Infosec Reading List - February 2023
On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.
Quotes from the Twitterverse
InfoSec
- Your Strategy Needs a Story - “Our work is grounded in science, but the scientific facts and arguments alone are never enough to persuade anyone to act,” says Calvelli. - Story can be defined as a narrative that is designed to engage. In other words, a story is not just about what is communicated, but also how it impacts its audience. - [link]
- Hacking into Toyota’s global supplier management network - “It is interesting because it appears to be generating a JWT based on a provided email. No password required.” - [link]
- LastPass says employee’s home computer was hacked and corporate vault taken - LastPass on Monday said that the same attacker hacked an employee’s home computer and obtained a decrypted vault available to only a handful of company developers. - mixing private and corporate working environments brings along specific risks that need to be managed carefully - [link]
- LastPass breach update: The few additional bits of information - [link]
- Lastpass - Incident 2 – Additional details of the attack - [link]
- The Key to Sustainable Productivity - But most important is recognizing that in order to become more productive, you have to worry less about feeling productive and more about creating systems that allow you to get more done—without herculean effort. - [link]
- 31 CISOs share their security priorities and predictions for 2023 - When looking at 2023, my priorities are not necessarily focused on the newest trends of the day, but continuing to get cybersecurity fundamentals right. We must execute the basics with brilliance because threat actors commonly use these weaknesses to enter, navigate and compromise environments. - I can’t agree more - I see in the industry too much hypes, too little focus on the basics that we actually need to execute with “brilliance” - [link]
- Bitwarden design flaw: Server side iterations - The default protection level of LastPass and Bitwarden is identical. This means that you need a strong master password. - [link]
Outdoor
N/A
This post is licensed under CC BY 4.0 by the author.