Weekend Reads 091523

The average total cost of a data breach has reached an all-time high in 2023 of $4.45 million. This is an increase of 2.3% from last year’s $4.35 million.

Originally created as a secure sandbox to run compiled C/C++ code in web browsers, WebAssembly (Wasm) has been gaining traction and momentum on the server-side.

Specifically, the web giant’s Privacy Sandbox APIs, a set of ad delivery and analysis technologies, now function in the latest version of the Chrome browser. Website developers can thus write code that calls those APIs to deliver and measure ads to visitors with compatible browsers.

The German digital association, Bitkom, recently announced that the cost of IT equipment theft, data breaches, digital and industrial espionage, and sabotage is expected to reach a staggering 206 billion euros ($224 billion) in 2023.

The alarming rise of phishing attacks has been underscored by a recent study “Phishing Landscape 2023: An Annual Study of the Scope and Distribution of Phishing conducted” by the Interisle Consulting Group, revealing a tripling of such attacks since May 2020.

Japan is widely regarded as one of the most advanced economies for Internet penetration. Japan’s Internet usage rate (individuals) is 82.9% and the development rate of optical fibre is 99.3%.

The robot revolution began long ago, and so did the killing.

Weekend Reads 090123

However, unlike most of the world, which is taking a flexible, adaptive Zero Trust Model approach of continuous controls for cyberdefense, the EU government is pursuing a vastly expanded version of the failed Common Criteria certification model coupled with regulatory extremism and exceptionalism strategies.

Enabled by SD-WAN, internet-first networking strategies are now the order of the day for wide-area connectivity and have been for some time.

The European Union’s Digital Services Act comes into effect today, August 25, and it’s unclear if the hoped-for consumer protections are going to have their desired impact.

Domain names ending in “.US” — the top-level domain for the United States — are among the most prevalent in phishing scams, new research shows.

I like monitoring stuff. That’s what I do at work and when my home ISP started giving me random problems I decided it would be nice to monitor my home network as well.

Although we cannot fix humans, we can put extra measures in place to minimize the risk of having wrongly issued certificates operational in the wild. In comes Certificate Transparency (CT), a concept introduced by Google in 2013.

Weekend Reads 082623

This open-source hardware optimized implementation uses a novel ECC/Dilithium hybrid signature schema that benefits from the security of ECC against standard attacks and Dilithium’s resilience against quantum attacks.

Dig Security, the cloud data security leader, today released findings from its first-ever “State of Cloud Data Security 2023 Report.” The analysis of more than 13 billion files stored in public cloud environments reveals how – and why – sensitive data is at risk in the modern enterprise.

Dr. Read Schuchardt, professor of communications at Wheaton College (IL), identifies five primary ways digital technology can erode our lives and relationships, or produce what he calls “vices of the virtual life”

In the name of taking the global cybersecurity lead and protecting EU citizens, it seeks to impose dozens of onerous, if not impossible, conformance requirements on all “products with digital elements” and associated obligations on every “manufacturer, importer, or distributor.”

Given the exuberance surrounding machine learning (ML) and deep learning (DL) in particular, the claims I will make in this short article will be quite controversial, to say the least.

We all know there are many skilled cyber attackers out there, professionals with the technical know-how to manipulate and exploit data.

From a 2016 New York Times article on self-driving cars, which began “Autonomous cars have arrived. Major automakers have been investing billions in development, while tech players … have been testing their versions in American cities.” How’s that working out?

The deployment of optical engines, be they transponders or coherent optical pluggables, from one or multiple equipment suppliers over a line system from a different supplier offers valuable benefits that network operators cannot afford to ignore.

IoT protocols are established rules about how IoT devices should work and communicate. Standards are similar to protocols, but are used more widely—across an entire industry, for example.

In large metropolitan areas, tourists are often easy to spot because they’re far more inclined than locals to gaze upward at the surrounding skyscrapers.

