Nordstrom breach | Inside Security - November, 14th 2018

Inside Security (Nov 14th, 2018)

New Spectre attack vectors / Nordstrom staff data breach / Pwn2Own results


New blank template
###CAMPAIGN:PREVIEW### ###PIXEL:IMG###
Subscribe | View in browser

Today’s premium story is about various trips down memory lane of significant past events in computer security. If you would like to subscribe and receive this content, it will cost you $10/month for my newsletter or $25/month for unlimited subscriptions to multiple newsletters, with corporate discounts available. The premium stories will have more depth and my analysis, and you will also get your newsletters delivered without any ads. Click on this link here to upgrade your account.  

As I mentioned last week, I am publishing four newsletters this week, including today. For next week’s schedule, I will publish on Monday, Tuesday and Wednesday.

-- David Strom



1. Seven new variations in Spectre and Meltdown have been discovered by the original research team. The classification diagram shows which are new and which are already reported. Intel claims existing mitigations are adequate enough protection, a claim refuted by the researchers. -- ACADEMIC PRE-PRINT (PDF)


2. Nordstrom was hit with a new breach last month. This one targeted employee data, both current and past ones. It happened thanks to a contractor’s mistake. Here is the chain’s notification page, with helpful hints. -- SEATTLE TIMES


Find out what motivates developers to contribute to open source and what barriers prevent others from doing the same.

Get the report.


3. The annual Pwn2Own hacking contest happened earlier this week in Tokyo. It is put on by Trend Micro’s Zero-Day Initiative to find new vulnerabilities. The first day saw $225,000 in prize money awarded, and the second day saw $105,000 in prizes awarded. Various mobile phones were easily hacked by participants.  


4. Bad bots make up a fifth of traffic to online airline websites, according to a new report. They conduct “seat spinning” (holding a seat without any purchase), unauthorized content scraping, and takeover of loyalty program accounts. -- DISTIL NETWORKS (PDF)


What’s the ideal work environment for your personality?

Employees should be empowered to work where, when, and however they are most productive. Maybe you’re meant to work remotely. Maybe you’re destined for your own corner office.

Curious what the ideal work environment is for your personality?

Take the quiz to find out.


5. Here are some tips to prevent your users from downloading phony and malicious smartphone apps. The post by my colleague Mike Elgan also reviews some of the more pernicious recent examples of how these apps operate. -- SECURITY INTELLIGENCE (IBM)


6. A new state-sponsored hacking team has been identified by researchers. Called The White Company, it has targeted Pakistani government agencies and its malware goes through numerous obfuscation steps. -- CYLANCE THREAT VECTOR BLOG

7. Researchers developed a proof of concept compromise that infects Word documents with malicious embedded videos. -- TREND MICRO BLOG

8. Want to watch a live cyberattack as it happens? You have two opportunities. Tune in tomorrow at 11am ET to watch this live DDoS attack in this webinar. Also, you can tune in  tomorrow at 1pm ET for this webinar, showing what a defender has to do to neutralize a more general attack. Both will be available for replay if you miss them.

9. Beware of “secret sister” chain emails. The holiday-themed scams mimic popular office secret Santa gift-giving efforts; just delete them. -- MALWAREBYTES BLOG

10. A comparison of biometric authentication platforms has found OneSpan superior amongst 12 vendors evaluated. -- JAVELIN STRATEGY


RTFM. -- IAMDEVELOPER @ TWITTER


Several looking-back articles appeared this week in advance of the traditional year-end reviews. In this premium edition, I link to them and provide my own commentary.


This newsletter is written and curated by David Strom. I live in St. Louis MO and have covered the infosec industry for decades. I also ran editorial operations for various B2B IT publications including Network Computing (USA), Tom’s Hardware and ReadWrite.com’s business websites. You can find me at @dstrom or my personal site.

Finally, we note our editing team: Lon Harris (editor-in-chief at Inside.com, game-master at Screen Junkies), Krystle Vermes (Breaking news editor at Inside, B2B marketing news reporter, host of the "All Day Paranormal" podcast), and Susmita Baral (editor at Inside, recent bylines in NatGeo, Teen Vogue, and Quartz. Runs the biggest mac and cheese account on Instagram).


Copyright © Inside.com, All rights reserved.

Our mailing address is:
Inside.com
767 Bryant St. #203
San Francisco, CA 94107



Did someone forward this email to you? Head over to inside.com to get your very own free subscription!

You received this email because you subscribed to Inside Security. Click here to unsubscribe from Inside Security list or manage your subscriptions.

Subscribe to Inside Security

MORE NEWSLETTERS

Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Inside AI

Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Latest issue

DAILY
Rob May's roundup of stories and commentary on Artificial Intelligence, Robotics, and Neurotechnology

Inside AI

DAILY

SUBSCRIBED!

Share via

A twice-daily digest of the day's major news stories, including an in-depth breakdown of the coronavirus pandemic.

Inside Daily Brief

A twice-daily digest of the day's major news stories, including an in-depth breakdown of the coronavirus pandemic.

Latest issue

DAILY
A twice-daily digest of the day's major news stories, including an in-depth breakdown of the coronavirus pandemic.

Inside Daily Brief

DAILY

SUBSCRIBED!

Share via

News, updates, reviews and analysis of industry and consumer trends in the world of streaming

Inside Streaming

News, updates, reviews and analysis of industry and consumer trends in the world of streaming

Latest issue

DAILY
News, updates, reviews and analysis of industry and consumer trends in the world of streaming

Inside Streaming

DAILY

SUBSCRIBED!

Share via

Electric vehicles, self-driving automobiles, smart cars and the people making it happen

Inside Electric Vehicles

Electric vehicles, self-driving automobiles, smart cars and the people making it happen

Latest issue

DAILY
Electric vehicles, self-driving automobiles, smart cars and the people making it happen

Inside Electric Vehicles

DAILY

SUBSCRIBED!

Share via