SECURITY NEWS
CISA says log4shell was the most-exploited vulnerability in 2021. More
Homeland Security's first bug bounty found 122 vulnerabilities, 27 of which were rated critical. Over 450 researchers participated and were paid a total of $125,600. I feel like they should have paid 10x that. More
North Korea is targeting journalists with a sophisticated piece of malware called Goldbackdoor. The malware is being used to steal information about journalists' sources. More
|
|
|
Sponsor
Cisco Secure’s J. Wolfgang Goerlich: Rebuilding Trust in Security Tools
Why is SIEM an area of unease for so many security officers? To make detection and response successful, we need tools capable of upscaling the practitioners as well as equipping them to be successful. We need tools we can rely on.
In this episode of Detection at Scale, we had an inspiring conversation with J Wolfgang Goerlich, Advisory CISO at Cisco Secure. We discussed how trust is a determinant factor in building the security tools of the future, why so many CISOs lost trust in SIEMs and what we can do to rebuild it. |
|
|
A German wind turbine company says some of its IT systems were disabled during a cyberattack on April 11th. They say no turbines suffered any damage. The Wall Street Journal says it was ransomware, and that it caused the company to lose control of over 2,000 of their turbines before they were able to restore their systems. More
Cloudflare stopped a 15 million request per second DD0S attack against a Cloudflare customer who runs a crypto launchpad. More
Vulnerabilities:
- Microsoft issued 128 patches for 145 CVEs this month, 10 of which are critical. More
- Windows Common Log File System Driver | Critical | Currently Exploited in Wild More
- Cisco | Multiple Product Updates | Control of System More
- Chrome and Edge | Critical Patches More
Companies:
- Synopsys purchases WhiteHat Security for $330 million More
- Tenable purchases Bit Discovery for $44.5 million | Attack Surface Management | More
- The Cybersecurity M&A Roundup for April 2022 More
TECHNOLOGY NEWS
Elon Musk has successfully purchased Twitter for $54.20 a share. I'm optimistic about it, actually. More | My Thoughts
Meta's Metaverse group lost $3 billion last quarter, but it brought in $695 million, which was higher than expected. More
Snapchat released a flying selfie drone. It's called Pixy, and it's basically the drone version of a selfie stick. I won't be buying one, but I'm happy to see Snapchat still in the fray. More
HUMAN NEWS
A new report says 90% of nurses are thinking about getting out of the profession within the next year. More
The US economy shrunk by 1.4% in the first quarter of 2022. This is after it grew 5.5% in 2021 and 6.9% in the previous quarter. More
CONTENT, IDEAS & ANALYSIS
Why I'm Not Worried About Elon Musk Buying Twitter — A short piece explaining why I am optimistic about Elon's purchase of Twitter. More
Automation vs. Good Jobs — Wired just did a piece showing how only 8% of German manufacturing workers left their jobs (voluntarily or involuntarily) while the American number was 34%. The piece goes on to mention how Germany has just as much automation, but they have more benefits for workers, more protections, and they overall just make it easier and nicer to stay on as a worker in manufacturing. I do think this is just prolonging the inevitable, but I like how Germany is doing it in a more humane way. More
A Twitter Feature Idea — I have an idea for a Twitter feature. Imagine that Twitter can look at what you post, what you like, what you bookmark, who you follow, and what you retweet. Now imagine that each of those things are classified in some way, like 37% liberal, or 81% intellectual. Or whatever. Now imagine that a primary option inside your profile is your CER, your Content Exposure Ratio. So you get to pick between Ideas You'll Definitely Like, Stuff You'll Definitely Disagree With, and Stuff That Will Challenge You. So it's not picking actual people or accounts; it's letting Twitter pick them based on some open-sourced (or otherwise trusted) classification system that's done on all content. So it knows what's left or right, and what's relatively neutral, and it can steer people in different directions based on their preferences. And it wouldn't be just political spectrum that it could be rating, but tons of attributes. Sentiment, curiosity, science focus, art focus, music, whatever. So basically tagged content, but with strengths associated. And obviously they wouldn't skew what you see without permission, but would be able to if you asked. So basically, "Show me more art-based stuff, and more stuff in the center that will challenge my opinions." And if that person is super right, or super left, it'll show them some centrists who are widely read and respected that might help change their opinions. The tech itself would be challenging, but the hard part is probably finding people who want their opinions challenged.
NOTES
I'm working on a cyber incident database that has the incident date, what happened, source and target country, threat actor (if known), type of target, and the type of attack it was. It uses a really cool database by CSIS as the root, and then adds tons of the fields above to it. I intend to have it be crowdsourced by vetted people, plus a regular export that's available on Github. Let me know if you're interested in participating. More | More
DISCOVERY
🔥 103 Bits of Advice I Wish I Had Known More
Prioritization as a Superpower More
What is Lab126, Amazon's secret research facility? More
How I put my whole life into a single database. More
"90% of the software engineering being done today is integrating poorly documented API A with poorly documented API B." More
Maslow never proposed a pyramid. More
Cool things people do with their blogs. More
[ APT ] LAPSUS$ Recent TTPs More | by NCC
[ Cloud Security ] CloudGoat — Rhino Security's AWS pentesting training tool now has a Lambda scenario. More
RECOMMENDATION
Kevin Kelly just turned 70, and he published 103 wonderful pieces of advice. I'm listing my favorite 10 for the recommendation for the week.
- About 99% of the time, the right time is right now.
- Don't ever work for someone you don't want to become.
- Cultivate 12 people who love you, because they are worth more than 12 million people who like you.
- Whenever there is an argument between two sides, find the third side.
- When you lead, your real job is to create more leaders, not more followers.
- Ask funders for money, and they’ll give you advice; but ask for advice and they’ll give you money.
- There is no such thing as being “on time.” You are either late or you are early. Your choice.
- Your best job will be one that you were unqualified for because it stretches you. In fact only apply to jobs you are unqualified for.
- Dont bother fighting the old; just build the new.
- The chief prevention against getting old is to remain astonished.
Really, read the whole list.
APHORISM
“Life consists of what you think of all day."
— Ralph Waldo Emerson
|
|
|
|
