Monday, April 06, 2020

What I'm Reading 4/6/2020 - It's a Slow Day

Books - 

I started Daemon yesterday as part of the DefCon Book Club.  I got 12 chapters in and I couldn't stand it anymore.  I'm done with this one.

Network Forensics Tracking Hackers Through Cyberspace

Wired for War: The Robotics Revolution and Conflict in the 21st Century

Blogs / News - 

The Spanish government is working to roll out a universal basic income as soon as possible, as part of a battery of actions aimed at countering the impact of the coronavirus pandemic, according to Economy Minister Nadia Calvino.
Social Security Minister Jose Luis Escriva is coordinating the project and plans to put some sort of basic income “in place as soon as possible,” with the main focus on assisting families, Calvino, who also serves as deputy prime minister, said in an interview Sunday night with Spanish broadcaster La Sexta.
The Pentagon was aware of the likelihood of a pandemic brought on by a novel coronavirus years ago, predicting with startling accuracy shortages of masks, hospital beds and ventilators that could occur in an outbreak, according to a 2017 internal document reported by The Nation.
The 103-page document, which the magazine describes as an update to an earlier Defense Department pandemic influenza response plan, cites a novel respiratory illness as the "most likely and significant threat" in a pandemic situation. 
HelpNet Security - TLS 1.3: Slow adoption of stronger web encryption is empowering the bad guys -
Going deeper, companies need to ensure network monitor tools are set up to cope with the added encryption TLS 1.3 brings and how it may be used by attackers to gain an advantage. Typically, companies would use a MITM middlebox which would analyze requests made in TLS 1.2 and decide whether a request was genuine or not before issuing the relevant certificate. But this process is impossible with 1.3 as it encrypts the aspects that were used by the middlebox to judge requests. As such, businesses should look to strengthen endpoint security to help mitigate initial intruder access onto networks, while also ensuring that security teams receive up-to-date response training and access to real-time intelligence to identify and analyze attacks.
The move to TLS 1.3 will reduce latency and remove the vulnerabilities present in TLS 1.2. But businesses can’t simply adopt it, then sit back and relax. With older protocols still widely used and their vulnerabilities exploitable, organizations must enhance endpoint security measures and the expertise of their security teams.
Iron Bastion -  How you can protect Microsoft Exchange from cyber attacks -
Poor patching practices, password reuse, malware and phishing can put Australian businesses running Microsoft Exchange at risk. Firstly, important files and emails could be lost forever due to ransomware attacks. Secondly, Outlook Web Access (OWA) is an ideal playground for cybercriminals to discover valid passwords belonging to your employees. Last, but not least, phishing exposes businesses to all sorts of scams, usually with financial motivations.
Although each cyber challenge from above can be addressed separately by applying a rigorous software patching policy and two-factor authentication, we suggest migrating to cloud-based service instead. On platforms like Office 365 and G Suite, patching is managed by the vendor, and two-factor authentication is available as a built-in security feature.
As for mitigating the phishing threat, we recommend adding an additional layer of cloud-based anti-phishing technology to protect your business from threats before they reach your mail server.

No comments: