Sunday, March 19, 2023

What I am reading 3/19/2023

 The US cybersecurity strategy won’t address today’s threats with regulation alone

https://cyberscoop.com/national-cybersecurity-strategy-regulation/

The Ethics of Network and Security Monitoring

https://www.darkreading.com/risk/the-ethics-of-network-and-security-monitoring

Cyberattackers Continue Assault Against Fortinet Devices

https://www.darkreading.com/vulnerabilities-threats/cyberattackers-continue-assault-against-fortinet-devices

Here's how Chinese cyber spies exploited a critical Fortinet bug

https://www.theregister.com/2023/03/17/chinese_cyberspies_fortinet_bug/

Inside Elon Musk’s cost-cutting drive at TwitterInside Elon Musk’s cost-cutting drive at Twitter

https://arstechnica.com/tech-policy/2023/03/inside-elon-musks-cost-cutting-drive-at-twitter/

PLATO: How an educational computer system from the ’60s shaped the future

https://arstechnica.com/gadgets/2023/03/plato-how-an-educational-computer-system-from-the-60s-shaped-the-future/

Federal agency hacked by 2 groups thanks to flaw that went unpatched for 4 years

https://arstechnica.com/information-technology/2023/03/federal-agency-hacked-by-2-groups-thanks-to-flaw-that-went-unpatched-for-4-years/

US court rules Uber and Lyft workers are contractors

https://www.bbc.com/news/business-64947695?at_medium=RSS&at_campaign=KARANGA

The Only Three Classes That Mattered From My College Degree

https://www.developing.dev/p/the-only-three-classes-that-mattered

How deep is the rot in America’s banking industry?

https://finance.yahoo.com/news/deep-rot-america-banking-industry-104028781.html

Companies Say They Need Noncompete Clauses. Here’s How We Know That’s Not True.


https://slate.com/business/2023/03/noncompete-clauses-washington-research-ban-ftc.html

Meta Proposes Revamped Approach to Online Kill Chain Frameworks

https://www.darkreading.com/application-security/meta-proposes-revamped-kill-chain-framework-online-threats

‘Black Skills’ Is Killnet’s Attempt to Form a ‘Private Military Hacking Company’


https://flashpoint.io/blog/killnet-killmilk-private-military-hacking-company/

Kali Linux 2023.1 released – and so is Kali Purple!

https://www.helpnetsecurity.com/2023/03/13/kali-linux-2023-1-purple/

Utility Busted Using Fake Consumer Group To Scuttle Eugene, Oregon’s Environmental Reforms

https://www.techdirt.com/2023/03/13/utility-busted-using-fake-consumer-group-to-scuttle-eugene-oregons-environmental-reforms/

Counting ICS Vulnerabilities: Examining Variations in Numbers Reported by Security Firms


https://www.securityweek.com/counting-ics-vulnerabilities-examining-variations-in-numbers-reported-by-security-firms/

A Brief History of Time is ‘wrong’, Stephen Hawking told collaborator

https://www.theguardian.com/science/2023/mar/19/stephen-hawking-told-me-ive-changed-my-mind-my-book-is-wrong

The labor shortage is pushing American colleges into crisis, with the plunge in enrollment the worst ever recorded

https://fortune.com/2023/03/09/american-skipping-college-huge-numbers-pandemic-turned-them-off-education/

Stop worrying about Nation-States and Zero-Days; let's fix things that have been known for years!

https://www.youtube.com/watch?v=ik8pdd7VkmY

Sunday, March 12, 2023

What I'm Reading 3/12/2023 - I should probably make an interest to be more interesting edition

Key Proposals in Biden's Cybersecurity Strategy Face Congressional Challenges

https://www.darkreading.com/risk/key-proposals-in-biden-cybersecurity-strategy-face-congressional-challenges

Stealthy UEFI malware bypassing Secure Boot enabled by unpatchable Windows flaw

https://news.hitb.org/content/stealthy-uefi-malware-bypassing-secure-boot-enabled-unpatchable-windows-flaw

Open letter demands OWASP overhaul, warns of mass project exodus

https://www.csoonline.com/article/3689811/open-letter-demands-owasp-overhaul-warns-of-mass-project-exodus.html#tk.rss_all

