Monday, December 18, 2023

What I am reading 10/18/2023 - Log4J is the gift that keeps on giving

Sorry for the pause, I lost access to the blog for awhile (it was reported as spam and suspended - just got it back this morning)


China’s cyber army is invading critical U.S. services

 National Grid latest UK org to zap Chinese kit from critical infrastructure

 SSH keys stolen by stream of malicious PyPI and npm packages

 Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

 Stealthy Linux rootkit found in the wild after going undetected for 2 years

 Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug

 A new, modern, and secure print experience from Windows

 CISA urges vendors to get rid of default passwords

 MITRE Debuts ICS Threat Modeling for Embedded Systems

 North Korean hacking ops continue to exploit Log4Shell

 Two years on, 1 in 4 apps still vulnerable to Log4Shell

 Apple admits to secretly giving governments push notification data

 Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024

 The quest to turn basalt dust into a viable climate solution

 “Renew Home” company brings power grid data to your smart home

 Broadcom ends VMware perpetual license sales, testing customers and partners

 As the SEC’s new data breach disclosure rules take effect, here’s what you need to know

 Widespread FBI abuse of foreign spy law sets off “alarm bells,” tech group says

Texas power plants have no responsibility to provide electricity in emergencies, judges rule

 To Revive Portland, Officials Seek to Ban Public Drug Use

 How to De-Ice Your Windshield Easily and Effectively


Monday, September 25, 2023

What I'm Reading 9/25/2023

 Linux gives up on 6-year LTS kernels, says they’re too much work

How network security can save security dollars

SMEs overestimate their cybersecurity preparedness

How Equifax Was Breached in 2017

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters

Engineering-Grade OT Protection

Every Network Is Now an OT Network. Can Your Security Keep Up?

Chinese hackers have unleashed a never-before-seen Linux backdoor

DHS Publishes New Recommendations on Cyber Incident Reporting

2 major tech companies cancel conferences in SF; 2024 projected to be challenging year

China caught – again – with its malware in another nation's power grid

Analyst: MGM losing $4.2M-$8.4M a day because of cyberattack

MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents

MGM, Caesars Cyberattack Responses Required Brutal Choices

Youth hacking ring at the center of cybercrime spree

DHS council seeks to simplify cyber incident reporting rules

Solarium Commission wants action on stalled cybersecurity recommendations

On the Cybersecurity Jobs Shortage

India's biggest tech centers named as cyber crime hotspots

New Revelations from the Snowden Documents

Windows Subsystem for Linux gets new 'mirrored' network mode

Keeping Google’s search secrets protects its monopoly, DOJ argues in court

YouTube suspends Russell Brand from advert income

Elon Musk: Social media platform X, formerly Twitter, could go behind paywall

Ozempic Can Cause Major Loss of Muscle Mass and Reduce Bone Density

Medicine is plagued by untrustworthy clinical trials. How many studies are faked or flawed?

DHS council seeks to simplify cyber incident reporting rules

Working Remotely Can More Than Halve an Office Employee’s Carbon Footprint

Michael Bloomberg Is Throwing $500 Million at Efforts to Shut Down All U.S. Coal Plants

How Cisco is Addressing the Widening Skills Gap

Restoration of a dumpster Tektronix 2465B oscilloscope

Monday, September 18, 2023

What I'm Reading 9/18/2023

How Google Authenticator made one company’s network breach much, much worse

With 0-days hitting Chrome, iOS, and dozens more this month, is no software safe?

Will Cyber Security be Replaced by AI?

