A Review of the Best News of the Week on Cloud Security, DevOps, AppSec New Malware Hidden in Apple IDE Targets macOS Developers (Dark Reading:, Mar 19 2021) XcodeSpy is latest example of growing attacks on software supply chain. Researchers Discover Two Dozen Malicious Chrome Extensions (Dark Reading:, Mar 22
A Review of the Best News of the Week on AI, IoT, & Mobile Security Can We Stop Pretending SMS Is Secure Now? (Krebs on Security, Mar 16 2021) SMS text messages were already the weakest link securing just about anything online, mainly because there are tens of thousands of
A Review of the Best News of the Week on Cyber Threats & Defense Microsoft One-Click Tool Mitigates Exchange Server Attacks (Infosecurity Magazine, Mar 16 2021) Tool designed for customers without dedicated IT or cybersecurity resource Exploiting Spectre Over the Internet (Schneier on Security, Mar 18 2021) “Google has demonstrated
The Top 15 Security Posts – Vetted & Curated *Threats & Defense* 1. Microsoft Reports ‘DearCry’ Ransomware Targeting Exchange Servers (Dark Reading:, Mar 12 2021) Attackers have begun to deploy ransomware on Microsoft Exchange Servers compromised by the ProxyLogon exploits. 2. New Side-Channel Attack Targets Intel CPU Ring Interconnect (SecurityWeek,
A Review of the Best News of the Week on Cybersecurity Management & Strategy Illegal Content and the Blockchain (Schneier on Security, Mar 17 2021) “This openness is also a vulnerability, one that opens the door to asymmetric threats and small-time malicious actors. Anyone can put information in the one
A Review of the Best News of the Week on Identity Management & Web Fraud Twitter Updates 2FA Use of Multiple Security Keys (Infosecurity Magazine, Mar 16 2021) Users will soon be able to use security keys as sole authentication method Netflix’s Password-Sharing Crackdown Has a Silver Lining (Wired, Mar
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Mimecast says SolarWinds hackers breached its network (Ars Technica, Mar 16 2021) Mimecast-issued certificate used to connect to customers’ Microsoft 365 tenants. Validate access to your S3 buckets before deploying permissions changes with IAM Access Analyzer
A Review of the Best News of the Week on AI, IoT, & Mobile Security A Hacker Got All My Texts for $16 (VICE, Mar 16 2021) A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages. Malware
A Review of the Best News of the Week on Cyber Threats & Defense Microsoft Reports ‘DearCry’ Ransomware Targeting Exchange Servers (Dark Reading:, Mar 12 2021) Attackers have begun to deploy ransomware on Microsoft Exchange Servers compromised by the ProxyLogon exploits. New Side-Channel Attack Targets Intel CPU Ring Interconnect (SecurityWeek,