The hottest Cybersecurity Substack posts right now

And their main takeaways
Category
Top Technology Topics

Fearing the sheriff more than the bandits

Deploy Securely 157 implied HN points 21 Jul 23
🕹 Technology Cybersecurity
  1. The fear of repercussions from authorities like prosecutors and regulatory agencies is often greater than that from hackers.
  2. Cybersecurity professionals and their teams face severe consequences for non-compliance, even if the breach was not entirely their fault.
  3. A flawed liability regime and focus on performative compliance rather than actual security measures contribute to the prioritization of checking boxes over protecting data.

Zoom's AI misstep

Deploy Securely 157 implied HN points 08 Aug 23
🕹 Technology Cybersecurity
  1. Zoom updated its terms to allow training AI models earlier this year.
  2. Zoom clarified that it won't use audio, video, or chat content for AI training without opt-in.
  3. Be cautious about opting into Zoom's generative AI features to avoid your content becoming part of their AI models.

How to define risk appetite and tolerance

Deploy Securely 157 implied HN points 12 Jul 23
🕹 Technology Cybersecurity
  1. Risk appetite is the baseline level of cybersecurity risk an organization is willing to accept.
  2. Risk appetite should be defined in fungible units like dollars or engineer-hours, not security-specific terms.
  3. Risk tolerance is the speed at which an organization must address risk above the established appetite to avoid compliance issues.

Modernizing FedRAMP

Resilient Cyber 139 implied HN points 30 Oct 23
🕹 Technology Cybersecurity
  1. FedRAMP is being updated to make it easier for the government to use cloud services. The goal is to increase the number of authorized cloud providers and reduce the complicated process that currently exists.
  2. The memo emphasizes the use of automation and machine-readable formats to speed up compliance processes. This means that instead of relying on paper documents, they'll use technology to better manage security assessments.
  3. There's a push to allow more existing security certifications to count towards FedRAMP requirements. This could help smaller businesses enter the market and expand the options available for federal agencies.
Get a weekly roundup of the best Substack posts, by hacker news affinity:

How the Grinch Stole the 2024 Election

Daniel Pinchbeck’s Newsletter 11 implied HN points 24 Dec 25
🇺🇸 U.S. Politics Cybersecurity
  1. A technical theory argues election results could have been manipulated by creating fake "phantom" jurisdictions and using man‑in‑the‑middle techniques to inject and quietly redistribute fabricated votes, with odd raw data glitches offered as possible evidence.
  2. Experts and records show voting software and systems have been copied or breached and warned about, while voting vendors are concentrated under private ownership, which raises big systemic security concerns.
  3. Political tactics like DARVO — deny, attack, and reverse victim and offender — plus aggressive rhetoric were used to confuse the public and discredit scrutiny, making independent investigation and accountability much harder.

Will AI lead to more "managed" security services?

Frankly Speaking 101 implied HN points 29 May 25
🕹 Technology Cybersecurity
  1. AI is set to change the way security services operate by taking over repetitive tasks. This means teams can focus on more important work instead of getting bogged down by routine maintenance.
  2. With AI managing security tasks, new types of services will emerge that work better and require fewer people. This helps businesses save costs and improves consistency in security measures.
  3. Instead of fearing job loss, security professionals should see AI as a tool that helps them do their jobs better. AI can handle tedious tasks, allowing security teams to focus on critical areas like designing better security systems.

Edition 30: The SDLC is changing and so will AppSec (again)

Boring AppSec 69 implied HN points 22 Jul 25
🕹 Technology Cybersecurity
  1. Software development is changing with new tools, especially those powered by AI. This means that AppSec will also need to adapt to keep up with these changes.
  2. The way we manage software development and security must evolve, focusing on how to handle code prompts and automated reviews more effectively.
  3. As non-developers start writing more code using AI tools, we need to be careful because this code might be less secure. Therefore, engaging with all team members involved in code creation is important.

U.S. Cyber Trust Mark

Resilient Cyber 79 implied HN points 24 Jan 24
🕹 Technology Cybersecurity
  1. The U.S. Cyber Trust Mark is a new program that helps consumers identify smart devices that are safer from cyber attacks. It's like an energy efficiency label but for cybersecurity.
  2. This program helps manufacturers create standards that make devices both secure and easy to sell internationally. It aims to solve problems that come from different security rules across countries.
  3. Consumers need better information when buying tech products because many devices, especially IoT ones, can pose security risks. The labeling will educate consumers on the safety of their purchases.

