The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. Emotet and TrickBot Top the Malware Charts Yet Again (Infosecurity Magazine, Nov 09 2020)
Check Point points to resulting surge in ransomware infections
2. Detecting Phishing Emails (Schneier on Security, Nov 06 2020)
“Once they find such information, then they move to stage three and deal with the email by deleting it or reporting it. I discuss ways this process can fail, and implications for improving training of end users about phishing.”
3. Bug Bounty Hunters Earn $1.2 Million at Chinese Hacking Competition (SecurityWeek, Nov 09 2020)
Bug bounty hunters have earned a total of more than $1.2 million over the weekend at the 2020 Tianfu Cup International PWN Contest, a major hacking competition that takes place every year in China.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Mysterious Bugs Were Used to Hack iPhones and Android Phones (VICE, Nov 10 2020)
Google found at least seven critical bugs being exploited by hackers in the wild. But after disclosing them days ago, the company has yet to reveal key details about who used them and against whom.
5. New Brazilian Banking Trojan Targets Mobile Users in Multiple Countries (Dark Reading, Nov 09 2020)
Ghimob is a full-fledged spy in your pocket, Kaspersky says.
6. Police Are Tapping Into Ring Cameras to Expand Surveillance Network In Mississippi (VICE, Nov 06 2020)
The police department in Jackson, Mississippi is partnering with two companies to stream surveillance footage from Ring cameras in a 45-day pilot program.
*Cloud Security, DevOps, AppSec*
7. Google Discloses Details of GitHub Actions Vulnerability (SecurityWeek, Nov 04 2020)
Details on a vulnerability impacting GitHub Actions were made public this week by Google, following a 104-day disclosure deadline.
8. Bug Bounty Hunters’ Pro Tips on Chasing Vulns & Money (Dark Reading, Nov 05 2020)
From meditation to the right mindset, seasoned vulnerability researchers give their advice on how to maximize bug bounty profits and avoid burnout.
9. What is cloud security? How is it different from traditional on-premises network security? (Cloud Security Alliance, Nov 09 2020)
The following 13 domains which comprise the CSA Security Guidance highlight areas of concern for cloud computing and are tuned to address both the strategic and tactical security “pain points” within a cloud environment, and can be applied to any combination of cloud service and deployment model.
*Identity Mgt & Web Fraud*
10. How Hackers Blend Attack Methods to Bypass MFA (Dark Reading, Nov 10 2020)
Protecting mobile apps requires a multilayered approach with a mix of cybersecurity measures to counter various attacks at different layers.
11. Ex-Microsoft Engineer Gets Nine Years for $10m Digital Theft (Infosecurity Magazine, Nov 10 2020)
Renton resident stole digital gift cards and sold them online
12. The Security Failures of Online Exam Proctoring (Schneier on Security, Nov 11 2020)
“Proctoring an online exam is hard. It’s hard to be sure that the student isn’t cheating, maybe by having reference materials at hand, or maybe by substituting someone else to take the exam for them. There are a variety of companies that provide online proctoring services, but they’re uniformly mediocre…”
13. DHS Says Voting Systems Not Compromised, Amid Departures at CISA (SecurityWeek, Nov 13 2020)
Two election committees of the U.S. Department of Homeland Security (DHS) issued a joint statement on Thursday saying there was no evidence of voting systems being compromised, noting that the recent election “was the most secure in American history.”
14. Zoom lied to users about end-to-end encryption for years, FTC says (Ars Technica, Nov 09 2020)
Democrats blast FTC/Zoom settlement because users won’t get compensation.
15. Greylock’s Asheem Chandna on ‘shifting left’ in cybersecurity and the future of enterprise startups (TechCrunch, Nov 11 2020)
Last week was a busy week, what with an election in Myanmar and all (well, and the United States, I guess). So perhaps you were glued to your TV or smartphone, and missed out on our conversation with Asheem Chandna, a long-time partner at Greylock who has invested in enterprise and cybersecurity startups for nearly…