Resources and 300+ episodes, all free, all ungated:

https://505updates.com/

We'll start with Katy Craig.

Resources and 300+ episodes, all free, all ungated:

https://505updates.com/

We'll start with Katy Craig.

Resources and 300+ episodes, all free, all ungated:

https://505updates.com/

We'll start with Julie Chatman.

Resources and 300+ episodes, all free, all ungated:

https://505updates.com/

Resources and 300+ episodes, all free, all ungated:

https://505updates.com/

Resources and 300+ episodes, all free, all ungated:

https://505updates.com/

Resources and 300+ episodes, all free, all ungated:

https://505updates.com/

Resources and 300+ episodes, all free, all ungated:

https://505updates.com/

Resources and 300+ episodes, all free, all ungated:

https://505updates.com/

It’s January 5, 2024, and time for Point of View Friday, where we cover a single topic from multiple perspectives. Today’s point of discussion is “What does the near future look like for AI, what should you consider when utilizing AI for your personal use or business solution?”

Today’s contributors are Trac Bannon from Camp Hill Pennsylvania, Olimpiu Pop from Transylvania Romania, Shannon Lietz from San Diego California, and Edwin Kwan from Sydney Australia.

We’ll start with Edwin’s thoughts on an algorithm that can give a thumbs up or down to your job application.

🎙️ Free access to 300+ episodes of “It’s 5:05!” on your favorite podcast platforms: bit.ly/505-updates

#newspodcast #PoVFriday

The stories we’re covering today.

Marcel Brown: December 31st, 1999. The world waits in anticipation of the year 2000 and the potential disasters that might be brought about by the Y2K bug. Just for fun, I set up my home with a remote control to turn off all the lights in my house and the TV our friends would be watching at our New Year's Eve party. Seconds after midnight, I pushed the remote control in my pocket, and everything went out. There were definitely a few people in my house that night who thought the apocalypse had come.

Edwin Kwan: One of the features of Chrome Safety Check is that it will check if any saved passwords have been compromised. In addition, users will receive alerts in the Chrome menu about flagged dangerous extensions, outdated Chrome versions, or disabled safe browsing.

Shannon Lietz: For the last couple of years, the EU has been talking about how it might address some of the cybersecurity issues that are plaguing its economy. As part of this, addressing the 189 pages of a potential act to come, it's hard to look at it and be both excited and petrified at the same time. There's lots to think about.

Olimpiu Pop: In 2023, the cyber warfare aspect of the Ukraine war provided concrete examples of both resilience and evolving nature of cyber threats. Ukrainian cyber defenses, although not unbreakable, effectively countered a variety of Russian cyber attacks

The stories we’re covering today.

Marcel Brown: December 28th, 1895. The world's first projected movie screening takes place at the Salon Indien du Grand Café in Paris, France. 33 people attend at the admission price of 1 franc each to view 10 films at about 50 seconds each.

Edwin Kwan: Three malicious Chrome extensions disguised as VPNs infected approximately 1. 5 million users. The extensions - netPlus, netSafe, and netWin - were distributed through an installer hidden in pirated copies of popular video games like Grand Theft Auto and Assassin's Creed.

Ian Garrett:  New Year, New Data Breach Disclosure Rules issued by the U. S. Securities and Exchange Commission to reshape the cybersecurity landscape for publicly owned companies. Recently, starting on December 18th, these companies must now comply with the stringent rules requiring them to disclose material cyber incidents within 96 hours.

Olimpiu Pop: The EU Cybersecurity Schemes, born from the EU Cybersecurity Act, are being developed for different industry categories such as ICT, Cloud services and 5G networks, and will consist of a comprehensive set of rules, technical requirements, standards and evaluation procedures for certification.

The stories we’re covering today.

Marcel Brown: December 27th, 1968. Apollo 8 splashes down in the Pacific Ocean, ending the first manned orbit of the moon. When the spacecraft hit the water, the parachutes dragged it over and left it upside down. Because they were being buffeted by 10 foot swells, astronaut Frank Borman actually got sick and vomited. Welcome back to Earth, Frank.

Edwin Kwan: A critical remote code execution vulnerability in the Apache Struts 2 framework is reportedly being ignored by developers, leaving approximately 80 percent of recent Strut downloads exposed to the flaw. The severity of the vulnerability, rated as 9. 8 out of 10 in CVSS, arises from a logic bug in the File Upload feature.

Hillary Coover: Quantum computers operate on subatomic particle properties, enabling them to perform complex calculations and process information at unparalleled speeds compared to today's computers. However, a current challenge is the instability of qubits, the key processing units in quantum computers, which limits their ability to decrypt substantial amounts of data.

Olimpiu Pop:  In 2023, the European Union made significant strides in AI legislation with the introduction of the EU AI Act. This groundbreaking legislation, agreed upon on December 9, 2023, is the world's first dedicated law on AI and sets a global precedent.

The stories we’re covering today.

Marcel Brown: December 25th, 1990. Merry Christmas, everyone. Tim Berners Lee, a British scientist working at the European Organization for Nuclear Research, otherwise known as CERN, along with his associate, Robert Kaliau, were operating the first web server, info.cern.Ch, and first web browser slash editor, World Wide Web, which were reportedly able to communicate over the internet by this date.

Edwin Kwan: A groundbreaking attack named Terrapin has been uncovered posing a significant threat to the security of the SSH secure shell protocol. What sets Terrapin apart is its ability to undermine cryptographic SSH protections that were previously considered to be immune to such attacks

Hillary Coover: Britain's National Grid is taking steps to remove components provided by a subsidiary of China-backed Nari Technology from its electricity transmission network due to concerns about cybersecurity.

Ian Garrett: Cyber criminals in their quest to maximize disruption and ransom demands are evolving their strategies. A notable example is the ransomware group gang known as BlackCat, which recently employed a novel extortion tactic. This incident is the first of its kind, and likely a precursor to future trends in cyber extortion.

Olimpiu Pop:  In 2023, cybersecurity and supply chain issues evolved significantly. Software supply chain attacks, especially targeting open source software libraries, saw a dramatic increase. The growing reliance on open source software, under the pressure of rapid development cycles, made these libraries prime targets for exploitation.

The stories we’re covering today.

Marcel Brown: December 22nd, 1882. Edward Johnson, an associate of Thomas Edison, has walnut sized bulbs made specifically for him to wire his Christmas tree with electric light. The eighty red, white, and blue bulbs formed the first set of electric Christmas tree lights in history.

Edwin Kwan: A recently discovered SMTP smuggling technique is allowing cyber attackers to sidestep email security protocols, posing a significant threat to organizations. The techniques exploit zero-day flaws in messaging servers, allowing attackers to send malicious emails with fake sender addresses.

Hillary Coover: In an effort to combat cybercrime, U. S. government researchers are embarking on a 30 month project to investigate whether computer code used in cyberattacks can reveal clues about the hackers behind them.

Katy Craig: The SEC's legal action against the former CISO of SolarWinds is a justified step towards greater accountability in corporate cybersecurity. It highlights the need for individuals in charge to diligently comply with federal safeguards and rules and to report incidents.

Trac Bannon: The charges against Joe Sullivan and Timothy Brown have dramatic ramifications for industry. There is the increased scrutiny of CSOs and CISOs. The precedent is set for personal accountability for both cybersecurity practices and disclosures. This means corporate security officers face scrutiny and legal responsibilities similar to CFOs and their responsibility for financial disclosures.

Olimpiu Pop: Whether we like it or not, we are at war. The CISO should stop preaching, and transform their slides into actions . Actions, translatable into automated tools that cannot be circumvented or ignored. More than that, as CISO, you should be the north star in terms of ethical conduct.

The stories we’re covering today.

Edwin Kwan:  A former cloud engineer at a bank was terminated for violating company policies, including inappropriate laptop use. After he was fired, the employee went home and used a company issued laptop to launch attacks on the bank's network.

Hillary Coover: Database management company MongoDB is currently investigating a security incident that has led to the exposure of some customer information. Certain corporate systems were compromised, containing customer names, phone numbers, email addresses, and other unspecified customer account metadata. For one customer, system logs were accessed.

Ian Garrett: Microsoft recently released their Digital Defense Report of 2023, which provides crucial insights into the evolving cybersecurity landscape. Let's jump into the 10 essential insights of cybersecurity from the report.

The stories we’re covering today.

Marcel Brown: December 20th, 1996. In a surprise move at the time, Apple Computer announces their intention to purchase Steve Jobs' company, NeXT, and bring Steve Jobs on board as an advisor to CEO Gil Amelio. Along with the leadership of future CEO Steve Jobs, the resurgence of Apple in the 2000s, and the emergence of the new world of technology can be traced back to this major event in technology history.

Hillary Coover: In Maine's data privacy debate, L.L. Bean has surprisingly aligned with global tech giants, highlighting the power of local national business alliances in shaping legislation. This unusual alliance between a family-owned retailer and tech giants illustrates the complexity of the national data privacy law debate, primarily occurring at the state level.

Edwin Kwan: Ubiquiti users were reporting last week that they were seeing other people's notification and had access to their devices. The incident was first reported on Reddit, where a user received a notification from UniFi ProTech, including an image from someone else's security camera.

Katy Craig: Today we're discussing a significant cyber security incident. Xfinity has recently experienced a major data breach, potentially impacting around 36 million customers . Compromised data includes usernames, hashed passwords, the last four digits of social security numbers, security questions, birthdates, and contact details.

In this episode:

Marcel Brown: This day in Tech History

December 19th, 1974. Micro Instrumentation and Telemetry Systems, otherwise known as MITS, begins selling the Altair 8800 microcomputer kit. It is one of the most important computers in history, for it inspired the first generation of entrepreneurs that created the personal computer industry.

Edwin Kwan: My Personal Experience with SMS Impersonation Scams

I was recently targeted by an SMS impersonation scam. The scammer was impersonating someone I know who's from the US and a text message came from a US number. I don't have this person's mobile number saved, so replied thinking it might be him. It became obvious fairly quickly that it was a scam,

Hillary Coover: Europe Probes Elon Musk's X Over Disinformation Handling

 Elon Musk's social media platform, X, formerly known as Twitter, is facing an official investigation in Europe regarding its handling of illegal content and disinformation. The European Commission has initiated a formal infringement proceeding against X under the Digital Services Act.

Ian Garrett: Cybersecurity, Artificial Intelligence, and Nuclear weapons, Oh my!

Cybersecurity, artificial intelligence, and nuclear weapons. Do we have an update for you? The 2024 National Defense Authorization Act, or NDAA, is a crucial piece of annual legislation for U. S. military funding. The NDAA was passed with a focus on various cybersecurity concerns.

🎙️ Free access to 290+ episodes of “It’s 5:05!” on your favorite podcast platforms: bit.ly/505-updates

#newspodcast

The stories we’re covering today.

Marcel Brown: December 17th, 1903. Orville and Wilbur Wright make their famous first controlled and sustained flights with a heavier than air, powered aircraft. Orville made the very first flight, which lasted about 12 seconds.

Edwin Kwan: It's been almost three years since the critical Log4j vulnerability was disclosed. Despite patches being available shortly after vulnerability disclosure, many organizations persistently use vulnerable versions. There are still approximately 38% of applications using vulnerable versions of the Apache Log4j library.

Hillary Coover: China raised concerns about the potential compromise of sensitive data, particularly in crucial sectors like the military, due to the use of foreign geographic information software. The Ministry of State Security has urged security departments to conduct thorough investigations to prevent further breaches.

Katy Craig: A marketing company, CMG Local Solutions, recently claimed it could access people's private conversations through their device microphones for targeted advertising. This claim raises some serious red flags.

Katy Craig: Today, we’re diving into a significant milestone in AI regulation: the European Union’s recent passing of the AI Act. This legislation is set to shape how AI is used across industries, but it also raises questions about potential, unintended consequences.

Trac Bannon: The EU is taking the global lead when it comes to AI governance. In the US, there are many discussions and hearings happening about AI policy at different levels of the government, but nothing cohesive and nothing comprehensive.

Shannon Lietz: It’s an interesting time to be looking at AI, using AI, and trying to make sense of what it could mean for you. The question is, which use cases is it most well suited for? And are the producers of AI capabilities such as OpenAI and its competitors actually looking at which use cases should be allowed? Which ones are allowed to be adopted?

Olimpiu Pop: The EU AI Act, with all its ups and downs, is the first one in the world, and it will be the baseline. Can the slow legislative apparatus keep pace with the lightning speed of AI tech space?

🎙️ Free access to 280+ episodes of “It’s 5:05!” on your favorite #podcast platforms: bit.ly/505-updates

The stories we’re covering today.

Marcel Brown: December 16, 2003. The CAN SPAM Act of 2003 is signed into United States law. Passed in an attempt to control the growing deluge of junk email, the law's effectiveness is dubious at best. Especially considering political spam is exempt from the law.

Edwin Kwan: Apple will soon be introducing a stolen device protection feature, which is aimed at enhancing security if an iPhone is stolen, particularly in scenarios where thieves obtain the device passcode.

Katy Craig: Today, we're diving into a significant milestone in AI regulation: the European Union's recent passing of the AI Act. This legislation is set to shape how AI is used across industries, but it also raises questions about potential, unintended consequences.

Trac Bannon: The EU is taking the global lead when it comes to AI governance. In the US, there are many discussions and hearings happening about AI policy at different levels of the government, but nothing cohesive and nothing comprehensive.

Olimpiu Pop: The EU AI Act, with all its ups and downs, is the first one in the world, and it will be the baseline. Can the slow legislative apparatus keep pace with the lightning speed of AI tech space?

Shannon Lietz: It's an interesting time to be looking at AI, using AI, and trying to make sense of what it could mean for you. The question is, which use cases is it most well suited for? And are the producers of AI capabilities such as OpenAI and its competitors actually looking at which use cases should be allowed? Which ones are allowed to be adopted?

The stories we’re covering today.

Marcel Brown: December 14th, 1902. The cable ship Silvertown begins laying the first Transpacific telegraph cable from San Francisco, destined for Honolulu, Hawaii. On January 1st, 1903, the connection between Hawaii and San Francisco was established.

Edwin Kwan: A research study based on data from January 2021 to April 2023 shows a rise in insider threats, with 55% relying on privilege escalation exploits and the remaining 45% introducing risk by downloading or misusing offensive tools.

Katy Craig:  In June 2023, cybersecurity incidents shook the digital landscape  as threat actors exploited a vulnerability in Adobe ColdFusion. The attackers executed a calculated malware deployment strategy. They exploited the Adobe ColdFusion vulnerability to introduce malware, including a remote access Trojan using HTTP POST commands.

Ian Garrett: AI has emerged at the forefront of cybersecurity megatrends for 2024. An overwhelming 93% of respondents anticipate Generative AI, like ChatGPT, impacting their business strategies within the next 5 years, with 89% already incorporating AI into their R&D efforts.

The stories we’re covering today.

Marcel Brown: December 16, 2016. After a long delay, Apple finally releases their new wireless earbuds, the Apple AirPods. Within two years, they became Apple's most popular accessory, and today are some of the most popular and well recognized earbuds in the market.

Hillary Coover: A covert campaign dating back to May 2022 is distorting conversations about Taiwan's upcoming elections. The Graphika report exposes hundreds of fake social media accounts on Facebook, TikTok, and YouTube. While the perpetrators remain unidentified, the operation favored a pro-China political party in Taiwan, while criticizing its main rival.

Katy Craig: Two years after the infamous Log4j vulnerability came to light, North Korean hackers are still exploiting this flaw in widespread cyberattacks. These attacks fall under the wide-reaching activities of the Lazarus umbrella, a term for the various North Korean government hacking operations.

Edwin Kwan: Meta has announced the rollout of default end-to-end encryption for personal messages and calls on Messenger and Facebook. The rollout will take several months to complete globally, prompting users to set up recovery methods when their chats are upgraded.

The stories we’re covering today.

Mark Miller: December 12th, 1980. Apple computer holds their initial public offering selling 4.6 million shares at $22 per share, and turning more than 40 Apple employees and investors into instant millionaires.

Edwin Kwan: A set of 14 security vulnerabilities named "5Ghoul" has been discovered in the firmware implementation of 5G mobile network modems from major chipset vendors like MediaTek and Qualcomm. The flaw impacts USB and IoT modems along with hundreds of smartphone models running Android and iOS.

Katy Craig: Cybersecurity researchers from Cato Security Labs have uncovered a new variant of P2PInfect compiled for the MIPS architecture used widely in routers and IoT devices. This latest version indicates the botnet's expanding capability is in reach.

Ian Garrett: Now hackers are applying to jobs? TA4557, a threat actor active since 2018, is evolving its strategy to directly target recruiters with malicious URLs. Once the recruiter responds, TA4557 replies with a URL linking to a website controlled by the threat actor, posing as the candidate's resume.

The stories we’re covering today.

Marcel Brown: December 11th, 2008. Google releases the first stable, public version of their new web browser, Chrome. By 2013, Chrome had bypassed Microsoft's Internet Explorer and Mozilla Firefox to become the most popular web browser in the world, and is still considered so today.

Edwin Kwan: Atlassian has issued an email warning customers of four critical vulnerabilities, each rated 9.0 or higher. Confluence, Jira, and Bitbucket servers, as well as companion apps for macOS are affected.

Hillary Coover: Every piece of content you put online is at risk of being manipulated. Microsoft's recent cybersecurity research revealed that Russian propagandists employed a deceptive strategy to manipulate at least seven Western celebrities, including Elijah Wood and Priscilla Presley.

Mark Miller: Well, that was a real train wreck, wasn't it? It looks as if Gemini's launch video jumped the shark. Let's take a step back as VP of research Oreo Venules responds by getting called out for faking the video.

🎙️ Free access to 280+ episodes of “It’s 5:05!” on your favorite #podcast platforms: bit.ly/505-updates

The stories we’re covering today.

Marcel Brown: December 8th, 1975. Paul Terrell opens the Byte Shop in Mountain View, California, one of the first retail computer stores in the world. Paul Terrell and the Byte Shop are most famously known for ordering the first 50 computers from Steve Jobs and Steve Wozniak's fledgling Apple Computer Company in 1976.

Edwin Kwan: A Bluetooth authentication bypass vulnerability has been discovered to be impacting Apple, Android, and some Linux devices. The bug allows attackers to connect to devices and inject keystrokes to execute arbitrary commands.

Trac Bannon: OWASP has just introduced the Software Bill of Materials Maturity Model. In general, I'm not a fan of maturity models. They're often inflexible, arbitrary, and don't consider context. That said, there is merit in providing guidance given the slow rate of adoption and even the lack of understanding by the software industry.

Katy Craig: Today we're diving into a game-changer for consumer software transparency: the launch of the BOM Maturity Model by the OWASP Foundation. Simply put, this model is a big win for consumers who want to know more about the software that we use daily.

Olimpiu Pop: Software Bills of Materials, SBOMs, are those labels that we need to stick on our delivered software packages. How should it happen? For now, at least in the Java ecosystem, there is no way of delivering the label together with the package.

Shannon Lietz: We're all talking about Bill of Materials these days. It's an important concept for all of us, for a lot of reasons, in particular software buyers. Anyone who's out there who's buying something from a supplier should be interested in what is in that actual product.

The stories we’re covering today.

Marcel Brown: December 7, 1999. The Recording Industry Association of America sues the peer to peer file sharing service Napster, alleging copyright infringement for allowing users to download copyrighted music for free. The recording industry in general was caught with its pants down when it came to digital music and the internet.

Edwin Kwan: WordPress administrators are being targeted by a fake security advisory email campaign to install a malicious plugin on their websites. According to security researchers, the attackers sent deceptive emails to website administrators pretending to be from WordPress.

Katy Craig: A recent revelation has come to light about governments using smartphone apps' push notifications to surveil users. US Senator Ron Wyden warned that unidentified governments are demanding push notification data from Google and Apple. This news raises significant privacy concerns, highlighting the often overlooked implications of push notifications.

Mark Miller: With the headline grabbing news of Sam Altman and the mess at OpenAI a couple of weeks ago, what's gotten lost in the media is that OpenAI's ChatGPT isn't the only game in town. There are dozens of other AI chat engines that can provide you with something more specific to your needs than a general AI model that tries to be the best of everything.

The stories we’re covering today.

Marcel Brown: December 6, 1994. Apple sues the San Francisco Canyon Company, alleging they helped Intel and Microsoft steal code developed under contract for QuickTime for Windows. Apple was threatening Microsoft with a multi-billion dollar lawsuit that was famously settled by Steve Jobs and Bill Gates in 1997. This settlement is now believed to have helped Apple survive long enough to transform themselves in the 2000s, ushering in the mobile device revolution and the new world of technology.

Edwin Kwan: WhatsApp has introduced a new secret code feature, allowing users to add an extra layer of security to their locked chats by setting a custom password. The process of locking chats has been streamlined, utilizing a long-press action for simplicity. WhatsApp aims to enhance privacy and protect sensitive conversations, making it harder for unauthorized access.

Hillary Coover:  In a world where password updates are about as popular as Monday mornings, the recent 23andMe security breach is here to remind us that a little humor won't save our data, but strong password hygiene will. Password 123 is just not going to cut it anymore.

Katy Craig: Big news in AI: IBM and Meta, with over 50 others, including AMD, Intel, and Harvard, have launched the AI Alliance. It's a global coalition challenging the closed AI systems of leaders like OpenAI and Google. The Alliance promotes open innovation and open science in AI, offering an alternative to private AI models.

The stories we’re covering today.

Mark Miller: December 5th, 1965. The first PhD dissertation in computer science is presented. Richard L Wexelblat was the first candidate in a computer science program to complete a dissertation. Wexelblat's diploma presented by the University of Pennsylvania, the home of ENIAC, was the first one to carry the designation, "Computer Science".

Ian Garrett: Enhancements to AI platforms have been incredible for the content generation market, as it is easier than ever to create realistic content with a fraction of the time it would have before. But, for every good use of a tool, there always is a malicious use as well.

Edwin Kwan: In a significant move, Queensland's parliament has approved a mandatory data breach notification scheme. The scheme is set to impact state agencies from mid 2025 and local governments from mid 2026.

