Time for the random posting of the cybersecurity meta-reading list

https://docs.google.com/spreadsheets/d/12z7_8fUwSejPVd6bIosD405mhpLLM_DnTdcIiiKWpqw/edit#gid=2079030996 #infosec #cybersecurity #reading

What I am read 10/18/2023 - Log4J is the gift that keeps on giving

Sorry for the pause, I lost access to the blog for awhile (it was reported as spam and suspended - just got it back this morning)
http://kurulounge.blogspot.com/2023/12/what-i-am-read-10182023-log4j-is-gift.html
#infosec #cybersecurity #reading

China’s cyber army is invading critical U.S. services

https://www.washingtonpost.com/technology/2023/12/11/china-hacking-hawaii-pacific-taiwan-conflict/

National Grid latest UK org to zap Chinese kit from critical infrastructure

https://www.theregister.com/2023/12/18/national_grid_bans_china_equipment/

SSH keys stolen by stream of malicious PyPI and npm packages

https://www.bleepingcomputer.com/news/security/ssh-keys-stolen-by-stream-of-malicious-pypi-and-npm-packages/

Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack

https://arstechnica.com/security/2023/12/just-about-every-windows-and-linux-device-vulnerable-to-new-logofail-firmware-attack/

Stealthy Linux rootkit found in the wild after going undetected for 2 years

https://arstechnica.com/security/2023/12/stealthy-linux-rootkit-found-in-the-wild-after-going-undetected-for-2-years/

Patch Now: Exploit Activity Mounts for Dangerous Apache Struts 2 Bug

https://www.darkreading.com/cloud-security/patch-exploit-activity-dangerous-apache-struts-bug

A new, modern, and secure print experience from Windows

https://techcommunity.microsoft.com/t5/security-compliance-and-identity/a-new-modern-and-secure-print-experience-from-windows/ba-p/4002645

CISA urges vendors to get rid of default passwords

https://cyberscoop.com/cisa-urges-vendors-to-get-rid-of-default-passwords/

MITRE Debuts ICS Threat Modeling for Embedded Systems

https://www.darkreading.com/ics-ot-security/mitre-debuts-ics-cyber-threat-modeling-embedded-systems

North Korean hacking ops continue to exploit Log4Shell

https://cyberscoop.com/north-korea-lazarus-log4j-log4shell/

Two years on, 1 in 4 apps still vulnerable to Log4Shell

https://www.theregister.com/2023/12/11/log4j_vulnerabilities/

Apple admits to secretly giving governments push notification data

https://arstechnica.com/tech-policy/2023/12/apple-admits-to-secretly-giving-governments-push-notification-data/

Adapting to the Post-SolarWinds Era: Supply Chain Security in 2024

https://www.darkreading.com/vulnerabilities-threats/adapting-post-solarwinds-era-supply-chain-security-2024

The quest to turn basalt dust into a viable climate solution

https://arstechnica.com/science/2023/12/the-quest-to-turn-basalt-dust-into-a-viable-climate-solution/

“Renew Home” company brings power grid data to your smart home

https://arstechnica.com/gadgets/2023/12/alphabets-renew-home-company-brings-power-grid-data-to-your-smart-home/

Broadcom ends VMware perpetual license sales, testing customers and partners

https://arstechnica.com/information-technology/2023/12/broadcom-ends-vmware-perpetual-license-sales-testing-customers-and-partners/

As the SEC’s new data breach disclosure rules take effect, here’s what you need to know

https://techcrunch.com/2023/12/18/new-sec-data-breach-disclosure-rules/

Widespread FBI abuse of foreign spy law sets off “alarm bells,” tech group says

https://arstechnica.com/tech-policy/2023/05/fbi-misused-foreign-surveillance-law-280k-times-to-snoop-on-people-in-the-us/

Texas power plants have no responsibility to provide electricity in emergencies, judges rule

https://www.kut.org/energy-environment/2023-12-15/texas-power-plants-have-no-responsibility-to-provide-electricity-in-emergencies-judges-rule

To Revive Portland, Officials Seek to Ban Public Drug Use

https://www.nytimes.com/2023/12/11/us/portland-oregon-drug-laws.html

How to De-Ice Your Windshield Easily and Effectively

https://www.artofmanliness.com/skills/how-to/how-to-de-ice-your-windshield-easily-and-effectively/

in a meeting today where it was relayed cybersecurity had unilaterally decided we can't use an app that field personnel rely on heavily. (condensed version) i think the case is still being argued but it makes me question what people think cybersecurity's role is?

to me cybersecurity exists as business enabler whose primary function is to recommend ways to reduce risk to levels the business can tolerate. not to issue edicts. that function seems to be getting lost anymore.

