The Top 15 Security Posts – Vetted & Curated
*Threats & Defense*
1. NSA Funds Development & Release of D3FEND Framework (Dark Reading, Jun 22 2021)
The framework, now available through MITRE, provides countermeasures to attacks.
2. 74% of Q1 Malware Was Undetectable Via Signature-Based Tools (Dark Reading, Jun 24 2021)
Attackers have improved on tweaking old malware to continue sneaking it past traditional threat detection controls, researchers report.
3. MyBook Users Urged to Unplug Devices from Internet (Krebs on Security, Jun 25 2021)
Hard drive giant Western Digital is urging users of its MyBook Live brand of network storage drives to disconnect them from the Internet, warning that malicious hackers are remotely wiping the drives using a previously unknown critical flaw that can be triggered by anyone who knows the Internet address of an affected device.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
*AI, IoT, & Mobile Security*
4. New security measures to keep Google Play safe (Help Net Security, Jun 29 2021)
Google is announcing two new security measures aimed at minimizing the number of malicious / potentially unwanted apps available for download from the Google Play Store: additional Android developer identification requirements and 2-step verification. New Android developer identification requirements Android is the most widely used mobile OS (and OS) in the world, and malicious actors love nothing better than to prey on a massive pool of potential targets.
5. AI-Piloted Fighter Jets (Schneier on Security, Jun 25 2021)
“News from Georgetown’s Center for Security and Emerging Technology:
China Claims Its AI Can Beat Human Pilots in Battle: Chinese state media reported that an AI system had successfully defeated human pilots during simulated dogfights. According to the Global Times report, the system had shot down several PLA pilots during a handful of virtual exercises in recent years. Observers outside China noted that while reports coming out of state-controlled media outlets should be taken with a grain of…”
6. GitHub previews new AI tool that makes coding suggestions (TechCrunch, Jun 29 2021)
GitHub has unveiled a new product that leverages artificial intelligence to help you write code more efficiently. Named GitHub Copilot, today’s new product can suggest lines of code and even sometimes entire functions. GitHub has partnered with OpenAI to develop this tool. It doesn’t replace developers, it’s just a tool that should improve productivity and…
*Cloud Security, DevOps, AppSec*
7. AWS Acquires Encrypted Communications Service Wickr (SecurityWeek, Jun 25 2021)
Amazon’s AWS subsidiary on Friday announced the acquisition of Wickr, a late-stage startup that sells end-to-end encrypted communications tools.
8. Most Developers Never Update Third-Party Libraries in Their Software: Report (SecurityWeek, Jun 22 2021)
Most developers never update third-party libraries after including them in their software, a new report from application security company Veracode reveals.
9. Google Working on Patching GCP Vulnerability That Allows VM Takeover (SecurityWeek, Jun 30 2021)
A security researcher has disclosed the details of a vulnerability that can be exploited to take over virtual machines (VMs) on Google Cloud Platform.
*Identity Mgt & Web Fraud*
10. Hackers Fool Facial Recognition Into Thinking I’m Mark Zuckerberg (VICE, Jun 24 2021)
Using a new technique, researchers say they can make AI systems misidentify people by adding small bits of data to the images.
11. Hospitals are selling treasure troves of medical data — what could go wrong? (The Verge, Jun 28 2021)
It could help with research, but also comes with risks.
12. Twitter Enables Use of Security Keys as Sole Two-Factor Authentication Method (SecurityWeek, Jul 01 2021)
Twitter this week announced that it allows users to enroll security keys and use them as the only form of two-factor authentication (2FA) to secure their accounts.
13. US the Only Top Tier Cyber-power (Infosecurity Magazine, Jun 28 2021)
Report finds other countries lag behind US when it comes to cyber prowess
14. Attacks against game companies are up. But why? (SC Media, Jun 25 2021)
Malicious hackers are increasingly mobbing the video game industry, but security experts can’t pinpoint a single explanation for the surge.
15. Insurance and Ransomware (Schneier on Security, Jul 01 2021)
As ransomware becomes more common, I’m seeing more discussions about the ethics of paying the ransom. Here’s one more contribution to that issue: a research paper that the insurance industry is hurting more than it’s helping.