Weekend Reads 012822

DigiTimes reports that processor prices are set to increase “substantially” in 2022 due to a boost in foundry costs. Specifically, processors based on the sub-7nm process nodes are expected to be more expensive moving forward.

For the past four months, Apple’s iOS and iPadOS devices and Safari browser have violated one of the Internet’s most sacrosanct security policies. The violation results from a bug that leaks user identities and browsing activity in real time.

Although the advisory discussed above is specific to Russian threat actors, the lessons learned and approaches to preparedness, detection, and prevention are generically applicable to a wide range of threats for both IT and OT.

An active espionage campaign has been attributed to the threat actor known as Molerats that abuses legitimate cloud services like Google Drive and Dropbox to host malware payloads and for command-and-control and the exfiltration of data from targets across the Middle East.

HTTPS serves as a critical infrastructure for web security, protecting the privacy and integrity of communications between networks. An important aspect of the extension is the authentication process, which is powered by Web PKI via digital certificates that are issued by Certificate Authorities (CAs).

Their intention is to expand cybersecurity rules for critical infrastructure (CI) operators to include managed service providers (MSPs), more stringent breach notification requirements, and legislation to establish the UK Cyber Security Council as the standards development organization for the cybersecurity profession.

Firmware-based rootkits, though still relatively rare, are gaining in popularity because they give threat actors a way to maintain a persistent, hard-to-detect, and difficult-to-eradicate presence on a target network.

But when debating airline safety, facts matter, and we cannot let a baseless protest over aviation safety jeopardize access crucial new 5G technology.

The cost of expanding internet networks is a major barrier to bringing internet access to those people — if the Facebook robot can cut that cost, it could help close this “digital divide” and make the world a more equitable place.

Dedicated hardware middleboxes such as firewalls and Intrusion Detection Systems (IDS) are the conventional choice, but they lack scalability and flexibility. Plus, managing a number of middleboxes also involves high operational and capital costs. Emerging programmable hardware switches offer an appealing alternative.

Feeling down? Then browse some press releases for new silicon solutions! Few things will get you more excited for the future than the amazing possibilities of new application-specific integrated circuits (ASICs).

What’s worse than finding out that identity thieves took out a 546 percent interest payday loan in your name? How about a 900 percent interest loan?

Voice cloning is already being used for fraud. In 2019, fraudsters cloned a voice of a chief executive and successfully tricked a CEO into transferring a substantial sum of money. Similar crimes have emerged using the same technology.

It has been a long time coming! The upgrade to the international standard for information security management systems, ISO27001:2013, is here (almost).

While VPNs are able to provide remote access, it may come as a surprise that they fall short when it comes to security. This is because VPNs were built for when only a small portion of your workforce wanted to work from home.

Social engineering campaigns involving the deployment of the Emotet malware botnet have been observed using “unconventional” IP address formats for the first time in a bid to sidestep detection by security solutions.

TCP BBR aims to achieve higher throughput by using packet delay as an indicator instead of packet loss. However, our previous research reported that BBR does not perform well in all cases.

Taiwanese company QNAP has warned customers to secure network-attached storage (NAS) appliances and routers against a new ransomware variant called DeadBolt.

Online trackers can capture up to 80% of users’ browsing histories, with the practice far more pervasive than previously realized.

Introduced by Google in 2013, QUIC was finally standardized (RFC 9000) by the IETF as a ‘secure general-purpose transport protocol’, and published in May 2021.