Best Phishing Tactic Is to Make You Think You’ve Been Hacked (Infosec. Mag., Oct 21 2019) Study finds email subject lines referencing online security are the most clicked on

In a First, FTC Bans Company From Selling ‘Stalkerware’ (VICE, Oct 22 2019) The FTC’s move comes after Motherboard revealed a hacker had repeatedly breached Retina-X and gained access to sensitive user data.

Under digital surveillance: how American schools spy on millions of kids (the Guardian, Oct 22 2019) Fueled by fears of school shootings, the market has grown rapidly for technologies that monitor students through official school emails and chats


Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


Apple’s Good Intentions on Privacy Stop at China’s Borders (Wired, Oct 17 2019) As pro-democracy protests continue in Hong Kong, the tech giant’s troubling relationship with an authoritarian regime has come into focus.

US Lawmakers Call on Apple to Reverse Hong Kong App Ban (Infosecurity Magazine, Oct 21 2019) Firm accused of becoming complicit in Chinese censorship and repression

Facebook must face $35B facial-recognition lawsuit following court ruling (Ars Technica, Oct 22 2019) Facial recognition: far from perfect, increasingly everywhere.

FIDO-Based Authentication Arrives for Smartwatches (Dark Reading, Oct 22 2019) The Nok Nok App SDK for Smart Watch is designed to let businesses implement FIDO-based authentication on smartwatches.

Attackers improving BEC skills (SC Magazine, Oct 22 2019) During this period FireEye has noted attackers are increasingly impersonating executives and attempting to involve a company’s supply chain vendors as part of the attack to make it appear as if the malicious email is a legitimate request. These tactics have been honed to a point where they are easily convincing employees to take the bait.

Georgia Supreme Court rules that collection of vehicular data requires warrant (SC Magazine, Oct 22 2019) The Georgia Supreme Court yesterday ruled that law enforcement must obtain a warrant before pulling data from an automobile as part of a crash investigation, overturning a verdict previously rendered and later upheld by lower courts.

Can License Plate Readers Really Reduce Crime? (Wired, Oct 24 2019) Flock Safety boasts that its cameras caused a dramatic drop in crime in one Georgia county, but experts say it’s not so simple.

SailPoint Buys Orkus and OverWatchID to Strengthen Cloud Access Governance (Dark Reading, Oct 16 2019) The $37.5 million acquisitions will boost SailPoint’s portfolio across all cloud platforms.

New US Privacy Bill Would Intro Jail Time for CEOs (Infosecurity Magazine, Oct 18 2019) A US senator has introduced a new privacy bill which he claims goes further than the EU’s GDPR, introducing prison sentences for culpable CEOs. Introduced by Ron Wyden, the Mind Your Own Business Act would create a national “Do Not Track” system enabling consumers to stop companies from tracking them online, selling or sharing their data, or targeting ads based on personal information.

CBP mulls facial recognition tech for body cams (SC Magazine, Oct 18 2019) The U.S. Customs and Border Patrol (CBP) is considering using facial recognition in body cameras that agents will wear in the future, sending out a request for information (RFI) on biometric options that can be used to verify identity.

Phishing scam targets users of Stripe payment processing service (SC Magazine, Oct 18 2019) Cybercriminals have devised a phishing campaign that that takes aim at customers of the online payment processing company Stripe, with the intention to steal their credentials, compromise their accounts and presumably view their payment card data.

The Washington Post’s New Columnist Consults for Spyware Firm That Helps Saudi Arabia Surveil Journalists (VICE, Oct 22 2019) The new Washington Post columnist consults for NSO Group, which is currently being sued for helping Saudi Arabia surveil Washington Post columnist Jamal Khashoggi, who was murdered.

AWS Security Profile: Ron Cully, Principal Product Manager, AWS Identity | Amazon Web Services (AWS, Oct 23 2019) “In the weeks leading up to re:Invent, we’ll share conversations we’ve had with people at AWS who will be presenting at the event so you can learn more about them and some of the interesting work that they’re doing.”

Firefox 70 lets users track online trackers (Help Net Security, Oct 23 2019) Mozilla has released Firefox 70.0, which delivers performance and power consumption improvements, helpful browser features, new options for developers and, most prominently, new security and privacy protections.

Action Fraud Snafu Leaves 9000 Cases Quarantined (Infosecurity Magazine, Oct 24 2019) Thousands of cybercrime reports sent to the UK’s centralized authority have been mistakenly identified as containing malware, meaning they were not investigated, according to a new report.

Spanish Police Arrest Three in €10m BEC Bust (Infosecurity Magazine, Oct 23 2019) Spanish police have arrested three men in connection with a €10m Business Email Compromise (BEC) ring that targeted corporate victims around the world.

Mapping Security and Privacy Research across the Decades (Schneier on Security, Oct 24 2019) “This is really interesting: “A Data-Driven Reflection on 36 Years of Security and Privacy Research,” by Aniqua Baset and Tamara Denning…Meta-research—research about research—allows us, as a community, to examine trends in our research and make informed decisions regarding the course of our future research activities. “