Post

Infosec Reading List - March 2023

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

Desktop View


Desktop View


Desktop View


InfoSec

  • The Defender’s Guide to the 3CX Supply Chain Attack - Unfortunately, despite receiving dozens of reports from users of multiple EDR products (SentinelOne, CrowdStrike, ESET, Palo Alto Networks, and SonicWall, to name a few) flagging the VOIP client as malicious, 3CX simply responded by telling customers to add exclusions to allow it to continue to run, and to follow-up with their EDR vendor to resolve the problem. - [link]
  • Hackers compromise 3CX desktop app in a supply chain attack - [link]
  • Remarks on “Chat Control” - This failure is important because it illustrates the limits of our capabilities: at present we do not have an efficient means for evaluating complex neural networks in a manner that allows us to keep them secret. - [link]
  • Talking about risk with thresholds - [link]
  • Practical Introduction to BLE GATT Reverse Engineering: Hacking the Domyos EL500 - [link]
  • Big Tech’s big downgrade - All of these miserable online experiences are symptoms of an insidious underlying disease: In Silicon Valley, the user’s experience has become subordinate to the company’s stock price. - [link]
  • New Wi-Fi Protocol Security Flaw Affecting Linux, Android and iOS Devices - [link]
  • Spyware vendors use 0-days and n-days against popular platforms - In this blog, we’re sharing details about two distinct campaigns we’ve recently discovered which used various 0-day exploits against Android, iOS and Chrome and were both limited and highly targeted. I‘m curious to know whether apple‘s lockdown mode fully protects from this infection routine - [link]

Outdoor

N/A

This post is licensed under CC BY 4.0 by the author.