Weekend Reads 120321


SpaceX had filed a new application with the Federal Communications Commission for a smaller dish, which just received approval yesterday.


Threat actors are increasingly banking on the technique of HTML smuggling in phishing campaigns as a means to gain initial access and deploy an array of threats, including banking malware, remote administration trojans (RATs), and ransomware payloads.


IBM unveiled a 127-qubit quantum computing chip called Eagle this week, showing off a new asset in the race to build the most powerful quantum computer.


Insurers have halved the amount of cyber cover they provide to customers after the pandemic and home-working drove a surge in ransomware attacks that left them smarting from hefty payouts.


U.S. banking regulators on Thursday finalized a rule that directs banks to report any major cybersecurity incidents to the government within 36 hours of discovery.


After squandering its lead because of a half decade of problems modernizing its manufacturing, that’s where Intel has been headed.


General Motors (GM.N) aims to tackle the global semiconductor shortage with new designs built in North America, President Mark Reuss said on Thursday.


As telehealth and digital platforms cement their role in the post-pandemic future, it’s imperative for the digital health ecosystem to find ways of enhancing support networks, marking the transition from telehealth to tele-wellbeing.


There is currently no specific time frame during which banks must report to federal regulators that a security incident had occurred. A new notification rules changes that to 36 hours.


One of the more common ways cybercriminals cash out access to bank accounts involves draining the victim’s funds via Zelle, a “peer-to-peer” (P2P) payment service used by many financial institutions that allows customers to quickly send cash to friends and family.


DDR5 has barely hit the shelves, but Samsung has confirmed it’s already working on the next generation of RAM.


Speculative execution attacks present an enormous security threat, capable of reading arbitrary program data under malicious speculation, and later exfiltrating that data over microarchitectural covert channels. This paper proposes speculative taint tracking (STT), a high security and high performance hardware mechanism to block these attacks.


Alternatively, the unencrypted variants of these protocols can be upgraded to encrypted connections via a mechanism called STARTTLS.


Researchers have demonstrated yet another variant of the SAD DNS cache poisoning attack that leaves about 38% of the domain name resolvers vulnerable, enabling attackers to redirect traffic originally destined to legitimate websites to a server under their control.


In the field of artificial intelligence (AI) research, this article posits that it is tooling which has played a disproportionately large role in deciding which ideas succeed and which fail.


Networking equipment company Netgear has released yet another round of patches to remediate a high-severity remote code execution vulnerability affecting multiple routers that could be exploited by remote attackers to take control of an affected system.


A new analysis of website fingerprinting (WF) attacks aimed at the Tor web browser has revealed that it’s possible for an adversary to glean a website frequented by a victim, but only in scenarios where the threat actor is interested in a specific subset of the websites visited by users.


No fewer than 1,220 Man-in-the-Middle (MitM) phishing websites have been discovered as targeting popular online services like Instagram, Google, PayPal, Apple, Twitter, and LinkedIn with the goal of hijacking users’ credentials and carrying out further follow-on attacks.


To answer this, we at Waseda University have conducted a large-scale survey into the adoption of various DNS security mechanisms — DNSSEC, DNS Cookies, CAA, SPF, DMARC, MTA-STS, DANE, and TLSRPT — and in doing so identified what effects adoption rates.