Security Serengeti

David and I sit down to discuss a new article from an insurer stating that Cyber Insurance is going to get more expensive than natural disasters, the LastPass hack, and some quick hits on killer robots, the NDAA and the government's plan to get into AI for warfighters, and some utterly predictable 2023 predictions. Article 1 - San Francisco terminates explosive killer cop botsSupporting Articles:San Francisco lawmakers approve lethal robots – but they can't carry guns Article 2 - Dozens of cybersecurity efforts included in this year’s US NDAA Article 3 - 'Sextortion,' Business Disruption, and a Massive Attack: What Could Be in Store for 2023 Article 4 - PAYWALL - Cyber attacks set to become ‘uninsurable’, says Zurich chiefSupporting Articles:NO PAYWALL - Cyber attacks set to become ‘uninsurable’, says Zurich chief Article 5 - LastPass BreachSupporting Articles:LastPass Cops to Massive Breach Including Customer Vault DataLastPass admits attackers have a copy of customers’ password vaultsThe 2022 LastPass data breach is starting to look truly horrendousJeremi Gosney InfoSec.Exchange Thread If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

David and I put our prediction hats on. With how ChatGPT is setting the security and news world on fire, we sit down and put together some of our own ideas with many great ideas others have shared, and we speculate on how ChatGPT and AI in general will change Cybersecurity for the better and for the worse! Supporting Articles:Unleashing the Power of ChatGPT for Bug Bounty and Penetration TestingNapkin Ideas Around What Changes to Expect Post-ChatGPTHow ChatGPT can turn anyone into a ransomware and malware threat actor Andrew Ng Twitter Threat on "Authoritative Nonsense"Sam Altman's comment on ChatGPT's "greatness" If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This was a pretty boring news week. ChatGPT took up all the air, so we tried it out to see if it could podcast better than us! Spoiler alert - Not yet. The ChatGPT summaries (included below as an fyi) were ALL wrong in some way, and we discuss how in the podcast. Article 1 - AWS strains to make Simple Storage Service not so simple to screw upChatGPT Summary - Amazon Web Services (AWS) has announced a new feature for its Simple Storage Service (S3) called S3 Replication Time Control (S3 RTC), which allows users to specify the exact time that objects should be replicated between S3 storage classes and AWS regions. S3 RTC is designed to help users reduce costs and improve the efficiency of their data replication processes by allowing them to specify when replication should occur and how often it should be repeated. The feature also includes options for scheduling replication during specific time windows and for specifying different replication times for different object groups. AWS believes that S3 RTC will be particularly useful for users who need to replicate data between regions for disaster recovery or compliance purposes, as it allows them to specify exact replication times to meet their specific business needs. Article 2 - Royal Ransomware Puts Novel Spin on Encryption TacticsChatGPT Summary - The article discusses a new variant of ransomware called "Royal Ransomware," which uses novel encryption tactics to evade detection and make recovery more difficult. The ransomware is delivered through a phishing email that contains a malicious link or attachment, which, when clicked, installs the malware on the victim's system. Once installed, the ransomware encrypts the victim's files and demands a ransom in exchange for the decryption key. What sets Royal Ransomware apart from other ransomware is its use of advanced techniques to avoid detection by security software and to make it more difficult for victims to recover their data. These techniques include using multiple layers of encryption, deleting shadow copies of the victim's files, and installing a rootkit to maintain persistence on the victim's system. The article advises organizations to implement strong cybersecurity measures, such as email filtering and employee training, to protect against ransomware attacks. Article 3 - InfraGard, FBI Program for Critical Infrastructure Cybersecurity, Breached by HackersChatGPT Summary - The Federal Bureau of Investigation (FBI) has issued a warning about a recent cyber attack on the InfraGard program, which is a partnership between the FBI and private sector organizations to share information about critical infrastructure and cybersecurity threats. The attack reportedly involved the use of a phishing email that was sent to InfraGard members, which contained a link that, when clicked, installed malware on the recipient's computer. The malware gave the attackers access to the victim's system and allowed them to steal login credentials and other sensitive information. The FBI is advising InfraGard members and other organizations to be cautious when opening emails and to use strong passwords and two-factor authentication to protect against these types of attacks.Supporting Article:FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked Article 4 -