Too Many Toads: Lost in Translation

Natto Thoughts 39 implied HN points 17 Apr 24
🌍 World Politics Cybersecurity
  1. Machine translations can lead to misunderstandings in cybersecurity investigations, such as referring to 'toads' instead of messaging services like Jabber. Dates are vital in understanding conversations and events, providing crucial context for analysis.
  2. Understanding cultural and linguistic nuances is key in interpreting original texts; for example, 'soap' in Russian slang can mean 'email.' Analyzing words like 'world' or 'peace' requires understanding of cultural and political contexts.
  3. Sharing original language texts and dates can uncover deeper insights in cybersecurity investigations, as seen in the case study of Conti ransomware group. Deep knowledge of language and culture is valuable for comprehensive analysis.

5 Cybersecurity Predictions for 2024

Frankly Speaking 203 implied HN points 27 Dec 24
🕹 Technology Cybersecurity
  1. In 2024, cybersecurity companies will focus more on creating platforms instead of using many separate tools. This means they can work faster and solve problems better.
  2. Cybersecurity is moving towards building its own solutions rather than just buying products. This change is necessary to keep up with the evolving threats.
  3. The use of AI in cybersecurity will become more effective. Companies will learn how to use AI to make their security processes better and faster.

SEC Targets SolarWinds' CISO for Rare Legal Action Over Russian Hack

Zero Day 855 implied HN points 28 Jun 23
💼 Business Cybersecurity
  1. The SEC has sent notices to SolarWinds' employees over potential legal action related to the Russian hack.
  2. Receiving Wells notices is rare, especially for a CISO, and can lead to penalties and restrictions on future roles.
  3. SEC is expanding its focus on cybersecurity breaches and companies may face consequences for misleading disclosures or failing to address vulnerabilities.

How Volexity Discovered the SolarWinds Hacking Campaign

Zero Day 916 implied HN points 17 May 23
🕹 Technology Cybersecurity
  1. Volexity discovered a sophisticated hacking group named Dark Halo inside a U.S. think tank's network during incident-response.
  2. The hackers used a backdoor in the organization's Microsoft Exchange server and bypassed the Duo multi-factor authentication system.
  3. Volexity suspected the hackers gained access to the network through a backdoor in the SolarWinds software, which was later confirmed by security firm Mandiant.

How to Know When Data Retention Values Have Changed for Microsoft Sentinel

Rod’s Blog 138 implied HN points 03 Aug 23
🕹 Technology Cybersecurity
  1. Customers can use a quick KQL query to track changes in Log Analytics workspace data retention values for Microsoft Sentinel.
  2. The provided KQL query can be utilized in various ways such as in a Workbook, a Hunting query, or as an Analytics Rule for notifications.
  3. For ongoing access to the latest version of the query and further discussion, references to the author's resources and accounts are provided.

Not all BOM's are Created Equal

Resilient Cyber 119 implied HN points 07 Nov 23
🕹 Technology Cybersecurity
  1. Not all software bills of materials (SBOMs) are the same, and they are important for software supply chain security. They help provide transparency about the components within software.
  2. The BOM Maturity Model can help evaluate how complete and useful a BOM is. It measures difficulty in obtaining data and assesses how well the BOM meets certain standards.
  3. As the industry works towards better SBOMs, tools and resources like the OWASP guides are crucial. They aim to improve understanding and detail in software management, similar to standards in food or pharmaceuticals.

Self-Awareness: One Key to Cybersecurity and Asset Protection

Rod’s Blog 59 implied HN points 22 Feb 24
🕹 Technology Cybersecurity
  1. Self-awareness is vital for cybersecurity and asset protection as it helps recognize and avoid cyber threats, follow best practices, report incidents, and communicate effectively.
  2. Developing self-awareness is a skill that can be improved over time with practice and intention through assessments, feedback, reflection, goal-setting, mindfulness, and seeking new challenges.
  3. Enhancing self-awareness not only strengthens protection against cyber risks but also fosters personal and professional growth, benefiting oneself and others.

