The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. US Federal Agency Compromised by Cyber-Actor (Infosecurity Magazine, Sep 25 2020)
Criminals gain access to unnamed federal agency using Microsoft Office 365 log-in
2. NSA Issues Cybersecurity Guidance for Remote Workers, System Admins (SecurityWeek, Sep 21 2020)
The National Security Agency (NSA) has published two cybersecurity information sheets (CSIs) with recommendations for National Security System (NSS) and Department of Defense (DoD) workers and system administrators on securing networks and responding to incidents during the work-from-home period.
3. Ransomware Attacks Take On New Urgency Ahead of Vote (The New York Times, Sep 28 2020)
Attacks against small towns, big cities and the contractors who run their voting systems have federal officials fearing that hackers will try to sow chaos around the election.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Security software for autonomous vehicles (ScienceDaily, Sep 16 2020)
Before autonomous vehicles participate in road traffic, they must demonstrate conclusively that they do not pose a danger to others. New software prevents accidents by predicting different variants of a traffic situation every millisecond.
5. WannaCry Has IoT in Its Crosshairs (Dark Reading, Sep 25 2020)
The wide variety of devices attached to the Internet of Things offers a rich target for purveyors of ransomware.
6. When coffee makers are demanding a ransom, you know IoT is screwed (Ars Technica, Sep 26 2020)
Watch along as hacked machine grinds, beeps, and spews water.
*Cloud Security, DevOps, AppSec*
7. 85% of COVID-19 tracking apps leak data (Help Net Security, Sep 29 2020)
71% of healthcare and medical apps have at least one serious vulnerability that could lead to a breach of medical data, according to Intertrust. The report investigated 100 publicly available global mobile healthcare apps across a range of categories—including telehealth, medical device, health commerce, and COVID-tracking—to uncover the most critical mHealth app threats. Cryptographic issues pose one of the most pervasive and serious threats, with 91% of the apps in the study failing one or …
8. Security-at-scale: 10 new security and management controls (Google Cloud Blog, Sep 29 2020)
With so many people working remotely, it’s imperative that the tools we use to stay productive are secure. Already this year we have worked to strengthen security for our customers and help make threat defense more effective.
9. Microsoft boots apps out of Azure used by China-sponsored hackers (Ars Technica, Sep 25 2020)
Active Directory apps used for command-and-control infrastructure are no more.
*Identity Mgt & Web Fraud*
10. DHS Admits Facial Recognition Photos Were Hacked, Released (VICE, Sep 24 2020)
Traveler’s faces, license plates, and care information were hacked from a subcontractor called Perceptics and released on the dark web.
11. Twitter Shutters 130 Iranian Accounts Trying to Disrupt Presidential Debate (Infosecurity Magazine, Oct 01 2020)
Social network says it was tipped off by FBI
12. MFA-Minded Attackers Continue to Figure Out Workarounds (Dark Reading, Sep 28 2020)
While MFA can improve overall security posture, it’s not a “silver bullet”– and hacks continue.
13. Ransomware Victims That Pay Up Could Incur Steep Fines from Uncle Sam (Krebs on Security, Oct 01 2020)
Companies victimized by ransomware and firms that facilitate negotiations with ransomware extortionists could face steep fines from the U.S. federal government if the crooks who profit from the attack are already under economic sanctions, the Treasury Department warned today.
14. Large US hospital chain hobbled by Ryuk ransomware (Help Net Security, Sep 29 2020)
US-based healtchare giant Universal Health Services (UHS) has suffered a cyberattack on Sunday morning, which resulted in the IT network across its facilities to be shut down. Location of UHC facilities What happened? UHS operates nearly 400 hospitals and healthcare facilities throughout the US, Puerto Rico and the UK.
15. Fraud Schemes Exploit Weak Spots in Unemployment Claims System (The New York Times, Oct 01 2020)
Pandemic programs have lowered the barriers to collecting benefits, and the usual security methods haven’t kept up.