We have a smorgasbord of articles today! Some consultants tell us that Deception is hard, and David has a spicy take, we discuss differential privacy briefly, aged domains used in malware, and KILLER ROBOTS! Article 1 - Crafty threat actor uses 'aged' domains to evade security platforms Article 2 - How to Use Cyber Deception to Counter an Evolving and Advanced Threat Landscape Article 3 - Computer Repair Technicians Are Stealing Your DataSupporting Article:Samsung Releases Maintenance Mode, A New Feature To Hide Your Personal Information From Prying EyesThinking about taking your computer to the repair shop? Be very afraid Article 4 - San Francisco lawmakers approve lethal robots, but they can't carry gunsSupporting Articles:Bomb-disposal robot violently disposes of Dallas cop-killer gunmanGoliath Demolition Tank Article 5 -Census Bureau Chief Defends New Privacy Tool Against CriticsSupporting Article:What is Differential Privacy and How does it Work? If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

As you know, we're always looking for new and interesting reports to discuss, and this time we're discussing the Hype Cycle. It's a report that's published by Gartner, and made available to normal folks like us via Vendors! So what is the Hype Cycle (specifically for Security Operations here... I guess there are other Hype Cycles for other areas) and what can we learn from it? If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

The Interplanetary File System serving malware from the stars! Also included are some bonus discussions around automatically exfiltrating information from your own organization using SOAR and a discussion about an article on API myths. Matthew got heated on the API one. It's mostly good information, but presented in a super sale-sy way. And there's nothing Matthew hates more than sales. Vendors make him froth at the mouth. Article 1 - Top 5 API Security Myths That Are Crushing Your Business Article 2 - InterPlanetary File System Increasingly Weaponized for Phishing, Malware DeliverySupporting Articles:Attackers Using IPFS for Distributed, Bulletproof Malware HostingSeveral Cyber Attacks Observed Leveraging IPFS Decentralized NetworkInterPlanetary File System Article 3 - urlscan.io's SOAR spot: Chatty security tools leaking private dataSupporting Articles:Tell HN: GitHub leaked names of private repos with pagesUnderstanding Google Dorks and How Hackers Use Them If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Matthew ran a little late this weekend, so apologies for being a day late deploying the latest security news into your earhole! We talk Solarwinds and a lawsuit, then a little SEC action. Then we discuss the ever decreasing time frame to patch new vulnerabilities, and we lead off with a little conspiracy theory action about a government contractor that just might be using their privileged position for some man in the middle for the gov. I mean, what legitimate government contractor ISN'T run out of a UPS Store? Article 1 - Mysterious company with government ties plays key internet roleSupporting Article:Where does Firefox store cerificates and how to delete one? Article 2 - Zero-day are exploited on a massive scale in increasingly shorter timeframesSupporting Article:Microsoft Digital Defense Report 2022Intro to HDMoore’s Law Article 3 - SolarWinds Faces Potential SEC Enforcement Act Over Orion BreachSupporting Article:CLASS ACTION COMPLAINT FOR VIOLATION OF THE FEDERAL SECURITIES LAWS SOLARWINDS CORPORATION Form 8-K If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Several short stories for your consideration on this fine November day. First, Sophos thinks we're on the hysteria part of the FUD Curve where Deepfakes are concerned, and we agree (as if our opinion mattered). Then we discuss Bitcoin Mining Firms possibly going bankrupt. Not really security related, but hey, it was interesting. The Samsung is introducing Maintenance Mode for when you have to hand your phone over to be repaired! Finally, the most interesting, the use of IIS Web Logs for command and control... this is amazing. Unfortunately, the article didn't have a ton of information, but it's a really cool new method! Article 1 - Phishing works so well crims won't bother with deepfakes, says Sophos chap Article 2 - World’s largest Bitcoin mining firm Core Scientific on the verge of insolvency Article 3 - Maintenance Mode aims to keep phone data private during repairs Article 4 - Hackers use Microsoft IIS web server logs to control malwareSupporting Article(s):Cranefly Cyberspy Group Spawns Unique ISS Technique If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

It's all Uber all day today. First we discuss the implications of Uber CSO being charged for not reporting the 2016 incident to the FTC and misprision! Then we review a blog article on how Uber managed to reduce their log size by 169x! Article 1 - The Fallout From the First Trial of a Corporate Executive for ‘Covering Up’ a Data BreachSupporting Article(s):Former Uber general counsel testifies ex-security chief downplayed 2016 data breach Article 2 - Reducing Logging Cost by Two Orders of Magnitude using CLPSupporting Article(s):CLP: Efficient and Scalable Search on Compressed Text Logsy-scope / clp - Github If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

