This year, I’ve had the opportunity to work alongside some of the highest- performing individuals in our profession. I’ve taken that opportunity to observe their work, look for patterns, and to try to identify the attributes that contribute to their success, not only as technologists but as humans.
Advanced persistent threat (APT) groups are more dangerous than your run-of-the-mill cybercriminals. They, after all, trail their sights not only on financial gain but loftier targets such as wreaking havoc on entire nations.
At the beginning of the year, I wrote a bit about the resolution to “stay human” in 2024, in a world that is calling for artificial intelligence to be incorporated into more spheres of life, including law, automated driving, entertainment, and even relationships.
Alongside concerning recent security news, there has been a media-wide rise of references to ‘credential stuffing’. This is a term that doesn’t convey very much, but as it’s the accepted term inside the infosec community, it’s probably here to stay.
In a far cry from the early 2000s, most U.S. adults today say they use the internet (95%), have a smartphone (90%) or subscribe to high-speed internet at home (80%), according to a Pew Research Center survey conducted May 19 to Sept. 5, 2023.
Honeypots are usually used as an intrusion detection tool. Many security researchers, including Computer Security Incident Response Teams (CSIRTS), deploy honeypots, to learn about tools, tactics, and the attacker’s infrastructure.
In what is sure to have significant implications for millions of American workers, specifically gig economy workers and contractors, the Department of Labor (DOL) issued its long-awaited final worker classification rule in January.
Everybody likes good news, especially at the beginning of the corporate year, and we are happy to report that TSMC’s revenues in the fourth quarter ended in December 2023 were only down 1.5 percent year on year to $19.62 billion, and were up 13.6 sequentially from the third quarter
HP CEO Enrique Lores admitted this week that the company’s long-term objective is “to make printing a subscription” when he was questioned about the company’s approach to third-party replacement ink suppliers.
A study by Consumer Reports and non-profit The Markup concluded that for the average lone Facebook user, 2,230 companies, and in some cases more than 7,000, will hand over that person’s information to Facebook.
According to a report by industry analyst Trendforce, the tech company will up the base memory requirement on Windows 12 to 16GB in accordance with its standard for running its AI assistant Copilot at minimum efficiency.
In order for CPU and AI Accelerators/GPUs to effectively work with each other for larger training models, the communication bandwidth of the PCIe-based interconnects between them needs to scale to keep up with the exponentially increasing size of parameters and data sets used in AI models.
It was one thing to support cell towers when they were used for rural cellphone coverage. But it’s a new equation to be asked to provide faster bandwidth to an ISP that will use the bandwidth to win over local customers.
Jay Fink had an interesting little business. If you lived in California, you could give him access to your email account; he’d look through the spam folder for spam that appeared to violate the state anti-spam law and give you a spreadsheet and a file of PDFs.
It is not uncommon these days for threat actors to use malicious search ads to distribute malware. To do that, though, they would need to know how to bypass Google’s security measures by setting up decoy infrastructures.
Pressure to resolve incidents quickly that often comes from peers, leadership, and members of affected teams only adds to the chaos of incident management, causing more human errors. Coordinating incidents such as this through the process of having an Incident Commander role has shown more controllable outcomes for organizations around the world.
QUIC supports connection migration, allowing the client to migrate an established QUIC connection from one path to the other. QUIC’s path validation mechanism can be used to attack the peer and make it consume an unbounded amount of memory.
The NVM Express consortium has updated its specifications by adding a Computational Storage Feature, creating a standardized way for applications to talk to storage devices that include some processing capability.
Post Office chief exec Nick Read left British politicians shocked with his evidence before a Parliamentary committee yesterday after he admitted he could not say when the public body at the center of the historic miscarriage of justice knew when its system was at fault.
We’re only a few weeks into 2024, and violations of people’s privacy are already making some big headlines! First we had the continued drama with the 23andMe data breach; then a major financial software company was shut down for inappropriately using private information; and then this week, the FTC took an unprecedented step and banned a data broker from selling people’s location data.
The new domain name registration volume rose 10.24% from the third to the fourth quarter of 2023. WhoisXML API researchers uncovered this finding, along with other DNS trends, after analyzing more than 31 million newly registered domains (NRDs) added from 1 October to 31 December 2023 as seen in the Newly Registered Domains Data Feed.
Here is how you know that the way chiplets are linked together to create what might have otherwise been a monolithic device is now more important than the way that the chiplets themselves are designed.
Two weeks before Apple launched the Macintosh, Sir Clive Sinclair launched his unprecedentedly powerful yet affordable Motorola-powered SOHO computer – starting a line of hardware and software that, remarkably, is still going.
