Post

Infosec Reading List - June 2023

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

Desktop View


Desktop View


Desktop View


Desktop View


Desktop View


InfoSec

  • File Archiver In The Browser - advanced phishing with new .zip and .mov domains - [link]
  • ransomchats - Here you’ll find ransomware negotiations normalised as JSON files. - [link]
  • The Dragon Who Sold His Camaro: Analyzing Custom Router Implant - This blog post will delve into the intricate details of analyzing the “Horse Shell” router implant. We will share our insights into the implant’s functionality and compare it to other router implants associated with Chinese state-sponsored groups. - [link]
  • Millions of PC Motherboards Were Sold With a Firmware Backdoor - Whenever a computer with the affected Gigabyte motherboard restarts, Eclypsium found, code within the motherboard’s firmware invisibly initiates an updater program that runs on the computer and in turn downloads and executes another piece of software. - this scales interestingly in case Gigabytes update mechanism gets compromised - supply chain risk is calling - [link]
  • See this page fetch itself, byte by byte, over TLS - [link]
  • Operation Triangulation: iOS devices targeted with previously unknown malware - The target iOS device receives a message via the iMessage service, with an attachment containing an exploit. - iMessage again - [link]
  • AI-controlled US military drone ‘kills’ its operator in simulated test - In a virtual test staged by the US military, an air force drone controlled by AI decided to “kill” its operator to prevent it from interfering with its efforts to achieve its mission, an official said last month. - [link]
  • Privacy.sexy - Enforce privacy & security on Windows and macOS - [link]
  • NSO Group’s Pegasus Spyware Returns in 2022 with a Trio of iOS 15 and iOS 16 Zero-Click Exploit Chains - It is encouraging to see that Apple’s Lockdown Mode notified targets of in-the-wild attacks. While any one security measure is unlikely to blunt all targeted spyware attacks, and security is a multi-faceted problem, we believe this case highlights the value of enabling this feature for high-risk users that may be targeted because of who they are or what they do. - [link]
  • Why is it so rare to hear about Western cyber-attacks? - And compiling a list of APT hacking groups and pretending there are no Western ones is not a truthful depiction of reality, she says. - [link]
  • Every Company Should Have These Leaders—or Develop Them, if They Don’t - [link]
  • Snowden Ten Years Later - It’s a surreal experience, paging through hundreds of top-secret NSA documents. You’re peering into a forbidden world: strange, confusing, and fascinating all at the same time. - It’s amazing that one person could have had so much access with so little accountability, and could sneak all of this data out without raising any alarms. The odds are close to zero that Snowden is the first person to do this; he’s just the first person to make public that he did. - [link]
  • Pass The Salt 2023 Wrap-Up - [link]
  • Triangulation: Did “the NSA” fail to learn the lessons of NSO? - interesting analysis of the recent blames around compromised iphones by the NSA - I specifically like the discussion around data exfiltration and lockdown mode - Without further knowledge of the specific TRIANGULATION vulnerabilities, it is not fully clear whether or not Lockdown Mode (LDM) would have prevented these attacks (had they been targeted at devices running iOS 16, in which LDM was introduced). - nevertheless, lockdown mode decreases attack surface - [link]

Outdoor

  • What Survives in the Atacama Desert? - The Atacama is a figurative window into space, a metaphor for another planet, but it’s a literal window, too: The combination of its extreme dryness, relative emptiness and areas of high elevation give the Atacama the clearest, darkest night sky anyone can reliably find on earth. - [link]
  • The Pamir Trail: A New Central Asian Trekking Gem Is In the Works - [todo] list +1 - [link]
This post is licensed under CC BY 4.0 by the author.