Katy Craig: A new ransomware group named CACTUS recently surfaced, ranking in the top 10 for most monthly victims.  CACTUS represents a sophisticated and multi-faceted cybersecurity threat to large commercial organizations.

The stories we’re covering today.

Marcel Brown: December 3rd, 2001. Inventor Dean Kamen unveils the Segway self-balancing battery-powered vehicle on the TV show Good Morning America. The Segway uses computers and motors in its base to keep itself upright while the user is riding it. While the original Segway was not considered a commercial success, it definitely became a familiar icon of personal transportation.

Edwin Kwan: Security researchers revealed a vulnerability in Zoom that allowed the unauthorized access of service accounts. The vulnerability enabled hackers to claim a Zoom Room's service account, gaining invisible access to team chat, whiteboards, and other applications.

Hillary Coover: As we approach peak shopping season, it's crucial to consider measures to protect yourself from online fraud. One effective tool is the use of virtual credit cards. Here are a few frequently asked questions to get you all set up.

Katy Craig: Security researchers have unveiled "LogoFAIL," a set of vulnerabilities in the Unified Extensible Firmware Interface (UEFI), used by various firmware vendors. These flaws, found in firmware image-parsing libraries, pose a significant risk to a wide range of consumer and enterprise devices from major manufacturers.

The stories we’re covering today.

Marcel Brown: December 1st, 1996. America Online launches a new subscription plan offering their subscribers unlimited dial up internet access for $19.95 a month. Previously, AOL charged $9.95 a month for 5 hours of usage. The new plan brought in over 1 million new customers to AOL within weeks, and daily usage doubled among subscribers, to a whole 32 minutes per day.

Edwin Kwan: Apple has urgently released security updates to address two zero day vulnerabilities that were actively being exploited. These vulnerabilities impact iPhones, iPads, and Mac devices.

Katy Craig: CISA and the United Kingdom's National Cyber Security Centre jointly released guidelines for secure AI system development, developed in cooperation with 21 other agencies and ministries from across the world, including all members of the group of seven major industrial economies.

Trac Bannon: The CISA AI Roadmap is a comprehensive, whole of agency plan. They've aligned it with the U. S. National AI Strategy. The roadmap has lines of effort to promote the beneficial uses of AI, enhance cybersecurity capabilities, and improve protection of AI systems from cyber based threats. One specific example that I find particularly valuable is the emphasis on secure by design principles in AI adoption.

Olimpiu Pop: UK's Cyber Security Agency provided guidelines, and they invite you to act securely while developing your AI system. They mostly refer to general software development practices. Practices that the industry is trying to impose without much success for years now.

The stories we’re covering today.

Marcel Brown: November 30th, 2009. Book retailer Barnes Noble releases their first Nook eReader to compete with the highly successful Amazon Kindle, released two years earlier.

Edwin Kwan: Are we sharing too much on LinkedIn? Daniel Barbosa from WeLiveSecurity recently published an article on the potential risks associated with the wealth of personal information shared on LinkedIn, which is the world's largest professional social network.

Katy Craig: MITRE, a government-funded research organization, is leading an ambitious project to map the security vulnerabilities in artificial intelligence (AI) systems. Recognizing the critical nature of AI security, international cyber defense agencies have called for enhanced security practices throughout the AI system lifecycle.

Ian Garrett: Is investing in cybersecurity hot or not? It turns out it depends who you're asking, because there's a huge divide between the private and public markets.

The stories we’re covering today.

Marcel Brown:  November 29th, 1972. Atari introduces their first product, Pong, which would become the world's first commercially successful video game. Nolan Bushnell installed the game at Andy Capp's Tavern in Sunnyvale, California on this day. There were 10,000 machines installed within four months.

Edwin Kwan: In 2023, Australians suffered over $400 million in losses due to scams. The actual figure is believed to be much higher considering under reporting. Australian banks have yielded to pressure from consumer groups and pledged to enhance efforts against scams by implementing technology to block transfers to suspicious accounts.

Hillary Coover: As more and more cocaine is sneaking into Europe, big ports like Rotterdam and Antwerp are facing cybercrime aiding smuggling operations. In a shocking expose, the intricate web of criminal infiltration into Europe's major ports is revealed.

Katy Craig: Google's latest cybersecurity forecast presents a concise yet comprehensive look at the emerging cyber landscape for 2024. This report from Google underlines the urgent need for advanced AI-integrated cybersecurity measures to combat these evolving threats and safeguard digital ecosystems in 2024 and beyond.

The stories we’re covering today.

Marcel Brown: November 28, 1948. Just in time for the Christmas shopping season, 57 units of the first commercial instant camera, the Polaroid Land Camera Model 95, go on sale at the Jordan Marsh Department Store in Boston. Polaroid believed that 57 units would be enough to last through Christmas.

Edwin Kwan: Open Source Blender Project is being targeted by Distributed Denial of Service attacks resulting in site outages. The attacks have severely disrupted operations, making it difficult to process legitimate connection requests. Despite continuous efforts by the administrators, attempts to block attackers' IP ranges were unsuccessful.

Katy Craig: In a landmark collaboration, the United States and the United Kingdom have jointly issued comprehensive guidelines to strengthen the security and integrity of artificial intelligence, or AI, systems. This crucial document is directed at AI system providers, including those using both in-house and external models and APIs.

Ian Garrett: Microsoft has announced the deprecation of Defender Application Guard for Office and the Windows Security Isolation APIs. These tools were integral in securing Microsoft 365 apps by creating a secure sandbox for files from untrusted sources. Microsoft's decision to deprecate Defender Application Guard for Office has significant implications for organizations and IT professionals.

The stories we’re covering today.

Marcel Brown: November 27, 1995. Nearly six months to the day after Bill Gates sent his Internet Tidal Wave memo recognizing the importance of the Internet, and only three months after releasing version 1.0, Microsoft releases Internet Explorer 2.0 for Windows 95 and Windows NT 3.5.

Edwin Kwan: Three critical vulnerabilities have been reported to affect OwnCloud, exposing users to potential data breaches. One of these flaws, with a maximum severity score, exposes administrator passwords and mail server credentials.

Hillary Coover: Despite the widespread belief that private browsing can secure better prices during online shopping, it turns out that Incognito mode doesn't deliver on this promise. All private browsing modes do is erase your search history from the device and prevent the browser from using cookies to track your activity across sites.

Katy Craig: The Pentagon is racing against time and technology in its ambitious Replicator initiative, aiming to deploy thousands of AI-enabled autonomous vehicles by 2026. This strategic push is to keep pace with China's rapid advancements in military technology.  

The news of San Altman sacking by the OpenAI Board of Directors shook the world on Friday, November 17th. As events unfolded in the following hours and days, the world suffered collective whiplash. While many are asking why the board made that decision, more profound questions are being raised about the balance between innovative leadership and effective governance.

The sacking of Altman, coupled with the ChatGPT outage on November 21st, underscores the delicate equilibrium required in leading cutting edge technology organizations. The impact of such high level upheaval on an organization’s workforce can’t be overstated.

Morale, trust, and psychological safety matter. In the case of Sam Altman, the mix of political events and operational stability are sending additional shockwaves.

Right or wrong, Sam Altman is viewed as a bold visionary pushing the boundaries of AI technology while maintaining a strong ethical compass. His departure from OpenAI could change the company’s direction and shows the difficulty of balancing visionary leadership and governance.

It is no secret that Microsoft is the largest corporate investor in OpenAI, sinking over $10 billion and the use of their Azure cloud computing environment.  As the OpenAI drama plays out, Satya Nadella has been the steady hand on the rudder. His simple words speak volumes. Surprises are bad.

Consider that industry leaders have consistently warned us of the potential risk of AI on humanity. Elon Musk, Bill Gates, Ginni Rometty, Mark Zuckerberg, and the late Stephen Hawking.

Nadella immediately stepped in to voice his support for the work of OpenAI, regardless of the configuration… a reference to Microsoft’s offer to hire Altman, Greg Brockman, and 743 of OpenAI’s 770 workers to keep the technology and innovation moving forward, yet contained.

Should OpenAI’s Camelot be restored? No, the evidence is clear. The world’s most powerful technology needs a combination of innovation and governance.

Sam Altman is currently in discussions to return to OpenAI. Satya has voiced continuing support for OpenAI. The world should collectively hope for a future where AI is both innovative and responsibly governed, benefiting humanity wisely and ethically.

Something to noodle on.

Full episode available: https://505updates.com/2023-11-24-cybersecurity-and-open-source-headlines/ 🎙️ Free, ungated access to all 280+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates

The saga has significant implications for the broader AI industry. ChatGPT's release and OpenAI's innovative strides have triggered a surge in AI investment, with heavyweights like Microsoft investing substantially.

What do these events actually underline? Altman's departure underscores the schism in AI development philosophy.

On one side are proponents of rapid development and public deployment of AI, represented by Altman, argue that such an approach is essential for stress testing and perfecting the technology. On the other side are advocates of a more cautious approach favoring extensive development and testing in control environments, to ensure AI safety for public use.

Concerns over the uncontrollability of hyper intelligent AI software, have been a significant factor in this divide. This issue is particularly acute among tech workers following the effective altruism movement who prioritize benefits to humanity.

The question of how to balance commercial success with ethical and safe AI development has become increasingly pertinent.

Originally founded as a non profit to ensure ethical AI development, OpenAI's transformation into a for profit entity under Altman's tenure has been a contentious issue. This shift has raised concerns about profit motives potentially overshadowing the company's ethical charter, which aims to prevent harm to humanity or undue concentration of power.

More opinions and resources can be found on 505updates.com.

Olimpiu Pop, reported from Transylvania, Romania.

Full episode available: https://505updates.com/2023-11-24-cybersecurity-and-open-source-headlines/ 🎙️ Free, ungated access to all 280+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates

With all the brouhaha going on with Sam Altman and OpenAI, there's a lot to unpack and digest. A few things for all of us. When OpenAI, not yet a year ago, released its ChatGPT to the world, a fabulous capability if you ask me, it was pretty obvious at the time that they were chasing adoption and velocity as a brand new organization entering into the market.

I say that because most folks know that there's sort of a chase for go to market. When doing so, I don't know that anybody, maybe Sam Altman could have known, but I don't know that anybody would have predicted 100 million folks adopting ChatGPT as quickly as they did.

At the time, there was a clear understanding that resilience was sort of left behind, and the company knew about some of the errors associated with its technology and believed that it could fix it in time.

Along the way, we've also seen Microsoft throw in billions of dollars in investment and the world is actually at an awe. From my perspective, analyzing the win, lose, or draw of this situation, it's pretty clear to me that we're at a current place in time where everyone's at a draw.

What will happen to our beloved ChatGPT? How will that actually turn out in the end? And add a draw, who stands to win? Who stands to lose in this situation?

It's pretty clear that when Microsoft brought on billions of dollars of investment, and OpenAI moved to Azure to be able to support its technology, that the clear winner that's going to come out of this is going to be Microsoft in the end.

That means that who loses in this is going to be ultimately OpenAI, its workers, and it's customers. You know, yesterday, only yesterday, even just logging into ChatGPT, there was a huge outage, a spike, if you look at down detector. This tells me that resilience truly is the fuel of a durable company that underpins the technology that we all love and care about deeply.

So if you're out there and you're trying to figure out how you're going to deal with this, if your company is born on ChatGPT or OpenAI technology, it's really important to start thinking about how you're going to find a resilient, adoptable, high velocity technology with lower errors. And that ultimately, the ones that are out there right now, that are being born to compete with OpenAI, they probably have a little bit more time, as they well know.

This is Shannon Leitz, reporting on the Win, Lose, or Draw.

In an extraordinary twist fit for a Silicon Valley drama. OpenAI's boardroom coup against CEO Sam Altman not only failed, but spectacularly backfired, leading to a reshuffling of the board itself. The recent turmoil at OpenAI, a beacon in the AI industry, laid bare the complexities and power dynamics at play in the high stakes world of technological innovation.

The attempt to oust Altman, ostensibly for a lack of transparency, was more than just a disagreement over leadership style. It symbolized a deeper conflict about the direction and speed of AI development. Altman, known for his ambitious, even aggressive, push for rapid AI advancement, found himself at odds with a cautious board.

However, this move to sideline him inadvertently galvanized a workforce adamant about their leader's vision, leading to a near rebellion. This employee revolt, a clear indicator of Altman's influence and the high regard in which he is held, forced the board's hand. The result, a stunning reversal of fortune where the board not Altman faced the chopping block.

OpenAI's announcement of Altman's return, flanked by a restructured board, is not just a reinstatement of a CEO, it's a resounding endorsement of his approach to AI development. What's particularly intriguing is the role of Microsoft in this saga. The tech giant, a significant financial backer of OpenAI, briefly flirted with the idea of integrating Altman and co-founder, Greg Brockman into its fold.

However, as the crisis unfolded, it became clear that Microsoft's interests were best served with Altman at the helm of OpenAI, leading to its tacit support for the board's overhaul.

The swift resolution culminating in Altman's return underscores a pivotal shift in corporate governance within tech companies. It's a clear message that visionary leadership, often personified by figures like Altman, cannot be easily sidelined, especially when it resonates so strongly with employees and aligns with key stakeholders interests.

As OpenAI charts its course under Altman's renewed leadership, with a board more aligned with his vision, one thing is clear. In the high octane world of AI development, it's not just about the technology, but also about the people who drive it. Altman's return is a testament to his leadership and a cautionary tale for boards that underestimate the power of visionary CEOs and the teams they inspire.

This is Katy Craig, stay safe out there. 

Full episode available: https://505updates.com/2023-11-24-cybersecurity-and-open-source-headlines/ 🎙️ Free, ungated access to all 280+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates

Marcel Brown

November 25, 2002. Digital media software company, Roxio, purchases the assets of the former Napster, including name, logo, domain name, technology portfolio, and other intellectual property. Roxio was the first company to attempt to use the Napster brand for a music service, renaming PressPlay as Napster 2.0.

Edwin Kwan

 The Australian government  has shelved plans to ban ransomware payments to cybercriminal groups for at least two years. The government had put the question to the industry in a consultation on whether it should prohibit the payments of ransoms, extortion demands by cybercriminals by victims of cybercrime and or insurers. And if so, under what circumstances?

Trac Bannon

 The news of San Altman sacking by the OpenAI Board of Directors shook the world on Friday, November 17th. As events unfolded in the following hours and days, the world suffered collective whiplash. While many are asking why the board made that decision, more profound questions are being raised about the balance between innovative leadership and effective governance.

Katy Craig

The swift resolution culminating in Altman's return underscores a pivotal shift in corporate governance within tech companies. It's a clear message that visionary leadership, often personified by figures like Altman, cannot be easily sidelined, especially when it resonates so strongly with employees and aligns with key stakeholders interests.

Shannon Lietz

With all the brouhaha going on with Sam Altman and OpenAI, there's a lot to unpack and digest. When OpenAI, not yet a year ago, released its ChatGPT to the world it was pretty obvious at the time that they were chasing adoption and velocity as a brand new organization entering into the market. But I don't know that anybody would have predicted 100 million folks adopting ChatGPT as quickly as they did.

Olimpiu Pop

The recent turmoil at OpenAI, stemming from the ousting of CEO Sam Altman, has thrown the AI community into a state of intense discussion and speculation. We have a whole saga that looks more like a new season of HBO's Game of Thrones than a sane tech company that is crafting the future of humanity.

Mark Miller

From Sourced Network Productions in New York City, It's 5:05 on Friday, November 23rd, 2023. This is your host Mark Miller and its Point of View Friday, where today four of our contributing journalists, give us their take on the OpenAI and Sam Altman circus, which took over the headlines for four days.

Marcel Brown, St. Louis, Missouri

November 23rd, 2004. Blizzard Entertainment releases the massively multiplayer online role playing game, World of Warcraft. It quickly became the most popular MMORPG of all time. In the nearly 20 years since its release, World of Warcraft has had 9 major expansion packs, with 3 more expansion packs already planned for the future.

Edwin Kwan, Sydney, Australia

 The Australian government has released its revised cybersecurity strategy for its plan to become a world leader in cyber security by 2030. It seeks to make Australia a hard target for cyber attacks by undermining cybercrime business models and putting Australian businesses and consumers in a stronger position to prepare and respond effectively.

Olimpiu Pop, Transylvania, Romania

The average Java application uses 148 dependencies, with around 10 releases occurring annually. That means that the developer is not only to make the initial selection of those libraries, but to track an average of 1,500 dependency changes throughout the year. Combine this with the fact that almost 20% of all track projects no further qualify as maintained.

Ian Garret, Arlington, Virginia

Quishing, or QR code phishing, has seen a dramatic increase in 2023. This method involves encoding malicious links into QR codes, a technique that is proving both effective for attackers and challenging for defense systems. Let's talk about why it's on the rise, and what CISOs and security teams are doing about it.

The stories we’re covering today.

Marcel Brown: November 22, 2005. Microsoft releases the Xbox 360, the second generation of their popular game console. And on November 22, 2013, exactly 8 years later, Microsoft released the Xbox One, which makes absolutely no sense.

Edwin Kwan: Two third party service providers for the Canadian government have suffered breaches resulting in data in the last 24 years being potentially compromised. The servers that were impacted by the breach held data related to current and former Canadian government staff, members of the Canadian Armed Forces, and the Royal Canadian Mounted Police workers.

Olimpiu Pop: The software supply chain report was released last month. I read it. I covered it for the InfoQ and then I read parts of it again. There are some key points that still need to be spoken out. It's a before and after the pandemic story.

Hillary Coover; We're all familiar with ambulance chasing sales and marketing tactics, but this Cybersecurity Executive took things to a whole new level. In a shocking case, the Chief Operating Officer of an Atlanta based security company, Securalytics, took matters into his own hands by orchestrating cyberattacks on two local hospitals.

The stories we’re covering today.

Marcel Brown: November 21st, 1877. Thomas Edison announces his invention of the phonograph, a way to record and play back sound. As often happens with many great inventors, Edison stumbled upon this particular invention while working on a way to record telephone communication at his lab in Menlo Park, New Jersey.

Edwin Kwan: Security researchers have uncovered a malware campaign to steal sensitive information from Android smartphone users in India. Researchers say that the campaign is using social media platforms like WhatsApp and Telegram to lure users into installing a malicious app by impersonating legitimate organizations such as banks, government services, and utilities.

Katy Craig: In light of the recent SEC charges against SolarWinds' Chief Information Security Officer, or CISO, Timothy G. Brown, there's a compelling argument for holding company officers accountable for neglecting cybersecurity and failing to report known risks. The charges against Brown for not disclosing significant cybersecurity vulnerabilities before and during the 2020 SUNBURST cyberattack, underline a crucial point: CISOs, like CFOs, must prioritize transparency and honesty in reporting risks.

Ian Garrett: We can learn a lot about the state of the cybersecurity industry through the type of mergers and acquisitions, or M&A, that occur. 2023 has been a cautious yet significant year for mergers and acquisitions in the cybersecurity sector. Despite fears of a recession, rising interest rates, and conservative spending trends, the relentless pace of cyberattacks has maintained steady M&A activity.

The stories we’re covering today.

Marcel Brown: November 19th, 2006. Nintendo releases the Wii game console to compete with the Sony PlayStation 3 and Microsoft Xbox 360. By foregoing raw computing power for increased player interaction, utilizing the innovative motion-sensitive "Wiimote" controller, the Wii defied expectations and became the best selling 7th generation game console.

Edwin Kwan: Australia's first cybersecurity coordinator has been recalled to Defence after just four months into the role. The two-star general was working on delivering on the Home Affairs and Cybersecurity Minister's commitment to building a more coordinated approach to preparing for and managing the consequences of cybersecurity incidents.

Hillary Coover: A new breed of cybercrime has emerged targeting teen boys. Law enforcement and child protection experts describe a growing wave of online predators targeting teens through a sophisticated nude-photo scam. These new scammers focus mostly on monetary gain.

Katy Craig: The US Securities and Exchange Commission, SEC, has charged SolarWinds Corporation and its Chief Information Security Officer, Timothy G. Brown, with misleading investors about significant cybersecurity vulnerabilities. The SEC's complaint highlights instances where Brown and other employees were aware of, but failed to adequately address vulnerabilities in SolarWinds' systems.

The stories we’re covering today.

Marcel Brown: November 17th, 1970. Douglas Engelbart receives a U. S. patent for his XY Position Indicator for a display system, more commonly known as the computer mouse. Engelbart called his device a mouse because the cord looked like a tail.

Edwin Kwan: A popular WordPress plugin has been discovered to be vulnerable to a high-severity vulnerability. There are currently more than 600,000 websites that are using the vulnerable version and are potentially exposed to the vulnerability.

Katy Craig: As the European Union considers the way ahead for the AI Act, a critical question arises. Should the EU establish a dedicated office to oversee and manage it? The establishment of a dedicated office for AI regulation must find a balance between oversight and innovation, efficiency and flexibility, and harmonization and autonomy.

Shannon Lietz: The win on the AI Act is the fact that the EU is going to put some capability behind it. It's such a powerful forward motion for us in terms of the future of what we need for humanity. We've really got to start to establish some of the playing rules for how this becomes beneficial to everyone.

Olimpiu Pop: while a delay in the AI Act's implementation may allow for more thorough consideration and balancing of various interests, it also runs the risk of leaving the EU unprepared to address the rapid advancements and potential risks associated with powerful AI technology.

The stories we’re covering today.

Marcel Brown: November 16, 1982. Steve Jobs writes a letter to Macintosh Labs asking for the rights to use Macintosh as the brand name of Apple's still-in- development computer. Gordon Gao, president of Macintosh Labs, visited Apple headquarters for a product demonstration. However, Macintosh lawyers advised Gao to reject the request.

Edwin Kwan: DP World Australia suffered a cyber attack which disrupted its landside freight operations. The attack resulted in around 30,000 shipping containers not being moved and crowding of available storage spaces at the ports. 

Ian Garrett: It's no secret that there's a massive shortage in cybersecurity talent, and with any resource that's high in demand with low supply, there are people willing to pay top dollar. For top cybersecurity professionals, companies are now offering substantial packages.

