The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. Microsoft Patches Windows Vuln Discovered by the NSA (Dark Reading, Jan 14 2020)
The National Security Agency is publicly acknowledged for its finding and reporting of CVE-2020-0601, marking the start of what it says is a new approach to security.
2. 52 hackers participate in ninth U.S. Department of Defense and HackerOne bug bounty program (Help Net Security, Jan 16 2020)
Through partnership with the Defense Digital Service, the U.S. Department of Defense (DoD) and HackerOne, the number one hacker-powered pentesting and bug bounty platform, announced the results of the second Army bug bounty program, ‘Hack the Army 2.0’.
3. FBI to inform election officials about hacking attempts (Naked Security – Sophos, Jan 20 2020)
The FBI has announced that it will tell local election officials when hackers try to infiltrate their systems.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. SIM Hijacking – new study shows measures aren’t helping (Schneier on Security, Jan 21 2020)
Phone companies have added security measures since this attack became popular and public, but a new study (news article) shows that the measures aren’t helping
5. Mobile Apps Sharing Personal Data Illegally, Consumer Group Claims (Infosecurity Magazine, Jan 15 2020)
Norwegian Consumer Council names dating apps Grindr, OKCupid and Tinder among offenders in damning report
6. As Justice Department Pressures Apple, Investigators Say iPhone Easier to Crack (WSJ, Jan 15 2020)
The escalation of a long-running encryption conflict between the Justice Department and Apple has puzzled security experts who say that new hacking tools have made it possible to gain access to many of the company’s devices in criminal investigations.
*Cloud Security, DevOps, AppSec*
7. What You Need to Know: AWS Monitoring, Logging, & Alerting (DisruptOps, Jan 19 2020)
“The inspiration for this post is actually a series of misunderstandings I had myself on how things worked, despite years of aws security experience and testing. Largely because I made the mistake of reading the ****ing manual (no, “near real time” for a security event is not 15 minutes).”
8. Microsoft Application Inspector: Check open source components for unwanted features (Help Net Security, Jan 17 2020)
Want to know what’s in an open source software component before you use it? Microsoft Application Inspector will tell you what it does and spots potentially unwanted features – or backdoors.
9. Snyk snags $150M investment as its valuation surpasses $1B (TechCrunch, Jan 21 2020)
Snyk, the company that wants to help developers secure their code as part of the development process, announced a $150 million investment today. The company indicated the investment brings its valuation to more than $1 billion (although it did not share the exact figure).
*Identity Mgt & Web Fraud*
10. The Company That Might End Privacy as We Know It (The New York Times, Jan 18 2020)
A little-known start-up helps law enforcement match photos of unknown people to their online images — and “might lead to a dystopian future or something,” a backer says.
11. NIST Privacy Framework 1.0: Manage privacy risk, demonstrate compliance (Help Net Security, Jan 20 2020)
The agency has just released Version 1.0 of the NIST Privacy Framework: A Tool for Improving Privacy through Enterprise Risk Management. Developed from a draft version in collaboration with a range of stakeholders, the framework provides a useful set of privacy protection strategies for organizations that wish to improve their approach to using and protecting personal data.
12. Chinese City Uses Facial Recognition to Shame Pajama Wearers (The New York Times, Jan 22 2020)
Local officials apologized, but the crackdown on a common — and comfortable — practice has raised a rare outcry over privacy in a country accustomed to surveillance.
13. How Jeff Bezos’ iPhone X Was Hacked (The New York Times, Jan 22 2020)
It most likely began with a tiny bit of code that implanted malware, which gave attackers access to Mr. Bezos’ photos and texts.
14. Apple dropped plan for encrypting backups after FBI complained (Reuters, Jan 24 2020)
Apple Inc dropped plans to let iPhone users fully encrypt backups of their devic…
15. Over half of organizations were successfully phished in 2019 (Help Net Security, Jan 24 2020)
Nearly 90 percent of global organizations were targeted with BEC and spear phishing attacks in 2019, reflecting cybercriminals’ continued focus on compromising individual end users, a Proofpoint survey reveals.