Monday, July 11, 2022

Sunday, June 19, 2022

The Last Fortnight's Reading 6/19/2022

Sorry, between my nephew's graduation and attending a conference for work I missed last week, but I should be caught up now.

 For Work

Utility/DOE data indicates sophisticated hackers have compromised US electric control centers

https://www.controlglobal.com/blogs/unfettered/utilitydoe-data-indicates-sophisticated-hackers-have-compromised-us-electric-control-centers/

ISA Leading Development of Electric Energy Operational Technology Security Profile for IEC 62443 Standard

https://www.isa.org/news-press-releases/2022/may/isa-leading-development-of-electric-energy-operati?mc_cid=7e53b471b8

Dragos launches info portal to fill security gaps in critical infrastructure

https://www.csoonline.com/article/3663131/dragos-launches-info-portal-to-fill-security-gaps-in-critical-infrastructure.html#tk.rss_all

Dashy - just a kind of interesting dashboard for monitoring services


https://github.com/Lissy93/dashy

Latest Cyberspace Solarium Commission 2.0 Report focuses on cyber workforce

https://www.csoonline.com/article/3663014/latest-cyberspace-solarium-commission-2-0-report-focuses-on-cyber-workforce.html#tk.rss_all

'Shields Up': the new normal in cyberspace


https://www.cyberscoop.com/shields-up-easterly-inglis-op-ed/

Are Vendors Failing in the Face of Open Source Cyberthreats?


https://securityboulevard.com/2022/06/are-vendors-failing-in-the-face-of-open-source-cyberthreats/

Cyber CEO's US Advisory Work Echoed Sales Pitch His Firm Uses


https://www.bloomberg.com/news/articles/2022-06-10/ceo-helped-to-shape-us-plan-urging-utilities-to-hire-cyber-firms-like-his-own

It’s Time to Rethink Breach Management


https://www.eweek.com/security/its-time-to-rethink-breach-management/

China is Exploiting Network Providers and Devices, Says US Cybersecurity Advisory


https://flashpoint.io/blog/china-exploiting-devices-cybersecurity/

The Practitioner’s Guide to Vulnerability Management: Implementing a Risk-Based Approach

https://flashpoint.io/blog/guide-to-vulnerability-management/

Vulnerability management mistakes CISOs still make


https://www.csoonline.com/article/3663493/vulnerability-management-mistakes-cisos-still-make.html#tk.rss_all

The Surreal Case of a C.I.A. Hacker’s Revenge

https://www.newyorker.com/magazine/2022/06/13/the-surreal-case-of-a-cia-hackers-revenge

Know your enemy! Learn how cybercrime adversaries get in…


https://nakedsecurity.sophos.com/2022/06/07/know-your-enemy-learn-how-cybercrime-adversaries-get-in/

SBOM in Action: finding vulnerabilities with a Software Bill of Materials


https://security.googleblog.com/2022/06/sbom-in-action-finding-vulnerabilities.html

Dangerous Repository of DoS, Red Teaming TTPs, and ICS Exploits
( via https://www.reddit.com/r/netsec/comments/vf7xsn/dangerous_repository_of_dos_red_teaming_ttps_and/)

https://github.com/RoseSecurity?tab=repositories

Over a Dozen Flaws Found in Siemens' Industrial Network Management System


https://thehackernews.com/2022/06/over-dozen-flaws-found-in-siemens.html

============================================================================

Not Work

How decentralization and Web3 will impact the enterprise

https://www.zdnet.com/finance/blockchain/zero-knowledge-proofs-will-play-a-major-role-in-the-future-of-web3-defi-and-metaverse-survey/

Google Engineer On Leave After He Claims AI Program Has Gone Sentient

https://www.huffpost.com/entry/blake-lemoine-lamda-sentient-artificial-intelligence-google_n_62a5613ee4b06169ca8c0a2e

KrebsOnSecurity in New Netflix Series on Cybercrime

https://krebsonsecurity.com/2022/06/krebsonsecurity-in-new-netflix-series-on-cybercrime/

