The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. How Hackers Used Slack to Break into EA Games (VICE, Jun 14 2021)
A representative for the hackers explained to Motherboard how the group stole a wealth of data from the game publishing giant. “Once inside the chat, we messaged a IT Support members we explain to them we lost our phone at a party last night,” the representative said.
2. Vulnerabilities in Weapons Systems (Schneier on Security, Jun 08 2021)
““If you think any of these systems are going to work as expected in wartime, you’re fooling yourself.”
That was Bruce’s response at a conference hosted by US Transportation Command in 2017, after learning that their computerized logistical systems were mostly unclassified and on the Internet. That may be necessary to keep in touch with civilian companies like FedEx in peacetime or when fighting terrorists or insurgents. But in a new era facing off with China or Russia, it is dangerously complacent.”
3. G7 Turns Up the Heat on Putin Over Ransomware Attacks (Infosecurity Magazine, Jun 14 2021)
Leaders urge Russia to hold cyber-criminals to account
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Share on Twitter Facebook LinkedIn
*AI, IoT, & Mobile Security*
4. Detecting Deepfake Picture Editing (Schneier on Security, Jun 10 2021)
“‘Markpainting’ is a clever technique to watermark photos in such a way that makes it easier to detect ML-based manipulation:
An image owner can modify their image in subtle ways which are not themselves very visible, but will sabotage any attempt to inpaint it by adding visible information determined in advance by the markpainter.
One application is tamper-resistant marks. For example, a photo agency that makes stock photos available on its website with copyright watermarks can markpaint them in such a way that anyone using common editing software to remove a watermark will fail; the copyright mark will be markpainted right back. So watermarks can be made a lot more robust.”
5. US Launches National AI Task Force (Infosecurity Magazine, Jun 11 2021)
Biden administration creates national artificial intelligence research resource task force
6. Apple: WebKit Bugs Exploited to Hack Older iPhones (SecurityWeek, Jun 14 2021)
Apple late Monday shipped an out-of-band iOS update for older iPhones and iPads alongside a warning that a pair of WebKit security vulnerabilities may have been actively exploited.
*Cloud Security, DevOps, AppSec*
7. GitHub Starts Scanning for Exposed Package Registry Credentials (SecurityWeek, Jun 10 2021)
GitHub this week announced that it has started scanning code hosted on its platform for package registry credentials, including RubyGems and PyPI secrets.
8. Cloud Security Alliance releases new security guidance for telehealth organizations (SC Media, Jun 11 2021)
Developed by the CSA’s Health Information Management Working Group, the Telehealth Risk Management publication offers best practices for the creation, storage, use, sharing, archiving, and potential destruction of data in three specific domains: governance, privacy, and security.
9. Google Workspace Gets Client-Side Encryption (SecurityWeek, Jun 15 2021)
Google this week announced the introduction of client-side encryption in Google Workspace, which is meant to provide users with control over the encryption keys used to keep their data safe.
*Identity Mgt & Web Fraud*
10. Apple Says It’s Time to Digitize Your ID, Ready or Not (Wired, Jun 15 2021)
Digital driver’s licenses have had a slow start in the US so far, but iOS 15 Wallet will give the nascent technology a serious push.
11. All the New Privacy Features Coming to iOS and macOS (Wired, Jun 13 2021)
Improvements designed to keep your email private, crack down on data stealing apps, and help you find lost devices are on their way.
12. Fake Online Reviews Linked to $152 Billion in Global Purchases (Infosecurity Magazine, Jun 15 2021)
Around 4% of internet reviews are fakes, undermining trust in e-commerce
*CISO View*
13. The FBI’s Anom Stunt Rattles the Encryption Debate (Wired, Jun 11 2021)
The agency spent years running a secure phone network for criminals. So much for “going dark.”
14. Most Ransomware Victims Are Hit Again After Paying (Infosecurity Magazine, Jun 16 2021)
In half of cases, victim organizations were attacked by the same group
15. VPNs and Trust (Schneier on Security, Jun 16 2021)
TorrentFreak surveyed nineteen VPN providers, asking them questions about their privacy practices…