For those unaware, what exactly is an SBOM, and why is it so important?One of the presentations you gave mentioned that software supply chain attacks shouldn't be discussed as "emerging threats" - these really have been going on for years. Why do you think we still talk about it as an emerging threat or something novel? We know you've recently talked about an effort dubbed "VEX" which seeks to add context to SBOM information. How is this valuable and how can it be used to reduce risk?What would you say are the top 3 things that organizations could do today to be aware of in regards to software supply chain attacks?In regards to SBOMs for complex environments such as SaaS where you have several parties involved and interdependencies, how do you see the SBOM evolving in that space?How do you see organizations operationalizing SBOM's from a Cyber practitioner perspective? How will it fit in to a robust cybersecurity program?
Malware Quiz https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Odd Zip Files https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Decrypting Cobalt Strike Configurations Using Known Secret Keys https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/ Tracking BLE Fingerprints https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf GPS Software Bug https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/gps-daemon-gpsd-rollover-bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
This Week Dr. Doug talks: CyberTraining, the death of FTP, Quickfox VPN, Zerodium, FIN7, TruthSocial, GPS hijinx, candy corn, as well as all the show wrap ups on this edition of the Security Weekly News Wrap up Show! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn160
Cybersecurity: In this episode of Cloud Talk, we discuss the evolution of cybercrime with 20+ year veterans of IT security. From early-90s IRC battles to today's nation-state backed hacker industry, we discuss how companies can make small changes to combat these forces. Special Guests: Gary Alterson and Vinnie Liu.
Roger Grimes is an industry expert and the Data Driven Defense Evangelist for KnowBe4. In this episode, Roger explains how the majority of multifactor authentication (MFA) is phishable, what types aren't as susceptible to phishing attacks, and more. KnowBe4 is the world's first and largest New-school security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. To learn more about our sponsor, KnowBe4, visit https://knowbe4.com
Azeem is the creator of Exponential View, a leading platform for in-depth tech analysis. His weekly newsletter is read by 200,000 people from around the world, and his podcast has featured guests including Yuval Noah Harari, Tony Blair and Kate Raworth. A member of the World Economic Forum's Global Futures Council, Azeem contributes to publications including the Financial Times, Wired and the MIT Technology Review. His new book is called Exponential: How Accelerating Technology Is Leaving Us Behind and What to Do. In this podcast we discuss: The four technologies driving exponential age What's different between today and previous tech transitions How tech companies defy conventional understanding Why productivity has been low Climate change and productivity Understanding US/China/Europe tech rivalry Importance of big tech in dealing with cyber risk Books that influenced Azeem: Technological Revolutions and Financial Capital (Perez) and Letters to a Young Poet (Rilke)
Stolen Images Evidence Campaign Pushes Sliver Based Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/ FiveSys Rootkit Signed By Microsoft https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2021.html WinRAR Vulnerability https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/ Crypto Mining npm Libraries https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
On October 6, a massive leak of Twitch data revealed how much cash its biggest streamers made. The leak isn't the first time Twitch's security has been called into question and as the fallout from the leak spiraled, Motherboard reporter Lorenzo Franceschi-Bicchierai went looking for an older story, the story of Urgent Pizza. This week on Cyber, Lorenzo tells us the story of the biggest hack in Twitch history. In 2014 unskilled hackers walked right into Twitch's code and made off with everything. It was right after Amazon had paid nearly $1 billion for the company. Later, Lorenzo breaks down everything Activision is doing to prevent cheating in Call of Duty. See acast.com/privacy for privacy and opt-out information.
Thanks to Covid 19: New Types of Documents are Lost in the Wild https://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/ Google Chrome 95 Released https://chromestatus.com/roadmap Squirrel VM Bug https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html BlackByte Decryptor Released https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/ https://github.com/SpiderLabs/BlackByteDecryptor
On this week's Cyber Report, sponsored by Northrop Grumman, Dmitri Alperovich, the co-founder and former CTO of cybersecurity firm CrowdStrike who is now the cofounder and executive chairman of the Silverado Policy Accelerator and John Cofrancesco of Fortress Information Security discuss progress being made across government and the international community in improving cybersecurity and specifically responding to ransomware and supply chain security challenges with Defense & Aerospace Report Editor Vago Muradian.
EP278 - Adobe Holiday E-Commerce Forecast with Taylor Schreiner In Episode 277 we covered some of the early overall holiday sales forecasts, and the issues likely to impact this holiday season. In this episdoe we get the very first look at Adobe 2021 Holiday Shopping Forecast. This is a deep dive on digital shopping behaviors based on Adobe Analytics, which analyzes 1 trillion visits to retail sites and over 100 million SKUs. We break it all down with Taylor Schreiner, Director of Adobe Digital Insights. Episode 278 of the Jason & Scot show was recorded on Thursday. October 14th, 2021. http://jasonandscot.com Join your hosts Jason "Retailgeek" Goldberg, Chief Commerce Strategy Officer at Publicis, and Scot Wingo, CEO of GetSpiffy and Co-Founder of ChannelAdvisor as they discuss the latest news and trends in the world of e-commerce and digital shopper marketing. Transcript Jason: [0:24] Welcome to the Jason and Scot show this episode is being recorded on Thursday October 14 2021 I'm your host Jason retailgeek Goldberg and as usual I'm here with your co-hosts Scot Wingo. Scot: [0:38] Hey Jason and welcome back Jason Scott show listeners we are smack in the middle of October and for all of our retail listeners you know what that means it is go time for Holiday 21 way back in episode 277 last week we talked about the supply chain challenges I like to call that Supply pain and we shared the e-commerce retail forecast from Salesforce Deloitte and beIN but there was one notable missing forecast from that list and that's one of our favorites the Adobe forecast well in this episode we're going to fix that hole in the universe we're going to fill it and Adobe is releasing their holiday forecast here on the 20th which is when we'll be releasing this podcast and we are really excited to have with us today Taylor Schreiner he is the director of Adobe Digital insights and fun fact this is adobe's fifth time on the show Welcome Back Taylor. Taylor: [1:34] Thanks God do we get a free sandwich. Scot: [1:37] Sure if we were there together we would have a sandwich but we'll we'll do a virtual high five instead how about that. Jason: [1:44] Just to warn you Scott's character is like grilled into the sandwich so some people find that. Taylor: [1:49] Oh no I'll close my eyes this could thank you Scott thank you Jason it's great to be here we'd love talking to you guys and we love listening to you guys so it's a fun conversation to have. Jason: [2:03] We are thrilled to have you Taylor and I do want to Dive Right In to your methodology and then your data but before we do real briefly remind. Um the audience what your role is at at Adobe to sort of frame frame where your perspective is coming from. Taylor: [2:20] Sure so I run a group called Adobe Digital insights it's got mentioned and we are charged with, using aggregated and anonymized adopted in data to. Help the industry retail and other Industries as well understand the major trends that we see in the data that comes through Adobe analytics or adobe Commerce or any of the other. I could get it to Commerce and experience cloud services that we have. So so our job is to tell stories to make it take all that huge area did it and tell stories that help people understand their world. Jason: [2:59] That's awesome and so there's a bunch of different components of the the Adobe marketing cloud in the do Adobe Commerce Cloud but. Sort of Marque things Adobe analytics which a long time ago too many of us that are super old was Adobe was omniture, is a is a key component of the analytics suite and Magento is a key component of the marketing cloud and so you you get to see, an awful lot of, Commerce transactions across the web via those two products and the rest of the the Adobe stack and you get to use that anonymized data to sort of formulate this holiday forecasting this case is do I have that right. Taylor: [3:41] Absolutely and I really appreciate you calling me super old. Jason: [3:44] I didn't say you called it I'm not sure I said I. Taylor: [3:47] I remember I remember the under two days I do but yes. Jason: [3:50] I'm pretty sure there's like the URL for the analytics dashboard still says all mature. Taylor: [3:54] I think sometimes it does yeah now it's absolutely right face. Jason: [3:58] And then one important distinction some of the. Holiday forecast that Scott mentioned in the intro are actually overall retail forecast and one of the things that that is unique your forecast is slightly more focused you're focused on digital Commerce do I have that right. Taylor: [4:16] That's right we have we focused exclusively on digital Commerce and we're looking what makes us unique is that we are looking across, over a trillion interactions with retailers across thousands of retailers across over a hundred million skus with a boatload of AI behind that sort of categorizing and understanding it but you know the core of it I think for your listeners is weird. The where the group is actually looking at what people are buying in what quantity and what they're actually paying for it. It's ridiculous prices we're not doing surveys were actually looking at the the behaviors that we can observe a huge scale and using that to do both the reporting in this case are forecasting of the holiday season. Jason: [4:56] Yeah and that's super exciting to me because that I frequently rail against the value of stated preference surveys in our industry and and what we're talking about today is observed preferences lies actual data and consumer behavior that you're watching. Taylor: [5:11] Absolutely and it's gonna be fascinating. Jason: [5:13] Yeah so just two other minor precursors and we'll jump in because there is so much variability out there when you say holiday what date range are you talking about. Taylor: [5:22] Good point right now we're talking about the first of November till the end of the year although arguably make it into it you know some of the stuff is starting to creep into October 2 but when we talk about numbers were talking about November 1 to December 31. Jason: [5:34] Perfect we'll come back to that but yeah I think I think the the shoulders of that season are going to be more interesting than ever and then when you say, retail. Like approximately like what is in retail to you I could go US Department of Commerce restaurants and gas stations are in there like do you guys have a standard definition of retail just to kind of frame what we're talking about. Taylor: [5:56] We generally look at a thing where the transaction the Fulfillment are fully executed online we exclude from this things like travel which is a different industry or anything where it's simply a payment system online but you know any Commerce where you're doing your shopping, your your payment and your fulfillment online generally falls into into our space so not restaurants are delivery services but but the goods that you would normally associate with with retail shopping outside of that. Jason: [6:27] Awesome and so digital grocery than would be in there. Taylor: [6:29] Yes he's a digital grocery appliances apparel all that kind of thing. Jason: [6:34] Perfect okay well I think that's enough Preamble and we've done enough teasing what's what's the Top Line are we all going to get our bonuses this year or is it going to be bleak. Taylor: [6:43] It's your our data showing a good year or days showing a year where the story is really consumers want to shop consumers wanted to go buy online but it's going to be really different year for retailers and for consumers because of the supply pain that Scott was referring to earlier they're going to see a lot more out of stock they're going to see a lot, you know a lot higher prices frankly and that's I think it'll hold us back from having a incredible year. Now just keep in mind I'm talking about a 207 billion dollar, season which you know we don't have a great aggregate retail forecast that we based off right now but that's roughly $1 and for of all of all retailgeek. As far as we can see maybe a little more than that. And it's 10 percent up from last year which you know in the long run of historical growth rates is a little bit low but we're getting off of a 33% jump the year before so if you kind of look all the way back to 2019 we're still. Accelerated from where you would have expected us to be if you've been projecting from a prepaid nemec stance so it kind of depends on where you're looking at it from. But however you look at it it's going to be a big year. Jason: [7:58] Got it so in my mind I sort of think of it traditionally year of e-commerce growth for Holiday being kind of like pre-pandemic. We were kind of running in this like 10 to 15% a year sort of range, um and all of retail would be growing at like four percent a year so then last year the pandemic forces everyone online we have this monster year 33 percent and then this year you're looking for you're looking at 10% on top of last year's monster year. Taylor: [8:27] That's right that's right still going to grow it's still good grow significantly it's still good grow you know maybe as you stay at the kind of lower bound of what we used to see but it's a real real growth rate now they'll be some differences in what grows and how it grows you can get into that but it's going to be a good year. Jason: [8:44] And one of the thing that's always funny to me is I guarantee you when the the sort of superficial press get ahold of your forecast they're all going to write the story about how e-commerce has is slowing way down. Taylor: [8:58] Right yeah nobody wants to talk about two year growth rate or you know try and digest everything that's happened over over the course of the pandemic and fine and but I know, when you step back even a little bit e-commerce has transformed over the past 20 24 months I think the bigger story is people are shopping for their groceries people are shopping for their Furniture you know folks out here in Berkeley or buying compost online, the way that people engage with e-commerce has radically transformed over the course of the pandemic and that's here to stay and that's this the basis of that growth and that you know that's the part that really has accelerated over the course of cobit so if you want to look at a particular growth rate and say it's slowing down, fair enough, but I don't think for instance you know I want to make predictions in 223 but I don't think this 10 percent growth rate in 22 is telling you that 23 is going to be slow I think it's more of a balancing act between. 