The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. Iran- and China-backed phishers try to hook the Trump and Biden campaigns (Ars Technica, Jun 08 2020)
It’s starting to feel a lot like 2016.
2. Huge Rise in Enterprise Mobile Phishing During Q1 of 2020 (Infosecurity Magazine, Jun 02 2020)
New report shows 37% rise in mobile phishing encounters in Q1 of 2020
3. Exploit code for wormable flaw on unpatched Windows devices published online (Ars Technica, Jun 06 2020)
Once elusive, remote code execution is looking increasingly likely.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. How to improve cybersecurity for artificial intelligence (Brookings Institution, Jun 09 2020)
In January 2017, a group of artificial intelligence researchers gathered at the Asilomar Conference Grounds in California and developed 23 principles for artificial intelligence, which was later dubbed the Asilomar AI Principles. The sixth principle states that “AI systems should be safe and secure throughout their operational lifetime, and verifiably so where applicable and feasible.”
5. IoT Security Is a Mess. Privacy ‘Nutrition’ Labels Could Help (Wired, Jun 09 2020)
Just like foods that display health information the package, researchers are exploring a tool that details how connected devices manage data.
6. Rethinking AI regulation by rethinking public procurement (World Economic Forum, Jun 09 2020)
Now, the public consultation on the European Commission’s White Paper coincides with the COVID-19 pandemic. AI could help in the response effort, as highlighted by UN Global Pulse. AI can be as accurate as human intelligence, save radiologists’ time and diagnose COVID-19 faster and cheaper than standard tests. For example, BenevolentAI, a UK startup, uncovered an already-approved drug as a potential treatment for COVID-19 in just 90 minutes.
*Cloud Security, DevOps, AppSec*
7. Open Source Vulnerabilities Increased By 130% in 2019 (Infosecurity Magazine, Jun 08 2020)
Open source software vulnerabilities are at historically high levels
8. Will Vote-by-App Ever Be Safe? (Dark Reading, Jun 09 2020)
Even with strong security measures, Internet voting is still vulnerable to abuse from state-sponsored actors and malicious insiders.
9. What’s new in Google Cloud firewalls (Google Cloud Blog , Jun 10 2020)
“Firewalls are an integral part of almost any IT security plan. With our native, fully distributed firewall technology, Google Cloud aims to provide the highest performance and scalability for all your enterprise workloads.
We also know that the more control and flexibility you have, the more secure you can be. With that in mind, today we’re adding some new firewall features that provide even more flexibility, control, visibility, and optimization.”
*Identity Mgt & Web Fraud*
10. Amazon Won’t Let Police Use Its Facial-Recognition Tech for One Year (Wired, Jun 10 2020)
Amid nationwide protests over police brutality, the company is stopping law enforcement from using its most controversial product.
11. Apple Releases Open Source Password Manager Resources (SecurityWeek, Jun 08 2020)
Apple has announced the availability of a series of open source tools designed to foster collaboration between password manager developers.
12. New Research: “Privacy Threats in Intimate Relationships” (Schneier on Security, Jun 05 2020)
“Those closest to us know the answers to our secret questions, have access to our devices, and can exercise coercive power over us. We survey a range of intimate relationships and describe their common features. Based on these features, we explore implications for both technical privacy design and policy, and offer design recommendations for ameliorating intimate privacy risks.”
13. Snake likely culprit behind third cyberattack that put brakes on Honda operations (SC Media, Jun 09 2020)
Parts of Honda’s global operations came to a halt after what appears to be a Snake ransomware attack, the company’s third cyber incident in 12 months. “At this time Honda Customer Service and Honda Financial Services are experiencing technical difficulties and are unavailable,” the company tweeted Monday
14. Data Security in the SaaS Age: Rethinking Data Security (Securosis Blog, Jun 03 2020)
“What we’ve been doing hasn’t worked. Not at scale anyway. We’ve got to take a step back and stop trying to solve yesterday’s problem. Protecting data by encrypting it, masking it, tokenizing it, or putting a heavy usage policy around it wasn’t the answer, for many reasons. The technology industry has rethought applications and the creation, usage, and storage of data. Thus, we security people need to rethink data security for this new SaaS reality. We must both rethink the expectations of what data security means, as well as the potential solutions. That’s what we’ll do in this blog series Data Security for the SaaS Age.”
15. Florence, Ala. Hit By Ransomware 12 Days After Being Alerted by KrebsOnSecurity (Krebs on Security, Jun 09 2020)
“In late May, KrebsOnSecurity alerted numerous officials in Florence, Ala. that their information technology systems had been infiltrated by hackers who specialize in deploying ransomware. Nevertheless, on Friday, June 5, the intruders sprang their attack, deploying ransomware and demanding nearly $300,000 worth of bitcoin. City officials now say they plan to pay the ransom demand, in hopes of keeping the personal data of their citizens off of the Internet.”