Open Security News week 5-2022

Duplicating work wastes time, money, and energy. Reuse and improve solid cyber security knowledge. Avoid old mistakes and use new solid open security knowledge.

1 Malicious app on Google Play drops banking malware on users’ devices

Pradeo’s researchers discovered a malicious mobile application called 2FA Authenticator distributed on Google Play and installed by 10K+ users.


2 Hackers are now dropping malware into SSD drives through firmware updates

In a new recent paper, academics at Korea University in Seoul have outlined how solid-state drives (SSDs) can be cracked open with malware that goes beyond the reach of traditional antivirus scanning and user access.


3 Deciduous: A Security Decision Tree Generator

Security decision trees are a powerful tool to inform saner security prioritization when designing, building, and operating software systems. This very simple pure HTML FOSS tool can help.

4 The Cyber Tub: Communicating the Dynamics of Information Security Risk Management

Risk accumulates in complex systems. We can’t expect to present facts and figures to non-experts and have them perfectly grasp the dynamic processes around information security risk.

5 Solving Open Source Supply Chain Security for the PHP Ecosystem

It’s not a new problem. We know it’s a solvable problem. But what if we could prove whether or not a particular software update was inspected, and to what degree?


6 Defining Security Requirements with Common Criteria: Applications, Adoptions, and Challenges

Common Criteria for Information Technology Security Evaluation (often referred to as Common Criteria or CC) is an international standard (ISO/IEC 15408) for cyber security certification. Of course you can find the CC using the reference section in our Security Reference Architecture. This paper is review of the CC standards and its adoptions.
(arXiv Link)

7 STRIDE-based Cyber Security Threat Modeling for IoT-enabled Precision Agriculture Systems

The concept of traditional farming is changing rapidly with the introduction of smart technologies like the Internet of Things (IoT). But what are the vulnerabilities, threats, and security issues we should consider while deploying precision agriculture?
(arXiv Link)

Our partners:


The Open Security newsletter is an overview of cyber security news with a core focus on openness. Pointing out what went wrong after a cyber security breach is easy. Designing good and simple measurements is hard. So join the open Security Reference Architecture collaboration project to create better solutions together. Or become a partner to support this project. Use our RSS or ATOM feed to follow Open Security News.