The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. BlueKeep exploitation activity seen in the wild (Kevin Beaumont, Nov 11 2019)
Back in May 2019, Microsoft released at patch for CVE-2019–0708, a Remote Desktop vulnerability I nicknamed BlueKeep — as exploitation…
2. Mac users warned that disabling all Office macros doesn’t actually disable all Office macros (Graham Cluley, Nov 07 2019)
Astonishingly, consumers and companies who believe they have protected their computers by configuring MS Office to “Disable all macros without notification” are actually opening themselves up to the possibility of being silently infected.
3. Inside the Microsoft team tracking the world’s most dangerous hackers (MIT Technology Review, Nov 11 2019)
From Russian Olympic cyberattacks to billion-dollar North Korean malware, how one tech giant monitors nation-sponsored hackers everywhere on earth.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Google creates App Defense Alliance to fight bad apps (Google, Nov 11 2019)
Announcing a partnership between Google, ESET, Lookout, and Zimperium. It’s called the App Defense Alliance and together, we’re working to stop bad apps before they reach users’ devices.
5. Evaluating the Digital Standard (New America, Nov 11 2019)
In 2018, New America’s Open Technology Institute (OTI) launched a project to educate people about the Digital Standard, a new framework for evaluating the privacy and security of internet-connected consumer products and software. The Standard was developed by a group of organizations including Ranking Digital Rights, in collaboration with Consumer Reports.
6. Facebook is secretly using your iPhone’s camera as you scroll your feed (The Next Web, Nov 12 2019)
The issue has come to light after a user going by the name Joshua Maddux took to Twitter to report the unusual behavior, which occurs in the Facebook app for iOS. In footage he shared, you can see his camera actively working in the background as he scrolls through his feed.
*Cloud Security, DevOps, AppSec*
7. Boris Johnson deepfake endorses Jeremy Corbyn for PM (Business Insider, Nov 12 2019)
Boris Johnson appeared to endorse Jeremy Corbyn for prime minister in a convincing deepfake video Business Insider
8. Bugcrowd breaks its weekly bounty payout record (SC Magazine, Nov 08 2019)
For the first time in Bugcrowd’s seven-year history it paid out more than $500,000 in bounty fees to its white hats in a one-week period. For all of October more than 550 white-hat hacker working with Bugcrowd earned $1.6 million with the top recipient taking home $40,000.
9. New Azure Security Center and Azure platform security capabilities (Microsoft Azure Blog, Nov 06 2019)
“At Microsoft Ignite we’re sharing the many new capabilities our teams have built to improve security with Azure Security Center and the Azure Platform. We have a long list of new innovations, and this blog provides our general direction and summarizes some of our favorite new features.”
*Identity Mgt & Web Fraud*
10. Court Rules Govt Can’t Search Your Phone at the Airport for No Reason (VICE, Nov 12 2019)
The ruling is a significant win for privacy rights of Americans and tourists traveling to the United States.
11. Google’s ‘Project Nightingale’ Gathers Personal Health Data on Millions of Americans (WSJ, Nov 14 2019)
Google is teaming with one of the country’s largest health-care systems on an ambitious project named “Project Nightingale” to collect and crunch detailed health information of millions of Americans across 21 states.
12. Your DNA Profile is Private? A Florida Judge Just Said Otherwise (The New York Times, Nov 14 2019)
Privacy experts say a warrant granted in Florida could set a precedent, opening up all consumer DNA sites to law enforcement agencies across the country.
13. Cybersecurity expert Alex Stamos on what scares him most about the upcoming U.S. presidential election (TechCrunch, Nov 14 2019)
In fact, in nearly every conceivable way, “responsibilities that were once clearly public sector responsibilities are now private sector responsibilities,” he told Frenkel during a later part of their discussion. He would know, having seen it first-hand.
“When I was the chief security officer at Facebook,” he told the audience, “I had a child safety team. We probably put more bad guys away than almost any law enforcement agency outside of the FBI or [Homeland Security Investigations unit] in the child safety realm. Like, there’s no local police department in the United States that put away more child predators than the Facebook child safety team. That is a crazy stat.
14. We Need a Global Standard for Reporting Cyber Attacks (Harvard Business Review, Nov 11 2019)
Regulators should be collecting a standardized data set, so we can measure the threat.
15. Breach affecting 1 million was caught only after hacker maxed out target’s storage (Ars Technica, Nov 13 2019)
Hacker’s data archive file grew so big that the target’s hard drive ran out of space.