Infosec Reading List – September 2021
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security and Outdoor Sports.
All InfoSec Reading Lists can be found here.
Best of Twitterverse
- NSO Group iMessage Zero-Click Exploit Captured in the Wild – link
- A Complete Guide to Tagging for Personal Knowledge Management – helpful article in case you are interested in personal knowledge management – link
- Juniper Breach Mystery Starts to Clear With New Details on Hackers and U.S. Role – another example why it’s impossible to create one backdoor that only the “good” can use – link
- “Secret” Agent Exposes Azure Customers To Unauthorized Code Execution – “When users enable any of these popular services, OMI is silently installed on their Virtual Machine, running at the highest privileges possible. This happens without customers’ explicit consent or knowledge.” – what comes to my mind reading this is the old topic of transparency in the cloud: how much transparency do you as customers have and how much do you actually need? we talked about this misalignment already one decade ago, here – “With a single packet, an attacker can become root on a remote machine by simply removing the authentication header.” – link
- Allow arbitrary URLs, expect arbitrary code execution – link