Leaked Amazon memo says the company may run out of available labor by 2024


https://www.engadget.com/leaked-amazon-memo-says-it-will-run-out-of-workers-2024-labor-supply-230034089.html?src=rss

AI trained on 4chan's most hateful board is just as toxic as you'd expect

https://www.engadget.com/ai-bot-4chan-hate-machine-162550734.html?src=rss

How Inflation Works


https://finmasters.com/how-inflation-works/

DOE Announces Breakthrough in Residential Cold Climate Heat Pump Technology


https://www.energy.gov/articles/doe-announces-breakthrough-residential-cold-climate-heat-pump-technology

Bitcoin drops below $20,000, Ether cracks $1,000 — what this means


https://davidgerard.co.uk/blockchain/2022/06/18/bitcoin-drops-below-20000-ether-cracks-1000-what-this-means/

The Privatized Internet Has Failed Us


https://slatereport.com/tech/the-privatized-internet-has-failed-us/

The Fed plans to ‘reset’ the housing market—raising the likelihood of falling home prices

https://finance.yahoo.com/news/fed-plans-reset-housing-market-215259418.html

Why the Federal Reserve has made a historic mistake on inflation


https://www.economist.com/leaders/2022/04/23/why-the-federal-reserve-has-made-a-historic-mistake-on-inflation

Sunday, June 05, 2022

This Week's Reading 6/5/2022 #infosec #cybersecurity

 For Work

Control Loop: The OT Cybersecurity Podcast

https://thecyberwire.com/podcasts/control-loop

How to audit Microsoft Active Directory


https://www.csoonline.com/article/3662289/how-to-audit-microsoft-active-directory.html#tk.rss_all

Vendor Refuses to Remove Backdoor Account That Can Facilitate Attacks on Industrial Firms


https://www.securityweek.com/vendor-refuses-remove-backdoor-account-can-facilitate-attacks-industrial-firms

The Security Obstructionism (SecObs) Market

https://swagitda.com/blog/posts/the-security-obstructionism-secobs-market/

APTs rarely rely on zero-days and typically use public known vulnerabilities


https://twitter.com/campuscodi/status/1527338547081928705

A recession in America by 2024 looks likely

https://www.economist.com/leaders/2022/06/02/a-recession-in-america-by-2024-looks-likely

What Companies Need to Know about the Strengthening American Cybersecurity Act (SACA)

https://securityboulevard.com/2022/06/what-companies-need-to-know-about-the-strengthening-american-cybersecurity-act-saca%ef%bf%bc/

Building America's Cybersecurity Infrastructure

https://www.darkreading.com/vulnerabilities-threats/building-america-s-cybersecurity-infrastructure


===========================================================================
 

Not for Work

Blockchain, the amazing solution for almost nothing


https://thecorrespondent.com/655/blockchain-the-amazing-solution-for-almost-nothing

China's military scientists call for development of anti-Starlink measures


https://www.engadget.com/china-military-scientists-anti-starlink-measures-060518398.html?src=rss

Elon Musk on remote work

https://twitter.com/TechEmails/status/1531994582669348864

Why has college gotten so expensive in the last 30 years? Probably because the government handed them a blank check in 1993.


https://shrewdcuriosity.medium.com/why-has-college-gotten-so-expensive-in-the-last-30-years-3505af9aded8

Classified specs leaked on War Thunder forum for third time


https://ukdefencejournal.org.uk/classified-specs-leaked-on-war-thunder-forum-for-third-time/

Amazon and the Dystopian Future of Book Censorship


https://sprovoost.nl/2022/06/01/amazon-and-the-dystopian-future-of-book-censorship/

Monday, May 30, 2022

This Week's Reading 5/30/2022 #Infosec #Cybersecurity

 Yeah I'm a day late, sue me!  It's not like any of you read this anyways 😀

 For Work

When Your Smart ID Card Reader Comes With Malware

https://krebsonsecurity.com/2022/05/when-your-smart-id-card-reader-comes-with-malware/

