The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. Lack of visibility into remote endpoints leaves companies vulnerable to ransomware (Help Net Security, Feb 03 2021)
Illumio released findings on visibility and security practices for remote endpoints, revealing how vulnerable organizations are to ransomware propagating throughout the network and the impact large-scale breaches have on a business – essentially grinding operations to a halt. The report uncovers the risks businesses face from having large swaths of their employees work from home and explores what this means as workers come back to the office part-time.
2. Three ways MITRE ATT&CK can improve your organizational security (Help Net Security, Feb 08 2021)
There’s a good reason everyone’s talking about MITRE ATT&CK: it’s an objective, third-party standard with which organizations can measure their own detection coverage, as well as the coverage provided by EDR solutions. Still, even while you appreciate ATT&CK, it’s not always clear how you can use it to improve your own organizational security. In this article, I’ll lay out how you can use ATT&CK for the greatest effect.
3. Remote Desktop Protocol Attacks Surge by 768% (Infosecurity Magazine, Feb 08 2021)
RDP attacks continued to grow in Q4 of 2020, but at a slower rate
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Google considering an iOS-style anti-tracking feature for Android (Ars Technica, Feb 05 2021)
Android could get tracking controls after “seeking” from ad companies.
5. NoxPlayer Android Emulator Supply-Chain Attack (Schneier on Security, Feb 08 2021)
“It seems to be the season of sophisticated supply-chain attacks.
This one is in the NoxPlayer Android emulator:
ESET says that based on evidence its researchers gathered, a threat actor compromised one of the company’s official API (api.bignox.com) and file-hosting servers (res06.bignox.com).
Using this access, hackers tampered with the download URL of NoxPlayer updates in the API server to deliver malware to NoxPlayer users.”
6. Android barcode scanner with 10 million+ downloads infects users (Ars Technica, Feb 08 2021)
Researcher says Google hasn’t removed the malicious app, so onus is on end users.
*Cloud Security, DevOps, AppSec*
7. Top 10 blog posts of 2020 (AWS Security Blog, Feb 09 2021)
The top 10 posts of 2020
Use AWS Lambda authorizers with a third-party identity provider to secure Amazon API Gateway REST APIs
How to use trust policies with IAM roles
How to use G Suite as external identity provider AWS SSO
Top 10 security items to improve in your AWS account
Automated response and remediation with AWS Security Hub
How to add authentication single page web application with Amazon Cognito OAuth2 implementation
Get ready for upcoming changes in the AWS Single Sign-On user sign-in process
TLS 1.2 to become the minimum for all AWS FIPS endpoints
How to use KMS and IAM to enable independent security controls for encrypted data in S3
Use AWS Firewall Manager VPC security groups to protect your applications hosted on EC2 instances
8. Google Paid Out $6.7 Million in Bug Bounty Rewards in 2020 (SecurityWeek, Feb 05 2021)
Google this week said it paid out more than $6.7 million in rewards as part of its bug bounty programs in 2020.
9. Malicious Chrome and Edge add-ons had a novel way to hide on 3 million devices (Ars Technica, Feb 03 2021)
28 malicious extensions disguised traffic as Google Analytics data.
*Identity Mgt & Web Fraud*
10. Breached H20 plant employees used same TeamViewer pw and no f/w (Ars, Feb 10 2021)
Shortcomings illustrate the lack of security rigor in critical infrastructure environments.
11. Authorities bust SIM-swap ring they say took millions from the rich and famous (Ars Technica, Feb 10 2021)
SIM-swapping is a worldwide scourge. Law enforcement is trying to make a dent.
12. Browser ‘Favicons’ Can Be Used as Undeletable ‘Supercookies’ to Track You Online (VICE, Feb 09 2021)
// Favicons can break through incognito mode, VPNs, and Pi-holes to track your movement online
13. ‘Dangerous Stuff’: Hackers Tried to Poison Water Supply of Florida Town (The New York Times, Feb 09 2021)
For years, cybersecurity experts have warned of attacks on small municipal systems. In Oldsmar, Fla., the levels of lye were changed and could have sickened residents.
14. SonicWall Zero-Day (Schneier on Security, Feb 08 2021)
“Hackers are exploiting zero-day in SonicWall:
In an email, an NCC Group spokeswoman wrote: “Our team has observed signs of an attempted exploitation of a vulnerabilitythat affects the SonicWall SMA 100 series devices. We are working closely with SonicWall to investigate this in more depth.”
In Monday’s update, SonicWall representatives said the company’s engineering team confirmed that the submission by NCC Group included a “critical zero-day” in the SMA 100 series 10.x code.”
15. What’s most interesting about the Florida water system hack? That we heard about it at all. (Krebs on Security, Feb 10 2021)
“Stories about computer security tend to go viral when they bridge the vast divide between geeks and luddites, and this week’s news about a hacker who tried to poison a Florida town’s water supply was understandably front-page material. But for security nerds who’ve been warning about this sort of thing for ages, the most surprising aspect of the incident seems to be that we learned about it at all.”