Weekend Reads 050121


Attacks on virtual private networks, like those this week targeting a trio of known vulnerabilities in Pulse Secure appliances, have intensified in recent months along with the increase in remote and hybrid work environments since the outbreak of COVID-19.


Over the last couple of years, policy-making institutions have been putting greater focus on the study of various aspects of Artificial Intelligence (AI). This doesn’t come as a surprise.


Forty-six percent of all malware uses the cryptographic protocol to evade detection, communicate with attacker-controlled servers, and to exfiltrate data, new study shows.


One position I think more people should be aware of is a CISO. What does this actually mean – besides being made redundant when a breach is announced? I have personally worked within a CISO-as-a-Service position, but I wanted to get some more insight from those who are working in the trenches daily in an in-house CISO position.


According to Help Net Security, organizations in the pharmaceutical and biotech sectors witnessed a 50% increase in digital attacks between 2019 and 2020. It appears that at least part of those attacks originated from nation-state actors who specifically sought to steal COVID-19 vaccine research.


As further proof of this, new research published today shows that the threat actor carefully planned each stage of the operation to “avoid creating the type of patterns that make tracking them simple,” thus deliberately making forensic analysis difficult.


REvil is an ambitious criminal ransomware-as-a-service (RAAS) enterprise that first came to prominence in April 2019, following the demise of another ransomware gang GandCrab.


My point is different from whether computer science is in engineering, science, or mathematics. Rather, I’m arguing that computing education intersects engineering education, but is not the same as engineering education.


We’re seeing more one-time password phishing. This is the value proposition of something like U2F, but how do we make phish-resilient authentication mechanisms?


While the interface has changed little over time, Amazon’s Simple Storage Service (S3) is anything but basic on the backend. With over fifteen years of development, the concept of “storage for the internet” spinning from retailer Amazon.com’s own interest, continues to evolve, driven these days by a sharp rise in machine-to-machine interaction.


No question about it. Intel had to get a lot of moving pieces all meshing well to deliver the “Ice Lake” Xeon SP server processors, which came out earlier this month and which have actually been shipping to a few dozen select customers since the end of 2020.


Bug-bounty programs have accelerated in the past few years. Many organizations — bewitched by bounty programs’ promise of faster vulnerability identification, improved product security, and cost-effective outsourcing solutions — find themselves facing unanticipated vulnerabilities and unexpected threats.


In a software supply-chain attack reminiscent of the SolarWinds compromise, unknown attackers used a vulnerable tool published by code checking firm Codecov for a little over two months to collect sensitive development information from the company’s clients.


Uptime Institute Members say one of their most vexing security concerns is the insider threat — authorized staff, vendors or visitors acting with malicious intent.


The concept of “passwordless” authentication has been gaining significant industry and media attention.