Friday Security Brief
Friday Security Brief
This release is trial for a weekly security brief compiled from trusted sources that encourage a general awareness of cyber security issues. I'm still not sure about how to do this so any thoughts or feedback will be appreciated.
Brexit deal mandates a limit to security standards
"In what is surely an unthinking cut-and-paste issue, page 921 of the Brexit deal mandates the use of SHA-1 and 1024-bit RSA:"
Brexit Deal Mandates Old Insecure Crypto Algorithms ~ Schneier on Security
FBI Warns of Hijacked Security Devices being exploited for Swatting
"Stolen email passwords are being used to hijack smart home security systems to “swat” unsuspecting users, the Federal Bureau of Investigation warned this week. The announcement comes after concerned device manufacturers alerted law enforcement about the issue."
FBI Warn Hackers are Using Hijacked Home Security Devices for Swatting ~ Threatpost
A look back at some email attacks of 2020
"In 2020, our spam folders bulged with malware-laced emails, phishing lures linking to ransomware schemes, impersonation attacks, spoofed brand and fake domain missives, and dubious requests from legit-sounding companies. So, what defined 2020 in spam?"
Inbox Attacks: The Miserable Year (2020) That Was ~ Threatpost
SolarWinds hackers accessed Microsoft source code
"The hackers behind the SolarWinds supply chain attack managed to escalate access inside Microsoft's internal network and gain access to a small number of internal accounts, which they used to access Microsoft source code repositories, the company said on Thursday."
SolarWinds hackers accessed Microsoft source code ~ Zdnet
CISA updates SolarWinds guidance
"The US Cybersecurity and Infrastructure Security Agency has updated its official guidance for dealing with the fallout from the SolarWinds supply chain attack.
In an update posted late last night, CISA said that all US government agencies that still run SolarWinds Orion platforms must update to the latest 2020.2.1HF2 version by the end of the year."
CISA updates SolarWinds guidance, tells US govt agencies to update right away
Maybe post each story as a comment, so they can be individually upvoted and commented on?
I like that idea! Thanks! That would also help me to learn what stories are more relevant to people. I'm also curious if it would be most impactful to mix in news and guides related to personal computing as well as enterprise + national security concerns.
If you post each article as a comment that would also make it a bit more likely others will feel comfortable contributing as well IMO, sort of like what occurs in the Weekly coronavirus topic. And if this becomes a popular enough thing, @Deimos might even be willing to add it to the regularly scheduled topics too.
Just to clarify, that would be the end of last year, i.e. 2020. (That article was published on Dec. 30.)
I'll be curious about the long-term consequences of this breach. Not just what horrible shit Russian intelligence will get up to with all the data they exfiltrated, but whether big corporate and government agencies will come to their senses and realize that from a security perspective, more is worse and you can't fix your security problems by throwing more software at them. (I'm not particularly hopeful on that front… but definitely curious.)
Personally, I don't think there is another path other than putting resources into developing better hardware and software. Unfortunately, for corporations at least, part of the issue is good security is expensive and a lot of the time it's probably cheaper to just let things slide.
I love this, please keep doing them!