Municipal CISOs grapple with challenges as cyber threats soar

https://www.csoonline.com/article/3688958/municipal-cisos-grapple-with-challenges-as-cyber-threats-soar.html#tk.rss_all

PoC exploit for recently patched Microsoft Word RCE is public (CVE-2023-21716)

https://www.helpnetsecurity.com/2023/03/06/cve-2023-21716-poc/

Adaptable ‘Swiss Army Knife’ Malware a Growing Threat


https://securityboulevard.com/2023/03/adaptable-swiss-army-knife-malware-a-growing-threat/

Critical Vulnerabilities Allow Hackers to Take Full Control of Wago PLCs


https://www.securityweek.com/critical-vulnerabilities-allow-hackers-to-take-full-control-of-wago-plcs/

Threat actors are using advanced malware to backdoor business-grade routers

https://arstechnica.com/information-technology/2023/03/threat-actors-are-using-advanced-malware-to-backdoor-business-grade-routers/

5 Critical Components of Effective ICS/OT Security

https://www.darkreading.com/ics-ot/5-critical-components-of-effective-ics-ot-security-

Ransomware's Favorite Target: Critical Infrastructure and Its Industrial Control Systems


https://www.darkreading.com/ics-ot/ransomware-s-favorite-target-critical-infrastructure-and-its-industrial-control-systems

Google over-hired talent to do ‘fake work’ and stop them working for rivals, claims former PayPal boss, Keith Rabois

https://www.yahoo.com/lifestyle/google-over-hired-talent-fake-114331193.html

What Weimar Germany Teaches Us about Universal Basic Income


https://fee.org/articles/what-weimar-germany-teaches-us-about-universal-basic-income/

3 Mistakes I Made as an Engineer, but Had To Become a Manager To See

https://www.developing.dev/p/3-mistakes-i-made-as-an-engineer

Want an unfair advantage in your tech career? Consume content meant for other roles

https://matthewgrohman.substack.com/p/want-an-unfair-advantage-in-your

North Korean hackers used polished LinkedIn profiles to target security researchers


https://cyberscoop.com/north-korea-hackers-linkedin-phishing/

Palo Alto Survey Reveals 90% of Organizations Cannot Resolve Cyberthreats Within an Hour

https://www.darkreading.com/cloud/palo-alto-networks-global-state-of-cloud-native-security-survey-reveals-90-of-organizations-cannot-detect-contain-and-resolve-cyberthreats-within-an-hour

Building Great OT Incident Response Tabletop Exercises

https://www.youtube.com/watch?v=XobogsaxcUY

Neil deGrasse Tyson - We Stopped Dreaming (Episode 1)

https://www.youtube.com/watch?v=CbIZU8cQWXc

In addition to this stuff I am finishing up Chapter 3 of Security Engineering by Ross Anderson https://www.amazon.com/s?k=security+engineering+3rd+edition&crid=2P1CTN6GXKHAV and working on NIST SP 800-37 Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy https://csrc.nist.gov/publications/detail/sp/800-37/rev-2/final as I prepare for my CISSP-ISSMP.





















Sunday, March 05, 2023

Revisiting a couple old posts -

 Back in November 2005 I posted these two posts:

Top 20 Geek Novels

Blatantly stolen from the Technology Blog. I do a little better on this list:

1. The HitchHiker's Guide to the Galaxy -- Douglas Adams 85% (102)
2. Nineteen Eighty-Four -- George Orwell 79% (92)
3. Brave New World -- Aldous Huxley 69% (77)
4. Do Androids Dream of Electric Sheep? -- Philip Dick 64% (67)
5. Neuromancer -- William Gibson 59% (66)
6. Dune -- Frank Herbert 53% (54)
7. I, Robot -- Isaac Asimov 52% (54)
8. Foundation -- Isaac Asimov 47% (47)
9. The Colour of Magic -- Terry Pratchett 46% (46)
10. Microserfs -- Douglas Coupland 43% (44)
11. Snow Crash -- Neal Stephenson 37% (37)
12. Watchmen -- Alan Moore & Dave Gibbons 38% (37)
13. Cryptonomicon -- Neal Stephenson 36% (36)
14. Consider Phlebas -- Iain M Banks 34% (35)

