What I am reading 10/18/2023 - Log4J is the gift that keeps on giving

Sorry for the pause, I lost access to the blog for awhile (it was reported as spam and suspended - just got it back this morning)

 -------------------------

China’s cyber army is invading critical U.S. services

 https://www.washingtonpost.com/technology/2023/12/11/china-hacking-hawaii-pacific-taiwan-conflict/

 National Grid latest UK org to zap Chinese kit from critical infrastructure

 https://www.theregister.com/2023/12/18/national_grid_bans_china_equipment/

 SSH keys stolen by stream of malicious PyPI and npm packages

 https://www.bleepingcomputer.com/news/security/ssh-keys-stolen-by-stream-of-malicious-pypi-and-npm-packages/

 Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

 https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/

 Stealthy Linux rootkit found in the wild after going undetected for 2 years

 https://arstechnica.com/security/2023/12/stealthy-linux-rootkit-found-in-the-wild-after-going-undetected-for-2-years/

 Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug

 https://www.darkreading.com/cloud-security/patch-exploit-activity-dangerous-apache-struts-bug

 A new, modern, and secure print experience from Windows

 https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645

 CISA urges vendors to get rid of default passwords

 https://cyberscoop.com/cisa-urges-vendors-to-get-rid-of-default-passwords/

 MITRE Debuts ICS Threat Modeling for Embedded Systems

 https://www.darkreading.com/ics-ot-security/mitre-debuts-ics-cyber-threat-modeling-embedded-systems

 North Korean hacking ops continue to exploit Log4Shell

 https://cyberscoop.com/north-korea-lazarus-log4j-log4shell/

 Two years on, 1 in 4 apps still vulnerable to Log4Shell

 https://www.theregister.com/2023/12/11/log4j_vulnerabilities/

 Apple admits to secretly giving governments push notification data

 https://arstechnica.com/tech-policy/2023/12/apple-admits-to-secretly-giving-governments-push-notification-data/

 Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024

 https://www.darkreading.com/vulnerabilities-threats/adapting-post-solarwinds-era-supply-chain-security-2024

 The quest to turn basalt dust into a viable climate solution

 https://arstechnica.com/science/2023/12/the-quest-to-turn-basalt-dust-into-a-viable-climate-solution/

 “Renew Home” company brings power grid data to your smart home

 https://arstechnica.com/gadgets/2023/12/alphabets-renew-home-company-brings-power-grid-data-to-your-smart-home/

 Broadcom ends VMware perpetual license sales, testing customers and partners

 https://arstechnica.com/information-technology/2023/12/broadcom-ends-vmware-perpetual-license-sales-testing-customers-and-partners/

 As the SEC’s new data breach disclosure rules take effect, here’s what you need to know

 https://techcrunch.com/2023/12/18/new-sec-data-breach-disclosure-rules/

 Widespread FBI abuse of foreign spy law sets off “alarm bells,” tech group says

 https://arstechnica.com/tech-policy/2023/05/fbi-misused-foreign-surveillance-law-280k-times-to-snoop-on-people-in-the-us/

Texas power plants have no responsibility to provide electricity in emergencies, judges rule

 https://www.kut.org/energy-environment/2023-12-15/texas-power-plants-have-no-responsibility-to-provide-electricity-in-emergencies-judges-rule

 To Revive Portland, Officials Seek to Ban Public Drug Use

https://www.nytimes.com/2023/12/11/us/portland-oregon-drug-laws.html

 How to De-Ice Your Windshield Easily and Effectively

 https://www.artofmanliness.com/skills/how-to/how-to-de-ice-your-windshield-easily-and-effectively/