Since I started this curated newsletter in June 2017, I’ve clipped ~8,000 articles and narrowed them down into the best 20 per day. This is my favority way to stay abreast of the industry. Readers like you make this all worthwhile.
Thanks! – Lucas Samaras

Share on Twitter Facebook LinkedIn

*AI, IoT, & Mobile Security*
4. WhatsApp urges users to upgrade app after security breach (Reuters, May 14 2019)
Facebook’s WhatsApp said on Tuesday a security breach on its messaging app had signs of coming from a private company working on surveillance and it had referred the incident to the U.S. Department of Justice.

5. Now generally available: Android phone’s built-in security key (Google Cloud Blog, May 07 2019)
Android phone, bringing the benefits of a phishing-resistant two-factor authentication (2FA) to more than a billion users worldwide. This capability is now generally available.

6. Federal agencies are spending millions to hack into locked phones (Washington Post, May 13 2019)
A $1.2 million tab for iPhone hacking technology at U.S. Immigration and Customs Enforcement underscores how pervasively law enforcement is cracking into passcodes and other security features Americans use to keep their information private.

*Cloud Security, DevOps, AppSec*
7. Signing into Azure DevOps using your GitHub credentials (Azure DevOps Blog, May 08 2019)
“Today, we are enabling developers to sign in with their existing GitHub account to Microsoft online services, on any Microsoft log in page. Using your GitHub credentials, you can now sign in via OAuth anywhere a personal Microsoft account does, including Azure DevOps and Azure.”

8. CSS tracking trick can monitor your mouse without JavaScript (Naked Security – Sophos, May 09 2019)
A security researcher has demonstrated a new way to track mouse movements even if users block JavaScript.

9. Attacks on JavaScript Services Leak Info From Websites (Dark Reading, May 13 2019)
Three marketing tools, including the Best Of The Web security logomark, were compromised in supply chain attacks, allegedly leaving website customers leaking their users’ sensitive information.

*Identity Mgt & Web Fraud*
10. A new camera can photograph you from 45 kilometers away (MIT Tech Review, May 13 2019)
Developed in China, the lidar-based system can cut through city smog to resolve human-sized features at vast distances.

11. San Francisco Bans Facial Recognition Use by Police and the Government (VICE, May 14 2019)
The technology hub is now the first US city to have issued a moratorium on the invasive spy technology.

12. Amazon Is Losing the War on Fraudulent Sellers (Schneier on Security, May 09 2019)
“Excellent article on fraudulent seller tactics on Amazon: The most prominent black hat companies for US Amazon sellers offer ways to manipulate Amazon’s ranking system to promote products, protect accounts from disciplinary actions, and crush competitors. Sometimes, these black hat companies bribe corporate Amazon employees to leak information from the company’s wiki pages and business reports, which they then resell to marketplace sellers for steep prices.”

*CISO View*
13. A Cisco Router Bug Has Massive Global Implications (Wired, May 13 2019)
Researchers have discovered a way to break one of Cisco’s most critical security features, which puts countless networks at potential risk.

14. Feds charge Chinese national in 2015 breach of health insurer Anthem (Ars Technica, May 09 2019)
Federal prosecutors have indicted a Chinese national they say carried out sophisticated network intrusions on four US companies, including one on health insurer Anthem that stole personal information belonging to close to 80 million people.

15. Another Intel Chip Flaw (Schneier on Security, May 16 2019)
Remember the Spectre and Meltdown attacks from last year? They were a new class of attacks against complex CPUs, finding subliminal channels in optimization techniques that allow hackers to steal information. Since their discovery, researchers have found additional similar vulnerabilities. A whole bunch more have just been discovered.