15. Stranger in a Strange Land -- Robert Heinlein 33% (33)
16. The Man in the High Castle -- Philip K Dick 34% (32)
17. American Gods -- Neil Gaiman 31% (29)
18. The Diamond Age -- Neal Stephenson 27% (27)
19. The Illuminatus! Trilogy -- Robert Shea & Robert Anton Wilson 23% (21)
20. Trouble with Lichen - John Wyndham 21% (19)

Bold = Read
Italics = Started 

Bold Italics = Read since original post

Books every college freshman should read

I am shamelessly stealing this list from Amazon.com. I dont know how many people will agree with it but see what you think do you agree with the author?

1. The Bell Jar - Sylvia Plath
2. The Metamorphosis, In the Penal Colony and Other Stories - Franz Kafka

3. Mythology: Timeless Tales of Gods and Heroes - Edith Hamilton - Read
4. Siddartha - Herman Hess
5. The Unbearable Lightness of Being - Milan Kundera
6. The Hobbit or There and Back Again - JRR Tolkien - Read
7. Lolita - Vladimir Nabokov
8. Slaughterhouse Five - Kurt Vonnegut - Started, I hated it

9. Frankenstein or the Modern Prometheus - Read (4th Grade I might read it again)
10. The Catcher in the Rye - JD Salinger - I have started this book about 5 times I always make it to page 2.
11. Atlas Shrugged - Ayn Rand
12. Animal Farm - George Orwell -Read
13. 1984 - George Orwell -Read
I read 12 and 13 in 6th grade. Those books really helped convince me communism was evil.
14. Great Expectations - Charles Dickens
15. The Awakening and selected stories - Kate Chopin
16. Jane Eyre - Charlotte Bronte

17. Fahrenheit 451 - Ray Bradbury - Read somewhere around 7th or 8th Grade I dont remember it well but I do remember it being hard to get thru.
18. A Connecticut Yankee in King Arthur's Court - Mark Twain - Read - Boring
19. A Clockwork Orange - Anthony Burgess
20. Absalom, Absalom - William Faulkner
21. Dubliners - James Joyce
22. The Brother Karamazov - Fydor Dostevsky
23. The Great Gatsby - F. Scott Fitzgerald

24. A Streetcar Named Desire - Tenessee Williams
25. To the Lighthouse - Virginia Woolf

 No point to this update really, other than to show I can actually read I guess.

What I'm Reading 3/5/2023 - Power Grid Attacks Edition

 Why the US Power Grid is Under Attack 

https://www.youtube.com/watch?v=U3NEfl5rtWo

Attacking the grid

https://theweek.com/crime-and-punishment/1021282/attacking-the-grid

Physical attacks on power grid rose by 71% last year, compared to 2021

https://www.cbsnews.com/news/physical-attacks-on-power-grid-rose-by-71-last-year-compared-to-2021/

The Energy Department’s Puesh Kumar on grid hacking, Ukraine and Pipedream malware


https://cyberscoop.com/puesh-kumar-energy-cybersecurity/

S.O.S for the U.S. Electric Grid


https://www.wsj.com/articles/s-o-s-for-the-u-s-electric-grid-pjm-interconnection-blackout-supply-renewables-subsidy-report-fossil-fuel-4cbdd56e

Biden administration wants to hold companies liable for bad cybersecurity


https://arstechnica.com/information-technology/2023/03/biden-administration-wants-to-hold-companies-liable-for-bad-cybersecurity/

--National Cybersecurity Strategy March 2023

https://www.whitehouse.gov/wp-content/uploads/2023/03/National-Cybersecurity-Strategy-2023.pdf

Industry Experts Analyze US National Cybersecurity Strategy


https://www.securityweek.com/feedback-friday-industry-reactions-to-us-national-cybersecurity-strategy/

How to Do a Dopamine Reset

https://www.artofmanliness.com/character/habits/how-to-do-a-dopamine-reset/

CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks

https://www.cisa.gov/news-events/alerts/2023/02/28/cisa-red-team-shares-key-findings-improve-monitoring-and-hardening-networks

