The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. Small Business Is Big Target for Ransomware (Dark Reading, Apr 16 2020)
Small businesses are being hit by ransomware, and a majority are paying up to get their data back.
2. DHS Issues Alert for New North Korean Cybercrime (Dark Reading, Apr 15 2020)
Cyber actors from North Korea’s intelligence agencies are launching new attacks on financial targets, including hacks for hire on the open market.
3. New Cloudflare tool can tell you if your ISP has deployed BGP fixes (Ars Technica, Apr 19 2020)
“Is BGP Safe Yet” names and shames ISPs who don’t tend to their routing.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Leveraging AI to Battle This Pandemic — And The Next One (Harvard Business, Apr 20 2020)
Using multiple sources of data, machine-learning models would be trained to measure an individual’s clinical risk of suffering severe outcomes (if infected with Covid): what is the probability they will need intensive care, for which there are limited resources? How likely is it that they will die? The data could include individuals’ basic medical histories (for Covid-19, the severity of the symptoms seems to increase with age and with the presence of co-morbidities such as diabetes or hypertension) as well as other data, such as household composition.
5. 2 billion phones cannot use Google and Apple contact-tracing tech (Ars Technica, Apr 20 2020)
System developed by Silicon Valley relies on technology missing from older handsets.
6. Clearview AI source code, facial recognition apps, data exposed (SC Media, Apr 21 2020)
In a familiar refrain, a cloud data bucket was left open, but this time the stakes were high – a misconfigured server exposed the source code, copies of its facial recognition apps as well as private data at controversial startup Clearview AI, which gained unwanted notoriety earlier this year for obtaining billions of photos by scraping the…
*Cloud Security, DevOps, AppSec*
7. SBA Reports Data Breach in Disaster Loan Application Website (SecurityWeek, Apr 22 2020)
Thousands of small business owners reeling from the aggressive measures taken to halt the spread of the coronavirus may have had their personal information exposed last month on a government website that handles disaster loan applications.
8. Protecting businesses against cyber threats during COVID-19 and beyond (Google Cloud Blog, Apr 16 2020)
No matter the size of your business, IT teams are facing increased pressure to navigate the challenges of COVID-19. At the same time, some things remain constant: Security is at the top of the priority list, and phishing is still one of the most effective methods that attackers use to compromise accounts and gain access to company data and resources. In fact, bad actors are creating new attacks and scams every day that attempt to take advantage of the fear and uncertainty surrounding the pandemic.
9. #COVID19 Tracing App Leaks User Data (Infosecurity Magazine, Apr 21 2020)
Dutch app in privacy snafu as source code is posted online
*Identity Mgt & Web Fraud*
10. Apple and Google Respond to Covid-19 Contact Tracing Concerns (Wired, Apr 17 2020)
Apple and Google’s Bluetooth-based system isn’t perfect. But many of the biggest concerns have solutions.
11. ‘Pure Hell for Victims’ as Stimulus Programs Draw a Flood of Scammers (New York Times, Apr 23 2020)
Trillions of dollars in stimulus funds have created a rush among criminals to take the money from those who need it the most.
12. Keep your teams working safely with BeyondCorp Remote Access (Google Cloud Blog, Apr 20 2020)
“To help customers solve this problem and get their workers the access they need, today, we’re introducing BeyondCorp Remote Access. This cloud solution—based on the zero-trust approach we’ve used internally for almost a decade—lets your employees and extended workforce access internal web apps from virtually any device, anywhere, without a traditional remote-access VPN. Over time, we plan to offer the same capability, control, and additional protections for virtually any application or resource a user needs to access.”
13. US Ransomware Attacks Plummet (Infosecurity Magazine, Apr 21 2020)
Ransomware attacks on the United States have dropped to a level “not seen in years”
14. Studying How Cybercriminals Prey on the COVID-19 Pandemic (Palo Alto Unit42, Apr 24 2020)
Cybercriminals are preying on consumers by creating new coronavirus-related domain names to launch scams and attacks.
15. Instacart Sends Cease-and-Desist to Website That Automatically Placed Orders (VICE, Apr 23 2020)
During the pandemic, multiple developers have created tools that let users automatically grab delivery slots, letting them secure food before others.