It's 5:05! Daily cybersecurity and open source briefing

It's April 5th, 2024, and time for your weekly cybersecurity and open-source news updates. We have news updates from Trac Bannon in Camp Hill, Pennsylvania, Julie Chatman in Washington, DC, Katy Craig in San Diego, California, Edwin Kwan in Sydney, Australia, and Olimpiu Pop in Transylvania, Romania. We'll start with Julie ChatmanResources and 300+ episodes, all free, all ungated:https://505updates.com/

It's March 29th, 2024 and time for Point of View Friday, where we cover a single topic from multiple perspectives. Today's point of discussion is around low-code/no-code solutions and their implications. Today we have perspectives from Julie Chatman in Washington, DC, Katy Craig in San Diego, California, Trac Bannon in Camp Hill, Pennsylvania, Edwin Kwan in Sydney, Australia, and Olimpiu Pop reporting from KubeCon Paris.We'll start with Katy Craig.Resources and 300+ episodes, all free, all ungated:https://505updates.com/

It's March 15th, 2024, and time for Point of View Friday, where we cover a single topic from multiple perspectives. Today's point of discussion is around the recent Cybersecurity and Infrastructure Security Agency hack, and it's suspected perpetrators and implications. We have perspectives from Julie Chatman in Washington, D.C., Katy Craig in San Diego, California, Trac Bannon in Camp Hill, Pennsylvania, and Olimpiu Pop from Transylvania, Romania. We also have a couple of interviews from last month's, AFCEA cybersecurity conference held in San Diego, California.We'll start with Katy Craig.Resources and 300+ episodes, all free, all ungated:https://505updates.com/

It's March 8th, 2024, International Women's Day, and time for Point of View Friday, where we cover a single topic from multiple perspectives. Today's point of discussion is around the risk of backdoored AI. We have perspectives from Julie Chatman in Washington, D.C., Katy Craig in San Diego, California, Trac Bannon in Camp Hill, Pennsylvania, and Olimpiu Pop from Transylvania, Romania. We also have a couple of news stories at the end, and some interviews from the annual AFCEA conference held in San Diego, California last month.We'll start with Julie Chatman.Resources and 300+ episodes, all free, all ungated:https://505updates.com/

It's March 1st, 2024 and time for Point of View Friday, where we cover a single topic from multiple perspectives. Today's point of discussion is around the anticipation of advancements in quantum computing and the massive overhauls of technology taking place. We have perspectives from Trac Bannon in Camp Hill, Pennsylvania, Olimpiu Pop from Transylvania, Romania, and Katy Craig in San Diego, California. We'll start with Trac Bannon.Resources and 300+ episodes, all free, all ungated:https://505updates.com/

It's February 23rd, 2024 and time for point of view Friday, where we cover a single topic from multiple perspectives. Today's point of discussion is around the increasing threat of deepfakes to democracies worldwide. We have perspectives from Trac Bannon in Camp Hill, Pennsylvania, Olimpiu Pop from Transylvania, Romania, Hillary Coover in Washington, DC, and Katy Craig in San Diego, California. We'll start with Katie Craig.Resources and 300+ episodes, all free, all ungated:https://505updates.com/

It's February 16th, 2024 and time for Point of View Friday, where we cover a single topic from multiple perspectives. Today's point of discussion is the Securities and Exchange Commission's change in cybersecurity disclosure rules. We have perspectives today from Trac Bannon in Camp Hill, Pennsylvania, Olimpiu Pop from Transylvania, Romania, and Katy Craig in San Diego, California. We'll start with Trac Bannon Resources and 300+ episodes, all free, all ungated:https://505updates.com/

It's February 9, 2024 and time for Point of View Friday where we cover a single topic from multiple perspectives. Today's point of discussion is the recent large-scale Microsoft breach. We have perspectives from Trac Bannon in Camp Hill, Pennsylvania, Olimpiu Pop in Transylvania, Romania and Shannon Lietz in San Diego, California. We'll start with Katy Craig also in San Diego, connecting the dots between the HPE breach and Microsoft. Resources and 300+ episodes, all free, all ungated:https://505updates.com/

It's January 12th, 2024, and time for Point of View Friday, where we cover a single topic from multiple perspectives. Today's point of discussion is what does the future look like for AI and cyber legislation? We have perspectives from Edwin Kwan in Sydney, Australia, Trac Bannon and Camp Hill, Pennsylvania, Olympia Pop from Transylvania, Romania. We'll begin with Shannon Lietz in San Diego, California on the Win, Lose or Draw when considering cyber legislation. Resources and 300+ episodes, all free, all ungated:https://505updates.com/

From @Sourced Network Productions, It's 5:05!, the Podcast , with your daily cybersecurity and opensource news headlines. 🎙️ Free, ungated access to 300+ episodes of “It’s 5:05!” on your favorite podcast platforms: bit.ly/505-updatesIt’s January 5, 2024, and time for Point of View Friday, where we cover a single topic from multiple perspectives. Today’s point of discussion is “What does the near future look like for AI, what should you consider when utilizing AI for your personal use or business solution?”Today’s contributors are Trac Bannon from Camp Hill Pennsylvania, Olimpiu Pop from Transylvania Romania, Shannon Lietz from San Diego California, and Edwin Kwan from Sydney Australia.We’ll start with Edwin’s thoughts on an algorithm that can give a thumbs up or down to your job application. 🎙️ Free access to 300+ episodes of “It’s 5:05!” on your favorite podcast platforms: bit.ly/505-updates#newspodcast #PoVFriday

Free, ungated access to all 300+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 31st, 1999. The world waits in anticipation of the year 2000 and the potential disasters that might be brought about by the Y2K bug. Just for fun, I set up my home with a remote control to turn off all the lights in my house and the TV our friends would be watching at our New Year's Eve party. Seconds after midnight, I pushed the remote control in my pocket, and everything went out. There were definitely a few people in my house that night who thought the apocalypse had come.Edwin Kwan: One of the features of Chrome Safety Check is that it will check if any saved passwords have been compromised. In addition, users will receive alerts in the Chrome menu about flagged dangerous extensions, outdated Chrome versions, or disabled safe browsing.Shannon Lietz: For the last couple of years, the EU has been talking about how it might address some of the cybersecurity issues that are plaguing its economy. As part of this, addressing the 189 pages of a potential act to come, it's hard to look at it and be both excited and petrified at the same time. There's lots to think about. Olimpiu Pop: In 2023, the cyber warfare aspect of the Ukraine war provided concrete examples of both resilience and evolving nature of cyber threats. Ukrainian cyber defenses, although not unbreakable, effectively countered a variety of Russian cyber attacks

