Sunday, December 04, 2022

What I am Reading 12/4/2022

Common Supply Chain Challenges (flowchart)

How Capitalism—Not a Few Bad Actors—Destroyed the Internet

Online Safety Bill: Plan to make big tech remove harmful content axed

How to build a public profile as a cybersecurity pro

What Every Enterprise Can Learn From Russia’s Cyber Assault on Ukraine

7 free cybersecurity resources you need to bookmark

The 5 Core Principles of the Zero-Trust Cybersecurity Model

Cisco ISE Vulnerabilities Can Be Chained in One-Click Exploit

US bans Chinese telecoms imports – won't even consider authorizing them

Using Hardware Logic to Protect Critical Infrastructure

The exodus from Elon Musk’s Twitter has begun. Should the infosec community care?

Mitsubishi Electric PLCs Exposed to Attacks by Engineering Software Flaws

What the CISA Reporting Rule Means for Your IT Security Protocol

One Year After Log4Shell, Most Firms Are Still Exposed to Attack

Update added 12/4/2022: 

State of Emergency declared, FBI investigating power grid attack in Moore County, sheriff says

If you have Audible I highly recommend this podcast "Operation Paperclip"  which revolves around the takedown of of and then the subsequent return of Albert Gonzalez to credit card fraud via the TJX and Office Depot hacks.

Sunday, November 27, 2022

What I'm Reading 11/27/2022 (including 3 books I recently finished)

 US Government Begins Researching 'Climate Intervention' Geoengineering

A Third of Global Organizations Were Breached Over Seven Times in the Past Year

5 free resources from the Cybersecurity and Infrastructure Security Agency (CISA)

73 Percent of Retail Applications Contain Security Flaws, but Only a Quarter Are Fixed

Digesting CISA's Cross-Sector Cybersecurity Performance Goals

CISA Updates Infrastructure Resilience Planning Framework

The Biden administration has racked up a host of cybersecurity accomplishments

Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries

Crypto Firm FTX’s Ownership of a U.S. Bank Raises Questions

How the cyber incident reporting law could finally fix the information sharing problem

How Xi Jinping leveled-up China's hacking teams

MIT Research Documents Effectiveness of Consensus Cyber Risk Oversight Principles

90% of organizations have Microsoft 365 security gaps

US tech layoffs: India workers face painful exit from the US

US bans sale of Huawei, ZTE tech amid security fears

Three Books I have read recently --

Project Zero Trust: A Story about a Strategy for Aligning Security and the Business

Investments Unlimited: A Novel About DevOps, Security, Audit Compliance, and Thriving in the Digital Age

These books use the same concept as The Phoenix Project, working through a technical or management issue in a novelization format.  Neither is an in-depth technical resource but they do provide solid underpinnings for beginning in DevOps or Zero Trust Security.

Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency

Pretty interesting story on how law enforcement used Bitcoins reputation as being untraceable to track and arrest online drug dealers and CSAM peddlers. 

Sunday, November 20, 2022

What I'm Reading 11/20/2022

Exclusive: Russian software disguised as American finds its way into U.S. Army, CDC apps

5 Kali Linux tools you should learn how to use

Swimlane and Nozomi Networks, Vulnerability Management Automation for Critical Infrastructure

Will a Labeling System Solve IoT Security Challenges?

Is the Grid Secure Enough for the Electric Vehicle Influx?

Applying IP network guidance has harmed control system field devices and legacy control systems

Microsoft: Hackers are using this 'concerning' tactic to dodge multi-factor authentication

Get Ahead of the Five Most Dangerous New Attack Techniques

US govt: Iranian hackers breached federal agency using Log4Shell exploit

US Gov Warning: Start Hunting for Iranian APTs That Exploited Log4

Researchers Say China State-backed Hackers Breached a Digital Certificate Authority

Omron PLC Vulnerability Exploited by Sophisticated ICS Malware

Over 12,000 Cyber Incidents at DoD Since 2015, But Incident Management Still Lacking

How to overcome OT security threats?

Sunday, November 13, 2022

What I'm Reading 11/13/2022 #infosec #cybersecurity #reading

 A Cypherpunk's Manifesto

Guess what we find in books? A look Inside our Midwest Regional Digitization Center– by Jeff Sharpe

NSA - Software Memory Safety

NSA urges orgs to use memory-safe programming languages

Mysterious company with government ties plays key internet role

concerns about Trustcor

Tech’s Talent Wars Have Come Back to Bite It

Is web3 bullshit? (Transcript)

World population to reach 8 billion on 15 November 2022

The Email Caste's Last Stand

The Fallout From the First Trial of a Corporate Executive for ‘Covering Up’ a Data Breach

the most unethical thing I was asked to build while working at Twitter.

How corporate chiefs dodge lawsuits over sexual abuse and deadly products

Silicon Valley’s Horrible Bosses

The fall of the FTX ‘King of Crypto’ Sam Bankman-Fried

High-Severity Flaw Reported in Critical System Used by Oil and Gas Companies

Expert warns that the US and Israel are still unprepared to defeat a cyber attack against organizations in the water sector.

China is likely stockpiling and deploying vulnerabilities, says Microsoft

Nation-State Hacker Attacks on Critical Infrastructure Soar: Microsoft

5 Reasons to Consolidate Your Tech Stack

This Hidden Facebook Tool Lets Users Remove Their Email or Phone Number Shared by Others

Expert warns that the US and Israel are still unprepared to defeat a cyber attack against organizations in the water sector.

CISA Releases Decision Tree Model to Help Companies Prioritize Vulnerability Patching

The future of cybersecurity: DAST solutions, SBOMs, and APIs to take center stage

Why it's time to review your Microsoft patch management options

Sunday, November 06, 2022

What I'm Reading 11/6/2022

Well, the summer haitus went on much longer than intended. Work got extremely busy and I just didn't have the time or energy, but now I'm back (even though no one reads this blog).

Securing OT That Can’t Be Patched

Critical infrastructures cannot be secure when critical equipment isn’t

Security Culture: An OT Survival Story

Engineering workstation attacks on industrial control systems double: Report

CISA releases cybersecurity performance goals to reduce risk and impact of adversarial threats

CISA's critical infrastructure performance goals win praise, but questions remain about effectiveness

The 8 Best Vintage Self-Improvement Books

Social Engineering Kill–Chain: Predicting, Minimizing & Disrupting Attack Verticals

OpenSSL dodges a security bullet

How to securely manage LAPS on a Windows network

Security Leaders Share 5 Steps to Strengthen Cyber Resilience

Federal bans aren't stopping US states from buying forbidden Chinese kit

I'll try and get back on the weekly schedule in the future.

Monday, August 29, 2022

What I'm Reading 8/29/2022 #infosec #cybersecurity

 I'm back a week early - Hooray!!

How to Recognize and Treat Heat Stroke and Heat Exhaustion - (late but still a few 90+ degree days left so...)

How secure is America's electric grid?

(here is the website mentioned in the video if you are interested: Grid Security Now!

Critical infrastructure is under attack from hackers. Securing it needs to be a priority - before it's too late

'Quiet quitting' has nothing to do with lazy employees. It's about rejecting broken work culture

CISA: Action required now to prepare for quantum computing cyber threats

CISA wants you to patch these actively exploited vulnerabilities before September 8

Computer Networks from Scratch

Employee’s compromised Google credentials led to Cisco breach

Security and Cheap Complexity

New Air-Gap Attack Uses MEMS Gyroscope Ultrasonic Covert Channel to Leak Data

New Evil PLC Attack Weaponizes PLCs to Breach OT and Enterprise Networks


Monday, July 11, 2022