The hottest Cybersecurity Substack posts right now

And their main takeaways
Category
Top Technology Topics

Microsoft Sentinel SOC 101: How to Detect and Mitigate Quishing Attacks with Microsoft Sentinel

Rod’s Blog 79 implied HN points 05 Oct 23
🕹 Technology Cybersecurity
  1. QR codes can be used maliciously, so it's important to generate them safely using reputable, secure QR code generators and consider adding password protection for private information.
  2. A quishing attack combines QR codes and phishing to trick victims into sharing sensitive data on fraudulent websites, often bypassing traditional security measures.
  3. Using Microsoft Defender for Office 365 along with Microsoft Sentinel can help detect and mitigate quishing attacks by configuring anti-phishing policies and connecting data for a comprehensive view of potential threats.

Threats Without Borders - Issue 168

Threats Without Borders 39 implied HN points 06 Feb 24
🕹 Technology Cybersecurity
  1. The New York State Attorney General is taking legal action against Citibank regarding fraud and cybersecurity issues.
  2. Financial institutions might be required to reimburse customers for funds lost to electronic fraud under the Electronic Funds Transfer Act.
  3. There are concerns about the use of deepfake technology in cybercrime, highlighting the importance of security controls and validation procedures.

Microsoft Sentinel SOC 101: How to Detect and Mitigate Supply Chain Attacks with Microsoft Sentinel

Rod’s Blog 79 implied HN points 25 Sep 23
🕹 Technology Cybersecurity
  1. Supply chain attacks target vulnerabilities within the chain, aiming to compromise products or services before reaching end-users. They pose a significant threat due to their indirect nature, multi-stage process, and high impact potential.
  2. Kusto Query Language (KQL) in Microsoft Sentinel is essential for detecting anomalies or patterns linked to supply chain attacks. By using KQL queries, organizations can identify unusual activities and potential threats.
  3. Microsoft Sentinel's integration with various tools and automated response capabilities, such as Playbooks, enables swift detection, investigation, and mitigation of supply chain threats. Leveraging these features enhances security measures.

Must Learn AI Security Part 10: Backdoor Attacks Against AI

Rod’s Blog 79 implied HN points 08 Sep 23
🕹 Technology Cybersecurity
  1. A backdoor attack against AI involves maliciously manipulating an artificial intelligence system to compromise its decision-making process by embedding hidden triggers.
  2. Different types of backdoor attacks include Trojan attacks, clean-label attacks, poisoning attacks, model inversion attacks, and membership inference attacks, each posing unique challenges for AI security.
  3. Backdoor attacks against AI can lead to compromised security, misleading outputs, loss of trust, privacy breaches, legal consequences, financial losses, highlighting the importance of securing AI systems with strategies like vetting training data, robust architecture, and continuous monitoring.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

How to become a Self-Driving Car Engineer in 2023

What's AI Newsletter by Louis-François Bouchard 78 implied HN points 11 Apr 23
🕹 Technology Cybersecurity
  1. To become a self-driving car engineer, leverage AI and automation to streamline workflows and boost productivity.
  2. Becoming a self-driving car engineer involves diving into the industry, understanding LiDAR technology, and debunking myths.
  3. Developing self-driving cars raises ethical concerns regarding safety, liability, data privacy, and accessibility, requiring collaboration across various stakeholders.

Mobile cybersecurity advice

Cybersect 78 implied HN points 29 Jun 23
🕹 Technology Cybersecurity
  1. Non-tech journalists may misinterpret tech advice by assuming premises and seeking confirmation rather than prompting for refutation.
  2. Cybersecurity is about tradeoffs, not following simple hygiene guides, but updating critical software and avoiding password reuse.
  3. Monitoring and controlling location tracking on apps is crucial, along with considering the minimal impact of power cycling on security against attacks.

Harness AI

Deploy Securely 78 implied HN points 28 Jul 23
🕹 Technology Cybersecurity
  1. StackAware has pivoted to AI risk management.
  2. Deploy Securely is now the official blog of StackAware.
  3. A new email course highlighting StackAware's revised value proposition has been launched.

Deconstructing the National Cybersecurity Strategy

Deploy Securely 78 implied HN points 03 Mar 23
🕹 Technology Cybersecurity
  1. The National Cybersecurity Strategy emphasizes the need for businesses to adapt their cybersecurity strategies accordingly.
  2. The strategy addresses the importance of defending critical infrastructure and the need to streamline cybersecurity regulations.
  3. Business leaders should be aware of potential regulatory changes impacting software security and consider the implications of a national cyber insurance backstop.