Cybersecurity Workforce Woes

Resilient Cyber 1 HN point 16 Sep 24
🕹 Technology Cybersecurity
  1. The cybersecurity job market is confusing, with many positions unfilled while experienced professionals struggle to find jobs. This suggests a mismatch between job demands and qualifications.
  2. Budget cuts are affecting cybersecurity staffing and resources, causing many companies to hire only to replace existing employees rather than expand. This reflects a general slowdown in budget growth for security initiatives.
  3. There are challenges for new entrants trying to break into cybersecurity jobs due to high experience requirements and a lack of practical opportunities. Many educated candidates still find it hard to secure roles, leading to frustration.

The KQL Mysteries: Chapter 2

Rod’s Blog 99 implied HN points 04 Dec 23
🕹 Technology Cybersecurity
  1. Jon and Sofia used KQL queries to identify and isolate an infected computer in the finance department.
  2. The malware was discovered disguised as a legitimate application, hidden in the Recycle Bin to avoid detection.
  3. Jon and Sofia's discovery of the global financial breach hints at a larger, more sinister threat by a group known as Night Princess.

Securing your Software Supply Chain

Resilient Cyber 99 implied HN points 27 Nov 23
🕹 Technology Cybersecurity
  1. Software supply chain attacks are increasing, and it's important to be aware of them.
  2. Both proprietary and open source software play roles in security, so understanding their impacts is vital.
  3. There are best practices and resources available to help improve software supply chain security.

The KQL Mysteries: Chapter 1

Rod’s Blog 99 implied HN points 27 Nov 23
🕹 Technology Cybersecurity
  1. KQL's search operator is a powerful tool for finding potential threats in a company's data environment.
  2. Using specific queries like filtering by tables and applying operators like 'has' can help pinpoint suspicious activities in data.
  3. Collaborating with trusted teammates is crucial in verifying and responding to potential cybersecurity threats promptly.

Cybersecurity First Principles & Shouting Into the Void

Resilient Cyber 239 implied HN points 28 Apr 23
🕹 Technology Cybersecurity
  1. Cybersecurity issues won't fix themselves through friendly advice. The market often tolerates insecure products, leading to many security breaches that affect us all.
  2. Changing how we handle cybersecurity needs new rules. We must shift accountability and liability to make companies take security seriously and protect the data of their customers.
  3. Cybersecurity can be a key part of business success. If companies start prioritizing security due to regulations, it could help reduce risks and become a real advantage.

The xz-utils Backdoor Quick Hits

Detection at Scale 39 implied HN points 02 Apr 24
🕹 Technology Cybersecurity
  1. A security breach was discovered in xz-utils versions 5.6.0 and 5.6.1, allowing unauthorized remote access.
  2. Detection methods include monitoring cloud instances, correlating processes, KQL queries for Sentinel, binary analysis with YARA, Osquery, and Sysdig Falco.
  3. Reproducing the attack can be done using resources like Kali Blog and Xzbot, while there are infographics summarizing the background and timeline of the backdoor incident.

Secure-by-Design (and Demand)

Resilient Cyber 119 implied HN points 20 Oct 23
🕹 Technology Cybersecurity
  1. Software companies should take more responsibility for keeping their products secure. It's not fair for the burden of safety to rest solely on customers.
  2. Transparency is vital in building trust. Companies should openly share their security practices and incident reports to help everyone strengthen their defenses.
  3. Customers can drive change by choosing to buy from companies that promote secure products. When buyers demand safety, companies will start to respond.

Microsoft Sentinel SOC 101: Detecting and Mitigating Spear Phishing with Microsoft Sentinel

Rod’s Blog 59 implied HN points 12 Feb 24
🕹 Technology Cybersecurity
  1. Spear phishing is a serious cyber-attack that targets specific individuals or organizations. Microsoft Sentinel's tools can help detect and prevent these types of threats.
  2. Microsoft Sentinel allows for the creation of custom analytics rules based on KQL queries to identify potential spear phishing activities. This helps in early detection of threats.
  3. Automation and playbooks in Microsoft Sentinel enable immediate responses like blocking URLs or initiating password resets upon detecting a spear phishing attempt.

Sam Altman’s Big, Bad Idea

Nonzero Newsletter 463 implied HN points 16 Feb 24
🕹 Technology Cybersecurity
  1. There is a push to increase investment in AI technology, with companies seeking trillions of dollars for large-scale projects. This poses potential benefits but also risks like job loss and psychological effects.
  2. Egypt is constructing a large 'security zone' to handle displaced Palestinians, possibly due to Israel's actions in Gaza. The situation highlights complex political and humanitarian dilemmas in the region.
  3. AI tools are increasingly used in various sectors, from analyzing workplace communication to cyberattacks. The technology's potential benefits come with concerns about privacy, worker rights, and security vulnerabilities.