2020 and 2021. Jason: [9:58] And again like this still means e-commerce is almost certainly growing faster than brick and mortar. Filming the whole industry is still growing in a very disruptive year I do want to like maybe double-click on covid just for a second because this was the big open question when we were all living through, the first half of the pandemic was sure. Everybody's turning to e-commerce people don't want to go to the stores there's health and safety issues they're all they're all these open things so not surprising that it drove more people online a big question at that time was. Is this just an acceleration of a trend and this is going to be the new normal or will those people all be desperate to go back to the store and resume and back to the mall and kind of resume their pre-pandemic. Shopping behaviors and. My read of your data says no no we're locking in all those changes that happened last year and then we're we're growing at a pretty healthy clip from there is that a fair way to be thinking about it or am I wrong headed as got usually points out. Taylor: [11:02] No in this particular case you happen to be right the that's absolutely true if you look at the aggregate growth I think it tells exactly that story that it, it is we're banking all the gains that you got through covid and there were growing on top of that, I think another stat I think really tells the story is our buy online pick up curbside. Data which you know followed that trajectory you talked about Jason, getting up there as we got into the pandemic and retailers adjusted we have a we have a set of retailers we look at the median portion of their online purchase online orders that are fulfilled curbside and that ramped right up last year with all of its fulfillment challenges ranked right up right before Christmas you about 25% we thought that's a that's a high peak right we got into April of this year and it gone right back up to 25% people are still going and pick you up curbside that's a habit that they're in their shopping online and fulfilling next to the store and we expect that to hit a whole new record frankly as we go into this year so it's a it's a habit that people have gotten into and they're not letting go of. Jason: [12:10] Wow and if this is from memory but I want to say last year you guys said that well well e-commerce grew at 33% the dopest segments are the curbside pickup segment grew way faster than that it was like a hundred and ninety-five percent. Taylor: [12:25] Yeah I don't have enough time I have like it's something like that it was it was significant and this year's going to be. Going to be crazy and you know anecdotally you know there are a number of stores where I think hey I really like this I'm not going to set foot in number of those I'll shop with them but I'm against it putting them again for a while if I don't have to this is great for me. Jason: [12:47] Yeah you know it's maybe only partly analogous but I talked to a lot of Quick Serve restaurants. And you know they have the same thing right they sold they sold meals but it was all off Prem consumption and you know the restaurants that have the biggest intrinsic Advantage were ones with drug through. And I've talked to an awful lot of restaurant tours that are like if I could wave a magic wand and make my dining room go away and have a more robust drive through. I would do it because that's the customer that that appears to be the long-term customer preference. Taylor: [13:19] Yeah I think and I think a lot of retailers who have got good real estate or obviously having to rethink how much of this is a you know distribution center and how much of this is a shopping experience and you know it's gonna be different than it was two years ago for sure. Jason: [13:34] And then I guess the one other sort of observational thing I've noted is. Yeah so you know our store is going to get people to walk back in the store to pick up those digital orders are they going to continue to pick them up at curbside and you know one who knows but one clue. Um is pre-pandemic Walmart had these in storage lockers these robotic lockers this cool Tower and all their stores. Um and they d installed all of those towers and they're now doing a national remodel with a much more robust, curbside picking lot parking lot right so it seems very clear and Walmart's case that they're saying hey the. You know this isn't just a reaction of the pandemic this is a you know a permanent infrastructure change we're making two. To make to eliminate in-store pickup and make curbside pickup more. Taylor: [14:24] I think that's right I think that is likely the trend I think you know it there's a lot. A lot of the hassle of of shopping that you're removing with shopping online and pick you up at the store is, is that last not mile I mean the last you know a hundred feet hundred yards of going in there and getting in the inline or whatever if you can just sit with your app and check your email with some well so they put stuff in the trunk that's a lot of a lot of value add there so I would expect that to be continue to be the trend. Scot: [14:52] Bullets as I introduced I'm kind of keenly aware or following the supply chain stuff and I noticed in the front of your presentation one of the bullets is unprecedented out of stock levels if you guys can you share like you know what you think that's going to be and is there any way to put a number on that like you're numb your forecast would have been you know twice as big if it wasn't for this or you just guys are just flagging it as this adds risk to the holiday. Taylor: [15:21] It's a fair question something we think a lot about I mean it's really hard to characterize and we probably just need more more. Time with the with the day I met don't make time to think about it but time series data to really understand how out of stock. Alters people shopping behaviors whether they abandon or whether they take some to which they redirect themselves. I will tell you is that you're going into if you look at sort of 2019 isn't as the normal it was growing when people were getting more out of stock items more of stock hits over time maybe you know creeping up toward fifty or a hundred percent more even over the course of the year and the pandemic hits and people are five times more likely basically four and a half to five times more likely to get an out of stock message and that's today that's not necessarily going to Holiday where things could get more challenging. So that could go up where we see it often isn't most often is in apparel so again you know I think it's going to affect different categories differently out of socks in the Peril can be if you're looking for a particular stereo pair of sneakers or particular you know this is the 20th so what made you I was buying for my wife but something you know a vest or something right that is her birthday is on the 23rd so I want to tell her what's what I was shopping for, anyway the you know you might not get that. Scot: [16:46] Is your wife a listener. Taylor: [16:48] I really doubt it. But yeah you might get redirected to something else whereas in electronics for instance we see you know a lot of chips shortages but. But price is a bigger factor in some of that marketing and decision making and so you're able to see apparel prices creep up a little bit but a lot about a stock you see for instance Electronics prices creep up a lot from what we would have expected but that that has reduced the out-of-stock challenges that they faced. Scot: [17:24] So so it's hard to put a quantity quantify on at this point maybe you think after the holiday you guys will be able to. Taylor: [17:31] I think it'll be easy yeah I mean you know we have a clear estimate of what things might have looked like before I think after the holiday talk to us in January we can we will have a better sense of how this played out this holiday season one of the challenges that I think is out there is it's not clear yet how much out of stock consumers are really going to see this season, based on you know when retailers are running promotions how they're stocking us those promotions how they're managing their their portfolio of goods so. We'll have to see but it's something that yeah had Beyond in January we'll talk about. Scot: [18:09] Okay it's going to be more of a chess game because the retailer they have the only information about what they have and what they can expect and then matching that to the promotional calendar this year is going to be interesting and playing a little game of chicken with the consumer to because consumers should be reading about this a lot so it's going to be fascinating to watch watch how that plays out. Taylor: [18:29] Yeah I've been recommending to Consumers frankly to make two lists, say look you got one list of things where I know I want this for the holidays and you got to buy it early because you might worry about your your out-of-stock situation and then another set of goods were you think hey you know if this doesn't come through or if I don't get specifically the version of this that I want yeah if I don't get this TV but I get a different brand TV I'm okay and then those things you can really shop for on the big major sailed is but it's you know. It's going to be it's a lot of a lot of work for the retailers to figure out how this game is going to play out and frankly it's gonna be a lot of work for consumers to figure out how they're going to address it. Jason: [19:10] I guess one of the ways I think about this it's important to remember that out of stock does not automatically mean wah sales like a lot of times there's a. Customers first choice but the they'll make on the Fly substitutions are switches when they discover some things out of stock so we still capture that. That's a land it seems like all like you know all the people forecasting retail sales for this holiday are pretty robust numbers you're coming in with a pretty robust number, everyone saying we're not going to find, consumers first choice of goods so the sort of logical conclusion here is the consumers in a spending mood when I go to the store to get baby grow goo for Scott for Christmas and it's out. Um Scott's going to have to settle for some cool dune toy that I find. Taylor: [19:58] Hey didn't really cool the The Arc right and I think maybe the way to answer Scott's question directly is you know. In the face of this rapidly increasing out of stock, we're seeing at least you know up to the 5x of what we saw in 2018 we have still seen really impressive growth this year especially we're 2019 so so far whatever headwind it is is not. Super significant now I think you know the experiment that will be able to look at is if this starts to spike as we go into the holiday season if retailers have a hard time matching their inventory with with consumer demand then that might have a bigger impact in the they'll be saying we can look at more closely. Jason: [20:42] So you alluded to some of the categories and I have a feeling that. Um that both out of stocks and the impact of out of stocks could play out very differently in different categories right like if someone goes to the grocery store and we're out there out of your preferred brand of toilet paper. You're probably going to switch to another toilet paper but if there's a particular luxury fashion item or a particular toy that little Johnny is asking for for Christmas. Um you might be more inclined to hunt her harder for that product or defer that purchase and get it later or something like that right is does that make sense. Taylor: [21:16] Absolutely yeah and you know grocery out of stocks are not not at all infrequent with your particular Goods at a particular moment and then apparel is something I don't know about the rest of you but I've gotten. Pretty acclimated to the notion that I'm not necessarily going to be able to find the size and the color I'm looking for on the first try that it's quite quite possible I have to hunt around but you know there's a lot there a lot of style choices that go into that whereas I think you know if you're looking for a you know something specific as you say you know for particular. Particular toy your gift you might have to hunt them different retailers to go find it but you might be willing to do that exactly well. Jason: [21:58] So when you roll it out all that up are there any categories in your mind and end up being clear winners or losers for holiday. Taylor: [22:06] Well you know I think the it's it's a good question the the. [22:17] Clearly where we've seen growth is where we've seen the clearest growth in the holiday and in e-commerce in general has been in the things that are not holiday specifics of groceries apparel those kinds of things have really grown and we continue to see them grow so in some sense they are the Commerce winners because they've really absorbed the, I think what's going to be very successful early on are going to be these deals that get spread out around electronics and other gifts in an apparel we expect to see those went out very well I've got my eye though on non physical Goods things like downloadable games and things like that that happen the mic pop up toward the Christmas season is people who are looking to deliver something that is great experience especially for kids that isn't going to be constrained by shipping challenges and then. [23:18] I don't know where to put my bets this year because I've got my eye both on the demand that I see in a lot of things like gaming consoles that are looking great but also on you know there's a big question mark over over Supply challenges and how that will play out for them so I would be cautious in spread my bets but but electron you know the traditional gift areas are going to do really well and apparel seems to be continuing to take off very strongly in what we've seen so far. Jason: [23:48] So you the non-physical thing is super interesting ordinarily and holiday like as you get closer to the end of the year and you kind of hit shipping cut-offs and last year we talked about a lot about ship again I didn't, and you know bottleneck sit ups and FedEx and all of that you know retailers pivot to trying to sell. Intangible products pretty hard right and most notably gift cards so I imagine that with the the inventory situations this year that that's going to be more prominent than ever that you know if you can't find the, the toy you really want you know it might be an IOU you're getting, it holiday in the hopes of getting it in January or February but there is a new kind of intangible that kind of didn't exist last year and is having a little bit of moment and I have a feeling Scott's way more into it than I am but why. Does all do all of these out of stocks kind of play into the the the. In Ft kind of hate this year do you think that we could start to see some of them on the holiday wish list. Taylor: [24:52] I think I think in a few still have a ways to bleed into you know consumer experiences and consumer expectations that I see a lot of reading and not a lot of a lot of buying but if people can figure out how if retailers can figure out how to make. You're kind of cross that Chasm and figure out how to make it a real consumer experience and yeah I think there's a lot of opportunity there for that and you know and speaking of things that are not necessarily tangible and expire or unique you know we don't forecast travel into our into our data but we do look at travel and right now you know prices for. Plane tickets are about 13 percent less than they were on average in 2019 so you know depending on how. Vaccinations and mask mandates and travel restrictions all play out there may be a push if knock wood covid gets better for more experiential, experience driven options for people to give as gifts to. Scot: [25:49] One of the things that I've been really intrigued by and this is because some of the companies have gone public but this buy now pay later and I saw you called it out and I've seen a lot of the Wall Street analyst as a for my generation I look at it I'm kind of like, you know why don't I just put that on the credit card what's interesting is I've seen this whole generational thing where Millennials and gen Z years they're looking at it as they associate the credit around the item they don't like kind of having open credit and they want it to be around a specific item what what are you guys seeing as it relates to the be npl. Taylor: [26:25] We love new acronyms right be in PL no I have exactly the same experience you just got where I think exactly what you do this but we had two sources on this one is we looked at the actual data that we see flowing through our systems and we saw skyrocketing last year of buy now pay later Behavior we saw about 44 percent growth over the course of the year, weeks that slowed a little bit in percentage terms as we went through this year but you know as we get back into the holiday season I have every reason to expect that to re-accelerate, and you saw quite the distribution two of you know sources of this is some retailers got into this business a lot of financial institutions got certain play in this area so there's a lot more more options we saw those we saw the minimums for buy now pay later come down from those institutions and simultaneously we actually saw consumers spend more or put put bigger purchases on buy now pay later, and when we surveyed about it we, we saw what you were alluding to Scott this is a generational difference in the way that people manage and even think about what credit really is and was striking to me is that the top, category that folks told us that they were interested in using buy now pay later for was was clothing that they were making those kind of purchases and and Spring Meadow over time because they were, lumpy in their year and then they were spreading it out across their income without affecting their credit. [27:52] Electronics was obviously on that that set to you going to buy your television as televisions get bigger and more expensive or cheaper but bigger but what was the. [28:02] Third category that I thought was fascinating was groceries. And not again we dug under that that wasn't just people it wasn't generally people saying look I've got a week's worth of groceries and I spread the payments out over four weeks that's hard to make sense of but but more you know I'm throwing a party or having an event and I have a spike in my grocery budget no one at this I want to smooth it so it is a and then they were everyone was managing it sort of separately from this notion of having a lump of credit card debt they had a managed versus a purchase they had to think out and pay off those are two really different categories so it is it's a really different way of thinking about credit that's manifesting in buy now pay later and it seems to continue to be growing at a significant rate. Scot: [28:49] Yeah do you think. The pitch that a lot of these so that the two big companies are there's three there's a firm karna and after by and I'm sure there's more egg even like shopify's coming out with their own and what not, their pitch to retailers is it bumps up your cart size right do you think, is this going to be a factor this holiday in our is it going to bump up the ASP you think there are still too small to be a meaningful consideration. Taylor: [29:17] You know when we when you average across the enormous event that is the holiday season I don't think we're going to see average order value is our average basket, values go up significantly more noticeably are or more to the point me off trend of what we've seen in the past that said, you know I think. If these retailers are thinking about their customer base has more granularly and they're thinking well I've got a group of folks who I can actually juice where I can do sup there their basket sizes and their purchases by offering that I think that probably is true and, you know as with these kind of generational shifts it may make a difference in the longer term as you change consumer buying habits it may open up a door for that generation is incomes increase and time goes by so I think probably more of a long-term play when it comes to aggregate average order values but for specific audiences for specific customer bases I think it did make a difference. Jason: [30:18] Yeah it's going to be interesting you know there's a payment method that historically has been really popular holiday that you know. Rich people that listen to e-commerce podcast don't tend to think about but it's layaway. And I like one of the interesting Trends you know Walmart which does a very robust delay way business retired their layaway this year in favor of a buy now pay later service. Taylor: [30:44] Yeah I remember the I remember the Layla way shelves. Toys R Us when I was a kid and just sitting them seeing all these items sit there waiting for people to pay for them but if you can get the same effect. And both for the consumer on their credit and for the retailer in terms of getting paid then it's certainly more enticing