The POTUS' war on Iran is already bringing rationing of fuel and major disruptions in many countries, and it's going to get a lot worse soon as the final shipments that made it thru the Strait start to arrive this week, the NYT reports. I admire (but do not share) this story's optimism of the potential for the Iran war to hasten more global adoption of renewables.

"Sri Lanka and Myanmar are rationing fuel. The Philippines has instituted four-day workweeks to conserve gasoline and electricity. Bangladesh briefly closed its universities to reserve power for homes and businesses. Across India, families and restaurants are cooking over wood fires for want of gas. Airlines are canceling flights."

"As painful as the first phase of the energy crisis set off by the war with Iran has been, what comes next will be worse. This week, the final deliveries of oil and liquefied natural gas to Asia that passed through the Strait of Hormuz before it was closed are expected to arrive. The last tanker shipments to Europe should land by mid-April. After that, many countries’ reserves of gasoline, diesel, liquid petroleum gas and natural gas will dwindle. The price of oil could soar as high as $200 a barrel if the war drags on."

Meanwhile, China -- which leads the world in battery technology production -- stands to massively gain from all this oil shock.

"As the Philippines declared a national energy emergency on March 24, car shoppers in Manila were crowding into showrooms of the Chinese carmaker BYD and purchasing E.V.s ."

Of course, here in the US we've largely said that we're just gonna keep making gas guzzlers and forget about all those pledges we made to invest in electric vehicles. Consumers in the US would be flocking to those BYD cars too if import duties didn't make them prohibitively expensive. Most of the big car makers in the US are hopelessly focused on people who don't bat an eyelash spending $60,000 (base price) for a new car or truck.

https://www.nytimes.com/2026/04/01/opinion/oil-crisis-iran-electric-solar.html

On April 10th, I’m kicking off something new… and I would LOVE for you to join me 💜

I’ll be diving into Chapter 1 of Alice & Bob Learn Secure Coding live, and I’m bringing an awesome guest with me: Dr. Gerald Auger (Simply Cyber)!

For 2 hours, we’re going to chat through the foundations of application security, things like:
✨ The CIA Triad
✨ Zero trust & defense in depth
✨ Supply chain security
✨ Threat modeling

This is NOT a lecture. It’s a conversation.

https://twp.ai/ImxMZa

For F5 BIG-IP APM customers, CVE-2025-53521 is being exploited in the wild by a nation state threat actor

It allows unauth RCE and applies to the data plane (not the management interface) - the one available over the internet.

https://my.f5.com/manage/s/article/K000156741

Attackers have been deploying webshells, so boxes are still vuln post patching if already exploited prior.

I’ve been getting a lot of “do you have something I can send my manager?” requests lately. So… I made a proper training brochure!
Clear outcomes, realistic expectations, and no fear-based nonsense.

👉 https://twp.ai/E6Gcj3
Just brochure: https://twp.ai/4iw8Kv

Whoa, that escalated quickly. This just got sent out by the press folks at the Federal Communications Commission (FCC). The FCC says it has decided that all foreign-made consumer-grade Internet routers are henceforth prohibited from receiving FCC authorization and are therefore prohibited from being imported for use or sale in the United States.

"Update Follows Determination by Executive Branch Agencies that Consumer-Grade Routers Produced in Foreign Countries Threaten National Security

WASHINGTON, March 23, 2026—Today, the Federal Communications Commission updated its Covered List to include all consumer-grade routers produced in foreign countries. Routers are the boxes in every home that connect computers, phones, and smart devices to the internet. This followed a determination by a White House-convened Executive Branch interagency body with appropriate national security expertise that such routers “pose unacceptable risks to the national security of the United States or the safety and security of United States persons.”

"The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”

"This action does not affect any previously-purchased consumer-grade routers. Consumers can continue to use any router they have already lawfully purchased or acquired."

"Producers of consumer-grade routers that receive Conditional Approval from DoW or DHS can continue to receive FCC equipment authorizations. Interested applicants are encouraged to submit applications to [email protected]."

Not sure how many consumer-grade routers will be left for sale if it really is a ban on approvals for any foreign-made consumer routers like they said, and not just a bunch of already restricted Chinese makers like Huawei and ZTE.

https://www.fcc.gov/document/fcc-updates-covered-list-include-foreign-made-consumer-routers

FCC's "covered list" of "thou shalt not entities": https://www.fcc.gov/supplychain/coveredlist

We all know: Naming Things Is Hard.

So, please help! I built a tool that simplifies running network traffic analysis.

It's built using open source components, and the code and documentation that runs the tool is all open source/openly licensed.

My current working name is Knock Knock. I am considering a change because Knock Knock is already used in different contexts.

If you have a different suggestion, let me know!

Please share - I'd love feedback!

Microsoft Azure Monitor alerts are being abused to send callback phishing emails that impersonate warnings from the Microsoft Security Team about unauthorized charges on your account.

https://www.bleepingcomputer.com/news/security/microsoft-azure-monitor-alerts-abused-in-callback-phishing-campaigns/

Most of us have probably read that one reason not to pay threat actors is that they cannot be trusted to keep their word to delete data they have exfiltrated. But how often does that actually occur?

I have sent inquiries to a number of incident response/negotiation firms and the DOJ. If I did not send one to your firm and your firm handles a lot of negotiations and payments, please accept my apologies for not having contacted you, and answer the following question (either publicly or via a private message to me):

In what percentage of cases where payment was made to delete data, did threat actors break their word and not delete it?

Please feel free to share this post with others here and elsewhere to boost my chances of getting additional responses/estimates. Thank you all.

#incidentresponse #ransom #extortion #ransomware #databreach