Infosec Reading List - May 2022

On a monthly basis I will publish my reading recommendations which mainly focus on Information Security (InfoSec) and Outdoor Sports. All InfoSec Reading Lists can be found here. Text in italic represent quotes from the original article.

Quotes from the Twitterverse

---

---

---

---

---

InfoSec

• Follina — a Microsoft Office code execution vulnerability - [link]
• PDF Malware Is Not Yet Dead - [link]
• Password policy guidance - [link]
• Google: Predator spyware infected Android devices using zero-days - [link]
• Researchers devise iPhone malware that runs even when device is turned off - “The findings have limited real-world value since infections required a jailbroken iPhone, which in itself is a difficult task, particularly in an adversarial setting.” - [link]
• NSA Swears It Won’t Allow Backdoors in New Encryption Standards - “There are no backdoors,” Rob Joyce, the NSA’s director of cybersecurity told the news outlet. - [link]
• American Phone-Tracking Firm Demo’d Surveillance Powers by Spying on CIA and NSA - “To prove that the technology worked, Clark pointed A6’s powers inward, spying on the National Security Agency and CIA, using their own cellphones against them.” – “In addition to location, A6 claimed that it has built a library of over 2 billion email addresses and other personal details that people share when signing up for smartphone apps that can be used to identify who the GPS ping belongs to.” - [link]
• Automated OS testing on physical laptops - [link]
• UNC3524: Eye Spy on Your Email - [link]
• Remote Code Execution via VirusTotal Platform - [link]
• Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code - [link]

Outdoor

• I Lived the #VanLife. It Wasn’t Pretty. - [link]