Mark Miller: Hold on to your ass, developer, because you aren't a developer on the OpenAI platform. You're an idea generator for OpenAI's next iteration. This is Mark Miller sitting here shaking my head over what transpired last week at OpenAI's first developer conference.

The stories we’re covering today.

Marcel Brown: November 15, 1996. The first version of ICQ, the Internet's first popular instant messaging program, is released by four high school students from Israel. By the end of 1997, ICQ had more than 5 million users, and in mid-1998, AOL purchased the company for $407 million.

Edwin Kwan: Users of OpenAI's API, ChatGPT, and Dall-E services were experiencing intermittent outages. They would see messages from their queries saying that " something seems to have gone wrong or we're experiencing exceptionally high demand. Please hang tight as we work on scaling our systems."

Hillary Coover: As the festive season approaches, the thrill of holiday shopping is palpable, but so is the excitement for cybercriminals aiming to capitalize on the online shopping surge through scams and data theft. One rising concern demanding attention is the surge in credit card skimming, a threat likely to intensify in the coming weeks.

Katy Craig: The Citrix Bleed vulnerability has become the focal point of threat actors' attention, with active exploitation campaigns targeting government, technical, and legal organizations across the Americas, Europe, Africa, and the Asia Pacific region. The attackers employed a clever technique involving specially crafted HTTP GET requests.

The stories we’re covering today.

Marcel Brown: November 14, 1971. NASA's Mariner 9 reaches the planet Mars and becomes the first man-made object to orbit another planet.

Edwin Kwan: Signal has started testing the use of account usernames to allow users to keep their phone numbers private. Users would be able to turn off phone number discovery in their privacy settings and only allow the username to be the primary way others can contact them.

Hillary Coover: Could deception technology be the ultimate strategy for staying ahead of cyber threats? A CSO opinion piece is quickly circulating and predicts that a convergence of IT and cybersecurity trends will make deception technology more accessible by the end of 2025.

Ian Garrett: The cybersecurity domain is experiencing a significant paradigm shift. Traditional perimeter defenses like firewalls are making way for a more identity-centric approach. As we move forward, identity will no longer be a siloed discipline, but an integrated, interconnected aspect of cybersecurity infrastructure.

The stories we’re covering today.

Marcel Brown: November 12, 2000. Bill Gates demonstrates a functional prototype of a tablet PC. Microsoft claims the Tablet PC will represent the next major evolution in PC design and functionality. However, the Tablet PC initiative never really takes off, and it isn't until Apple introduced the iPad in 2010 that tablet computing is widely adopted.

Edwin Kwan: Marina Bay Sands in Singapore has disclosed that they suffered a data breach impacting 665,000 customers. It became aware of the security incident on 20th October, 2023, which involved unauthorized third-party access on the 19th and 20th of October.

Hillary Coover: Boeing's recent cybersecurity breach reveal vulnerabilities in the aerospace industry? Boeing revealed on Friday that data from its systems was compromised by a malicious ransomware attacker.  

Katy Craig: Malaysian police have taken down the notorious Phishing-as-a-Service provider, BulletProftLink, and apprehended eight suspects, including the platform's main administrator.

The stories we’re covering today.

Val Cole: November 10th, 1983. In 1983, which was 25 years before I was born, Microsoft announced version 1. 0 of Windows. It was the first graphical user interface for IBM compatible PCs.

Edwin Kwan: WhatsApp is rolling out a privacy feature that allows users to keep their location private. However, there is a potential trade off. The phone quality might be reduced due to the connection relay via the WhatsApp servers.

Hillary Coover: We know many innovators are working to find ways to determine an image's authenticity with detection technology. What if there's another way? What if users held the power to determine image authenticity through content credentials?

Olimpiu Pop: Based on estimates from the State of the Software Supply Chain, 96 percent of the running software is open source, and where there are high percentages, there is also government. And government regulates. Given the legislative changes around the globe, does that mean that open source is preparing to enter a new era?

The stories we’re covering today.

Marcel Brown: November 9, 1922. Albert Einstein is named the winner of the 1922 nobel Prize for Physics for his explanation of the photoelectric effect. The Nobel Committee passed on several nominations for his many other seminal contributions, although these led to prizes for others who later applied more advanced technology to experimentally verify Einstein's work.

Edwin Kwan: Security researchers have discovered modified versions of the Instant Messaging app being promoted and on website advertising on Telegram. Those versions contains suspicious components, such as a service and broadcast receiver, which cannot be found on the original WhatsApp client.

Katy Craig: In the run up to the 2024 U. S. presidential election and key global elections, Russia, Iran, and China are expected to intensify their interference efforts, according to a Microsoft Threat Analysis report. Russia, in particular, is viewed as the most committed and capable threat to the upcoming U. S. election.  

Ian Garrett: Artificial intelligence is reshaping the dynamics of cybersecurity, offering both opportunities and challenges. The survey by Axonius, conducted among IT and security decision makers, reveals that 76 percent of organizations are increasing their spending on AI and machine learning compared to the previous year.

The stories we’re covering today.

Marcel Brown: November 8, 1895. German physics professor Wilhelm Röntgen stumbles upon what he would later describe as "X-rays" while experimenting with electrical discharge tubes. Curious as to what was causing a faint green glow on a nearby fluorescent screen, Röntgen began systematically studying the unknown rays and published the first paper on the phenomenon less than two months later.

Edwin Kwan: Google Play Store has rolled out a new badge to highlight apps that have been independently security reviewed. Google has emphasized that the security validation process only checks if a developer has prioritized security and privacy practices, it does not imply that the validated app is free of vulnerabilities

Katy Craig:  In recent years, Chinese state-sponsored cyber operations have transformed into a more mature and coordinated threat. They now focus on exploiting vulnerabilities in public-facing security and network appliances, both known and zero-day. Chinese cyber-enabled economic espionage has evolved towards a more targeted approach, supporting specific strategic and geopolitical goals, such as the Belt and Road Initiative.

Olimpiu Pop: BigCode is an initiative from HuggingFace to provide open-source, state-of-the-art models for code generation. StarCoder is one of the stars, maybe the brightest. It was the outcome of refined training with Python tokens of StarCoderBase.

The stories we’re covering today.

Edwin Kwan: Okta has suffered yet another data breach, this one affecting their employees' personal information.

Ian Garrett: How has ransomware impacted zero-trust adoption? With the rising threat of ransomware attacks, organizations have turned to the adoption of zero-trust and network segmentation strategies to counter these threats

Olimpiu Pop: Even though there was always the choice, open-source versus closed-source, now, again, the world is at a turning point. Will you embrace open or closed?

The stories we’re covering today.

Marcel Brown: November 5th, 2007. Google introduces the Android platform, it's mobile operating system for cell phones based on a modified version of the Linux operating system. The first Android-based phone would ship in September of 2008.

Edwin Kwan: The Canadian government has announced a ban on the use of WeChat and Kaspersky's apps on government-issued mobile devices. The Canadian government banned TikTok in February 2023 and is now adding Tencent's WeChat and Kaspersky to the list.

Mark Miller: Leave it to the North Korean nation state to release KandyKorn malware in time for the holiday season, starting with the Day of the Dead. On October 31st, Elastic Security Lab documented a malware infection that exposed an attempt by the DPRK to infect crypto exchange platforms through their blockchain engineers.

Hillary Coover: The debate over the cost of privacy in the face of corporate surveillance is intensifying, as Meta introduces a subscription model allowing users to opt out of behavioral advertising. While Meta argues it aligns with regulatory requirements, critics see it as extortion and an attempt to maintain the status quo, potentially leading to further legal battles. What would you pay for privacy?

The stories we’re covering today.

Marcel Brown: November 3rd, 1957. The Soviet Union launches Sputnik the second spacecraft launched into Earth orbit and the first spacecraft to carry a living creature into orbit. Laika, the Siberian Husky dog, unfortunately only survived a few hours into the flight and died from stress and overheating.

Edwin Kwan: Who should bear the cost of invoice scam? The victim, the company the money was meant to be sent to, or the bank? A couple tried to purchase a Mercedes-Benz from a dealership, but transferred the money to hackers due to an invoice scam. Mercedes-Benz is claiming that the invoice scam was due to the customer's email being compromised.

Olimpiu Pop :DORA Metrics became part of the silver bullets arsenal of the software industry. Follow the key metrics and all is well, right? Follow deployment frequency, time to restore the service, lead time for a change, and change failure rate and you're all set. Not really. It's much more than that.

Shannon Lietz: This year, what I saw that was most remarkable in the report was the AI section. There's some interesting insights to glean from that section of the report. In particular, what folks are thinking about in terms of AI contributions. Top three was quite insightful if you ask me. Analyzing data, writing code clocks or data functions, and analyzing security.

Nathen Harvey: Back in January of 2023, AI was certainly hot, but how do we assess its impact on things like software delivery performance and organizational performance. This was a thing that we as researchers really struggled with. So we asked this question... " for the primary application or service that you work on, how important is the role of AI in contributing to each of the following tasks?"

The stories we’re covering today.

Marcel Brown: November 2nd, 1988. Robert Morris of Cornell University launches a self-replicating worm as part of a research project designed to determine the size of the early internet. Due to a programming error, the "Morris Worm" began repeatedly infecting machines, clogging network traffic, and causing machines to crash.

Edwin Kwan: The US Securities and Exchange Commission has announced charges against SolarWinds Corporation and its CISO, its Chief Information Security Officer, for fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities.

Hillary Coover: A coalition of 40 countries, led by the United States, is committing to never pay ransoms to cybercriminals again. This initiative, known as the International Counter Ransomware Initiative, ICRI, is a response to the increase of ransomware attacks on a global scale with the United States accounting for 46% of such incidents.

Ian Garrett: A recent study from the International Information Systems Security Certification Consortium, the nonprofit member organization for cybersecurity professionals, highlights that the workforce shortage in the cybersecurity industry has reached an all-time high of nearly 4 million people.

The stories we’re covering today.

Marcel Brown: November 1st, 1963. The largest radio telescope ever constructed, the Arecibo Observatory opened in Puerto Rico. It would be used for many major discoveries including the first direct imaging of an asteroid.

Hillary Coover: The cybersecurity landscape is experiencing a paradoxical challenge as cyberattacks continue to rise while budgets decrease and companies implement layoffs. A recent survey reveals that nearly half of cybersecurity professionals have seen their teams face spending cuts and personnel reductions in the past year, intensifying the pressure on these teams.

Edwin Kwan: A malware that was initially thought to be a crypto miner has been discovered to be a sophisticated spy platform. The malware has infected over a million Windows and Linux systems.

Mark Miller: On Monday, the Security and Exchange Commission filed suit against SolarWinds and their CISO, Tim Brown, for fraud and internal controls failure. You remember the old Gomer Pyle episodes, right? "Surprise, surprise!" That's kind of what I feel like right now. SolarWinds lied. Imagine that.

The stories we’re covering today.

Marcel Brown: October 31st, 2000. Russia launches Soyuz TM-31 carrying the first crew to the International Space Station. Between the 2011 retirement of the space shuttle and the 2020 demo flight of SpaceX Crew Dragon, the Soyuz served as the only means to ferry crew to or from the International Space Station.

Edwin Kwan: Casio has suffered a data breach that has affected over 120,000 customers in 149 countries. Casio said that the cause of the breach was due to some of the network settings in the development environment being disabled due to system operational error.

Hillary Coover: US and Customs Enforcement Agency, ICE, is employing an AI powered tool known as Giant Oak Search Technology to scan social media posts for content that it deems derogatory to the United States. This revelation, first brought to light by 404 Media, has really ruffled some feathers.

Ian Garrett: This is the second part of our exploration into software supply chain attacks. We'll explore dependency confusion, stolen SSL and code-signing certificates, the targeting of developers CI/CD infrastructure, and the use of social engineering to drop malicious code.  

The stories we’re covering today.

 Mark Miller: October 29, 1969. UCLA student Charley Kline attempts to transmit the text, "login", to a computer at the Stanford Research Institute. After the letters L and O are sent, the system crashes, making the first message ever sent on the internet "lo".

Edwin Kwan: Since the Israel-Hamas war, there's been numerous crypto donation scam sites appearing online. Scammers have been capitalizing on the horrific events of the Israel-Hamas conflict by pretending to be legitimate charities and collecting donations.

Hillary Coover: LinkedIn is currently testing the use of generative AI to address cybersecurity queries from its employees and external suppliers. Response times with the chatbot averaged just five seconds compared to the approximately 15 minutes that it took when handled by a human.

Mark Miller: News continues to trickle out about the Akira Ransomware Group breach of the Stanford University Department of Public Safety. This morning, Bitdefender reported that the University is being pressured to pay a ransom of an undisclosed amount in order to stop the leak of 430 gigabytes of private information and confidential documents.

The stories we’re covering today.

Marcel Brown: October 28th, 1998. US president Bill Clinton signs into law the Digital Millennium Copyright Act, or DMCA. The law is intended to criminalize production and dissemination of technology designed to circumvent digital copyright protection, known as Digital Rights Management, or DRM.

Edwin Kwan: Security researchers discovered critical misconfiguration flaws in the implementation of the Open Authorization or OAuth standard by three popular websites. The flaw would have allowed attackers to take over user accounts and could lead to identity theft, financial fraud, access to credit cards, and other cybercriminal activity.

Katy Craig: Recently, Google services and Cloud customers found themselves in the crosshairs of a novel and formidable distributed denial of service, or DDoS, attack, peaking in August, with one assault clocking a staggering 398 million requests per second.

Olimpiu Pop: HTTP/2 was the first major revamp of the HTTP protocol in ages. It brought significant performance improvements enabled by stream multiplexing. This enables the simultaneous transmission of multiple request and response messages over a single connection without interference between streams.

Shannon Lietz: I would like to see the industry be a little bit more actionable about what's happening, because you had to parse this one out to really understand it. I came to the realization of is, if you do have companies that you work with, or vendors that you work with, and they're getting told right away, all of a sudden they have a CVE they have to go deal with, it is going to set a whole bunch of things behind.

The stories we’re covering today.

Marcel brown: October 26th, 1861. Only two days after the Transcontinental Telegraph line opened, the Pony Express ceases operation. Prior to the opening of the cross-country telegraph line, the Pony Express was the fastest way to send communication between St. Joseph, Missouri and San Francisco, California.

Edwin Kwan: 1Password has confirmed that it was attacked by cybercriminals using session information that was stolen in the recent Okta breach. 1Password is a popular password management platform used by over 100,000 businesses.

Katy Craig: A new variant of the notorious Mirai malware is making headlines. This time, it's going after millions of Android TV set-top boxes used by people for media streaming.

Ian Garrett: You've likely heard of supply chain attacks, but did you know there are different types of supply chain attacks? This is a two-part series where I cover the different type of attacks.

The stories we’re covering today.

Marcel Brown: October 25th, 2001. Microsoft releases the operating system Windows XP, the successor to both Windows 2000 and Windows ME.

Edwin Kwan: Super SA, a dedicated superannuation fund for state government employees in South Australia, suffered a data breach. The data loss was through a third-party call center, which Super SA had previously contracted.

Hillary Coover: Is your child's online safety at risk? I've asked this before in the context of privacy, but today we're talking about the health risks and implications of Instagram on young minds.

Mark Miller: On October 10, 2023, Grant Bourzikas disclosed the finding of a massive DDoS attack of over 201 million requests per second. According to the CVE report, the HTTP/2 protocol "allows a denial of service because request cancellation can reset many streams quickly as exploited in the wild in August through October, 2023."

The stories we’re covering today.

Marcel Brown: October 24th, 1861. Western Union completes the first transcontinental telegraph line across the United States. Not coincidentally, two days later, the Pony Express shut down operations.

Edwin Kwan: Okta recently announced that their support case management system suffered a breach and sensitive customer data was stolen. Okta said that all affected customers have been notified, and that if you had not been contacted, then there is no impact to your Okta environment or support tickets.

Katy Craig: Cisco's recent disclosure of a critical zero-day vulnerability in its Web UI reveals a concerning situation. Cybersecurity firm, Censys, has confirmed that over 40,000 hosts have been infected, with more than a quarter of them located in the United States.

Ian Garrett: Generative AI is reshaping the phishing landscape, making attacks more sophisticated. Most security leaders are ill-prepared to protect against AI-generated email attacks. The majority still rely on cloud email providers or legacy tools for email security, with 53% using secure email gateways.

The stories we’re covering today.

Marcel Brown: October 23, 2001. Using the slogan, 1, 000 songs in your pocket, Steve Jobs introduces the original iPod, featuring a 5GB hard drive, FireWire connectivity, and synchronization to iTunes.

Edwin Kwan: Attackers are using cybersecurity best practices against users, prompting them to download malicious browser updates. The attackers start by compromising a legitimate but vulnerable website.

Hillary Coover: A Dutch consumer-rights group, SDBN, has initiated a class-action lawsuit against Amazon for allegedly violating the European Union's privacy law by tracking website visitors without their consent using tracking cookies.

Katy Craig: Quantum computing holds immense promise in fields like chemistry, materials science, and AI. Yet there's a flip side to this advancement. Deep-pocketed nations like China and Russia, equipped with the scientific expertise and resources, could be making secret strides in quantum computing.

The stories we’re covering today.

Marcel Brown: October 21st, 1879. Thomas Edison perfects the first commercially practical incandescent light bulb using a filament of carbonized cotton thread. Edison's successful design came only after he had tested over 6, 000 different vegetable fibers.

Edwin Kwan: Security researchers have discovered that IT administrators are using weak passwords to protect access to portals, providing easy access to attackers to enterprise networks. An analysis of over 1.8 million administrator accounts found that over 40, 000 were using the password "admin".

Hillary Coover: X's Community Notes, originally designed to crowdsource fact-checking and combat disinformation, is facing scrutiny because of the vulnerabilities and ineffectiveness uncovered in a WIRED investigation. This investigation revealed that the tool may be manipulated by external groups and lacks transparency

Olimpiu Pop: There is a lot of noise around open source. Legislation, growing cyber threats, weaponizing open source, and others. Should we put a lid on it? That's something the HashiCorp CEO thinks. In August, the company changed the license to a closed sourced one, and last week, during the HashiConf, he underlined that the direction he took is a direction to success.

Shannon Lietz: The challenge that really came out of this is HashiCorp has had a pretty rocket fueled life, if you will. They've looked out and realized that they've put Terraform out there for a very long time. Any company who creates something has the right to fork and end their investment. All they're saying is we're no longer going to invest in the constant creation of this open source software.

The stories we’re covering today.

Marcel Brown: October 19th, 1979. According to Dan Bricklin, one of the co-creators of VisiCalc, the first "real" release of VisiCalc was completed and packaged for shipment. VisiCalc was the first commercially available spreadsheet software and quickly became the first killer app of the personal computer market.

Edwin Kwan: Malicious version of the Israeli incoming airstrike warning app has been found distributed over the internet. The fake site serving the malicious software was created on October 12th, 2023 and provided download options for both iOS and Android versions.

Hillary Coover: In light of recent warnings from intelligence agencies, we have to consider our own readiness to face insider threats. The MI5 head's statements regarding over 20,000 covert online approaches by Chinese spies in the UK should serve as a sobering reminder of the evolving landscape.

Ian Garrett: Security budgets can be tricky to manage, and often hidden costs can erode these budgets. Understanding these hidden expenses, negotiating for fair pricing, and aligning security strategies with business priorities can help optimize budgets.

The stories we’re covering today.

Marcel Brown: October 18th, 1985. Nintendo releases the Nintendo Entertainment System in New York and limited other North American markets. An immediate hit, Nintendo released the system nationwide in February of 1986.

Julie Chatman: I'm Julie Chatman in Washington DC with a special message for cyber warriors, especially network defenders. The U. S. National Security Agency and the Cybersecurity and Infrastructure Security Agency have unveiled the Top 10 Cybersecurity Misconfigurations that attackers are hoping to find in your organization's network and what you can do about them.

Hillary Coover: Ever wonder how satellite imagery data contribute to safeguarding both geopolitics and cybersecurity? This resource really amplifies their capacity to anticipate and address physical security challenges that directly influence cybersecurity.

Edwin Kwan: Attackers are actively exploiting a zero-day vulnerability in Cisco devices to gain full administrative privileges and take complete control of the device remotely. Attackers have been exploiting this vulnerability since 18th September and over 10,000 devices have been hacked.

The stories we’re covering today.

Marcel Brown: October 17, 1990. Colin Needham, an English movie fan, launches the "rec.arts.movies movie database," which would later be known as the Internet Movie Database, or IMDb. An engineer working for HP at the time, by 1996, Needham quit his job to work on IMDb full-time.

Edwin Kwan: Equifax has been fined £11 million by Britain's financial watchdog for the 2017 cybersecurity breach. The British Financial Conduct Authority, or FCA, said that the cyber attack and unauthorized access to UK consumer data was entirely preventable.

 Mark Miller: The Broken Access Control Vulnerability in the Confluence Data Center and Server has been getting a lot of attention. This is a Level 10 vulnerability, the highest warning available. There is evidence that this is a nation-state attack, actively exploiting the vulnerability.

Ian Garrett: Everyone hates hidden costs, and it's only worse when you're already on a shoestring budget. As CISOs navigate a landscape of complex pricing structures, overlapping services, and other traps, there are more than enough hidden costs that constrain precious cybersecurity budgets.

The stories we’re covering today.

Marcel Brown: October 16th, 1959. Control Data Corporation releases their CDC 1604 computer, the world's fastest computer at the time, and the first commercially successful fully-transistorized computer. The 1604 was CDC's first computer, primarily designed by engineer Seymour Cray.

Mark Miller: All the "recommendations" are saying use strong passwords, train your people, update your software, yadda, yadda, yadda, same ol', same ol'. That's not working- it never has. I'm not arguing against good practices like this, but when the shit hits the fan, what you REALLY want is a good backup.

Hillary Coover: The technology ingrained in our smartphones and computers designed for displaying advertisements, inadvertently serves as a conduit for surveillance. A recent report from the US intelligence community emphasized that consumer technologies expose sensitive information about everyone, often without their awareness or ability to prevent it.

