Post

Infosec Reading List - August 2022

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

Desktop View


Desktop View


Desktop View


InfoSec

  • Crucial Questions from CEOs and Boards - [link]
  • You’re Never Too Good for the Basics - Infosec is probably one of the best example fields where this principle applies: „Everyone wants advanced knowledge. But it’s typically the basics that matter most.“ infosec is full of buzzwords that keep this industry alive, but I guess what most of us need is just „the basics“ and no „full spectrum quantum blockchain zero-trusted cyber“ - [link]
  • Open-Source Security: How Digital Infrastructure Is Built on a House of Cards - “But, open source’s ubiquity and the characteristics that make it valuable are also what make it a unique risk to digital infrastructure.” - “The issue is not the code: It is the lack of institutions securing the code.” - “About 30 percent of open-source projects, including some of the most popular ones, have only one maintainer.” - “Tax dollars fund public roads and bridges. Open source deserves the same support.” - [link]
  • Twitter confirms zero-day used to expose data of 5.4 million accounts - „This vulnerability allowed anyone to submit an email address or phone number, verify if it was associated with a Twitter account, and retrieve the associated account ID. The threat actor then used this ID to scrape the public information for the account.“ - [link]
  • 7 best reasons to be a CISO - [link]
  • Cisco Talos shares insights related to recent cyber attack on Cisco - „After obtaining the user’s credentials, the attacker attempted to bypass multifactor authentication (MFA) using a variety of techniques, including voice phishing (aka “vishing”) and MFA fatigue, the process of sending a high volume of push requests to the target’s mobile device until the user accepts, either accidentally or simply to attempt to silence the repeated push notifications they are receiving.“ - this is interesting and shows a need to configure MFA in such a way that ideally, these kind of attacks dont work: e.g. dont allow MFA messages to spam the user, raise an alert in case this is done etc. - [link]
  • Ridiculous vulnerability disclosure process with CrowdStrike Falcon Sensor - [link]

Outdoor

  • The Long Crossing of Norway’s Lofoten Islands - this goes to my [todo] list - [link]
This post is licensed under CC BY 4.0 by the author.