Weekend Reads 092421

Microsoft on Tuesday addressed a quartet of security flaws as part of its Patch Tuesday updates that could be abused by adversaries to target Azure cloud customers and elevate privileges as well as allow for remote takeover of vulnerable systems.

To meet current demands, as well as those of the next normal and an unpredictable future, retailers are now adopting software-driven strategies to deliver connected retail experiences and operations, ultimately resulting in the software-defined store.

Network measurement techniques have been mostly developed independently from protocols and, therefore, typically build upon externally visible semantics. One example of this is TCP sequence numbers and acknowledgements, which can be used to derive a flow’s round-trip time (RTT).

Ordinarily, when developing something, you start with a set of requirements or goals. But DNSSEC was a research project, so in place of requirements, developers set expectations of what needed to be done and what could be done to solve the DNS security problem.

Open-source M1-style chips may be in our future, according to a reverse-engineering document released online, Tom’s Hardware reports.

But how can they know that the plan they have is efficient enough to alleviate future cyber incidents? By using a cyber crisis tabletop exercise (CCTE), organizations can test or rehearse the emergency preparedness plan before a crisis occurs.

In a previous blog, we discussed how Paragon Pathfinder (formerly known as NorthStar Controller) greatly increases the level of automation in networks.

More than 20 years ago, the historical rate of shrinking transistors to improve speed, density, power consumption, and cost became impossible to maintain. Even with slower physical scaling, however, electronics manufacturers steadily improved their products by exploiting new materials, new device and circuit designs, and faster communication between chips.

South Korean chipmaker Samsung Electronics aims to be first to adopt a new form of transistor that should allow Moore’s Law to continue for another decade when it puts into production its 3nm semiconductor process toward the end of 2022.

The Roman historian Tacitus (55 A.D.–120 A.D.) once said “the desire for safety stands against every great and noble enterprise.”

The European Processor Initiative (EPI) has pinned its hopes on RISC-V as the path to European semiconductor independence.

Networking equipment company Netgear has released patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system.

After every major hurricane, like the category 4 Ida that recently hit Louisiana, there is talk in the telecom and power industries about ways to better protect our essential power and communication grids.

This comprehensive research into BulletProofLink sheds a light on phishing-as-a-service operations. In this blog, we expose how effortless it can be for attackers to purchase phishing campaigns and deploy them at scale.

The CMMC offers five tiers of conformity against two separate columns of achievements. To clarify, processes and practices are matched to higher compliance levels.