Edwin Kwan: The Attorney General said that recent high-profile data breaches have demonstrated that disclosure of personal information has the potential to result in serious harm to individuals, which is why they are establishing the scheme so that there are clear, consistent requirements to notify individuals of data breaches of Queensland government agencies. 

The stories we're covering today.

Marcel Brown:  October 13th, 1983. Ameritech Mobile Communications executive, Bob Barnett, makes a phone call from a car parked near Soldier Field in Chicago, officially launching the first cellular network in the United States.

Edwin Kwan: Patches have been released for two security vulnerabilities affecting the Curl data transfer library, one of which could potentially result in code execution.

Katy Craig: OpenAI, a leading AI startup, is considering venturing into the development of its own AI chips. The reverse integration move aims to reduce dependency on GPU-based hardware, which has been strained by the generative AI boom.

Shannon Lietz: This essentially means that we're going to see AI be the beginning of the reunification of hardware and software. And ultimately, where I see cybersecurity getting built in is going to be in these mega players.

Olimpiu Pop: An analysis considers that they would need $ 48 billion worth in GPU chips and another $16 billion per year in maintenance costs. That's quite a pile of money, even for a company with a sack of gold. For this reason, also for the shortage of the GPU chips, OpenAI considers building their own.

The stories we’re covering today.

Marcel Brown: October 12th, 1988. Hailed by Steve Jobs as a computer five years ahead of its time, NeXT Incorporated introduces their NeXT computer. While not a significant commercial success, the NeXT computer and the technology developed for it have a long and storied history.

Edwin Kwan: Thousands of WordPress websites have been compromised by attackers exploiting a vulnerability in a popular plugin. A fixed version of the plugin has been released and users are urged to update to version 4.2 or later, immediately.

Ian Garrett: Does hearing the term "zero-trust" make you roll your eyes? More organizations are taking zero-trust from a buzzword to reality as the traditional castle-in-moat approach to security is becoming obsolete. Let's cover some practical recommendations for implementing a zero-trust cybersecurity framework.

 Mark Miller: AvosLocker, the Ransomware as a Service (RaaS) group, continues to get the attention of CISA and the FBI. Yesterday, October 11, the March 2023 joint advisory on AvosLocker was updated with the latest warnings.

The stories we’re covering today.

Marcel Brown: October 11, 1887. Dorr Eugene Felt is granted the second of two patents on his comptometer, the first practical and commercially successful key-driven, mechanical calculator. Various comptometers were in continuous production from 1887 to the mid 1970s.

Edwin Kwan: A popular D-Link WiFi range extender device is susceptible to remote command injection, and there is currently no fix available. The researchers reached out to D-Link to report the flaw in May 2023, but despite multiple follow ups, did not receive any replies.

Katy Craig:  Google is taking a significant step towards enhancing online security by making 'passkeys' the default login method on its platforms. Passkeys are digital credentials stored on a user's device, eliminating the need to remember passwords and offering a more secure alternative.

Hillary Coover: Can the FDA keep pace with the rapidly evolving world of AI in healthcare? As developers incorporate more advanced AI systems with human-like outputs, debates around FDA regulation are going to intensify.

The stories we’re covering today:

Marcel Brown: October 10th, 1980. Namco officially transfers rights to Midway for distribution of the games Pac-Man and Rally-X in North America. While the exact date that Pac-Man started shipping to arcades in North America is currently unknown, most sources cite October of 1980.

Edwin Kwan: A new Linux vulnerability, known as the Looney Tunables, impacts most Linux distributions and allows attackers to gain administrative root privileges.

Katy Craig:  In the midst of ongoing clashes between Hamas and the Israel Defense Forces, hacktivist groups have entered the digital battleground.  Cybersecurity experts warn of the growing involvement of threat actor groups in digital attacks on government websites and IT systems.

Ian Garrett: Is this the beginning of the end of passwords as we know them? Google has made the move to make passkeys the default sign-in option for personal Google accounts, simplifying the login process and enhancing security.

The stories we’re covering today.

Marcel Brown: October 8th, 1992. The video game Mortal Kombat is released into arcades. Now one of the most popular fighting game series in history, the original Mortal Kombat became well known for its graphic display of blood and deadly finishing moves known as Fatalities.

Edwin Kwan: Security researchers have disclosed multiple critical vulnerabilities in the TorchServe tool that could be chained together to achieve remote code execution on affected systems.

Hillary Coover: Could TikTok's recent personnel shifts from Beijing to the United States be a threat to security of US data? And is the popular app truly independent from its Chinese parent company, ByteDance?

Katy Craig: In a concerning shift, ransomware attacks have taken a sinister turn, with a significant rise in human-operated ransomware incidents, according to Microsoft's annual digital defense report.

The stories we're covering today.

Marcel Brown:  October 6th, 1942. Chester Carlson is issued a patent on a process called electrophotography, now commonly known as photocopying. It was not until 1946 that a company had any interest in pursuing photocopying commercially.

Edwin Kwan: A malicious component in the npm package registry has been found to be deploying an open-source rootkit. This incident is a reminder that developers need to take caution when installing open-source components.

Trac Bannon: Sonatype has released the 9th Annual State of Supply Chain Report. One of the most important evolutions is the emphasis on security during software creation.

Olimpiu Pop: Sonatype published the 9th edition of their already-traditional state of the software supply chain report. There is a high need of continuously monitoring the state of the libraries that we are using in our projects. According to the report, 18.6% of the open-source projects are not maintained anymore.

Katy Craig: OpenSSF is to software, what a health inspector is to restaurants. And guess what? They’ve got scorecards. Good scores here don’t just get you bragging rights. They predict fewer vulnerabilities, so your software is not just rocking it, it’s also locking it down.

The stories we're covering today.

Marcel Brown: October 5th, 1991. At just 21 years old, Linus Torvalds releases the first publicly available version of the Linux kernel, version 0.2, weighing in at just over 10,000 lines of code when first released. As of 2020, the Linux kernel was nearly 30 million lines of code.

Edwin Kwan:  Security researchers have spotted evidence of mass exploitation of vulnerabilities in Progress Software's WS_FTP server file-sharing platform. The server file-sharing platform has a maximum severity remote code execution vulnerability, which attackers can exploit using a simple HTTP request.

Katy Craig: There's a new app called Permission Slip by CR that empowers you to take control of your personal information. With Permission Slip, you can swipe through a list of companies that may possess your data, and with a simple tap, request them to delete your account or halt the sale of your information.

Did you know that over 50 million people are affected worldwide by modern human trafficking? Have you ever considered the fact that the very technology cybersecurity and open-source professionals use day in and day out could be used to help combat such evil?

Mark Miller:  October 4th, 1968. The new issue of Science Magazine contains a Hewlett Packard ad for its new HP9100A. The ad boasted the dynamic functionality of this new device called both a personal computer. and a programmable calculator.  

Edwin Kwan: A popular library for rendering images in the WebP format has a critical vulnerability that is under active exploitation. The vulnerability is with the LibWebP library and it suffers from a heap buffer overflow, which allows a remote attacker to perform an out-of-bounds memory write.

Katy Craig:  Google is secretly altering billions of queries every day, all with one goal in mind: to lead you into purchasing more products and services.

Hillary Coover: We're all familiar with the "She-cession," but were you aware that the cybersecurity industry lost 40 percent of its female workforce in that time? That, along with many other jaw-dropping insights, came out of this week's gathering of hundreds of women in cybersecurity.

From Sourced Network Productions in Washington, DC, it's 5:05. I'm Hillary Coover. Today is Monday, October 4th, 2023. Here's the full story behind today's cyber security and open-source headlines.

Marcel Brown:  October 3rd, 1950. AT&T Bell Laboratories researchers John Bardeen, Walter Brattain, and William Shockley receive a U. S. patent for their invention of the transistor, which they had successfully demonstrated two years earlier.

Edwin Kwan: BingChat was first introduced in February this year. However, incorporating ads into the platform has opened the doors to threat actors who have been purchasing advertisement to distribute malware.

Ian Garrett: Under the new SEC regulations, publicly traded companies will be required to disclose cybersecurity incidents within four days, including details about the incident’s nature, scope, timing, and its impact.

Katy Craig: Malicious ads within Microsoft Bing’s AI chatbot are spreading malware. Threat actors insert ads in various ways, like when a user hovers over a link, triggering an ad before displaying the organic result.

Today is Tuesday, October 3rd, 2023. From Sourced to Network Productions in New York City, It’s 5:05. I’m Mark Miller. To start today’s updates, Edwin Kwan and Katy Craig talk about a flaw in the Microsoft Bing ChatBot platform that allows adversaries to place malware inside of advertisements.

Marcel Brown:  October 1st, 1982. The first commercial compact disc player, the Sony CDP-101, goes on sale in Japan. At a list price of 168,000 yen, this would have been approximately 730 US dollars. It was later introduced worldwide in March of 1983.

Edwin Kwan: A fake Bitwarden password manager lookalike site is distributing malware to unsuspecting visitors. The Bitwarden password manager has increased in popularity lately and with a growing user base, the software and its users are becoming a popular target for cybercriminals. 

Katy Craig:  Is your privacy at risk?  Intelligence agencies are diving headfirst into the world of open-source data and it's stirring up some serious concerns. 

Hillary Coover: Can artificial intelligence rig elections? The sooner we anticipate and prepare for these challenges, the better equipped we'll be to safeguard the integrity of elections worldwide.

From Sourced Network Productions in Washington, DC, it's 5:05. I'm Hillary Coover. Today is Monday, October 2nd, 2023. Here's the full story behind today's cyber security and open-source headlines.

Marcel Brown:  September 28th, 1997. Just a little over two weeks after naming Steve Jobs interim CEO, Apple launches their Think Different ad campaign. “Here’s to the Crazy Ones, the misfits, the rebels, the troublemakers, the round pegs in the square holes. Because the people who are crazy enough to think they can change the world, are the ones who do.”

Edwin Kwan: Security researchers have discovered a campaign where attackers were attempting to sneak code into software projects by disguising them as changes made by GitHub Dependabot.

Trac Bannon:  CISA has published a comprehensive guide for planning and implementing effective security measures. Why does it matter that the security planning workbook comes from CISA? By CISA taking lead and making the workbook public, the techniques and guidance are accessible to any organization, regardless of size or resources.

Katy Craig: Prepare for security success with the Cybersecurity and Infrastructure Security Agency’s Security Planning Workbook. What’s unique about this workbook is its accessibility. You don’t need to be a security expert to use it effectively.

Olimpiu Pop: This month, the Cybersecurity and Infrastructure Security Agency published its security planning workbook for those who want to improve their security, regardless of the scope of their organization. The workbook will respond to questions like, ” How do you form a planning team? How do you assess risk? What should you consider when mitigating risk?”

Today is Friday, September 29th, 2023. From Sourced Network Productions in New York City, It’s 5:05. I’m Mark Miller sitting in for Hillary Coover, who will be back on Monday. Today’s episode includes our Friday Point of View segments with updates from Trac Bannon, Katy Craig, and Olimpiu Pop on CISA’s Security Planning Workbook. To start today’s updates, Edwin Kwan talks about a campaign where attackers were attempting to sneak code into software projects by disguising them as changes made by GitHub Dependabot.

Edwin Kwan:  ​ Attackers have been running a campaign this month using malicious open source packages to steal sensitive data from software developers. The attackers utilized typosquatting to trick developers into downloading the packages.

Katy Craig: In the wake of Russia’s invasion of Ukraine and the subsequent year and a half of conflict, the Pentagon is revising its perspective on the role of cyber operations in war. It’s become clear that cyber alone won’t yield immediate results. The Russia-Ukraine conflict revealed discrepancies between expectations and reality in terms of cyber disruptions and impacts.

Ian Garret: Web application and API attacks against the financial services sector increased by a staggering 65 percent in Q2 2023 compared with the same period from the previous year. This surge resulted in a total of 9 billion attacks within just 18 months, with banks being the primary target.

Hillary Coover: Addressing employees non compliance with cybersecurity rules is a pressing concern for most organizations. The threat of sanctions often fails to deter rule violations, primarily due to rationalizations that diminish the wrongness of these actions. To combat this, management can employ two key strategies.

Today is Thursday, September 28th, 2023. From sourced network productions in New York City, It’s 5:05. I’m Mark Miller sitting in for Hillary Coover. Today’s episode begins with Ian Garrett presenting highlights from the Akamai report examining the trends in the financial services industry.

Edwin Kwan: Researchers have published a paper demonstrating how a malicious website can exploit a vulnerability in the GPU to perform a cross origin attack, and get access to sensitive visual data displayed by other websites.

Katy Craig: SIn a pivotal move to fortify the security of U. S. election systems, the Information Technology  Information Sharing Analysis Center recently hosted the inaugural Election Security Research Forum. The focus was on systems encountered by voters at polling sites, from digital scanners to ballot marking devices.

Kadi McKean: Your phone and computer can be unwitting hosts to malicious software, all because you clicked on that enticing ad. How can we protect ourselves from this silent menace, when even the ads we encounter daily are potential vectors of intrusion?

Trac Bannon: Hello there. This is Trac Bannon reporting from Jersey City, New Jersey. Hey, today I'm here with Mike Vizard from Techstrong Group, and we are at the DevOps World Tour in Jersey City.

Bob Bannon:   This is Bob Bannon. We're here at DevOps World Tour in Jersey City, New Jersey, and I'm talking with Trac and Topo . I just wanted to know, what did you intend to get out of today?

This Day, September 26, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

September 26, 1996. IOmega kicked off a 17 stop Zip Across America promotional tour demonstrating their new mass storage device, the ZipDrive. Do you all remember those? It was a 3. 5 inch, 100 megabyte capacity disk.

Beware: Phishing Scam from Legitimate Booking Platforms

🇦🇺 Edwin Kwan - Sydney, Australia ↗

Phishing scams just got more sophisticated with scammers targeting hotel staff in order to phish their customers. They first make contact with the hotel staff under the guise of making a reservation.

Google Basic HTML Users Need to Find a New Home

🇺🇸 Ian Garrett, Arlington, Virginia ↗

There's another casualty in the war between security and usability. Google has started notifying Gmail users about the retirement of basic HTML view in January 2024. After this date, users will need modern web browsers to continue accessing Gmail.

Live From DevOps World Tour

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗

I'm reporting from Jersey City, New Jersey. I'm at the DevOps World Tour sponsored by CloudBees and dang, I'm excited. I'm getting to see old friends and meeting new. Our topics are including AI Augmented DevOps, Platform Engineering for App Modernization, SEI Quality of Service at Scale with CI Observability.

 From Sourced Network Productions in New York City, It's 5:05. I'm Executive Producer, Mark Miller. Today is Tuesday, September 26th, 2023. We're going to start off with something new Trac Bannon has been live at the CloudBees DevOps World Tour in Jersey City. She's recorded a couple segments with people that have been presenters at the conference itself. This is going to be a short, ongoing series over the next couple of days.

Today Trac is going to talk with Bill Bensing about governance engineering. Sit tight, this is kind of fun.

Malware Disguised as Fake Proof of Concept Exploit

🇦🇺 Edwin Kwan - Sydney, Australia ↗

Beware of what you download! A malicious actor has attempted to disguise a malware as a proof of concept exploit for the recently-released WinRAR vulnerability. 

iOS 17 Privacy Settings

🇺🇸 Katy Craig - San Diego, California ↗

With the release of iOS 17, there's a heads-up you need to know about. iOS 17 has a knack for reactivating sensitive location options you might have disabled. 

Balancing Conversational AI Advancements with Privacy Concerns

🇺🇸 Hillary Coover, Washington, DC ↗

Amazon has made some big improvements to its Alexa devices, making them even more conversational. However, these advances have sparked important concerns about our privacy. Is the convenience of conversational AI devices like Alexa truly worth the potential privacy violations and increased security risks they bring into our homes?

This Day, September 22-25, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

September 25th, 1973, Micro Computer Machines of Canada introduces their MCM 70 microcomputer at a programmer's user conference in Toronto. 

Pizza Hut Australia Suffers Data Breach

🇦🇺 Edwin Kwan - Sydney, Australia

 Pizza Hut Australia notified 193, 000 customers that the company had suffered a data breach. That information included full name, delivery address, delivery instructions, email address, phone number, mass credit card data, and encrypted passwords for online accounts.

DOD’s Replicator: Future of Autonomous Defense Systems

🇺🇸 Katy Craig - San Diego, California

Deputy Secretary of Defense Kathleen Hicks has just unveiled a vision called Replicator that's all about scale and efficiency. Replicator isn't just about mass-producing these systems, it's about creating a blueprint for future scalability.

Unmasking Election Security

🇺🇸 Hillary Coover, Washington, DC

US voting machine companies are collaborating with cybersecurity experts to conduct additional stress tests on their systems in preparation for the 2024 election and to counter misinformation. Three major voting equipment manufacturers allowed a group of verified cybersecurity researchers access to their software and hardware for nearly two days.

GoLang Flaw in go.mod directive

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania

Golang introduced a new cool feature called the go.mod directive in Go version 1.21.  Unfortunately, the bad guys can exploit this. too.  According to the 2021 Go Developer Survey, there are approximately 2. 7 million developers who use Golang. That's a pretty nice-sized attack surface.

The First Perfect Reproducible Toolchain Shadowed By Critical Vulnerabilities

🇷🇴 Olimpiu Pop, Transylvania, Romania

The libraries we use in our projects are used in their binary format. Yes, even open source ones. That means that the open part in the open source is not fully used, as the code is not inspected. Given the growing number of supply chain attacks, we need a solution for it. Reproducible builds will guarantee that what you have is actually what you wanted.

This Day in Tech History

🇺🇸 Marcel Brown - St. Louis, Missouri

September 21st, 2003. After 14 years in space, eight of those as the first man-made object orbiting Jupiter, the unmanned NASA spacecraft, Galileo, is sent into the atmosphere of the giant planet.

Australian Federal Government Introduces Digital Identity Legislation

🇦🇺 Edwin Kwan - Sydney, Australia

In an effort to reduce cybercrime, the Australian Federal Government has introduced digital identity legislation to Parliament. This will allow businesses to verify information about their customers without needing to collect information that would be useful to cybercriminals.

Beijing Thwarted by Digital Tripwire

🇺🇸 Katy Craig - San Diego, California

Imagine setting up a digital tripwire and then BAM! It catches a major hacking attempt in real-time. Well, that's exactly what happened at the U.S. State Department.  Two years ago, a sharp-eyed government IT analyst set up a custom warning system within the agency's network. This past June, that system alerted them to a Chinese-linked hack targeting their Microsoft email systems.

Gen Z's Battle with Online Scams

🇺🇸 Hillary Coover, Washington, DC

Gen Z, raised in the digital age, is surprisingly more vulnerable to online scams than their tech-unsavvy, Boomer grandparents. A Deloitte survey shows Gen Z members born from the late 1990s to the early 2010s are falling victim to phishing, identity theft, romance scams and cyber bullying at higher rates.

Marcel Brown: September 20th, 1989. Apple releases the Macintosh Portable Computer, Apple's first attempt at a laptop. That being said, at a weight of 16 pounds, the machine was hardly workable on your lap.

Edwin Kwan: Microsoft's AI research division has been leaking 38 terabytes worth of sensitive data for over three years. The leak started back in July 2020 and was due to a Microsoft employee inadvertently sharing the URL for a misconfigured Azure blob storage bucket.

Katy Craig: Ireland's Data Protection Commission, or DPC, found a glaring security flaw in TikTok's Family Pairing feature. This feature was supposed to let adults chat with kids they're related to. Now what could go wrong here?

Mark Miller: When a hospital or a health care system is hit with a breach, there are life and death consequences to consider. The people who perpetuate these breaches are concerned about nothing more than money, not the families affected. It puts the healthcare provider in an untenable situation.

t's Wednesday, September 20th, 2023, and here are your cybersecurity and open source headlines for the day.

♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value

Segments in this Episode

Australia to Create Six Cyber Shields as part of Cyber Strategy

🇦🇺 Edwin Kwan, Sydney, Australia ↗

As part of a coordinated national action plan, the Australian Government will release a revised Cybersecurity Strategy later this year around six cyber shields.

Cyber Adversaries Place their Bets Against the House

🇺🇸 Mark Miller - White Rock, New Mexico↗

MGM Resorts and Caesar's aren't bragging about their losses right now. According to numerous reports, a major hack against the casinos was started with a social engineering scheme against an outsourced IT support vendor on September 11. Now that this type of hack has been proven to work, it's only a matter of time before the next set of casino attacks roll a big fat 7 against the house.

Cyber War Crimes

🇺🇸 Katy Craig, San Diego, California ↗

 The International Criminal Court, or ICC, is stepping into the digital age and setting its sights on cybercrimes that breach international law.  In a world where the battlefield is as likely to be a server farm as a desert, the ICC is saying enough is enough.

TikTok Tracks US Employees

🇺🇸 Hillary Coover, Washington, DC ↗

 Is TikTok's office attendance tracking a glimpse into the future of workplace surveillance? TikTok, owned by Chinese company ByteDance, unveiled an internal app called MyRTO.

This Day, September 19, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

September 19th, 2006. Microsoft began testing its new video sharing service, Soapbox, which they hoped would compete with YouTube. Clearly, it did not compete very well because, personally, I had never heard of Soapbox, and probably neither did you.

Segments in this Episode

Auckland's Transport System Hit by Ransomware Attack

🇦🇺 Edwin Kwan, Sydney, Australia ↗

The Auckland Transport Authority in New Zealand has suffered a cybersecurity incident that is impacting services relating to ticketing.

Deep Fakes: A Real Threat

🇺🇸 Katy Craig, San Diego, California ↗

Ever wonder if seeing is really believing? Well, in the age of deepfakes, you might want to think twice. Today we're diving into a fresh advisory from the NSA, CISA, and the FBI that's a must-read for any organization.

TikTok Fine

🇺🇸 Hillary Coover, Washington, DC ↗

Ever wonder if seeing is really believing? Well, in the age of deepfakes, you might want to think twice. Today we're diving into a fresh advisory from the NSA, CISA, and the FBI that's a must-read for any organization.

This Day, September 17, 18, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

September 17th, 1976. NASA rolls out the first space shuttle, Enterprise, from its assembly facility to a waiting crowd. Included in the crowd was a delegation of actors from the Star Trek TV series.

