Weekend Reads 031722

We should instead be choosing authentication processes that appropriately match site risks; using a password should be the last thing you want to rely on.

Public companies would have to report material cybersecurity incidents no later than four business days after they occur if a rule proposed by the Securities and Exchange Commission (SEC) on Wednesday takes effect.

Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm, and stage speculative execution attacks such as Spectre to leak sensitive information from host memory.

The directive was accompanied by a catalog of known exploited vulnerabilities maintained by CISA that includes mandatory remediation deadlines. Essentially, it means “fix these fast or else” for applicable agencies and organizations.

Just being aware of surveillance has chilling effects in how we exercise speech, which is often under attack by all sorts of actors from criminals to our own governments.

Threat actors have been observed abusing a high-impact reflection/amplification method to stage sustained distributed denial-of-service (DDoS) attacks for up to 14 hours with a record-breaking amplification ratio of 4,294,967,296 to 1.

Since its birth, Yara has become a common ground to exchange threat signatures between cybersecurity researchers. It is quintessential for identifying known or related malware, as well as hunting for malware artifacts.

Cybersecurity researchers on Tuesday disclosed 16 new high-severity vulnerabilities in various implementations of Unified Extensible Firmware Interface (UEFI) firmware impacting multiple HP enterprise devices.

Companies in Europe and beyond are vying for control of the crown jewels of the connected car era: your vehicle’s data.

We joked around, the board voted yes, and we emailed the file to an in-house legal team. A little more than a year later, our application for carbon footprint tracker was published.