Infosec Reading List – September 2020
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.
All InfoSec Reading Lists can be found here.
Best of Twitterverse
- A basic guide to photospheres, street view, and security – link
- Qubes Architecture Next Steps: The GUI Domain – “One of the Big Things coming soon, in Qubes 4.1, is the first public version of the GUI domain: the next step in decoupling the graphical hardware, the display and management, and the host system.” – link
- IT-Grundschutz Module for Qubes Client – there is an effort to propose to integrate Qubes OS into the German BSI Grundschutz Catalogues – interesting – link
- Ransomware hackers shut down Argentina’s borders, demand $4M BTC – “Government officials in Argentina are refusing to negotiate with a ransomware group that forced them to briefly close all immigration checkpoints on Aug. 27.” – link
- Hackers Are Taking Over ‘Warzone’ Accounts and Extorting Owners – link
- When you browse Instagram and find former Australian Prime Minister Tony Abbott’s passport number – booking reference and last name is sufficient for accessing all other personal information – while this is kind of normal unfortunately for all airlines, the additional information in the HTML code is a failure which could have been prevented – it’s a funny read – link
- Firefox bug lets you hijack nearby mobile browsers via WiFi – “However, Moberly discovered that in older versions of Firefox, you could hide Android “intent” commands in this XML and have the Firefox browser execute the “intent,” which could be a regular command like telling Firefox to access a link.” – link
- Not another ransomware blog: Initial access brokers and their role – “Once the broker has gained access, and they are ready to list it, they’re faced with a dilemma. They can demonstrate the value of their access to gain more attention and likely increase interest, resulting in a higher auction outcome. However, this option could be problematic; if they give away too much information, security researchers may identify the victim and kill the access, ruining their hard work” – link
- Amidst uncertainty, perceiving risk – “In the terminology of Knightian uncertainty, coined in 1921 by economist Frank Knight, risk is distinguished from uncertainty. Knight defined risk as “measurable uncertainty” in situations where one can calculate the odds of various potential outcomes.” – link
- Chilean bank shuts down all branches following ransomware attack – “Luckily, it appears the bank had done its job and properly segmented its internal network, which limited what the hackers could encrypt. The bank’s website, banking portal, mobile apps, and ATMs were untouched, according to multiple statements released by the bank, in order to reassure customers that their funds were safe..” – link
- Introducing CloudBrute, wild hunt on the clouds – link
- Attack of the week: Voice calls in LTE – “This isn’t exactly a problem, but it raises an issue. Keys for LTE encryption are derived separately each time a new “bearer” is set up. In principle this should happen afresh each time you make a new phone call.” – link