DHS warns of malicious AI use against critical infrastructure

DoD: China's ICS Cyber Onslaught Aimed at Gaining Kinetic Warfare Advantage

CISA Releases Continuous Diagnostics and Mitigation Program: Identity, Credential, and Access Management (ICAM) Reference Architecture

Why Identity Management Is the Key to Stopping APT Cyberattacks

Caesars says cyber-crooks stole customer data as MGM casino outage drags on

The Wachowskis and the Hacker as a progressive archetype

America’s Advanced Manufacturing Problem—and How to Fix It

Why Resumes Are Dead & How Keeps Killing the Job Market

The spectacular downfall of a common, useless cold medicine

“Most notorious” illegal shadow library sued by textbook publishers [Updated]

Google hid evidence by training workers to avoid words monopolists use, DOJ says

Here’s exactly what Google will argue to fight the DOJ’s antitrust claims

Long wave radio fans mourn fading frequencies

Urban oases combine roof gardens and solar panels

Replanting Logged Forests With Diverse Mixtures of Seedlings Accelerates Restoration

Study: U.S. dietary recommendations for protein intake are too low

CIA bribed its own COVID-19 origin team to reject lab-leak theory, anonymous whistleblower claims

California passes first-in-the-nation data broker deletion tool

Sunday, September 10, 2023

I'm Back - What I'm Reading 9/10/2023

Sorry for the long absence (pfft, who am I kidding?  no one reads this).  I intended to be back the week after DefCOn but life happened.  I was sick and work piled up, but here I am now.  Lucky you, imaginary readers and voices in my head.


On the 10th anniversary of the Snowden revelations

Microsoft, Google Take on Obsolete TLS Protocols

Cybersecurity Builds Trust in Critical Infrastructure

Cisco security appliance 0-day is under attack by ransomware crooks

Mystery solved? Microsoft thinks it knows how Chinese hackers stole its signing key

How China gets free intel on tech companies’ vulnerabilities

Move Over, Software Developers – In The Name Of Cybersecurity, The Government Wants To Drive (the comments are entertaining)

OWASP Top 10 API Security Risks – 2023

‘Five Eyes’ nations release technical details of Sandworm malware ‘Infamous Chisel’

China turns to AI in hopes of creating viral online propaganda, Microsoft researchers say

The International Criminal Court will now prosecute cyberwar crimes

Ukraine war: Cyber-teams fight a high-tech war on front lines

Elon Musk says he withheld Starlink over Crimea to avoid escalation

X sues Calif. to avoid revealing how it makes “controversial” content decisions

Appeals Court Rules White House Overstepped 1st Amendment on Social Media

The Judgement -

AI-generated child sex imagery has every US attorney general calling for action

Weight-loss drugs Ozempic and Wegovy also protect your heart

“We’re not ‘gatekeepers,’” Apple and Microsoft tell European Union

The demand for hybrid work is only growing, according to a new Deloitte report

90% Reduction: Scientists Discover Natural Molecule That Eradicates Plaques and Cavities

A Senior Engineer's CheckList

Is Google's looming monopoly trial a watershed moment for Big Tech?

How to pass the interview for software engineering roles in Big Tech - Handbook

When “Punch a Nazi” Goes Wrong

Tech workers now doubting decision to move from California to Texas

An effort to ban caste discrimination in California has touched a nerve

Monday, July 10, 2023

What I am Reading 7/10/2023

Log4j bug exploited to push novel EarlyRat malware

MOVEit app mass-exploited last month patches new critical vulnerability

336,000 servers remain unpatched against critical Fortigate vulnerability

SSH Servers Hit in 'Proxyjacking' Cyberattacks

Vulnerability in Cisco Enterprise Switches Allows Attackers to Modify Encrypted Traffic

Vulnerabilities in PiiGAB Product Could Expose Industrial Organizations to Attacks

3 Critical RCE Bugs Threaten Industrial Solar Panels, Endangering Grid Systems

Technician Indicted for Hacking California Water Treatment Facility

One third of security breaches go unnoticed by security professionals

Botnets Send Exploits Within Days to Weeks After Published PoC

Businesses are ignoring third-party security risks

Employees worry less about cybersecurity best practices in the summer

5 Things CISOs Need to Know About Securing OT Environments

Submarine Cables Face Escalating Cybersecurity Threats, Report

US’s largest grid operator must process and connect backlogged clean energy projects

Judge rules White House pressured social networks to “suppress free speech”

China curbs exports of key computer chip materials

The real reasons why sharks attack humans

San Francisco loses 2 big conferences

Once hailed for decriminalizing drugs, Portugal is now having doubts

The Underground Economy of Company Reviews

Why there are so many cybersecurity vendors, what it leads to and where do we go from here

Top Suspect in 2015 Ashley Madison Hack Committed Suicide in 2014

Tuesday, July 04, 2023

What I am reading 7/4/2023 - Happy Independence Day

 Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including Schneider Electric and Siemens Energy.