Building a Threat Intelligence Feed using the Twitter API and a bit of code


https://grimminck.medium.com/building-a-threat-intelligence-feed-using-the-twitter-api-and-a-bit-of-code-5787808e32ef

Snort 3 is available!


https://www.snort.org/

Critical Flaws in Popular ICS Platform Can Trigger RCE

https://threatpost.com/critical-flaws-in-popular-ics-platform-can-trigger-rce/179750/

Revealed: The semi-secret list of techs Beijing really really wishes it didn't have to import

https://www.theregister.com/2022/05/27/chinas_semisecret_list_of_techs/

Cheers ransomware hits VMware ESXi systems

https://www.theregister.com/2022/05/26/vmware-cheers-ransomware/

Patching the latest Active Directory vulnerabilities is not enough


https://www.csoonline.com/article/3661549/patching-the-latest-active-directory-vulnerabilities-is-not-enough.html#tk.rss_all

Elevation of Privilege is the #1 Microsoft vulnerability category


https://www.helpnetsecurity.com/2022/05/25/microsoft-vulnerabilities-breakdown/

Why are current cybersecurity incident response efforts failing?


https://www.helpnetsecurity.com/2022/05/26/incident-response-approach/

===========================================================================
 Not for Work

Biden launches Indo-Pacific economic framework to counter China


https://www.zdnet.com/article/biden-launches-indo-pacific-economic-framework-to-counter-china/#ftag=RSSbaffb68

China lashes out at US-led Asia-Pacific trade framework


https://www.zdnet.com/article/china-lashes-out-at-us-led-asia-pacific-trade-framework/#ftag=RSSbaffb68

Cryptocurrency OSINT

https://start.me/p/ek4rxK/cryptocurrency-osint

An Open Plea For One Single Honest Academic


https://karlstack.substack.com/p/an-open-plea-for-one-single-honest?s=r

Big Tech loves talking up privacy – while trying to kill privacy legislation


https://www.theregister.com/2022/05/27/big_tech_privacy/

Low-Cost Gel Film Can Pluck Drinking Water From Desert Air


https://news.utexas.edu/2022/05/23/low-cost-gel-film-can-pluck-drinking-water-from-desert-air/

Sunday, May 22, 2022

This Week's Reading 5/22/2022 #infosec #cybersecurity

 For Work

CISA 'temporarily' removes Windows vulnerability from its must-patch list

https://www.zdnet.com/article/cisa-temporarily-removes-windows-vulnerability-from-its-must-patch-list/#ftag=RSSbaffb68

FBI and NSA say: Stop doing these 10 things that let the hackers in

https://www.zdnet.com/article/fbi-and-nsa-say-stop-doing-these-10-things-that-let-the-hackers-in/#ftag=RSSbaffb68

US warns over risk of hiring North Korea IT workers

https://www.bbc.com/news/business-61474771

The case for consolidation

https://benn.substack.com/p/case-for-consolidation?s=r

Canada to ban China's Huawei and ZTE from its 5G networks


https://www.bbc.com/news/business-61517729

DOJ says security researchers won't face hacking charges

https://www.engadget.com/doj-security-research-hackers-no-criminal-charges-170715840.html?src=rss

US rushes to catch up with China in supercomputer race

https://www.ft.com/content/9ec4c04c-d71d-4d54-87fe-eef4ff92ddc9

CISA to Federal Agencies: Patch VMware Products Now or Take Them Offline


https://www.darkreading.com/attacks-breaches/cisa-patching-new-vmware-bugs-is-a-full-on-emergency

Microsoft patches the patch that broke Windows authentication


https://www.theregister.com/2022/05/20/microsoft_authentication_fix/

SolarWinds ready to move past breach and help customers manage theirs


https://www.zdnet.com/article/solarwinds-ready-to-move-past-breach-and-help-customers-manage-theirs/#ftag=RSSbaffb68

