Weekend Reads 100821

first, a few interesting stories on the facebook outage

Facebook says that a configuration error broke its connection to a key network backbone, disconnecting all of its data centers from the Internet and leaving its DNS servers unreachable, the company said.

Following the Facebook outage that took place on 4 October, we saw people looking to BGPlay to get a better view of what went on. Here’s a look at what the RIPEstat visualisation has to show us about the event in question.

On October 4th Facebook managed to achieve one of the more impactful of outages of the entire history of the Internet, assuming that the metric of “impact” is how many users one can annoy with a single outage. In Facebook’s case the 6-hour outage affected the services it provides so some 3 billion users, if we can believe Facebook’s marketing hype.

But surely the bigger lesson is that we are all too dependent on too few Really Big providers. EU Competition Commissioner told Reuters “Facebook’s (FB.O) six-hour outage the previous day shows “the repercussions fn relying on just a few big players and underscores the need for more rivals.”

and other stories, as usual

Email is the most popular vector through which to initiate successful cyberattacks. Statistics indicate that anywhere between 90% and 95% of all such attacks involve email, whether to deliver malware, to hoodwink a user into visiting a website from which ransomware will be downloaded, or simply to imitate a CEO or CFO and demand that a multimillion-dollar payment be expedited forthwith.

It looked like a calculator app. But it was actually spyware recording my every keystroke — the type of data that would give a stalker unfettered access to my private life.

Many organizations lag in patching high-severity vulnerabilities, according to a new study that reveals more than 50% of servers scanned have a weak security posture weeks and months after a security update is released.

In February, KrebsOnSecurity wrote about a novel cybercrime service that helped attackers intercept the one-time passwords (OTPs) that many websites require as a second authentication factor in addition to passwords.

Nvidia revealed a new feature coming to RTX 2000 and RTX 3000 graphics cards called DLAA.

Bad actors have accelerated their purchase of domains that look similar to the brands of the largest 2,000 companies in the world, with 60% of such domains registered to risky third parties, not the companies themselves,.

By declaring that they are in line with the chosen security standard, businesses can demonstrate much higher credibility when faced with stakeholders, insurance providers, potential clients, and potential partners. This is just one of many benefits that come with achieving standards.

On Tuesday, D-Wave released its roadmap for upcoming processors and software for its quantum annealers. But D-Wave is also announcing that it’s going to be developing its own gate-based hardware, which it will offer in parallel with the quantum annealer.

Syniverse, a company that routes hundreds of billions of text messages every year for hundreds of carriers including Verizon, T-Mobile, and AT&T, revealed to government regulators that a hacker gained unauthorized access to its databases for five years.

While domain cyber risk is rising, the level of action being taken by Forbes Global 2000 companies to improve their domain security posture has remained unchanged, leaving these companies exposed to even more risk.

Most people only ever give common vulnerabilities and exposures (CVEs) a passing glance. They might look at the common vulnerability scoring system (CVSS) score, determine whether the list of affected products is a concern for them, and move on.