The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. Avast, NordVPN Breaches Tied to Phantom User Accounts — Krebs on Security (Krebs on Security, Oct 25 2019)
“Antivirus and security giant Avast and virtual private networking (VPN) software provider NordVPN each today disclosed months-long network intrusions that — while otherwise unrelated — shared a common cause: Forgotten or unknown user accounts that granted remote access to internal systems with little more than a password.”
2. Skip-2.0 backdoor malware provides ‘magic password’ to access MSSQL accounts (SC Magazine, Oct 21 2019)
Researchers revealed their discovery of what they believe to be the first publicly documented case of a backdoor targeting Microsoft SQL Server (MSSQL) databases – attributing the malware to the threat actor Winnti Group.
3. Facebook lays out plan to protect elections (WeLiveSecurity, Oct 24 2019)
The social network has also launched a new Facebook Protect feature, which adds an extra layer of security to the accounts of political figures and their staff. The feature includes mandatory two-factor authentication, and accounts using Facebook Protect will be actively monitored for hacking.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Tracking down the developer of Android adware affecting millions of users (ESET, Oct 24 2019)
ESET researchers discovered a year-long adware campaign on Google Play and tracked down its operator. The apps involved, installed eight million times, use several tricks for stealth and persistence.
5. How to reduce the risk posed by vulnerabilities in IoT/ICS networks? (Help Net Security, Oct 23 2019)
Some of the top CyberX report findings noted that these networks have outdated operating systems (71 percent of sites), use unencrypted passwords (64 percent) and lack automatic antivirus updates (66 percent).
6. How 18 Malware Apps Snuck Into Apple’s App Store (Wired, Oct 25 2019)
…the apps, which ranged from a calculator to a yoga pose repository, ran invisible ads in the background of the device, generating phony website clicks to inflate ad revenues.
*Cloud Security, DevOps, AppSec*
7. Microsoft Wins Pentagon’s $10 Billion JEDI Contract, Thwarting Amazon (NYTimes, Oct 25 2019)
Amazon was considered a front-runner for the cloud computing project before President Trump began criticizing the company’s founder, Jeff Bezos.
8. Skimming malware found on American Cancer Society’s online store (SC Magazine, Oct 28 2019)
One Magecart group decided that helping cancer victims is not enough of a reason to deter them from hitting the American Cancer Society’s online store with skimming malware.
9. 2019 State of DevOps Report chat: Security is boring when it’s working (Puppet Blog, Oct 23 2019)
Puppet’s Nigel Kersten and CircleCI’s Mike Stahnke go behind-the-scenes of the 2019 report to talk about the shift to a security-focused report and where they see these challenges heading and evolving.
*Identity Mgt & Web Fraud*
10. Balls, bats & Baby Shark: MLB authentication process is serious biz (WAPO, Oct 29 2019)
At the World Series, authenticators in both dugouts and clubhouses keep a close eye on the action.
11. Cachet Financial Reeling from MyPayrollHR Fraud (Krebs on Security, Oct 24 2019)
“When New York-based cloud payroll provider MyPayrollHR unexpectedly shuttered its doors last month and disappeared with $26 million worth of customer payroll deposits, its payment processor Cachet Financial Services ended up funding the bank accounts of MyPayrollHR client company employees anyway, graciously eating a $26 million loss which it is now suing to recover.”
12. Reality Check on the Demise of Multi-Factor Authentication (SecurityWeek, Oct 30 2019)
Forrester Research has estimated that despite increasing cyber security budgets, 80 percent of security breaches involve weak, default, stolen, or otherwise compromised privileged credentials. As a result, MFA is considered one of the primary defenses against identity-based cyber-attacks.
13. Resources for Measuring Cybersecurity (Schneier on Security, Nov 01 2019)
Kathryn Waldron at R Street has collected all of the different resources and methodologies for measuring cybersecurity.
14. The Ransomware Superhero of Normal, Illinois (ProPublica, Oct 28 2019)
Thanks to Michael Gillespie, an obscure programmer at a Nerds on Call repair store, hundreds of thousands of ransomware victims have recovered their files for free.
15. Russian Hackers Are Still Targeting the Olympics (Wired, Oct 28 2019)
Fancy Bear has attacked 16 anti-doping agencies around the world, indicating that its Olympics grudge is far from over.