Well-funded security systems fail to prevent cyberattacks in US and Europe: Report

https://www.csoonline.com/article/3688918/well-funded-security-systems-fail-to-prevent-cyberattacks-in-us-and-europe-report.html#tk.rss_all

Hacked home computer of engineer led to second LastPass data breach

https://www.csoonline.com/article/3688922/hacked-home-computer-of-engineer-led-to-second-lastpass-data-breach.html#tk.rss_all

CISA director urges tech sector to stop shipping unsafe products

https://cyberscoop.com/jen-easterly-secure-by-design/

When Low-Tech Hacks Cause High-Impact Breaches

https://krebsonsecurity.com/2023/02/when-low-tech-hacks-cause-high-impact-breaches/

It’s all Gone Critical (Infrastructure)

https://www.forcepoint.com/blog/x-labs/all-gone-critical-infrastructure

US Electric Cooperative Association Launches Commercial OT Security Solution

https://www.securityweek.com/us-electric-cooperative-association-launches-commercial-ot-security-solution/?mc_cid=885aee189f&mc_eid=UNIQID

Netflix fights attempt to make streaming firms pay for ISP network upgrades

https://arstechnica.com/tech-policy/2023/03/netflix-fights-attempt-to-make-streaming-firms-pay-for-isp-network-upgrades/

Unpatched old vulnerabilities continue to be exploited: Report

https://www.csoonline.com/article/3689808/unpatched-old-vulnerabilities-continue-to-be-exploited-report.html#tk.rss_all

It's official: BlackLotus malware can bypass Secure Boot on Windows machines


https://www.theregister.com/2023/03/01/blacklotus_malware_eset/

30 Days Of Python

https://github.com/Asabeneh/30-Days-Of-Python/blob/master/readme.md

I quitted Infosec and I couldn't be happier.

http://paulsec.github.io/posts/i-quitted-infosec/


Sunday, February 26, 2023

What I am Reading 2/26/23 - Back from Miami Beach edition

 It was a busy couple weeks traveling to Miami Beach, attending S4x23, and then coming home and dropping back into the grind, but I haven't forgotten about you guys.  Without further ado a couple weeks worth of reading:

The maze is in the mouse:  What ails Google and how it can turn things around.

https://medium.com/@pravse/the-maze-is-in-the-mouse-980c57cfd61a

Sensitive US military emails spill online

https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/

Place your bets

https://www.antipope.org/charlie/blog-static/2023/02/place-your-bets.html

Dragos Report Identifies Two New Threat Groups

https://www.itsecurityguru.org/2023/02/15/dragos-report-identifies-new-threat-groups/?utm_source=rss&utm_medium=rss&utm_campaign=dragos-report-identifies-new-threat-groups

Traditional PAM solutions aren’t working, Keeper Security study finds

https://www.itsecurityguru.org/2023/02/15/traditional-pam-solutions-arent-working-keeper-security-study-finds/?utm_source=rss&utm_medium=rss&utm_campaign=traditional-pam-solutions-arent-working-keeper-security-study-finds

Cyberwar Lessons from the War in Ukraine

https://www.schneier.com/blog/archives/2023/02/cyberwar-lessons-from-the-war-in-ukraine.html

The return of Flat Earth, the grandfather of conspiracy theories


https://arstechnica.com/science/2023/02/the-return-of-flat-earth-the-grandfather-of-conspiracy-theories/

US says Google routinely destroyed evidence and lied about use of auto-delete

https://arstechnica.com/tech-policy/2023/02/us-says-google-routinely-destroyed-evidence-and-lied-about-use-of-auto-delete/

Ukraine suffered more data-wiping malware than anywhere, ever


https://arstechnica.com/information-technology/2023/02/ukraine-suffered-more-data-wiping-malware-than-anywhere-ever/

Seattle becomes first US city to ban caste discrimination


https://www.bbc.com/news/world-us-canada-64727735?at_medium=RSS&at_campaign=KARANGA

US Supreme Court wary of removing tech firms' legal shield in Google case

https://www.bbc.com/news/world-us-canada-64727712?at_medium=RSS&at_campaign=KARANGA