Free, ungated access to all 300+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 28th, 1895. The world's first projected movie screening takes place at the Salon Indien du Grand Café in Paris, France. 33 people attend at the admission price of 1 franc each to view 10 films at about 50 seconds each.Edwin Kwan: Three malicious Chrome extensions disguised as VPNs infected approximately 1. 5 million users. The extensions - netPlus, netSafe, and netWin - were distributed through an installer hidden in pirated copies of popular video games like Grand Theft Auto and Assassin's Creed.Ian Garrett: New Year, New Data Breach Disclosure Rules issued by the U. S. Securities and Exchange Commission to reshape the cybersecurity landscape for publicly owned companies. Recently, starting on December 18th, these companies must now comply with the stringent rules requiring them to disclose material cyber incidents within 96 hours.Olimpiu Pop: The EU Cybersecurity Schemes, born from the EU Cybersecurity Act, are being developed for different industry categories such as ICT, Cloud services and 5G networks, and will consist of a comprehensive set of rules, technical requirements, standards and evaluation procedures for certification.

Free, ungated access to all 300+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 27th, 1968. Apollo 8 splashes down in the Pacific Ocean, ending the first manned orbit of the moon. When the spacecraft hit the water, the parachutes dragged it over and left it upside down. Because they were being buffeted by 10 foot swells, astronaut Frank Borman actually got sick and vomited. Welcome back to Earth, Frank.Edwin Kwan: A critical remote code execution vulnerability in the Apache Struts 2 framework is reportedly being ignored by developers, leaving approximately 80 percent of recent Strut downloads exposed to the flaw. The severity of the vulnerability, rated as 9. 8 out of 10 in CVSS, arises from a logic bug in the File Upload feature.Hillary Coover: Quantum computers operate on subatomic particle properties, enabling them to perform complex calculations and process information at unparalleled speeds compared to today's computers. However, a current challenge is the instability of qubits, the key processing units in quantum computers, which limits their ability to decrypt substantial amounts of data.Olimpiu Pop: In 2023, the European Union made significant strides in AI legislation with the introduction of the EU AI Act. This groundbreaking legislation, agreed upon on December 9, 2023, is the world's first dedicated law on AI and sets a global precedent.

Free, ungated access to all 300+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 25th, 1990. Merry Christmas, everyone. Tim Berners Lee, a British scientist working at the European Organization for Nuclear Research, otherwise known as CERN, along with his associate, Robert Kaliau, were operating the first web server, info.cern.Ch, and first web browser slash editor, World Wide Web, which were reportedly able to communicate over the internet by this date.Edwin Kwan: A groundbreaking attack named Terrapin has been uncovered posing a significant threat to the security of the SSH secure shell protocol. What sets Terrapin apart is its ability to undermine cryptographic SSH protections that were previously considered to be immune to such attacksHillary Coover: Britain's National Grid is taking steps to remove components provided by a subsidiary of China-backed Nari Technology from its electricity transmission network due to concerns about cybersecurity. Ian Garrett: Cyber criminals in their quest to maximize disruption and ransom demands are evolving their strategies. A notable example is the ransomware group gang known as BlackCat, which recently employed a novel extortion tactic. This incident is the first of its kind, and likely a precursor to future trends in cyber extortion.Olimpiu Pop: In 2023, cybersecurity and supply chain issues evolved significantly. Software supply chain attacks, especially targeting open source software libraries, saw a dramatic increase. The growing reliance on open source software, under the pressure of rapid development cycles, made these libraries prime targets for exploitation.

Free, ungated access to all 300+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 22nd, 1882. Edward Johnson, an associate of Thomas Edison, has walnut sized bulbs made specifically for him to wire his Christmas tree with electric light. The eighty red, white, and blue bulbs formed the first set of electric Christmas tree lights in history.Edwin Kwan: A recently discovered SMTP smuggling technique is allowing cyber attackers to sidestep email security protocols, posing a significant threat to organizations. The techniques exploit zero-day flaws in messaging servers, allowing attackers to send malicious emails with fake sender addresses.Hillary Coover: In an effort to combat cybercrime, U. S. government researchers are embarking on a 30 month project to investigate whether computer code used in cyberattacks can reveal clues about the hackers behind them.Katy Craig: The SEC's legal action against the former CISO of SolarWinds is a justified step towards greater accountability in corporate cybersecurity. It highlights the need for individuals in charge to diligently comply with federal safeguards and rules and to report incidents.Trac Bannon: The charges against Joe Sullivan and Timothy Brown have dramatic ramifications for industry. There is the increased scrutiny of CSOs and CISOs. The precedent is set for personal accountability for both cybersecurity practices and disclosures. This means corporate security officers face scrutiny and legal responsibilities similar to CFOs and their responsibility for financial disclosures.Olimpiu Pop: Whether we like it or not, we are at war. The CISO should stop preaching, and transform their slides into actions . Actions, translatable into automated tools that cannot be circumvented or ignored. More than that, as CISO, you should be the north star in terms of ethical conduct.

Free, ungated access to all 295+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Edwin Kwan: A former cloud engineer at a bank was terminated for violating company policies, including inappropriate laptop use. After he was fired, the employee went home and used a company issued laptop to launch attacks on the bank's network. Hillary Coover: Database management company MongoDB is currently investigating a security incident that has led to the exposure of some customer information. Certain corporate systems were compromised, containing customer names, phone numbers, email addresses, and other unspecified customer account metadata. For one customer, system logs were accessed. Ian Garrett: Microsoft recently released their Digital Defense Report of 2023, which provides crucial insights into the evolving cybersecurity landscape. Let's jump into the 10 essential insights of cybersecurity from the report.

Free, ungated access to all 295+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 20th, 1996. In a surprise move at the time, Apple Computer announces their intention to purchase Steve Jobs' company, NeXT, and bring Steve Jobs on board as an advisor to CEO Gil Amelio. Along with the leadership of future CEO Steve Jobs, the resurgence of Apple in the 2000s, and the emergence of the new world of technology can be traced back to this major event in technology history. Hillary Coover: In Maine's data privacy debate, L.L. Bean has surprisingly aligned with global tech giants, highlighting the power of local national business alliances in shaping legislation. This unusual alliance between a family-owned retailer and tech giants illustrates the complexity of the national data privacy law debate, primarily occurring at the state level.Edwin Kwan: Ubiquiti users were reporting last week that they were seeing other people's notification and had access to their devices. The incident was first reported on Reddit, where a user received a notification from UniFi ProTech, including an image from someone else's security camera.Katy Craig: Today we're discussing a significant cyber security incident. Xfinity has recently experienced a major data breach, potentially impacting around 36 million customers . Compromised data includes usernames, hashed passwords, the last four digits of social security numbers, security questions, birthdates, and contact details.

