The Top 15 Security Posts – Vetted & Curated

*Threats & Defense*
1. Meet Cliff Stoll, the Mad Scientist Who Invented the Art of Hunting Hackers (Wired, Dec 18 2019)
Thirty years ago, Cliff Stoll published The Cuckoo’s Egg, a book about his cat-and-mouse game with a KGB-sponsored hacker. Today, the internet is a far darker place—and Stoll has become a cybersecurity icon.

2. Webroot’s Listing of the ‘Nastiest’ Malware of 2019 (eWEEK, Dec 21 2019)
From zombie botnets to insidious email infiltrators, here are the top malware threats to hit us in 2019, according to Webroot.

3. Worried About Magecart? Here’s How to Check for It (Dark Reading, Dec 18 2019)
Researchers share how everyday users can check for malicious code on e-commerce websites.


Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share on Twitter Facebook LinkedIn


*AI, IoT, & Mobile Security*
4. Smartphone location data can be used to identify and track anyone (NYTimes, Dec 23 2019)
In today’s smartphone economy, hiding your location has become a major challenge.

5. The Pentagon’s AI Chief Prepares for Battle (Wired, Dec 18 2019)
Lt. Gen. Jack Shanahan doesn’t want killer robots—but he does want artificial intelligence to occupy a central role in warfighting.

6. Facebook removes accounts with AI-generated profile photos (Ars Technica, Dec 23 2019)
Likely the first use of AI to support an inauthentic social media campaign.

*Cloud Security, DevOps, AppSec*
7. Apple Kicks Off Public Bug Bounty Program (SecurityWeek, Dec 20 2019)
Apple this week kicked off its public bug bounty program, just over four months after announcing it officially at the Black Hat cybersecurity conference in Las Vegas.

8. Google Promises Upfront Financial Help for Securing Open Source Projects (SecurityWeek, Dec 20 2019)
Six years into running the Patch Rewards Program to help improve the security of open source projects, Google has decided to provide upfront financial support for such initiatives.

9. Google Details Its Zero-Trust Architecture. Can Enterprises Use It? (IT Pro, Dec 18 2019)
While large enterprises will already have many of the needed security tools, copying Google’s approach can be very complicated, Hatch said. “The complexities of large-scale infrastructure and applications can’t be resolved with a magic Band-Aid in short order.” A unified platform is needed to bring all the pieces together.

*Identity Mgt & Web Fraud*
10. What does your car know about you? We hacked a Chevy… (Washington Post, Dec 24 2019)
Our privacy experiment found hundreds of sensors and an always-on Internet connection. Driving surveillance is becoming very hard to avoid.

11. Ambiguity Around CCPA Will Lead to a Slow Start in 2020 (Dark Reading, Dec 20 2019)
But longer term, compliance to California’s new privacy law represents an opportunity for companies to increase customer trust and market share.

12. Google Cloud: Supporting our customers with the California Consumer Privacy Act (CCPA) (Google Cloud Blog, Dec 20 2019)
Businesses that collect California residents’ personal information and meet certain thresholds (for example, revenue) will need to comply with these obligations.

*CISO View*
13. Wawa Stores Plagued by Malware Since March (Infosecurity Magazine, Dec 20 2019)
Malware has been stealing credit card info from Wawa customers for 9 months

14. F5 Pays $1 Billion for Shape (Dark Reading, Dec 20 2019)
The acquisition adds fraud detection and prevention to the application delivery company’s tool collection.

15. Cybersecurity Experts Are Leaving the Federal Government. That’s a Problem. (NY Times, Dec 20 2019)
Cybersecurity Experts Are Leaving the Federal Government. That’s a Problem.  The New York Times