Books
The 2020 Commission Report on the North Korean Nuclear Attacks Against the United States: A Speculative Novel
Network Forensics Tracking Hackers Through Cyberspace
News / Blogs
Reuters - Key Pentagon official to resign at Trump's request amid Huawei trade spat -
The 2020 Commission Report on the North Korean Nuclear Attacks Against the United States: A Speculative Novel
Network Forensics Tracking Hackers Through Cyberspace
News / Blogs
Reuters - Key Pentagon official to resign at Trump's request amid Huawei trade spat -
The announcement comes a day after Trump pushed back against a move by some officials in key U.S. federal agencies to further limit exports to China, saying national security concerns should not be used as an excuse to stymy sales by U.S. companies abroad.
One of the measures floated involved expanding the government’s ability to block exports to telecom equipment giant Huawei, which was placed on a trade blacklist last year over national security concerns.Yahoo - Should Facebook, Google be liable for user posts? asks U.S. Attorney General Barr -
"No longer are tech companies the underdog upstarts. They have become titans," Barr said at a public meeting held by the Justice Department to examine the future of Section 230 of the Communications Decency Act.
"Given this changing technological landscape, valid questions have been raised about whether Section 230's broad immunity is necessary at least in its current form," he said.BBC - Should your email say if you're he, she or they? -
"The whole point really is that it's a way to send the message that gender is not binary. This is normalising that conversation," Ms O'Neill says. "This is a very easy way to send a message of inclusion."Andrew Best - Learn Authentication The Hard Way: Part One -
If you are a software developer, security is one of your primary concerns. If you ship code, and that code deals with any sort of sensitive or personal information, you need to ensure your code and the systems you build allow people to transact on your systems safely and securely, free from fear of compromise or consequence. Your user’s security is not Someone Else’s Problem.The Register - When the air gap is the space between the ears: A natural gas plant let ransomware spread from office IT to ops -
In addition to failing to stop the spear-phishing that led to the infection, CISA says the plant's operator fell short on separating the IT network from the operational systems of the plant. This made it easier for the malware to move between two networks that should have been isolated from one another, or at least better-secured.
Fortunately, because the attack involved a piece of Windows-only ransomware, the malicious code was unable to affect the gas plant control systems that directly controlled operations. It appears the spear-phisher was more interested in holding files to ransom than specifically disrupting plant systems. Still, as a result of the infection, the plant had to be shut down as the monitoring systems were cleaned up.In case you guys are interested Clint Bodungen from Threatgen gave a talk about this subject at S4x20 (video isn't available yet but it will be so watch here)
Dragos - Assessment of Ransomware Event at U.S. Pipeline Operator -
Operational impacts were likely caused by a combination of insufficient segregation of IT and ICS environments and shared Windows operating system infrastructure. Based on reporting, the intrusion appears to only have impacted a natural gas compression facility owned by the pipeline operator. Impacted ICS devices included data historians and human machine interface (HMI) devices but did not propagate to Layer 1 devices or lower, such as PLCs.
CSO - The CCPA is an opportunity to get your data security house in order -
You could study what the CCPA means for your business and work out how to comply in fire-fighting mode, then wait for the next piece of data legislation. But that’s short-term thinking, and it will cost you more in the long run. The smarter move is to use the CCPA as a springboard to re-examine your data security efforts, fundamentally change the way you collect and use sensitive data and get your house in order.
- Limit Data Collection - Why do you need it?
- Secure the Data - includes non-production environments
- Limit Data Distribution - only give it to people who need it
BBC - MGM hack exposes personal data of 10.6 million guests -
The personal information of 10.6 million guests who stayed at MGM Resorts hotels was hacked last summer.
The hack was first reported by ZDNet on Wednesday, which said the stolen information was posted to a hacking forum this week. MGM confirmed the attack took place to the BBC.
The data exposed included names, address, and passport numbers for former guests.
MGM said it was "confident" no financial information had been exposed.Fits well with the CSO Magazine article on CCPA I think.
No comments:
Post a Comment