On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here.
Quotes from the Twitterverse
InfoSec
- Crucial Questions from CEOs and Boards - [link]
- You’re Never Too Good for the Basics - Infosec is probably one of the best example fields where this principle applies: „Everyone wants advanced knowledge. But it’s typically the basics that matter most.“ infosec is full of buzzwords that keep this industry alive, but I guess what most of us need is just „the basics“ and no „full spectrum quantum blockchain zero-trusted cyber“ - [link]
- Open-Source Security: How Digital Infrastructure Is Built on a House of Cards - “But, open source’s ubiquity and the characteristics that make it valuable are also what make it a unique risk to digital infrastructure.” - “The issue is not the code: It is the lack of institutions securing the code.” - “About 30 percent of open-source projects, including some of the most popular ones, have only one maintainer.” - “Tax dollars fund public roads and bridges. Open source deserves the same support.” - [link]
- Twitter confirms zero-day used to expose data of 5.4 million accounts - „This vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID. The threat actor then used this ID to scrape the public information for the account.“ - [link]
- 7 best reasons to be a CISO - [link]
- Cisco Talos shares insights related to recent cyber attack on Cisco - „After obtaining the user’s credentials, the attacker attempted to bypass multifactor authentication (MFA) using a variety of techniques, including voice phishing (aka “vishing”) and MFA fatigue, the process of sending a high volume of push requests to the target’s mobile device until the user accepts, either accidentally or simply to attempt to silence the repeated push notifications they are receiving.“ - this is interesting and shows a need to configure MFA in such a way that ideally, these kind of attacks dont work: e.g. dont allow MFA messages to spam the user, raise an alert in case this is done etc. - [link]
- Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor - [link]
Outdoor
- The Long Crossing of Norway’s Lofoten Islands - this goes to my [todo] list - [link]