The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. Hackers Tell the Story of the Twitter Attack From the Inside (The New York Times, Jul 18 2020)
Several people involved in the events that took down Twitter this week spoke with The Times, giving the first account of what happened as a pursuit of Bitcoin spun out of control.
2. Cloudflare outage on July 17, 2020 (The Cloudflare Blog, Jul 18 2020)
“…a configuration error in our backbone network caused an outage for Internet properties and Cloudflare services that lasted 27 minutes. We saw traffic drop by about 50% across our network.”
3. Microsoft Warns of a 17-Year-Old ‘Wormable’ Bug (Wired, Jul 14 2020)
The SigRed vulnerability exists in Windows DNS, used by practically every small and medium-sized organization in the world.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~15,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Does TikTok Really Pose a Risk to US National Security? (Wired, Jul 17 2020)
Concerns about the Chinese government shouldn’t be dismissed, experts say. But banning TikTok would be a drastic measure.
5. Vulnerable Cellular Routers Targeted in Latest Attacks on Israel Water Facilities (SecurityWeek, Jul 21 2020)
A threat actor believed to be working for the Iranian government recently launched another round of attacks on Israel’s water sector, and a source tells SecurityWeek that the attackers used vulnerable cellular equipment as a point of entry.
6. Stay on the Cutting Edge of Mobile Security (Dark Reading, Jul 15 2020)
Here are some of the mobile-focused Briefings, Trainings, and Arsenal tools that will be explored at Black Hat USA.
*Cloud Security, DevOps, AppSec*
7. How Hackers Changed Strategy with Cloud (Cloud Security Alliance, Jul 21 2020)
Within minutes of adding a new endpoint to the internet, a potential attacker has scanned it. A single cloud misconfiguration can put a target on your organization’s back and put your data at risk.
8. Learn and use 13 AWS security tools to implement SEC recommended protection of stored customer data in the cloud (AWS Security Blog, Jul 16 2020)
“In this post, I will introduce you to 13 key AWS tools that you can use to address different facets of data protection across different types of AWS storage services. As a structure for the post, I will explain the key findings and issues the SEC OCIE found, and will explain how these tools help you meet the toughest compliance obligations and guidance. These tools and use cases apply to other industries as well.”
9. New Attack Technique Uses Misconfigured Docker API (Dark Reading, Jul 15 2020)
A new technique builds and deploys an attack on the victim’s own system
*Identity Mgt & Web Fraud*
10. Chinese hackers stole “hundreds of millions of dollars” of secrets (Ars, Jul 21 2020)
DOJ alleges the hackers started work in 2009, hit military contractors.
11. Inside America’s Secretive $2 Billion Research Hub Collecting Fingerprints From Facebook, Hacking Smartwatches And Fighting Covid-19 (Forbes, Jul 23 2020)
Mitre Corp runs some of the U.S. government’s most hush-hush science and tech labs. The cloak-and-dagger R&D shop might just be the most important organization you’ve never heard of.
12. Twitter Breach Highlights Privileged Account Security Issue (Dark Reading, Jul 20 2020)
Security incident that allowed attackers to hijack high-profile accounts suggests social media giant’s controls for spotting insider abuse were not strong enough, security experts say.
13. COVID-19 crisis shifts cybersecurity priorities and budgets (McKinsey & Company, Jul 23 2020)
Cybersecurity technology and service providers are shifting priorities to support current needs: business continuity, remote work, and planning for transition to the next normal.
14. U.S. Accuses Pair of Trying to Steal Virus Vaccine Data for China (The New York Times, Jul 21 2020)
Two suspects in China targeted companies working on vaccines as part of a broader cybertheft campaign to enrich themselves and aid the Chinese government, officials said.
15. Women in Cybersecurity Paid 21% Less Than Men (Infosecurity Magazine, Jul 22 2020)
Although female workforce is growing, inequities remain