From @Sourced Network Productions, @It's 5:05!, the Podcast , with your daily #cybersecurity and #opensource news headlines. 🎙️ Free access to 280+ episodes of “It’s 5:05!” on your favorite #podcast platforms: bit.ly/505-updatesIn this episode: Marcel Brown: This day in Tech HistoryDecember 19th, 1974. Micro Instrumentation and Telemetry Systems, otherwise known as MITS, begins selling the Altair 8800 microcomputer kit. It is one of the most important computers in history, for it inspired the first generation of entrepreneurs that created the personal computer industry.Edwin Kwan: My Personal Experience with SMS Impersonation ScamsI was recently targeted by an SMS impersonation scam. The scammer was impersonating someone I know who's from the US and a text message came from a US number. I don't have this person's mobile number saved, so replied thinking it might be him. It became obvious fairly quickly that it was a scam, Hillary Coover: Europe Probes Elon Musk's X Over Disinformation Handling Elon Musk's social media platform, X, formerly known as Twitter, is facing an official investigation in Europe regarding its handling of illegal content and disinformation. The European Commission has initiated a formal infringement proceeding against X under the Digital Services Act.Ian Garrett: Cybersecurity, Artificial Intelligence, and Nuclear weapons, Oh my!Cybersecurity, artificial intelligence, and nuclear weapons. Do we have an update for you? The 2024 National Defense Authorization Act, or NDAA, is a crucial piece of annual legislation for U. S. military funding. The NDAA was passed with a focus on various cybersecurity concerns.🎙️ Free access to 290+ episodes of “It’s 5:05!” on your favorite podcast platforms: bit.ly/505-updates#newspodcast

Free, ungated access to all 295+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 17th, 1903. Orville and Wilbur Wright make their famous first controlled and sustained flights with a heavier than air, powered aircraft. Orville made the very first flight, which lasted about 12 seconds. Edwin Kwan: It's been almost three years since the critical Log4j vulnerability was disclosed. Despite patches being available shortly after vulnerability disclosure, many organizations persistently use vulnerable versions. There are still approximately 38% of applications using vulnerable versions of the Apache Log4j library. Hillary Coover: China raised concerns about the potential compromise of sensitive data, particularly in crucial sectors like the military, due to the use of foreign geographic information software. The Ministry of State Security has urged security departments to conduct thorough investigations to prevent further breaches. Katy Craig: A marketing company, CMG Local Solutions, recently claimed it could access people's private conversations through their device microphones for targeted advertising. This claim raises some serious red flags.

From Sourced Network Productions, It's 5:05!, the Podcast , with a special report on the EU AI Act. It’s Point of View Friday, featuring Trac Bannon, Katy Craig, Shannon Leitz, and Olimpiu Pop, with their perspectives on the release of the EU AI Act. We’ll start with Katy Craig.Katy Craig: Today, we’re diving into a significant milestone in AI regulation: the European Union’s recent passing of the AI Act. This legislation is set to shape how AI is used across industries, but it also raises questions about potential, unintended consequences.Trac Bannon: The EU is taking the global lead when it comes to AI governance. In the US, there are many discussions and hearings happening about AI policy at different levels of the government, but nothing cohesive and nothing comprehensive.Shannon Lietz: It’s an interesting time to be looking at AI, using AI, and trying to make sense of what it could mean for you. The question is, which use cases is it most well suited for? And are the producers of AI capabilities such as OpenAI and its competitors actually looking at which use cases should be allowed? Which ones are allowed to be adopted?Olimpiu Pop: The EU AI Act, with all its ups and downs, is the first one in the world, and it will be the baseline. Can the slow legislative apparatus keep pace with the lightning speed of AI tech space?🎙️ Free access to 280+ episodes of “It’s 5:05!” on your favorite #podcast platforms: bit.ly/505-updates

Free, ungated access to all 295+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 16, 2003. The CAN SPAM Act of 2003 is signed into United States law. Passed in an attempt to control the growing deluge of junk email, the law's effectiveness is dubious at best. Especially considering political spam is exempt from the law.Edwin Kwan: Apple will soon be introducing a stolen device protection feature, which is aimed at enhancing security if an iPhone is stolen, particularly in scenarios where thieves obtain the device passcode. Katy Craig: Today, we're diving into a significant milestone in AI regulation: the European Union's recent passing of the AI Act. This legislation is set to shape how AI is used across industries, but it also raises questions about potential, unintended consequences. Trac Bannon: The EU is taking the global lead when it comes to AI governance. In the US, there are many discussions and hearings happening about AI policy at different levels of the government, but nothing cohesive and nothing comprehensive. Olimpiu Pop: The EU AI Act, with all its ups and downs, is the first one in the world, and it will be the baseline. Can the slow legislative apparatus keep pace with the lightning speed of AI tech space?Shannon Lietz: It's an interesting time to be looking at AI, using AI, and trying to make sense of what it could mean for you. The question is, which use cases is it most well suited for? And are the producers of AI capabilities such as OpenAI and its competitors actually looking at which use cases should be allowed? Which ones are allowed to be adopted?

Free, ungated access to all 290+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 14th, 1902. The cable ship Silvertown begins laying the first Transpacific telegraph cable from San Francisco, destined for Honolulu, Hawaii. On January 1st, 1903, the connection between Hawaii and San Francisco was established.Edwin Kwan: A research study based on data from January 2021 to April 2023 shows a rise in insider threats, with 55% relying on privilege escalation exploits and the remaining 45% introducing risk by downloading or misusing offensive tools.Katy Craig: In June 2023, cybersecurity incidents shook the digital landscape as threat actors exploited a vulnerability in Adobe ColdFusion. The attackers executed a calculated malware deployment strategy. They exploited the Adobe ColdFusion vulnerability to introduce malware, including a remote access Trojan using HTTP POST commands.Ian Garrett: AI has emerged at the forefront of cybersecurity megatrends for 2024. An overwhelming 93% of respondents anticipate Generative AI, like ChatGPT, impacting their business strategies within the next 5 years, with 89% already incorporating AI into their R&D efforts.

Free, ungated access to all 290+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 16, 2016. After a long delay, Apple finally releases their new wireless earbuds, the Apple AirPods. Within two years, they became Apple's most popular accessory, and today are some of the most popular and well recognized earbuds in the market. Hillary Coover: A covert campaign dating back to May 2022 is distorting conversations about Taiwan's upcoming elections. The Graphika report exposes hundreds of fake social media accounts on Facebook, TikTok, and YouTube. While the perpetrators remain unidentified, the operation favored a pro-China political party in Taiwan, while criticizing its main rival.Katy Craig: Two years after the infamous Log4j vulnerability came to light, North Korean hackers are still exploiting this flaw in widespread cyberattacks. These attacks fall under the wide-reaching activities of the Lazarus umbrella, a term for the various North Korean government hacking operations.Edwin Kwan: Meta has announced the rollout of default end-to-end encryption for personal messages and calls on Messenger and Facebook. The rollout will take several months to complete globally, prompting users to set up recovery methods when their chats are upgraded.

Free, ungated access to all 290+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Mark Miller: December 12th, 1980. Apple computer holds their initial public offering selling 4.6 million shares at $22 per share, and turning more than 40 Apple employees and investors into instant millionaires. Edwin Kwan: A set of 14 security vulnerabilities named "5Ghoul" has been discovered in the firmware implementation of 5G mobile network modems from major chipset vendors like MediaTek and Qualcomm. The flaw impacts USB and IoT modems along with hundreds of smartphone models running Android and iOS.Katy Craig: Cybersecurity researchers from Cato Security Labs have uncovered a new variant of P2PInfect compiled for the MIPS architecture used widely in routers and IoT devices. This latest version indicates the botnet's expanding capability is in reach. Ian Garrett: Now hackers are applying to jobs? TA4557, a threat actor active since 2018, is evolving its strategy to directly target recruiters with malicious URLs. Once the recruiter responds, TA4557 replies with a URL linking to a website controlled by the threat actor, posing as the candidate's resume.

Free, ungated access to all 290+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 11th, 2008. Google releases the first stable, public version of their new web browser, Chrome. By 2013, Chrome had bypassed Microsoft's Internet Explorer and Mozilla Firefox to become the most popular web browser in the world, and is still considered so today.Edwin Kwan: Atlassian has issued an email warning customers of four critical vulnerabilities, each rated 9.0 or higher. Confluence, Jira, and Bitbucket servers, as well as companion apps for macOS are affected. Hillary Coover: Every piece of content you put online is at risk of being manipulated. Microsoft's recent cybersecurity research revealed that Russian propagandists employed a deceptive strategy to manipulate at least seven Western celebrities, including Elijah Wood and Priscilla Presley.Mark Miller: Well, that was a real train wreck, wasn't it? It looks as if Gemini's launch video jumped the shark. Let's take a step back as VP of research Oreo Venules responds by getting called out for faking the video.

From @Sourced Network Productions, @It's 5:05!, the Podcast , with a special report on the release of the OWASP BOM Maturity Model. It’s Point of View Friday, featuring Trac Bannon, Katy Craig, Shannon Leitz, and Olimpiu Pop, with their perspectives on the release of the BOM Maturity Model by the OWASP Foundation. We’ll start with Trac Bannon.🎙️ Free access to 280+ episodes of “It’s 5:05!” on your favorite #podcast platforms: bit.ly/505-updates

Free, ungated access to all 290+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 8th, 1975. Paul Terrell opens the Byte Shop in Mountain View, California, one of the first retail computer stores in the world. Paul Terrell and the Byte Shop are most famously known for ordering the first 50 computers from Steve Jobs and Steve Wozniak's fledgling Apple Computer Company in 1976.Edwin Kwan: A Bluetooth authentication bypass vulnerability has been discovered to be impacting Apple, Android, and some Linux devices. The bug allows attackers to connect to devices and inject keystrokes to execute arbitrary commands.Trac Bannon: OWASP has just introduced the Software Bill of Materials Maturity Model. In general, I'm not a fan of maturity models. They're often inflexible, arbitrary, and don't consider context. That said, there is merit in providing guidance given the slow rate of adoption and even the lack of understanding by the software industry.Katy Craig: Today we're diving into a game-changer for consumer software transparency: the launch of the BOM Maturity Model by the OWASP Foundation. Simply put, this model is a big win for consumers who want to know more about the software that we use daily. Olimpiu Pop: Software Bills of Materials, SBOMs, are those labels that we need to stick on our delivered software packages. How should it happen? For now, at least in the Java ecosystem, there is no way of delivering the label together with the package. Shannon Lietz: We're all talking about Bill of Materials these days. It's an important concept for all of us, for a lot of reasons, in particular software buyers. Anyone who's out there who's buying something from a supplier should be interested in what is in that actual product.

Free, ungated access to all 285+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 7, 1999. The Recording Industry Association of America sues the peer to peer file sharing service Napster, alleging copyright infringement for allowing users to download copyrighted music for free. The recording industry in general was caught with its pants down when it came to digital music and the internet.Edwin Kwan: WordPress administrators are being targeted by a fake security advisory email campaign to install a malicious plugin on their websites. According to security researchers, the attackers sent deceptive emails to website administrators pretending to be from WordPress.Katy Craig: A recent revelation has come to light about governments using smartphone apps' push notifications to surveil users. US Senator Ron Wyden warned that unidentified governments are demanding push notification data from Google and Apple. This news raises significant privacy concerns, highlighting the often overlooked implications of push notifications.Mark Miller: With the headline grabbing news of Sam Altman and the mess at OpenAI a couple of weeks ago, what's gotten lost in the media is that OpenAI's ChatGPT isn't the only game in town. There are dozens of other AI chat engines that can provide you with something more specific to your needs than a general AI model that tries to be the best of everything.

Free, ungated access to all 285+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 6, 1994. Apple sues the San Francisco Canyon Company, alleging they helped Intel and Microsoft steal code developed under contract for QuickTime for Windows. Apple was threatening Microsoft with a multi-billion dollar lawsuit that was famously settled by Steve Jobs and Bill Gates in 1997. This settlement is now believed to have helped Apple survive long enough to transform themselves in the 2000s, ushering in the mobile device revolution and the new world of technology.Edwin Kwan: WhatsApp has introduced a new secret code feature, allowing users to add an extra layer of security to their locked chats by setting a custom password. The process of locking chats has been streamlined, utilizing a long-press action for simplicity. WhatsApp aims to enhance privacy and protect sensitive conversations, making it harder for unauthorized access.Hillary Coover: In a world where password updates are about as popular as Monday mornings, the recent 23andMe security breach is here to remind us that a little humor won't save our data, but strong password hygiene will. Password 123 is just not going to cut it anymore. Katy Craig: Big news in AI: IBM and Meta, with over 50 others, including AMD, Intel, and Harvard, have launched the AI Alliance. It's a global coalition challenging the closed AI systems of leaders like OpenAI and Google. The Alliance promotes open innovation and open science in AI, offering an alternative to private AI models.

Free, ungated access to all 285+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Mark Miller: December 5th, 1965. The first PhD dissertation in computer science is presented. Richard L Wexelblat was the first candidate in a computer science program to complete a dissertation. Wexelblat's diploma presented by the University of Pennsylvania, the home of ENIAC, was the first one to carry the designation, "Computer Science". Ian Garrett: Enhancements to AI platforms have been incredible for the content generation market, as it is easier than ever to create realistic content with a fraction of the time it would have before. But, for every good use of a tool, there always is a malicious use as well. Edwin Kwan: In a significant move, Queensland's parliament has approved a mandatory data breach notification scheme. The scheme is set to impact state agencies from mid 2025 and local governments from mid 2026.Katy Craig: A new ransomware group named CACTUS recently surfaced, ranking in the top 10 for most monthly victims. CACTUS represents a sophisticated and multi-faceted cybersecurity threat to large commercial organizations.

Free, ungated access to all 285+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 3rd, 2001. Inventor Dean Kamen unveils the Segway self-balancing battery-powered vehicle on the TV show Good Morning America. The Segway uses computers and motors in its base to keep itself upright while the user is riding it. While the original Segway was not considered a commercial success, it definitely became a familiar icon of personal transportation. Edwin Kwan: Security researchers revealed a vulnerability in Zoom that allowed the unauthorized access of service accounts. The vulnerability enabled hackers to claim a Zoom Room's service account, gaining invisible access to team chat, whiteboards, and other applications.Hillary Coover: As we approach peak shopping season, it's crucial to consider measures to protect yourself from online fraud. One effective tool is the use of virtual credit cards. Here are a few frequently asked questions to get you all set up.Katy Craig: Security researchers have unveiled "LogoFAIL," a set of vulnerabilities in the Unified Extensible Firmware Interface (UEFI), used by various firmware vendors. These flaws, found in firmware image-parsing libraries, pose a significant risk to a wide range of consumer and enterprise devices from major manufacturers.

Free, ungated access to all 285+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: December 1st, 1996. America Online launches a new subscription plan offering their subscribers unlimited dial up internet access for $19.95 a month. Previously, AOL charged $9.95 a month for 5 hours of usage. The new plan brought in over 1 million new customers to AOL within weeks, and daily usage doubled among subscribers, to a whole 32 minutes per day.Edwin Kwan: Apple has urgently released security updates to address two zero day vulnerabilities that were actively being exploited. These vulnerabilities impact iPhones, iPads, and Mac devices.Katy Craig: CISA and the United Kingdom's National Cyber Security Centre jointly released guidelines for secure AI system development, developed in cooperation with 21 other agencies and ministries from across the world, including all members of the group of seven major industrial economies. Trac Bannon: The CISA AI Roadmap is a comprehensive, whole of agency plan. They've aligned it with the U. S. National AI Strategy. The roadmap has lines of effort to promote the beneficial uses of AI, enhance cybersecurity capabilities, and improve protection of AI systems from cyber based threats. One specific example that I find particularly valuable is the emphasis on secure by design principles in AI adoption.Olimpiu Pop: UK's Cyber Security Agency provided guidelines, and they invite you to act securely while developing your AI system. They mostly refer to general software development practices. Practices that the industry is trying to impose without much success for years now.

Free, ungated access to all 280+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 30th, 2009. Book retailer Barnes Noble releases their first Nook eReader to compete with the highly successful Amazon Kindle, released two years earlier. Edwin Kwan: Are we sharing too much on LinkedIn? Daniel Barbosa from WeLiveSecurity recently published an article on the potential risks associated with the wealth of personal information shared on LinkedIn, which is the world's largest professional social network. Katy Craig: MITRE, a government-funded research organization, is leading an ambitious project to map the security vulnerabilities in artificial intelligence (AI) systems. Recognizing the critical nature of AI security, international cyber defense agencies have called for enhanced security practices throughout the AI system lifecycle.Ian Garrett: Is investing in cybersecurity hot or not? It turns out it depends who you're asking, because there's a huge divide between the private and public markets.

Free, ungated access to all 280+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 29th, 1972. Atari introduces their first product, Pong, which would become the world's first commercially successful video game. Nolan Bushnell installed the game at Andy Capp's Tavern in Sunnyvale, California on this day. There were 10,000 machines installed within four months. Edwin Kwan: In 2023, Australians suffered over $400 million in losses due to scams. The actual figure is believed to be much higher considering under reporting. Australian banks have yielded to pressure from consumer groups and pledged to enhance efforts against scams by implementing technology to block transfers to suspicious accounts. Hillary Coover: As more and more cocaine is sneaking into Europe, big ports like Rotterdam and Antwerp are facing cybercrime aiding smuggling operations. In a shocking expose, the intricate web of criminal infiltration into Europe's major ports is revealed.Katy Craig: Google's latest cybersecurity forecast presents a concise yet comprehensive look at the emerging cyber landscape for 2024. This report from Google underlines the urgent need for advanced AI-integrated cybersecurity measures to combat these evolving threats and safeguard digital ecosystems in 2024 and beyond.

Free, ungated access to all 280+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 28, 1948. Just in time for the Christmas shopping season, 57 units of the first commercial instant camera, the Polaroid Land Camera Model 95, go on sale at the Jordan Marsh Department Store in Boston. Polaroid believed that 57 units would be enough to last through Christmas.Edwin Kwan: Open Source Blender Project is being targeted by Distributed Denial of Service attacks resulting in site outages. The attacks have severely disrupted operations, making it difficult to process legitimate connection requests. Despite continuous efforts by the administrators, attempts to block attackers' IP ranges were unsuccessful.Katy Craig: In a landmark collaboration, the United States and the United Kingdom have jointly issued comprehensive guidelines to strengthen the security and integrity of artificial intelligence, or AI, systems. This crucial document is directed at AI system providers, including those using both in-house and external models and APIs. Ian Garrett: Microsoft has announced the deprecation of Defender Application Guard for Office and the Windows Security Isolation APIs. These tools were integral in securing Microsoft 365 apps by creating a secure sandbox for files from untrusted sources. Microsoft's decision to deprecate Defender Application Guard for Office has significant implications for organizations and IT professionals.

