Weekend Reads 073120

More than 4.7 million sources in five countries — the US, China, South Korea, Russia, and India — were used to level distributed denial-of-service (DDoS) attacks against victims in the second quarter of 2020, with the portmap protocol most frequently used as an amplification vector to create massive data floods, security and services firm A10 Networks says in its threat report for the second quarter.

Thousands of people graduate from colleges and universities each year with cybersecurity or computer science degrees only to find employers are less than thrilled about their hands-on, foundational skills. Here’s a look at a recent survey that identified some of the bigger skills gaps, and some thoughts about how those seeking a career in these fields can better stand out from the crowd.

Three standards for email security that are supposed to verify the source of a message have critical implementation differences that could allow attackers to send emails from one domain and have them verified as sent from a different — more legitimate-seeming — domain, says a research team who will present their findings at the virtual Black Hat conference next month.

We’ve tried to use GUI to simplify the YAML file. But Devops/ operators wanted more options. We’ve also tried all-in-one YAML. Developers really hated those “additional” fields. Finally, I realized the problem is because Kubernetes API is not team centric. In many organizations, developers and Devops/operators are two different roles. Yet when using Kubernetes, they have to work on the same YAML file. And that means trouble.

Service meshes have attracted an enormous amount of hype around them. With at least a few talks about service meshes during each tech conference, one can easily be convinced that having a service mesh in their infrastructure is a must. However, hype isn’t a good indicator of whether the new shiny tech is the right solution for your problems.

Twitter on Wednesday disclosed that the attackers who took over accounts belonging to several high-profile individuals last week managed to access the direct message inbox of at least 36 individuals. The update further highlights the severity of the breach at Twitter and shows why organizations need to have measures protecting against — and mitigating fallout from — compromises of corporate social media accounts and accounts belonging to their top executives.

The ability of the human brain to process massive amounts of information while consuming minimal energy has long fascinated scientists. When there is a need, the brain dials up computation, but then it rapidly reverts to a baseline state. Within the realm of silicon-based computing, such efficiencies have never been possible.

As organizations let billions of connected devices into their corporate networks, do they really know what those devices are made of and the risk they may pose? The answer is likely: not really.

With the recent launch of Chrome 83, and the upcoming release of Mozilla Firefox 79, web developers are gaining powerful new security mechanisms to protect their applications from common web vulnerabilities.

The Digital Services Act is essentially an update to the E-Commerce Directive of 2000, which provides the legal framework regulating digital services in the EU and and sets out the liability regime for “information society service” providers, including Internet service providers, as well as those that act as “online intermediaries”, such as hosting and cloud providers.

There is much evidence suggesting an increase in cyberattacks during the COVID-19 pandemic — and the method of particular concern for folding, contracting, or merging brands is that of abandoned domain names.

Human beings—well most of us anyways—are wired to help. If we see someone in trouble, we want to assist them. It is what has kept our rather soft and squishy species alive when there were lions and tigers and bears trying to eat us. Strength in numbers and all that. When we see a car broken down on the side of the road, and if we notice that little, old lady trying to cross the street, there is that instinct to lend aid.