What We're Reading, Week of 2024-10-14

In an effort to share not just what we’re observing on the net but what we’re reading and listening to elsewhere, the below links are provided as an abbreviated digest of media being passed around within our team as well as what we’re seeing in the security community at large. Quotes from the source will be in quotation marks; any commentary from me will be in italics.

Podcasts:

Security Conversations – Ep13 The Consolation of Threat Intel – This is a broadcast of Juan Andres Guerrero-Saade’s keynote at LABScon themed around meaning and disenfranchisment in the Threat Intel space. If you want to understand practitioners better, it’s very worth your time.

Brutecast – Artificial Intelligence with Dr. Jack Long – The USMC Brute Krulak Center at the Marine Corps University is a great and thoughtful podcast in general, and this discussion on what AI is and isn’t along with a brilliantly informed defense-centric take is an excellent listen.

Articles:

PC Magazine – Chinese Researchers Reportedly Crack Encryption With Quantum Computer – I’m setting the likelihood of this being legitimate at about zero. Also, here’s a much smarter take from Google’s cryptography lead, Sophie Schmieg.

Semafor – Microsoft Azure CTO: US data centers will soon hit size limits

ArsTechnica – Google calls for halting use of WHOIS for TLS domain verifications

Cloudflare – Unraveling SloppyLemming’s operations across South Asia – Great work by Cloudflare’s Cloudforce One utilizing their visibility to track and disrupt threat actors using Cloudflare’s services (among others).

Microsoft – Protecting Democratic Institutions from Cyber Threats – also, here’s the Department of Justice announcement.

ThreatFabric – Octo2: European Banks Already Under Attack by New Malware Variant – also Infoblox Threat Intel followed up on this with some good Domain Generation Algorithm work on Mastodon, and I’m a sucker for a good DGA hunt. DomainTools dug a little deeper here.

GreyNoise Labs – Whatchu looking for (starring SolarWinds Serv-U CVE-2024-28995) – Excellent writeup analyzing datasets from attempted exploitation of a SolarWinds CVE.

DomainTools – A Website Attacked – DT threat actor research finds what looks a LOT like SocGholish serving fake browser updates via an apartment website, and then pivots to find much more.

HackerNews – Google Chrome switches to ML-KEM for post-quantum cryptography defense 

SecurityWeek – Sophistication of AI-Backed Operation Targeting Senator Points to Future of Deepfake Schemes – Just in time for Spooky Season, an in-depth reminder that on video no one may be who they seem.

APNIC – RPKI: Deployed is better than perfect – BGP in general is becoming a constant hot topic among regulators and government actors, and RPKI is receiving more attention in particular. BlackHat 2024 also included a good briefing on vulnerabilities in RPKI validation.

Washington Post – Russia-paid influencers, trolls step up efforts to influence U.S. election – Some good work by Microsoft highlighted here, and discussion of traffic moving to a raft of new websites promoting fake news stories.

Dragos – Dragos Acquires Network Perception – Always nice to see our friends at Dragos making big moves!

Reports:

FBI – FBI Releases 2023 Cryptocurrency Fraud Report – here’s a direct PDF link – Always worth reading to understand both the threat environment and the overall impact: “In 2023, the Federal Bureau of Investigation (FBI) Internet Crime Complaint Center (IC3) received more than 69,000 complaints from the public regarding financial fraud involving the use of cryptocurrency, such as bitcoin, ether, or tether. Estimated losses with a nexus to cryptocurrency totaled more than $5.6 billion. While the number of cryptocurrency-related complaints represents only about 10 percent of the total number of financial fraud complaints, the losses associated with these complaints account for almost 50 percent of the total losses.”

Research papers:

CAIDA – Exploring the Limits of Differential Privacy