The Top 15 Security Posts – Vetted & Curated

*Threats & Defense*
1. LockBit Is the New Ransomware for Hire (Wired, May 03 2020)
A recent infection, which managed to plunder a company’s network within hours, demonstrates why the malware has become so prevalent.

2. How Cybercriminals are Weathering COVID-19 (Krebs on Security, Apr 30 2020)
“In many ways, the COVID-19 pandemic has been a boon to cybercriminals: With unprecedented numbers of people working from home and anxious for news about the virus outbreak, it’s hard to imagine a more target-rich environment for phishers, scammers and malware purveyors. In addition, many crooks are finding the outbreak has helped them better market their cybercriminal wares and services. But it’s not all good news: The Coronavirus also has driven up costs and disrupted key supply lines for many cybercriminals. Here’s a look at how they’re adjusting to these new realities.”

3. Brute forcing RDP credentials on the rise (SC Media, Apr 30 2020)
A huge uptick in brute force attacks designed to crack the login credentials of those using remote access tools has been detected by Kaspersky. This is particularly taking place against firms using Microsoft’s proprietary Remote Desktop Protocol (RDP).


Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share on Twitter Facebook LinkedIn


*AI, IoT, & Mobile Security*
4. Google Play has been spreading advanced Android malware for years (Ars Technica, Apr 29 2020)
Attackers behind the campaign used several effective techniques to repeatedly bypass the vetting process Google uses in an attempt to keep malicious apps out of Play. One method was to initially submit a benign version of an app and add the backdoor only after the app was accepted. Another approach was to require few or even no permissions during installation and to later request them dynamically using code hidden inside an executable file. One of the recent apps posed as a browser cleaner.

5. Google and Apple Reveal How Covid-19 Alert Apps Might Look (Wired, May 04 2020)
As contract tracing plans firm up, the tech giants are sharing new details for their framework—and a potential app interface.

6. European Virus Tracing Apps Highlight Battle for Privacy (SecurityWeek, May 05 2020)
As governments race to develop mobile tracing apps to help contain infections, attention is turning to how officials will ensure users’ privacy. The debate is especially urgent in Europe, which has been one of the hardest-hit regions in the world, with nearly 140,000 people killed by COVID-19.

*Cloud Security, DevOps, AppSec*
7. COVID-19: Cloud Threat Landscape (Palo Alto Unit42, May 05 2020)
Unit 42 researchers found 56,200+ of the newly registered domain (NRD) are hosted in one of the top four popular cloud service providers (CSPs), such as Amazon Web Services (AWS), Microsoft Azure, Google Cloud Platform (GCP), and Alibaba:

70.1% in AWS
24.6% in GCP
5.3% in Azure
<.1% in Alibaba

8. Google announces cull of low-quality, misleading Chrome extensions (Help Net Security, Apr 30 2020)
With Google Chrome being by far the most widely used web browser, Google must constantly tweak protections, rules and policies to keep malicious, unhelpful and otherwise potentially unwanted extensions out of the Chrome Web Store. The latest change of that kind has been announced for August 27th 2020, when Google plans to boot from the CWS “low-quality and misleading” Chrome extensions.

9. Understanding forwarding, peering, and private zones in Cloud DNS (Google Cloud Blog, May 01 2020)
The Domain Name System, or DNS, is one of the most foundational services of the Internet, turning human-friendly domain names into IP addresses. Often handled by specialized network engineers within an organization, DNS can feel like a black box to people who don’t deal with it often. For one, DNS terminology can be confusing, and some terms have different meanings in different parts of the cloud network (e.g. peering). But understanding how DNS works is critical, especially in a cloud environment, where you need DNS to make your applications available to enterprise users.

*Identity Mgt & Web Fraud*
10. How My Boss Monitors Me While I Work From Home (The New York Times, May 07 2020)
As we shelter in place in the pandemic, more employers are using software to track our work — and us.

11. Me on COVID-19 Contact Tracing Apps (Schneier on Security, May 01 2020)
“My problem with contact tracing apps is that they have absolutely no value,” Bruce Schneier, a privacy expert and fellow at the Berkman Klein Center for Internet & Society at Harvard University, told BuzzFeed News. “I’m not even talking about the privacy concerns, I mean the efficacy. Does anybody think this will do something useful? … This is just something governments want to do for the hell of it. To me, it’s just techies doing techie things because they don’t know what else to do.”

12. Moving from reCAPTCHA to hCaptcha (The Cloudflare Blog, May 05 2020)
“We recently migrated the CAPTCHA provider we use from Google’s reCAPTCHA to a service provided by the independent hCaptcha. Since this change potentially impacts all Cloudflare customers, we wanted to walk through the rationale in more detail.”

*CISO View*
13. Most Attacks Don’t Generate Security Alerts: Mandiant (SecurityWeek, May 05 2020)
An analysis conducted by FireEye’s Mandiant Security Validation team revealed that only a small percentage of attacks generate alerts and many intrusions are not detected by security solutions.

14. Apple’s Copyright Lawsuit Has Created a ‘Chilling Effect’ on Security Research (VICE, May 05 2020)
Security researchers are scared to buy, use, or even talk about the controversial iPhone emulation software Corellium, whose makers are in a legal battle with Apple.

15. Worldwide IT spending expected to decline 5.1% in 2020 (Help Net Security, May 06 2020)
Worldwide IT spending is now expected to decline 5.1% in constant currency terms during 2020 to $2.25 trillion, as the economic impact of the COVID-19 pandemic continues to drive down some categories of tech spending and short-term business investments, IDC reveals.