Marcel Brown:  This Day in Tech History

September 16th, 1997. Twelve years to the day after resigning from Apple, Steve Jobs is named interim CEO of Apple. Only seven months earlier, Jobs' company Next was purchased by Apple. Much of the technology acquired with the purchase was used to build the Mac OS X operating system.

Edwin Kwan: Fake Telegram Apps Infect Thousands with Spyware

Spyware masquerading as Telegram applications have been spotted in the Google Play Store and have been downloaded over 60,000 times. According to security researchers, the app appears visually identical to the official Telegram application.

Trac Bannon: Secure by Design: Fortifying AI

We can and should apply CISA's Secure-by-Design and -Default guidance to the sexy trifecta: AI, ML, and Generative AI. Applying the CISA Secure-by-Design guidance presents many considerations and challenges.

Olimpiu Pop: Transparency, Accountability, Responsibility for AI Models

Artificial intelligence, though not always understood, holds enchanting promise to reshape everything. Medicine with faster, more accurate diagnostics, and even our leisure time with Netflix's suggestions and Nest's intuitive thermostats.

This Day, September 14, in Tech History

🇺🇸 Marcel Brown - St. Louis, Missouri

 September 14th, 2000. Microsoft launches Windows Millennium, otherwise known as Windows ME, or as Microsoft wanted you to pronounce it, Windows Me. Windows ME would be known for its many problems and is a footnote in history as Windows XP was released just over a year later.

Aussie Feds Mandate Entities Have Dedicated CISO

🇦🇺 Edwin Kwan - Sydney, Australia ↗

The Australian federal government is now mandating that non -corporate Commonwealth entities appoint a CISO to be responsible for cybersecurity leadership in the entity. The CISO role is expected to complement that of the existing CSO, and in some cases, the same officer may be appointed to both roles.

DoD's 2023 Cyber Playbook

🇺🇸 Katy Craig - San Diego, California

The Department of Defense just released an unclassified summary of its 2023 Cyber Strategy, and it's a must-know for anyone interested in national security and cyber defense. This strategy isn't just a bunch of buzzwords; it's grounded in real-world experience.

UFOs Seen Flying over New Mexico

🇺🇸 Mark Miller - White Rock, New Mexico

This Day, September 13, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri

 September 13th, 1959. The Soviet space probe, Luna 2, becomes the first man-made object to impact any celestial object. In this case, the Moon.

Cyber Security Tune Up for Festival Goers

🇦🇺 Edwin Kwan, Sydney, Australia

In an effort to promote cybersecurity, staff and students from three universities and across three states attended an annual Australian music festival to run daily cybersecurity tune-ups for festival-goers.

TEMU App: A Trojan Horse in Your Palm

🇺🇸 Katy Craig, San Diego, California

Temu, a shopping app that's been downloaded over 100 million times in the US and Europe, is under serious scrutiny for some shady business practices. This app poses a significant risk to consumers. If you've got it on your phone, it might be time for a digital detox.

Diversity Trends Emerge in Growing Cybersecurity Workforce

🇺🇸 Hillary Coover, Washington, DC

Diversity is gaining ground in the cybersecurity sector and there is now a wealth of data resources available. Despite this positive shift, there's still a need to attract and retain more minority workers in the industry.

Segments in this Episode

Wyze Suffers Broken Access Control

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Users reported on Reddit on Friday that when they log into Wyze's web viewer, their web feeds disappeared and they had access to other people's camera feeds instead. The company revealed that they had been aware of a security vulnerability for three years. 

It's Not Just A Vehicle; It's A Data Mine on Wheels

🇺🇸 Kadi McKean, Alexandria, Virginia ↗

In the ever-evolving landscape of digital privacy, one product category stands out as a poster child for disregard: cars. Cars have officially earned the problematic honor of being the worst reviewed product category in terms of privacy.

Introducing the Small Business Cyber Resiliency Act

🇺🇸 Katy Craig, San Diego, California ↗

U.S. Senator Jim Risch, along with bipartisan support, has introduced the Small Business Cyber Resiliency Act. If passed, this legislation could be a significant step forward in protecting the often vulnerable small business sector from cyber threats.

How Will Elon Musk's X Reshape the Digital Landscape?

🇺🇸 Hillary Coover, Washington, DC ↗

Elon Musk's company, X, formerly Twitter, is tightening its grip on data scraping by updating its Terms of Service. Starting on September 29th, X will ban all data scraping and crawling activities without "prior written consent."

This Day, September 12, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

September 12th, 1962. In a speech given at Rice University, President John F. Kennedy gives his famous "We choose to go to the Moon" speech, in which he uttered the famous phrase " I believe that this nation should commit itself to achieving the goal, before this decade is out, of landing a man on the moon and returning him safely to earth." It took just under 7 years before man set foot on the Moon in July of 1969.

Segments in this Episode

Australian Companies Suffers Data Breach Due to Third Party Compromise

🇦🇺 Edwin Kwan, Sydney, Australia ↗

A notorious ransomware gang has compromised a number of Australian companies and are extorting them. They have claimed responsibility over attacks of several Australian companies in the health, real estate, and law sectors, and have stolen at least 4.95 terabytes of data.

Can You Trust That Picture?

🇺🇸 Katy Craig, San Diego, California ↗

Google Cloud and Vertex AI are rolling out SynthID, a groundbreaking tool designed to watermark and identify AI-generated images. As the landscape of AI-generated content expands, tools like SynthID are becoming crucial in the fight for digital authenticity. 

Is Your Phone Listening To You

🇺🇸 Hillary Coover, Washington, DC ↗

40 percent of Americans who have a smartphone believe that their phone is listening to them without their permission. They're not entirely wrong. Why should you care? The more identifiable data corporations collect on you, the larger your susceptibility to a cybersecurity incident.

This Day, September 10, 11 in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

From Sourced Network Productions in Washington, DC, it's 5:05. I'm hillary Coover. Today is Monday, September 11th, 2023. Here's the full story behind today's cybersecurity and open-source headlines.

Identity Theft Victim Targeted While On Holidays

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Australian couple returns from holiday to discover their bank accounts were drained, shares sold, and 20 new credit and debit cards created under their names. This incident highlighted several issues, including the ability for cybercriminals to open online accounts without the bank verifying the person behind those accounts.

There may be something lurking in your Apple Wallet

🇺🇸 Julie Chatman, Washington, DC ↗

There may be something lurking in your Apple Wallet. Users are urged to update their devices now. Apple has confirmed that if you have a job, which makes you a target, you can place your phone in Lockdown mode to block this attack.

Microsoft signing key exposed in crash dump

🇺🇸 Katy Craig, San Diego, California ↗

A consumer signing key was exposed in a crash dump in April 2021 and later exploited by a China-based threat group, Storm0558. The exposure of the consumer signing key occurred due to what Microsoft describes as a "race condition," which allowed the key to be present in the crash dump.

Wiretaps on Wheels

🇺🇸 Hillary Coover, Washington, DC ↗

Is your modern car spying on you? Discover the shocking truth about the "wiretaps on wheels" and how your data privacy may be at risk.

This Day, September 7, 8, and 9 in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

 ​September 8, 2003. The Recording Industry Association of America, RIAA, sues 261 people for sharing music on internet peer-to-peer networks, including 12-year-old Brianna LaHara.

Today's Cybersecurity and Open Source Headlines

Edwin Kwan: Australian Data Breach Notifications

The Office of the Australian Information Commissioner, OAIC, has just released a report of data breach notifications made between January to June, 2023. The top sectors to notify of data breaches were health service providers, financial services and recruitment agencies.

Ian Garrett: Most Attacked and Most Vulnerable Cyber Assets

Armis, a security company, conducted a study focused on cyber assets with the highest number of attack attempts and weaponized common vulnerabilities and exposures, or CVEs. The most vulnerable assets are among the Internet of Medical Things, or IoMT, and the most targeted among Operational Technology, or OT assets.

Katy Craig: How to Comply with SEC’s New Cyber Disclosure Rules

The US Securities and Exchange Commission’s new cyber incident disclosure rules have recently come into effect. Although the specific requirement will not be enforced until December, experts recommend that companies begin preparations immediately

Hillary Coover: Can TikTok Truly Safeguard your Privacy?

Curious about how TikTok is handling your data and whether it’s safe from prying eyes? TikTok’s recent move to open its first European data center, along with third-party security audits, aims to ease concerns. But the real question is, will these steps truly safeguard your privacy?

Full episode plus two hundred more: https://bit.ly/505-updates.

Segments in this Episode

Website on Children's Snack Compromised and Serving Porn

🇦🇺 Edwin Kwan, Sydney, Australia ↗

A UK supermarket chain is recalling four types of children's snacks as the website published on the packaging has been compromised. Usually when a supermarket recalls a food item, it's due to an issue with the food content. In this instance, the recall is due to the website listed on the packaging.

GenAIVulnerability

🇺🇸 Hillary Coover, Washington, DC ↗

Concerned about the security of your conversations with AI chatbots? Discover how a hidden threat called 'prompt injection' could be compromising your privacy and data safety. 

Microsoft’s August Patch Tuesday addresses 73 CVEs

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗

Microsoft recently rolled out its August Patch Tuesday updates, and it's crucial for everyone, from individual users to large organizations, to pay attention. Microsoft addressed a staggering total of 73 Common Vulnerabilities and Exposures (CVEs).

High-alert Vulnerability in Ivanti MobileIron Sentry

🇺🇸 Katy Craig, San Diego, California ↗

 Today we're talking about a high-alert vulnerability in Ivanti MobileIron Sentry, versions 9.18.0 and below. If you're using one of these vulnerable versions of Ivanti MobileIron Sentry, you're essentially handing over the keys to the kingdom.

Critical Vulnerability in Zyxel Routers

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

Do you have a router in your house that is connected to the internet? Yes, those have firmware too. Firmware that more often than not, we forget to update. Who would hack you? The number of regular folks attacked is growing and proof to this is the vulnerability affecting Zyxel routers.

This Day, September 6, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

September 6th, 2001. Microsoft announces that consumers can pre-order Windows XP. Windows XP would remain Microsoft's flagship operating system for over five years until the release of Windows Vista in January of 2007.

Segments in this Episode

WordPress Migration Add-on Vulnerable to Sensitive Information Disclosure

🇦🇺 Edwin Kwan, Sydney, Australia ↗

A WordPress migration plugin contains add-ons that suffer from a vulnerability that could result in sensitive information disclosure. The free plugin is not affected by the vulnerability. It is the premium extensions that are affected.

Social Engineering to Bypass Multi-factor Authentication

🇺🇸 Ian Garrett, Arlington, Virginia ↗

​​Okta, an identity and access management company has issued a warning regarding a new social engineering attack targeting IT service desks in the US.

Okta hack affects US customers

🇺🇸 Katy Craig, San Diego, California ↗

Today we're talking about Okta, the identity and access management company, which has been dealing with a series of targeted attacks. The attackers are going after the IT help desk of Okta's US-based customers. Even the gatekeepers need to double-check who's knocking.

This Day, September 3-5, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

4th, 1998. Larry Page and Sergey Brin filing corporation papers for Google in California. Filing on a Friday, the date of official incorporation would be marked as Monday, September 7th. Starting out as a privately held company, Google would hold their IPO about six years later, on August 19th, 2004. 

Segments in this Episode

University of Sydney Students Suffers Data Breach

🇦🇺 Edwin Kwan, Sydney, Australia ↗

The University of Sydney has suffered a third party data breach exposing students' personal information. The university said that the issue was isolated to a single platform and had no impact on other university systems. 

FBI takes down Qakbot

🇺🇸 Katy Craig, San Diego, California ↗

The FBI working with international partners has dismantled Qakbot a massive and disruptive botnet. QakBot was behind at least 40 ransomware attacks causing hundreds of millions in damages, and was running on over 700,000 endpoints worldwide, 200,000 of which were in the US.

First Year in Review

🇺🇸 Mark Miller, New York City↗

It is a holiday here in the United States. With many taking the day off, I'm going to take a couple minutes to evaluate where we've come in the first year of It's 5:05, and let you know where we're headed in the second year.

Segments in this Episode

Data Breach Victim Gets Fined In Court

🇦🇺 Edwin Kwan, Sydney, Australia ↗

 A data breach victim suffered additional emotional toll when she was charged by the courts and fined $1.2 million. The Australian victim had her information compromised in the Medibank data breach . The victim was served electronically with papers with charges for cybersquatting, trademark infringement, and IP infringement.

This Day, September 1, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

September 1st, 1977. Pioneer 11 becomes the first manmade object to fly by Saturn. After passing Saturn, Pioneer 11 continued on a trajectory towards the center of the Milky Way. The last contact with Pioneer 11 was in November of 1995.

CSF: Modernizing the NIST Cybersecurity Framework

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗

The new draft of the NIST Cybersecurity Framework, CSF, is exciting. Why? Because the working group is applying modern software practices and techniques. The software architect in me is overjoyed that the CSF 2.0 includes a few updates that align with modern software practices.

CSF: What’s cooking in the NIST kitchen?

🇺🇸 Katy Craig, San Diego, California ↗

The NIST Cybersecurity framework is getting a facelift and Version 2.0 is currently in draft form. So what's cooking in the NIST kitchen? Let's find out. First up, scope and intent.

CSF: Defining Profiles and Tiers

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

Organizations using CSF may choose to handle a risk in different ways. You can create current profiles for the status quo of your cybersecurity or a target profile to define the end goal. Community profiles for different industries can be used as inspiration.   

Malicious Word Documents Hiding As PDFs

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Japan's Computer Emergency Response Team, JPCERT, recently shared a newly-detected attack that bypasses detection by embedding malicious Word files in PDFs.

Is it time to nuke your Venmo account?

🇺🇸 Katy Craig, San Diego, California ↗

Have you ever said, "I'll Venmo you," and think nothing of it? Well, it's time to think again. Venmo isn't just for easy payments. It's a data goldmine. It's like leaving breadcrumbs that form a trail of your life- where you go, who you see, and when you see 'em. 

Part Three: 10 Tasks Slowing Down Security Professionals

🇺🇸 Ian Garrett, Arlington, Virginia ↗

Have you ever wondered what challenges security teams face due to budgetary and staffing constraints? Today is the last part of a three-part series where we explore the 10 common tasks that often bogged down cybersecurity professionals and discuss strategies employed by security leaders to overcome these hurdles.

Changes to NIST Cybersecurity Framework

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

NIST, the US National Institute of Standards and Technology, published the public draft of version 2.0 of their Cybersecurity Framework. It expanded from protecting just critical infrastructures like hospitals and power plants, to providing cybersecurity guidance for all organizations, regardless of type or size. 

This Day, August 31, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

August 31st, 1897. Thomas Edison receives a patent for the Kinetographic Camera, also called the Kinetograph. Edison and his assistant, W. K. L. Dickson, were credited with inventing the Kinetograph in the early 1890s, and it is often considered to be the first real motion picture camera. 

From Sourced Network Productions in Washington, DC, it's 5:05. I'm Hillary Coover. Today is Thursday, August 31st, 2023. Here's the full story behind today's cybersecurity and open source headlines.

Data Stealing Libraries Found in Rust Registry

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Early this month, malicious libraries were discovered in the RUST programming language 's crate registry. It is suspected that the libraries were discovered in the early stages of a campaign. It is unclear what the goal of the attackers were. 

Lazarus Group NK RATs

🇺🇸 Katy Craig, San Diego, California ↗

Let's talk CollectionRAT. This one is the new kid on the block, but don't underestimate it. It gathers data, reads and writes files, and even has its own tricks to avoid detection. This ain't no one trick pony. 

Spamouflage

🇺🇸 Hillary Coover, Washington, DC ↗

 Meta, the parent company of Facebook, has successfully dismantled a massive Chinese disinformation campaign known as Spamouflage. It was the largest cross-platform covert influence operation they've ever encountered. 

Adversaries say, "Show me the Money!"

🇺🇸 Mark Miller, New York City↗

One of the iconic scenes in Jerry McGuire is Cuba Gooding Jr. forcing Tom Cruise to scream, "Show me the money. Show me the money!" I was reminded of the scene as I was reading Hazel Burton's update on how Cisco Talos found clues of post authentication adversaries who left tracks that said, "show" me. Yeah, literally, "show" me. 

This Day, August 30, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

August 30th, 1963. A direct line of communication between the leaders of the US and the Soviet Union dubbed the Hotline, begins operation today. It was most famously represented as a red phone. 

From Sourced Network Production in New York city, it's 5 0 5. I'm Pokie Huang. Today's Wednesday, August 30th, 2023. Here's the full story behind today's cybersecurity and open source headlines. 

Risks of Public Wi-Fi

🇦🇺 Edwin Kwan, Sydney, Australia ↗

The convenience of public Wi-Fi may come at a price, with attackers trying to steal sensitive information using approaches like Man-In-The-Middle attacks, eavesdropping, using rogue hotspots, spoofing, session hijacking, malware distribution, and login page phishing.

Part Two: 10 Tasks Slowing Down Security Professionals

🇺🇸 Ian Garrett, Arlington, Virginia ↗

Have you ever wondered what challenges security teams face due to budgetary and staffing constraints? Today's part two of a three-part series where we explore the 10 common tasks that often bog down cybersecurity professionals and discuss strategies employed by security leaders to overcome these hurdles.

Response to Surging Healthcare Cyberattacks

🇺🇸 Hillary Coover, Washington, DC ↗

 Curious about how innovators can help shield the US healthcare system from cyber threats? The Biden-Harris Administration's Advanced Research Projects Agency for Health is rolling out the Digital Health Security (DIGIHEALS) project and providing essential funding.

The "Holy Grail" of on-device AI

🇺🇸 Katy Craig, San Diego, California ↗

Hold onto your smartphones because they're about to get a whole lot smarter. Imagine your phone not just correcting your typos, but also generating personalized solutions based on your data, like driving patterns, restaurant searches, and more. Qualcomm is set to introduce generative AI into its next-gen premium chips.

This Day, August 29, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

August 29th, 1831. English scientist, Michael Faraday, discovers electromagnetic induction. Electromagnetic induction is the primary principle behind electric motors and electric generators, two very important inventions that power and drive our electronic technology of today.

 From Sourced Network Productions in Washington, DC, it's 5:05. I'm Hillary Coover. Today is Tuesday, August 29th, 2023. Listen to the full story behind today's cybersecurity and open source headlines.

Financial Effects of Medibank Data Breach May Reach $80M

🇦🇺 Edwin Kwan, Sydney, Australia ↗

The 2022 data breach of Medibank is set to cost the health insurer $35 million in 2024. The data breach had cost them $46.4 million in the 2022 to 2023 financial year. They forecast that the total cost by next year could pass $80 million.

Poland Railway Disrupted by $30 Hack

🇺🇸 Hillary Coover, Washington, DC ↗

Could a $30 radio hack bring a nation's railway system to a standstill? Saboteurs disrupted Poland's railway system by using a basic "radio-stop" command that could be transmitted with inexpensive equipment- costing around $30.

Cloud Account Takeovers on the Rise

🇺🇸 Katy Craig, San Diego, California ↗

 Cloud account takeover incidents have witnessed a sharp rise in recent times, The past six months have seen an astonishing 100% surge in successful breaches. Paradoxically, despite the widespread adoption of MFA by organizations, instances of account takeovers have risen significantly. It's startling that nearly 35% of compromised users had MFA enabled.

This Day, August 27 and 28, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

August 27th, 2003. The city of Fairbanks, Alaska connected to what was at the time the world's largest battery backup. Designed to help prevent serious blackouts that plagued the city every two to three years, it was reported that in the first two years of operation, the battery system prevented at least 81 power failures.

-----------

 From Sourced Network Productions in Washington, DC., It's 5:05. I'm Hillary Coover. Today is Monday, August 28th, 2023. Here's the full story behind today's cybersecurity and open source headlines...

This Day, August 24, 25 and 26 in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

"I have always said if there ever came a day when I could no longer meet my duties and expectations as Apple's CEO, I would be the first to let you know. Unfortunately, that day has come." Steve Jobs, August 24th, 2011.

Smart Bulb Vulnerabilities Allow Homes to Be Hacked

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Researchers from universities in Italy and the UK have released a paper disclosing four vulnerabilities in a popular smart bulb . The vulnerabilities allow hackers to control other smart home devices and gain access to the wifi network.

There’s no way to stop LLM adversaries. None.

🇺🇸 Mark Miller, New York City↗

From the research paper, " Universal and Transferable Adversarial Attacks on Aligned Language Models", the research team at CMU describe how they created adversarial prompts for the public interfaces to ChatGPT, Bard, and Claude, as well as open source LLMs, such as LLaMA-2-Chat, Pythia, Falcon, and others.

Security Lapse Reveals Locations of Artworks

🇺🇸 Katy Craig, San Diego, California ↗

On a recent Wednesday evening, a university professor in western Germany prepared paintings for auction at Christie's . Using his iPhone, he snapped pictures of these artworks intending to upload them to Christie's website. As the images were uploaded, their GPS coordinates were unknowingly revealed to anyone who viewed them online.

Hillary Coover, Host of It's 5:05

From Sourced Network Productions in Washington, DC, it's 5:05. I'm Hillary Coover. Today is Friday, August 25th, 2023. Here's the full story behind today's cybersecurity and open source headlines.

HEADLINES FROM TODAY'S UPDATES

Marcel Brown: This Day in Tech History

 August 24th, 1993. Perhaps the most famous lawsuit in technology history is decided for Microsoft. Apple claimed that Microsoft's Windows violated their copyrights on the so-called visual displays of the Macintosh. The judge in the case ruled that most of the claims were covered by a 1985 licensing agreement.

Edwin Kwan: Australian Charities Suffer Data Breach

Thousands of donors to Australian charities have had their personal information stolen after a telemarketing company suffered a data breach. The stolen data has been published and includes full names, date of births, addresses, email addresses, and phone numbers.

Ian Garrett: Part One - 10 Tasks Slowing Down Security Professionals

Have you ever wondered what challenges security teams face due to budgetary and staffing constraints? Today is part one of a three part series where we explore the 10 common tasks that often bog down cybersecurity professionals and discuss strategies employed by security leaders to overcome these hurdles.