====================================================================================
Not for Work

Web3 is just expensive P2P


https://netfuture.ch/2022/05/web3-is-just-expensive-p2p/

Web3 is going just great


https://web3isgoinggreat.com/

‘Extortion’: Why Web3 is making a lot of software developers angry


https://www.smh.com.au/business/companies/extortion-why-web3-is-pissing-off-a-lot-of-software-developers-20220516-p5alqd.html

How Gen Z is hooked on cryptocurrency and NFTs


https://www.bbc.com/news/business-60566575

Muscular men less likely to support social and economic equality, study suggests


https://www.brunel.ac.uk/news-and-events/news/articles/Muscular-men-less-likely-to-support-social-and-economic-equality-study-suggests

What Propels Cancel Culture?


https://robkhenderson.substack.com/p/what-propels-cancel-culture?s=r

Cyber security: Global food supply chain at risk from malicious hackers


https://www.bbc.com/news/science-environment-61336659

Twitter to hide misleading tweets under new crisis response policy


https://www.zdnet.com/article/twitter-to-hide-misleading-tweets-under-new-crisis-response-policy/#ftag=RSSbaffb68

The wonder material graphene may have found its killer app


https://www.economist.com/science-and-technology/2022/05/18/the-wonder-material-graphene-may-have-found-its-killer-app

More Subprime Borrowers Are Missing Loan Payments


https://www.wsj.com/articles/more-subprime-borrowers-are-missing-loan-payments-11652952602

Plastic-eating Enzyme Could Eliminate Billions of Tons of Landfill Waste

https://news.utexas.edu/2022/04/27/plastic-eating-enzyme-could-eliminate-billions-of-tons-of-landfill-waste/

Texas, 12 states fire back at tech industry in Supreme Court filings


https://www.washingtonpost.com/technology/2022/05/18/texas-social-media-supreme-court/

IT staffing, recruitment biz settles claims it discriminated against Americans


https://www.theregister.com/2022/05/19/it_visa_discrimination/

Homeland Security 'pauses' disinformation board three weeks after creating it

https://www.engadget.com/homeland-security-disinformation-board-161722250.html?src=rss


Sunday, May 15, 2022

This Week's Reading 5/15/2022 #infosec #cybersecurity

 Work Stuff

Pentagon’s China Warning Prompts Calls to Vet U.S. Funding of Startups

https://www.wsj.com/articles/pentagons-china-warning-prompts-calls-to-vet-u-s-funding-of-startups-11652014803

Cisco warns of premature DIMM failures

https://www.theregister.com/2022/05/09/cisco_server_dimm_failure/

Beautiful Basics - Series

https://malicious.link/post/2022/beautiful-basics/

The stakes 'could not be any higher': CISA chief talks about the tech challenges ahead


https://www.zdnet.com/article/the-stakes-could-not-be-any-higher-cisa-chief-talks-about-the-tech-challenges-ahead/#ftag=RSSbaffb68

Google Created 'Open-Source Maintenance Crew' to Help Secure Critical Projects

https://thehackernews.com/2022/05/google-created-open-source-maintenance.html

A year later, Biden’s cybersecurity executive order driving positive change


https://www.csoonline.com/article/3660769/a-year-later-biden-s-cybersecurity-executive-order-driving-positive-change.html#tk.rss_all

NIST Cybersecurity Framework update comments highlight a gamut of needed changes


https://www.csoonline.com/article/3660068/nist-cybersecurity-framework-update-comments-highlight-a-gamut-of-needed-changes.html#tk.rss_all

Utility industry continues to deny that control system cyber incidents are occurring


https://www.controlglobal.com/blogs/unfettered/utility-industry-continues-to-deny-that-control-system-cyber-incidents-are-occurring/

The Texas electric grid can barely keep the lights on


https://twitter.com/The_Michael_Lee/status/1525533811873914880

6 top network security threats and how to beat them


https://www.networkworld.com/article/3660057/6-top-network-threats-and-how-to-beat-them.html#tk.rss_security