for the customer to actually get the item rather than wait for it. Jason: [31:10] I know for sure I do like to sad things there was kind of a fun tradition because of away away some very kind people would often go into a retail store. And pay everyone's layaway. And it was kind of this like secret Santa thing and you know it would happen every year there would be lots of these cool stories so I worry we're going to miss out on that which you know probably isn't. Isn't hugely meaningful but it said to me but the other thing that worries me a little bit about holiday I do think like based on your growth forecast like this is going to be a bunch of consumers first experience with these buy now pay later services, and I would still say there's a lot of consumer confusion because like I look at the landscape of these services. And the spectrum is very broad there are you know some kind of thinly veiled payday loan operators that are you know charging like huge interest and late fees and all these things on one end and then there's there's some like. Really generous programs that are very popular in here that don't charge interest in don't have late fees and you know is sort of a. Very low cost and so it. I'm not sure consumers are going to be Savvy enough to differentiate all of those for this holiday I know Target in particular is offering two different buy now pay later options and. Consumers are going to have to learn how to shop for those vendors now. Taylor: [32:35] I think that's absolutely right Jason it's very hard you know it's sort of an unstructured product that can have a lot of different attributes and it's not like a credit card where you we serve reduced it to something like credit limit and interest rate right with some with some bells and whistles and it's also not, it's not even something that consumers know how to frame necessarily like I certainly didn't when I got into the space what is this what are these payments mean what is the penalty if I miss the payment you know what are my other options how are we going to communicate how you get paid what information do you need has if at my credit score it's a lot to think about and it's going to you know thinking has a lot of costs especially when consumers are shopping this quickly so you know I think we'll have a reckoning Reckoning but a moment to pause and. Reflect on how this all evolved we get to the holiday season it will see some things shake out I would imagine. Jason: [33:31] Next well let's pivot to something near and dear to my heart the we alluded to up top the shape of holiday so there's two. Parts of this that are super interesting to me, ordinarily when we talk about holiday we're laser focused on these five days at the end of November the turkey fiber that I think you guys caught the Cyber five. Taylor: [33:53] Yeah they're my wake up at 3 a.m. 5 so I have I hold them in a different regard but they are. You know the story that you know when we would talk to you guys before for the pandemic would always be you know hey this the the season is growing but these big days are growing faster retailers are concentrated you're competing and concentrating their deals on those days and we're seeing retail consumers follow suit and they're expecting those deals on those days that really flipped around last year we had a massive growth last year about 30 odd percent 33 percent for the season. [34:27] But the individual days were growing in the low 20s there are growing about 10% slower then the season as a whole and we expect that again this year we expect the season to grow at about 10% expect the big days to grow about five-ish percent. To be clear they're going to break records I mean we're going to have an 11 plus billion dollar a day on Cyber Monday we're gonna you know Black Friday is going to going to inch up close to 10 billion Thanksgiving is going to be you know over five it'll, level that we used to call Young used to be Black Friday of numbers it's going to be massive but both because, retailers are spreading out the deals for supply and fulfillment reasons and because consumers have really shifted what it mean what e-commerce means in other words they've established sort of water level of shopping for things that are not holiday and promotionally driven, those percentages are harder to move than they used to be so yeah it's going to be they're going to be big days they're gonna be huge that last hour before the end of Cyber Monday we're going to see $12,000,000 move through the system in a minute so, every minute so it's going to be big but it's going to be a different pattern especially the thing from the Retailer's perspective than we've seen in the past. Jason: [35:40] Interesting and do you have a feel for like how much it like I think you hit on the 2 reasons for it like one is the lot of large numbers there already huge. Huge numbers and and you know frankly in some cases quite you just can't squeeze more Goods through the. The funnels on those days and then the other one is changing consumer patterns and and just you know more General e-commerce consumption on every other day of the month and all those other things like it, I'm assuming it's a blend of both of those but but is is this year more prominent that people are going to be holiday shopping on other days or you think we've just. Taylor: [36:18] Yeah it's hard it's a hard call I think what's unusual about this year's really the retailer side I mean you could imagine a world where with fewer Supply constraints where retailers are more willing to put big sales on those big days and compete for eyeballs and four dollars so maybe a maybe there's a new normal where that changes but what I don't think is changing is that consumers are now permanently going to be in a state where Ecommerce is more and more available to them where you know be their home. Certainly their phone is is increasingly an easy place to go shopping and so all this concentration on these days is going to make less and less sense to them in terms of shopping behaviors if you go back out you know the origin of these days is really about sitting outside a big box and and can't be out and trying to get deals because you had to go in person but if you don't, if you if you if it's less and less the case that you actually have to go get things then it becomes easier and easier to spread out your purchases over time and if you're always shopping online you're not, you know just sort of the complete opposite of what you know going going to the office for Cyber Monday to go shopping which is what some of us used to do then you know you're much more open to these deals and opportunities that that retailers can offer you throughout the season so that part's not going away. Jason: [37:40] That's a great point so so then let's let's zoom out a little bit you guys are counting holiday is November 1 through December 31st a lot of retailers would, include January in there, holiday season again a lot of you know gift cards and returns and people you know come in with that return and they buy more stuff so January normally is a good month, and then this year the deals. Started in October right like Amazon Started Black Friday deals on October 4th time to get started on October 10th I think. Sort of boosted because of the supply chain concerns retailers are fighting really hard to start holiday shopping in October, and because all the stuff we really want is stuck on a boat off the coast of Long Beach we might not get it until January or February so with all of that supply chain squishiness. Like is there like what you know. Taylor: [38:39] What do we see. Jason: [38:40] Holiday in November and December but is it even a like the rate of growth is even bigger if you were to kind of you know redefine holiday as a October through February. Taylor: [38:51] Yeah I mean the way that shows up in our data is that we see a we so far I've seen a very strong October, we've seen very strong October in terms of overall e-commerce growth not not on par with you know the big holiday months but it's you know we're looking at you know roughly that ten percent year-over-year a little bit more for October so it's a good sign. [39:17] The what we're also seeing though is we're keeping a close eye on prices and as I said we're see we see. Data at the transaction level and it gives us a particularly unique view into into prices and we're going into your September are digital price index which is the of the basket of goods that we see purchased online through retail was up 3.3% over last year less than the CPI was up last month but still really significantly and for context up until the pandemic we had never seen digital inflation it always be always in prices going down on part about 5% order of about five percent so people are going into this season with higher prices there will be some discounts but we in October but I don't think they're going to make a dent in that inflation yet. And frankly from what we've seen historically over the other holidays of this year we expect to go in with higher prices for goods in general and we expect discounts to be, significant but a little bit shallower than they were at their last year their deepest point so consumers may be paying significantly more, this year on a Black Friday for a particular item than they were they would have been last year on that same date when you add all that up. Scot: [40:35] Nursing the so I know we're up against time so a little lightning around here it wouldn't be a Jason and Scot show if we didn't talk about Amazon any any tea leaves on Amazon. Taylor: [40:47] So we are we assiduously avoid commenting on particular retailers for a number of reasons but everybody's going to have a big year I would imagine this year. Scot: [40:56] My theory is if the supply chain matters Amazon Amazon Walmart and maybe Target are so dialed in on that but it was some a bit of an advantage and could hurt the small guy this year but we'll see how that plays out. Taylor: [41:11] What do you think the large versus small is a good good framing of that, you know bigger retailers in and out of stock in a world without of stocks have more options to to offer and complete a sale and then small retailers who may see their carts more likely to be abandoned I think that's a significant factor. Jason: [41:31] Okay so then the next lightning one is you talked a little bit about inflation you talked a little bit about like discounting not having to be quite as deep. How does that all washout in terms of profitability I do do retailers make more money on fewer sales this year or does do all these supply chain costs eat it up and, and it's you know thin margins. Taylor: [41:51] Yeah well so I think margin management is going to be a whole different game and retailers of already had to think a lot about that this year that you know the top line is going to be bigger per item so you're going to get more Revenue but I don't see that really being driven by some kind of margin maximization Behavior it seems to be largely driven by increasing increasing costs of goods and so you know I don't see a real Gap step open it up between increasing costs and and increasing Revenue to create a giant chunk of margin there. Scot: [42:28] How about anything on device Trends any news kind of done to be a bit of an old story that you know the smartphone is overtaking the desktop. Taylor: [42:37] There is a little bit of news it's kind of fascinating so we that's that's it if you looked at the share of Revenue that was doing through smartphones from 2014 till even into the pandemic you could have basically drawn a straight line I mean it was a it was a sort of, Early College regression experiment that we've been super easy for First Years to do that's changed a little bit smartphones are still gaining cheer don't get me wrong they're still growing faster than desktop in terms of the revenue is coming through them. Ever so slightly more slowly than than they used to and it may be an indicator that, in America at least we may be headed toward an equilibrium to looks more like a sort of 50/50 World between desktop and phones which is obviously really different than some other parts of the world where that it may be 80/20 or 90/10. [43:33] Right yeah I got two expense that so I can you know make it part of our part of our. Jason: [43:38] If we get our new app tops in time then we're all shopping on our laptops otherwise we're all shopping on our floor. Taylor: [43:42] Exactly. Jason: [43:45] But it wasn't a or we could talk all day I know you're in super high demand this this time of year and and you know quite frankly not in demand at all the rest of the year so I'm sure we'll talk again when. When you're less popular, but this was awesome we really appreciate your time as always if folks want to continue the conversation or have questions you can hit us up on, on the Twitter or the Facebook page, and as always if you got value out of this show we sure would appreciate it if you'd go on to iTunes and give us that five star Christmas review. Taylor: [44:19] That's what I'm going to do Jason. Scot: [44:21] Awesome we push it if that's aren't your gift to us and it's digital so we don't have to worry about Supply pain if I think in past years you guys have set up kind of a cool holiday news Hub is that something you're going to do this year and we're world where will we find them. Taylor: [44:37] It will be there I need to get you the URL we can put the URL in a link to this if you guys are watching this online I will make sure you guys have it before we got there but yes there will it'll be there. Scot: [44:47] All right we really appreciate the time. Taylor: [44:50] Right thank you guys I really appreciate Scott real patient appreciate Jason happy to do this anytime. Jason: [44:56] We appreciate you Taylor and until next time happy commercing!
HumanSec is all about securing humans. In this episode, Karen Kukoda, VP, SafeGuard Cyber, and Todd Weber, CTO, Optiv, join host Steve Morgan to discuss partnerships in the cybersecurity industry, the Illuminate Partner Program, and more. SafeGuard Cyber is the industry's first and only comprehensive collaboration, chat, and social media security platform. To learn more about our sponsor, SafeGuard Cyber, visit https://safeguardcyber.com.
Smart building technology has evolved over the last few years. In fact, we are putting all kinds of IoT technology into our buildings today to make them more energy efficient, reducing our carbon footprint and so much more. The evolution of building technology has also led to an evolution of the infrastructure that supports it—and this new connected infrastructure means that buildings are susceptible to attacks the likes of which they never had to worry about before. Shelby Skrhak speaks with Michael Rothschild, Director of OT Solutions at Tenable, about: - Cyber security risk in smart building technology - Most common vulnerabilities with building management systems - 3 things you need to know about building management system security - How Tenable helps with mitigating risk For more information, contact Amy White (email@example.com) or visit tenable.com. To join the discussion, follow us on Twitter @IngramTechSol #B2BTechTalk Listen to this episode and more like it by subscribing to B2B Tech Talk on Spotify, Apple Podcasts, or Stitcher. Or, tune in on our website.
Cybercrime has driven up demand for cyber insurance. But losses are on the rise, too, and some cyber events are uninsurable. How are insurers responding to higher losses, and what can be done about the kinds of risks that are too big for private insurers to cover? Plus, sales of alternative fuel vehicles worldwide are accelerating. What does it mean for the credit quality of auto finance captives, the companies that finance loans and leases on behalf of automakers?Guests: Michael Dion, Vice President, Senior Analyst – Financial Institutions Group, Moody's Investors Service; Inna Bodeck, Vice President, Senior Analyst – Financial Institutions Group, Moody's Investors ServiceHosts: Danielle Reed, Vice President, Senior Research Writer – Financial Institutions Group, Moody's Investors Service; Myles Neligan, Vice President, Senior Research Writer – Financial Institutions Group, Moody's Investors ServiceRelated content on Moodys.com (some content only available to registered users or subscribers): Property & Casualty Insurance – Global: Proliferation of cyberattacks prompts re-evaluation of cyber insurance riskAuto Finance – Global: Sector can manage surge of residual value risk as electric vehicles come on line
Can You Make the Great Chinese Firewall Work For You https://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/ Fake Government Assistance Websites https://www.ic3.gov/Media/Y2021/PSA211015 TA505 Coming Back https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant BlackMatter Ransomware https://us-cert.cisa.gov/ncas/alerts/aa21-291a
Firm regulatory risks and priorities don't exist in a vacuum. And that is perhaps nowhere clearer than when it comes to a firm's anti-money laundering responsibilities. A firm's AML risks can overlap with any number of other priorities. On this episode, we're looking at the intersection of a firm's AML and cybersecurity risks. Joining us are Jason Foye, a director with FINRA's Anti-Money Laundering Investigative Unit, and Dave Kelley, a director with FINRA's Cybersecurity Specialist Program, both with FINRA's National Cause and Financial Crimes Detection Program. Resources mentioned in this episode:Episode 60: Introducing Greg Ruppert and the NCFCEpisode 33: Money Laundering in the Securities IndustryEpisode 34: AML Priorities and Best Practices SWIFT: How Cyber Attackers ‘Cash Out' Following Large-Scale HeistsFinCEN October 2020 Advisory on Ransomware FinCEN July 2020 Advisory on CybercrimeFinCEN October 2016 Advisory on Cyber EventsFINRA Cybersecurity ResourcesRegulatory Notice 20-32 on Fraudulent Options TradingRegulatory Notice 20-13 on Fraud During the Coronavirus Pandemic
This technology podcast explores the newest tools, solutions, and current best practices in the world or IT. Whether you are a pro or new to Enterprise Service Management, hear from certified IT experts as they share real process-driven techniques for improving service delivery, the customer experience, and digital transformation. In today's episode, presented by Flycast Partners, Bobby McCullough talks about the 7 security practices to defend networks and protect against attacks and breaches.
Malcious PowerShell Script Using Client Certificate Authentication https://isc.sans.edu/forums/diary/Malicious+PowerShell+Using+Client+Certificate+Authentication/27944/ PowerShell Updates https://github.com/PowerShell/Announcements/issues/27 Juniper JunOS Patches https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES TianFu Cup https://tianfucup.com/en/#canjia
Across the US, many states are considering laws that prohibit online platforms like Facebook, YouTube, Instagram, etc. from enforcing rules against what we call “lawful but awful” online content. Lawmakers are motivated to do this because they think laws are needed to prevent social media platforms from censoring conservative viewpoints. As with many laws though, the unintended consequences of these laws could prove to be much more harmful than the behavior the law was intended to regulate. To help us navigate the craziness of what would and would not be allowed if these laws go through, our guest today is Elizabeth Banker, VP of Legal Advocacy for Chamber of Progress. Chamber of Progress is also a sponsor of this show. Elizabeth Banker is Vice President of Legal Advocacy for Chamber of Progress. Elizabeth brings twenty-five years of in-house, law firm, and trade association experience on intermediary liability, Section 230, and online safety. Most recently, Elizabeth was Deputy General Counsel at Internet Association where she directed policy on consumer privacy and content moderation. While at IA, Elizabeth conducted a review of 500 Section 230 decisions and testified twice before the Senate on efforts to reform Section 230. Elizabeth has first-hand experience responding to the challenges that face online services as a veteran of both Twitter and Yahoo!. She was Vice President and Associate General Counsel for Law Enforcement, Security and Safety at Yahoo! Inc. for more than a decade. More recently she was Senior Director and Associate General Counsel for Global Law Enforcement and Safety at Twitter. Elizabeth spent five years as a shareholder at ZwillGen, a boutique law firm focused on privacy and security in Washington, D.C. Elizabeth began her career in government with the President's Commission on Critical Infrastructure Protection during the Clinton Administration. Hate Speech and Bully Speech Would Stand Many of the laws being proposed would actually tie the hands of social media platforms on some of the regulations that they currently have in place about harassment, bullying, and threatening behavior. These are all types of content that no social media platform wants to see on their platforms. Currently, the social media providers have rules and regulations that they currently enforce across their platforms to keep users free from hateful, bullying speech and harassment. These new laws would add many complexities to enforcing the rules and it will open them up to the constant appeals process for users who have their content removed, etc. 100 Bills and Counting So far in 2021, we have seen over 100 bills proposed in state legislatures all across the nation. There will probably be many more before the end of the year. The Amicus Brief that Chamber of Progress files was a way to explain to the court the real world implications of these laws, should they be passed and hold up to the legal battles ensuing. Objections Being Filed The TX law that is currently under consideration was one in which we filed our objections in the amicus brief. We believe that all platforms should be able to moderate harmful content in order for consumers to be healthy and safe on their platforms. Additionally, these platforms should be inclusive and widely accessible. Here are the main objections we have to this TX law: It prevents platforms from removing content that is not illegal, such as harassment, hate speech, misinformation, suicide, etc. The law undermines the current content moderation efforts by forcing platforms to basically publish a playbook about how they detect illegal content. This means child abusers, terrorists, spammers, identity thieves, and other bad actors would have enough information to evade detection. So this will lead to more illegal content online. This law places an undue burden on content moderation. If content is removed, the platform has to go through lots of additional steps that will discourage the company from actually removing content that should actually be taken down. So again, the net effect is that consumers will have more harmful content to wade through in order to enjoy a platform. Should Parents Be Worried? The TX law actually prevents platforms from taking the content moderation steps that they currently take. When it comes to content directed at children, there are many areas that fall under the awful, but lawful heading that would probably be left on the platform. For example, content glorifying suicide, or self-harm, or promoting eating disorders, etc. are all types of content that platforms would no longer be able to regulate. Cyber bullying is another area where the current protections would be removed. So, school fight videos that are normally removed, would still be accessible. Non-consensual intimate images, called revenge porn would not be taken down, as well as other types of harassment that could be very harmful to teens. So parents have every right to be worried, especially if you've already been through dealing with these sorts of problems, because under this law, they will only worsen. Misconceptions About Free Speech The First Amendment does not apply to private companies. It only prohibits government regulation and restriction. Each social media platform has their own First Amendment concerns about what they allow on their platforms too. The argument that social media platforms are violating a person's right to free speech just doesn't hold water. Misunderstanding Section 230 Section 230 plays a critical role in allowing the platforms to remove harmful content without being sued. The platforms rely on this protection. Recently a Russian foreign influence campaign sued because their content was removed. The lawsuit failed because of Section 230. It's important for us to fight to keep both the First Amendment and the Section 230 protections for content moderation strong in order to keep consumers safe while they enjoy these online platforms. Resources: Progress Chamber Website Follow Elizabeth on Twitter: @elizabethbanker
October is Cybersecurity Awareness month, but being cyber aware is something we must be every day. Cybersecurity subject matter expert Max Greene is back to give us the latest on the threat environment, plus give us the latest tips on remaining cyber diligent at home and on all of our devices. Do I really need a strong password? What about two-factor authentication? Did I really win a $100 gift card like the text I just received indicates? Find out on Episode 39 of the Tyler Tech Podcast. Here's Jeff's notes from Max on staying cyber diligent at home:Designate certain devices for certain activities (ex: business use vs. personal use)Use your VPN (virtual private network)Use a strong passwordsUse two-factor authenticationHover over links and use the "first forward slash, two dots back" rule to see where the link is taking youFor more information, go to Tylertech.com
Active Scanning for Apache Vulnerabilities CVE-2021-41773 and 42013 https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/ Warranty Repairs and Non Removable Storage Risks https://isc.sans.edu/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/ Crypto Wallet Compromised on OpenSea NFT Marketplace https://blog.checkpoint.com/2021/10/13/check-point-software-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/ $5.2 Billion worth of Bitcoin Transactions Linked to Ransomware https://www.fincen.gov/sites/default/files/shared/Financial%20Trend%20Analysis_Ransomeware%20508%20FINAL.pdf
From December 24, 2016: Whatever the President-elect might say on the matter, the question of Russian interference in the presidential election is not going away: calls continue in the Senate for an investigation into the Kremlin's meddling, and the security firm Crowdstrike recently released new information linking one of the two entities responsible for the DNC hack with Russia's military intelligence agency. So how should the United States respond?In War on the Rocks, Evan Perkoski and Michael Poznansky recently reviewed the possibilities in their piece, "An Eye for an Eye: Deterring Russian Cyber Intrusions." They've also written on this issue before in a previous piece titled "Attribution and Secrecy in Cyber Intrusions." We brought them on the podcast to talk about what deterrence of Russian interference would look like and why it's necessary.Support this show http://supporter.acast.com/lawfare. See acast.com/privacy for privacy and opt-out information.
In this episode, Monica Verma talks to Marc Vael, CISO and risk management expert on cyber and systemic risks, cyber risk exposure, how to make your risks more tangible, visible and understandable, and key elements for effective risk management, integration and communication.Support the show (https://www.buymeacoffee.com/wetalkcyber)
How Many Times Per Week Are You Being Cyber Attacked? From Where? How? Why? We've got a new study out showing that North American organizations, businesses, and others, are being hit with an average of 497 cyber attacks per week, right here in the good old USA. [Following is an automated transcript] This is a study by checkpoint software technologies. Checkpoint, I used, oh my gosh. It would have been back in the nineties back then. They were one of the very first genuine firewall companies. And it was a system that I was putting in place for my friends over at troopers. I think it was New England telephone. It might've been Verizon by then. I can't even remember, man. [00:00:41] It's been a little while, but it was, a system we were using in front of this massive system that I designed, I made the largest internet property in the world. At that time called big yellow. It morphed into super pages. It might be familiar with. But it was me and my team that did everything. We built the data center out. [00:01:05] We wrote all of the software. Of course they provided all of the yellow pages type listing so we can put it all in. And we brought it up online and we were concerned. Well, first of all, You know, I've been doing cyber security now for over 30 years. And at this point in time, they wanted something a little more than my home grown firewall. [00:01:29] Cause I had designed and written one in order to protect this huge asset that was bringing in tens of millions of dollars a year to the phone company. So they said, Hey, listen, let's go ahead and we'll use checkpoint and get things going. We did, it was on a little, I remember it was a sun workstation. If you remember those back in the. [00:01:52] And it worked pretty well. I learned how to use it and played with it. And that was my first foray into kind of what the rest of the world had started doing, this checkpoint software, but they've continued on, they make some great firewalls and other intrusions type stuff, detection and blocking, you know, already that I am a big fan, at least on the bigger end. [00:02:17] You know, today in this day and age, I would absolutely use. The Cisco stuff and the higher end Cisco stuff that all ties together. It doesn't just have the fire power firewall, but it has everything in behind, because in this day and age, you've got to look at everything that's happening, even if you're a home user. [00:02:37] And this number really gets everybody concerned. Home users and business users is. Businesses are definitely under bigger attacks than home users are. And particularly when we're talking about businesses, particularly the bigger businesses, the ones that have a huge budget that are going to be able to go out and pay up, you know, a million, $10 million ransom. [00:03:05] Those are the ones that they're after and this analysis. Point software who does see some of those attacks coming in, showed some very disturbing changes. First of all, huge increases in the number of cyber attacks and the number of successful ransoms that have been going on. And we're going to talk a little bit later, too, about where some of those attacks are coming from, and the reason behind those attack. [00:03:36] According to them right now, the average number of weekly attacks on organizations globally. So far, this year is 40% higher than the average before March, 2020. And of course that's when the first lockdowns went into effect and people started working from home in the U S the. Increase in the number of attacks on an organizations is even higher at 53%. [00:04:07] Now you might ask yourself why, why would the U S be attacked more? I know you guys are the best and brightest, and I bet it, I don't even need to say this because you can figure this out yourself, but the us is where the money is. And so that's why they're doing it. And we had president Biden come out and say, Hey, don't attack the. [00:04:27] well, some of those sectors are under khaki for more after he said that then before, right. It's like giving a list to a bad guy. Yeah. I'm going to be gone for a month in June and yeah, there won't be anybody there. And the here's the code to my alarm. Right. You're you're just inviting disaster checkpoints. [00:04:49] Also showing that there were more. Average weekly attacks in September 21. That's this September than any time since January, 2020. In fact, they're saying 870 attacks per organization globally per week. The checkpoint counted in September was double the average in March, 2020. It's kind of funny, right? [00:05:14] It's kind of like a before COVID after COVID or before the Wu Han virus and after the Wu Han virus, however, we might want to know. So there are a lot of attacks going on. Volume is pretty high in a lot of different countries. You've heard me say before some of my clients I've seen attack multiple times a second, so let's take a second and define the attack because being scanned. [00:05:40] I kind of an attack, the looking to see, oh, where is there a device? Oh, okay. Here's a device. So there might be a home router. It might be your firewall or your router at the business. And then what it'll do is, okay, I've got an address now I know is responding, which by the way is a reason. The, we always configure these devices to not respond to these types of things. [00:06:04] And then what they'll do is they will try and identify it. So they'll try and go into the control page, which is why you should never have when. Configuration enabled on any of your routers or firewalls, because they're going to come in and identify you just on that because all of a sudden them brag about what version of the software you're running. [00:06:26] And then if it's responding to that, they will try and use a password. That is known to be the default for that device. So in a lot of these devices, the username is admin and the password is admin. So they try it and now off they go, they're running. Some of these guys will even go the next step and we'll replace the software. [00:06:52] In your router or firewall, they will replace it so that it now directs you through them, everything you are doing through them. So they can start to gather information. And that's why you want to make sure that the SSL slash TLS. That encryption is in place on the website. You're going to, so if you go to Craig peterson.com right now, my website, I'm going to go there myself. [00:07:22] So if you go to Craig peterson.com, you're going to notice that first of all, it's going to redirect you to my secure site and it doesn't really matter. You won't see it. Okay. But you are there because if he. Typically at the left side of that URL bar where it says, Craig peterson.com. You'll see, there's a little lock. [00:07:44] So if you click that lock, it says connection is secure. Now there's a lot more we could go into here. But the main idea is even if your data is being routed through China or. Both of which have happened before many tens of thousands, hundreds of thousands of time times. I'm not even sure of the number now. [00:08:06] It's huge. Even if your data is being routed through them, the odds are, they're not going to see anything. That you are doing on the Craig Peterson site. Now, of course you go into my site, you're going to be reading up on some of the cybersecurity stuff you can do. Right. The outages what's happened in the news. [00:08:27] You can do all of that sort of thing on my side, kind of, who cares, right? Um, but really what you care about is the bank, but it's the same thing with the bank. And I knew mine was going to be up there. And when everybody just check it out anyway, so. So the bad guys, then do this scan. They find a web page log in. [00:08:47] They try the default log in. If it works, the Le the least they will do is change. What are called your DNS settings. That's bad because changing your DNS settings now opens you up to another type of attack, which is they can go ahead. And when your browser says, I want to go to bank of america.com. It is in fact, going to go out to the internet, say is bank of America, the bad guys. [00:09:18] Did, and they will give you their bank of America site that looks like bank of America feels like bank of America. And all they're doing is waiting for you to type into your bank of America, username and password, and then they might redirect you to the. But at that point, they've got you. So there are some solutions to that one as well, and Firefox has some good solutions. [00:09:44] There are others out there and you had to have those that are in the works, but this is just an incredible number. So here's what I'm doing, right. I have been working for weeks on trying to figure out how can I help the most people. And obviously I needed to keep the lights on, right? I've got to pay for my food and gas and stuff, but what I'm planning on doing and what we've sketched out. [00:10:10] In fact, just this week, we got kind of our final sketch out of it is we're going to go ahead and have a success path for cyber security. All of the basic steps on that success path will be. Okay. So it will be training that is absolutely 100% free. And I'll do a deeper dive into some of these things that I'm doing that I'm doing right now here on the radio, because you can't see my desktop. [00:10:40] It's hard to do a deep dive and it's open to anybody, right? If you're a home user or if you're a business user, all of the stuff on that free. Is going to help you out dramatically. And then after that, then there'll be some paid stuff like a membership site. And then obviously done for you. If the cybersecurity stuff is just stuff that you don't want to deal with, you don't have the time to deal with. [00:11:05] You