America aims for nuclear-power renaissance

The Energy Transition Isn't

The tech flaw that lets hackers control surveillance cameras

Fortinet fixes critical RCE flaw in FortiNAC zero-trust product

Microsoft Warns of Widescale Credential Stealing Attacks by Russian Hackers

Chinese Hackers Using Never-Before-Seen Tactics for Critical Infrastructure Attacks

New Fortinet's FortiNAC Vulnerability Exposes Networks to Code Execution Attacks

China's 'Volt Typhoon' APT Turns to Zoho ManageEngine for Fresh Cyberattacks

Harvard Scholar Who Studies Honesty Is Accused of Fabricating Findings

CS 61A: Structure and Interpretation of Computer Programs

50 of the Greatest Summer Novels of All Time

SolarWinds Execs Targeted by SEC, CEO Vows to Fight

We're Now Finding Out The Damaging Results of The Mandated Return to Office — And It's Worse Than We Thought.

Canada is going to war with Google, and it might not win

Minister Fraser launches Canada’s first-ever Tech Talent Strategy at Collision 2023

The forced return to the office is the definition of insanity

Op-ed: Why the great #TwitterMigration didn’t quite pan out

Linda Yaccarino’s vision for Twitter 2.0 emerges

Microsofties still digesting pay freeze upset by Nadella's 'landmark year' memo

US Wants To Make More Stingers, But it Needs to Revive Production Technology Nearly from Scratch

Sunday, June 25, 2023

What I am Reading 6/25/2023 - Post Russian Coup Edition

 No coup stuff -  I have no freakin idea what's going on

Heat is battering Texas’s power grid. Are giant batteries the answer?

Green electricity won’t help with pollution disparities

Incentives for Advanced Cybersecurity Investment [by Electric Utilities]

Federal incentives could help utilities overcome major cybersecurity hurdle: money

Two Energy Department entities breached as part of massive MOVEit compromise

The US Navy, NATO, and NASA are using a shady Chinese company’s encryption chips

Why Legacy System Users Prioritize Uptime Over Security

Millions of Americans’ personal DMV data exposed in massive MOVEit hack

Critical Barracuda ESG Zero-Day Linked to Novel Chinese APT

Hackers can steal cryptographic keys by video-recording power LEDs 60 feet away

Why is it so rare to hear about Western cyber-attacks?

Thousands of realistic but fake AI child sex images found online, report says

US might finally force cable-TV firms to advertise their actual prices

FCC chair to investigate exactly how much everyone hates data caps

Twitter CEO starts fighting Musk’s battles, paying Musk’s overdue bills

Texas will require parental consent for kids to use social media

Google risks forced breakup of ad business as EU alleges shocking misconduct

Amazon accused of tricking Prime customers

Ex-Samsung executive alleged to have stolen tech to recreate chip plant in China

Is the US trying to kill crypto?

The Shitty Stack System: How Microsoft's ruthless employee evaluation system annihilated team collaboration.

Study: Aging population could be a drag on economic growth

U.S. Seeks 70-Month Prison Sentence for YouTube Content ID Scammer

Nigerian engineering students’ favorite teachers are Indian YouTubers

Towards Accountable Capitalism: Remaking Corporate Law Through Stakeholder Governance

Self-Study the Basics of Computer Science

‘His ideas resonate’: how the Unabomber’s dangerous anti-tech manifesto lives on

Africa’s Richest City Is Crumbling Under Chaos and Corruption

The Online Books Page

21st-century editors should keep their hands off 20th-century books