Bluetooth To The Rescue! NHTSA Does About Face On Massachusetts Telematics Access Law

Fight to Repair 78 implied HN points 24 Aug 23
🕹 Technology Cybersecurity
  1. NHTSA reversed its opposition to Massachusetts' expanded vehicle right to repair law, allowing for access to telematics data for repairs.
  2. NHTSA proposed a compromise for vehicle telematics access using Bluetooth connections to reduce cybersecurity risks.
  3. Auto Care Association does not support the Bluetooth solution, stating it doesn't create a fair playing field as expected by voters.

US Disrupted Volt Typhoon by Hijacking, Wiping Botnet Routers

Metacurity 39 implied HN points 01 Feb 24
🕹 Technology Cybersecurity
  1. The US government disrupted a dangerous Chinese hacking operation known as Volt Typhoon by taking over and wiping infected routers.
  2. Senior officials expressed concern over Beijing's attempts to infiltrate US networks for potential cyberattacks on critical infrastructure.
  3. The operation was part of efforts to prevent future cyberattacks, particularly around potential conflicts like the one involving Taiwan.

The Impact of Social Media on Cybersecurity

Rod’s Blog 39 implied HN points 27 Jan 24
🕹 Technology Cybersecurity
  1. Social media is a significant source of cyber threats, as cybercriminals use it to steal personal information, spread malware, and launch phishing attacks.
  2. Social media platforms are vulnerable to cybercrime due to the vast user base they have, making them attractive targets for cybercriminals.
  3. To stay safe on social media, it's important to be cautious about what you share, use strong passwords, be wary of suspicious links, keep software updated, and utilize two-factor authentication.

The KQL Mysteries: Prologue

Rod’s Blog 59 implied HN points 20 Nov 23
🕹 Technology Cybersecurity
  1. Jon Block, a top-tier security analyst, used KQL - Kusto Query Language, to tackle cyber threats. This powerful query language helped him root out elusive cyber threats and protect digital landscapes.
  2. Jon's journey into cybersecurity began with self-taught programming and a determined spirit after being a victim of a cyber attack. His dedication led him to become a renowned cybersecurity professional using KQL.
  3. KQL's elegance and power allowed Jon to shine in the cybersecurity realm, offering protection to clients from all levels of society. His mastery of KQL made him a formidable force against cybercriminals.

There's Another Kind of Virus Out There That Can Ruin Your Life.

OK Doomer 111 implied HN points 16 Dec 24
🕹 Technology Cybersecurity
  1. Data protection often feels like it's entirely your responsibility. You have to keep track of passwords and pay for security services to avoid getting hacked.
  2. Hackers can clone websites and impersonate real companies, making it hard to tell what's safe online. This has become a serious issue that many people don’t realize.
  3. There's a frustrating trend where the emphasis is on personal responsibility for cybersecurity, instead of holding companies and platforms accountable for our safety.

Cloud Compliance - At the Speed of Government

Resilient Cyber 119 implied HN points 05 Jun 23
🕹 Technology Cybersecurity
  1. Federal cloud compliance processes take a long time, as seen with FedRAMP taking almost three years to update its security baselines to align with NIST 800-53 revisions.
  2. Cloud service providers have a very short timeframe to adapt to these updates, which creates a confusing double standard where industry has to move faster than the government.
  3. While there's a growing focus on securing the software supply chain, cloud service providers were unregulated in this area for years, despite their crucial role in cybersecurity.

The Sequence Opinion #557: Millions of GPUs, Zero Understanding: The Cost of AI Interpretability

TheSequence 49 implied HN points 05 Jun 25
🕹 Technology Cybersecurity
  1. AI models are becoming super powerful, but we don't fully understand how they work. Their complexity makes it hard to see how they make decisions.
  2. There are new methods being explored to make these AI systems more understandable, including using other AI to explain them. This is a fresh approach to tackle AI interpretability.
  3. The debate continues about whether investing a lot of resources into understanding AI is worth it compared to other safety measures. We need to think carefully about what we risk if we don't understand these machines better.

We Need To Talk About AI Porn

Beyond the Screen 12 implied HN points 29 Oct 25
🕹 Technology Cybersecurity
  1. Nudify apps can take any photo and create fake nude images, which is a huge worry, especially for children. Parents need to be aware of these technologies to protect their kids.
  2. There's been a big rise in deepfake pornography involving minors, making it essential for schools and communities to have plans to address this issue effectively.
  3. It's important to teach kids and teens about online privacy and the consequences of sharing images. Having open conversations helps them understand risks and fosters responsible online behavior.

