Weekend Reads 120223

Yet despite the constant accretion of new tools to solve new problems, the most common root cause of serious cybersecurity incidents remains failed processes.

The House of Representatives’ failure to spike a federal “kill switch” mandate means that outside of a political miracle, all new vehicles from 2026 onward will be required to incorporate “advanced drunk and impaired driving prevention technology.”

Gone are the days when a car was a dumb machine you turned on and drove from A to B. Today it’s a smartphone on wheels, and your data is possibly being taken for a ride.

APT29, believed to be an espionage group from Russia, became known for launching targeted attacks against organizations in Ukraine.

Mozilla has slapped its “Privacy Not Included” labels on several products from Google, Amazon and Microsoft – just in time for Christmas shopping.

Despite more than a decade of reminding, prodding, and downright nagging, a surprising number of developers still can’t bring themselves to keep their code free of credentials that provide the keys to their kingdoms to anyone who takes the time to look for them.

Special report Web advert blockers and other Chrome extensions will stop working by June 2024 unless they’ve been revamped to keep up with Google’s changes to its ubiquitous browser.

The Federal Bureau of Investigation (FBI) shut down BreachForums, a forum for English-speaking black hat hackers, on 21 March 2023, following the arrest of its owner Conor Brian Fitzpatrick.

A new study has demonstrated that it’s possible for passive network attackers to obtain private RSA host keys from a vulnerable SSH server by observing when naturally occurring computational faults that occur while the connection is being established.

This post covers an interesting case of suspected abuse in a generic Top-Level Domain (gTLD) registry between February and April 2023. It is a good example of an edge case, where the decision on whether or not to mitigate was not clear-cut, and different levels of evidence were available at different times.

For example, one thing to ask is: to what extent is the Internet resilient to this kind of event? In earlier analyses, to the extent we’ve been able to measure it, the answer has largely been: very. So let’s take a look at whether the same holds this time around.

Is a public cloud like AWS or Microsoft’s Azure the right place to host every deployment workload at every stage of its life? To be honest, I once thought that that was true – at least 95% of the time.