Free, ungated access to all 280+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 27, 1995. Nearly six months to the day after Bill Gates sent his Internet Tidal Wave memo recognizing the importance of the Internet, and only three months after releasing version 1.0, Microsoft releases Internet Explorer 2.0 for Windows 95 and Windows NT 3.5.Edwin Kwan: Three critical vulnerabilities have been reported to affect OwnCloud, exposing users to potential data breaches. One of these flaws, with a maximum severity score, exposes administrator passwords and mail server credentials. Hillary Coover: Despite the widespread belief that private browsing can secure better prices during online shopping, it turns out that Incognito mode doesn't deliver on this promise. All private browsing modes do is erase your search history from the device and prevent the browser from using cookies to track your activity across sites.Katy Craig: The Pentagon is racing against time and technology in its ambitious Replicator initiative, aiming to deploy thousands of AI-enabled autonomous vehicles by 2026. This strategic push is to keep pace with China's rapid advancements in military technology.

Hello, this is Trac Bannon reporting from Camp Hill, Pennsylvania.The news of San Altman sacking by the OpenAI Board of Directors shook the world on Friday, November 17th. As events unfolded in the following hours and days, the world suffered collective whiplash. While many are asking why the board made that decision, more profound questions are being raised about the balance between innovative leadership and effective governance.The sacking of Altman, coupled with the ChatGPT outage on November 21st, underscores the delicate equilibrium required in leading cutting edge technology organizations. The impact of such high level upheaval on an organization’s workforce can’t be overstated.Morale, trust, and psychological safety matter. In the case of Sam Altman, the mix of political events and operational stability are sending additional shockwaves.Right or wrong, Sam Altman is viewed as a bold visionary pushing the boundaries of AI technology while maintaining a strong ethical compass. His departure from OpenAI could change the company’s direction and shows the difficulty of balancing visionary leadership and governance.It is no secret that Microsoft is the largest corporate investor in OpenAI, sinking over $10 billion and the use of their Azure cloud computing environment. As the OpenAI drama plays out, Satya Nadella has been the steady hand on the rudder. His simple words speak volumes. Surprises are bad.Consider that industry leaders have consistently warned us of the potential risk of AI on humanity. Elon Musk, Bill Gates, Ginni Rometty, Mark Zuckerberg, and the late Stephen Hawking.Nadella immediately stepped in to voice his support for the work of OpenAI, regardless of the configuration… a reference to Microsoft’s offer to hire Altman, Greg Brockman, and 743 of OpenAI’s 770 workers to keep the technology and innovation moving forward, yet contained.Should OpenAI’s Camelot be restored? No, the evidence is clear. The world’s most powerful technology needs a combination of innovation and governance.Sam Altman is currently in discussions to return to OpenAI. Satya has voiced continuing support for OpenAI. The world should collectively hope for a future where AI is both innovative and responsibly governed, benefiting humanity wisely and ethically.Something to noodle on.Full episode available: https://505updates.com/2023-11-24-cybersecurity-and-open-source-headlines/ 🎙️ Free, ungated access to all 280+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates

The recent turmoil at OpenAI, stemming from the ousting of CEO Sam Altman, has thrown the AI community into a state of intense discussion and speculation. We have a whole saga that looks more like a new season of HBO's Game of Thrones than a sane tech company that is crafting the future of humanity. The coup backfired and Altman seems to be returning in a more powerful position, just in time for the Thanksgiving turkey. The saga has significant implications for the broader AI industry. ChatGPT's release and OpenAI's innovative strides have triggered a surge in AI investment, with heavyweights like Microsoft investing substantially.What do these events actually underline? Altman's departure underscores the schism in AI development philosophy. On one side are proponents of rapid development and public deployment of AI, represented by Altman, argue that such an approach is essential for stress testing and perfecting the technology. On the other side are advocates of a more cautious approach favoring extensive development and testing in control environments, to ensure AI safety for public use. Concerns over the uncontrollability of hyper intelligent AI software, have been a significant factor in this divide. This issue is particularly acute among tech workers following the effective altruism movement who prioritize benefits to humanity. The question of how to balance commercial success with ethical and safe AI development has become increasingly pertinent. Originally founded as a non profit to ensure ethical AI development, OpenAI's transformation into a for profit entity under Altman's tenure has been a contentious issue. This shift has raised concerns about profit motives potentially overshadowing the company's ethical charter, which aims to prevent harm to humanity or undue concentration of power.More opinions and resources can be found on 505updates.com. Olimpiu Pop, reported from Transylvania, Romania.Full episode available: https://505updates.com/2023-11-24-cybersecurity-and-open-source-headlines/ 🎙️ Free, ungated access to all 280+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates

Hi, this is Shannon Leitz from San Diego, California. With all the brouhaha going on with Sam Altman and OpenAI, there's a lot to unpack and digest. A few things for all of us. When OpenAI, not yet a year ago, released its ChatGPT to the world, a fabulous capability if you ask me, it was pretty obvious at the time that they were chasing adoption and velocity as a brand new organization entering into the market.I say that because most folks know that there's sort of a chase for go to market. When doing so, I don't know that anybody, maybe Sam Altman could have known, but I don't know that anybody would have predicted 100 million folks adopting ChatGPT as quickly as they did. At the time, there was a clear understanding that resilience was sort of left behind, and the company knew about some of the errors associated with its technology and believed that it could fix it in time.Along the way, we've also seen Microsoft throw in billions of dollars in investment and the world is actually at an awe. From my perspective, analyzing the win, lose, or draw of this situation, it's pretty clear to me that we're at a current place in time where everyone's at a draw. What will happen to our beloved ChatGPT? How will that actually turn out in the end? And add a draw, who stands to win? Who stands to lose in this situation? It's pretty clear that when Microsoft brought on billions of dollars of investment, and OpenAI moved to Azure to be able to support its technology, that the clear winner that's going to come out of this is going to be Microsoft in the end.That means that who loses in this is going to be ultimately OpenAI, its workers, and it's customers. You know, yesterday, only yesterday, even just logging into ChatGPT, there was a huge outage, a spike, if you look at down detector. This tells me that resilience truly is the fuel of a durable company that underpins the technology that we all love and care about deeply.So if you're out there and you're trying to figure out how you're going to deal with this, if your company is born on ChatGPT or OpenAI technology, it's really important to start thinking about how you're going to find a resilient, adoptable, high velocity technology with lower errors. And that ultimately, the ones that are out there right now, that are being born to compete with OpenAI, they probably have a little bit more time, as they well know.This is Shannon Leitz, reporting on the Win, Lose, or Draw.

