Weekend Reads 080119

Yesterday, some residents of Johannesburg, the largest city in South Africa, were left without electricity after the city’s power company got attacked by a ransomware virus —Mohit Kumar

Business logic security issues are not well understood by the industry and difficult to identify before they reach production environments. The First American Financial exposure provides several valuable lessons on how to manage business logic risk in DevOps pipelines that seem to accelerate every day. —Chetan Conikee

It is important to note, however, that once the IT department work has moved off premises, the business no longer owns that service or the infrastructure that delivers it. Instead, the company is investing in an intangible service from a centralized source. There are several consequences of this trend. —Tim Gooding

Major shifts in the way consumers spend their time and money have created a lethal competitive field for news media. Here are some facts and charts about it. —Frederic Filloux

On the three-year anniversary of the No More Ransom project, Europol announced today that users who downloaded and decrypted files using free tools made available through the No More Ransom portal have prevented ransomware gangs from making profits estimated at at least $108 million. —Catalin Cimpan

Many modern digital devices are difficult to repair — and this is by design. What’s more, companies like Apple will often void consumer warranties if their devices are fixed at a local mom and pop shop rather than by their own company’s professionals. —Navneet Alang

I don’t get surprised very often in this industry, but I must admit that I was surprised by the amount of money awarded for satellite broadband in the reverse auction for CAF II earlier this year. Viasat, Inc., which markets as Exede, was the fourth largest winner, collecting $122.5 million in the auction. —Doug Dawson

According to Troy Hunt, creator of HaveIBeenPwned, an increasing number of data breaches and data leaks are a direct result of weak passwords and password reuse. —Kacy Zurkus

When CVE-2019-5021 was released on May 8, it made me wonder how widespread the issue of vulnerabilities in popular containers is. Businesses have increasingly come to rely on containers as an agile development tool, but because they are inert when not in use, security vendors have found them difficult to scan. —Jerry Gamblin

When some people hear “Cryptography”, they think of their Wifi password, of the little green lock icon next to the address of their favorite website, and of the difficulty they’d face trying to snoop in other people’s email. Others may recall the litany of vulnerabilities of recent years that boasted a pithy acronym (DROWN, FREAK, POODLE…), a stylish logo and an urgent warning to update their web browser. —Ben Herzog

When it comes to cybersecurity, the world is obsessed with attribution. We see sensational headlines all the time that question, speculate on, and purport to confirm the identities of attackers. —Brandon Levene

In what could be the first significant expansion of the Supreme Court’s finding in Carpenter v. United States, a federal district court in Massachusetts granted a motion to suppress evidence, ruling that police use of a “pole camera” represented a search under the Fourth Amendment. —Evan Ringe

Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies —Mohit Kumar