Pentagon’s China Warning Prompts Calls to Vet U.S. Funding of Startups
Cisco warns of premature DIMM failures
Beautiful Basics - Series
The stakes 'could not be any higher': CISA chief talks about the tech challenges ahead
Google Created 'Open-Source Maintenance Crew' to Help Secure Critical Projects
A year later, Biden’s cybersecurity executive order driving positive change
NIST Cybersecurity Framework update comments highlight a gamut of needed changes
Utility industry continues to deny that control system cyber incidents are occurring
The Texas electric grid can barely keep the lights on
6 top network security threats and how to beat them
ICS Patch Tuesday: Siemens, Schneider Electric Address 43 Vulnerabilities
What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers
CISA Temporarily Removes CVE-2022-26925 from Known Exploited Vulnerability Catalog
May's Patch Tuesday updates make urgent patching a must
Training on understanding, protecting, and securing Industrial Control Systems (ICS) from cyber-attacks.
Non - Work Stuff
Bitcoin falls to 10-month low as stock markets tumble
Satoshi-Era Bitcoin Wallet Awakens with BTC in It Worth 62x in USD
Layoffs and a Silicon Valley Sell-Off Create Shaky Low-Valued 'Unicorn Zombies'
Uber CEO Tells Staff Company Will Cut Down on Costs, Treat Hiring as a 'Privilege'
The End of Industrial Society
It Began as an AI-Fueled Dungeon Game. It Got Much Darker
Cybersecurity has a desperate skills crisis. Rural America could have the answer
Texas law that allows users to sue social networks for censorship is now in effect
The EU Commission is planning automatic CSAM scanning of your private communication – or total surveillance in the name of child protection.
Hawley introduces bill to strip 'woke' Disney of special copyright protections
Cracking the Code: Sneakers at 30
Sunday, May 15, 2022
Thursday, May 12, 2022
I've spent time in Japan so when I saw the Tokyo Vice TV series on HBO Max I was intrigued. Watched the series and it was good enough I decided to read the book.
The book is very interesting. Quite a bit of background on Japanese society and on the Japanese underworld. Some very sympathetic characters and some real scumbags too. I recommend it, it's a good casual read but not lightweight and you might expand you're horizons a bit.
Sunday, May 08, 2022
U.S. Passes New Cybersecurity Law for Critical Infrastructure Reporting
The new cybersecurity mandate - Parsing the White House’s cybersecurity directives.
CISA Extends Recommendations to Non-Federal Organizations - Keeping malware from entering networks through web browsers
NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks
Russia is losing the cyberwar against Ukraine, too
Cybersecurity metrics corporate boards want to see
Hackers are exploiting 0-days more than ever
How Log4j Reshaped Cloud Security Thinking
Here's a New Tool That Scans Open-Source Repositories for Malicious Packages
Compromising WSUS for lateral movement
Kaspersky Warns of Fileless Malware Hidden in Windows Event Logs
Finding the Real "Last Patched" Day (Interim Version)
Botnet that hid for 18 months boasted some of the coolest tradecraft ever
Revisiting the Colonial Pipeline Cyberattack, One Year Later
Flaws in Avast, AVG Antiviruses Could Have Facilitated Attacks on Millions of Devices
How masscan works
California Says It Needs More Power to Keep the Lights On
Giving old dams new life could spark an energy boom
This ugly t-shirt makes you invisible to facial recognition tech
Logging and monitoring can be a form of bullying, and make for lousy infosec
The Seven Different Types of Jerks at Work (and How to Deal With Them)
103 Bits of Advice I Wish I Had Known
How big companies kill ideas — and how to fight back, with Tony Fadell
Announcing the public availability of the Cisco Cloud Controls Framework (CCF)
The Crypto Elites Are Plotting a Wall Street Merger
IBM's asshole test
Demystifying Database Performance for Developers
Edward Snowden in Hindsight
Hitting the Books: US regulators are losing the fight against Big Tech
Opinion: Do poison pills work? A finance expert explains the anti-takeover tool that Twitter hopes will keep Elon Musk at bay
Agile and the Long Crisis of Software
Tuesday, May 03, 2022
Over the past 5 years I have been to quite a few conferences and S4 has been in my top 3 since I first attended at S4x20 (for the record the other two are the April 2018 mini-conference put on by Scoop News Group and Layer One). This year was no exception.