A report! A new report, in the torrents of blog posts and reports released by security companies! A boring report :( We discuss the Google September 2022 Threat Horizons report. It's extremely Google Cloud centric, which I suppose it expected, but a little sad. I think we were both disappointed in this report, as it's a very dry read, doesn't really present much new information, and has mitigations specific to Google Cloud. Report Link - September 2022 Threat Horizons Report If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Alright, so it's a little click baity, but I'm seeing that this is going to be a new role in criminal gangs. Drone Pilot. We also discuss putting backdoors in ML Models at Compile Time, Microsoft's new RSS feed for vulns, and local thieves using jammers and de-authers to help them steal cars! Article 1 - Inserting a Backdoor into a Machine-Learning System Article 2 - How criminals are using jammers, deauthers to disrupt WiFi security camerasSupporting Articles:AURSINC WiFi Deauther Watch V1 ESP8266 Development Board | Wearable Watch | OLED | Attack/Control/Test Tool | LOT for DSTIKE NodeMCU(2.4GHz ONLY)Handheld MEGA 16 5GDRONESHOOT 800 – PHANTOM TECHNOLOGIES’ ANTI DRONE GUNHow Much Does Security Camera Installation Cost?Why Deauthing is not Jamming Article 3 - Microsoft adds new RSS feed for security update notificationsSupporting Link:https://api.msrc.microsoft.com/update-guide/rss Article 4 - How Wi-Fi spy drones snooped on financial firmSupporting Articles:Drone Hacking a FAKE Makerspace BONUS ARTICLE - Microsoft Defender for Endpoint announcements at Microsoft Ignite 2022 If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Malicious OAuth apps are coming for your Exchange admins! Oh noes! Also, Powerpoint gets in the malware delivery game and it turns out that hackers are not considering the efficiency of spinning up AWS boxes to run cryptominers. Not very considerate of them. David has a particularly nasty twist on the Powerpoint one. Article 1 - Exchange servers abused for spam through malicious OAuth applicationsSupporting Article:OAuth app policies Article 2 - Hackers Using PowerPoint Mouseover Trick to Infect Systems with Malware Article 3 - Cryptominers hijack $53 worth of system resources to earn $1Supporting Article:Configure Amazon EC2 Dedicated Hosts If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

We discuss a new malware-as-a-service offering, bankers dodging regulations by using third party chat, and what would a Bloomberg Terminal for security look like? Article 1 - Want to sneak a RAT into Windows? Buy Quantum Builder on the dark webSupporting Article:Agent Tesla RAT Delivered by Quantum Builder With New TTPs Article 2 - Ever suspected bankers could just use WhatsApp comms? $1.8b says you're rightSupporting Articles:15 U.S. Code § 78q–1 - National system for clearance and settlement of securities transactionsSEC Charges 16 Wall Street Firms with Widespread Recordkeeping Failures Article 3 - When Will Cybersecurity Get Its Bloomberg Terminal?Supporting Article:Beginner’s Guide to the Bloomberg Terminal Article 4 - High-Profile Hacks Show Effectiveness of MFA Fatigue Attacks If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