Even though it could take significantly longer for quantum computers to become sufficiently powerful to threaten current cryptography, we have to be prepared for a worst-case scenario. In the context of DNS, DNSSEC may no longer guarantee authentication and integrity when powerful quantum computers become available.
Yes, the weekend has pretty much already passed, but still …
The WailingCrab malware has gained notoriety for its stealth. IBM X-Force security researchers recently published an in-depth analysis of the malware, which has been abusing Internet of Things (IoT) messaging protocol MQTT.
While Kubernetes adoption continues to soar, it has become a prime target for cyberattacks. Unfortunately, Kubernetes clusters are complex and can be difficult to secure. Safeguarding your Kubernetes environment requires a solid understanding of the common attack chains that pose a threat to your infrastructure.
A new exploitation technique called Simple Mail Transfer Protocol (SMTP) smuggling can be weaponized by threat actors to send spoofed emails with fake sender addresses while bypassing security measures.
The Atomic Stealer, also known as “AMOS,” first emerged in September this year by spreading on Macs disguised as popular applications. This time around, it has been wreaking more havoc in the guise of a fake browser update dubbed “ClearFake.”
On December 27, The New York Times Company sued Microsoft and OpenAI for violations of their copyright. The Times contends that training chatbots on its content in order to create an information competitor is a violation of its copyright.
Since 2014, more than 800 new domain extensions have been added to the internet. In addition to the ubiquitous .com and country-code extensions such as the United Kingdom’s .uk and Japan’s .jp, unique spaces have been created for industry sectors, special interests, geographical regions and more.
Often the lifestyle entrepreneur builds his brand around projecting success; in fact, his real-life success rests partly on how well he can project it. As seen with founders such as Elizabeth Holmes of Theranos, the ability to attract investors rests on a cult of exclusivity and buzz around a brand’s value.
ChatGPT, the large language model developed by OpenAI, might seem like it generates novel content, but of course we know that it partakes in what’s generally called “scraping.” It takes pre-existing material on the Internet in response to the prompt a human user inserts.
This case had a bit of a weird result—even though the brand owner had a mark that was 20 years old, and the alleged cybersquatter, in the meantime, acquired a domain name on the open market identical to that mark, because the domain name was first registered (by an unrelated party) before the brand owner’s trademark rights arose, there was no relief under federal trademark law.
Thanks to Mark Prosser for a few links to add to the pile this week.
Microsoft found that a popular form of video-based training reduces phish-clicking behavior by about 3%, at best. This number has been stable over the years, says Microsoft, while phishing attacks are increasing yearly.
The Internet Architecture Board (IAB) has warned that policy proposals requiring or enabling the automated scouring of people’s devices for illegal material – as floated by the European Union, the United Kingdom, and the United States – threaten the open internet.
Another update of the Ultimate PCAP is available. Again, there are some special new packets in there which I want to point out here. Feel free to download the newest version to examine those new protocols and packets by yourself. Featuring: SNMPv3, WoL, IPMI, HSRP, Zabbix, Pile of Poo, and Packet Comments.
The Genesis Market began operating in 2017, four years after Silk Road closed shop. Like its predecessor, though, the Federal Bureau of Investigation (FBI) and other law enforcement agencies took the Genesis Market down last April.
The average cost of data breaches has been rising almost steadily since 2017. In 2017, the average cost was “merely” $3.62M. In 2023, it reached an all-time high of $4.45M in 2023. In the past three years, average breach costs increased by 15%.
Lars-Johan Liman, Netnod’s DNS nestor, makes a few personal reflections on the 20th anniversary of Netnod’s deployment of anycast – a technology that is a crucial part of the infrastructure of Netnod’s modern DNS services.
You know those little jokes that centre around a person with a PhD being on a plane, and someone asks for a doctor, and they say they aren’t that kind of doctor but the emergency involves their field of study?
The dark forest theory of the web points to the increasingly life-like but life-less state of being online.Dark Forest Theory of the Internet by Yancey Strickler Most open and publicly available spaces on the web are overrun with bots, advertisers, trolls, data scrapers, clickbait, keyword-stuffing “content creators,” and algorithmically manipulated junk.
After a decade or so of the general sentiment being in favor of the internet and social media as a way to enable more speech and improve the marketplace of ideas, in the last few years the view has shifted dramatically—now it seems that almost no one is happy.
When I first fell in love with the web, it was a radically different place. Aside from the many technical improvements that have been made, I feel like the general culture of the web has changed a lot as well.