Sunday, May 15, 2022

This Week's Reading 5/15/2022 #infosec #cybersecurity

 Work Stuff

Pentagon’s China Warning Prompts Calls to Vet U.S. Funding of Startups

Cisco warns of premature DIMM failures

Beautiful Basics - Series

The stakes 'could not be any higher': CISA chief talks about the tech challenges ahead

Google Created 'Open-Source Maintenance Crew' to Help Secure Critical Projects

A year later, Biden’s cybersecurity executive order driving positive change

NIST Cybersecurity Framework update comments highlight a gamut of needed changes

Utility industry continues to deny that control system cyber incidents are occurring

The Texas electric grid can barely keep the lights on

6 top network security threats and how to beat them

ICS Patch Tuesday: Siemens, Schneider Electric Address 43 Vulnerabilities

What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers

CISA Temporarily Removes CVE-2022-26925 from Known Exploited Vulnerability Catalog

May's Patch Tuesday updates make urgent patching a must

Training on understanding, protecting, and securing Industrial Control Systems (ICS) from cyber-attacks.


Non - Work Stuff

Bitcoin falls to 10-month low as stock markets tumble

Satoshi-Era Bitcoin Wallet Awakens with BTC in It Worth 62x in USD

Layoffs and a Silicon Valley Sell-Off Create Shaky Low-Valued 'Unicorn Zombies'

Uber CEO Tells Staff Company Will Cut Down on Costs, Treat Hiring as a 'Privilege'

The End of Industrial Society

It Began as an AI-Fueled Dungeon Game. It Got Much Darker

Cybersecurity has a desperate skills crisis. Rural America could have the answer

Texas law that allows users to sue social networks for censorship is now in effect

The EU Commission is planning automatic CSAM scanning of your private communication – or total surveillance in the name of child protection.

Hawley introduces bill to strip 'woke' Disney of special copyright protections

Cracking the Code: Sneakers at 30

Thursday, May 12, 2022

Just finished Tokyo Vice #books

 I've spent time in Japan so when I saw the Tokyo Vice TV series on HBO Max I was intrigued.  Watched the series and it was good enough I decided to read the book.

 The book is very interesting.  Quite a bit of background on Japanese society and on the Japanese underworld.  Some very sympathetic characters and some real scumbags too.  I recommend it, it's a good casual read but not lightweight and you might expand you're horizons a bit.

Sunday, May 08, 2022

This Week's Reading 5/8/2022 #Infosec #Cybersecurity

 Work Stuff

U.S. Passes New Cybersecurity Law for Critical Infrastructure Reporting

The new cybersecurity mandate - Parsing the White House’s cybersecurity directives.

CISA Extends Recommendations to Non-Federal Organizations - Keeping malware from entering networks through web browsers

NIST Releases Updated Cybersecurity Guidance for Managing Supply Chain Risks

Russia is losing the cyberwar against Ukraine, too

Cybersecurity metrics corporate boards want to see

Hackers are exploiting 0-days more than ever

How Log4j Reshaped Cloud Security Thinking

Here's a New Tool That Scans Open-Source Repositories for Malicious Packages

Compromising WSUS for lateral movement

Kaspersky Warns of Fileless Malware Hidden in Windows Event Logs

Finding the Real "Last Patched" Day (Interim Version)

Botnet that hid for 18 months boasted some of the coolest tradecraft ever

Revisiting the Colonial Pipeline Cyberattack, One Year Later

Flaws in Avast, AVG Antiviruses Could Have Facilitated Attacks on Millions of Devices

How masscan works

California Says It Needs More Power to Keep the Lights On

Giving old dams new life could spark an energy boom


Non-Work Stuff

This ugly t-shirt makes you invisible to facial recognition tech

Logging and monitoring can be a form of bullying, and make for lousy infosec

The Seven Different Types of Jerks at Work (and How to Deal With Them)

103 Bits of Advice I Wish I Had Known

How big companies kill ideas — and how to fight back, with Tony Fadell

Announcing the public availability of the Cisco Cloud Controls Framework (CCF)

The Crypto Elites Are Plotting a Wall Street Merger

IBM's asshole test

Demystifying Database Performance for Developers

Edward Snowden in Hindsight

Hitting the Books: US regulators are losing the fight against Big Tech

Opinion: Do poison pills work? A finance expert explains the anti-takeover tool that Twitter hopes will keep Elon Musk at bay

Agile and the Long Crisis of Software

Tuesday, May 03, 2022

Conference Review S4x22 #infosec #cybersecurity

Over the past 5 years I have been to quite a few conferences and S4 has been in my top 3 since I first attended at S4x20 (for the record the other two are the April 2018 mini-conference put on by Scoop News Group and Layer One).  This year was no exception.