We discuss the advances in AI Voice Technology, a new executive order requiring software vendors to establish secure coding practices, and a blog post on Anton Chuvakin's blog about transparency and trust in your detections from him and Oliver Rochford. Article 1 - We’re Entering the Age of Unethical Voice TechSupporting Articles:Fraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police FindBanned Commercials - John Wayne Beer Commercial.mpg Article 2 - White House to tech world: Promise you'll write secure code – or Feds won't use it Article 3 - On Trust and Transparency in Detection If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Today we discuss China calling out the US for hacking universities, the new Twitter lawsuit on behalf of stock owners, and Uber being hacked. Article 1 - Twitter, Inc. (Whistleblower) Article 2 - China Accuses the NSA of Hacking a Top University to Steal DataSupporting Articles:Northwestern Polytechnical UniversityChinese Experts Uncover Details of Equation Group's Bvp47 Covert Hacking ToolDOD Grows University Affiliated Research Center Partnerships With HBCUsFY23 Department of Defense AppropriationsDoD Basic Research Letter - Final Article 3 - Uber reels from 'security incident' in which cloud systems seemingly hijackedSupporting Articles:Bill Demirkapi Summary Thread on TwitterTeamPass If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode we look at a marketing article that discusses some survey result that are a little interesting, specifically regarding how people at companies feel about cyberwar. Then we read over and discuss some highlights from an interview with an Inital Access Broker that's super interesting. Article 1 - The (Nation) State of Cyber: 64% of Businesses Suspect They’ve Been Targeted or Impacted by Nation-State Attacks Article 2 - An interview with initial access broker Wazawaka: ‘There is no such money anywhere as there is in ransomware’Supporting Link:Who is the Network Access Broker ‘Wazawaka?’ If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we discuss Cloudflare IP's being banned in Austria due to overzealous Copyright enforcement, how attackers are moving off of Cobalt Strike as it's getting too well known, and finally Stego! Yes, that's right, all of that CTF experience in stegonagraphy will finally come in handy! Attackers were spotted downloading malware hidden in the cert of a JPG. Article 1 - Pirate sites ban in Austria took down Cloudflare CDNs by mistakeSupporting Links:How content delivery networks (CDNs) workWahrnehmung von Leistungsschutzrechten GmbH - Informationen Article 2 - Cybercrime Groups Increasingly Adopting Sliver Command-and-Control FrameworkSupporting Links:A How-To Guide for Using Sliver Article 3 - James Webb telescope images used to hide malwareSupporting Links:How to monitor/detect Microsoft Office macro execution?Command line process auditing If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we discuss street criminals turning from drug related crime to fraud and potentially cybercrime, and PyPI's issues with malicious packages. Article 1 - Small-time cybercrime is about to explode — We aren't readySupporting Articles:Crime clearance rate in the United States in 2020, by typeThe NYPD Tapes: Inside Bed-Stuy’s 81st PrecinctMiami Street Gangs See No Hope In Dope. They’ve Switched To Identity Fraud Fueled By Russian HackersBrett Johnson: US Most Wanted Cybercriminal | Lex Fridman Podcast #272 Article 2 - Malicious PyPi packages turn Discord into password-stealing malwareSupporting Articles:Two more malicious Python packages in the PyPI241 npm and PyPI packages caught dropping Linux cryptominersSnyk finds PyPi malware that steals Discord and Roblox credential and payment info If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we discuss ClOP ransoming the wrong water company (oop?) and Tornado Cash sanctions. We're not crypto experts, but dang if it isn't super interesting. Article 1 - Hackers attack UK water supplier but extort wrong companySupporting Article(s):Hackers Attack UK Water Supplier, Apparently Send Ransom Demand to the Wrong Company Article 2 - Dutch authorities arrest 29-year-old dev with suspected ties to Tornado CashSupporting Articles:Erik Voorhees urges MakerDAO community to exit USDC positions after Tornado Cash sanctionsDutch Authority says arrested Tornado Cash developer suspected of involvement in financial crimesDevelopers could be punished for code created to commit crime, says Dutch regulatorArrest of suspected developer of Tornado CashThe Chopping Block: Did OFAC Overstep by Sanctioning Tornado Cash? – Ep. 386Cloning Tornado Cash Would Be Easy, but Risky'It Doesn’t Change Anything' Says Tornado Cash After Code Disappears From GitHubDeFi Exchange dYdX Blocking Addresses Associated With Tornado CashDeFi Web Apps Block Users Hit by Tornado Cash ‘Dust Attack’TRM Labs - Digital Asset Compliance and Risk Management If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we discuss the IBM Security Cost of a Data Breach Report 2022. It's actually a really interesting report that goes into some detail on how much a Data Breach costs, and what things you can do as a defender to drive those costs down (and what things you're doing that increase those costs!) We break down some of the high level statistics, and then we discuss what are the top things you can be doing to drive down the costs if your company gets breached. Highly actionable information in here. Report Link - Cost of a Data Breach Report If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we discuss the AIG Threat Group and their impact on Security, and then how another 'encrypted' message provider apparently doesn't know what that means. We actually stuck to our self imposed 30 minute limit for once! Shocking! Really because we only picked two articles this week. Ah well. Article 1 - 'AIG' Threat Group Launches With Unique Business Model Article 2 - For months, JusTalk messages were accessible to everyone on the InternetSupporting Articles:Messaging app JusTalk is spilling millions of unencrypted messagesLaw Enforcement Portals: Gateways to Compliance’s FutureUS government’s reported number of wiretaps don’t add upPwC audits ExpressVPN servers to confirm essential privacy protectionsAll Proton VPN apps are now open source and auditedFBI Snooped on Criminals Using Encrypted Messaging App If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we discuss INSURANCE! AGAIN! It's seriously the most interesting part of Cyber right now. Travelers Insurance is attempting to get a court to release it from paying a company because a company did not use MFA everywhere. Super interesting. Additionally we discuss Huawei and forced removal of equipment, and a prison break in Nigeria. We are all over the place this week. Article 1 - Travelers Wants Out of Contract With Insured That Allegedly Misrepresented MFA Use Article 2 - Bill for US telcos to bin Chinese kit blows out by $3 billionSupporting Articles:Take it Huawei, Pai: Senate passes bill to rip 'dodgy' kit from rural telcosCNN Exclusive: FBI investigation determined Chinese-made Huawei equipment could disrupt US nuclear arsenal communicationsH.R.4998 - Secure and Trusted Communications Networks Act of 2019The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. CompaniesYears later, Bloomberg doubles down on disputed Supermicro supply chain hack story Article 3 - Nigerian Prison BreakSupporting Articles:UPDATED: Kuje Prison Attack: Heads will roll as Buhari receives report indicting officials – AregbesolaKuje Prison Attack: Our prisons not built to withstand terrorist attacks – Controller General If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we look at a $20 GPS tracker that you can add to your car to disable it if stolen, a (possibly) fake Android App to attack Russians for invading Ukraine, and a new product that promises to solve your ransomware problems. Is this the end of the line for ransomware finally? (spoiler alert - Probably not) Article 1 - Unpatched GPS Tracker Security Bugs Threaten 1.5M Vehicles With DisruptionSupporting Articles:Seriously, David found like 20 of these, and they all have mostly the same info. I'm not copying them all down here. That being said, if you wanted to order one to play around with it - Mini