Tim (Wadhwa-)Brown Interesting links of the week:
Strategy:
* https://www.marisec.ca/reports/the-wrong-fix-why-the-fccs-router-ban-misses-the-real-threat - an alternate view on prioritising the supply chain
* https://cybertoolkit.service.ncsc.gov.uk/ - so you're a small business and you want to improve your posture?
* https://how.complexsystems.fail/ - courtesy of @russss
* https://eepublicdownloads.blob.core.windows.net/public-cdn-container/clean-documents/Publications/2025/iberian-blackout/Final%20Report%20on%20the%20Grid%20Incident%20in%20Spain%20and%20Portugal%20on%2028%20April%202025.pdf - an Iberian oopsie
* https://www.theregister.com/2026/03/20/jlr_bailout_cmc/ - @theregister shares a point of view on bailing out JLR
* https://www.dni.gov/files/ODNI/documents/assessments/ATA-2026-Unclassified-Report.pdf - US intelligence community's annual threat assessment
* https://cyber.gouv.fr/actualites/nis-2-lanssi-poursuit-et-renforce-sa-dynamique-daccompagnement/ - hot new NIS2 action from ANSSI
Threats:
* https://www.microsoft.com/en-us/security/blog/2026/02/26/threat-modeling-ai-applications/ - how does AI affect STRIDE?
* https://united24media.com/latest-news/russian-spy-devices-found-inside-ukrainian-drone-developers-office-17243 - attack of the drones
* https://www.elastic.co/security-labs/illuminating-voidlink - another look at VoidLink
* https://ctrlaltintel.com/threat%20research/FancyBear/ - FancyBear fucks up
* https://netaskari.substack.com/p/chinas-massive-data-leak-of-military - .cn springs a leak
Detection:
* https://rogolabs.net/Talks/BSides-Galway-Open-Source-Intelligence.pdf - my colleague @jgamblin talks open source intelligence
* https://trustedsec.com/blog/building-a-detection-foundation-part-3-powershell-and-script-logging - @trustedsec look at logging PowerShell
* https://righteousit.com/2026/03/27/linux-forensic-scenario/ - @hal_pomeranz sets us a little challenge
Bugs:
* https://labs.watchtowr.com/a-32-year-old-bug-walks-into-a-telnet-server-gnu-inetutils-telnetd-cve-2026-32746/ - this reminds me of when I first showed @ha888t AIX
* https://itm4n.github.io/cve-2026-20817-wersvc-eop/ - when errors go rogue with @itm4n
Exploitation:
* https://dev.to/numbpill3d/showdev-can-playground-a-local-first-can-bus-analysis-tool-4ap6 - @numbpilled shows how you CAN play with busses
* https://agentseal.org/blog/mcp-server-security-findings - hands up if you have a secure MCP?
Hardening:
* https://gist.github.com/arianvp/5f59f1783e3eaf1a2d4cd8e952bb4acf - enclave backed SSH for OS X from @arianvp
Nerd:
* https://www.theguardian.com/culture/2026/mar/24/punk-masks-walkmans-and-choppers-museum-of-youth-culture-to-open-in-london - eras...
* https://www.data.gov.uk/ - UK specific datasets from HMG
* https://www.sambent.com/the-engineer-who-tried-to-put-age-verification-into-linux-5/ - today in Linux daftness
* https://blog.rice.is/post/doom-over-dns/ - everyone's favourite vanity PoC payload comes to DNS
The Wrong Fix: Why the FCC's Router Ban Misses the Real Threat
On March 20th, 2026, the FCC banned the purchase, import and sale of foreign-made routers, citing supply-chain and security concerns. The FCC fails to account for weak credentials and firmware vulnerabilities, which serve as the initial access vectors for Salt, Volt, and Flax Typhoon attacks.
Kevin Beaumont
alien8
gasman