On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here.
Quotes from the Twitterverse
InfoSec
- The Defender’s Guide to the 3CX Supply Chain Attack - Unfortunately, despite receiving dozens of reports from users of multiple EDR products (SentinelOne, CrowdStrike, ESET, Palo Alto Networks, and SonicWall, to name a few) flagging the VOIP client as malicious, 3CX simply responded by telling customers to add exclusions to allow it to continue to run, and to follow-up with their EDR vendor to resolve the problem. - [link]
- Hackers compromise 3CX desktop app in a supply chain attack - [link]
- Remarks on “Chat Control” - This failure is important because it illustrates the limits of our capabilities: at present we do not have an efficient means for evaluating complex neural networks in a manner that allows us to keep them secret. - [link]
- Talking about risk with thresholds - [link]
- Practical Introduction to BLE GATT Reverse Engineering: Hacking the Domyos EL500 - [link]
- Big Tech’s big downgrade - All of these miserable online experiences are symptoms of an insidious underlying disease: In Silicon Valley, the user’s experience has become subordinate to the company’s stock price. - [link]
- New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices - [link]
- Spyware vendors use 0-days and n-days against popular platforms - In this blog, we’re sharing details about two distinct campaigns we’ve recently discovered which used various 0-day exploits against Android, iOS and Chrome and were both limited and highly targeted. I‘m curious to know whether apple‘s lockdown mode fully protects from this infection routine - [link]
Outdoor
N/A