The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. Hackers Broke Into Real News Sites to Plant Fake Stories (Wired, Jul 29 2020)
A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO.
2. From Minecraft Tricks to Twitter Hack: A Florida Teen’s Troubled Online Path (The New York Times, Aug 03 2020)
The teenage “mastermind” of the recent Twitter breach, who had a difficult family life, poured his energy into video games and cryptocurrency.
3. Ohio Researcher Admits Selling Secrets to China (Infosecurity Magazine, Jul 31 2020)
Chen and her husband, alleged co-conspirator Yu Zhou, 49, worked in separate medical research labs at the Nationwide Children’s Hospital’s Research Institute for 10 years each (Zhou from 2007 until 2017 and Chen from 2008 until 2018).
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. China Is What Orwell Feared (The Atlantic, Jul 29 2020)
Xi Jinping is using artificial intelligence to enhance his government’s totalitarian control—and he’s exporting this technology to regimes around the globe.
5. BlackBerry Phone Cracked (Schneier on Security, Aug 03 2020)
“Australia is reporting that a BlackBerry device has been cracked after five years:
An encrypted BlackBerry device that was cracked five years after it was first seized by police is poised to be the key piece of evidence in one of the state’s longest-running drug importation investigations.
In April, new technology “capabilities” allowed authorities to probe the encrypted device….”
6. How One Company Collected Browsing Data Via Android Apps (VICE, Jul 31 2020)
“Not even Facebook” has this granularity of data, one employee of Ogury said in an email obtained by Motherboard.
*Cloud Security, DevOps, AppSec*
7. Microsoft Paid Out ~$14M via Bug Bounty Programs in Past Year (SecurityWeek, Aug 04 2020)
Microsoft reported on Tuesday that it paid out roughly $13.7 million through its bug bounty programs between July 1, 2019, and June 30, 2020.
8. Google Adds Security Updates to Chrome Autofill (Dark Reading, Jul 30 2020)
Chrome users can retrieve payment card numbers via biometric authentication and use a new “touch-to-fill: feature to log in to accounts.
9. New Open Source Security Foundation wants to improve open source software security (Help Net Security, Aug 03 2020)
The Linux Foundation announced the formation of the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together leaders to improve the security of open source software (OSS) by building a broader community with targeted initiatives and best practices.
*Identity Mgt & Web Fraud*
10. How the NSA Says You Can Limit Location Data Exposure (VICE, Aug 04 2020)
The mitigations are designed for government officials, but the advice itself can be useful for many more people.
11. Data isn’t just being collected from your phone. It’s being used to score you. (Washington Post, Aug 01 2020)
It’s called surveillance scoring. And everybody’s doing it.
12. Facial Recognition’s Next Big Play: the Sports Stadium (WSJ, Aug 02 2020)
Los Angeles Football Club wants to “move everything to face,” while the New York Mets are testing the system on players and staff.
13. 2019 Breach Leads to $80 Million Fine for Capital One (Dark Reading, Aug 06 2020)
The fine is part of a series of steps required by the Office of the Comptroller of the Currency.
14. Trump Targets WeChat and TikTok, in Sharp Escalation With China (The New York Times, Aug 07 2020)
The government cited national security concerns in announcing sweeping restrictions on two popular Chinese social media networks, a move that is likely to be met with retaliation.
15. More than 20GB of Intel source code and proprietary data dumped online (Ars Technica, Aug 06 2020)
“Exconfidential Lake” leak includes docs Intel provided under NDA as recently as May.