don't want to learn, because believe me, this is something that's taken me decades to learn and it's changing almost every day. So I understand if you don't want to learn it to. That is the other option. I'll give you, which is done for you, which we've been doing now for over 20, 30 years. Stick around. [00:11:25] We'll [00:11:25] So which sectors are economy are being hacked? I mentioned that in the last segment, but yeah, there are some problems and the sectors that president Biden lined out laid out are, are the ones that are under, even more attack after his message. [00:11:42] 497 cyber attacks per week. On average here in the US, that is a lot of attacks. And we started explaining what that meant so that we talked about the scan attacks that are automated and some person may get involved at some point, but the automated attacks can be pretty darn automated. Many of them are just trying to figure out who you are. [00:12:09] So, if it shows up, when they do that little scan that you're using a router that was provided by your ISP, that's a big hint that you are just a small guy of some sort, although I'm shocked at how many bigger businesses that should have their own router, a good router, right. A good Cisco router and a really good next generation firewall. [00:12:34] I'm shocked at how many don't have those things in place, but when they do this, That's the first cut. So if you're a little guy, they'll probably just try and reflash your router. In other words, reprogram it and change it so that they can start monitoring what you're doing and maybe grab some information from. [00:12:56] Pretty simple. If you are someone that looks like you're more of a target, so they connect to your router and let's say, it's a great one. Let's say it's a Cisco router firewall or Palo Alto, or one of those other big companies out there that have some really good products. Uh, at that point, they're going to look at it and say, oh, well, okay. [00:13:18] So this might be a good organization, but when they get. To it again, if when access has turned on wide area, access has turned down, that router is likely to say, this is the property of, uh, Covina hospital or whatever it might be, you know? And any access is disallowed authorized access only. Well, now they know. [00:13:42] Who it is. And it's easy enough just to do a reverse lookup on that address. Give me an address anywhere on the internet. And I can tell you pretty much where it is, whose it is and what it's being used for. So if that's what they do say they have these automated systems looking for this stuff it's found. [00:14:02] So now they'll try a few things. One of the first things they try nowadays is what's called an RDP attack. This is a remote attack. Are you using RDP to connect to your business? Right? A lot of people are, especially after the lockdown, this Microsoft. Desktop protocol has some serious bugs that have been known for years. [00:14:25] Surprisingly to me, some 60% of businesses have not applied those patches that have been available for going on two years. So what then button bad guys will do next. They say, oh, is there a remote desktop access? Cause there probably is most smaller businesses particularly use that the big businesses have a little bit more expensive, not really much more expensive, but much better stuff. [00:14:51] You know, like the Cisco AnyConnect or there's a few other good products out there. So they're going to say, oh, well, okay. Let's try and hack in again. Automate. It's automated. No one has to do anything. So it says, okay, let's see if they patch, let's try and break in a ha I can get in and I can get into this particular machine. [00:15:14] Now there's another way that they can get into their moat desktop. And this apparently has been used for some of the bigger hacks you've heard about recently. So the other way they get in is through credential stuff. What that is is Hey, uh, there are right now some 10 billion records out on the dark web of people's names, email addresses, passwords, and other information. [00:15:43] So, what they'll do is they'll say, oh, well this is Covina hospital and it looks it up backwards and it says, okay, so that's Covina hospital.org. I have no idea if there even is a Gavino hospital, by the way, and will come back and say, okay, great. So now let's look at our database of hacked accounts. Oh, okay. [00:16:04] I see this Covina hospital.org email address with a password. So at that point they just try and stuff. Can we get in using that username and password that we stole off of another website. So you see why it's so important to be using something like one password, a password generator, different passwords on every site, different usernames on every site, et cetera, et cetera. [00:16:29] Right. It gets pretty important per te darn quickly. So now that they're in, they're going to start going sideways and we call that east west in the biz. And so they're on a machine. They will see what they can find on that machine. This is where usually a person gets some. And it depends in historically it's been about six days on average that they spend looking around inside your network. [00:17:00] So they look around and they find, oh yeah, great. Here we go. Yep. Uh, we found this, we found that. Oh, and there's these file server mounts. Yeah. These SMB shares the, you know, the Y drive the G drive, whatever you might call it. So they start gaining through those and then they start looking for our other machines on the network that are compromised. [00:17:23] It gets to be really bad, very, very fast. And then they'll often leave behind some form of ransomware and also extortion, where that extort you additionally, for the threat of releasing your data. So there, there are many other ways they're not going to get into them all today, but that's what we're talking about. [00:17:43] Mirman, we're talking about the 500 cyber attacks per week against the average. North American company. So we have seen some industry sectors that are more heavily targeted than others. Education and research saw an 60% increase in attacks. So their education and I've tried to help out some of the schools, but because of the way the budgets work and the lowest bidder and everything else, they, they end up with equipment. [00:18:17] That's just totally misconfigured. It's just shocking to me. Right. They buy them from one of these big box online places. Yeah. I need a, a Cisco 10, 10. And I need some help in configuring it and all, yeah, no problems or we'll help you. And then they sell it to the school, the school installs it, and it is so misconfigured. [00:18:38] It provides zero protection, uh, almost zero, right. It provides almost no protection at all. And doesn't even use the advanced features that they paid for. Right. That's why, again, don't buy from these big box. Guys just don't do it. You need more value than they can possibly provide you with. So schools, 1500 attacks per week research companies, again, 1500 attacks per week, government and military. [00:19:10] Entities about 1100 weekly attacks. Okay. That's the next, most highest attacked. Okay. Uh, health care organizations, 752 attacks per week on average. Or in this case, it's a 55% increase from last year. So it isn't just checkpoints data that I've been quoting here. That, that gives us that picture. There are a lot of others out there IBM's has Verizon's has all of these main guys, and of course in the end, They've got these huge ransoms to deal with. [00:19:50] Hey, in New Hampshire, one of the small towns just got nailed. They had millions of dollars stolen, and that was just through an email trick that they played in. K again. I T people, um, I I've been thinking about maybe I should put together some sort of coaching for them and coaching for the cybersecurity people, even because there's so much more that you need to know, then you might know, anyways, if you're interested in any of this. [00:20:22] Visit me online. Craig peterson.com/subscribe. You will get my weekly newsletter, all of my show notes, and you'll find out about these various trainings and I keep holding. In fact, there's one in most of the newsletters. Craig peterson.com. Craig Peterson, S O n.com. Stick around. [00:20:43] We've been talking about the types of attacks that are coming against us. Most organizations here in north America are seeing 500 cyber attacks a week, some as many as 1500. Now, where are they coming from? [00:21:00] Whether they're scanning attacks, whether they're going deeper into our networks and into our systems who are the bad guys and what are they doing? Microsoft also has a report that they've been generating, looking at what they consider to be the source of the attacks. Now we know a lot of the reasons I'm going to talk about that too, but the source is an interesting way to look at. [00:21:29] Because the source can also help you understand the reason for the attacks. So according to dark reading, this is kind of an insider, a website you're welcome to go to, but it gets pretty darn deep sometimes, but they are showing this stats from Microsoft, which you can find online that in the last year rush. [00:21:53] Has been the source of 58% of the cyber cat tax. Isn't that amazing now it's not just the cyber attacks. I, I need to clarify this. It's the nation state cyber tech. So what's a nature's nation state cyber attack versus I don't know, a regular cyber attack. Well, the bottom line is a nation state cyber attack is an attack that's occurring and is actually coordinated and run by and on behalf of a nation state. [00:22:31] Uh, So Russia at 58% of all nation state attacks is followed by North Korea, 23% Iran, 11% China, 8%. Now you probably would have thought that China would be. Right up there on that list, but Russia has 50% more of the nation state cyber attacks coming from them than from China. And then after China is south Vietnam, Viet, or I should say South Korea, Vietnam, and Turkey, and they all have less than 1%. [00:23:14] Now, this is this new pool of data that Microsoft has been analyzing. And it's part of this year's Microsoft digital defense report, and they're highlighting the trends in the nation state threat cyber activity hybrid workforce security. Disinformation and your internet of things, operational technology and supply chain security. [00:23:35] In other words, the whole gambit before, before all of this, now the data is also showing that the Russian nation state attacks are increasingly effective, calming from about a 21% successful compromise rate last year to 32%. So basically 50% better this year at effectiveness there, Russians are also targeting more government agencies for intelligence gathering. [00:24:10] So that jumped from 3% of their victims last year to 53%. This. And the Russian nation state actors are primarily targeting guests who us, right? The United States, Ukraine and the United Kingdom. Now this is all according to the Microsoft data. So why has Russia been attacking us? Why is China been attacking us and why the change this. [00:24:38] Well, Russia has been attacking us primarily to rent some us it's a cash cow for them just like oil and gas. They are making crazy money. Now that president Biden has made us dependent on foreign oil supplies. It's just insanity and even dependent on. Gas coming from other places. Well guess where the number one source of gases now for Europe and oil it's Russia. [00:25:08] So we are no longer going to be selling to Europe. Russia is so they're going to be making a lot of money off of. But before then they were actually counted on ransomware to help fund the Russian federal government, as well as of course, these Russian oligarchs, these people who are incredibly rich that have a substantial influence on the government. [00:25:33] Don't if you're wondering who they might be, just think of people like, oh, I don't know. Bill gates and, uh, w who are on the, some of the other big guys, you know, Tim cook, uh, Amazon's Jeff bayzos Elon Musk, right? Those are by my definition and looking it up in the dictionary, they are all a. They get exemptions to laws. [00:25:58] They get laws passed that, protect them. In fact, most of regulations actually protect these big companies and hurt small companies. So I would call them oligarchs and that's the same sort of thing in Russia in Russia. Okay. They probably have a little bit more underhanded stuff than these guys here do, but that's what Russia has been. [00:26:21] China has been continually going after our national secrets, national defense, the largest database of DNA of Americans DNA, of course, is that unique key. If you will building block for all of us, that's what DNA is. And the largest database of all of that uniquely identifying information is in. China stole from the office of personnel management records of a federal employees, their secret clearance, all of their background check information who was spoken with, what did they have to say? [00:27:03] And on and on. So China has been interested in infiltrating our businesses that provide things to the military and the military themselves and the federal state, and even the local governments that's who they've been targeting. And that's why there's 8% number might seem small. Although, as I just mentioned this year, Russia moved, moved dramatically. [00:27:30] They used to be about 3% of their attacks or against the government agencies. And now it's 53%. So Russia. And China are going after our national secrets and they can use them in a cold war, which as I've said, I think the first shots of the third world war have been fired. And frankly, they're all cyber, it's all online and Russia. [00:27:57] Isn't the only nation state actor who's changing its approaches here as espionage is the most common goal amongst all nation state groups as of this year. Tivity of hackers reveals different motivations in Iran, which quadrupled its targeting of Israel. Surprise, surprise. Over the last year. And Iran has been launching destructive attacks, things that will destroy power, power plants, et cetera, and North Korea, which is targeting cryptocurrency companies for profit. [00:28:29] So they're stealing these various crypto coins again, funding their government. So it's, it's a problem. Absolute problem. Government sectors are some of the most targeted 48%. These NGOs non-government organizations that act kind of a quasi government functions and think tanks are 31%. Uh, and Microsoft, by the way, has been alerting customers of nation, state attack, attack attempts. [00:29:01] Guess how many this year that they had to warn about 20,500 times in the past three years. So that's a lot and Microsoft is not a company that's been out there at the front lines. It never has been it's in behind. So to have them come out and say, this is. And okay, by the way, your stolen username and password run for a buck per thousand, and it's only gonna take you hundreds of hours to get it all cleared up. [00:29:32] Isn't that nice spear fishing for a hire can cost a hundred to a thousand dollars per successful account takeover and denial of service attacks are cheap from protected sites, roughly $300. Per month. And if you want to be ransomware king, it's only going to cost you 66 bucks upfront 30% of the profit. [00:29:54] Okay. Craziness. Hey, visit me online. Sign up Craig, peter.com/subscribe. [00:30:03] I had an interesting mastermind meeting this week. There's six of us. We're all business owners and it opened my eyes pretty dramatically because one of the members got hacked, but that's not what I really want to emphasize. [00:30:20] This whole cybersecurity thing gets pretty complicated, pretty quickly. And a friend of mine who is in one of my mastermind groups had a real problem. And the here's here's what went on. We'll call him Walt for back of a letter, lack of a better name since that is his name. [00:30:40] And he doesn't mind me sharing this with you. Walt has a very small business that he and his wife run, and they have a couple of contractors that help out with some things, but his business is very reliant on advertising and primarily what he does is Facebook advertising. Now I've been talking for two years, I think in this mastermind group about cyber security and the fact that everyone needs good cyber security. [00:31:13] And he always just kind of pole hum to, uh, wow. You know, and it's just too complicated for me. I got to thinking for a, you know, a bit, really a few weeks, what does he mean to complicated? Cause there's some basic things you can do. So this week on Tuesday, I was on our mastermind groups meeting and I explained, okay, so here's what happened to Walt. [00:31:42] He had $40,000 stolen, which by the way, it's a lot of money for a teeny tiny husband wife company. And. Uh, well, here's what we did. He, we helped them. We got the FBI involved and, you know, with our direct ties, cause we work with them on certain types of cases and he got back every dime, which is just totally unheard of. [00:32:06] But um, without going into all of the details there, I spent a problem. 1520 minutes with the whole group and the mastermind explaining the basics of cyber security. And that really kind of woke me up, frankly, because of their responses. Now these are all small business owners and so they're making pretty decent money. [00:32:31] In fact, every one of them and they all have some contractors and some employees all except for Walt and his wife, they had just have contractors and. I had two completely different responses from two members of this group that no. Let me tell you this was really eye opening for me. And this is why you might've heard me in the first segment talking about this, but this is why I have really changed my view of this stuff, this cybersecurity stuff, because I explained. [00:33:08] If you're using things like Norton antivirus or McAfee, antivirus, or really any of them, even the built-in Microsoft defender this year, those standard antivirus system. I have only been able to catch about 30% of the malware out there, 30%, you know, that's like having a house and you've got a security guard posted out front. [00:33:39] He's armed, he's ready to fight. And yet all of your windows are open and all of your doors are unlocked. And all someone has to do is crawl in the side window because that guy that's posted up front, he's not going to be able to stop. So 30% effectiveness. And of course, Walt had all of the basic stuff. [00:33:59] He thought he was good enough. It's not worth spending time or money doing any of this. And of course it turned out to be well worth the time and money if he had done it. But he has a friend who has contacts and, and made things happen for him. So I guess he's kind of, kind of lucky in that regard, but I explained that and I said, do you know the, the way you. [00:34:21] To go. If you're a small business, it's about $997 a month for a small business, with a handful of employees to get the type of security you really need. There's going to catch. 