S4 has a few things going for it that separate it from a lot of other conferences that I have been to:
1. The venue - Usually S4 is held at the Filmore Theatre in Miami Beach (next year it will still be in Miami Beach but a different location due to remodeling). The Filmore is pretty accessible, comfortable to spend time in, and large enough to handle the number of attendees, with some overflow across the street. It's close to the beach, the conference hotels and various restaurants and other nightlife. So all in all a plus
In addition the are some associated events at the Miami Beach Botanical Gardens and a Welcome aboard party that add to the attractiveness of the location.
2. Conference Size - this year it was about 800 people. Large enough for variety but no so large you get lost in the pack. This also means if you want to see a talk you can get in to see the talk.
3. Very Focused - this conference is focused on ICS cyber security so everything revolves around that. So unlike larger more general conferences you aren't constantly pouring over talk schedules trying to figure out what really applies to you.
4. Format - there is a very good balance of technical / non-technical talks and activities. This relates back to number 3.
5. The People - usually at a conference there is at least one jerk trying to make people miserable. I haven't seen that at either of my two outings to S4. All the people I ran into - if not friendly at least weren't unfriendly. Makes everything much more relaxing.
The only slight downsides are:
1. Travel - It's a pain to get to Miami Beach from Portland at a reasonable price.
2. The Cabana Sessions - Just my opinion but way to crowded for that pool space.
3. Swag - This is my fault entirely, but I always end up with too much of it and hauling it home is a pain. :-). Bring an extra bag because you'll definitely be able to fill it. (In case it isn't clear I am not really complaining about too much free stuff)
Anyway if you work in industrial cybersecurity or an adjacent field I highly recommend this conference.
Sunday, May 01, 2022
CISA - 2021 Top Routinely Exploited Vulnerabilities
Who is exploiting VMware right now? Probably Iran's Rocket Kitten, to name one
That time we unplugged a data center to test our disaster readiness
Log4j Attack Surface Remains Massive
What the ECDSA Flaw in Java Means for Enterprises
USA's plan to decouple its tech with China lacks a strategy – report
Germany's Nuclear Fumble
Overlapping ICS/OT Mandates Distract From Threat Detection and Response
Control system cyber incidents in electric and other sectors are frequent, often impactful, but not reported
Microsoft warns: These flaws could give attackers root privileges on Linux desktops
Mandiant: Attackers' Median Dwell Time Drops to 3 Weeks
Top 5 security analytics to measure
Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group
Facebook Doesn’t Know What It Does With Your Data, Or Where It Goes: Leaked Document
Hackers Reportedly Target Wind-Energy Companies
Twitter Admits It Hid Tweets About HBO's QAnon Docuseries
Conservative Twitter accounts got boost in followers after Musk acquisition, data shows
Network Scanning Techniques: Ethical Hacking Basics
How Technocrats Triumphed at Apple
Bonus Driven Development
Iron Salt Aerosol
if this sounds intriguing read "Termination Shock" by Neal Stephenson
Hucksters on Parade
Sunday, April 24, 2022
I missed last week because I was out of town at S4x22 in Miami Beach (good time), but I am back now.
Work Related Stuff
How to achieve better cybersecurity assurances and improve cyber hygiene
Russian hackers thwarted in attempt to take out electrical grid, Ukrainians say
7th ever ICS Specific Malware
US warning: Hackers have built tools to attack these key industrial control systems
Zapped: The grid is on life support. Can AI fix it?
Flaws in ABB Network Interface Modules Expose Industrial Systems to DoS Attacks
Microsoft details how China-linked crew's malware hides scheduled Windows tasks
You can’t protect the unprotectable – our critical infrastructures
US warns of APT groups that can “gain full system access” to some industrial control systems
and two days later...
It's Pretty Easy to Hack the Program That Runs Our Power Grids, It Turns Out
This took place at the conference I was at (S4x22 - people were fairly excited by it)
Early Discovery of Pipedream Malware a Success Story for Industrial Security
Chernovite's PIPEDREAM Malware targeting Industrial Control Systems (ICS)
Hackers find 122 vulnerabilities — 27 deemed critical — during first round of DHS bug bounty program
more from the conference I was at :-)
Communist China Has Thrown Out the Old Rules of War
Why the Past 10 Years of American Life Have Been Uniquely Stupid
The Biden administration gives a green light to a fuel that could be even dirtier than regular gas
An Argument for a Return to Web 1.0
Can Corporate Sustainability Claims Be Trusted?
Here’s Why No One Wants to Talk About Sweden
Tuesday, April 12, 2022
I don't think there is anything super new in here but it pulls a lot of disparate thoughts together and makes a more coherent whole. Doesn't exactly paint a rosy picture for the future of life in America.