The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. This is not a drill: VMware vuln with 9.8 severity rating is under attack (Ars Technica, Jun 04 2021)
Code execution flaw in vCenter is exploited to install web shell on unpatched machines.
2. How to Protect Your Files From Ransomware (Wired, Jun 06 2021)
It’s a growing threat for individual users and businesses alike—but there are ways to protect yourself.
3. Ransomware will now get priority treatment at the Justice Department (Ars Technica, Jun 04 2021)
Directive comes as ransomware is exposing the fragility of critical supply chains.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. Trojan Shield: How the FBI Secretly Ran a Phone Network for Criminals (VICE, Jun 07 2021)
New court records detail how the FBI turned encrypted phone company ‘Anom’ into a honeypot for organized crime.
5. Hacker’s guide to deep-learning side-channel attacks: code walkthrough (Elie on Internet Security and Privacy., Jun 05 2021)
Learn how to perform a deep-learning side-channels attack using TensorFlow to recover AES cryptographic keys from a hardware device power traces, step by step.
6. She Sent Her iPhone to Apple. Repair Techs Uploaded Her Nudes to Facebook (VICE, Jun 08 2021)
Apple paid a woman millions to prevent a lawsuit, but it could have avoided all of this if she’d just been able to repair her own phone.
*Cloud Security, DevOps, AppSec*
7. How an Obscure Company Took Down Big Chunks of the Internet (Wired, Jun 08 2021)
You may not have heard of Fastly, but you felt its impact when sites didn’t load around the world Tuesday morning.
8. Google Experts Explore Open Source Security Challenges & Fixes (Dark Reading, Jun 03 2021)
An open source security event brought discussions of supply chain security and managing flaws in open source projects.
9. First Known Malware Surfaces Targeting Windows Containers (Dark Reading, Jun 07 2021)
Siloscape is designed to create a backdoor in Kubernetes clusters to run malicious containers.
*Identity Mgt & Web Fraud*
10. $1 billion piracy ruling could force ISPs to disconnect users (Ars Technica, Jun 07 2021)
Increased account terminations would punish “innocent” users, groups tell court.
11. NYPD’s Sprawling Facial Recognition System Now Has More Than 15,000 Cameras (VICE, Jun 03 2021)
The massive camera network is concentrated in predominantly Black and brown neighborhoods, according to a new crowdsourced report.
12. Mystery malware steals 26M passwords from millions of PCs. Are you affected? (Ars Technica, Jun 09 2021)
Massive trove can be used for ransomware, espionage, and more.
13. Supreme Court narrows interpretation of CFAA, to the relief of ethical hackers (SC Media, Jun 03 2021)
Individuals do not exceed authorized computer access if they obtain data to which they are entitled for improper reasons, 6-3 majority rules.
14. Chinese Actors Reportedly Breached America’s Largest Transport Network (Infosecurity Magazine, Jun 04 2021)
The attack compromised three computer systems belonging to New York’s Metropolitan Transporation Authority’s (MTA).
15. US seizes $2.3 million Colonial Pipeline paid to ransomware attackers (Ars Technica, Jun 07 2021)
Funds seized after Justice Department IDs Bitcoin wallet and obtains its private key.