Inside Security - November 5th, 2018 |

Inside Security (Nov 5th, 2018)

Google anti-phishing login protection / PortSmash is a new CPU bug / Funding news of the week

Subscribe to Inside Security

New blank template
Subscribe | View in browser

Today’s premium story is about the threat of infected USB drives on industrial control networks. If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters delivered without any ads. Click on this link here to upgrade your account.  

I blogged about the role that Facebook has played in amplifying hate speech and fake news, you might want to read it.

-- David Strom

1. Google has beefed up its automated security scans to detect phished impersonated account logins. They explain how this works in this post. Your browser will need to support Javascript. Suspect accounts will require completing the recovery process. -- NAKED SECURITY

2. Intel chips have a new vulnerability called PortSmash. Academic researchers in Finland and Cuba found it inside the hyper-threading feature of two CPUs, Skylake and Kaby Lake. They have proof-of-concept code on Github that was able to steal decryption keys. -- THE REGISTER   

Kick air pollution out of your home: See how Molekule redefines air purification

The award-winning Molekule is the first air purifier to destroy pollutants like viruses, mold and bacteria that other purifiers can’t. Take control of indoor air quality with a device as effective as it is beautiful.

Sign up for Molekule updates to get the latest offers and air-quality research.

3. New research by Krebs shows that shopping cart-based scripting attacks is more pervasive that originally thought. He takes readers through his investigations using a variety of open-source website tracking tools. -- KREBS ON SECURITY

4. The source of a secret CIA communications system has been leaking names of operatives for years. Iranian and Chinese spies figured out its operation from searching the Internet, with a little help from a turned double agent. -- YAHOO FINANCE

Has your business tried newsletter ads?

Our readers (like you!) are highly sophisticated and consider Inside to be a trusted source of news. How does sponsorship work? 

1. Pick your audience (examples: founders, executives, marketers, developers, high-earning consumers)

2. Pick your geo (examples: USA, NYC, West Coast, etc.)

3. Sit back and watch the results roll in

Click here to get started

5. Funding news of the week.

Qualys has acquired Layered Insight, a provider of container security tools, for $12M, with additional performance bonuses.

Lucideus has received a $5M A funding round, led by John Chambers and others. They are based in Bombay and have a real-time risk management tool. Their CEO is Saket Modi.

Attila Security has received a $2.5M seed funding round, led by DataTribe. They are based in the DC area and have a consumer firewall/VPN device. Their CEO is Gregg Smith.  

Shape Security has received a $26M funding round, led by Norwest Venture Partners. They are based in Silicon Valley and have an anti-imitation defense tool. Derek Smith is their CEO.

Inpher has received a $10M A funding round, led by JP Morgan Chase. They are based in NYC and have a new take on homomorphic encryption. Their CEO is Jordan Brandt.

6. Last week, California Governor Jerry Brown signed into law bills that regulate IoT devices. The law goes into effect in 2020 and will require additional security measures regarding user authentication and unique device passwords. -- MORRISON FOERSTER BLOG

7. Here is a guide to understanding how Windows’ Group Policy Objects security works. It is helpful for red teams that are looking to expose potential vulnerabilities across their networks. -- WALD0 BLOG

8. The Fbot and Trinity botnets are waging war against each other, going after the same Android devices that have an open diagnostic port 5555. If this sounds familiar, there are numerous other malware authors targeting this software. -- ZDNET

9. Here are a few reasons why CSO leadership needs to up their game. A combination of misclassification of data, lackluster crisis management and a failure to quickly quantify business impacts of breaches are just a few of them. -- CIO.COM

10. Self-encrypting hard drives could be vulnerable, according to new research. If an attacker has physical access to the drive, they could defeat the encryption mechanisms. You should use additional software measures. -- RADBOUD UNIVERSITY BLOG

Here are more fun with charts. -- MARKETOONST

For our premium story, we dive into a report that examines telemetry on USB usage and behavioral data from 50 Honeywell industrial customer networks.

This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).

Copyright ©, All rights reserved.

Our mailing address is:
767 Bryant St. #203
San Francisco, CA 94107

Did someone forward this email to you? Head over to to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.

Subscribe to Inside Security