Weekend Reads 012222

When you’re out and about, and especially when you’re traveling, you might find yourself feeling quite a bit of anxiety when logging into public Wi-Fi.

There are a lot of resources out there on Twitter, Reddit, and YouTube about this epic vulnerability. I wanted to create this post to summarize the main things I learned, ways to test it as pentester, and the mitigation controls that help prevent the exploitation of this vulnerability.

A Romanian vulnerability researcher has discovered more than 70 flaws in combinations of cloud applications and content delivery networks (CDNs) that could be used to poison the CDN caches and result in denial-of-service (DoS) attacks on the applications.

As we look ahead into 2022, the datacenter compute landscape is considerably richer than it was a decade ago.

In a perfectly regulated industry, both the industry and the public should be miffed at regulators for not fully supporting their issues.

One could argue that the last few years have highlighted some of the most pressing semiconductor industry issues but there are challenges on the horizon well beyond current supply chain and silicon manufacturing bottlenecks.

In light of recent incidents that impacted both information technology (IT) and operational technology (OT) environments, organizations are increasingly evaluating the risks associated with growing IT/OT convergence.

In this post, I want to go into more detail on how we use Suzieq to validate key aspects of the network, as well as Batfish, which we use for evaluating the validation process.

On the surface, ISO 27701 and GDPR are entirely different. The GDPR is a mandatory regulation for companies handling European data, and ISO 27701 is an extension of an optional certification, ISO 27001. Despite their differences, they contemplate many of the same considerations.

The Graviton family of Arm server chips designed by the Annapurna Labs division of Amazon Web Services is arguably the highest volume Arm server chips the datacenter market today, and they have precisely one – and only one – customer. Well, direct customer.

If you look at the past, patch management was not a cybersecurity issue; rather, it was an IT issue. And it wasn’t until the emergence of Code Red in 2001 when Microsoft started issuing patches to plug security vulnerabilities in its software.

Verizon and AT&T said on Monday that they have voluntarily agreed to further delay the rollout of their next-generation 5G wireless technology at the request of U.S. Transportation Secretary Pete Buttigieg.

During our 2021 Financial Institution Cyber Drill, 204 security professionals in 38 teams were given the task to act as ‘Incident Handlers’ and identify, investigate and provide recommendations to resolve these issues from the artifacts provided by BGD e-GOV CIRT.

Cybersecurity researchers have detailed a high severity flaw in KCodes NetUSB component that’s integrated into millions of end-user router devices from Netgear, TP-Link, Tenda, EDiMAX, D-Link, and Western Digital, among others.

Leichtman Research Group recently conducted a nationwide poll of 2,000 households asking about broadband usage.

Proving that whenever you buy something new, a better thing immediately comes out, the PCI-Sig Group announced the release of PCIe 6.0 on Tuesday, which will double the raw data rates of the PCIe 5.0 technology that only just debuted in Intel’s 12th-gen ‘Alder Lake’ Core processors.

Physicists from Lancaster University say that we might be close to combining them into a single piece of hardware, which they call UltraRAM.

Not every manufacturing node comes out perfectly and not every one comes out on time, but in the past decade and a half, Taiwan Semiconductor Manufacturing Co, the world’s largest and most technologically advanced etcher of chips in the world, has done far better than any of its few remaining peers to push the chip manufacturing envelope while also maintaining consistent and profitable production of older nodes.

The attacker starts with a legitimate URL for a sensitive profile page but appends an invalid path component disguised as a static file — a style sheet.

The first half of the year saw massive ransomware attacks that affected parts of critical infrastructure all around the world, as well as a vulnerability in IT management software. This vulnerability targeted the public sector, credit unions, schools, and other essential services.

But in more recent years, Wazawaka has focused on peddling access to organizations and to databases stolen from hacked companies.

Satellite broadband made the news again recently when the Chinese government said it had to adjust the orbits of the Chinese space station to avoid collisions with Starlink satellites. China claims it had to make adjustments in July and October of last year.

HTTPS was proposed to address this issue and has greatly improved security, protecting web traffic from eavesdropping and tampering. However, HTTPS doesn’t solve the problem of trust.

Despite the many benefits that public Wi-Fi has to offer, there are also some downsides that could be a reason to either avoid it altogether or take precautions to be safe when using it.