ICS Patch Tuesday: Siemens, Schneider Electric Address 43 Vulnerabilities


https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-address-43-vulnerabilities

What to Patch Now: Actively Exploited Windows Zero-Day Threatens Domain Controllers


https://www.darkreading.com/application-security/what-to-patch-now-actively-exploited-zero-day-threatens-domain-controllers

CISA Temporarily Removes CVE-2022-26925 from Known Exploited Vulnerability Catalog


https://www.cisa.gov/uscert/ncas/current-activity/2022/05/13/cisa-temporarily-removes-cve-2022-26925-known-exploited

May's Patch Tuesday updates make urgent patching a must


https://www.computerworld.com/article/3660511/mays-patch-tuesday-updates-make-urgent-patching-a-must.html#tk.rss_security

Training on understanding, protecting, and securing Industrial Control Systems (ICS) from cyber-attacks.


https://www.eventbrite.com/e/301v-ics-cybersecurity-training-june-13-registration-302762389457?mc_cid=6baf7c4394&mc_eid=UNIQID

===========================================================================================

Non - Work Stuff

Bitcoin falls to 10-month low as stock markets tumble

https://www.reuters.com/business/finance/bitcoin-falls-lowest-since-january-line-with-tumbling-stock-markets-2022-05-09/

Satoshi-Era Bitcoin Wallet Awakens with BTC in It Worth 62x in USD

https://techtelegraph.co.uk/satoshi-era-bitcoin-wallet-awakens-with-btc-in-it-worth-62x-in-usd/

Layoffs and a Silicon Valley Sell-Off Create Shaky Low-Valued 'Unicorn Zombies'


https://slashdot.org/story/22/05/09/0249204/layoffs-and-a-silicon-valley-sell-off-create-shaky-low-valued-unicorn-zombies?utm_source=rss0.9mainlinkanon&utm_medium=feed

Uber CEO Tells Staff Company Will Cut Down on Costs, Treat Hiring as a 'Privilege'


https://tech.slashdot.org/story/22/05/09/1632209/uber-ceo-tells-staff-company-will-cut-down-on-costs-treat-hiring-as-a-privilege?utm_source=rss0.9mainlinkanon&utm_medium=feed

The End of Industrial Society

https://palladiummag.com/2021/03/24/the-end-of-industrial-society/

It Began as an AI-Fueled Dungeon Game. It Got Much Darker


https://www.wired.com/story/ai-fueled-dungeon-game-got-much-darker/?utm_medium=social&utm_brand=wired&utm_source=twitter&utm_social-type=owned&mbid=social_twitter

Cybersecurity has a desperate skills crisis. Rural America could have the answer


https://www.zdnet.com/education/professional-development/cybersecurity-has-a-desperate-skills-crisis-rural-america-could-have-the-answer/

Texas law that allows users to sue social networks for censorship is now in effect


https://www.engadget.com/texas-law-hb-20-in-effect-053504592.html?src=rss

The EU Commission is planning automatic CSAM scanning of your private communication – or total surveillance in the name of child protection.


https://tutanota.com/blog/posts/eu-surveillance-csam/

Hawley introduces bill to strip 'woke' Disney of special copyright protections


https://www.yahoo.com/news/hawley-introduces-bill-strip-apos-110648775.html

Cracking the Code: Sneakers at 30


https://letterboxd.com/journal/cracking-the-code-sneakers/

Thursday, May 12, 2022

Just finished Tokyo Vice #books

 I've spent time in Japan so when I saw the Tokyo Vice TV series on HBO Max I was intrigued.  Watched the series and it was good enough I decided to read the book.

 The book is very interesting.  Quite a bit of background on Japanese society and on the Japanese underworld.  Some very sympathetic characters and some real scumbags too.  I recommend it, it's a good casual read but not lightweight and you might expand you're horizons a bit.