Welcome to the regular networking and cybersecurity newsletter. 
Let's take a look at the relevant articles published between September 21 and 27, 2020. 

Last week we missed the Let's Encrypt update on "New Root and Intermediate Certificates"

"On Thursday, September 3rd, 2020, Let’s Encrypt issued six new certificates: one root, four intermediates, and one cross-sign. These new certificates are part of our larger plan to improve privacy on the web, by making ECDSA end-entity certificates widely available, and by making certificates smaller.
Given that we issue 1.5 million certificates every day, what makes these ones special? Why did we issue them? How did we issue them? Let’s answer these questions, and in the process take a tour of how Certificate Authorities think and work."
 

NSA released the UEFI Secure Boot Customization whitepaper

"Secure Boot is a boot integrity feature that is part of the Unified Extensible Firmware Interface (UEFI) industry standard. Most modern computer systems are delivered to customers with a standard Secure Boot policy installed. This document provides a comprehensive guide for
customizing a Secure Boot policy to meet several use cases."
 

Control congestion, lower latency with new L4S AQM scheduler

"Data heavy video applications like augmented and virtual reality (AR/VR), cloud gaming and video conferencing demand very low communication latency.

While communication technologies such as 5G and fibre-to-the-home (FTTH) are meeting this requirement from the network side, the current architecture of the Internet, more precisely the operation of the Transmission Control Protocol (TCP) congestion control algorithms, is causing issues.

In this post, I want to highlight these as well as a collection of new services and methods that my colleagues and I assessed as part of our paper we presented at ANRW’20 that are working towards solving them."
 

Espressif ESP32: Bypassing Encrypted Secure Boot (CVE-2020-13629)

"We arrived at the last post about our Fault Injection research on the ESP32. Please read our previous posts as it provides context to the results described in this post.

• Espressif ESP32: Bypassing Secure Boot using EMFI
• Espressif ESP32: Controlling PC during Secure Boot
• Espressif ESP32: Bypassing Flash Encryption (CVE-2020-15048)"

Analysis Report (AR20-268A) of Federal Agency Compromised by Malicious Cyber Actor

"A hacker has gained access and exfiltrated data from a federal agency, the Cybersecurity and Infrastructure Security Agency (CISA) said on Thursday.
The name of the hacked federal agency, the date of the intrusion, or any details about the intruder, such as an industry codename or state affiliation, were not disclosed." - ZDNet.
 

New C++ features in GCC 10

"This article focuses on the part of the GCC compiler on which I spend most of my time: The C++ front end. My goal is to present new features that might be of interest to C++ application programmers. Note that I do not discuss developments in the C++ language itself, although some language updates overlap with compiler updates. I also do not discuss changes in the standard C++ library that comes with GCC 10."
 

Thank you for sharing the newsletter!

For feedback, please write to us at cybersec@qrator.net.