S4 has a few things going for it that separate it from a lot of other conferences that I have been to:

1.  The venue - Usually S4 is held at the Filmore Theatre in Miami Beach (next year it will still be in Miami Beach but a different location due to remodeling).  The Filmore is pretty accessible, comfortable to spend time in, and large enough to handle the number of attendees, with some overflow across the street.  It's close to the beach, the conference hotels and various restaurants and other nightlife.  So all in all a plus

In addition the are some associated events at the Miami Beach Botanical Gardens and a Welcome aboard party that add to the attractiveness of the location.

2.  Conference Size - this year it was about 800 people.  Large enough for variety but no so large you get lost in the pack. This also means if you want to see a talk you can get in to see the talk.

3.  Very Focused - this conference is focused on ICS cyber security so everything revolves around that. So unlike larger more general conferences you aren't constantly pouring over talk schedules trying to figure out what really applies to you.

4.  Format - there is a very good balance of technical / non-technical talks and activities.  This relates back to number 3.

5.  The People - usually at a conference there is at least one jerk trying to make people miserable.  I haven't seen that at either of my two outings to S4.  All the people I ran into - if not friendly at least weren't unfriendly.  Makes everything much more relaxing.

The only slight downsides are:

1.  Travel - It's a pain to get to Miami Beach from Portland at a reasonable price.

2.  The Cabana Sessions - Just my opinion but way to crowded for that pool space.  

3.  Swag - This is my fault entirely, but I always end up with too much of it and hauling it home is a pain.  :-).  Bring an extra bag because you'll definitely be able to fill it. (In case it isn't clear I am not really complaining about too much free stuff)

Anyway if you work in industrial cybersecurity or an adjacent field I highly recommend this conference.

Sunday, May 01, 2022

This Week's Reading 1 May 2022 #infosec #cybersecurity #books

 Work Stuff

CISA - 2021 Top Routinely Exploited Vulnerabilities

Who is exploiting VMware right now? Probably Iran's Rocket Kitten, to name one

That time we unplugged a data center to test our disaster readiness

Log4j Attack Surface Remains Massive

What the ECDSA Flaw in Java Means for Enterprises

USA's plan to decouple its tech with China lacks a strategy – report

Germany's Nuclear Fumble

Overlapping ICS/OT Mandates Distract From Threat Detection and Response

Control system cyber incidents in electric and other sectors are frequent, often impactful, but not reported

Microsoft warns: These flaws could give attackers root privileges on Linux desktops

Mandiant: Attackers' Median Dwell Time Drops to 3 Weeks

Top 5 security analytics to measure

Experts Detail 3 Hacking Teams Working Under the Umbrella of TA410 Group

Non-Work Stuff

Facebook Doesn’t Know What It Does With Your Data, Or Where It Goes: Leaked Document

Hackers Reportedly Target Wind-Energy Companies

Twitter Admits It Hid Tweets About HBO's QAnon Docuseries

Conservative Twitter accounts got boost in followers after Musk acquisition, data shows

Network Scanning Techniques: Ethical Hacking Basics

How Technocrats Triumphed at Apple

Bonus Driven Development

Iron Salt Aerosol

if this sounds intriguing read "Termination Shock" by Neal Stephenson

Hucksters on Parade

Sunday, April 24, 2022

The Last Two Week's Reading 4/24/2022 #infosec #Cybersecurity

 I missed last week because I was out of town at S4x22 in Miami Beach (good time), but I am back now.

Work Related Stuff

De-anonymizing Bitcoin

Security Zines

How to achieve better cybersecurity assurances and improve cyber hygiene

Russian hackers thwarted in attempt to take out electrical grid, Ukrainians say

7th ever ICS Specific Malware

US warning: Hackers have built tools to attack these key industrial control systems

Zapped: The grid is on life support. Can AI fix it?

Flaws in ABB Network Interface Modules Expose Industrial Systems to DoS Attacks

Microsoft details how China-linked crew's malware hides scheduled Windows tasks

You can’t protect the unprotectable – our critical infrastructures

US warns of APT groups that can “gain full system access” to some industrial control systems

and two days later...

It's Pretty Easy to Hack the Program That Runs Our Power Grids, It Turns Out

This took place at the conference I was at (S4x22 - people were fairly excited by it)

Early Discovery of Pipedream Malware a Success Story for Industrial Security

Chernovite's PIPEDREAM Malware targeting Industrial Control Systems (ICS)

Hackers find 122 vulnerabilities — 27 deemed critical — during first round of DHS bug bounty program

more from the conference I was at :-)

Communist China Has Thrown Out the Old Rules of War

Other Stuff

Why the Past 10 Years of American Life Have Been Uniquely Stupid

The Biden administration gives a green light to a fuel that could be even dirtier than regular gas

An Argument for a Return to Web 1.0

Can Corporate Sustainability Claims Be Trusted?

Here’s Why No One Wants to Talk About Sweden

Tuesday, April 12, 2022

Why the Past 10 Years of American Life Have Been Uniquely Stupid

 Good Article -

I don't think there is anything super new in here but it pulls a lot of disparate thoughts together and makes a more coherent whole.  Doesn't exactly paint a rosy picture for the future of life in America.