This is Katy Craig in San Diego, California. In an extraordinary twist fit for a Silicon Valley drama. OpenAI's boardroom coup against CEO Sam Altman not only failed, but spectacularly backfired, leading to a reshuffling of the board itself. The recent turmoil at OpenAI, a beacon in the AI industry, laid bare the complexities and power dynamics at play in the high stakes world of technological innovation.The attempt to oust Altman, ostensibly for a lack of transparency, was more than just a disagreement over leadership style. It symbolized a deeper conflict about the direction and speed of AI development. Altman, known for his ambitious, even aggressive, push for rapid AI advancement, found himself at odds with a cautious board.However, this move to sideline him inadvertently galvanized a workforce adamant about their leader's vision, leading to a near rebellion. This employee revolt, a clear indicator of Altman's influence and the high regard in which he is held, forced the board's hand. The result, a stunning reversal of fortune where the board not Altman faced the chopping block. OpenAI's announcement of Altman's return, flanked by a restructured board, is not just a reinstatement of a CEO, it's a resounding endorsement of his approach to AI development. What's particularly intriguing is the role of Microsoft in this saga. The tech giant, a significant financial backer of OpenAI, briefly flirted with the idea of integrating Altman and co-founder, Greg Brockman into its fold.However, as the crisis unfolded, it became clear that Microsoft's interests were best served with Altman at the helm of OpenAI, leading to its tacit support for the board's overhaul. The swift resolution culminating in Altman's return underscores a pivotal shift in corporate governance within tech companies. It's a clear message that visionary leadership, often personified by figures like Altman, cannot be easily sidelined, especially when it resonates so strongly with employees and aligns with key stakeholders interests. As OpenAI charts its course under Altman's renewed leadership, with a board more aligned with his vision, one thing is clear. In the high octane world of AI development, it's not just about the technology, but also about the people who drive it. Altman's return is a testament to his leadership and a cautionary tale for boards that underestimate the power of visionary CEOs and the teams they inspire. This is Katy Craig, stay safe out there. Full episode available: https://505updates.com/2023-11-24-cybersecurity-and-open-source-headlines/ 🎙️ Free, ungated access to all 280+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates

🎙️ Free, ungated access to all 280+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates.Marcel BrownNovember 25, 2002. Digital media software company, Roxio, purchases the assets of the former Napster, including name, logo, domain name, technology portfolio, and other intellectual property. Roxio was the first company to attempt to use the Napster brand for a music service, renaming PressPlay as Napster 2.0.Edwin Kwan The Australian government has shelved plans to ban ransomware payments to cybercriminal groups for at least two years. The government had put the question to the industry in a consultation on whether it should prohibit the payments of ransoms, extortion demands by cybercriminals by victims of cybercrime and or insurers. And if so, under what circumstances? Trac Bannon The news of San Altman sacking by the OpenAI Board of Directors shook the world on Friday, November 17th. As events unfolded in the following hours and days, the world suffered collective whiplash. While many are asking why the board made that decision, more profound questions are being raised about the balance between innovative leadership and effective governance. Katy CraigThe swift resolution culminating in Altman's return underscores a pivotal shift in corporate governance within tech companies. It's a clear message that visionary leadership, often personified by figures like Altman, cannot be easily sidelined, especially when it resonates so strongly with employees and aligns with key stakeholders interests.Shannon LietzWith all the brouhaha going on with Sam Altman and OpenAI, there's a lot to unpack and digest. When OpenAI, not yet a year ago, released its ChatGPT to the world it was pretty obvious at the time that they were chasing adoption and velocity as a brand new organization entering into the market. But I don't know that anybody would have predicted 100 million folks adopting ChatGPT as quickly as they did. Olimpiu PopThe recent turmoil at OpenAI, stemming from the ousting of CEO Sam Altman, has thrown the AI community into a state of intense discussion and speculation. We have a whole saga that looks more like a new season of HBO's Game of Thrones than a sane tech company that is crafting the future of humanity. Mark Miller From Sourced Network Productions in New York City, It's 5:05 on Friday, November 23rd, 2023. This is your host Mark Miller and its Point of View Friday, where today four of our contributing journalists, give us their take on the OpenAI and Sam Altman circus, which took over the headlines for four days.

🎙️ Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. Marcel Brown, St. Louis, MissouriNovember 23rd, 2004. Blizzard Entertainment releases the massively multiplayer online role playing game, World of Warcraft. It quickly became the most popular MMORPG of all time. In the nearly 20 years since its release, World of Warcraft has had 9 major expansion packs, with 3 more expansion packs already planned for the future. Edwin Kwan, Sydney, Australia The Australian government has released its revised cybersecurity strategy for its plan to become a world leader in cyber security by 2030. It seeks to make Australia a hard target for cyber attacks by undermining cybercrime business models and putting Australian businesses and consumers in a stronger position to prepare and respond effectively.Olimpiu Pop, Transylvania, RomaniaThe average Java application uses 148 dependencies, with around 10 releases occurring annually. That means that the developer is not only to make the initial selection of those libraries, but to track an average of 1,500 dependency changes throughout the year. Combine this with the fact that almost 20% of all track projects no further qualify as maintained. Ian Garret, Arlington, VirginiaQuishing, or QR code phishing, has seen a dramatic increase in 2023. This method involves encoding malicious links into QR codes, a technique that is proving both effective for attackers and challenging for defense systems. Let's talk about why it's on the rise, and what CISOs and security teams are doing about it.

Free, ungated access to all 275+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 22, 2005. Microsoft releases the Xbox 360, the second generation of their popular game console. And on November 22, 2013, exactly 8 years later, Microsoft released the Xbox One, which makes absolutely no sense.Edwin Kwan: Two third party service providers for the Canadian government have suffered breaches resulting in data in the last 24 years being potentially compromised. The servers that were impacted by the breach held data related to current and former Canadian government staff, members of the Canadian Armed Forces, and the Royal Canadian Mounted Police workers.Olimpiu Pop: The software supply chain report was released last month. I read it. I covered it for the InfoQ and then I read parts of it again. There are some key points that still need to be spoken out. It's a before and after the pandemic story. Hillary Coover; We're all familiar with ambulance chasing sales and marketing tactics, but this Cybersecurity Executive took things to a whole new level. In a shocking case, the Chief Operating Officer of an Atlanta based security company, Securalytics, took matters into his own hands by orchestrating cyberattacks on two local hospitals.