Technical debt? Don't spend more than one-quarter of your time dealing with it


https://www.zdnet.com/article/technical-debt-dont-spend-more-than-one-quarter-of-your-time-dealing-with-it/

Lab Leak Most Likely Origin of Covid-19 Pandemic, Energy Department Now Says

https://www.wsj.com/articles/covid-origin-china-lab-leak-807b7b0a

James Bond books edited to remove racist references

https://www.telegraph.co.uk/news/2023/02/25/james-bond-books-edited-remove-racist-references/

Beej's Guide to C Programming

https://beej.us/guide/bgc/html/split/index.html

The Capitalist Road to Serfdom


https://jacobin.com/2023/02/capitalist-road-to-serfdom-surveillance-wage-labor

High-skilled visa holders at risk of deportation amid tech layoffs

https://www.washingtonpost.com/us-policy/2023/02/24/temporary-visa-h1b-tech-layoffs/

U.S. corn-based ethanol worse for the climate than gasoline, study finds


https://www.reuters.com/business/environment/us-corn-based-ethanol-worse-climate-than-gasoline-study-finds-2022-02-14/

Even Neal Stephenson doesn't seem keen on crypto anymore

https://www.gamedeveloper.com/culture/even-neal-stephenson-doesn-t-seem-keen-on-crypto-anymore

There is a worrying amount of fraud in medical research


https://www.economist.com/science-and-technology/2023/02/22/there-is-a-worrying-amount-of-fraud-in-medical-research

Stanford Faculty Say Anonymous Student Bias Reports Threaten Free Speech


https://www.wsj.com/articles/stanford-faculty-moves-to-stop-students-from-reporting-bias-anonymously-cbac78ed

Companies Can’t Ask You to Shut up to Receive Severance, NLRB Rules

https://www.vice.com/en/article/dy7a7x/companies-cant-ask-you-to-shut-up-to-receive-severance-nlrb-rules

How India’s caste system manifests in Seattle-area workplaces and beyond


https://www.seattletimes.com/seattle-news/how-indias-caste-system-manifests-in-seattle-area-workplaces-and-beyond/

The age of Agile must end

https://uxdesign.cc/the-age-of-agile-must-end-bc89c0f084b7

5th person confirmed to be cured of HIV

https://abcnews.go.com/Health/5th-person-confirmed-cured-hiv/story?id=97323361

The Silicon Valley Loop How the dot-com crash created Palo Alto’s clueless investor class.

https://nymag.com/intelligencer/2023/02/the-silicon-valley-loop-malcolm-harriss-palo-alto.html

Speech is violence? Not if we want a liberal, intellectual society


https://bigthink.com/thinking/is-speech-violence/

Big Tech’s massive layoffs will come back to haunt it

https://www.businessinsider.com/tech-jobs-recession-layoffs-gen-z-students-class-of-2023-2023-2

OT Network Security Myths Busted in a Pair of Hacks

https://www.darkreading.com/ics-ot/ot-network-security-myths-busted-in-a-pair-of-hacks

Attacks on industrial infrastructure on the rise, defenses struggle to keep up


https://www.csoonline.com/article/3687814/attacks-on-industrial-infrastructure-on-the-rise-defenses-struggle-to-keep-up.html#tk.rss_all

PLC vulnerabilities can enable deep lateral movement inside OT networks

https://www.csoonline.com/article/3687991/plc-vulnerabilities-can-enable-deep-lateral-movement-inside-ot-networks.html#tk.rss_all

The Energy Department’s Puesh Kumar on grid hacking, Ukraine and Pipedream malware


https://cyberscoop.com/puesh-kumar-energy-cybersecurity/

Is OWASP at Risk of Irrelevance?


https://www.darkreading.com/edge-articles/is-owasp-at-risk-of-irrelevance

Bill Fehrman - CEO Berkshire Hathaway Energy talking at S4x23

https://youtube.com/watch?v=ihvrqlxk5tA&feature=shares


Saturday, February 25, 2023

Page Ranking the Cybersecurity Literature

 As all of you, the imaginary voices in my head, know  I maintain a pretty extensive meta-list of cybersecurity reading, a list of lists compiling recommendations from different companies, government / military organizations, academic institutions, and individuals.  (30+ sources and close to 900 readings at this point).  I have tried to group the sources in categories and every time a reading appears I increment a score column.  This is supposed to help gauge relative importance based on community perception.  The readings are listed alphabetically.