GPS Tracker Car Micodus MV720N Article 2 - Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia"Supporting Articles:Anti-Russian denial-of-service app actually infects pro-Ukrainian activistsContinued cyber activity in Eastern Europe observed by TAG Article 3 - Can Encryption Key Intercepts Solve The Ransomware Epidemic?Supporting Articles:Nubeva Announces Third-Party Validation Of Its Upcoming Ransomware Reversal Solution If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we try something new... A movie review! WHOAMI is a German language movie, with English subtitles available on Netflix. Plot Summary from IMDB - "Benjamin, a young German computer whiz, is invited to join a subversive hacker group that wants to be noticed on the world's stage." There will be spoilers without, so if you decide you want to watch it before listening to the podcast, here is your warning! (There's an audio warning before we start on the spoilers) If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we look at the accusation that North Korea was behind the Harmony Bridge hack, Twitter users behind fished by a devious new method, and the 1 billion records lost in China because a dev hard coded some credentials into their code. Yikes. Article 1 - Verified Twitter accounts phished via hate speech warnings Article 2 - Crypto sleuths pin $100 million Harmony theft on Lazarus GroupSupporting Articles:More than $100m in cryptocurrency stolen from blockchain bizAxie Infinity’s blockchain was reportedly hacked via a fake LinkedIn job offerHow a fake job offer took down the world’s most popular crypto gameTrail Through Tornado Cash to North Korea Article 3 - Human Error Blamed for Leak of 1 Billion Records of Chinese CitizensSupporting Articles:The Shanghainese of 6000 Years Ago - the Majiabang Culture If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we anxiously pore through the 2022 DBIR, looking for nuggets of wisdom we can apply to our defenses... only to find that not much changed this year. Ransomware is up, social engineering is down, but it's still a lot of the same types of attacks being done the same way by the same bad guys. If next year's is similar, we will not bother having a specific episode for review. Article - 2022 Data Breach Investigations Report If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode we discuss the top ten mistakes that CISO's make when it comes to vulnerability management. I think that really could have been a top 5 list, but hey, maybe there was a word count. Then we discuss RSA. Which is funny, because neither of us went, so we read a bunch of articles about it and pretend we went! Interestingly enough, we meant to discuss RSA as a covid super spreader event, and our different risk based takes on Covid, but we ran out of time! Article 1 - Vulnerability management mistakes CISOs still make Article 2 - RSA 2022 Musings: The Past and The Future of SecuritySupporting Articles:Inside the RSAC expo: Buzzword bingo and the bear in the roomRSAC branded a 'super spreader event' as attendees share COVID-19 test resultsMDR vs. MSSP: Why it's vital to know the difference If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we discuss a study done on the changes in timeline of ransomware actions from 2019 to 2021, including some enviable metrics reductions. Seriously, if our companies were able to make efficiency increases like these, stockholders would be jumping for joy! Article - Countdown to Ransomware: Analysis of Ransomware Attack TimelinesSupporting Articles:Quantum RansomwareManaging Administrative Shares (Admin$, IPC$, C$, D$) in Windows 10How to remove administrative shares in Windows Server 2008 If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we discuss a Kill Chain-like model for Social Engineering attacks. We were going to do two articles, but we went deep. Really deep. So we split this one, and next week you'll get to hear about the Ransomware Timeline study. That one was super interesting too! Since the joke was ransomware related, I cut it out of this podcast, so no dad-level joke this week. Article - Social Engineering Kill–Chain: Predicting, Minimizing & Disrupting Attack VerticalsSupporting Articles:Street Thief | Thriller Movie | Full Length | Free YouTube Movie If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we discuss how attackers can prehijack your account on popular social media and other apps, and how a surprising number of websites watch what you're doing before you hit submit. Article 1 - Hackers can hack your online accounts before you even register themSupporting Articles:Hackers Can 'Pre-Hijack' Online Accounts Before They Are Created by Users Article 2 - Thousands of Popular Websites See What You Type—Before You Hit SubmitSupporting Articles:Awesome Gmail address tricks to get more out of your email ID If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we discuss Client Side Scanning, which is not what you think it is, the slippery slope it leads to, and the new US Law regarding reporting that just passed the US Senate. Article 1 - Client side scanning may cost more than it deliversSupporting Articles:https://www.quora.com/Why-is-Facebook-censoring-private-messages Article 2 - Breaking Down the Strengthening American Cybersecurity Act If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode we discuss Russia putting prisoner's to work on IT, and Cryptocurrency launderer put on US Sanctions list. Article 1 - Russia to Rent Tech-Savvy Prisoners to Corporate IT?Supporting Articles:Will It Blend Chuck Norris14th AmendmentWhat is Hard Labor?How Much do Prisoners Make in Each State? Article 2 - Cryptocurrency laundromat Blender shredded by US Treasury in sanctions firstSupporting Articles:Who Is A United States Person?Sanctions List Search ToolA Fistful of Bitcoins: Characterizing Payments Among Men with No NamesCrypto Crime Trends for 2022: Illicit Transaction Activity Reaches All-Time High in Value, All-Time Low in Share of All Cryptocurrency Activity If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode we discuss the upcoming licensure requirements for SOC and Pentesting firms operating in Singapore, and then we briefly review a report from Microsoft on the how Russia is operating it's cyber arm of the war against Ukraine. Article 1 - Singapore to license pentesters and managed infosec operatorsSupporting Articles:Original Law from 2018CSA Kicks Off Licensing Framework for Cybersecurity Service ProvidersLicensing Industry Consult Document (pdf)CLOSING NOTE TO INDUSTRY CONSULTATION ON THE LICENSING FRAMEWORK FOR CYBERSECURITY SERVICE PROVIDERS2022 Index of Economic Freedom Article 2 - Microsoft: Russia Using Cyberattacks in Coordination With Military Invasion of UkraineSupporting Articles:The hybrid war in UkraineThe actual report the other two links are summaries of!Microsoft Documents Over 200 Cyberattacks by Russia Against Ukraine 0:03 / 2:35 The Way of the Gun (1/9) Movie CLIP - Raving Bitch Knock-Out (2000) HD If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we discuss the coming business of PERSONAL cyber insurance, and the late breaking news that India will be soon requiring some businesses to be notifying the government of a wide ranging set of "incidents" within 6 hours. You have to read this one to believe it. Article 1 - What’s happening in the world of personal cyber insurance?Supporting Articles:Do you need to get a personal cyber insurance policy?Do You Need Personal Cyber Insurance For Cyberattacks? Article 2 - India to require cybersecurity incident reporting within six hoursSupporting Articles:Text of announcement - Notice the lack of details!Public-private cooperation for pandemic preparedness and responsePresident Biden Signs into Law the Cyber Incident Reporting for Critical Infrastructure Act, Expanding Cyber Reporting Obligations for a Wide Range of Public and Private Entities If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we finish taking a deep dive into an article by my Infosec spirit animal, Daniel Miessler on the future of Information Security work. We agree, we disagree. You should read the article and listen. Article - Thinking About the Future of InfoSec (v2022) If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app! I put on my robe and wizard hat... (NSFW)

In this episode, we take a deep dive into an article by my Infosec spirit animal, Daniel Miessler on the future of Information Security work. We agree, we disagree. You should read the article and listen. Article - Thinking About the Future of InfoSec (v2022) If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app! I put on my robe and wizard hat... (NSFW)

In this episode, we discuss a recent FBI report on cybercrime, and then we talk about the recent Ronin Bridge hack on Axie Infinity, and we get super deep into discussing the game, rather than the hack. Oops? Article 1 - Cybercriminals made $7bn in pure profit in 2021, says FBISupporting Articles:FBI Releases the Internet Crime Complaint Center 2021 Internet Crime ReportOrganizations paid at least $602 million to ransomware gangs in 2021 Article 2 - $625M stolen from Axie Infinity ‘s Ronin bridge, the largest ever crypto hackSupporting Articles:Who Hurts Most in $600 Million Axie Heist? ‘Not the Venture Capitalists’How much do you earn playing axie infinity?Community Alert: Ronin Validators Compromised If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we spend way too much time discussing a specious article about how state sanctioned criminals don't actually present any unique methods of disruption, and then hop skip and jump to Lapsus$ for a few minutes. This one ran too long, both for the State Sanctioned, and the hack on Axie Infinity (coming next week!) so we broke it into two episodes. Article 1 - https://www.csoonline.com/article/3655075/leaked-hacker-logs-show-weaknesses-of-russia-s-cyber-proxy-ecosystem.htmlSupporting Articles:LEAKED CHATS SHOW RUSSIAN RANSOMWARE GANG DISCUSSING PUTIN’S INVASION OF UKRAINE Article 2 - A Closer Look at the LAPSUS$ Data Extortion GroupSupporting Articles:Trustwave’s Action Response: The Lapsus$ Hacker Group Shows Us the Importance of Securing the Digital Supply Chain If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Welcome to our first episode of a new sub-series - The Coming Tech Dystopia. We had so much fun ranting about the state a few episodes ago, we decided to sprinkle in the occasional episode where we see a technology with potential dystopian impact. This time we saw an article on how Ukraine is partnering with a Facial Recognition company to use their tech in the war. Primary Article - Ukraine is using Clearview AI’s facial recognition during the conflictSupporting Articles:Exclusive: Ukraine has started using Clearview AI’s facial recognition during warRacial Discrimination in Face Recognition TechnologyWHAT IS FACIAL RECOGNITION TECHNOLOGY?How to get around facial recognitionHow to Thwart Facial Recognition and Other Surveillance​Anti-Facial Recognition Masks: Accessories Of The FutureReflectaclesMcLean neighborhood tackling crime by installing license plate scanners As always, please subscribe on your favorite podcast app, and rate and review so that other people will come to know and love us as much as our mothers do

In this episode, we review a number of articles discussing the war in Ukraine, and why we haven't seen the Cyberwar we imagined would happen. Article 1 - Where are the (serious) Russian cyberattacks?Supporting Articles:Second data-wiping malware found in Ukraine, says ESETImplement Cybersecurity Measures Now to Protect Against Potential Critical ThreatsWhere’s the Russia-Ukraine Cyberwar? (Links to 4 other articles)Defense Primer: Information OperationsWikipedia - Operation MockingbirdPentagon warns of cyber and kinetic retaliation to significant cyber attack against the US“Vranyo”: a previously untranslatable Russian word …Vulnerable U.S. electric grid facing threats from Russia and domestic terrorists If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we discussed the Krebs on Security series on the Conti Ransomware chat logs. For an hour. Supporting Article Series - Conti Ransomware Group Diaries, Part I: Evasion If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode we review and discuss a book that was nominated to the Cybersecurity Canon, but not accepted - Daemon by Daniel Suarez. We start off spoiler free, but quickly go deep into spoiler territory and discuss the plot of the book, the technology used in the book, the hacking seen, and the future that the Daemon plans for us all. Links:Cybersecurity CanonDaemon by Daniel Suarez As always, please subscribe on your favorite podcast app, and rate and review so that other people will come to know and love us as much as our mothers do

In this episode we discuss securing Low- and No-Code development, hackers who plant evidence of crimes, US Justice Department announcing it will attack hackers first, and a short discussion around NVidia ransoming their ransomers! Article 1 - 4 security concerns for low-code and no-code development Article 2 - A Hacker Group Has Been Framing People for Crimes They Didn't CommitSupporting Articles:This malware gang plants incriminating evidence on PCs, gets victims arrestedChild Porn Investigations May Snare the Innocent Article 3 - US to attack cyber criminals first, ask questions later – if it protects victimsSupporting Articles:Deputy Attorney General Lisa O. Monaco Delivers Remarks at Annual Munich Cyber Security Conference Russia arrests 14 alleged members of REvil ransomware gang Article 4 - Ransomware Group Lapsus Claims NVIDIA Hacked Back After Its Attack On The GPU GiantSupporting Articles:GPU giant Nvidia is investigating a potential cyberattack If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we go deep down the paranoid rabbit hole to discuss what the government would do with facial recognition technology, and we also discuss how the government recovered $3.6 billion in stolen Bitcoin. This one is a little different than our normal episodes. Time to start prepping! Article 1 - ID.me Says It Will Make Facial Recognition Optional for Government AgenciesSupporting Articles:The IRS directed 7 million Americans to sign up with ID.me face-scan service, according to congressional letterIRS debuts face biometrics and suddenly everyone is a privacy regulatorFederal research contractor wants a fence between identity and emotion biometricsNotice of Request for Information (RFI) on Public and Private Sector Uses of Biometric TechnologiesID.me says it uses more powerful facial recognition than previously claimed Article 2 - Feds Arrest Couple Who Allegedly Laundered $1 Billion in Stolen BitcoinsSupporting Articles:Crypto Laundering: Bitcoin + Money LaunderingThe DOJ’s $3.6B Bitcoin Seizure Shows How Hard It Is to Launder CryptoMoney Laundering and Structuring Under Federal Law If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode we discuss two recent surveys, one on malicious bots that attack web sites, and one on cloud security and the struggles there. Article 1 - Supporting Article: Data Highlights Growing Threat From Intelligent Bots Operated at Scale by CybercriminalsOriginal Paper - 2022 STATE OF FRAUD & ACCOUNT SECURITY Article 2 - Why Security Pros Are Frustrated With Cloud Security If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode, we discuss Active Defense! What is it, how do you do it, and what should you pay for. Supporting Links:What is Active Defense?SEC599: Defeating Advanced Adversaries - Purple Team Tactics & Kill Chain Defensesparalax / awesome-honeypotsThinkst CanaryJavelin Networks - AD ProtectNaval PostGraduate School - An Improved Tarpit for Network Deception If you found this interesting or useful, please like and subscribe, and follow us @serengetisec for more! Without that social validation, we just sulk around the house all day.

In this episode we discuss the $1.4 billion dollar Merck Lawsuit against their cyber insurer, and a prediction for 2022 - Adversarial AI! We also briefly review a really scammy sponsored article claiming a new options trading site for cryptocurrency is totally trustworthy. Article 1 - Cyber Insights 2022: Adversarial AI Article 2 - What enterprises should learn from Merck’s $1.4 billion insurance lawsuitSupporting Articles:Cyberinsurance companies don’t want to pay out for “acts of war”School District reports a 334% hike in cybersecurity insurance costsMerck’s $1.4 Billion Insurance Win Splits Cyber From ‘Act of War’NotPetya - Five Facts to Know About History’s Most Destructive CyberattackSuperior Court of New Jersey Law Division Civil Union County Docket for Case #: L-002682-18The Untold Story of NotPetya, the Most Devastating Cyberattack in History2022 SSCIP Cyber Insurance Contract Extension Recommendation Article 3 - SPONSORED (my addition) - Is TurboXBT legit? Here’s what you need to know about the platform If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode we discuss everyone's most favorite of topics, Vulnerability Management! Supporting Links:What is Vulnerability Management and Scanning?Why there are at least 6,000 vulnerabilities without CVE-IDs If you found this interesting or useful, please like and subscribe, and follow us @serengetisec for more! Without that social validation, we just sulk around the house all day.

In this episode we talk about hiring in Information Security. This discussion was triggered by an article on not hiring losers, so we discuss the article and then transition into more generic hiring information for both people doing the hiring, and trying to get hired. Supporting Articles:Losers Exist, Don’t Hire Themlevels.fyiCreating a High-Performing Cybersecurity TeamWork Rules, by Laszlo Bock If you found this interesting or useful, please like and subscribe, and follow us @serengetisec for more! Without that social validation, we just sulk around the house all day.

Our episode last week went so long, we split it into two. We continue the conversation this week discussing a study showing that simulated phishing attacks may increase susceptibility? Additionally, and article discussing stealing Site Reliability Engineering ideas for your SOC and automation. Article 1: Research: Simulated Phishing Tests Make Organizations Less SecureSupporting Articles:Phishing in Organizations: Findings from a Large-Scale and Long-Term Study Article 2: Stealing More SRE Ideas for Your SOCSupporting Articles:Google SRE Book If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

In this episode we discuss T-Mobile once again at the center of attention with SIM card swapping, and Facebook notified 50k users they're the targets of surveillance as the worst of cyberpunk appears to be coming to. All hail all corporate overlords! Article 1: T-Mobile says new data breach caused by SIM swap attacksSupporting Articles:FBI San Francisco Warns the Public of the Dangers of SIM SwappingT-Mobile discloses data breach after SIM swapping attacks (From Feb.) Article 2: Facebook disrupts operations of seven surveillance-for-hire firmsSupporting Articles:The Coca-Cola KillingsIs Accountability Even Possible? If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!