The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. U.S. Escalates Online Attacks on Russia’s Power Grid (The New York Times, Jun 15 2019)
The Trump administration is using new authority to take more aggressive digital action in a warning to Moscow and in a demonstration of its abilities.
2. The Highly Dangerous ‘Triton’ Hackers Have Probed the US Grid (Wired, Jun 14 2019)
The same hackers behind a potentially lethal 2017 oil refinery cyberattack are now sniffing at US electrical utility targets.
3. APT34 Tools Leak (Nick Hutton’s Blog, Jun 17 2019)
APT34 is an Advanced Persistent Threat group associated with the Islamic Republic of Iran. Its source code and tools were recently leaked via a Telegram channel. In addition to those tools, information was divulged about the group’s targets which included companies and governments in the United Arab Emirates, Kingdom of Saudi Arabia, China, Qatar, and Turkey among others. The “Dookhtegan” group leaking APT34’s information expressed particular animus towards the Iranian Ministry of Intelligence. As of mid-May 2019, the leaks continue via a Telegram channel.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Data, Surveillance, and the AI Arms Race (Schneier on Security, Jun 17 2019)
Since Western countries can’t or won’t reap such a comprehensive harvest of data from their citizens, China will win the AI arms race and dominate the next century. This idea makes for a compelling narrative, especially for those trying to justify surveillance — whether government- or corporate-run. But it ignores some fundamental realities about how AI works and how AI research is conducted.
5. Google Adds Two-Factor Authentication For Its Apps on iOS (Dark Reading, Jun 13 2019)
Android-based two-factor authentication now works for Google applications on iPad and iPhone.
6. Mirai tries to hook its tentacles into SD-WAN (Network World Security, Jun 14 2019)
Mirai – the software that has hijacked hundreds of thousands of internet-connected devices to launch massive DDoS attacks – now goes beyond recruiting just IoT products; it also includes code that seeks to exploit a vulnerability in corporate SD-WAN gear.
*Cloud Security, DevOps, AppSec*
7. Netflix patches Linux SACK vulnerability (SC Magazine, Jun 18 2019)
Netflix researchers uncovered several security vulnerabilities, within the TCP implementations on Linux and FreeBSD kernels. The most severe of the flaws is the SACK Panic vulnerability, which could allow an attacker to remotely induce a kernel panic within recent Linux operating systems, according to a June 17 OpenWall blog post.
8. Increasing endpoint security with the Center for Internet Security’s updated Chrome Browser Benchmark (Google Cloud Blog, Jun 18 2019)
“Many of our enterprise customers rely on the Center for Internet Security (CIS) Chrome Browser Benchmark for recommendations on which policies to configure to make Chrome Browser more secure and compliant for their environment. Over the past few months, the Google Chrome Browser security team has worked closely with CIS to launch the fully revamped CIS Benchmark 2.0 for Google Chrome Browser.”
9. The Security Pro’s Quick Comparison: AWS vs. Azure vs. GCP (Securosis Blog, Jun 12 2019)
“The problem for security professionals is that security models and controls vary widely across providers, are often poorly documented, and are completely incompatible. Anyone who tells you they can pick up on these nuances in a few weeks or months with a couple training classes is either lying or ignorant. It takes years of hands-on experience to really understand the security ins and outs of a cloud provider.”
*Identity Mgt & Web Fraud*
10. Collections Firm Behind LabCorp, Quest Breaches Files for Bankruptcy (Krebs, Jun 19 2019)
“A medical billing firm responsible for a recent eight-month data breach that exposed the personal information on nearly 20 million Americans has filed for bankruptcy, citing “enormous expenses” from notifying affected consumers and the loss of its four largest customers.”
11. Significant trends are beginning to develop in the Government ID market (Help Net Security, Jun 14 2019)
“In African nations, there is a clear focus on providing national IDs that have payment functionality, bringing financial inclusion to a largely underbanked population, and increasing commerce among countries within the IGAD trading bloc.
“In Latin America, there is a trend toward issuing smart driver’s license programs, spearheaded by Brazil, an innovative project, encompassing a smart physical credential alongside a mobile driver’s license companion. In North America, developments in Real ID in the wake of identity legislation has prompted a drive for scrupulous citizen-issued credentials.”
12. Before You Use a Password Manager (Medium, Jun 20 2019)
I cringe when I hear self-proclaimed experts implore everyone to “use a password manager for all your passwords” and “turn on two-factor…
13. The Global Hawk Drone Iran Shot Down Was a $220M Surveillance Monster (Wired, Jun 20 2019)
The Global Hawk can fly at an altitude of 55,000 feet and stay aloft for 30 hours straight.
14. This Florida city just paid hackers a huge ransom. Is that better or worse for taxpayers? (The Washington Post, Jun 21 2019)
A small Florida city paid an extraordinary $600,000 in ransom this week to hackers who had locked up the city’s computer systems — highlighting an increasingly common dilemma for city leaders across the country.
15. Five reasons “hacking back” is a recipe for cybersecurity chaos (MIT Technology Review, Jun 21 2019)
A new US bill would make it legal for private companies to chase hackers across the internet. It’s a terrible idea that simply will not die.