Software Transparency

Resilient Cyber 119 implied HN points 30 May 23
🕹 Technology Cybersecurity
  1. Software supply chain attacks are increasing rapidly, with a reported rise of 742% in the last three years. This highlights the need for better security measures in software development.
  2. The book discusses various strategies for managing supply chain risks. It covers topics like vulnerability databases, software bills of materials (SBOM), and practical guidance for both suppliers and consumers.
  3. There is a growing push for software transparency to address systemic risks. This involves collaboration between development, security, and operations, as well as understanding regulations and emerging best practices.

2023 National Cybersecurity Strategy

Resilient Cyber 159 implied HN points 02 Mar 23
🇺🇸 U.S. Politics Cybersecurity
  1. The 2023 National Cybersecurity Strategy emphasizes the need for everyone in society to work together to improve cybersecurity. This means technology companies, governments, and individuals all have roles to play.
  2. Critical infrastructure, like power and communication systems, needs stronger protections from cyber threats. The strategy calls for businesses to take responsibility for securing these systems.
  3. The strategy also aims to change market forces to incentivize companies to prioritize cybersecurity in their products. This could lead to safer technology and fewer cyber risks for everyone.

BIWEEKLY BRIEFLY NOTED: For 2024-12-05 Th

Brad DeLong's Grasping Reality 107 implied HN points 05 Dec 24
🕹 Technology Cybersecurity
  1. Intel has faced a lot of trouble due to poor decisions made years ago. The issues they are now trying to fix are rooted in choices that stretch back more than a decade.
  2. Spending on AI is growing, but it's still far below what many companies expected. Big tech firms are investing heavily in AI to protect themselves from competition, even though they don't see immediate profits.
  3. China is now the main driver of global warming, and other countries have significantly cut their CO2 emissions. Tackling climate change is increasingly seen as a challenge that China needs to address.

The EU Cyber Resilience Act: Manufacturer Perspective

burkhardstubert 59 implied HN points 06 Nov 23
🕹 Technology Cybersecurity
  1. The EU Cyber Resilience Act aims to improve the security of products with digital elements against cyber attacks. This is because many such products are currently vulnerable and offer little protection.
  2. Manufacturers are responsible for ensuring their products remain secure throughout their lifecycle. They must fix vulnerabilities quickly and provide clear information about any risks.
  3. There are strict penalties for manufacturers who do not comply with the Act, with fines that can be very high. Companies need to start improving their security practices to avoid these penalties.

Thư ngỏ gửi Thủ tướng Phạm Minh Chính về việc thay đổi tư duy làm app chống dịch

Thái | Hacker | Kỹ sư tin tặc 399 implied HN points 05 Oct 21
🕹 Technology Cybersecurity
  1. The electronic health record system in Vietnam has serious security vulnerabilities, potentially exposing sensitive personal information of millions of individuals, including high-profile government officials.
  2. It is crucial for the government to address these vulnerabilities promptly by working with developers to fix the flaws and involve independent assessment.
  3. The long-term recommendation is to make national technology systems transparent by publicly sharing source code, design documents, and development plans to allow for widespread scrutiny and error detection.

The Illusion of Security and Safety

Resilient Cyber 119 implied HN points 11 May 23
🕹 Technology Cybersecurity
  1. Our physical security measures are often weaker than we think. For instance, common locks can be picked easily, which shows that our sense of security might be just an illusion.
  2. Safety relies on societal agreements, not just on laws or security measures. People generally choose to respect each other's property, which is why we don't face crime constantly.
  3. Our cybersecurity is similarly vulnerable. Current defenses work against normal cyber crime, but if serious attacks from nation-states happen, our systems may not hold up at all.

When the Houthis Found “the Cloud"

Interconnected 231 implied HN points 13 Mar 24
🌍 World Politics Cybersecurity
  1. The Houthis damaged four undersea cables in the Red Sea, disrupting 25% of data traffic in that area, showing the vulnerability of global data connectivity.
  2. More than 20 countries are involved in the ownership and operation of these damaged undersea cables, highlighting the geopolitical implications of such incidents.
  3. A Hong Kong company, HGC Global Communications, played a central role in addressing the cable damages, emphasizing the fragility of the global data network despite its powerful infrastructure.

Let's "Unfriend" Facebook

Diane Francis 619 implied HN points 22 Feb 21
🕹 Technology Cybersecurity
  1. Facebook's response to Australia's push for media regulation shows their arrogant power. They blocked important information and media, which raises questions about their respect for democracy.
  2. The company's early financial backing from Russian investors highlights concerns about privacy and user data exploitation. This money helped transform Facebook into a tool for propagating various ideologies.
  3. Facebook's history of blocking content and censoring users, especially in oppressive regimes, indicates a troubling disregard for free speech. The company often reacts slowly to criticism and legal issues, making it seem like they prioritize profit over ethics.

