The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. USCYBERCOM Shares More North Korean Malware Samples (SecurityWeek, Feb 15 2020)
The U.S. Cyber Command (USCYBERCOM) has uploaded new malware samples to VirusTotal, all of which the Command has attributed to the North Korea-linked threat group Lazarus.
2. Emotet: Crimeware you need to be aware of (Help Net Security, Feb 12 2020)
According to the U.S. Department of Homeland Security, Emotet continues to be among the most costly and destructive malware threats affecting state, local, and territorial governments and its impact is felt across both the private and public sectors.
3. Mac Adware Infections Increased by 400% in 2019 (VICE, Feb 14 2020)
According to a report by an anti-malware software vendor Malwarebytes, Mac adware infections rose by 400 percent year-over-year.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Justice Dept. expands Huawei indictment, charging 5G espionage (SC Media, Feb 14 2020)
The U.S. government expanded its year-old lawsuit against Chinese tech firm Huawei, alleging the company conducted cyber espionage on six American competitors in an attempt to steal trade secrets to gain an unfair advantage.
5. Sloppy’ Mobile Voting App Used in Four States Has ‘Elementary’ Security Flaws (VICE, Feb 13 2020)
MIT researchers say an attacker could intercept and alter votes, while making voters think their votes have been cast correctly, or trick the votes server into accepting connections from an attacker.
6. Google Play Protect Scans 100 Billion Android Apps Daily (SecurityWeek, Feb 12 2020)
Google Play Protect now scans over 100 billion applications on Android devices daily, according to new figures disclosed by Google this week.
*Cloud Security, DevOps, AppSec*
7. Your Cloud Journeys is Unique, but Not Unknown (Securosis Blog, Feb 18 2020)
“This is the first post in a new series, our “Network Operations and Security Professionals’ Guide to Managing Public Cloud Journeys”, which we will release as a white paper after we complete the draft and have some time for public feedback.”
8. Exploring Container Security: Run what you trust; isolate what you don’t (Google Cloud Blog, Feb 12 2020)
Many of the vulnerabilities we saw in 2019 compromised the container supply chain or escalated privileges through another overly-trusted component. It’s important that you trust what you run, and that you apply defense-in-depth principles to your containers. To help you do this, Shielded GKE Nodes is now generally available, and will be followed shortly by the general availability of Workload Identity–a way to authenticate your GKE applications to other Google Cloud services that follows best practice security principles like defense-in-depth.
9. Google pulls 500 malicious Chrome extensions after researcher tip-off (Naked Security – Sophos, Feb 17 2020)
Google has abruptly pulled over 500 Chrome extensions from its Web Store that researchers discovered were stealing browsing data and executing click fraud and malvertising.
*Identity Mgt & Web Fraud*
10. How Big Companies Buy Credit Card Data on Millions of Americans (VICE, Feb 19 2020)
Yodlee, America’s largest financial data broker, says the data it sells it is anonymous. A confidential document obtained by Motherboard shows people could be unmasked in the data.
11. 500 Chrome extensions secretly uploaded private data from millions of users (Ars Technica, Feb 13 2020)
Extensions were part of a long-running ad-fraud and malvertising network.
12. UCLA Abandons Plans to Use Facial Recognition After Backlash (VICE, Feb 19 2020)
“Let this be a lesson to other school administrators: if you try to experiment on your campus with racist, invasive surveillance technology, we will come for you. And we don’t lose.”
13. Hackers Were Inside Citrix for Five Months (Krebs on Security, Feb 19 2020)
“Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.”
14. US natural gas operator shuts down for 2 days after being infected by ransomware (Ars Technica, Feb 18 2020)
Infection spread to site’s OT network that monitors and controls physical processes.
15. The US Blames Russia’s GRU for Sweeping Cyberattacks in Georgia (Wired, Feb 20 2020)
By calling out Russia for digital assaults on its neighboring country, the US hopes to head off similar efforts at home.