The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. Anatomy of a ransomware attack: How attackers gain access to unstructured data (Help Net Security, Jun 27 2019)
Let’s walk through a typical ransomware attack to understand how attackers gain access to your company’s most valuable asset: unstructured data.
2. MageCart Launches Customizable Campaign (Dark Reading, Jun 28 2019)
A tool new to MageCart bolsters the group’s ability to evade detection and steal data.
3. Threat Actor Poisons OpenPGP Certificates (SecurityWeek, Jul 01 2019)
Poisoned certificates are in the OpenPGP SKS keyserver network after an unknown threat actor targeted the OpenPGP certificates of two high-profile community contributors.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. China Is Forcing Tourists to Install Text-Stealing Malware at its Border (VICE, Jul 02 2019)
The malware downloads a tourist’s text messages, calendar entries, and phone logs, as well as scans the device for over 70,000 different files.
5. Tracing the Supply Chain Attack on Android — Krebs on Security (Krebs on Security, Jul 01 2019)
“Earlier this month, Google disclosed that a supply chain attack by one of its vendors resulted in malicious software being pre-installed on millions of new budget Android devices. Google didn’t exactly name those responsible, but said it believes the offending vendor uses the nicknames “Yehuo” or “Blazefire.” What follows is a deep dive into the identity of that Chinese vendor, which appears to have a long and storied history of pushing the envelope on mobile malware.”
6. Creator of DeepNude, App That Undresses Photos of Women, Takes It Offline (VICE, Jun 27 2019)
An app that algorithmically “undressed” images of women was taken down by its creator, citing server overload and potential harms.
*Cloud Security, DevOps, AppSec*
7. Top 10 Security Blog posts in 2019 so far (AWS Security Blog, Jul 01 2019)
The top 10 posts from 2019 based on page views
– How to automate SAML federation to multiple AWS accounts from Microsoft Azure Active Directory
– How to centralize and automate IAM policy creation in sandbox, development, and test environments
– AWS awarded PROTECTED certification in Australia
– Setting permissions to enable accounts for upcoming AWS Regions
– How to use service control policies to set permission guardrails across accounts in your AWS Organization
– Alerting, monitoring, and reporting for PCI-DSS awareness with Amazon Elasticsearch Service and AWS Lambda
– Updated whitepaper now available: Aligning to the NIST Cybersecurity Framework in the AWS Cloud
– How to visualize Amazon GuardDuty findings: serverless edition
– Guidelines for protecting your AWS account while using programmatic access
– How to quickly find and update your access keys, password, and MFA setting using the AWS Management Console
8. Provider of Data Integration Services for Fortune 100 Firms Exposed Sensitive Files (SecurityWeek, Jun 28 2019)
Attunity, a Qlik-owned data integration and big data management company whose solutions are used by over 2,000 enterprises and half of the Fortune 100 firms, exposed a significant amount of sensitive data through unprotected Amazon S3 buckets.
9. How Hackers Infiltrate Open Source Projects (Dark Reading, Jun 27 2019)
The dependency trees of modern software-development make smaller open-source projects vulnerable to hackers sabotaging code.
*Identity Mgt & Web Fraud*
10. Amazon confirms it keeps your Alexa recordings basically forever (Ars, Jul 03 2019)
The recordings, and their transcripts, never expire automatically.
11. A Second U.S. City Has Banned Facial Recognition (VICE, Jun 27 2019)
Somerville, which neighbors Cambridge, Massachusetts, just joined San Francisco in banning the use of facial recognition.
12. Mozilla’s bizarre robo-surfer project demonstrates ad snooping (Naked Security – Sophos, Jun 28 2019)
In an effort to show you how advertisers snoop on your surfing activity, Mozilla is offering you the chance to pretend that you’re someone else.
13. To Pay or Not To Pay? That Is the (Ransomware) Question (Dark Reading, Jul 01 2019)
From Albany, New York, to Atlanta, Georgia, to Del Rio, Texas, cities across the US have been hit with ransomware attacks.
14. Cloudflare outage caused by bad software deploy (updated) (The Cloudflare Blog, Jul 05 2019)
“For about 30 minutes today, visitors to Cloudflare sites received 502 errors caused by a massive spike in CPU utilization on our network. This CPU spike was caused by a bad software deploy that was rolled back. Once rolled back the service returned to normal operation and all domains using Cloudflare returned to normal traffic levels.
15. Broadcom in Talks to Acquire Symantec in $15 Billion Deal: Reports (SecurityWeek, Jul 03 2019)
Chipmaker Broadcom is in advanced talks to acquire cybersecurity giant Symantec in a deal that could exceed $15 billion, according to several news outlets.