Weekend Reads 081823

A group of academics has devised a “deep learning-based acoustic side-channel attack” that can be used to classify laptop keystrokes that are recorded using a nearby phone with 95% accuracy.

Of all vertical industries, manufacturing saw a 42% increase in total victims between Q4 2021 and Q4 2022, underscoring the potential threat to global supply chains.

In this article, we discuss the constant back and forth that has been going on for the last 5 years or so in protecting the privacy of data through FL. Just when it looks like FL is able to keep local data private, out comes a study to deflate us.

New research has revealed that threat actors are abusing Cloudflare Tunnels to establish covert communication channels from compromised hosts and retain persistent access.

Luckily there is a huge amount of research underway to look for batteries that last longer, charge faster, and are made from more readily available minerals.

Vade’s Threat Intelligence and Response Center (TIRC) researchers analyzed what they dubbed the “Eevilcorp phishing campaign” and the malware its perpetrators used in depth.

The latest quarterly report from Backblaze on hard drive reliability reveals a rise in failures among certain drives.

In 2020 a group of book publishers sued the Internet Archive over their Controlled Digital Lending program, which made PDF scans of books and lent them out from the Archive’s website.

But a recent survey has many such executives admitting exactly that: they didn’t have the data and they just went with their gut.

Email security standards are proving porous where malicious email attacks are concerned, since attackers use a deceptive link or new domains that comply with the same email security standards regular users employ to blunt threats like phishing, according to a vendor report released this week.

Weekend Reads 072823

Incredible as it may seem, US tax preparation companies using Google and Meta tracking technology have been sending sensitive information back to the megacorps, not to mention other tech firms, it is claimed.

The Federal Trade Commission (F.T.C.) sent a letter to OpenAI, the San Fransisco company responsible for creating ChatGPT, the Large Language Model that captured the world’s imagination in November of 2022.

Steganography is the art of hiding secret data in plain sight. It sounds kind of counter-intuitive, but you’d be surprised how effective it is.

On Wednesday, Microsoft announced that Chinese hackers had managed to secretly access email accounts belonging to 25 different organizations across the country, including government agencies.

But for a human to interact with this hardware, they must really know and understand how it works. The person must also know the order in which to give the computer various tasks to produce a meaningful result.

The UK’s Competition Market Authority (CMA) has provisionally cleared Broadcom’s proposed acquisition of VMWare, paving the way for the $61 billion deal to go ahead.

In 2021, we discussed a potential future shift from established public-key algorithms to so-called “post-quantum” algorithms, which may help protect sensitive information after the advent of quantum computers.

Recently, the QUIC Working Group was reviewing an errata for RFC 9002, the description of loss recovery and congestion control for QUIC. There was an error in the description of the algorithm used to compute the variable rttvar, which describes the expected variation of the round-trip time (RTT).

The downside of RDP’s widespread use is that a Remote Code Execution (RCE) vulnerability in an RDP gateway can have severe consequences, potentially leading to significant damage and compromising the security and integrity of the affected system.

With the adoption of the EU-U.S. Data Privacy Framework, European and U.S. organizations and privacy professionals are facing a new framework for data transfers across the Atlantic. Focus is quickly turning to implementation and what’s next.

As the number of people using macOS keeps going up, so does the desire of hackers to take advantage of flaws in Apple’s operating system.

Researchers this month uncovered a two-year-old Linux-based remote access trojan dubbed AVrecon that enslaves Internet routers into botnet that bilks online advertisers and performs password-spraying attacks.

Users of applications that use ChatGPT-like large language models (LLMs) beware: An attacker that creates untrusted content for the AI system could compromise any information or recommendations from the system, warn researchers.

In May, Mastodon server Kolektiva.social was compromised when one of the server’s admins had their home raided by the FBI for unrelated charges. All of their electronics, including a backup of the instance database, were seized.

In cloud environments, cryptojacking – a type of cyberattack that uses computing power to mine cryptocurrency – takes the form of cloud compute resource abuse, which involves a threat actor compromising legitimate tenants.

