Weekend Reads 062422

The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East.

A service level agreement (SLA) is a contract between a cloud provider and a user. The SLA describes the provider’s minimum level of service, specified by performance metrics, and the compensation due to the user should the provider fail to deliver this service.

Grooming techniques used in various frauds are getting more common and more elaborate. Fraudsters are coming up with narratives that involve complicated lies and may have different stages, depending on the type of fraud.

For years, the two most popular methods for internal scanning: agent-based and network-based were considered to be about equal in value, each bringing its own strengths to bear.

Introduced last fall, GDC enables customers to deploy managed servers and software in private datacenters and at communication service provider or on the edge.

In recent years, the price per address for small blocks (/17 and smaller) has been greater than the price per address of large blocks (/16 and larger).

Domain Name System (DNS) abuse is one of the most important ongoing discussions in the community. Many of the existing industry white papers and general discussions around abuse incidents are based on data from reputation feeds, also called Reputation Blocklists (RBLs).

Despite the good-mood vibe, there are a lot of issues to be resolved when it comes to embarking on a multi-year project to bring fiber broadband to all unserved areas in the U.S.

Digital twin technology allows for the creation of a virtual duplicate of a live production system, network environment, or cloud instance in real time — and it promises to be a rapidly growing market and boon to manufacturers and security pros alike.

Average household broadband usage in March 2022 was measured at 514 gigabytes, staying over half a terabyte of data used for the average household.

If cloud services weren’t complicated enough for the typical business today to properly configure and secure, there’s also a lesser-known layer of middleware that cloud providers run that can harbor hidden security flaws.

The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018.

To understand why security teams are so held back by noise, we must first understand the consequences of noise for the security team. While not an exhaustive list, here are a few key repercussions.

In general, there is too much reliance on products to solve our security problems. Security teams have become consumers of security alerts, not practitioners of security craftsmanship.

I’ve gathered the 10 most common mistakes teams make when starting with platform engineering.