90 something 98%. Maybe if, if things go well of the stuff going on, in other words, you don't just have an armed guard at the front door. [00:34:46] You've got all the windows closed and blocked and the doors closed and locked as well. So yeah, somebody can still get in, but they got to really want to get in and risk getting caught. So that's kind of the analogy that I used now. One of the members of my. Of my mastermind thought, well, okay. Cause you're just being Frank with me. [00:35:09] Right? We're all friends. She said, well, initially I thought, oh Craig, I'm going to have to have you help out with stuff here. Cause my, you know, I'm concerned about my security. I make some good money. Uh, she's the one that has employee. She has a million dollar plus a year business and she wants to keep it safe. [00:35:26] But then she. Uh, you know, but, but you know, you were talking about all of this Norton and stuff and that it doesn't work. So I, I just, I don't have any hope. And that's when the another member jumped in and this other member said, well, Uh, oh, that's not what I got at all. I got the, the normal off the shelf stuff that you buy that you're going to get from Amazon, or you're going to get from PC connection or wherever that stuff is not going to work, but there is stuff that does, but it's only professional stuff. [00:36:02] You can only get it from professionals that are trained in certified. Which is the right message. Right. That was the message I was trying to relay. Yeah. Don't try and do it yourself because you can't even get the right tools that you need. That is frankly a problem. So that really got me to think. In, in a very big way, because here are two people that have heard me talk about cybersecurity and their eyes probably glazed over, but now their eyes, I know at least one of these ladies definitely glazed over. [00:36:36] So I've come to the realization that sometimes I. A little too deep into things. And although I can explain it quite well to many people, sometimes people glaze over and I get emails from you guys saying kind of the same thing. I really appreciate it. I don't understand a lot of what you're saying, Craig, but thanks for being there. [00:36:59] Listen to you every week here on the radio. Uh, then that's good. That's reassuring, but now I've come to realize a few things. One is. The I've got to be a lot clearer in my messaging, because even when talking to my friends, it is a little bit overwhelming for them sometimes. Right. And then the next thing is everybody needs help because you're being lied to. [00:37:29] Right. How are people getting ransomware? If the stuff that they're buying work. Maybe it's just me, but I think there's a disconnect there. So a lot of you guys have gone out and you've hired people and I want to spend just a few minutes right now, going through some red flags that you need to be looking out for in vendor security assessment. [00:37:56] Now I'm putting one together. As well, right yet another one. Uh, and what I'm trying to do is help you out, right? This is not as sales tool. It is trying to help you figure out where you're at. I'm putting together a webinar that I'm going to be holding these what I'm calling bootcamps, where I go through and show you exactly how to do the basic steps that you need to do in order to be safe on. [00:38:25] Okay. If an online, all that means is your, is plugged in, right. Okay. It doesn't mean you're going out and doing a lot of stuff out there on the internet just means it's connected. So those are going to be coming out. I will send an email out as soon as all of that. Stuff's ready. Cause. Absolutely free. And these assessments, I have the basic one that you can do yourself. [00:38:47] It's a self-assessment. And then I have the more advanced ones that I do that are five grand. Okay. So you've got to be a decent sized business for this to make sense where we look for all of the security problem. On all of your computers and your networks, and then give you a list of things you need to do and how to do them. [00:39:10] Okay. So it's well worth it for them, but if you're a very small company and you're trying to do some of this yourself, I want to help you. So that's what these boot camps are going to be all over. And also what the scorecard is going to be all about. So that's coming up, but here are some good red flags and an assessment. [00:39:30] I found this again on dark reading. This is kind of an insider website for those of us in the cybersecurity business, but, um, How can you verify the information that vendors are giving you about their own cybersecurity posture? We've heard in the news and I've talked about them all year, this year, and for years past. [00:39:56] That are we're vendors can be our worst nightmare because some of these hacks come in through our vendors. So you've got yourself, a cybersecurity company. How do you know if they are really telling you the truth? And man, is that hard for you to know? Right. You're going to ask him questions and the salesmen are going to say, oh yeah, yeah, yeah. [00:40:21] That's why we don't have salesmen. Right. We have engineers. You talk to me, you might talk to my son or my daughter, people who have been doing this with me, who I have trained and helped out. So this guy who wrote the article and there's this on attributed, I don't see an attribution on here on this page. [00:40:41] I definitely want to give him, probably I heard is John Babinec wrote this thing and he is a principle threat hunters. What he calls himself over at net and rich. So he says, here's what you got to do. And if you're trying to be cost-effective, he puts it in. What I call an ed month clause. And one of these days I'll tell you that story, but he calls it a validity check question so that an honest vendor would tell you, no, they don't do X and give you a good reason why they don't like it's not cost effective. [00:41:17] It's outside of a reasonable risk model. Does that make sense to you? So when you're trying to evaluate a vendor, who's going to be doing your cyber security put in one of these validity checks put in one of these questions. It doesn't really matter to you, but it's something that would be very hard for one of these cybersecurity companies to do. [00:41:42] And maybe it doesn't fit the risk model that you have. I think it's just absolutely brilliant. Probably one of the better ways when you're trying to evaluate an MSSP as cybersecurity managed or otherwise provider stick in something like that. So you have a red flag that just stands out for you. All right. [00:42:04] Make sure you are registered online. Craig Peter sohn.com/subscribe. So you can find out about all of these trainings coming up. [00:42:17] If you've never heard of the Carrington event, I really hope, frankly, I really, really do hope we never have to live through one of these. Again, there is a warning out there right now about an internet apocalypse that could happen because of the Sun. [00:42:34] Solar storms are something that happens really kind of all of the time. The sun goes through solar cycles. About every seven years, there are longer cycles as well. You might know. I have an advanced class amateur radio license I've had for a long time, and we rely a lot when we're dealing with short wave on the solar cycle. [00:42:59] You see what happens is that the sun charges, the atmosphere. You see that if you've ever seen the Northern light, that is. Part of the Sunzi missions, hitting our magnetic field and kind of getting sucked into the core of the earth, if you will, as they get caught in that field. And the more charged the atmosphere is, the more bounce you get. [00:43:24] That's what we call it bounce. And the reason us hams have all these different frequencies to use is because of the battle. We can go different frequencies with different distances, I should say, using different frequencies. So think about it right now. You've got the earth and I want to talk from Boston to Chicago. [00:43:47] For instance, I know about how many miles it is, and I have to figure out in the ionosphere up in the higher levels of the atmosphere, what frequency. To use in order to go up into the atmosphere, bounce back, and then hit Chicago. That's the idea. It's not quite as simple or as complex in some ways, as it sounds, a lot of people just try different frequencies and a lot of hams just sit there, waiting for anybody anywhere to talk to, particularly if they are. [00:44:20] It's really quite fun. Now what we're worried about, isn't so much just the regular solar activity. We get worried when the sun spots increase. Now, the solar cycle is what has primary image. On the temperature on earth. So no matter what, you might've heard that isn't your gas, guzzling car or a diesel truck that causes the Earth's temperature to change. [00:44:49] Remember the only constant when it comes to the Earth's temperature has been changed over the millions of years. We had periods where the earth was much warmer than it is now had more common that carbon dioxide in the atmosphere than it does now had less. In fact, right now we are at one of the lowest levels of carbon dioxide in the atmosphere in earth, long, long. [00:45:15] So the sun, if you might remember, comes up in the morning, warms things up, right? And then it cools down. When the sun disappears at nighttime, it has a huge impact. It's almost exclusively the impact for our temperatures. If there's other things too, for instance, eruption can spew all to hold a lot of carbon dioxide. [00:45:40] In fact, just one, just Mount St. Helens wanted erupted, put more carbon dioxide into the atmosphere than man has throughout our entire existence. Just to give you an idea, right? So these alarms that are out there, uh, you know, come on, people. Really, and now we're seeing that in, uh, this last year we had a 30% increase in the ice cap up in the, in, up in the north, up in Northern Canada, around the polls. [00:46:12] Uh, we also had some of these glaciers growing. It was so funny. I saw an article this year, or excuse me, this week that was showing a sign that was at one of our national parks. And it said this glacier will have disappeared by 2020. Of course it hasn't disappeared. In fact, it has grown now and it's past 2020. [00:46:34] Anyhow, the sun has a huge impact on us in so many ways. And one of the ways is. Well, something called a coronal mass ejection. This is seriously charged particles. That tend to be very, very directional. So when, when it happens, when there's one of these CMS coronal, mass ejections, it's not just sending it out all the way around the sun everywhere. [00:47:02] It's really rather concentrated in one. One particular spot. Now we just missed one not too long ago. And let me see if I can find it here. Just mast, a cm E near miss. Here we go. There a solar super storm in July, 2012, and it was a very, very close shave that we had most newspapers didn't mention it, but this could have been. [00:47:33] AB absolutely incredible. We'd be picking up the pieces for the next 50 years. Yeah. Five, zero years from this one particular storm. And what happens is these, these solar flares, if you will, are very, very extreme, they CME. You're talking about x-rays extreme UV, ultraviolet radiation, reaching the earth at the speed of light ionizes, the upper layers of atmosphere. [00:48:02] When that happens, by the way, it hurts our communications, but it can also have these massive effects where it burns out saddle. And then causes radio blackouts, GPS, navigation problems. Think about what happened up in Quebec. So let me just look at this call back, uh, hit with an E and yeah, here we go. And March 13th, 1989. [00:48:33] Here we go. Here's another one. Now I remembered. And this is where Quill back got nailed. I'm looking at a picture here, which is, uh, looking at the United States and Canada from the sky and where the light is. And you can see Quebec is just completely black, but they have this massive electrical blackout and it's becomes. [00:48:57] Of this solar storm. Now they, these storms that I said are quite directional, depending on where it hits and when it hits things can get very, very bad. This particular storm back in 1989 was so strong. We got to see their Rora Borealis, the Northern lights as far south, as Florida and cue. Isn't that something, when we go back further in time to this Carrington event that I mentioned, you could see the Northern lights at the equals. [00:49:35] Absolutely amazing. Now the problem with all of this is we've never really had an internet up online. Like we have today when we had one of the storms hit. And guess what we're about to go into right now, we're going into an area or a time where the sun's going to be more active, certainly on this, this 11 year cycle and possibly another bigger cycle too, that we don't really know much about. [00:50:07] But when this hit us back in the 1850s, what we saw was a, uh, a. Telegraph system that was brought to its knees. Our telegraphs were burned out. Some of the Telegraph buildings were lit. They caught on fire because of the charges coming in, people who were working the telegraphs, who are near them at the time, got electric shocks or worse than that. [00:50:34] Okay. 1859 massive Carrington event compass needles were swinging wildly. The Aurora Borealis was visible in Columbia. It's just amazing. So that was a severe storm. A moderate severity storm was the one that hit in Quebec here, knocked out Quebec, uh, electric. Nine hour blackout on Northeast Canada. What we think would happen if we had another Carrington event, something that happened to 150 years ago is that we would lose power on a massive scale. [00:51:13] So that's one thing that would happen. And these massive transformers that would likely get burned out are only made in China and they're made on demand. Nobody has an inventory. So it would be at least six months before most of the country would get power back. Can you believe that that would be just terrible and we would also lose internet connectivity. [00:51:39] In fact, the thinking that we could lose internet connectivity with something much less than a severe storm, maybe if the Quebec power grid solar, a massive objection here. Maybe if that had happened, when. The internet was up. They might have burned out internet in the area and maybe further. So what we're worried about is if it hits us, we're going to lose power. [00:52:07] We're going to lose transformers on the transmission lines and other places we're going to lose satellites and that's going to affect our GPS communication. We're going to lose radio communication, and even the undersea cables, even though they're now no longer. Regular copper cables. It's now being carried of course, by light in pieces of glass. [00:52:32] The, those cables need to have repeaters about every 15 miles or so under underwater. So the power is provided by. Copper cables or maybe some other sort of power. So these undersea cables, they're only grounded at extensive intervals, like hundreds or thousands of kilometers apart. So there's going to be a lot of vulnerable components. [00:52:59] This is all a major problem. We don't know when the next massive. Solar storm is going to happen. These coronal mass ejections. We do know they do happen from time to time. And we do know it's the luck of the draw and we are starting to enter another solar cycle. So be prepared, everything. Of course, you're listening to Craig Peterson, cybersecurity strategist. [00:53:28] If you'd like to find out more and what you can do, just visit Craig peterson.com and subscribe to my weekly show notes. [00:53:39] Google's got a new admission and Forbes magazine has an article by Zach Dorfman about it. And he's saying you should delete Google Chrome now after Google's newest tracking admission. So here we go. [00:53:55] Google's web browser. Right? It's been the thing for people to use Google Chrome for many years, it's been the fastest. Yeah, not always people kind of leapfrog it every once in a while, but it has become quite a standard. Initially Microsoft is trying to be the standard with their terrible browser and yeah, I to Exploder, which was really, really bad and they have finally completely and totally shot it in the head. [00:54:29] Good move there on their part. In fact, they even got rid of their own browser, Microsoft edge. They shot that one in. They had to, I know I can hear you right now saying, oh, Craig, I don't know. I just use edge browser earlier today. Yeah. But guess what? It isn't edge browser. It's actually Google Chrome. The Microsoft has rebranded. [00:54:52] You see the guts to Google Chrome are available as what's called an open source project. It's called chromium. And that allows you to take it and then build whatever you want on top of. No, that's really great. And by the way, Apple's web kit, Kat is another thing that many people build browsers on top of and is part of many of these browsers we're talking about right now, the biggest problem with the Google Chrome. [00:55:22] Is they released it so they could track you, how does Google make its money? Well, it makes us money through selling advertising primarily. And how does it sell advertising if it doesn't know much or anything about you? So they came out with the Google Chrome browser is kind of a standard browser, which is a great. [00:55:43] Because Microsoft, of course, is very well known for not bothering to follow standards and say what they have is the actual standard and ignoring everybody else. Yeah. Yeah. I'm picking on Microsoft. They definitely deserve it. Well, there is what is being called here in Forbes magazine, a shocking new tracking admission from. [00:56:05] One that has not yet made headlines. And there are about what 2.6 billion users of Google's Chrome worldwide. And this is probably going to surprise you and it's frankly, Pretty nasty and it's, I think a genuine reason to stop using it. Now, as you probably know, I have stopped using Chrome almost entirely. [00:56:31] I use it when I have to train people on Chrome. I use it when I'm testing software. There's a number of times I use it, but I don't use. The reality is the Chrome is an absolute terror. When it comes to privacy and security, it has fallen way behind its rivals in doing that. If you have an iPhone or an iPad or a Mac, and you're using safari, apple has gone a long ways to help secure your. [00:57:09] Well, that's not true with Chrome. In fact, it's not protecting you from tracking and Dave up data harvesting. And what Google has done is they've said, okay, well, we're going to get these nasty third party cookies out of the whole equation. We're not going to do that anymore. And what they were planning on doing is instead of knowing everything specifically. [00:57:34] You they'd be able to put you in a bucket. So they'd say, okay, well you are a 40 year old female and you are like driving fast cars and you have some kids with a grandkid on the way, and you like dogs, not cats, right? So that's a bucket of people that may be a few hundred or maybe up to a thousand. As opposed to right now where they can tell everything about you. [00:58:04] And so they were selling that as a real advantage because they're not tracking you individually anymore. No, we're putting you in a bucket. Well, it's the same thing. Right. And in fact, it's easier for Google to put you in a bucket then to track everything about you and try and make assumptions. And it's easier for people who are trying to buy ads to place in front of you. [00:58:28] It's easier for them to not have to kind of reverse engineer all of the data the Google has gathered in instead of. To send this ad to people that are in this bucket and then that bucket. Okay. It makes sense to you, but I, as it turns out here, Google has even postponed of that. All right. They really have, they're the Google's kind of hiding. [00:58:54] It's really what's going on out there. Uh, they are trying to figure out what they should do, why they should do it, how they should do it, but it's, it's going to be a problem. This is a bad habit. The Google has to break and just like any, anybody that's been addicted to something it's going to take a long time. [00:59:16] They're going to go through some serious jitters. So Firefox is one of the alternatives and to Google Chrome. And it's actually a very good one. It is a browser that I use. I don't agree with some of the stuff that Mozilla and Firefox does, but again, right. Nobody agrees on everything. Here's a quote from them. [00:59:38] Ubiquitous surveillance harms individually. And society Chrome is the only major browser that does not offer meaningful protection against cross cross site tracking and Chrome will continue to leave users unprotected. And then it goes on here because. Uh, Google response to that. And they admit that this massive web tracking out of hand and it's resulted in, this is a quote from Google and erosion of trust, where 72% of people feel that almost all of what they do online is being. [01:00:19] By advertisers, technology firms or others, 81% say the potential risks from data collection outweigh the benefit by the way, the people are wrong. 