The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. Try This One Weird Trick Russian Hackers Hate (Krebs on Security, May 17 2021)
“In a Twitter discussion last week on ransomware attacks, KrebsOnSecurity noted that virtually all ransomware strains have a built-in failsafe designed to cover the backsides of the malware purveyors: They simply will not install on a Microsoft Windows computer that already has one of many types of virtual keyboards installed — such as Russian or Ukrainian. So many readers had questions in response to the tweet that I thought it was worth a blog post exploring this one weird cyber defense trick.”
2. Latest Security News from RSAC 2021 (Dark Reading, May 17 2021)
Check out Dark Reading’s updated, exclusive coverage of the news and security themes that are dominating RSA Conference 2021.
3. Four Year On: Two-thirds of Global Firms Still Exposed to WannaCry (Infosecurity Magazine, May 13 2021)
ExtraHop finds most enterprises are running insecure SMB protocol
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. #RSAC: Bruce Schneier Warns of the Coming AI Hackers (Infosecurity Magazine, May 17 2021)
AI hacking has the potential to reshape the cybersecurity landscape for good or for evil, Schneier warns in a grim RSA Conference keynote
5. Hackers Are Having a Field Day With AirTags (VICE, May 13 2021)
Just two weeks after their release, several hackers and security researchers are tearing Apple’s AirTags apart and finding some issues with them.
6. Researchers Unearth 167 Fake iOS & Android Trading Apps (Dark Reading, May 12 2021)
The apps are disguised as financial trading, banking, and cryptocurrency apps from well-known and trusted organizations.
*Cloud Security, DevOps, AppSec*
7. Cloud CISO Perspectives: May 2021 (Google Cloud Blog, May 13 2021)
“Today, I’ll recap our cloud security and industry highlights, a sneak peak of what’s ahead from Google at RSA and more.”
8. University of Minnesota researchers fail to understand consent (Help Net Security, May 19 2021)
You’d think with all the recent discussion about consent, researchers would more carefully observe ethical boundaries. Yet, a group of researchers from the University of Minnesota not only crossed the line but ran across it, screaming defiantly the whole way. In response, the Linux Foundation, which is the core of the open-source community, took the unprecedented step of banning the entire University of Minnesota from contributing to the Linux kernel.
9. Rapid7 Source Code Exposed in Codecov Supply Chain Attack (SecurityWeek, May 13 2021)
Rapid7 says unauthorized third-party accessed source code, customer data during Codecov supply chain breach
*Identity Mgt & Web Fraud*
10. Apple rejected 215k iOS apps due to privacy last year (Graham Cluley, May 18 2021)
Apple is talking up the efforts it makes to police the iOS App Store, revealing that during 2020 it rejected more than 215,000 iPhone apps for violating its privacy policies.
11. Facial recognition, fake identities and digital surveillance tools: Inside the post office’s covert internet operations program (Yahoo, May 19 2021)
The post office’s law enforcement arm has faced intense scrutiny in recent weeks over its Internet Covert Operations Program, which tracks social media posts of Americans and shares that information with other law enforcement agencies.
12. This facial recognition website can turn anyone into a cop — or a stalker (Washington Post, May 14 2021)
While most facial recognition tools are reserved for police or government use, PimEyes is open to the masses, whether they’re hunting down U.S. Capitol riot suspects or stalking women around the Web.
13. Apple Censorship and Surveillance in China (Schneier on Security, May 19 2021)
Good investigative reporting on how Apple is participating in and assisting with Chinese censorship and surveillance.
14. DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized (Krebs on Security, May 14 2021)
The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained funds from an account the group uses to pay affiliates.
15. 18 is the new 20: CIS Controls v8 is here! (Help Net Security, May 19 2021)
The moment we’ve all been waiting for is finally here. The Center for Internet Security (CIS) officially launched CIS Controls v8, which was enhanced to keep up with evolving technology (modern systems and software), evolving threats, and even the evolving workplace. The pandemic changed a lot of things, and it also prompted changes in the CIS Controls. The newest version of the Controls now includes cloud and mobile technologies.