Captain's Log, Stardate 2021.10.22


Captain's Log, Stardate is an ongoing series, published every Friday, highlighting interesting cyber news from the past week. To continue the discussion on any of these topics, join us on Slack

J1_Ambassador Hunter @2x

Decoding the hidden language and signs of ‘Squid Game’ for non-Koreans | The Washington Post / Michelle Yee Lee
So you just finished watching “Squid Game,” the global sensation that has become the most watched show on Netflix. Or maybe you’re binge-watching it now. If you’re not a native Korean speaker, or you watched the dubbed version, you may have missed a few important things that could enrich your viewing experience. We are here to share the Easter eggs that non-Koreans may have missed. Read the full story...

(Added bonus: Recipe for Korean Sponge Candy so you can hold your own competition.) 

Modern Cybersecurity: Tales from the Near-Distant Future 
| Book Release

Modern Cybersecurity - Hardcopy or Digital - JupiterOneOn Tuesday, we released a new book, featuring seven security practitioners telling their stories. They tell the details of major business problems they experienced when implementing cybersecurity - and how they overcame them. Chapters include:

  • Security for Modern Cyber Assets - Sounil Yu (JupiterOne)
  • How You Know Your Organization is Ready to Adopt a Security Practice - Yolonda Smith (sweetgreen)
  • The Future of Security Cloud Native - Caroline Wong (
  • Reinventing the Workforce - Sushila Nair (NTT DATA Services)
  • Hardening the Value Stream - Bryan Finster (DoD USAF)
  • Metrics that Matter: The Business Context of Cyber Risk Management - Keyaan Williams (Cyber Leadership Forum)
  • It’s Not What You Know; It’s What You Do - Jennifer Czaplewski (Target)

The book is available on Amazon, or you can download the digital copy for free.  Read the full story...

Time Travel
Thanks to a nasty GPSD bug, real-life time travel trouble arrives this weekend
 | ZDNet / Steven J. Vaughan-Nichols

On October 24, 2021, some time-keeping systems are going to take a trip back in time to March 2002, unless you update your GPSD programs. Some systems rely on Global Positioning Systems (GPS) appliances and the GPSD daemon to tell the exact time, and a nasty bug's been uncovered in GPSD that's going to pop up on October 24, 2021. If left unpatched, it's going to switch your time to some time in March 2002, and your system will crash with a resounding kaboom. Here's how it works... Read the full story...

Supply Chain Attack - JupiterOne
Supply chain attacks are getting worse, and you are not ready for them
| ZDNet / Liam Tung

An EU cybersecurity think tank looks at 24 recent supply chain attacks, and warns that defences against them are not good enough. ENISA's analysis found that attackers focused on the suppliers' code in about 66% of reported incidents. The same proportion of vendors were not aware of the attack before it was disclosed.

ENISA focuses on Advanced Persistent Threat (APT) supply chain attacks and notes that while the code, exploits and malware was not considered "advanced", the planning, staging, and execution were complex tasks. It notes 11 of the supply chain attacks were conducted by known APT groups. Read the full story...

Hacker steals government ID database for Argentina’s entire population
| The Record /Catalin Cimpanu

A hacker has breached the Argentinian government’s IT network and stolen ID card details for the country’s entire population, data that is now being sold in private circles. The hack, which took place last month, targeted RENAPER, which stands for Registro Nacional de las Personas, translated as National Registry of Persons

The agency is a crucial cog inside the Argentinian Interior Ministry, where it is tasked with issuing national ID cards to all citizens, data that it also stores in digital format as a database accessible to other government agencies, acting as a backbone for most government queries for citizen’s personal information.

Read the full story...



Modern Cybersecurity - Hardcopy or Digital - JupiterOne




Posted By Mark Miller

Mark Miller speaks and writes extensively on DevOps and Security, hosting panel discussions on tools and processes within the DevOps Software Supply Chain.

Mark actively participates in the DevOps/DevSecOps community by building DevSecOps tracks at security conferences such as RSA Conference, InfoSec Europe, CD Summit, AppSec USA and AppSec EU. He is the Senior Storyteller and Senior Director of Community and Content at JupiterOne.

As well, Mark is Executive Producer of the DevSecOps Podcast Series (300K+ listens), and the Executive Editor of the LinkedIn DevOps Group (124K+ members).

To hear more from Mark, get our newsletter. No spam, just the good stuff once or twice a month. Sign up below.