72% that feel almost all of what they do on online is being tracked. No, no. The answer is 100% of what you do is probably being tracked in some way online. [01:00:41] Even these VPN servers and systems that say that they don't do log. Do track you take a look at proton mail just last week. Proton mail it's in Switzerland. Their servers are in Switzerland. A whole claim to fame is, Hey, it's all encrypted. We keep it safe. We don't do logging. We don't do tracking, uh, guess what they handed over the IP addresses of some of the users to a foreign government. [01:01:10] So how can you do that? If you're not logging, if you're not tracking. Yeah, right. They are. And the same thing is true for every paid VPN service I can think of. Right. So how can Google openly admit that their tracking is in place tracking everything they can, and also admit that it's undermining our privacy and. [01:01:38] Their flagship browser is totally into it. Right? Well, it's really, it's gotta be the money. And Google does not have a plan B this anonymized tracking thing that they've been talking about, you know, the buckets that I mentioned, isn't realistic, frankly. Uh, Google's privacy sandbox is supposed to Fitbit fix it. [01:02:00] I should say. The, the whole idea and the way it's being implemented and the way they've talked about it, the advertisers on happy. So Google's not happy. The users are unhappy. So there you go. That's the bottom line here from the Forbes article by Zach Dorfman, delete Google Chrome. And I said that for a long time, I do use some others. [01:02:27] I do use Firefox and I use. Which is a fast web browser, that some pretty good shape. Hey, if you sign up for my show's weekly newsletter, not only will you get all of my weekly tips that I send to the radio hosts, but you will get some of my special reports that go into detail on things like which browser you shouldn't be using. [01:02:52] Sign up right now. Craig peterson.com. [01:02:57] Many businesses have gone to the cloud, but the cloud is just another word for someone else's computer. And many of the benefits of the cloud just haven't materialized. A lot of businesses have pulled back and are building data centers again. [01:03:14] The reason I mentioned this thing about Microsoft again, and the cloud is Microsoft has a cloud offering. [01:03:23] It's called Microsoft Azure. Many people, many businesses use it. We have used it with some of our clients in the past. Now we have some special software that sits in front of it that helps to secure. And we do the same thing for Amazon web services. I think it's important to do that. And we also use IBM's cloud services, but Microsoft is been pitching for a long time. [01:03:51] Come use our cloud services and we're expecting here probably within the next month, a big announcement from Microsoft. They're planning on making it so that you can have your desktop reside in Microsoft's cloud, in the Azure cloud. And they're selling really the feature of it doesn't matter where you are. [01:04:17] You have your desktop and it doesn't matter what kind of computer you're on. As long as you can connect to your desktop, using some just reasonable software, you will be able to be just like you're in front of a computer. So if you have a Chromebook or a Mac, Or a windows or tablet, whatever, and you're at the grocery store or the coffee shop or the office, you'll be able to get it, everything, all of your programs, all your files. [01:04:47] And we, Microsoft will keep the operating system up to date for you automatically a lot of great selling points. And we're actually looking into that. Not too heavily yet. We'll give them a year before we really delve into it at all. Cause it takes them a while to get things right. And Microsoft has always been one that adds all kinds of features, but most of the time, most of them don't work and we can, we can document that pretty easily, even in things like Microsoft. [01:05:18] Well, the verge is now reporting that Microsoft has warned users of its as your cloud computing service, that their data has been exposed online for the last two years. Yeah, let me repeat that in case you missed it, you, uh, yeah. I'm I'm I might've misspoken. Right. Uh, let me see, what does it say? It says, um, users of Azure cloud competing service. [01:05:48] So that's their cloud. Microsoft's big cloud. Okay. Um, their data has been. Exposed online. Okay. So that means that people could get the data, maybe manipulate the data that sort of exposed means for the last two years. Are you kidding me? Microsoft is again, the verge. Microsoft recently revealed that an error in its Azure cosmos database product left more than 3,300 as your customers data. [01:06:24] Completely exposed. Okay guys. So this, this, this is not a big thing, right? It can't possibly be big thing because you know who uses Azure, right. Nobody uses a zer and nobody uses hosted databases. Come on, give me a break. Let me see, what else does this have to say? Oh, okay. It says that the vulnerability was reported, reportedly introduced into Microsoft systems in 2019, when the company added a data visualization feature called Jupiter notebook to cosmos DB. [01:06:59] Okay. Well, I'm actually familiar with that one and let's see what small companies let's see here. Um, some Azure cosmos DB clients include Coca Cola. Liberty mutual insurance, Exxon mobile Walgreens. Hmm. Let me see. Could any of these people like maybe, maybe Liberty mutual insurance and Walgreens, maybe they'd have information about us, right. [01:07:26] About our health and social security numbers and account numbers and credit cards. Names addresses. Right, right. That's again, why I got so upset when these places absolutely insist on taking my social security number, right? It, it, first of all, when it was put in place, the federal government guaranteed, it would never be used for anything other than social security. [01:07:53] And the law even said it could not be used for anything other than social security. And then the government started expanding it. Right. And the IRS started using it. To track all of our income and you know, that's one thing right there, the government computers, they gotta be secure. Right. All of these breaches we hear about that. [01:08:12] Can't be true. Uh, so how about when the insurance company wants your personal information? Like your social security number? What business is it of? There's really no. Why do they have to have my social security number? It's a social security number. It's not some number that's tattooed on my forehead. [01:08:36] That's being used to track me. Is it this isn't a socialist country like China is, or the Soviet union was right. It's not socially. So why are they tracking us like that? Walgreens? Why do they need some of that information? Why does the doctor that you go to that made the prescription for Walgreens? Why do they need that information? [01:09:00] And I've been all over this because they don't. Really need it. They want, it makes their life easier, but they don't really need it. However, it exposes us. Now, if you missed the email, I sent out a week ago, two weeks ago now, I guess. You missed something big because I, in my weekly newsletter went through and described exactly what you could do in order to keep your information private. [01:09:35] So in those cases where websites asking for information that they don't really need, right? You don't want to lie, but if they don't really need your real name, why you're giving them your real name? Why do you use a single email address? Why don't you have multiple addresses? Does that start make sense to you guys? [01:09:54] And now we find out that Microsoft Azure, their cloud services, where they're selling cloud services, including a database that can be used online, a big database, uh, 3,300 customers looks like some of them are actually kind of big. I don't know. ExxonMobil pretty big. Yeah. I think so. Walgreens, you think that that might be yeah, yeah, yeah, yeah. [01:10:22] Y. Why are we trusting these companies? You know it, if you have a lot of data, a lot of customers, you are going to be a major target of nation states to hack you and bat just general hackers, bad guys. But you're also, if, if you've got all this information, you've also got to have a much higher level of security than somebody that doesn't have all of that information. [01:10:52] Does that make sense too? Did I say that right? You don't need the information and, and I've got to warn anybody that's in a business, whether you're a business owner or you're an employee, do not keep more data than you need the new absolutely need to run your company. And that includes data about your customers. [01:11:16] And maybe, maybe it's even more specifically data about your customer. Because what can happen is that data can be stolen and we just found. That? Yes, indeed. It could have been, it was exposed Microsoft the same. We don't know how much it was stolen. If anything was stolen. Um, yeah, Walgreens. Hey, I wonder if anyone's going to try and get some pain pills illegally through, uh, this database hack or a vulnerability anyways. [01:11:47] All right, everyone. Stick around. We'll be back. Of course, you listening to Craig Peterson. I am a cybersecurity strategist for business, and I'm here to help you as well. You can ask any question any time, uh, consumers are the people I help the most, you know, I wish I got a dime for every time I answered a question. [01:12:09] Just email firstname.lastname@example.org email@example.com and stick around. [01:12:18] Whether or not, you agree with the lockdown orders that were put in place over this COVID pandemic that we had. Uh, there are some other parts of the world that are doing a lot more. [01:12:34] Australia has, I don't know. I think that they went over the deep end. The much, the same thing is true right next door to them. [01:12:45] And I am looking at a report of what they are doing with this new app. Uh, you might be aware that both apple and Google came out with an application programming interface. That could be used for contract tack tracking, contact tracking. There you go. Uh, it wasn't terribly successful. Some states put some things in place. [01:13:13] Of course you get countries like China. I love the idea because heaven forbid you get people getting together to talk about a Tannen square remembrance. Now you want to know who all of those people were, who were in close proximity, right? So, you know, good for China a while, as it turns out, Australia is putting something in place they have yet another COVID lockdown. [01:13:39] They have COVID quarantine orders. Now I think if you are sick, you should stay on. I've always felt that I, you know, I had 50 employees at one point and I would say, Hey, if you're sick, just stay home. Never required a doctor's note or any of that other silliness, come on. People. If someone's sick, they're sick and let them stay home. [01:14:04] You don't want to get everybody else in the office, sick and spread things around. Right. Doesn't that just kind of make sense. Well, they now in Australia, don't trust people to stay home, to get moving. Remember China, they were, they were taking welders and we're going into apartments in anybody that tested positive. [01:14:22] They were welding them into their apartment for minimum of two weeks. And so hopefully they had food in there and they had a way to get fresh water. Australia is not going quite that far, but some of the states down under. Using facial recognition and geolocation in order to enforce quarantine orders and Canada. [01:14:47] One of the things they've been doing for very long time is if you come into the country from out of the country, even if you're a Canadian citizen, you have to quarantine and they'll send people by your house or you have to pay to stay for 10 days in a quarantine hope. So you're paying the course now inflated prices for the hotel, because they're a special quarantine hotel. [01:15:14] You have to pay inflated prices to have food delivered outside your door. And that you're stuck there for the 10 days, or if you're at home though, they, you know, you're stuck there and they'll send people by to check up on you. They'll make phone calls to check up on you and. They have pretty hefty find. [01:15:36] Well, what Australia has decided to do is in Australia is Charlene's even going from one state to another state are required to prove that they're obeying a 14 day quarantine. And what they have to do is have this little app on their phone and they, the app will ping them saying, prove it. And then they have to take a photo of themselves with geo location tag on it and send it up via the app to prove their location. [01:16:15] And they have to do all of that within 15 minutes of getting the notification. Now the premier of the state of south Australia, Steven Marshall said we don't tell them how often or when on a random basis, they have to reply within 15 minutes. And if you don't then a police, officer's going to show up at the address you're supposed to be at to conduct an in-person check. [01:16:43] Very very intrusive. Okay. Here's another one. This is a, an unnamed government spokesperson who was apparently speaking with Fox news quote. The home quarantine app is for a selected cohort of returning self Australians who have applied to be part of a trial. If successful, it will help safely ease the burden of travel restrictions associated with the pandemic. [01:17:10] So there you go. People nothing to worry about. It's just a trial. Uh, it will go away. Uh, just like, uh, for instance, income tax, as soon as rule, number one is over, it will be removed and it will never be more than 3% and it will only apply to the top 1% of wage-earners. So there you go. Right. And we all know that world war one isn't over yet. [01:17:34] Right. So that's why they still have it in somehow. Yeah, some of the middle class pays the most income tax. I don't know. Interesting. Interesting. So there you go. Little news from down under, we'll see if that ends up happening up here. News from China, China has, uh, China and Russia have some interesting things going on. [01:17:55] First of all, Russia is no longer saw. Country, they kind of are. They kind of aren't, they are a lot freer in many ways than we are here in the United States. Of course, China, very heavily socialist. In fact, they're so socialists, they are communist and China. And Russia both want their kids to have a very good education in science, engineering, and mathematics. [01:18:23] Not so much on history, not so much on, on politics. Right. But definitely heavy on the, on the sciences, which I can see that makes all the sense. I think everybody should be pretty heavily on the science. Well, according to the wall street journal this week, gamers under the age of 18 will not be allowed to play online games between 8:00 PM and 9:00 PM on Friday, Saturdays and Sundays. [01:1
Thirty countries have been meeting virtually with the Biden administration this week to coordinate efforts against the growing problem of ransomware cyber attacks, which have caused major disruptions around the world in recent months. Anne Neuberger, the deputy national security advisor for Cyber and Emerging Technology who organized the conference, joins Nick Schifrin to discuss. PBS NewsHour is supported by - https://www.pbs.org/newshour/about/funders
Thirty countries have been meeting virtually with the Biden administration this week to coordinate efforts against the growing problem of ransomware cyber attacks, which have caused major disruptions around the world in recent months. Anne Neuberger, the deputy national security advisor for Cyber and Emerging Technology who organized the conference, joins Nick Schifrin to discuss. PBS NewsHour is supported by - https://www.pbs.org/newshour/about/funders
Today's organizations face an ever-increasing number of cyberthreats. This means they must deploy a number of increasingly effective cyber defense tools — including cyber testing. Effective testing requires a number of steps from having a clear plan to getting buy-in to acting on the results. Special Guests: Brandon Jaster, Karen O'Reilly-Smith, and Thomas Dowling.
“How can you have a digital society where you don't even know what the rules are?”In this episode, we sit down with Dr. Kalev Leetaru, a media fellow at the RealClearFoundation and senior fellow at the George Washington University Center for Cyber and Homeland Security.Instead of repealing Section 230, he argues for an amendment to Section 230 that would compel social media companies to make available extensive dataset collections on what they're censoring, why each individual post or account was censored, and how the social media companies' algorithms decide what content is boosted or demoted.While some argue for repealing Section 230 immunity for social media companies altogether, Leetaru says it would have the opposite of the intended effect. Instead of decreasing censorship, it would only cause social media companies to become more avid censors as they try to avoid costly lawsuits.
Wir finden Spinnen ok, denn sie fressen Mücken. Wer das anders sieht und nur schon beim Anblick einer Spinne Panik kriegt, kann seine Angst nun selbst therapieren mit einer App der Uni Basel. Darüber sprechen wir. Und auch mal wieder über Ransomware-und andere Cyber-Attacken. Der ganze Podcast im Überblick: (00:02:15) Attacken auf Gemeinden (Montreux) und KMUs (00:07:24) Schpinnele okay dank «Phobys» (00:16:01) Guido und die Guerilla (Lets Play: «Far Cry 6») (00:22:27) Supply-Chain-Attacken: Gespräch mit Chris Kubecka (00:47:46) Ausblick: Selbstfahrende Autos
Roger Grimes is an industry expert and the Data Driven Defense Evangelist for KnowBe4. In this episode, Roger shares more with us about his new book "Ransomware Protection Playbook," how he thinks there's more we can do to prevent breaches, what the future of ransomware looks like, and more. KnowBe4 is the world's first and largest New-school security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. To learn more about our sponsor, KnowBe4, visit https://knowbe4.com
Port Forwarding with Windows for the Win https://isc.sans.edu/forums/diary/PortForwarding+with+Windows+for+the+Win/27934/ Please Fix Your E-Mail Brute Forcing Tool https://isc.sans.edu/forums/diary/Please+fix+your+EMail+Brute+forcing+tool/27930/ Ad Blocker Injects Ads https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/ Romance Scams Go After Crypto Currency https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/ Sysmon For Linux https://github.com/Sysinternals/SysmonForLinux Foxit Updates https://www.foxit.com/support/security-bulletins.html VMWare Updates https://www.vmware.com/security/advisories/VMSA-2021-0023.html
Photo: 2/2 The dangers inside all software; & What is to be done? Georgianna Shea @_GeorgiannaShea @FDD https://www.fdd.org/analysis/2021/09/29/a-software-bill-of-materials-is-critical-for-comprehensive-risk-management/ @_GeorgiannaShea FDD; Chief Technologist for FDD's Center on Cyber and Technology Innovation (CCTI) and Transformative Cyber Innovation Lab (TCIL). .
Photo: 1/2 The dangers inside all software; & What is to be done? Georgianna Shea @_GeorgiannaShea @FDD https://www.fdd.org/analysis/2021/09/29/a-software-bill-of-materials-is-critical-for-comprehensive-risk-management/ @_GeorgiannaShea FDD; Chief Technologist for FDD's Center on Cyber and Technology Innovation (CCTI) and Transformative Cyber Innovation Lab (TCIL).
On this week's Cyber Report, sponsored by Northrop Grumman, Justin Sherman of the Atlantic Council think tank and a Wired magazine contributor, discusses former USAF software chief Nick Chaillan's regarding the Pentagon's inability to improve its cyber defenses, grading the Biden administration's cyber team, the White House's drive to bring nations together to counter ransomware and national security takeaways from Facebook hearings with whistleblower Frances Haugen with Defense & Aerospace Report Editor Vago Muradian.
Cyber crime has wreaked havoc on businesses large and small, yet many still believe it's not going to happen to them. Joining Chris to discuss how outsourced IT firms are helping protect businesses large & small from the hackers and ransomware criminals is CEO and Founder of Doberman Technologies, Ian Richardson!
In the cybersecurity world, the pandemic brought on a brand new set of challenges that demanded quick thinking, rapid action and a whole lot of innovation. In the first episode of C Suite season two, Claudette and her guests will be discussing how the remote work revolution has changed cybersecurity needs for most companies, and how they can maintain a secure IT ecosystem even as their employees work from multiple locations around the world. This episode's guests include Amy, a business owner who was hacked while gearing up to launch a healthcare app, and Robert Herjavec, the Founder and CEO of Herjavec Group, a cybersecurity firm that helps minimize global cyber attacks and threats for businesses of all sizes.
This episode features an interview with René Waslo, Risk and Financial Advisory Principal at Deloitte & Touche. She works as a cyber professional within the Energy, Resources and Industrials sector. In this episode, René talks about zero trust, trends in security breaches, sustainability in cyber, and encouraging women to enter the cyber industry.Quotes“Even though it's cyber that we're talking about, it's about relationships. Because cyber is trust. It's building digital trust in your environment, your systems. IFor us to be able to do that for clients, they need to trust us as humans. So, it definitely does come back to the ability to build those relationships.”Time Stamps*[5:03] Building Digital Trust with Clients*[9:15] Sustainability in Cybersecurity*[10:47] The Growing Complexity of the Digital World*[12:34] Cybersecurity as a Tech and Business Role*[14:04] The Growing Sophistication of Cybersecurity Breaches*[20:04] The Fast-Changing World of Cyber*[24:47] Implementing Identity Access Management, Including Connected Products*[26:25] The Explosion of Sensor Technology*[28:17] Discerning Important Data amid the Noise*[30:22] Choosing Your Specialty in Cybersecurity*[35:04] Women in CybersecurityLinksConnect with René on LinkedInFollow Lauren on TwitterConnect with Lauren on LinkedInThanks to our friendsTruth Be Known is brought to you by Talend, a leader in data integration and data integrity, enabling every company to find clarity amidst the chaos. Talend Data Fabric brings together in a single platform all the necessary capabilities that ensure enterprise data is complete, clean, compliant, and readily available to everyone who needs it throughout the organization. Learn more at Talend.com
Produced and hosted by Aspen Digital, the 2021 Aspen Cyber Summit provides one of the most significant stages for discussions around cybersecurity policy, strategy, and operations. The theme of this year's Summit is systemic cyber risk, as leaders in government and industry attempt to understand and control the most dangerous sources of cyber risk that allow adversaries to inflict damage at a regional, national, or international scale. See acast.com/privacy for privacy and opt-out information.
A Chinese-speaking APT is distributing the MysterySnail RAT in what appears to be a cyberespionage campaign. Some users still haven't patched vulnerable SolarWinds instances. Notes on yesterday's Patch Tuesday. The US-convened international ransomware conference kicked off today, and Russia wasn't invited. Former users of a criminal booter service get a stern warning letter from the Dutch police. Caleb Barlow reacts to a recent ransomware tragedy. Our guest is Rob Gurzeev of CyCognito on the security issues with subsidiaries. And a Florida woman is charged with altering aircraft records. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/197
Whitley Penn Talks is back with another episode of The Cyber Guys. John Williamson, RAS Partner, and Jesus Vega, RAS Senior Manager, kick off Cybersecurity Month with insight to social engineering and phishing.
Welcome to Mastering Cyber with Host Alissa (Dr Jay) Abdullah, PhD, SVP & Deputy CSO at Mastercard, and former White House technology executive. Listen to this weekly one-minute podcast to help you maneuver cybersecurity industry tips, terms, and topics. Buckle up, your 60 seconds of cyber starts now! Sponsored by Mastercard. https://mastercard.us/en-us.html
Some lawmakers want to force companies to report when they have been hacked. But the agency that would be tasked with enforcing those rules supports voluntary standards instead. WSJ Pro Cybersecurity reporter David Uberti joins host Zoe Thomas to discuss why. Learn more about your ad choices. Visit megaphone.fm/adchoices
Closing The Cyber Barn Door Before the Horses Leave: Kailash Ambwani, Chief Executive Officer at Constella Intelligence, joins co-hosts Richard Levick and Ian Lipner of LEVICK to discuss what companies can do before there is a breach to reduce risk. Constella is a leading global Digital Risk Protection business that works in partnership with some of the world's largest organizations to safeguard what matters most for each company and defeat digital risk. While most discussions of breaches are about what to do afterwards, Constella focuses on providing the intelligence to help reduce risk and prevent cyber-attacks.
You've got the technicals skills, but how do you explain them to someone? Knowing how to communicate about technology to different audiences is a crucial part of cybersecurity career development. Listen to Chief Cybrary Mentor, Mark Nibert, share his advice on how to tackle your public speaking fears, know when that email should be a meeting, and ask the right questions as you expand your network. Don't forget to rate, review & subscribe to us on Apple Podcasts, Spotify, and YouTube! Check out Cybrary Now!!! ~Cybrary Connect with Mark! ~ Mark Nibert's Linkedin Mark's Reading List ~"The Ghost in the Wires" by Kevin Mitnick and William L. Simon ~"Talk Like TED" by Carmine Gallo ~"Executive Presence" by Sylvia Ann Hewlett Follow Thor on Twitter! ~@thorin_around Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html PyPi Remove mitmproxy2 Module https://twitter.com/maximilianhils/status/1447525552370458625 https://web.archive.org/web/20211012105244/https://gist.github.com/mhils/7ff29d50b25a1c99e06834cf95684333
This week we welcome guest Combiz Abdolrahimi, a national security lawyer and Emerging Technology and Innovation Leader at Deloitte. We deep dive into today's critical infrastructure vulnerabilities and navigating the path forward to address the threat with systems that weren't originally designed with cybersecurity in mind. (Hint: don't approach 21st century cyber challenges with 20th century thinking) And he shares perspective from his time in government at the U.S. Departments of State, Treasury, and Commerce, among others, as well as insights across today's hot topic themes including ransomware, cryptocurrency regulations, international enforcement, and the criticality of information sharing and reporting requirements. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e154
Non HTTP Requests Hitting Web Server https://isc.sans.edu/forums/diary/Things+that+go+Bump+in+the+Night+Non+HTTP+Requests+Hitting+Web+Servers/27924/ Apple Updates iOS/iPadOS to 15.0.2 https://saaramar.github.io/IOMFB_integer_overflow_poc/ https://support.apple.com/en-us/HT212846 Weak SSH Keys Used with GitKraken https://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/ Let's Encrypt Outage https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6164b5af714e1f053880ba0c
Scanning for Previous Oracle WebLogic Vulnerabilities https://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/ Sorting Things Out - Sorting Data by IP Address https://isc.sans.edu/forums/diary/Sorting+Things+Out+Sorting+Data+by+IP+Address/27916/ https://gitlab.com/slackermedia/bashcrawl Telegram Does Not Remove Auto-Deleted Messages from Cache https://habr.com/en/post/580582/ Microsoft To Disable Excel 4.0 Macros By Default https://twitter.com/GelosSnake/status/1446192775087722497 https://m365admin.handsontek.net/macro-settings-update-to-disable-excel-4-0-macros-by-default/