Katy Craig: Drama at Terraform...Just fork it!

After nearly nine years under the Mozilla public license MPL version 2.0, Terraform has transitioned to the business source license BSL version 1.1, a non-open source license. For dedicated supporters of open source principles, the business source license doesn't align well with their values.

Hillary Coover: Is YouTube Targeting Your Kids? Of course they are!

A recent report highlights concerns over YouTube's advertising practices on children's channels, potentially leading to the tracking of children's online activities. A Canadian bank's ad campaign illustrates how ads meant for adults ended up on a children's video resulting in viewers being tracked by various tech companies.

Mark Miller, Executive Producer

From Sourced Network Productions in New York City, It's 5:05. I'm Mark Miller, standing in this week for Hillary Coover. Today is Thursday, August 24th, 2023. Here's the full story behind today's cybersecurity and open source headlines...

Today's Headlines

Edwin Kwan: Remote Code Execution Vulnerability in Popular Windows Software

A popular Windows file archive and compression tool has a high-severity zero-day vulnerability that could allow attackers to gain control of your computer. A specially-crafted RAR file, when open, could give remote attackers the ability to conduct remote code execution on the target system.

Katy Craig: Binding Operational Directive 22-01

Today we dive into the realm of cybersecurity that unfolded some time ago. It’s with concern that we must address the actions of certain malicious actors who seek to exploit vulnerabilities in our digital infrastructure.

Olimpiu Pop: Remember Cold Fusion? So do Hackers

Not long ago Adobe disclosed three vulnerabilities, each of them with a various degree of criticality from high to very critical. The 120,000 small- to medium-sized organizations from the US that still use it might be more vulnerable than bigger companies with bigger paychecks.

Hillary Coover: Live Facial Recognition Facing Scrutiny in UK

Live Facial Recognition (LFR) technology is ” facing” scrutiny in the UK as police forces conduct trials. As facial recognition technology strides forward, so does the dialogue on its responsible integration.

Australian Critical Infrastructure Suffers Data Breach

🇦🇺 Edwin Kwan, Sydney, Australia ↗

AUDA might have suffered a data breach. The hackers claim to have access to 15 gigabytes of data, which includes powers of attorney and legal documents, passport information, personal data, medical records, loan repayment information, death certificates, and customer bank account details.

Mandiant: Generative AI is Biggest CyberThreat

🇺🇸 Katy Craig, San Diego, California ↗

Mandiant found that threat actors are eyeing AI and they're not just twiddling their thumbs. Social engineering cases might have seen the lowest AI usage, but when it comes to spreading disinformation using AI generated imagery and video, the game changes.

Goliath Ad Agency Exploits Data Dominance in Bid to Undermine California Privacy Bill

🇺🇸 Hillary Coover, Washington, DC ↗

The Interpublic Group, IPG, one of the world's largest advertising firms, is orchestrating a campaign to counter a California bill known as SB-362 or the Delete Act. Emails obtained by Politico reveal that IPG is actively coordinating efforts against the bill.

Amazon's Google Ad Dives into Microsoft Scam

🇺🇸 Ian Garrett, Arlington, Virginia ↗

A recent attack impersonates Amazon and Microsoft, while leveraging Google ads to scam unsuspecting users. Today's sneaky tactic and elaborate scheme acts as a legitimate looking Amazon ad in Google search results that takes an unexpected twist by leading unsuspecting users into a Microsoft support scam.

This Day, August 22, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

August 22nd, 1987. The Legend of Zelda is released for the NES in North America. Considered one of the most influential games of all time, it was the forerunner of the role-playing video game genre and spawned one of the most successful series in video game history.

From Sourced Network Productions in Washington, DC, it's 5:05. I'm Hillary Coover. Today is Monday, August 21st, 2023. Here's the full story behind today's cyber security and open source headlines 


Chrome to Get Quantum Resistant Encryption and Other Security Features

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Google has announced plans for three new security features in upcoming versions of the Chrome web browser. These three security features are expected to be available by mid-September 2023.

Google’s AI Life Coach

🇺🇸 Katy Craig, San Diego, California ↗

Picture this: AI, the latest tech darling, is now on a mission to guide you through life's twists and turns. The goal? To make AI not just smart, but also your trusted confidant and advisor.

Tech's Tightrope: Navigating Vulnerabilities Amid Rising China-US Tensions

🇺🇸 Hillary Coover, Washington, DC ↗

The growing tensions between US and China in the tech sector could expose vulnerabilities in the coming years. The recent executive order bans US investments in Chinese firms working on advanced semiconductors and quantum computers. 


This Day, August 21, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

August 21st, 1993. NASA loses contact with the Mars Observer spacecraft, three days before it was to enter into orbit around Mars. The reason for the loss of contact was never definitively determined, but the most probable cause was a rupture of a fuel tank. 


LinkedIn Account Takeover Campaign

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Security Research Company, Cyberint, has observed an ongoing and successful hacking campaign targeting LinkedIn accounts. This has resulted in victims being pressured into paying to regain control of their account or facing permanent deletion.

Can Amazon's palm-scanning tech unlock an entire universe of identity possibilities?

🇺🇸 Hillary Coover, Washington, DC ↗

Can Amazon's palm scanning tech unlock an entire universe of identity possibilities? By the end of this year, Amazon's biometric technology, known as Amazon One, will enable you to scan your palm at over 500 locations for payments and access.

This Day, August 18, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

August 19th, 2004. Google holds its Initial Public Offering, selling over 22 million shares at a starting price of $85. Google shares closed that day at $100.34, and the IPO created many instant millionaires and a few billionaires. 

From host Hillary Coover: It's 'Point of View Friday' where our team of journalists give us their take on one of the week's most important stories. Today, Trac Bannon, Olimpiu Pop and Katy Craig will explore Evaluating the Proposed Cyber Resilience Act, and how it could affect the open source community.



Cyber Resiliency Act: Impacts on Open Source

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗

The concept of crowdsourcing software development seems solid and altruistic at the surface. When open source is leveraged by for-profit corporations and commercial entities, who bears the burden for cyber resiliency?

Cyber Resiliency Act: Save Open Source!

🇺🇸 Katy Craig, San Diego, California ↗

The European Union is currently advancing the Cyber Resilience Act (CRA). As the Act advances, it's critical for the open source community to engage with policymakers to strike a balance between security measures and the principles that underpin open source collaboration.

Cyber Resiliency Act: Why You Should Care

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

Open source software is today's boiler waiting to explode. Why do we care? Because we understand that open source, it's so much more than some library for geeks to play in their free time. Because we understand that modern society relies on it, and part of most advancements are partly due to open source.

Cybercrime Forums Selling Personal Information of Hackers

🇦🇺 Edwin Kwan, Sydney, Australia ↗

 Info-stealing malware does not discriminate when stealing personal information. Hackers are humans too, and some of them fell prey and installed info-stealing malware.

Follow up to AI Red Team Hacking at Defcon

🇺🇸 Katy Craig, San Diego, California ↗

People are becoming increasingly worried about AI. A recent report from LLM-attacks.org shows that even super smart AIs from Google and OpenAI can mess up if you ask them the right leading questions.

Zero-day in File Transfer Software Leaves Health Data Exposed

🇺🇸 Ian Garrett, Arlington, Virginia ↗

That awkward moment when your data transfer solution is transferring a little too well... In this case, a zero-day in the file transfer software, MOVEit, allowed hackers to breach millions of records of sensitive health information.

LinkedIn Compromised with Account Takeover Campaign

🇺🇸 Mark Miller, New York City↗

Just when you thought it was safe to go back in the water... hackers using a Russian internet portal and email provider Rambler.ru are using brute force attacks to compromise LinkedIn accounts.

August 16, 2023, Episode #208 - Wednesday

How Leaky is your VPN?

🇦🇺 Edwin Kwan, Sydney, Australia ↗

https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf

https://github.com/vanhoefm/vpnleaks

https://www.theregister.com/2023/08/10/tunnelcrack_vpn/

Microsoft stops renewing licenses for Russian companies

🇺🇸 Hillary Coover, Washington, DC ↗

https://www.svoboda.org/a/microsoft-prekratit-prodlevatj-litsenzii-rossiyskim-kompaniyam/32543000.html

https://www.rferl.org/a/russia-microsoft-suspends-licenses/32543751.html

Fortinet Critical Flaw

🇺🇸 Katy Craig, San Diego, California ↗

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

https://nvd.nist.gov/vuln/detail/CVE-2018-13379#vulnCurrentDescriptionTitle

https://www.fortiguard.com/psirt/FG-IR-20-233

https://www.fortiguard.com/psirt/FG-IR-18-384

Trac Bannon: Break out of the Chains: Microsoft ProxyShell

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

https://nvd.nist.gov/vuln/detail/CVE-2021-34473

https://nvd.nist.gov/vuln/detail/CVE-2021-31207 

https://nvd.nist.gov/vuln/detail/CVE-2021-34523

Hackers Need Jira Too

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215a

https://nvd.nist.gov/vuln/detail/CVE-2022-26134

https://nvd.nist.gov/vuln/detail/CVE-2021-26084

This Day in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

http://thisdayintechhistory.com/08/16

Full episode available on your favorite podcast platform: /bit.ly/505-updates📌

Edwin Kwan: Popular Open Source Software Breaks Users' Trust

Popular open source software, Moq, has broken user trust by quietly making changes that collect user email addresses. The popular software has been downloaded over 476 million times.

🇦🇺 Edwin Kwan, Sydney, Australia ↗

https://www.bleepingcomputer.com/news/security/popular-open-source-project-moq-criticized-for-quietly-collecting-data/

https://www.bleepingcomputer.com/news/security/amazon-aws-distances-itself-from-moq-amid-data-collection-controversy/

Katy Craig: Goodbye Passwords

Soon passwords could be history. With passwordless tech, logging in will be safer and simple. Say goodbye to forgotten passwords, email phishing campaigns, and hello to a better online world.

🇺🇸 Katy Craig, San Diego, California ↗

https://www.axiad.com/newsroom/axiad-and-esg-survey-82-of-respondents-indicate-passwordless-authentication-is-a-top-five-priority/

https://www.csoonline.com/article/649083/10-passwordless-authentication-solutions.html

Ian Garrett: Rapid Growth in Attacks Against Identity-based Security

A recent report shows a rapid growth of identity-based security threats. Cyber criminals are evolving their tactics, making them harder to detect by gaining legitimate access to target systems.

🇺🇸 Ian Garrett, Arlington, Virginia ↗

https://www.csoonline.com/article/648894/identity-based-security-threats-are-growing-rapidly-report.html

Hillary Coover: DARPA Wants to Know What Role AI will Play in Cybersecurity

What role will AI play in cybersecurity? The Defense Advanced Research Projects Agency, DARPA, will award a cumulative $18.5 million in prizes to winning teams and will fund up to seven small businesses with up to $1 million each to compete.

🇺🇸 Hillary Coover, Washington, DC ↗

https://www.darpa.mil/news-events/2023-08-09

Full transcript and links to resources available at 505updates.com

Edwin Kwan: The LF Open Source Maintainers Report

🇦🇺 Edwin Kwan, Sydney, Australia ↗

https://www.linuxfoundation.org/research/open-source-maintainers

Linux Foundation research found that our technology infrastructure relies heavily on a few hundred open source projects. The maintainers of those projects bear a tremendous burden, as their projects are responsible for much of the global economy and disruptions to their project can cause massive problems and outages.

Katy Craig: Microsoft Discloses OT Vulnerabilities

🇺🇸 Katy Craig, San Diego, California ↗

https://www.microsoft.com/en-us/security/blog/2023/08/10/multiple-high-severity-vulnerabilities-in-codesys-v3-sdk-could-lead-to-rce-or-dos/

Germany-based industrial automation software provider, Codesys, faces a security crisis. Microsoft researchers have uncovered over a dozen vulnerabilities in its products that could lead to remote takeover or denial of service for millions of industrial control systems.

Hillary Coover: 4 Step Guidance for Using ChatGPT

🇺🇸 Hillary Coover, Washington, DC ↗

https://www.reuters.com/technology/chatgpt-fever-spreads-us-workplace-sounding-alarm-some-2023-08-11/

According to a recent Reuters poll, 28% of American workers claim to use ChatGPT regularly for work. Chatbot input data is similar to browser history data in that both are discoverable and, with the right datasets correlated, can be deanonymized.

Marcel Brown: This Day, August 13, 14, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

http://thisdayintechhistory.com/08/13

http://thisdayintechhistory.com/08/14

August 13th, 1993. The Super NES version brought Street Fighter II into the home and uh, college dorm rooms where certain people spent many hours smacking down their dorm mates. I still have this game, so if anyone is feeling saucy, the smack downs can resume at any time.

🇺🇸 Kadi McKean, Alexandria, Virginia ↗

Guest speaker: Paul Miller, Sr. Manager at VmWare Carbon Black

​​https://www.linkedin.com/in/paulm3319/

Veilid

Cult of the Dead Cow Launches Encryption Protocol Veilid

https://twitter.com/VeilidNetwork?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor 

Edwin Kwan: Company using Keystroke Logging to Measure Employee Productivity

🇦🇺 Edwin Kwan, Sydney, Australia ↗

https://www.itnews.com.au/news/iag-used-keystroke-logging-to-investigate-productivity-of-remote-worker-598692

http://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FWC/2023/1792.html

Olimpiu Pop: OWASP Releases Top 10 Threats LLM V1.0

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

https://owasp.org/www-project-top-10-for-large-language-model-applications/assets/PDF/OWASP-Top-10-for-LLMs-2023-slides-v1_0.pdf

Trac Bannon: Help is on the way: OWASP Releases Top 10 LLM Threats

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗

OWASP Top 10 for LLM

https://github.com/OWASP/www-project-top-10-for-large-language-model-applications/wiki 

OWASP Top 10 for Large Language Model Applications | OWASP Foundation

Official Release: The OWASP Top 10 for Large Language Model Applications v1.0

Katy Craig: OWASP 4 LLM

🇺🇸 Katy Craig, San Diego, California ↗

OWASP Top 10 for Large Language Model Applications | OWASP Foundation

Official Release: The OWASP Top 10 for Large Language Model Applications v1.0

Marcel Brown: This Day, August 11, 12 in Tech History

Kadi McKean: Veilid launch with Paul Miller at BlackHat 2023

🇺🇸 Kadi McKean, Alexandria, Virginia ↗

Guest speaker: Paul Miller, Sr. Manager at VmWare Carbon Black

​​https://www.linkedin.com/in/paulm3319/

Veilid

Cult of the Dead Cow Launches Encryption Protocol Veilid

https://twitter.com/VeilidNetwork?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor 

Edwin Kwan: Company using Keystroke Logging to Measure Employee Productivity

🇦🇺 Edwin Kwan, Sydney, Australia ↗

https://www.itnews.com.au/news/iag-used-keystroke-logging-to-investigate-productivity-of-remote-worker-598692

http://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FWC/2023/1792.html

Olimpiu Pop: OWASP Releases Top 10 Threats LLM V1.0

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

https://owasp.org/www-project-top-10-for-large-language-model-applications/assets/PDF/OWASP-Top-10-for-LLMs-2023-slides-v1_0.pdf

Trac Bannon: Help is on the way: OWASP Releases Top 10 LLM Threats

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗

OWASP Top 10 for LLM

https://github.com/OWASP/www-project-top-10-for-large-language-model-applications/wiki 

OWASP Top 10 for Large Language Model Applications | OWASP Foundation

Official Release: The OWASP Top 10 for Large Language Model Applications v1.0

Katy Craig: OWASP 4 LLM

🇺🇸 Katy Craig, San Diego, California ↗

OWASP Top 10 for Large Language Model Applications | OWASP Foundation

Official Release: The OWASP Top 10 for Large Language Model Applications v1.0

Marcel Brown: This Day, August 11, 12 in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

http://thisdayintechhistory.com/08/11

http://thisdayintechhistory.com/08/12

Today's Cybersecurity Briefing:

Marcel Brown:

August 10th, 1966. The first lunar orbiter, creatively named Lunar Orbiter I, is launched. Its primary mission is to photograph potential landing sites for future Apollo missions.

Edwin Kwan:

How are malicious apps getting past Google's Play Store's review process and their rigorous, potentially harmful application screening? Well, they're using a technique called versioning, which is sneaky and hard to detect.

Hillary Coover:

Amidst this year's conference, one of the most prominent and pressing topics under discussion continues to be the critical shortage of cybersecurity talent. While companies have introduced innovative recruitment techniques to broaden their cyber talent pools, the size of the pool remains constrained.

Ian Garrett:

Ransomware has had a glow up. As organizations have become increasingly resilient to traditional ransomware techniques, malicious actors have been exploiting more zero-day vulnerabilities and are also targeting the exfiltration of critical files, raising the stakes for victims and organizations alike.

Katy Craig:

Medical Secrets. Bank heist blueprints. Racial bias. What happens when red teams go after generative AI? A web of fabricated tales emerge. One even suggesting Justin Bieber's hand in Selena Gomez's grisly death. And for each transgression, a cause for celebration in this strange twist of artificial intelligence.

Hillary Coover:

From Sourced Network Productions, reporting from Las Vegas, Nevada at Black Hat, It's 5:05. I'm Hillary Coover. Today is Thursday, August 10th, 2023. Here's the full story behind today's cybersecurity and open source headlines

Edwin Kwan: Highly Accurate Acoustic Keylogger Attack

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Academic researchers from British universities have developed a deep learning side channel attack that can be used to steal data from keyboard strokes that are recorded using a microphone with an accuracy of up to 95%.

Trac Bannon: Top Vulnerabilities: Why don’t we learn?

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania

Cybersecurity agencies from around the world have co-authored an alert that is peppered with words like “routinely” and “frequently”. It’s interesting to note the distribution of vendors involved in the Top 12 routinely exploited CVEs and CWEs.

Katy Craig: Review of 2022 Vulnerabilities

🇺🇸 Katy Craig, San Diego, California

The world of cybercrime mirrors, the laws of nature; adapt or perish. The choice of targets heavily influence the selection of vulnerabilities. Cyber actors with precision akin to surgeons opt for vulnerabilities more rampant within the network landscape of their targets.

Olimpiu Pop: Vulnerabilities PoV - Log4j Still Dangerous Two Years Later

🇷🇴 Olimpiu Pop, Transylvania, Romania

According to Sonatype, around a third of the related downloads from Maven Center are vulnerable. The main reason this happens is due to the shaky software supply chain. The report provides a couple of advices on how to decrease the risk of supply chain attacks.

Marcel Brown: This Day, August 9 in Tech History

🇺🇸 Marcel Brown, St. Louis, MissouriAugust 9th, 1991. Astronauts aboard the Space Shuttle Atlantis, Mission STS43, use an Apple Macintosh portable computer to send what is considered the first email from space.

Edwin Kwan: Frequently Exploited Vulnerabilities in 2022

🇦🇺 Edwin Kwan, Sydney, Australia ↗

A number of cybersecurity agencies have co-authored a joint Cybersecurity Advisory (CSA) on frequently exploited vulnerabilities in 2022. The advisory provides details on CVEs routinely and frequently exploited by cyber criminals. 

Ian Garrett: North Korean Hackers Versus Russian Missile Makers

🇺🇸 Ian Garrett, Arlington, Virginia ↗

North Korean hackers and Russian missile makers sound like an excellent start to a movie. The North Korean Hacking Group known as ScarCruft has made headlines once again- this time for breaching the IT infrastructure and email server of a prominent Russian space rocket designer  and intercontinental ballistic missile engineering organization.

Katy Craig: Volt Typhoon creeps into Texas

🇺🇸 Katy Craig, San Diego, California ↗

Brace yourselves for a grave cybersecurity threat lurking right at our doorstep. A notorious Chinese advanced persistent threat known as Volt Typhoon, has plans to sabotage the utilities and communication systems powering US military bases. And they've got their eyes on Texas

Hillary Coover: Regulation China FR

🇺🇸 Hillary Coover, Washington, DC ↗

China responds to mounting privacy concerns by drafting stringent rules for facial recognition technology, demanding purpose, necessity, and consent in its use while curbing its application in sensitive spaces.

Edwin Kwan: Tax Refund Scams costing Australian Tax Office Over Half a Billion Dollars

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Cyber criminals have scammed the Australian Tax Office of more than half a billion dollars. They have done so by exploiting a weakness in the identification system used by the myGov online portal. The weakness allows them to redirect other people's tax refund to their own bank accounts.

Julie Chatman: Close that IDOR!

🇺🇸 Julie Chatman, Washington, DC ↗

Do you remember a major breach from 2019 involving 800 million financial files, including bank account statements and mortgage payment documents? It happened due to a specific security flaw known as Insecure Direct Object References, or IDORs.  

Katy Craig: FraudGPT

🇺🇸 Katy Craig, San Diego, California ↗

Recently spotted in various dark web marketplaces and telegram channels, FraudGPT is not to be taken lightly. If the experts are right, this AI-powered bot is exclusively designed for offensive purposes.  Think spear phishing emails, stealthy, malware creation, carding, and more. 

Hillary Coover: Building Social Resilience

🇺🇸 Hillary Coover, Washington, DC ↗

Amidst the rise of AI-powered disinformation and deep fakes, the world's upcoming elections in the US, UK, and India present a high-stakes battleground, where the fate of information integrity hangs in the balance.

Today is August 4th and it's our 200th episode at "It's 5:05". So we have something special planned. This is Executive Producer, Mark Miller. In addition to our regular format, we are extending the show today to include "The Story of the Week", where four of our journalists examine the same topic from different viewpoints. 

With Apple's announcement of a critical exploit in it's kernel prior to 15.7.1, Tracy Bannon, Katy Craig, Olimpiu Pop, and Marcel Brown will give you their individual takes on this known vulnerability and what you can do about it. 

It's a new format for us, so let us know what you think. 

Thanks for joining us for our 200th episode. Here's to the next 200. 

Marcel Brown: This Day, August 4, 5 in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

August 4th, 2007. NASA launches the Mars Phoenix lander. Phoenix would become the first spacecraft to land on the Martian arctic surface. Its mission was to dig for ice and assess if the Martian arctic ever had conditions that could have supported life.

