Weekend Reads 111221

We’ve had too many face-palm-worthy incidents of organizations hearing “hey, I found your data in a world readable S3 bucket” or finding a supposedly “test” server exposed that had production data in it.

Virtually all compilers — programs that transform human-readable source code into computer-executable machine code — are vulnerable to an insidious attack in which an adversary can introduce targeted vulnerabilities into any software without being detected, new research released today warns.

2021 has already been a banner year for cybercriminals — the record-largest ransomware payment of $40 million was made by an insurance company this year. And the attacks won’t stop.

In the 2021 Domain Security Report, we analyzed the trend of domain security adoption with respect to the type of domain registrar used, and found that 57% of Global 2000 organizations use consumer-grade registrars with limited protection against domain and DNS hijacking, distributed denial of service (DDoS), man-in-the-middle attacks (MitM), or DNS cache poisoning.

When it comes to cybersecurity, risks are omnipresent. Whether it is a bank dealing with financial transactions or medical providers handling the personal data of patients, cybersecurity threats are unavoidable. The only way to efficiently combat these threats is to understand them.

‘Functional, free and secure by default’, OpenBSD remains a crucial yet largely unacknowledged player in the open-source field.

A new multistage phishing campaign spoofs Amazon’s order notification page and includes a phony customer service voice number where the attackers request the victim’s credit card details to correct the errant “order.”

Traditional security gives value to where the user is coming from. It uses a lot of trust because the user’s location or IP address (perimeter model) is used to define the user to the system. In a zero-trust model, we assume zero units of trust before we grant you access to anything and verify a lot of other information before granting access.

Up to the second half of the 19th century —with the exception of the industrial power Great Britain—the protection of inventions was inadequate and strongly disputed.

Two senators have introduced bipartisan legislation that would make it harder for online tech giants to make acquisitions that “harm competition and eliminate consumer choice,” according to the office of Sen. Amy Klobuchar (D-Minn.), one of the bill’s co-sponsors.

A team of tech companies including Google, Salesforce, Slack, and Okta recently released the Minimum Viable Secure Product (MVSP) checklist, a vendor-neutral security baseline listing minimum acceptable security requirements for B2B software and business process outsourcing suppliers.

Are you looking to get a VPN subscription soon? Before you get a multi-year subscription, make sure the VPN you choose has these six crucial features.

Death, taxes, and spam. It’s constant, ever-present, and you likely have a few hundred of them sitting in your Spam folder as you read this.

For those who follow the issue of blocking illegal content from the Internet, there is an interesting development in relation to this issue here in Germany, and I will tell you a little about it.

Neal Stephenson’s foundational cyberpunk novel Snow Crash brought to the public the concept of a metaverse, a virtual reality in which people interact using avatars in a manufactured ecosystem, eschewing the limitations of human existence.