The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. Intelligence Agencies Share Web Shell Detection Techniques (SecurityWeek, Apr 26 2020)
The United Sates National Security Agency (NSA) and the Australian Signals Directorate (ASD) have issued a joint Cybersecurity Information Sheet (CSI) that provides details on vulnerabilities exploited by threat actors to install web shell malware on web servers.
2. Remote workers’ lack of corporate firewalls blamed for rise in malicious device activity (SC Media, Apr 21 2020)
Since the coronavirus pandemic forced companies to enact sweeping work-from-home policies, the number of organizations whose devices have been compromised and forced to engage in malicious activity have at least doubled, according to new research released today.
3. Google Sees State-Sponsored Hackers Ramping Up Coronavirus Attacks (Wired, Apr 22 2020)
More than 12 government-backed groups are using the pandemic as cover for digital reconnaissance and espionage, according to a new report.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. That no-click iOS 0-day reported to be under exploit doesn’t exist (Ars Technica, Apr 24 2020)
Apple says…and other critics also question evidence and say 0day may have been confused with simple bug.
5. Researchers Say They Caught an iPhone Zero-Day Hack in the Wild (VICE, Apr 22 2020)
The attack shows, once again, that iPhones can be hacked. But there’s no reason to panic yet.
6. Chinese Threat Actor Targets Uyghurs With New iOS Exploit (SecurityWeek, Apr 23 2020)
A Chinese threat actor tracked as Evil Eye has updated the tools it uses to target Uyghurs, a minority Turkic ethnic group in the Xinjiang Uyghur Autonomous Region in Northwest China, incident response and threat intelligence firm Volexity reports.
*Cloud Security, DevOps, AppSec*
7. Twitter turns off SMS-based tweeting in most countries (Sophos, Apr 29 2020)
Buh-bye, original way of tweeting. Twitter said it’s to keep our accounts safe, referring to unspecified SMS-enabled vulnerabilities.
8. IAM Access Analyzer flags unintended access to S3 buckets shared through access points (AWS Security Blog, Apr 27 2020)
To help you identify buckets that can be accessed publicly or from other AWS accounts or organizations, AWS Identity and Access Management (IAM) Access Analyzer mathematically analyzes resource policies. Now, Access Analyzer analyzes access point policies in addition to bucket policies and bucket ACLs. This helps you find unintended access to S3 buckets that use access points.
9. Improving your security posture with centralized secrets management (Google Cloud Blog, Apr 28 2020)
One of the biggest advantages of a centralized secrets management solution is mitigating secret sprawl. Without a centralized solution, secrets–like API keys, certificates, and database passwords–often end up committed to a source repository, saved on a corporate wiki page, or even written on a piece of paper. When secrets are sprawled like this, you lose the ability to easily audit and control access to their values, allowing an attacker to move undetected throughout a system, as has happened in several recent data breaches.
*Identity Mgt & Web Fraud*
10. Global Surveillance in the Wake of COVID-19 (Schneier on Security, Apr 24 2020)
“OneZero is tracking thirty countries around the world who are implementing surveillance programs in the wake of COVID-19: The most common form of surveillance implemented to battle the pandemic is the use of smartphone location data, which can track population-level movement down to enforcing individual quarantines. Some governments are making apps that offer coronavirus health information, while also sharing location…”
11. Unproven Coronavirus Therapy Proves Cash Cow for Shadow Pharmacies (Krebs on Security, Apr 24 2020)
“Many of the same shadowy organizations …via spam and hacked websites recently have enjoyed a surge in demand for medicines used to fight malaria, lupus and arthritis, thanks largely to unfounded suggestions that these therapies can help combat the COVID-19 pandemic.”
12. Cyber-Criminals Increasingly Using Official reCAPTCHA Walls in Phishing Attacks (Infosecurity Magazine, Apr 30 2020)
New research from Barracuda Networks has revealed that cyber-criminals are increasingly using official reCAPTCHA walls to disguise malicious content from email security systems and trick unsuspecting users.
13. The battle against ransomware: Lessons from the front lines (Help Net Security, Apr 28 2020)
“Ransomware is arguably the most significant cybercrime innovation in recent history. The ransomware business model is so effective that it is now the most common and devastating threat to organizations of all sizes. As a provider of cyber insurance, we have the misfortune of responding to ransomware attacks across tens of thousands of organizations, and the trends are worrying.”
14. The Covid-19 Pandemic Reveals Ransomware’s Long Game (Wired, Apr 28 2020)
Hackers laid the groundwork months ago for attacks. Now they’re flipping the switch.
15. Third-party compliance risk could become a bigger problem (Help Net Security, Apr 27 2020)
Since the onset of COVID-19, more than half of legal and compliance leaders believe that cybersecurity and data breach is the most-increased third-party risk their organizations face, according to Gartner.