Edwin Kwan: Potential WeChat Ban on Australian Government Devices

🇦🇺 Edwin Kwan, Sydney, Australia ↗

A senate committee investigating interference in Australia by foreign powers through social media have released a report this week, which found that TikTok and WeChat could be the country's biggest security risk. 

Hillary Coover: NATO Tech Funding

🇺🇸 Hillary Coover, Washington, DC ↗

 NATO just launched a €1 billion fund to support defense and security startups, benefiting its member countries during the ongoing Ukraine conflict.  

Katy Craig: Apple Kernel Flaw CVE 2023-38606

🇺🇸 Katy Craig, San Diego, California ↗

Trac Bannon: New Apple Vulnerability: Device Owner Call To Action

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗

Marcel Brown: Apple CVE

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

Olimpiu Pop: Apple Gadgets Exploited in Data Stealing Operations

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

Marcel Brown: This Day, August  3 in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

August 3rd, 1977. Radio Shack introduces their first computer, the TRS80. Originally forecasting sales of just 3000 to 5,000 per year, the TRS80 sold over 10,000 units in the first month and a half of sales. and 200,000 over the lifetime of the product.  

Edwin Kwan: Don't Let Your Printer Compromise Your Network

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Canon recently released a security advisory stating that Wi-Fi connection information does not get wiped on some of their inkjet printers during initialization. The Wi-Fi connection information includes wifi network,  SSID,  password, network type, such as WPA3 or WEP,  assigned IP address, MAC address, and network profile. 

Ian Garrett: Space Pirates Attack Across Russia and Serbia

🇺🇸 Ian Garrett, Arlington, Virginia ↗

First aliens and now Space Pirates? In this case, it's the notorious threat actor known as Space Pirates, and they've launched attacks across Russia and Serbia using novel tactics targeting various sectors, from government agencies and educational institutions, to aerospace manufacturers and healthcare firms.

Olimpiu Pop: Break the Silos to Achieve Cyberresillience

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

The expected investment in cybersecurity is estimated at $1.75 trillion by 2025- equivalent to the GDP of the ninth largest economy in the world, Canada. What beats that? The projected cost of global cybercrime- $10.5 trillion- about half of the GDP of the largest economy, the US.

Katy Craig: Worldcoin says it will share its data

🇺🇸 Katy Craig, San Diego, California ↗

Worldcoin, the brainchild of OpenAI's Sam Altman, keeps making headlines with its iris-scanning orb. Worldcoin's ambition goes beyond just offering free crypto tokens. 

Marcel Brown: Apple and UK

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

The UK government is attempting to update the Investigatory Powers Act of 2016, in order to force message providers to provide back doors into their encrypted messaging systems. Apple has joined WhatsApp and Signal in basically stating  their only option will be to remove their services if these laws are passed.

Olimpiu Pop: UK Ambulance Patient Records Hauled Offline Cyber Attack Probe

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

Ambulance patients from cities such as Bristol or Oxfordshire, and regions of Cornwall and Devon were impacted by a cyber attack targeted against health software company Ortivus, based in Sweden.

Marcel Brown: This Day, August  2 in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

August 2nd, 1873. The Clay Street Railroad begins operation, making it the first cable car in San Francisco's now famous cable car system. And for many of us growing up in the 1980's, cable cars also became synonymous with Rice-A-Roni®, the San Francisco treat.

Edwin Kwan: Australian Government Initiative to Improve Cyber Security Suffers Data Leak

🇦🇺 Edwin Kwan, Sydney, Australia ↗

The Home Affairs Department suffered a data leak when they accidentally published personal information of more than 50 small businesses who participated in a cybersecurity survey.

Kadi Grigg: What the fork?

🇺🇸 Kadi Grigg,Alexandria, Virginia ↗

As of July 11th, SUSE publicly announced its intention to fork the open source version of Red Hat Enterprise Linux, also known as RHEL, and will be developing and maintaining that code in compatible distribution that will be available without any restrictions as per the announcement.

Olimpiu Pop: Break the Silos to Achieve Cyberresillience

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

The expected investment in cybersecurity is estimated at $1.75 trillion by 2025- equivalent to the GDP of the ninth largest economy in the world, Canada. What beats that? The projected cost of global cybercrime- $10.5 trillion- about half of the GDP of the largest economy, the US.

Katy Craig: Connected Cars

🇺🇸 Katy Craig, San Diego, California ↗

 In today's digital age, it seems our cars aren't just for driving anymore. They're another frontier in the quest for privacy. 

Marcel Brown: This Day, August  1 in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

August 1st, 1981. MTV, presumably standing for "Music Television," launches on cable TV. As most people know, after the introduction sequence, the first video played was "Video Killed the Radio Star" by The Buggles. However, a bit of trivia is that the second song played was "You Better Run" by Pat Benatar.

Edwin Kwan: Déjà vu-lnerability - What is Old can be a Zero-day Again

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Researchers from Google's Threat Analysis Group released a review report of zero-day vulnerabilities that were exploited in the wild in 2022. A total of 41  zero-day vulnerabilities were detected and disclosed that year. This is a 40% decrease from the previous year, which had 69 detected zero-day vulnerabilities.

Ian Garrett: Android Messaging Spyware App Steals Signal and WhatsApp Data

🇺🇸 Ian Garrett, Arlington, Virginia ↗

SafeChat is anything but safe. The spyware app is being used by hackers to steal sensitive user data. Researchers at CYFIRMA have discovered that this malicious app is suspected to be a variant of the infamous " Coverlm" spyware, known for targeting popular communication apps like Signal, WhatsApp, and Telegram.

Katy Craig: France balks at Worldcoin

🇺🇸 Katy Craig, San Diego, California ↗

Imagine walking into a sign-up location and encountering a shiny, futuristic sphere scanning your face like something out of Star Trek. That's exactly what's happening at various Worldcoin locations across the globe.  It seems to be working, as they've already attracted 2.1 million users. 

But not everything is smooth sailing for Worldcoin.

Hillary Coover: China Misinformation

🇺🇸 Hillary Coover, Washington, DC ↗

A Chinese marketing firm with connections to Chinese government actors has been involved in an influence campaign aimed at improving Beijing's image abroad. Who cares? Doesn't every government do this?

Easy to Exploit Vulnerabilities Affecting 40% of Ubuntu Systems

🇦🇺 Edwin Kwan, Sydney, Australia ↗

40% of Ubuntu cloud workloads are affected by two easy-to-exploit privilege escalation vulnerabilities. Ubuntu has an approximate user base of over 40 million.

CRA Moves Into Negotiations With The Council

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

The Cyber Resilience Act, a significant piece of legislation, has caused a stir among the foundations backing open source software. The endorsement from the Industry, Research, and Energy Committee of the EU has only added fuel to the fire. 

Hackers unleash ZIP Domains

🇺🇸 Katy Craig, San Diego, California ↗

Phishing attacks are getting sneakier, my cyber-savvy friends. The bad guys have found a new trick by exploiting the newly introduced '.ZIP' Top-Level Domain. You know, those final bits of a website, address like '.COM,' or '.ORG.' 

Hillary Coover: Smart Car Data

🇺🇸 Hillary Coover, Washington, DC ↗

Connected cars can gather a wealth of information through free built-in apps, sensors, and cameras, raising concerns about who controls this data. Do you know how valuable you are as a product or how your data is being used? 

Marcel Brown: This Day, July 30 & 31 in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

July 31st, 1971. Using the battery-powered Lunar Roving Vehicle, Astronaut David Scott of the Apollo 15 mission becomes the first person to drive a vehicle on the Moon.

Dear Jen, Merrick, and Lina. What's up with Microsoft?

🇺🇸 Mark Miller, New York City↗

"Dear Director Easterly, Attorney General Garland, and Chair Khan. I write to request that your agencies take action to hold Microsoft responsible for its negligent cybersecurity practices."  That's the beginning of a letter from Senator Ron Wyden, Democrat from Oregon. What set this off for Wyden? Why is he asking for Microsoft's head on a platter?  

Call of Duty? Watch out for the malware in the lobby.

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Call of Duty game players are getting infected by a self-spreading malware. The malware, which is also a worm, spreads to other users who are online and in the game lobby. It does this automatically from one infected player to another.

Here’s looking at you, Worldcoin!

🇺🇸 Katy Craig, San Diego, California ↗

Step right up, folks, and get your eyeballs scanned by a mysterious silver orb! Welcome to the fascinating world of Worldcoin, a cryptocurrency project with the twist- biometric verification. 

9mm smart gun? What took you so long.

🇺🇸 Hillary Coover, Washington, DC ↗

The Wall Street Journal recently covered an emerging innovation in firearm safety- smart gun technology. My question is, what took so long to develop this? According to research, 37% of accidental deaths could have been prevented with this type of technology.

This Day, July 28 & 29 in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

July 29th, 1914. The first test call is made on the newly completed transcontinental telephone line taking place between New York and San Francisco. The last pole was erected and the line completed two days earlier on July 27th, but commercial service did not start until January 25th of the next year.

Microsoft Makes Access to Cloud Logging Free After Criticisms from Storm-0558 Breach

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Microsoft is expanding access to cloud logging to all customers for free, with more becoming available in September, 2023. This came after they received strong criticisms as a result of the Storm-055 8 breach on July 11th. 

Cybersecurity Crisis: Citrix Vulnerability Exposes US Infrastructure

🇺🇸 Ian Garrett, Arlington, Virginia ↗

Thousands of companies are at risk from a recently discovered Citrix zero-day exploit that has already targeted a critical infrastructure organization in the United States. The vulnerability affects some devices that are widely used for secure application delivery and VPN connectivity. 

Cyber Implementation Plan

🇺🇸 Katy Craig, San Diego, California ↗

The White House has crafted a plan to beef up the nation's cyber defenses called the Cybersecurity Implementation Plan, but now comes the tricky part: actually making it happen. 

This Day, July 26, July 27 in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

July 26th, 1963. Syncom 2, the world's first geosynchronous satellite is launched. Syncom 1 was intended to be the first geosynchronous satellite, but an electronics failure rendered the satellite inoperable during the ascent to orbit.

Unintentional Data Leak by VirusTotal Exposes 5,600 Account Details

🇦🇺 Edwin Kwan, Sydney, Australia ↗

VirusTotal has suffered a data leak. The popular online service was launched in 2004 and is used to analyze suspicious files and URLs to detect malicious content or malware. The data leak involved a database with 5,600 registered customer names and email addresses.

Death of Twitter Info Sec

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

Twitter was the information source for many technologist; security experts included. The Cyentia Institute wanted to know the size of what they called " InfoSec Twitter." Under this umbrella, they followed all information related to CVEs posted on the platform. 

 CT License Plate Scans

🇺🇸 Hillary Coover, Washington, DC ↗

License plate readers are becoming more common on Connecticut roads, raising privacy concerns. However, the readers, which scan and record license plates, are not really an infringement of privacy since vehicle registration data are publicly available.

 CITRIX Pwned

🇺🇸 Katy Craig, San Diego, California ↗

In a cybersecurity cat-and-mouse-game, attackers are taking advantage of a critical Remote Code Execution (RCE) vulnerability in Citrix's NetScaler ADC and NetScaler Gateway Technologies. The scary part? No authentication is needed for the exploit.

Australian Cyber Crime Reporting Resource

🇦🇺 Edwin Kwan, Sydney, Australia ↗

The Australian Cybersecurity Centre, ACSC, is urging all Australians to report cyber crimes using their easy online service. The reporting can be done anonymously and reports by individuals will be referred directly to the relevant state or territory law enforcement agency.

Casualties of ChatGPT

🇺🇸 Hillary Coover, Washington, DC ↗

ChatGPT and other cutting-edge AI chatbots are revolutionizing industries with the potential to replace human jobs from customer service representatives to screenwriters. However, behind the scenes, the technology relies on a disturbing form of human labor. 

Coast to Coast - The Rise of State Data Privacy Laws in 2023

🇺🇸 Ian Garrett, Arlington, Virginia ↗

2023 has been the year for state privacy laws to take off. While California has long been at the forefront of the privacy conversation, this year, several other states are joining the ranks with their own regulations. Organizations doing business in Virginia, Colorado, Utah, and Connecticut are facing new compliance challenges, and the cost of data breaches is taking on a whole new dimension.

Cloud Wars

🇺🇸 Katy Craig, San Diego, California ↗

Google is side-eyeing Microsoft's Office 365, alleging it's been used to coax Azure adoption. Salesforce, owner of Slack, is alleging Microsoft is using its Office suite to unfairly bundle Teams. 

This Day, July 25, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

July 25th, 2008. The FCC approves the merger of the two satellite radio companies, Sirius and XM, now known as SiriusXM. The development of the internet and streaming mobile radio has diminished the competitive advantages of satellite radio. 

Cloud Build Vulnerable to Supply Chain Attacks

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Security researchers have discovered a design flaw in Google Cloud Build, which can allow for supply chain attacks. 

Cloud Shared Responsibility Model: Time for an (R)Evolution?

🇺🇸 Chris Hughes, Virginia Beach, Virginia ↗

This week, we have an update around the discussion of the Cloud Shared Responsibility Model. The past week and a half, we've seen a compromise with the Microsoft Azure Cloud environment, and we've seen an incident disclosed by Microsoft and CISA that has attributed to a Chinese threat actor named Storm-0558.

Microsoft Breach May Expose Deeper Problems

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗

On July 12th, Redmond revealed that Chinese hackers had breached Exchange Online and Azure Active Directory by exploiting a zero-day validation flaw. Government agencies in the US and Western Europe were affected, including the US Department of State and the Commerce Department. 

This Day, July 24, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

July 23rd, 1903. Ford sells its first Model A car to Ernest Pfennig of Chicago, Illinois. This was Henry Ford's third attempt at creating a company that manufactured cars.

Thousands of Container Images Leaking Secrets

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Researchers from a German university recently published a paper revealing that tens of thousands of container images hosted on Docker Hub contained confidential secrets.

Google DeepMind

🇺🇸 Hillary Coover, Washington, DC ↗

Google DeepMind just made a game-changing AI discovery for designing computer chips, and it's got some major national security implications. They've come up with a way to create faster and more specialized chips, which means a big boost in AI capabilities for businesses and government uses.

US Office of Management and Budget gathers software attestation letters

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

May 12th, 2021. President Biden signed the executive order 14028. The intent was to improve the nation's cybersecurity in the aftermath of the Log4Shell tsunami. 

This Day, July 21, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

July 21st, 1999. Apple introduces the iBook laptop, the first mainstream computer designed and sold with built-in wireless networking. 

What's Your Social Media OpSec?

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Sharing on social media is a good way to keep in touch with friends, but sometimes that can get you in trouble. A Russian neighbor officer was recently killed near his home and it was believed that he may have been tracked on the Strava app.

The Dark Side of Generative AI

🇺🇸 Ian Garrett, Arlington, Virginia ↗

You can't throw a stone without another company releasing a capability powered by the rise of large language models, otherwise known as LLMs. Did you ever wonder if there were problems with the underlying APIs or dependencies?

Typo Leak Sends Email to Mali

🇺🇸 Katy Craig, San Diego, California ↗

In a blunder of epic proportions, a spelling mistake sent millions of US military emails to the country domain for Mali, Africa.

Microsoft expanding access to AI

🇺🇸 Hillary Coover, Washington, DC ↗

Microsoft just announced their new Office 365 artificial intelligence subscription service, and people are going nuts. The stock market responded with a bang, pushing Microsoft's shares to an all-time high.

This Day, July 20, in Tech History

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

July 20th, 1969. Eagle, the Apollo 11 Lunar module, successfully lands in the area of the moon known as the Sea of Tranquility. Upon landing, Neil Armstrong utters the now famous phrase, "The Eagle has landed."

Edwin Kwan: Spike in Attacks Using Infected USB Drives

Do using USB drivers as an initial infection vector still work today? Well, what is old is new again. Security researchers at Mandiant have observed a threefold increase in the number of attacks using infected USB drives to steal secrets.

Hillary Coover: European Spyware Banned

The Biden administration has taken a significant step to address global concerns over digital privacy and security. It's added two foreign technology companies, Intellexa and Cytrox, to its export prohibition list.

Olimpiu Pop: Just - a language-agnostic build automation tool written in Rust

Just do it! And this is exactly what Just does. It executes commands. Just is a command runner tool that is designed to save and run project specific commands stored in files called "justfile".

Trac Bannon: ChatGPT has an evil twin?  WormGPT

If you have used the wildly popular ChatGPT, you may have run into different rules and guardrails that can be frustrating. As someone who researches cybersecurity and the impact of AI on the software industry, ChatGPT sometimes classifies my questions as off limits. What if there was a large language model with no guardrails and no restrictions?

Katy Craig: Cyber Trust Mark

Let's talk cyber stickers. Get ready to see shiny new Shield logo on your routers and IoT devices starting in 2024. The White House and the FCC are rolling out the US Cyber Trust Mark, a voluntary cybersecurity labeling program that screams, "pick me, I'm secure."

Marcel Brown: Today in Tech History

July 19th, 2000. Apple introduces the G4 "Cube" Power Macintosh. At the time of introduction, it was one of the smallest desktop computers ever produced. While not considered a commercial success, it did find a small, dedicated following, and it was a foreshadowing of future Apple designs. 

Full show notes, resources and transcript available at 505updates.com

Edwin Kwan: Account Takeovers using Evil QR

Logging in via QR code is something that more websites are starting to embrace. Security researcher. Kuba Gretzky, from breakdev.org, published an article demonstrating how attackers could take over accounts by convincing users to scan supplied QR codes using phishing techniques.

Julie Chatman: SIM swap attacks on the rise

Imagine waking up one day to find that your smartphone is not working. You can't make calls, send text messages, or access your bank account, and it's not because you forgot to charge your phone overnight or because the internet is down. It is due to a SIM swap attack. 

Olimpiu Pop: Crypto scams have dropped faster than Twitter’s user base

Crypto scams have dropped faster than Twitter's user base, going from $4.3 billion in the first half of 2022 to a mere $1 billion in 2023. In the scamming business, the bear market came early. 

Katy Craig: Navy Unveils New Cyber Operations Roles

Remember those days when the Navy was the only kid in school without a dedicated cyber role? Those days are history. The Navy unveiled new cyberspace operations roles for officers and enlisted personnel with a little prodding from Congress. 

Marcel Brown: Today in Tech History

July 18th, 1968. Robert Noyce, Andy Grove and Gordon Moore incorporate Intel in Santa Clara, California to build microprocessors. Their first processor, the 4004, was released in 1971 for use in calculators.

Full show notes, resources and transcript available at 505updates.com

Edwin Kwan: Ghostscript allows remote code access

Popular open source PDF library, Ghostscript, has been discovered to have a critical vulnerability that allows for remote code execution. The vulnerability can be exploited upon opening a malicious file.

Katy Craig: Tax services playing fast and loose with client data

Taxes and data privacy- two things we all love to hear about, right? Well, it appears our favorite tax preparation services, TaxAct, H&R Block and Tax Layer have been playing a little fast and loose with our personal data.

Mark Miller: FTC Takes on ChatGPT

Al Capone was brought down almost a hundred years ago. It was evasion of taxes that got him, completely unrelated to what he was actually being pursued for. Friday's filing of a Civil Investigative Demand by the FTC against OpenAI reminds me a lot of that process.

Marcel Brown: Today in Tech History

July 16th, 1969. Apollo 11 is launched from Cape Kennedy, Florida on the way to becoming the first space mission to land men on the moon. Stay tuned this week for more Apollo 11 technology history.

Full show notes, resources and transcript available at 505updates.com

From Edwin Kwan in Sydney, Australia: Early this week, critical infrastructure service provider Ventia took some of its key systems offline to contain a cyber incident. The company provides management, maintenance and operation services for critical infrastructure to more than 400 sites across defense, electricity, water, and gas industries in Australia and New Zealand.

From Olimpiu Pop in Transylvania, Romania: THT - TimișoaraHackerTeam. A somewhat obscure ransom group recently disrupted operations of a US cancer center, potentially putting patient data at risk. 

From Katy Craig in San Diego, California:  A breach of Microsoft-hosted US government email servers by a Chinese hacking group was detected and fixed " fairly rapidly," according to National Security Advisor, Jake Sullivan. The group, known as Storm-0558, was caught forging digital authentication tokens to access federal government email servers hosted on Microsoft's Outlook platform.

From Hillary Coover in Washington, DC: The Wall Street Journal reports that as AI tools become more accessible, we'll see a disturbing trend of fake news and what they call "AI junk" flooding the internet. This has some serious implications for spreading misinformation and all of the risks that come with that.

From Sourced Network Production in New York City. "It's 5:05". I'm Pokie Huang. Today is Friday, July 14th. Here's the full story behind today's cyber security and open source headlines...

From Edwin Kwan in Sydney, Australia: The New South Wales cashless gambling trial suffered a cyber attack. The state's gaming minister said that it would soon announce an oversight panel, which among other focuses, will also be looking into the data security and data privacy of trial participants.

From Olimpiu Pop in Transylvania, Romania: The other week, I decided that ChatGPT is obsolete. I wanted to try Google Bard. Whoops. It doesn't work. According to the site, it's not available in the EU. Does it have something to do with the new European AI Act? 

From Kadi Grigg in Alexandria, Virginia: The Android Malware family now has a new member: Fluhorse, a dangerous android malware that is targeting users in Eastern Asia. 

From Katy Craig in San Diego, California: Brett Callow, a threat analyst at Emsisoft, reports that over 200 organizations have fallen victim to the MOVEit bug exploitation. This led to 33 breach disclosures affecting the personal information of more than seventeen and a half million people. The scale of the breach is staggering. 

From Sourced Network Production in New York City. "It's 5:05". I'm Pokie Huang. Today is Thursday, July 13th. Here's the full story behind today's cyber security and open source headlines...

From Edwin Kwan in Sydney, Australia: As small households embrace green energy and install solar panels, they could unknowingly be exposing their home networks. Your home solar system could be connecting to the manufacturer's servers to send data that is displayed on the app.

From Olimpiu Pop in Transylvania, Romania: The European AI Act is the first of its kind in the world. Being the first, it creates a precedent and a benchmark for those that will follow, but it also imposes explicit obligations on foundational model providers like OpenAI and Google. 

