The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise (Krebs on Security, Dec 14 2020)
“Communications at the U.S. Treasury and Commerce Departments were reportedly compromised by a supply chain attack on SolarWinds, a security vendor that helps the federal government and a range of Fortune 500 companies monitor the health of their IT networks. Given the breadth of the company’s customer base, experts say the incident may be just the first of many such disclosures.”
2. U.S. Agencies Hacked in Foreign Cyber Espionage Campaign Linked to Russia (WSJ, Dec 14 2020)
Multiple federal agencies, including the Treasury and Commerce departments, have had some of their computer systems breached as part of a widespread campaign believed to be the work of the Russian government.
3. Phishing campaign spoofs Microsoft domain. Is lack of DMARC enforcement to blame? (SC Media, Dec 09 2020)
Researchers observed a spear phishing campaign that exactly spoofed a Microsoft email domain to trick Office 365 users. This suggests Microsoft’s servers were not enforcing protective DMARC authentication protocols when communications were received – and perhaps still are not.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. What IT Leaders Expect from AI, ML in 2021 (eWEEK, Dec 15 2020)
Here are some perspectives from a selection of thought leaders across the IT world.
5. #BHEU: IoT Threat Hunting Detects Over One Billion Attacks (Infosecurity Magazine, Dec 11 2020)
Researchers show results of their IoT threat huntng framework
6. Fingerprint-Jacking’ Attack Technique Manipulates Android UI (Dark Reading, Dec 10 2020)
Researchers explore fingerprint-jacking, a user interface-based attack that targets fingerprints scanned into Android apps.
*Cloud Security, DevOps, AppSec*
7. Dark Halo Leverages SolarWinds Compromise to Breach Organizations (Volexity, Dec 15 2020)
Near the end of this incident, Volexity observed the threat actor using a novel technique to bypass Duo multi-factor authentication (MFA) to access the mailbox of a user via the organization’s Outlook Web App (OWA) service.
8. Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise
Multiple Global Victims With SUNBURST Backdoor (FireEye, Dec 15 2020)
We have discovered a global intrusion campaign, and we are tracking the actors behind this campaign as UNC2452.
9. Google Shares Cloud Security Tips (Dark Reading, Dec 10 2020)
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.
*Identity Mgt & Web Fraud*
10. CPRA hints at the future of cybersecurity and privacy (Help Net Security, Dec 11 2020)
One of the most notable ballot propositions impacting the privacy and cybersecurity world during the US 2020 election was the passage of the California Privacy Rights Act (CPRA). Predominantly considered an updated version of 2018’s California Consumer Privacy Act (CCPA), the CPRA incorporates several changes other than the highly touted establishment of the California Privacy Protection Agency (CPPA).
11. Apple’s App Stores Open New Privacy Window for Customers (SecurityWeek, Dec 14 2020)
Apple has begun spelling out what kinds of personal information is being collected by the digital services displayed in its app stores for iPhones and other products made by the trendsetting company.
12. Privacy Groups Alarmed at Supermarket’s Facial Recognition Trial (Infosecurity Magazine, Dec 11 2020)
Southern Co-operative teamed up with Facewatch in bid to reduce crime
13. Nuclear weapons agency breached amid massive cyber onslaught (Politico, Dec 17 2020)
Hackers accessed systems at the National Nuclear Security Administration, which maintains the U.S. nuclear weapons stockpile.
14. SolarWinds Hack Could Affect 18K Customers (Krebs on Security, Dec 15 2020)
“The still-unfolding breach at network management software firm SolarWinds may have resulted in malicious code being pushed to nearly 18,000 customers, the company said in a legal filing on Monday. Meanwhile, Microsoft should soon have some idea which and how many SolarWinds customers were affected, as it recently took possession of a key domain name used by the intruders to control infected systems.”
15. Another Massive Russian Hack of US Government Networks (Schneier on Security, Dec 15 2020)
“The press is reporting a massive hack of US government networks by sophisticated Russian hackers.
Officials said a hunt was on to determine if other parts of the government had been affected by what looked to be one of the most sophisticated, and perhaps among the largest, attacks on federal systems in the past five years. Several said national security-related agencies were also targeted, though it was not clear whether the systems contained highly classified material.”