Weekend Reads 040122

An FBI intelligence memo from March 18 obtained by CBS has revealed that currently 140 or more Russian–based IP addresses are conducting “abnormal scanning activity” of companies in the U.S. energy sector.

In this second part, I lay out a set of recommendations for ways to help ensure that these entanglements of industry and academia don’t grant companies undue influence over the conditions of knowledge creation and exchange.

AvosLocker is a ransomware-as-a-service (RaaS) gang that first appeared in mid-2021. It has since become notorious for its attacks targeting critical infrastructure in the United States, including the sectors of financial services, critical manufacturing, and government facilities.

NVIDIA today unveiled powerful new hardware to serve as the key building blocks for its vision to transform data centers into “AI factories,” unleashing new frontiers in technical computing.

More recently, there’s been a growing trend across government and regulatory bodies in the United States towards shorter timeframes for reporting of cybersecurity incidents. Here’s a brief rundown of the recent activity.

Artificial intelligence is an oxymoron. Despite all the incredible things computers can do, they are still not intelligent in any meaningful sense of the word.

The technique for adding 3D vertical L3 cache to the processor complex is very interesting, and gives us a preview into how chip real estate might be better utilized in the near future in all kinds of chips.

One of the main challenges of OT security is the problem of compatibility. OT components often differ significantly from each other in terms of age and sophistication as well as software and communication protocols.

But rather than a few large security-focused companies driving consolidation, the acquisition activity suggests that the big winners will be large cloud companies that better integrate cybersecurity into their services and offer new products and services based on their expertise.

A novel phishing technique called browser-in-the-browser (BitB) attack can be exploited to simulate a browser window within the browser in order to spoof a legitimate domain, thereby making it possible to stage convincing phishing attacks.

However, there is a fundamental question of when it is appropriate to act at the DNS level and the evaluation of whether the alleged abuse meets a sufficient threshold for action at the DNS level.

In March 2022, NSA & CISA has issued a new version of the Kubernetes Hardening Guide – version 1.1.

Victims of ransomware attacks face the excruciating choice of either paying off their attackers or risking considerable disruption in attempting to restore encrypted data on their own or — as is often the case — with the help of an incident response firm.

As major businesses feel a growing sense of urgency to dramatically cut carbon emissions, opinions are starting to shift in favor of nuclear power, which is not classed as clean, but is a near-zero carbon energy source.

Our realization was that since there are far fewer bad guys than systems we want to defend, stopping the bad guys, rather than defending each system, provides a scalable solution.

Binding arbitration seems like a sensible path to choose between two companies doing business. I’ve assisted in several binding arbitration complaints between carriers, and it’s faster, more efficient, and less costly for companies than wading into the court system.