Today’s premium story is about various trips down memory lane of significant past events in computer security. If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters delivered without any ads. Click on this link here to upgrade your account.
As I mentioned last week, I am publishing four newsletters this week, including today. For next week’s schedule, I will publish on Monday, Tuesday and Wednesday.
-- David Strom
1. Seven new variations in Spectre and Meltdown have been discovered by the original research team. The classification diagram shows which are new and which are already reported. Intel claims existing mitigations are adequate enough protection, a claim refuted by the researchers. -- ACADEMIC PRE-PRINT (PDF)
2. Nordstrom was hit with a new breach last month. This one targeted employee data, both current and past ones. It happened thanks to a contractor’s mistake. Here is the chain’s notification page, with helpful hints. -- SEATTLE TIMES
Find out what motivates developers to contribute to open source and what barriers prevent others from doing the same.
Get the report.
3. The annual Pwn2Own hacking contest happened earlier this week in Tokyo. It is put on by Trend Micro’s Zero-Day Initiative to find new vulnerabilities. The first day saw $225,000 in prize money awarded, and the second day saw $105,000 in prizes awarded. Various mobile phones were easily hacked by participants.
4. Bad bots make up a fifth of traffic to online airline websites, according to a new report. They conduct “seat spinning” (holding a seat without any purchase), unauthorized content scraping, and takeover of loyalty program accounts. -- DISTIL NETWORKS (PDF)
What’s the ideal work environment for your personality?
Employees should be empowered to work where, when, and however they are most productive. Maybe you’re meant to work remotely. Maybe you’re destined for your own corner office.
Curious what the ideal work environment is for your personality?
Take the quiz to find out.
5. Here are some tips to prevent your users from downloading phony and malicious smartphone apps. The post by my colleague Mike Elgan also reviews some of the more pernicious recent examples of how these apps operate. -- SECURITY INTELLIGENCE (IBM)
6. A new state-sponsored hacking team has been identified by researchers. Called The White Company, it has targeted Pakistani government agencies and its malware goes through numerous obfuscation steps. -- CYLANCE THREAT VECTOR BLOG
7. Researchers developed a proof of concept compromise that infects Word documents with malicious embedded videos. -- TREND MICRO BLOG
8. Want to watch a live cyberattack as it happens? You have two opportunities. Tune in tomorrow at 11am ET to watch this live DDoS attack in this webinar. Also, you can tune in tomorrow at 1pm ET for this webinar, showing what a defender has to do to neutralize a more general attack. Both will be available for replay if you miss them.
9. Beware of “secret sister” chain emails. The holiday-themed scams mimic popular office secret Santa gift-giving efforts; just delete them. -- MALWAREBYTES BLOG
10. A comparison of biometric authentication platforms has found OneSpan superior amongst 12 vendors evaluated. -- JAVELIN STRATEGY
RTFM. -- IAMDEVELOPER @ TWITTER
Several looking-back articles appeared this week in advance of the traditional year-end reviews. In this premium edition, I link to them and provide my own commentary.
This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.
Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).