Infosec Reading List - January 2021

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

---

---

---

---

InfoSec

• Nintendo Conducted Invasive Surveillance Operation Against Homebrew Hacker - [link]
• SAD DNS Explained - [link]
• Ubiquiti says customer data may have been accessed in data breach - I still struggle to understand why we need online, cloud-based accounts for local WIFI hardware – do we really need to put everything on the Internet simply because we can? - [link]
• My current setup with ArchLinuxARM/DanctNIX mobile - [link]
• Dozens of journalists’ iPhones hacked with NSO ‘zero-click’ spyware, says Citizen Lab - “… that exploited a now-fixed vulnerability in Apple’s iMessage. The attack invisibly compromised the devices without having to trick the victims into opening a malicious link.” - [link]
• Default Credentials Cheat Sheet - [link]
• Security Leadership: Moving On - “In Security and leadership roles in general, there will always be more work to be done. It’s not a sprint, or a marathon, or a 100-mile endurance race.” - [link]
• New campaign targeting security researchers - [link] - [link]
• Most Tools Failed to Detect the SolarWinds Malware. Those That Did Failed Too - there is a lot of truth in this article and I’m sure that the security industry sales machinery won’t like it but we need to get over it to do better next time – “APTs, as they are known in the trade, are all over the marketing campaigns of every major cybersecurity vendor. And yet, apparently, the actors behind the SolarWinds hack easily evaded them all.” – “What finally led to the discovery of the intruder at FireEye was not any detection system but some good old fashioned detective work by a system administrator who investigated a failed attempt to add a device for multifactor authentication.” - [link]