Weekend Reads 110620

These trends highlight the need for organizations to secure their cloud environments. Provided below are some things they should keep in mind along the way

This blog post aims to find out by first identifying the differences between IT and OT. It will then provide insight into IT-OT convergence and discuss challenges that this junction is creating. It will then discuss how containers can solve some of those challenges.

Companies relying on their business interruption or property insurance policies to cover ransomware attacks and other cyber damages are running the risk of not having coverage during a major attack if insurers are successful in shielding themselves using the ubiquitous “act of war” clause, according to cybersecurity and insurance experts.

A company’s business development tactics are usually about getting a bigger slice of the market “pie” for themselves through successful competition against other companies. However, the Internet and the services that run on it have repeatedly shown that, when companies collaborate with competitors to build and use open standards, the market pie is expanded and even a single slice provides a bigger return.

These days, due in no small part to the exhaustion of the IPv4 address pool, but equally due to an architectural evolution that had to cope with the massive explosion of numbers of devices in networks, we’ve shifted to a client/server network model where clients initiate connections and servers respond.

Certain categories of companies have very large attack surfaces. Such is the case of streaming media businesses like Netflix and HBO Max. Netflix has around 195 million users worldwide, while HBO Max recently hit 28.7 million subscribers. Such user bases make them lucrative targets.

A new malware campaign targeting smartphone users in the US is the latest sign that mobile devices are becoming the next big target for cyberattackers.

The Kubernetes documentation uses the example that a controller is like your heat thermostat. The position of the dial is its desired state, the current temperature is its actual state, and the thermostat constantly applies or removes heat in an effort to keep the two in sync. This is how a Kubernetes controller works – it is a loop that watches the state of your cluster and makes changes as needed, always working to maintain your desired state.

The development of encrypted DNS, specifically DNS-over-HTTPS (DoH), has attracted a relatively large amount of interest to a previously quiet corner of the Internet protocol world. Its development has been driven by a desire to show full end-to-end encryption of network connections, removing one of the remaining elements of plain text data.

End users, or stub resolvers, don’t generally validate DNS responses. Instead, they rely on recursive resolvers to perform DNSSEC validation. The recursive resolver passes the response back to the stub resolver in an unencrypted DNS response with a single bit set to indicate that the recursive resolver has performed DNSSEC due diligence on the answer.

At the front of the room was an array of video monitors and data feeds, set up to face the room’s stadium seating, like mission control at a rocket launch. The screens showed live footage from several angles of a massive diesel generator.

Like oil, data, in its crude form, needs to be refined to be valuable; a process that can be painstaking and costly for even skilled statisticians. Data scientists have become increasingly sought after by various industries that are seeking to capitalize on this value.

It’s incredible to think that both ML and AI are still only in their infancy given the amount of time since their theoretical conception. This, in itself, points to their complexity; a fact that becomes increasingly more apparent once you start to implement them yourself.

In recent years, much has been made of the advances of machine-learning (ML) and artificial intelligence (AI) in various aspects of technology. This is certainly true also for cybersecurity and the increase of ML powered-security solutions. However, there are inherent risks both at a high level and specifically when applied to cybersecurity that need to be kept in mind