From Katy Craig in San Diego, California: In a bizarre case of unauthorized access, a 53-year-old man from California has been charged for meddling with a water treatment facility's critical software.

From Hillary Coover in Washington, DC: Today, WIRED released an article discussing Discord's new "Family Center" safety settings designed for teens. Discord launched the Family Center, aiming to strike a balance between safety and teen privacy.

From Marcel Brown in St. Louis, Missouri:  July 12th, 1990. Nintendo releases the original Final Fantasy video game for it's Nintendo Entertainment System in North America. Final Fantasy helped to popularize the genre and has gone on to spawn one of the most well-known RPG franchises in history.

From Sourced Network Production in New York City. "It's 5:05". I'm Pokie Huang. Today is Wednesday, July 12th. Here's the full story behind today's cyber security and open source headlines...

From Edwin Kwan in Sydney, Australia: Security researchers have discovered two spyware in the Google Play Store that have been installed by up to 1.5 million users. Both apps have similar malicious behaviors, such as launching silently without any user interaction.

From Katy Craig in San Diego, California: In a jaw dropping twist, approximately $126 million worth of crypto assets has vanished from Multichain's accounts in what could be a classic case of a rug pull. The incident left experts scratching their heads and investors clutching their virtual wallets. 

From Hillary Coover in Washington, DC: Massachusetts is considering a groundbreaking law that would ban the sale of location data collected from mobile phones used within the state. The proposed Location Shield Act would also require law enforcement to obtain a warrant before accessing such data.

From Ian Garrett in Arlington, Virginia: Even recession-proof industries are feeling the squeeze when it comes to funding. While cybersecurity has traditionally been shielded from downward funding trends, it is now seeing a major shift from investors. With that, you may be wondering how bad is the decline. 

From Marcel Brown in St. Louis, Missouri: July 11th, 2008. Apple's second iPhone, the iPhone 3G goes on sale. The higher speed 3G data capability certainly helped the iPhone solidify its status as the premier smartphone of the time. 

From Sourced Network Production in New York City. "It's 5:05". I'm Pokie Huang. Today is Tuesday, July 11th. Here's the full story behind today's cyber security and open source headlines...

From Edwin Kwan in Sydney, Australia: Mastadon has recently patched for vulnerabilities. One of those vulnerabilities is TootRoot. Attackers can exploit the vulnerability by using media files on Toots to perform attacks like denial of service and arbitrary remote code execution. 

From Olimpiu Pop in Transylvania, Romania: Natural language is the primary means of attack for LLM powered AI systems. It can be used to attack components throughout the stack.

From Katy Craig in San Diego, California: US and Canadian cybersecurity agencies have issued a joint alert warning about the resurgence of Truebot malware. Operated by the Silence cybercrime group, Truebot serves as an initial infection point for delivering secondary payloads on compromised systems.

From Marcel Brown in St. Louis, Missouri: July 9th, 1981. The game that launched two of the most famous characters in video game history is released for sale. Donkey Kong was created by Nintendo, a Japanese playing card and toy company turned fledgling video game developer who was trying to create a hit game for the North American market.

From Sourced Network Production in New York City. "It's 5:05". I'm Pokie Huang. Today is Monday, July 10th. Here's the full story behind today's cyber security and open source headlines...

From Edwin Kwan in Sydney, Australia: A proof of concept program has been recently published that exploits an unresolved security vulnerability in Microsoft Teams. The program allows the bypass of Microsoft Teams file sending restraints to deliver malware from an external account.

From Olimpiu Pop in Transylvania, Romania: OWASP moves fast. In late May, they initiated the Top 10 Security Risks for LLM applications project. Version 0.5 was released this week and they are aiming to release version 1.0 by the end of the month. 

From Katy Craig in San Diego, California: In a thought-provoking blog post, Mark Curphy challenges the effectiveness of shifting left in software security. In fact, he says that shifting left is a myth. 

From Hillary Coover in Washington, DC: In-flight wifi is a convenience, but also potentially a vulnerability to flight safety. According to CSOOnline, commercial airliners are more vulnerable to cyber threats originating from in-flight internet access systems than from avionics.

From Marcel Brown in St. Lous, Missouri: July 7th, 1936. Several US patents are issued for the Phillips head screw and screwdriver to inventor Henry F. Phillips. Phillips founded the Phillips Screw Company to license his patents.

From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Friday, July 7th. Here's the full story behind today's cyber security and open source headlines...

From Edwin Kwan in Sydney, Australia: Mitre has recently released their CWE Top 25 Most Dangerous Software Weaknesses list for 2023. This list demonstrates the currently most common and impactful software weaknesses. 

From Katy Craig in San Diego, California: Driverless cars may be the future, but are they ready for prime time? According to the fire chief in San Francisco, the answer is a resounding no. 

From Marcel Brown in St. Louis, Missouri: July 6th, 1996. America Online settles 11 class action lawsuits alleging misleading billing practices. Who here remembers that point in time when this pricing change caused AOL to have such a huge spike in new users, that for a time it was almost impossible to connect to AOL due to the busy signals.

From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Thursday, July 6th. Here's the full story behind today's cyber security and open source headlines...

From Edwin Kwan in Sydney, Australia: WordPress plugin, Ultimate Member, is vulnerable to a privileged escalation vulnerability that allows attackers to gain administrator access to the WordPress site. 

From Trac Bannon in Salem, Massachusetts: Over the past few weeks, a number of US soldiers opened their mail and found a pretty cool gift, a free smartwatch. What could be so bad about that? 

From Hillary Coover in Washington, DC: In a pilot project conducted by the Transportation Security Administration at 16 airports across the United States, facial recognition technology is being used to enhance air airport security and streamline procedures. 

From Katy Craig in San Diego, California: The US has been actively curbing China's access to advanced microprocessors and other critical technologies. The semiconductor industry has become a focal point in the intense rivalry between the two largest economies.

From Marcel Brown in St. Louis, Missouri: July 4th, 1956. MIT's whirlwind, which had been completed five years earlier, becomes the first computer in the world to allow its users to enter commands through a keyboard. Previously, all input was accomplished through dials, switches, and or punch cards. 

From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Wednesday, July 5th. Here's the full story behind today's cyber security and open source headlines...

From Edwin Kwan in Sydney, Australia: A high school in Illinois recently demonstrated how not to do a false password reset. The high school decided to set all the students' passwords to be change me exclamation mark. That's right. They changed all the students' password to the same password. 

From Hillary Coover in Washington, DC: When searching social media sites for known child exploitation images, law enforcement agencies and organizations use databases of face prints associated with identified victims or offenders. They take those known face prints and they compare them to those pulled from social media platforms.

From Katy Craig in San Diego, California: Have you ever encountered an age check, those popups that ask you for your ID or some other form of verification to confirm your age? They're becoming increasingly common online, all in the name of protecting children's safety. 

From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Tuesday, July 4th. Here's the full story behind today's cyber security and open source headlines...

From Hillary Coover in Washington, DC: Many of you might be thinking enough with the Chinese balloon story, but did you know it was fitted with American technology?

From Edwin Kwan in Sydney, Australia: It's bad enough when apps you use suffers a data breach. It's worse when apps you didn't know you have gets breached. 

From Katy Craig in San Diego, California: US Cyber Command's team of tech savvy military and civilian experts known as "Under Advisement", is set to double in size over the next year. Under Advisement's role complements the Cybersecurity and Infrastructure Security Agencies Joint Cyber Defense Collaborative.

From Mark Miller in New York City: Last week an article in the New York Times evaluated the accuracy of a set of five AI detection tools for evaluating images. In the best case scenario, 20% incorrectly identified whether an image was AI generated or not. In the worst case, all evaluation engines were incorrect. 

From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Monday, July 3rd. Here's the full story behind today's cyber security and open source headlines...

From Edwin Kwan in Sydney, Australia: Everyone deserves privacy by default. That's Proton's slogan. This week they announced the global launch of their password manager, Proton Pass. 

From Katy Craig in San Diego, California: The US Army's Criminal Investigation Division (CID) is sounding the alarm advising soldiers who received unsolicited D18 smartwatches in the mail not to turn them on over concerns that these devices might be carrying some nasty malware. 

From Hillary Coover in Washington, DC: There's a big debate going on among lawmakers in the United States about government surveillance. They're trying to figure out whether the FBI should be required to get a warrant before searching a database of foreign intelligence that might have information on American citizens.

From Marcel Brown in St. Lous, Missouri: July 1st, 1979. The first Sony Walkman, the TPS L2, goes on sale in Japan. By allowing owners to carry their personal music with them, the Walkman and their iconic headphones introduce a revolution in listening habits and popular culture at large. 

From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Friday, June 30th. Here's the full story behind today's cyber security and open source headlines...

From Edwin Kwan in Sydney, Australia: The JavaScript NPM registry has a manifest confusion vulnerability which can allow the installation and execution of malicious files without the user's knowledge. 

From Ian Garrett in Arlington, Virginia: Microsoft Sysmon just got a beefy upgrade. Sysmon is a free Microsoft Sysinternals tool that can monitor and block malicious or suspicious activity and log events to the Windows event log.

From Katy Craig in San Diego, California: There's a new process injection technique that could give threat actors a way to bypass security solutions and wreak havoc on compromised systems. 

From Marcel Brown in St. Lous, Missouri: The iPhone turned out to be the computing device that we all wished we had, yet didn't know what we were missing until we had one. It has literally impacted nearly every aspect of our society, and it is no stretch to say that the iPhone has changed the world.

From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Thursday, June 29th. Here's the full story behind today's cyber security and open source headlines...

From Edwin Kwan in Sydney, Australia: There is a new version of Super Mario 3 making its way on gaming forums and social media groups. It's a Trojanized version.

From Katy Craig in San Diego, California: APT37 is taking surveillance to a whole new level. They're using a Go-based backdoor to exploit a real-time data transform platform called Ably. 

From Hillary Coover in Washington, DC: Three weeks ago, YouTube sent a cease and desist letter to Invidious, an open source alternative front end for YouTube that allows users to watch videos without data tracking. 

From Marcel Brown in St. Lous, Missouri: June 28th, 1955. The HMTS Monarch, the largest cable lane ship in the world at the time, launches from Clarenville, Newfoundland to begin laying TAT-1, the first transatlantic telephone cable. 

From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Wednesday, June 28th. Here's the full story behind today's cyber security and open source headlines...

From Katy Craig in San Diego, California: Get ready for an AI showdown folks. Meta's new open source AI chatbots were just offered up to people and they're using them for sex.

From Edwin Kwan in Sydney, Australia: Medibank Private, a health insurance provider, suffered a data breach in October, 2022, and that resulted in the compromise of 9.7 million current and former customers.

From Mark Miller in New York City: He professes that he was tricked by ChatGPT, that he had no idea that the output could be generated from non-existent cases. If we are to believe him, and I do actually believe him, that doesn't make him stupid. It makes him lazy.

From Marcel Brown in St. Louis, Missouri: June 27th, 1972. The iconic video game company Atari is founded by Nolan Bushnell in Ted Dabney. Their first video game Pong was the first commercially successful video game and led to the start of the video game industry.

From Sourced Network Productions in New York City. I’m Mark Miller. Today is Tuesday, June 27. Here’s the full story behind each of our headlines...

Let's get to it!

Australia's First Cyber Security Coordinator Announced

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Air Force commander to take on hackers as Australia's first cybersecurity boss

Nation's first cyber security coordinator appointed, as government reckons with HWL Ebsworth breach - ABC News

SBOMS are a security staple in the software supply chain

🇺🇸 Julie Chatman, Washington, DC ↗

SBOMs become a security staple for the software supply chain • The Register

Why The US Government Is Mandating Software Bill Of Materials (SBOM)

UPS Breach

🇺🇸 Katy Craig, San Diego, California ↗

UPS discloses data breach after exposed customer info used in SMS phishing

Follow the Money 

🇺🇸 Hillary Coover, Washington, DC ↗

The Money Behind Yevgeny Prigozhin and the Wagner Group - The New York Times

This Day in Tech History 

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

https://thisdayintechhistory.com/06/25

https://thisdayintechhistory.com/06/26

Let’s get to it!

Over 100,000 ChatGPT Accounts Stolen Via Malware For Sale on Dark Web

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Over 100,000 Stolen ChatGPT Account Credentials Sold on Dark Web Marketplaces

Over 100,000 ChatGPT accounts stolen via info-stealing malware

Group-IB Discovers 100K+ Compromised ChatGPT Accounts on Dark Web Marketplaces; Asia-Pacific region tops the list

China in Cuba

🇺🇸 Hillary Coover, Washington, DC ↗

Google pledges $20M to Cyber Clinics

🇺🇸 Katy Craig, San Diego, California ↗

Google backs creation of cybersecurity clinics with $20 million donation | AP News

Safari needs patching too: Apple products affected by sophisticated implant

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

https://www.csa.gov.sg/alerts-advisories/alerts/2023/al-2023-083

https://support.apple.com/en-us/HT201222

https://nvd.nist.gov/vuln/detail/CVE-2023-32434

https://nvd.nist.gov/vuln/detail/CVE-2023-32435

https://nvd.nist.gov/vuln/detail/CVE-2023-32439

https://thehackernews.com/2023/06/new-zero-click-hack-targets-ios-users.html

https://thehackernews.com/2023/06/new-report-exposes-operation.html

This Day in Tech History 

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

https://thisdayintechhistory.com/06/23

https://thisdayintechhistory.com/06/24

Let’s get to it!

Apple releases a patch addressing three zero-day vulnerabilities

🇦🇺 Edwin Kwan, Sydney, Australia ↗"

Apple rushes out patches for exploited zero day bugs - Security - iTnews

Apple fixes zero-days used to deploy Triangulation spyware via iMessage

Dissecting TriangleDB, a Triangulation spyware implant | Securelist

BlackCat (ALPHV) just won’t leave reddit alone

🇺🇸 Katy Craig, San Diego, California ↗

Hackers threaten to leak 80GB of confidential data stolen from Reddit | TechCrunch

Reddit says hackers accessed employee data following phishing attack | TechCrunch

Part 3 - What You Should Know About Location Records

🇺🇸 Hillary Coover, Washington, DC ↗

Washington Shields Abortion Data in First-in-Nation Privacy Law

Edge added to browser list of zero-day vulnerability

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

Release notes for Microsoft Edge Security Update

Release notes for Microsoft Edge Security Updates

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29345

NVD - CVE-2023-33145

NVD - CVE-2023-33143

This Day in Tech History 

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

http://thisdayintechhistory.com/06/22

Let’s get to it!

Part 2 - What You Should Know About Location Records

🇺🇸 Hillary Coover, Washington, DC ↗

Washington Shields Abortion Data in First-in-Nation Privacy Law

Australian Government Data Found on Dark Web

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Data leak at Australian law firm spooks government, business • The Register

Cyber Incident - HWL Ebsworth Lawyers

Mystic Stealer: Credential Stealing Malware in Your Browser

🇺🇸 Katy Craig, San Diego, California ↗

https://www.msn.com/en-us/news/technology/this-new-malware-is-proving-quite-popular-and-dangerous/ar-AA1cJGzQ?ocid=msedgdhp&pc=U531&cvid=a591cdbc39e448b8b6f59801a3680517&ei=8

Mystic Stealer | Zscaler

Mystic Stealer: The New Kid on the Block

Hacker’s gonna hack… it’s the job

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

Google fixes new Chrome zero-day flaw with exploit in the wild

Chrome Releases: Stable Channel Update for Desktop

Chromium Security

NVD - CVE-2023-3079

This Day in Tech History 

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

http://thisdayintechhistory.com/06/21

Let’s get to it.

Medibank hit again… this time with MOVEit

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Medibank staff details taken after building manager gets hacked

What you should know about location records, including Apple’s and Google’s new policies

🇺🇸 Hillary Coover, Washington, DC ↗

Washington Shields Abortion Data in First-in-Nation Privacy Law

BlackCat clawing at reddit’s door

🇺🇸 Ian Garrett, Arlington, Virginia ↗

Reddit hackers demand $4.5 million ransom and API pricing changes - The Verge

Gigabyte Systems exposes secret backdoor

🇺🇸 Katy Craig, San Diego, California ↗

Supply Chain Risk from Gigabyte App Center Backdoor - Eclypsium

GIGABYTE Fortifies System Security with Latest BIOS Updates and Enhanced Verification | News

US Government offers $10M reward for info on CL0P

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

https://twitter.com/RFJ_USA/status/1669740545403437056

US govt offers $10 million bounty for info on Clop ransomware

This Day in Tech History 

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

http://thisdayintechhistory.com/06/18/

http://thisdayintechhistory.com/06/19/

http://thisdayintechhistory.com/06/20/

Let's get to it. 

Fake Proof of Concept for Zero Day Exploits used to Deliver Malware

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Fake zero-day PoC exploits on GitHub push Windows, Linux malware

The Third SQL Vulnerability Related to Moveit Clop Ransomware Campaign Disclosed

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

Third MOVEit Transfer Vulnerability Disclosed by Progress Software

Exclusive: US government agencies hit in global cyberattack

Mass Exploitation of Zero-Day Bug in MOVEit File Transfer Underway

Brand-New Security Bugs Affect All MOVEit Transfer Versions

MOVEit Transfer Critical Vulnerability – CVE Pending (June 15, 2023) - Progress Community

Barracuda hack is the Chinese

🇺🇸 Katy Craig, San Diego, California ↗

Barracuda: Customers Must Replace Impacted Email Security Devices ‘Immediately’ | CRN

Barracuda ESG Zero-Day Vulnerability (CVE-2023-2868) Exploited Globally by Aggressive and Skilled Actor, Suspected Links to China | Mandiant

Chinese spies breached hundreds of public, private networks, security firm says - ABC News

Let's get to it.

Breaking News: Sweeping attack on US Government

🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗

https://amp-cnn-com.cdn.ampproject.org/c/s/amp.cnn.com/cnn/2023/06/15/politics/us-government-hit-cybeattack/index.html

US energy department, other agencies hit in global hacking spree | Reuters

New Sextortion Scheme Using Deepfakes

🇦🇺 Edwin Kwan, Sydney, Australia ↗

https://therecord.media/deepfakes-involved-in-sextortion-schemes?_hsmi=261868737

Sextortionists are making AI nudes from your social media images

CISA orders Feds to harden devices

🇺🇸 Katy Craig, San Diego, California ↗

Binding Operational Directive 23-02 | CISA

The Limitations of Real-Time Social Media Tools

🇺🇸 Hillary Coover, Washington, DC ↗

No link - general opinion on conversation about social media surveillance concerns 

The freedom fighters that want to bring EU Commission back to its senses about open-source

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

Feedback from: OpenForum Europe

This Day in Tech History 

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

http://thisdayintechhistory.com/06/16

http://thisdayintechhistory.com/06/17

Let's get to it.

Hunter Valley Bus Tragedy Scams Spotted

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Scammers allegedly set up GoFundMe pages to exploit Hunter Valley bus tragedy - Cyber Security Connect

Striking a balance, protecting national security and privacy in the age of commercial data.

🇺🇸 Hillary Coover, Washington, DC ↗

Declassified Report on Commercial Available Information https://www.dni.gov/files/ODNI/documents/assessments/ODNI-Declassified-Report-on-CAI-January2022.pdf

CISA warns of sabotage from Chinese hackers

🇺🇸 Katy Craig, San Diego, California ↗

Americans should prepare for cyber sabotage from Chinese hackers, US official warns | Reuters

PassGPT is an AI Model That Generates 20% unseen passwords by learning from RockYou2021 - the biggest password leak in history

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

Meet PassGPT, the AI Trained on Millions of Leaked Passwords - Decrypt

PassGPT: Password Modeling and (Guided) Generation with Large Language Models

[2306.01545] PassGPT: Password Modeling and (Guided) Generation with Large Language Models

https://twitter.com/javi_rando/status/1666073708127977472?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1666073708127977472%7Ctwgr%5E51bf72d07b238f52f92187d45c5e2039f8692040%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fdecrypt.co%2F144004%2Fmeet-passgpt-ai-trained-millions-leaked-passwords

RockYou2021: Largest Ever Password Compilation Leaked | Cybernews

This Day in Tech History 

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

Hey, it's 5:05 on Thursday, June 15th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today's episode come from Edwin Kwan in Sydney, Australia, Hillary Coover in Washington, DC, Katy Craig in San Diego, California, Olimpiu Pop in Transylvania, Romania, Marcel Brown in St. Louis, Missouri. 

Let's get to it.

Hunter Valley Bus Tragedy Scams Spotted

🇦🇺 Edwin Kwan, Sydney, Australia ↗

Scammers allegedly set up GoFundMe pages to exploit Hunter Valley bus tragedy - Cyber Security Connect

Striking a balance, protecting national security and privacy in the age of commercial data.

🇺🇸 Hillary Coover, Washington, DC ↗

Declassified Report on Commercial Available Information https://www.dni.gov/files/ODNI/documents/assessments/ODNI-Declassified-Report-on-CAI-January2022.pdf

CISA warns of sabotage from Chinese hackers

🇺🇸 Katy Craig, San Diego, California ↗

Americans should prepare for cyber sabotage from Chinese hackers, US official warns | Reuters

PassGPT is an AI Model That Generates 20% unseen passwords by learning from RockYou2021 - the biggest password leak in history

🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

Meet PassGPT, the AI Trained on Millions of Leaked Passwords - Decrypt

PassGPT: Password Modeling and (Guided) Generation with Large Language Models

[2306.01545] PassGPT: Password Modeling and (Guided) Generation with Large Language Models

https://twitter.com/javi_rando/status/1666073708127977472?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1666073708127977472%7Ctwgr%5E51bf72d07b238f52f92187d45c5e2039f8692040%7Ctwcon%5Es1_&ref_url=https%3A%2F%2Fdecrypt.co%2F144004%2Fmeet-passgpt-ai-trained-millions-leaked-passwords

RockYou2021: Largest Ever Password Compilation Leaked | Cybernews

This Day in Tech History 

🇺🇸 Marcel Brown, St. Louis, Missouri ↗

http://thisdayintechhistory.com/06/15