What I'm Reading 11/27/2022 (including 3 books I recently finished)

 US Government Begins Researching 'Climate Intervention' Geoengineering

https://news.slashdot.org/story/22/11/20/2026209/us-government-begins-researching-climate-intervention-geoengineering

A Third of Global Organizations Were Breached Over Seven Times in the Past Year

https://www.darkreading.com/attacks-breaches/a-third-of-global-organizations-were-breached-over-seven-times-in-the-past-year

5 free resources from the Cybersecurity and Infrastructure Security Agency (CISA)

https://www.helpnetsecurity.com/2022/11/21/5-free-resources-cybersecurity-and-infrastructure-security-agency-cisa/

73 Percent of Retail Applications Contain Security Flaws, but Only a Quarter Are Fixed

https://finance.yahoo.com/news/73-percent-retail-applications-contain-125000195.html

Digesting CISA's Cross-Sector Cybersecurity Performance Goals

https://www.securityweek.com/digesting-cisas-cross-sector-cybersecurity-performance-goals

CISA Updates Infrastructure Resilience Planning Framework

https://www.securityweek.com/cisa-updates-infrastructure-resilience-planning-framework

The Biden administration has racked up a host of cybersecurity accomplishments

https://www.csoonline.com/article/3680558/the-biden-administration-has-racked-up-a-host-of-cybersecurity-accomplishments.html#tk.rss_all

Hackers Exploiting Abandoned Boa Web Servers to Target Critical Industries

https://thehackernews.com/2022/11/hackers-exploiting-abandoned-boa-web.html

Crypto Firm FTX’s Ownership of a U.S. Bank Raises Questions

https://www.nytimes.com/2022/11/23/business/ftx-cryptocurrency-bank.html

How the cyber incident reporting law could finally fix the information sharing problem

https://www.cyberscoop.com/cisa-cyber-reporting-law/

How Xi Jinping leveled-up China's hacking teams

https://www.cyberscoop.com/china-hacking-talent-xi-jinping-education-policies/

MIT Research Documents Effectiveness of Consensus Cyber Risk Oversight Principles

https://www.darkreading.com/risk/mit-research-documents-effectiveness-of-consensus-cyber-risk-oversight-principles

90% of organizations have Microsoft 365 security gaps

https://www.helpnetsecurity.com/2022/11/22/microsoft-365-security-protections/

US tech layoffs: India workers face painful exit from the US

https://www.bbc.com/news/world-asia-india-63658535?at_medium=RSS&at_campaign=KARANGA

US bans sale of Huawei, ZTE tech amid security fears

https://www.bbc.com/news/world-us-canada-63764450?at_medium=RSS&at_campaign=KARANGA

Three Books I have read recently --

Project Zero Trust: A Story about a Strategy for Aligning Security and the Business

https://www.amazon.com/Project-Zero-Trust-Strategy-Aligning-ebook/dp/B0B99BJF2V

Investments Unlimited: A Novel About DevOps, Security, Audit Compliance, and Thriving in the Digital Age

https://www.amazon.com/Investments-Unlimited-Security-Compliance-Thriving-ebook/dp/B09L329V7C/

These books use the same concept as The Phoenix Project, working through a technical or management issue in a novelization format.  Neither is an in-depth technical resource but they do provide solid underpinnings for beginning in DevOps or Zero Trust Security.

Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency

https://www.amazon.com/Tracers-Dark-Global-Crime-Cryptocurrency-ebook/dp/B09SKW8WRV/

Pretty interesting story on how law enforcement used Bitcoins reputation as being untraceable to track and arrest online drug dealers and CSAM peddlers.