TechLetters ☕️Bad anti-phishing practices. Third-party cookie phaseout. Information operations by PR firms.
Security
Cybersecurity training and anti-phishing exercises offer limited value. With low contribution to reducing phishing risks. A study showed no significant link, with minimal rate differences. No significant correlation was observed between employees completing annual training and reduced phishing failure rates. Employees who recently completed the training performed no better than those who had not taken it for over a year, raising questions about the value of such training. The overall impact of embedded phishing training was modest, showing a 1.7% absolute reduction in phishing failures compared to a control group. Failure rates still exceeded 15% for many phishing campaigns, undermining the effectiveness of this training in practice. There are more such studies. The approach needs to change?
Cyberattackers may have compromised lots of organizations. By exploiting two zero-day vulnerabilities found in widely used Palo Alto Networks systems.
The EU adopts an interpretation of international law to cyberspace. "combined effects of several cyber operations could, taken together, be comparable to a kinetic use of force". "Civilians must be protected against attacks, unless they take a direct part in the hostilities including by cyber means".
PR firms hired to run information operations. Involving a of websites portrayed as "news sites". They post pro-China content. Sometimes pose as "local news sources", cover current events, and so on to help in informational payloads.
Privacy
The UK Competition regulator appears to formally agree to phase-out third-party cookies from Chrome web browsers (seen as 'reasonable'). On Apple's iOS/iPhone/iPads. Great day for competition and privacy!
Technology Policy
U.S. DoJ to demnd breaking up Chrome from Google. This would likely be very bad for the web and web security. Stand-alone web browser is unlikely able to self-fund sustainably, innovate, and remain secure. Just no such business model in 2024. The difficult truths are difficult. A significant portion of web development and security & privacy, depends on Chrome and the people. Their work helps/fuels other browsers and technologies, covering programming, standardization, and even policy. Without funding, cybercrime might also increase.
Other
The world's fastest supercomputer in the US. Performance 1,742 exaFLOPs (1,742 quintillion calculations per second). It will be used, for example, for nuclear weapons research to modernise the nuclear arsenal, such as W93 warheads.
In case you feel it's worth it to forward this content further:
Subscribed
If you’d like to share: