Distorted guitars were a big part of the rock revolution last century; we try to forget about the roll. As a youth, [David Hilowitz] couldn’t afford a loud aggressive amp, a distortion pedal, or even a proper electric guitar. This experience ended up teaching him that you can use random old audio hardware as a distortion effect.

[David’s] guitar journey started when he found a classical guitar on a dumpster. He learned to play, but longed for the sound of a proper electric guitar. Family friends gifted him a solitary pickup, intending he build a guitar, but he simply duct-taped it to his steel-strung classical instead. The only thing he lacked was an amp. He made do with an old stereo system and a record pre-amp. With his his faux-electric guitar plugged into the microphone input, he was blessed with a rudimentary but pleasant distortion that filled his heart with joy.

https://www.youtube.com/watch?v=FjJ9PeTciqc

Britain’s interior minister warned Meta that out end-to-end encryption on its platforms must “not to come at a cost to our children’s safety”.

https://www.securityweek.com/uk-minister-warns-meta-over-end-to-end-encryption/

Learning how to keep discussions on-topic is an important skill for security professionals to learn, and it can allow them to continue to improve their security programs.

Have you ever been in a meeting where someone keeps taking the discussion off topic? Have you ever tried to get answers to straightforward questions when speaking with someone, only to have them constantly going off on what seem to be tangents? Have you ever been part of an email thread or chat group where the discussion just seems to go around in circles?

We might not want to believe it, but this is often a tactic employed by certain personality types. In other words, it is seldom the case that a person cannot focus or is scatter-brained. Rather, it is far more likely that they are deliberately trying to derail what should be a relatively straightforward discussion.

You might ask why a person would do this. Different people have different motivations, but typically people do this for one of the following reasons:

They are looking for control/power (knowledge is power after all)
They are looking to hide information (perhaps because they are embarrassed by something or perhaps because it undermines an ulterior motive they have)
They do not know the answer but do not want to admit to that
They do not want to accept responsibility for a poor decision or a mistake they may have made
They are looking to avoid being exposed for having lied and/or hidden information in the past

This is not an exhaustive list – there may be other motivations as well, of course. My point here is that if we as security professionals find that we are having a difficult time getting straight answers, there is usually a reason. Unfortunately, we cannot expect these types of people to change. Instead, we must learn how to compensate for this type of personality in order to continue advancing the state of our security programs.

Intel announces general availability of attestation service that is part of Trust Authority, a new portfolio of security software and services.

Chip giant Intel announced on the second day of its Intel Innovation 2023 event the general availability of an attestation service that is part of Trust Authority, a new portfolio of security software and services.

The new attestation software-as-a-service, codenamed Project Amber, is the first service in the Intel Trust Authority portfolio. It offers a unified and independent assessment of trusted execution environment (TEE) integrity and policy enforcement, as well as audit records.

It enables organizations to independently verify the authenticity and integrity of an environment, and ensure that the data and workloads inside that environment have not been compromised. It also helps ensure compliance with privacy and data sovereignty regulations.

The attestation service can be used with Intel confidential computing, including on premises, in multi-cloud or hybrid environments, and at the edge.

https://www.intel.com/content/www/us/en/security/project-amber.html

With the growing spectrum for commercial use, usage and popularization of private 5G networks are on the rise. The manufacturing, defense, ports, energy, logistics, and mining industries are just some of the earliest adopters of these private networks, especially for companies rapidly leaning on the internet of things (IoT) for digitizing production systems and supply chains. Unlike public grids, the cellular infrastructure equipment in private 5G might be owned and operated by the user-enterprise themselves, system integrators, or by carriers. However, given the growing study and exploration of the use of 5G for the development of various technologies, cybercriminals are also looking into exploiting the threats and risks that can be used to intrude into the systems and networks of both users and organizations via this new communication standard. This entry explores how normal user devices can be abused in relation to 5G’s network infrastructure and use cases.

Proofpoint has observed an increase in activity from specific malware families targeting Chinese-language speakers. Campaigns include Chinese-language lures and malware typically associated with Chinese cybercrime activity.

Newly observed ValleyRAT is emerging as a new malware among Chinese-themed cybercrime activity, while Sainbox RAT and related variants are recently active as well. The increase in Chinese language malware activity indicates an expansion of the Chinese malware ecosystem, either through increased availability or ease of access to payloads and target lists, as well as potentially increased activity by Chinese speaking cybercrime operators.

Cavium, a maker of semiconductors acquired in 2018 by Marvell, was allegedly identified in documents leaked in 2013 by Edward Snowden as a vendor of semiconductors backdoored for US intelligence. Marvell denies it or Cavium placed backdoors in products at the behest of the US government.

The allegations surfaced in the PhD thesis of Dr Jacob Appelbaum, “Communication in a world of pervasive surveillance: Sources and methods:
Counter-strategies against pervasive surveillance architecture.” Appelbaum’s thesis was published in March 2022 and received little public attention until mentioned in security blog Electrospaces.net last week.

China accused the U.S. of infiltrating Huawei Technologies Co. servers beginning in 2009, part of a broad-based effort to steal data that culminated in tens of thousands of cyber-attacks against Chinese targets last year.

The Tailored Access Operations unit of the National Security Agency carried out the attacks in 2009, which then continuously monitored the servers, China’s Ministry of State Security said in a post on its official WeChat account on Wednesday. It didn’t provide details of attacks since 2009.