What I'm Reading 9/25/2023
http://kurulounge.blogspot.com/2023/09/what-im-reading-9252023.html
#infosec #cybersecurity #news

Linux gives up on 6-year LTS kernels, says they’re too much work

https://arstechnica.com/gadgets/2023/09/linux-gives-up-on-6-year-lts-thats-fine-for-pcs-bad-for-android/

How network security can save security dollars

https://www.networkworld.com/article/3707308/how-network-security-can-save-security-dollars.html#tk.rss_security

SMEs overestimate their cybersecurity preparedness

https://www.helpnetsecurity.com/2023/09/22/smes-cyber-threats/

How Equifax Was Breached in 2017

https://blog.0x7d0.dev/history/how-equifax-was-breached-in-2017/

Incomplete disclosures by Apple and Google create “huge blindspot” for 0-day hunters

https://arstechnica.com/security/2023/09/incomplete-disclosures-by-apple-and-google-create-huge-blindspot-for-0-day-hunters/

Engineering-Grade OT Protection

https://www.darkreading.com/ics-ot/engineering-grade-ot-protection

Every Network Is Now an OT Network. Can Your Security Keep Up?

https://www.securityweek.com/every-network-is-now-an-ot-network-can-your-security-keep-up/

Chinese hackers have unleashed a never-before-seen Linux backdoor

https://news.hitb.org/content/chinese-hackers-have-unleashed-never-seen-linux-backdoor

DHS Publishes New Recommendations on Cyber Incident Reporting

https://www.securityweek.com/dhs-publishes-new-recommendations-on-cyber-incident-reporting/

2 major tech companies cancel conferences in SF; 2024 projected to be challenging year

https://abc7news.com/san-francisco-conventions-sf-moscone-center-meta-convention-canceled-red-hat/13470290/

China caught – again – with its malware in another nation's power grid

https://www.theregister.com/2023/09/12/china_malware_grid/

Analyst: MGM losing $4.2M-$8.4M a day because of cyberattack

https://www.reviewjournal.com/business/casinos-gaming/analyst-mgm-losing-4-2m-8-4m-a-day-because-of-cyberattack-2906379/

MGM, Caesars Face Regulatory, Legal Maze After Cyber Incidents

https://www.darkreading.com/attacks-breaches/mgm-caesars-regulatory-legal-maze-cyber-incidents

MGM, Caesars Cyberattack Responses Required Brutal Choices

https://www.darkreading.com/application-security/mgm-caesars-incident-responses-required-brutal-choices

Youth hacking ring at the center of cybercrime spree

https://cyberscoop.com/youth-hacking-ring-at-the-center-of-cybercrime-spree/

DHS council seeks to simplify cyber incident reporting rules

https://cyberscoop.com/dhs-cyber-incident-reporting-recommendations/

Solarium Commission wants action on stalled cybersecurity recommendations

https://cyberscoop.com/solarium-commission-implementation-report/

On the Cybersecurity Jobs Shortage

https://www.schneier.com/blog/archives/2023/09/on-the-cybersecurity-jobs-shortage.html

India's biggest tech centers named as cyber crime hotspots

https://www.theregister.com/2023/09/21/india_cybercrime_trends_report/

New Revelations from the Snowden Documents

https://www.schneier.com/blog/archives/2023/09/new-revelations-from-the-snowden-documents.html

Windows Subsystem for Linux gets new 'mirrored' network mode

https://www.bleepingcomputer.com/news/microsoft/windows-subsystem-for-linux-gets-new-mirrored-network-mode/

Keeping Google’s search secrets protects its monopoly, DOJ argues in court

https://arstechnica.com/tech-policy/2023/09/keeping-googles-search-secrets-protects-its-monopoly-doj-argues-in-court

YouTube suspends Russell Brand from advert income
https://www.bbc.com/news/entertainment-arts-66851698?at_medium=RSS&at_campaign=KARANGA

Elon Musk: Social media platform X, formerly Twitter, could go behind paywall

https://www.bbc.com/news/technology-66850821?at_medium=RSS&at_campaign=KARANGA

Ozempic Can Cause Major Loss of Muscle Mass and Reduce Bone Density

https://www.healthline.com/health-news/ozempic-muscle-mass-loss

Medicine is plagued by untrustworthy clinical trials. How many studies are faked or flawed?

https://web.archive.org/web/20230718112821/https://www.nature.com/articles/d41586-023-02299-w

DHS council seeks to simplify cyber incident reporting rules

https://cyberscoop.com/dhs-cyber-incident-reporting-recommendations/

Working Remotely Can More Than Halve an Office Employee’s Carbon Footprint

https://www.scientificamerican.com/article/working-remotely-can-more-than-halve-an-office-employees-carbon-footprint/

Michael Bloomberg Is Throwing $500 Million at Efforts to Shut Down All U.S. Coal Plants

https://gizmodo.com/michael-bloomberg-500-million-shut-down-coal-plants-1850861082

How Cisco is Addressing the Widening Skills Gap

https://www.eweek.com/cloud/how-cisco-is-addressing-the-widening-skills-gap/

Restoration of a dumpster Tektronix 2465B oscilloscope

https://sunestra.fr/posts/repair/scope/