How to Fake Decryption

Nonsense on Stilts 1 HN point 04 Sep 24
🕹 Technology Cybersecurity
  1. You can create a fake key and a fake message to trick someone into thinking they decrypted a message. This lets you mislead anyone watching your communication.
  2. It's important to plan what the fake message will be before sending the real one, so both parties know what to expect if asked.
  3. This technique could be used for serious purposes, like hiding important communications, or just for fun in games and stories.

Sign Here on the Dotted Line

Resilient Cyber 119 implied HN points 01 May 23
🕹 Technology Cybersecurity
  1. The Federal government is focusing on secure software development, requiring software suppliers to prove they follow certain security practices. This means companies must show they are making software safely before selling it to federal agencies.
  2. Software developers must also consider how they use open-source software, as they need to show they manage risks associated with those components. This makes them responsible for any issues that might arise from using other people's code.
  3. Additionally, there is a process where companies can report if they can't meet all the secure practices. This allows them to explain any gaps in compliance and outline their plans to fix them later.

What is Hard Tech?

Nathan’s Substack 39 implied HN points 03 Jan 24
🕹 Technology Cybersecurity
  1. Hardware companies are seeing a resurgence in interest due to their sticky products with deep moats against competition.
  2. Investors and founders in hard tech should understand that there is market risk along with technical risk.
  3. Hard tech companies face longer go-to-market cycles but enjoy stickier product market fit, with the ability to focus on growing margins through economies of scale.

Must Learn AI Security Compendium 12: Red Teaming Strategies for Safeguarding Large Language Models and Their Applications

Rod’s Blog 59 implied HN points 17 Oct 23
🕹 Technology Cybersecurity
  1. Red teaming is crucial for identifying vulnerabilities and strengthening the defenses of AI systems like large language models.
  2. Large language models, while powerful, are not immune to vulnerabilities such as manipulation by malicious actors or amplification of biases.
  3. Effective red teaming involves systematic approaches like threat modeling and penetration testing, and collaboration between red and blue teams is key for a comprehensive defense strategy in AI security.

Microsoft Sentinel SOC 101: How to Detect and Mitigate Botnet Attacks with Microsoft Sentinel

Rod’s Blog 59 implied HN points 16 Oct 23
🕹 Technology Cybersecurity
  1. Botnet attacks can be detrimental to network security by causing massive disruptions through DDoS attacks, data theft, and malware distribution.
  2. Microsoft Sentinel provides advanced AI and machine learning capabilities to detect and mitigate botnet attacks effectively, offering features like threat intelligence integration and automated incident response.
  3. Organizations can enhance botnet detection with Microsoft Sentinel by setting up custom alerts, regularly updating systems, implementing strong access controls, and collaborating with security teams for threat intelligence sharing.

Must Learn AI Security Compendium 8: The CISO Guide to Generative AI Security

Rod’s Blog 59 implied HN points 10 Oct 23
🕹 Technology Cybersecurity
  1. Generative AI tools like ChatGPT and Midjourney have revolutionized content creation but also pose significant security risks. Cybercriminals are increasingly using generative AI for sophisticated attacks, requiring CISOs to understand and address these threats.
  2. Generative AI attacks target email systems, social media, and other platforms to exploit human vulnerabilities. CISOs must prioritize user education, deploy advanced email security solutions, and secure vulnerable platforms to counter these attacks.
  3. To mitigate generative AI risks, CISOs should develop an AI security strategy, implement user awareness programs, enhance email security, leverage advanced threat intelligence, use MFA, update systems regularly, employ AI-powered security solutions, foster a security culture, collaborate with peers, and continuously assess and adapt security measures.

20251231 A yearly review

Curious futures (KGhosh) 4 implied HN points 31 Dec 25
🕹 Technology Cybersecurity
  1. AI is shifting from a tool into a thinking partner that changes how we create, work, and decide; we must keep human skills alive and build ethics, transparency, and rules so people stay in control.
  2. Environmental risk has moved from awareness to crisis — thawing carbon stores, water shortages, and strained infrastructure are happening now — so bold policy and practical tech choices (like geothermal and local resilience) are needed immediately.
  3. Trust and social cohesion are eroding as privacy risks, misinformation, economic insecurity, and political polarization spread, so rebuilding trust through transparency, fair access, and stronger community and cultural support is essential.