The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. FireEye Spotted Over 500 New Malware Families in 2019 (SecurityWeek, Feb 21 2020)
FireEye’s incident response division Mandiant observed more than 500 new malware families last year, the company revealed in its M-Trends 2020 report released this week.
2. Iranian Hackers Backdoored VPNs Via One-Day Bugs (Infosecurity Magazine, Feb 18 2020)
Fox Kitten hackers quick to exploit breaking flaws in VPN systems
3. Hundreds of Millions of PC Components Still Have Hackable Firmware (Wired, Feb 18 2020)
The lax security of supply chain firmware has been a known concern for years—with precious little progress being made.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Mobile Security Index 2020 (Verizon Enterprise, Feb 25 2020)
“This is the third edition of the MSI, and each year we’ve seen the number of companies admitting to suffering a mobile- related compromise grow. How much of this can be attributed to increased activity and improved success rates of cybercriminals, or companies becoming more aware of when a mobile device is involved, we don’t know for sure. But our data suggests that each played a part in the increase.”
5. Researchers Fool Smart Car Camera with a 2-Inch Piece of Electrical Tape (Dark Reading, Feb 19 2020)
Operators of some older Tesla vehicles might be surprised to learn that a single piece of two-inch black electrical tape is all it takes to trick the camera sensor in their cars into misinterpreting a 35-mph speed sign as an 85-mph sign.
6. SECURITI.ai Wins RSA Conference 2020 Innovation Sandbox Contest (SecurityWeek, Feb 24 2020)
Privacy compliance solutions provider SECURITI.ai has won the title of ‘Most Innovative Startup’ at the RSA Conference 2020 Innovation Sandbox contest that took place on Monday.
*Cloud Security, DevOps, AppSec*
7. All About SASE: What It Is, Why It’s Here, How to Use It (Dark Reading, Feb 22 2020)
Secure Access Service Edge is a new name for a known and growing architecture designed to strengthen security in cloud environments.
8. Google Cloud Security: continuing to give good the advantage (Google Cloud Blog, Feb 24 2020)
New capabilities that offer security wherever our customers’ systems and data may reside, including threat detection and timeline capabilities in Chronicle, threat response integration between Chronicle and Palo Alto Networks’ Cortex XSOAR, and online fraud prevention services.
9. Defining the Journey—the Four Cloud Adoption Patterns (Securosis Blog, Feb 20 2020)
“This is the second post in our series, “Network Operations and Security Professionals’ Guide to Managing Public Cloud Journeys”…”
*Identity Mgt & Web Fraud*
10. FBI recommends passphrases over password complexity (ZDNet, Feb 24 2020)
Longer passwords, even consisting of simpler words or constructs, are better than short passwords with special characters.
11. What’s next in making Encrypted DNS-over-HTTPS the Default – Future Releases (Mozilla blog, Feb 25 2020)
More than 70,000 users have already chosen on their own to explicitly enable DoH in Firefox Release edition. We are close to releasing DoH in the USA, and we have a few updates to share.
12. Gartner Says Over 40% of Privacy Compliance Technology Will Rely on Artificial Intelligence in the Next Three Years (Gartner, Feb 25 2020)
“More than 60 jurisdictions around the world have proposed or are drafting postmodern privacy and data protection laws as a result. Canada, for example, is looking to modernize their Personal Information Protection and Electronic Documents Act (PIPEDA), in part to maintain the adequacy standing with the EU post-GDPR.”
13. RSA 2020: Equifax CISO touts company’s transparency it as seeks breach redemption (SC Media, Feb 27 2020)
Fresh off a financial settlement over its 2017 data breach that affected roughly half the U.S. population, Equifax is forging ahead with a $1 billion-plus investment in a new security plan — and CISO Jamil Farshchi was eager to tout the credit reporting agency’s progress so far in a session this week at the RSA Conference in San Francisco.
14. ENISA publishes procurement guidelines for cybersecurity in hospitals (Help Net Security, Feb 25 2020)
The EU Agency for Cybersecurity (ENISA) published a cybersecurity procurement guide for hospitals.
15. KPMG on Key Cybersecurity Considerations for 2020 (SecurityWeek, Feb 25 2020)
In its 2020 annual cyber considerations report, KPMG highlights six major cybersecurity trends and requirements that should occupy the minds of enterprises over the next 12 months. These trends come from interactions with its major clients.