Post

Infosec Reading List - February 2025

Posted
Preview Image
By Dominik Birk
2 min read

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

InfoSec

  • Unique 0-click deanonymization attack targeting Signal, Discord and hundreds of platform - [link]
  • LinkedIn accused of using private messages to train AI - It alleges that in August last year, the world’s largest professional social networking website “quietly” introduced a privacy setting, automatically opting users in to a programme that allowed third parties to use their personal data to train AI. - [link]
  • The New Face of Ransomware: Key Players and Emerging Tactics of 2024 - [link]
  • How A Large-Scale Russian Botnet Operation Stays Under the Radar - [link]
  • Meta AI in panic mode as free open-source DeepSeek gains traction and outperforms for far less - DeepSeek is a wake-up call for the AI industry. The success of an open-source model built on a shoestring budget raises questions about whether tech giants are overcomplicating their strategies. By lowering costs and offering a permissive license, DeepSeek has opened doors for developers who previously couldn’t afford to work with high-performing AI tools. - [link]
  • WhatsApp says journalists and civil society members were targets of Israeli spyware - [link]
  • Let’s talk about AI and end-to-end encryption - But these projects were also relatively simple. By this I mean: all of the data encrypted in these projects shared a common feature, which is that none of it needed to be processed by a server. - thats one of the most important aspects of server side processing that is often overlooked, although very simple: do you want to simply store data on a server or do you want to process it - it has core implications for security - Since most phones currently don’t have the compute to run very powerful models, and since models keep getting better and in some cases more proprietary, it is likely that much of this processing (and the data you need processed) will have to be offloaded to remote servers. - makes sense, but could end up in a privacy nightmare. The article touches on the discussion: Who is the AI actually working for? Very interesting - [link]
  • Apple Ordered by UK to Create Global iCloud Encryption Backdoor - … and requires that Apple creates a back door that allows UK security officials unencumbered access to encrypted user data worldwide – an unprecedented demand not before seen in any other democratic country. - [link]
  • Attackers hide malicious code in Hugging Face AI model Pickle files - [link]
  • The CISO’s Mindset for 2025: Outcomes, Automation, and Leadership - [link]

Outdoor

N/A

infosec readinglist
This post is licensed under CC BY 4.0 by the author.