15 Bullet Friday – The Best Security News of the Week – 2020.10.23

The Top 15 Security Posts – Vetted & Curated

*Threats & Defense*
1. TrickBot Botnet Survives Takedown Attempt (SecurityWeek, Oct 15 2020)
The TrickBot botnet appears to have resumed normal operations days after Microsoft announced that it managed to take it down using legal means. 

2. US Cyber Command Urges Users to Patch New ‘Ping of Death’ Windows Flaw (SecurityWeek, Oct 15 2020)
The United States Cyber Command (USCYBERCOM) warns that users should apply the latest patches for Microsoft software to ensure they won’t fall victim to exploitation attempts.

3. Most US states show signs of a vulnerable election-related infrastructure (Help Net Security, Oct 19 2020)
75% of all 56 U.S. states and territories leading up to the presidential election, showed signs of a vulnerable IT infrastructure, a SecurityScorecard report reveals. Since most state websites offer access to voter and election information, these findings may indicate unforeseen issues leading up to, and following, the US election.

Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share on Twitter Facebook LinkedIn

*AI, IoT, & Mobile Security*
4. Waze Vuln. Lets Attackers Track and Identify Users (Infosecurity Magazine, Oct 19 2020)
Flaw in traffic-dodging app allows threat actors to track users and find out where they are going

5. Hackers Claim to Have Access to 50,000 Home Security Cameras (Infosecurity Magazine, Oct 14 2020)
Video clips have already ended up on adult sites

6. IoT Security Foundation unveils online platform to help IoT vendors report and manage vulerabilities (Help Net Security, Oct 19 2020)
An online platform designed to help IoT vendors receive, assess, manage and mitigate vulnerability reports has been launched by the IoT Security Foundation (IoTSF). VulnerableThings.com aims to simplify the reporting and management of vulnerabilities whilst helping IoT vendors comply with new consumer IoT security standards and regulations. As the first globally applicable standard for consumer IoT cybersecurity, the new ETSI EN 303 645 specification requires IoT vendors…

*Cloud Security, DevOps, AppSec*
7. Twitter-Owned SDK Leaking Location Data of Millions of Users (VICE, Oct 21 2020)
Researchers found several apps using an outdated version of an SDK made by Twitter-owned MoPub.

8. Serious Vulnerability in GitHub Enterprise Earns Researcher $20,000 (SecurityWeek, Oct 20 2020)
A security researcher says he has earned $20,000 for a high-severity GitHub Enterprise vulnerability that might have allowed an attacker to execute arbitrary commands.

9. Global spending on cloud services to surpass $1 trillion in 2024 (Help Net Security, Oct 20 2020)
The COVID-19 pandemic has largely proven to be an accelerator of cloud adoption and extension and will continue to drive a faster conversion to cloud-centric IT. Global spending on cloud services to rise According to IDC, total global spending on cloud services, the hardware and software components underpinning cloud services, and the professional and managed services opportunities around cloud services will surpass $1 trillion in 2024 while sustaining a double-digit compound annual growth rate

*Identity Mgt & Web Fraud*
10. Clear – U.S. Airports. Now It Wants Your Entire Digital Identity. (Medium, Oct 20 2020)
‘You are your driver’s license, your credit card, your health care card, your building access card’

11. Singapore’s World-First Face Scan Plan Sparks Privacy Fears (SecurityWeek, Oct 19 2020)
Singapore will become the world’s first country to use facial verification in its national ID scheme, but privacy advocates are alarmed by what they say is an intrusive system vulnerable to abuse.

12. Morgan Stanley Fined $60m Over Data Disposal (Infosecurity Magazine, Oct 20 2020)
Failure to properly oversee decommissioning of data centers lands Morgan Stanley a hefty fine

*CISO View*
13. U.S. Charges Russian Intelligence Officers in Major Cyberattacks (The New York Times, Oct 19 2020)
Prosecutors said the suspects hacked elections in France and the 2018 Winter Olympics.

14. 2020 Cyber Threatscape Report (Accenture, Oct 20 2020)
There has been a 60% increase in the average ransom payment (US$178,254) in the first quarter of 2020.

15. Microsoft Says Most TrickBot Servers Are Down (SecurityWeek, Oct 21 2020)
Most of the servers associated with the TrickBot botnet have been taken down following the technical and legal effort announced last week, Microsoft says.

Share on facebook
Share on twitter
Share on linkedin