HTTP Strict Transport Security (HSTS) is a way to signal to a web client that valid HTTPS certificates must be used when connecting to a domain. There are two main benefits to HSTS.

Controversial Reads 071423

Indian-born CEOs are closing their firms and fleeing back to India to escape charges of fraud in the annual lotteries for visas to import H-1B foreign contract workers, says a lawyer for many Indian-owned subcontractors and visa workers.

Over the past few years, Apple has pursued a meal-prepping app with a pear logo, a singer-songwriter named Frankie Pineapple, a German cycling route, a pair of stationery makers, and a school district, among others.

Reddit, a link-aggregating website that claims to be the “front page of the internet,” has turned into a hotbed for radicalization.

Wolk wasn’t saying cable news was necessarily a terrible product; it was an obsolete one on an obsolete platform. While he didn’t predict that the death of cable was imminent, he made it clear it might be time to start looking for hospice care.

However, where the previous labor nuke decimated the white working class in flyover states, this one will explode closer to the power center of Corporate America. Creative AIs like ChatGPT most threaten one of the Regime’s most powerful assets: the managerial class.

A bid to legally muzzle critics of the Irish Data Protection Commission (DPC) is just the tip of the iceberg in this increasingly authoritarian country.

France’s forthcoming SREN Bill could mandate web browsers to block websites deemed illicit by the government, setting a precarious standard for digital freedoms, warns Mozilla Foundation in a recent blog post.

In December 2021, San Francisco police were working to solve the murder of an Uber driver. As detectives reviewed local surveillance footage, they zeroed in on a gray Dodge Charger they believed the shooter was driving.

French police should be able to spy on suspects by remotely activating the camera, microphone and GPS of their phones and other devices, lawmakers agreed late on Wednesday, July 5.

People around the world have been searching for ways to hold accountable companies that build tools for government repression.

Weekend Reads 071423

For example, at a certain level, your password must include today’s Wordle answer. And then there’s rule #27: “At least 50% of your password must be in the Wingdings font.”

On 12 June, the DFIR Report published an in-depth analysis of a Truebot intrusion that began with several page redirects via a Traffic Distribution System (TDS) and ended with dropping a Master Boot Record (MBR) killer wiper onto a victim’s computer.

PL/I stands for Programming Language 1, and its aim was to be the Highlander of programming languages: there would be no need for 2, 3, or 4 if everything went to plan.

In this episode of PING, APNIC’s Chief Scientist Geoff Huston discusses how Sweden built a national time distribution system and the nature of time in the modern Internet.

When system architects sit down to design their next platforms, they start by looking at a bunch of roadmaps from suppliers of CPUs, accelerators, memory, flash, network interface cards – and PCI-Express controllers and switches.

In a recent investigation by Microsoft Incident Response of an intrusion, we found that the threat actor progressed through the full attack chain, from initial access to impact, in less than five days, causing significant business disruption for the victim organization.

Late last week it said it expects global service revenues will see a compound annual growth rate (CAGR) of 59% between 2024 and 2031, by which time they will have reached $18 billion. ABI Research reckons those service revenues will be generated by some 200 million connections.

The Wall Street Journal published an investigative journalism exposé over the weekend, reporting that AT&T, Verizon and other telecom companies have left a massive network across the U.S. of old cables covered in toxic lead.

The domain name market posted aggregate growth of +1.9% in 2022, an acceleration that reflects a break in the trend observed since 2019. As we foresaw in last year’s report, 2021 was the “trough” year, with a relative improvement over 2022.

Tech giant Google has been ordered to hand over the IP address and details of a person accused of emailing defamatory allegations about a Labor election candidate in Australia.

The EU and US have cobbled together yet another framework that claims to protect EU data stored in the US but there are still many reasons to be sceptical.

The U.S. Bureau of Labor Statistics released a report in June that indicates that the percentage of people working at home, which grew rapidly during the pandemic, is still much higher today than before the pandemic.