 

Since I started this project I have always just kind of thought of it as a handy list for myself and some of my friends, although I have blasted it out on twitter and various other forums ad nauseam, but today I realized two things:

a) other than me no one uses or cares about this list

b) In doing this I have re-invented a very clumsy way of doing page ranking,  like Google's very dimwitted cousin that the family keeps locked in the basement and who they occasionally throw some food and porn and hope no one will ever learn of their shame.

c) Although I am doing this in the most moronic and labor intensive way possible there are actually possibilities here.

d) That was three things not two, obviously I am a moron who can't count.

e) Dammit, that was four!

f) Aargh!!!!

OK, had to break out of that hell...

Anyway, I have mentioned before that it would be interesting to build a list of the articles that SANS uses in their various courses.  At the time I was mainly thinking of it as just an additional resource to help study for their exams, but now I am seeing a couple of other possibilities mainly in helping industry newcomers and students identify subjects that cut across various specialties.  It might also help build cohesion and help reinforce learning by being able to identify subjects that are found to be important by the various course authors.

(Also now that I think about it, this could serve as the basis of a talk at a convention.  DIBS!!!)

I've probably wasted enough of your time by now and I need to think about how to proceed:

I guess I could start a go-fund me for $17,500,000,000.00 so I could take all the available SANS classes and then I could manually pull the article information from the footnotes on each page, a variation, I could brush up on my python skills and try to do that automatically using digital copies.  Obviously that's not gonna happen - the last time I asked for help on line all I got was one random Fuck You.  

The other, more realistic scenario is that people may have already compiled some of this information.  If you have and you wouldn't mind sharing let me know in the comments or on twitter.  




Sunday, February 05, 2023

What I am Reading 2/5/2023 - including free course in cyber-physical system security

Richard Bartle, Top Virtual World Expert, Tries Explaining Core Problems With NFT & Blockchain at a Crypto Conference. It Does Not Go Well.

https://nwn.blogs.com/nwn/2023/02/richard-bartle-crypto-circle-blockchain-nft-virtual-worlds.html

We are ‘greening’ ourselves to extinction


https://www.aljazeera.com/opinions/2023/1/29/greening-ourselves-to-extinction

Microsoft warning: Protect this critical piece of your tech infrastructure

https://www.zdnet.com/article/microsoft-warning-protect-this-critical-piece-of-your-tech-infrastructure/#ftag=RSSbaffb68

Why you might not be done with your January Microsoft security patches


https://www.csoonline.com/article/3686692/why-you-might-not-be-done-with-your-january-microsoft-security-patches.html#tk.rss_all

Vulnerabilities could let hackers remotely shut down EV chargers, steal electricity


https://cyberscoop.com/hack-electric-vehicle-chargers/

Firmware Flaws Could Spell 'Lights Out' for Servers

https://www.darkreading.com/vulnerabilities-threats/firmware-flaws-could-spell-lights-out-for-servers

CISA to Open Supply Chain Risk Management Office

https://www.darkreading.com/application-security/cisa-to-open-supply-chain-risk-management-office

After 16 years at Google, Justin Moore was fired with an automated email


https://medium.com/developer-purpose/after-16-years-at-google-justin-moore-was-fired-with-an-automated-email-f715ab307871

St. John’s Reading List: A Great Books Curriculum

https://www.sjc.edu/academic-programs/undergraduate/great-books-reading-list

Stop Passing the Buck on Cybersecurity

https://www.foreignaffairs.com/united-states/stop-passing-buck-cybersecurity

article by Jen Easterly the Head of CISA

Patch Critical Bug Now: QNAP NAS Devices Ripe for the Slaughter

https://www.darkreading.com/remote-workforce/patch-critical-bug-qnap-nas-devices-ripe-slaughter

Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)


https://www.helpnetsecurity.com/2023/02/01/cve-2023-20076/

3 ways to stop cybersecurity concerns from hindering utility infrastructure modernization efforts

https://www.helpnetsecurity.com/2023/01/31/cybersecurity-concerns-utility-infrastructure-modernization-efforts/

Have we learnt nothing from SolarWinds supply chain attacks? Not yet it appears

https://www.theregister.com/2023/02/05/supply_chain_security_efforts/

Video - How Would a Nuclear EMP Affect the Power Grid?

https://www.youtube.com/watch?v=FksEGpBLfis

Free Course - Cyber-Physical System Security


https://www.udacity.com/course/cyber-physical-systems-security--ud279

- - Syallabus - Cyber-Physical System Security

https://sites.google.com/site/samanzonouz4n6/resume/oms-intro-cps-security?pli=1

Sunday, January 29, 2023

What I am Reading 1/29/2023

 NERC-CIP Stuff - Alexa, can you tell me when my grid is hacked?

https://www.amperesec.com/blog/alexa-can-you-tell-me-when-my-gird-is-hacked

Within the next 2-3 years, if you are a NERC Registered Entity with high impact or medium impact with ERC BES cyber systems, you will need to baseline your network traffic for all applicable cyber assets inside the ESP and look for anomalies beyond the traditional anti-malware and port-restriction controls already in place as part of the existing CIP standards. Examples of anomalies could be, among other things, accounts used in ways they shouldn’t be or new unexpected devices on the network or sending legitimate commands to control systems in ways that could stop or degrade the system. Further, you will need to record/log the traffic information and protect that information from misuse.

RIP Perimeter Security: Critical Infrastructure Breaches Demand New Approach

https://securityboulevard.com/2023/01/rip-perimeter-security-critical-infrastructure-breaches-demand-new-approach/

Race to zero: Can California’s power grid handle a 15-fold increase in electric cars?

https://calmatters.org/environment/2023/01/california-electric-cars-grid/

EVs Are Essential Grid-Scale Storage

https://spectrum.ieee.org/electric-vehicle-grid-storage

Russia’s Sandworm hackers blamed in fresh Ukraine malware attack


https://cyberscoop.com/sandworm-wiper-ukraine-russia-military-intel/

National Security Agency | Cybersecurity Information Sheet | IPv6 Security Guidance

https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF

Trained developers get rid of more vulnerabilities than code scanning tools


https://www.helpnetsecurity.com/2023/01/23/trained-developers-code-scanning-tools/

Microsoft will stop selling Windows 10 on January 31, but workarounds remain


https://arstechnica.com/gadgets/2023/01/microsoft-will-stop-selling-windows-10-on-january-31st-but-workarounds-remain/

NIST working on ‘potential significant updates’ to cybersecurity framework

https://fedscoop.com/nist-working-on-potential-significant-updates-to-cybersecurity-framework/

The Concept Paper - NIST Cybersecurity Framework 2.0 Concept Paper: Potential Significant Updates to the Cybersecurity Framework

https://www.nist.gov/system/files/documents/2023/01/19/CSF_2.0_Concept_Paper_01-18-23.pdf

New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch


https://www.securityweek.com/new-open-source-ot-security-tool-helps-address-impact-of-upcoming-microsoft-patch/

Why are so many tech companies laying people off right now?

https://www.theverge.com/2023/1/26/23571659/tech-layoffs-facebook-google-amazon

Kevin Mitnick Hacked California Law in 1983

https://www.schneier.com/blog/archives/2023/01/kevin-mitnick-hacked-california-law-in-1983.html

Google Is Screwed, Even If It Wins Its Antitrust Case


https://gizmodo.com/google-bing-microsoft-chatgpt-ai-antitrust-doj-screwed-1850029781

Two Supreme Court Cases That Could Break the Internet

https://www.newyorker.com/news/q-and-a/two-supreme-court-cases-that-could-break-the-internet

Hackers abuse legitimate remote monitoring and management tools in attacks


https://www.csoonline.com/article/3686610/hackers-abuse-legitimate-remote-monitoring-and-management-tools-in-attacks.html#tk.rss_all