The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. macOS Big Sur 11.0.1 Patches 60 Vulnerabilities (SecurityWeek, Nov 16 2020)
The first update released by Apple for macOS Big Sur 11.0 addresses 60 vulnerabilities affecting various components of the operating system.
2. Major ransomware strain jumps from Windows to Linux (SC Media, Nov 09 2020)
Kaspersky researchers noticed similarities in the code of the Trojan, the text of the ransom notes and the general approach to extortion that pointed to an encounter with a Linux strain of the RansomEXX ransomware family.
3. Here are the most common ways businesses get compromised by ransomware (SC Media, Nov 13 2020)
Most organizations know they need to defend their information technology and business assets from ransomware. It’s figuring out the how and where that so often trips them up.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Is TikTok a harmless app or a threat to U.S. security? – 60 Minutes (CBS News, Nov 15 2020)
Is TikTok a harmless app or a threat to U.S. security? – 60 Minutes
5. DARPA and Academia Jumpstart 5G IoT Security Efforts (Dark Reading, Nov 12 2020)
With 5G IoT devices projected to hit 49 million units by 2023, researchers launch programs to keep IoT from becoming a blackhole of exfiltration.
6. System brings deep learning to ‘internet of things’ devices (ScienceDaily, Nov 13 2020)
A new system brings machine learning to microcontrollers. The advance could enhance the function and security of devices connected to the Internet of Things (IoT).
*Cloud Security, DevOps, AppSec*
7. AWS Network Firewall – New Managed Firewall Service in VPC (AWS News Blog, Nov 17 2020)
“Today, I am happy to announce AWS Network Firewall, a high availability, managed network firewall service for your virtual private cloud (VPC). It enables you to easily deploy and manage stateful inspection, intrusion prevention and detection, and web filtering to protect your virtual networks on AWS. Network Firewall automatically scales with your traffic, ensuring high availability with no additional customer investment in security infrastructure.”
8. Be Very Sparing in Allowing Site Notifications (Krebs on Security, Nov 17 2020)
“An increasing number of websites are asking visitors to approve “notifications,” browser modifications that periodically display messages on the user’s mobile or desktop device. In many cases these notifications are benign, but several dodgy firms are paying site owners to install their notification scripts and then selling that communications pathway to scammers and online hucksters.”
9. Hundreds of Tesla Powerwall Gateways Potentially Exposed to Hacker Attacks (SecurityWeek, Nov 17 2020)
Hundreds of Tesla Powerwall Backup Gateways may have been exposed to remote hacker attacks from the internet, but Tesla says it has taken steps to reduce risks.
*Identity Mgt & Web Fraud*
10. “Privacy Nutrition Labels” in Apple’s App Store (Schneier on Security, Nov 12 2020)
Apple will start requiring standardized privacy labels for apps in its app store, starting in December:
Apple allows data disclosure to be optional if all of the following conditions apply: if it’s not used for tracking, advertising or marketing; if it’s not shared with a data broker; if collection is infrequent, unrelated to the app’s primary function, and optional; and if the user chooses to provide the data in conjunction with clear disclosure, the user’s name or account name is prominently
11. How the U.S. Military Buys Location Data from Ordinary Apps (VICE, Nov 16 2020)
A Muslim prayer app with over 98 million downloads is one of the apps connected to a wide-ranging supply chain that sends ordinary people’s personal data to brokers, contractors, and the military.
12. Data Breach Hits 28 Million Texan Drivers (Infosecurity Magazine, Nov 13 2020)
Human error at insurance software provider to blame
13. Trump Fires Security Chief Christopher Krebs (Krebs on Security, Nov 18 2020)
President Trump on Tuesday fired his top election security official Christopher Krebs (no relation). The dismissal came via Twitter two weeks to the day after Trump lost an election he baselessly claims was stolen by widespread voting fraud.
14. Peiter ‘Mudge’ Zatko Named Head of Security at Twitter (SecurityWeek, Nov 17 2020)
Social media giant Twitter has appointed security expert Peiter Zatko as its head of security.
15. Verizon Releases First Cyber-Espionage Report (Infosecurity Magazine, Nov 17 2020)
US telecommunications giant publishes first data-driven report on advanced cyber-spying