The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. NSA Reveals the Top 25 Vulnerabilities Exploited by Chinese Nation-State Hackers (Dark Reading, Oct 20 2020)
Officials urge organizations to patch the vulnerabilities most commonly scanned for, and exploited by, Chinese attackers.
2. Microsoft, MITRE Release Adversarial Machine Learning Threat Matrix (SecurityWeek, Oct 23 2020)
Microsoft and MITRE, in collaboration with a dozen other organizations, have developed a framework designed to help identify, respond to, and remediate attacks targeting machine learning (ML) systems.
3. US Treasury Sanctions Russian Institution Linked to Triton Malware (Dark Reading, Oct 23 2020)
Triton, also known as TRISIS and HatMan, was developed to target and manipulate industrial control systems, the US Treasury reports.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. How Police Can Crack Locked Phones—and Extract Information (Wired, Oct 23 2020)
A report finds 50,000 cases where law enforcement agencies turned to outside firms to bypass the encryption on a mobile device.
5. 7 Mobile Browsers Vulnerable to Address-Bar Spoofing (Dark Reading, Oct 22 2020)
Flaws allow attackers to manipulate URLs users see on their mobile devices, Rapid7 says
6. AI catches Maze ransomware targeting a healthcare organization (Darktrace Blog, Oct 22 2020)
Attackers are targeting increasingly high-stakes environments with ransomware. This blog post explores how AI can be used to detect and autonomously neutralize machine-speed attacks – looking in particular at how Darktrace caught Maze ransomware targeting a healthcare organization.
*Cloud Security, DevOps, AppSec*
7. 76% of applications have at least one security flaw (Help Net Security, Oct 28 2020)
The majority of applications contain at least one security flaw and fixing those flaws typically takes months, a Veracode report reveals. This year’s analysis of 130,000 applications found that it takes about six months for teams to close half the security flaws they find.
8. Microsoft’s Kubernetes Threat Matrix: Here’s What’s Missing (Dark Reading, Oct 26 2020)
With a fuller picture of the Kubernetes threat matrix, security teams can begin to implement mitigation strategies to protect their cluster from threats.
9. What you can learn in our Q4 2020 Google Cloud Security Talks (Google Cloud Blog, Oct 27 2020)
“2020 has brought with it some tremendous innovations in the area of cloud security. As cloud deployments and technologies have become an even more central part of organizations’ security program, we hope you’ll join us for the latest installment of our Google Cloud Security Talks, a live online event on November 18th, where we’ll help you navigate the latest thinking in cloud security.”
*Identity Mgt & Web Fraud*
10. Buyers Abused DMV Data, California DMV Says (VICE, Oct 29 2020)
On the whole, driver’s license data ends up in too many hands which increases the risk of personal information being abused.
11. CBP Refuses to Tell Congress How it is Tracking Americans Without a Warrant (VICE, Oct 23 2020)
The CBP is buying location data harvested from ordinary apps installed on peoples’ phones.
12. Hackers breach psychotherapy center, use stolen health data to blackmail patients (Help Net Security, Oct 26 2020)
News of an unusual data breach at a psychotherapy center in Finland broke over the weekend, after affected patients began receiving emails telling them to pay up or risk their personal and health data being publicly released.
13. FBI “ransomware warning” for healthcare is a warning for everyone! (Naked Security – Sophos, Oct 29 2020)
The US government has warned of a ransomware escalation against the healthcare sector.
14. Compromised CMS Credentials Likely Used to Hack Trump Campaign Website (SecurityWeek, Oct 28 2020)
Security researchers believe that compromised credentials were used by hackers to access the content management system behind Donald Trump’s campaign website.
15. The Story of McAfee: How the Security Giant Arrived at a Second IPO (Dark Reading, Oct 26 2020)
Industry watchers explore the story of McAfee, from its founding in 1987, to its spinoff from Intel, to how it’s keeping up with competitors.