The Elusive Built-in not Bolted-on

Resilient Cyber 239 implied HN points 17 Apr 23
🕹 Technology Cybersecurity
  1. Cybersecurity should be included from the start of product design, not added later. This means making security a priority throughout the whole development process.
  2. Products should come secure by default, so users don't have to figure out how to protect themselves. Just like cars come with seatbelts, software needs built-in security features.
  3. There needs to be accountability for software security. Companies should not shift the blame to users but should instead be responsible for ensuring their products are secure and safe to use.

Microsoft Sentinel SOC 101: How to Detect and Mitigate SQL Injection Attacks with Microsoft Sentinel

Rod’s Blog 119 implied HN points 27 Sep 23
🕹 Technology Cybersecurity
  1. SQL injection attacks exploit vulnerabilities in web applications to access sensitive data.
  2. Microsoft Sentinel uses advanced analytics rules and integrates with Defender for SQL to detect and respond to SQL injection attacks effectively.
  3. Organizations can benefit from automated incident response, threat hunting, and incident investigation capabilities in Microsoft Sentinel to mitigate the impact of SQL injection attacks.

AWS IAM Anywhere: Bridging PKI and Cloud Access for Non-Human Identities

ciamweekly 62 implied HN points 07 Jul 25
🕹 Technology Cybersecurity
  1. AWS IAM Anywhere allows secure access to AWS resources using certificates instead of traditional access keys. This is helpful for organizations that already have a public key infrastructure in place.
  2. Many smaller organizations struggle with managing certificates, leading to outages from expired certificates. This complexity makes it hard for everyone to adopt certificate-based security easily.
  3. The rise of non-human identities shows a shift in how we manage access. AWS IAM Anywhere lets companies use their existing certificate systems to manage both human and automated identities in the cloud.

Tanks for the memories

Logging the World 179 implied HN points 11 Dec 22
🔬 Science Cybersecurity
  1. In a raffle with a large number of tickets, the biggest number drawn out starts to show some structure as more tickets are selected.
  2. By looking at the maximum value drawn in a raffle, one can estimate the total number of tickets, a concept applied in statistics like the German tank problem.
  3. Sequential numbering schemes can reveal interesting insights, as seen in situations like the Skripal poisonings and Novak Djokovic's COVID test, highlighting the importance of careful numbering practices.

The one where we vibe code holiday cards | Season 5 Finale

Dev Interrupted 9 implied HN points 23 Dec 25
🕹 Technology Cybersecurity
  1. MCP agents need strong safeguards: treat actions on a spectrum of reversibility and consequence, and require a human in the loop for irreversible or high‑risk operations.
  2. Engineers are still responsible for delivering proven code, not just generating it — every line of AI‑produced code must be verified and tested before shipping.
  3. Rigid engineering dogmas like mandatory review for every PR and slavish sprint rituals slow teams down. Teams should let senior engineers self‑merge low‑risk changes and audit whether safeguards prevent bugs or just block work.

Cold War 2023

Stove Top 117 implied HN points 23 Jun 23
🕹 Technology Cybersecurity
  1. Huawei is accused of being a piece of Chinese spyware with ties to government and espionage.
  2. France is taking extreme measures against encryption, raising concerns about privacy and government surveillance.
  3. Consuming true crime content raises complex questions on its impact on mental health and society, with discussions on privacy and ethical concerns.

☁ Databricks & Enterprise AI

Hard Mode by Breaking SaaS 117 implied HN points 31 Jul 23
🕹 Technology Cybersecurity
  1. Databricks made a bold $1.3B bet on acquiring MosaicML for their generative AI platform.
  2. Efficiency is key in using GPU capacity effectively, leading to competitive advantages.
  3. LLMs are now considered table stakes for data companies, with the focus shifting towards the importance of privacy in AI models.

Ultraviolet Catastrophe

Philip’s Newsletter 68 implied HN points 25 Jun 25
🕹 Technology Cybersecurity
  1. AI will soon fill the internet with so many messages that it will be hard to find real information. This overload can make the internet less useful for everyone.
  2. The current internet lets anyone send as many messages as they want without much control. This problem started when the internet was built for a small, trusted group of users.
  3. To fix these issues, we might need new ways to communicate, like using encrypted channels instead of email addresses. This change could help us manage the flood of messages better.