Free, ungated access to all 275+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 21st, 1877. Thomas Edison announces his invention of the phonograph, a way to record and play back sound. As often happens with many great inventors, Edison stumbled upon this particular invention while working on a way to record telephone communication at his lab in Menlo Park, New Jersey.Edwin Kwan: Security researchers have uncovered a malware campaign to steal sensitive information from Android smartphone users in India. Researchers say that the campaign is using social media platforms like WhatsApp and Telegram to lure users into installing a malicious app by impersonating legitimate organizations such as banks, government services, and utilities.Katy Craig: In light of the recent SEC charges against SolarWinds' Chief Information Security Officer, or CISO, Timothy G. Brown, there's a compelling argument for holding company officers accountable for neglecting cybersecurity and failing to report known risks. The charges against Brown for not disclosing significant cybersecurity vulnerabilities before and during the 2020 SUNBURST cyberattack, underline a crucial point: CISOs, like CFOs, must prioritize transparency and honesty in reporting risks.Ian Garrett: We can learn a lot about the state of the cybersecurity industry through the type of mergers and acquisitions, or M&A, that occur. 2023 has been a cautious yet significant year for mergers and acquisitions in the cybersecurity sector. Despite fears of a recession, rising interest rates, and conservative spending trends, the relentless pace of cyberattacks has maintained steady M&A activity.

Free, ungated access to all 275+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 19th, 2006. Nintendo releases the Wii game console to compete with the Sony PlayStation 3 and Microsoft Xbox 360. By foregoing raw computing power for increased player interaction, utilizing the innovative motion-sensitive "Wiimote" controller, the Wii defied expectations and became the best selling 7th generation game console. Edwin Kwan: Australia's first cybersecurity coordinator has been recalled to Defence after just four months into the role. The two-star general was working on delivering on the Home Affairs and Cybersecurity Minister's commitment to building a more coordinated approach to preparing for and managing the consequences of cybersecurity incidents.Hillary Coover: A new breed of cybercrime has emerged targeting teen boys. Law enforcement and child protection experts describe a growing wave of online predators targeting teens through a sophisticated nude-photo scam. These new scammers focus mostly on monetary gain.Katy Craig: The US Securities and Exchange Commission, SEC, has charged SolarWinds Corporation and its Chief Information Security Officer, Timothy G. Brown, with misleading investors about significant cybersecurity vulnerabilities. The SEC's complaint highlights instances where Brown and other employees were aware of, but failed to adequately address vulnerabilities in SolarWinds' systems.

Free, ungated access to all 275+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 17th, 1970. Douglas Engelbart receives a U. S. patent for his XY Position Indicator for a display system, more commonly known as the computer mouse. Engelbart called his device a mouse because the cord looked like a tail. Edwin Kwan: A popular WordPress plugin has been discovered to be vulnerable to a high-severity vulnerability. There are currently more than 600,000 websites that are using the vulnerable version and are potentially exposed to the vulnerability. Katy Craig: As the European Union considers the way ahead for the AI Act, a critical question arises. Should the EU establish a dedicated office to oversee and manage it? The establishment of a dedicated office for AI regulation must find a balance between oversight and innovation, efficiency and flexibility, and harmonization and autonomy. Shannon Lietz: The win on the AI Act is the fact that the EU is going to put some capability behind it. It's such a powerful forward motion for us in terms of the future of what we need for humanity. We've really got to start to establish some of the playing rules for how this becomes beneficial to everyone. Olimpiu Pop: while a delay in the AI Act's implementation may allow for more thorough consideration and balancing of various interests, it also runs the risk of leaving the EU unprepared to address the rapid advancements and potential risks associated with powerful AI technology.

Free, ungated access to all 270+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 16, 1982. Steve Jobs writes a letter to Macintosh Labs asking for the rights to use Macintosh as the brand name of Apple's still-in- development computer. Gordon Gao, president of Macintosh Labs, visited Apple headquarters for a product demonstration. However, Macintosh lawyers advised Gao to reject the request.Edwin Kwan: DP World Australia suffered a cyber attack which disrupted its landside freight operations. The attack resulted in around 30,000 shipping containers not being moved and crowding of available storage spaces at the ports. Ian Garrett: It's no secret that there's a massive shortage in cybersecurity talent, and with any resource that's high in demand with low supply, there are people willing to pay top dollar. For top cybersecurity professionals, companies are now offering substantial packages. Mark Miller: Hold on to your ass, developer, because you aren't a developer on the OpenAI platform. You're an idea generator for OpenAI's next iteration. This is Mark Miller sitting here shaking my head over what transpired last week at OpenAI's first developer conference.

Free, ungated access to all 270+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 15, 1996. The first version of ICQ, the Internet's first popular instant messaging program, is released by four high school students from Israel. By the end of 1997, ICQ had more than 5 million users, and in mid-1998, AOL purchased the company for $407 million. Edwin Kwan: Users of OpenAI's API, ChatGPT, and Dall-E services were experiencing intermittent outages. They would see messages from their queries saying that " something seems to have gone wrong or we're experiencing exceptionally high demand. Please hang tight as we work on scaling our systems."Hillary Coover: As the festive season approaches, the thrill of holiday shopping is palpable, but so is the excitement for cybercriminals aiming to capitalize on the online shopping surge through scams and data theft. One rising concern demanding attention is the surge in credit card skimming, a threat likely to intensify in the coming weeks.Katy Craig: The Citrix Bleed vulnerability has become the focal point of threat actors' attention, with active exploitation campaigns targeting government, technical, and legal organizations across the Americas, Europe, Africa, and the Asia Pacific region. The attackers employed a clever technique involving specially crafted HTTP GET requests.

Free, ungated access to all 270+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 14, 1971. NASA's Mariner 9 reaches the planet Mars and becomes the first man-made object to orbit another planet. Edwin Kwan: Signal has started testing the use of account usernames to allow users to keep their phone numbers private. Users would be able to turn off phone number discovery in their privacy settings and only allow the username to be the primary way others can contact them.Hillary Coover: Could deception technology be the ultimate strategy for staying ahead of cyber threats? A CSO opinion piece is quickly circulating and predicts that a convergence of IT and cybersecurity trends will make deception technology more accessible by the end of 2025. Ian Garrett: The cybersecurity domain is experiencing a significant paradigm shift. Traditional perimeter defenses like firewalls are making way for a more identity-centric approach. As we move forward, identity will no longer be a siloed discipline, but an integrated, interconnected aspect of cybersecurity infrastructure.

Free, ungated access to all 270+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 12, 2000. Bill Gates demonstrates a functional prototype of a tablet PC. Microsoft claims the Tablet PC will represent the next major evolution in PC design and functionality. However, the Tablet PC initiative never really takes off, and it isn't until Apple introduced the iPad in 2010 that tablet computing is widely adopted.Edwin Kwan: Marina Bay Sands in Singapore has disclosed that they suffered a data breach impacting 665,000 customers. It became aware of the security incident on 20th October, 2023, which involved unauthorized third-party access on the 19th and 20th of October. Hillary Coover: Boeing's recent cybersecurity breach reveal vulnerabilities in the aerospace industry? Boeing revealed on Friday that data from its systems was compromised by a malicious ransomware attacker. Katy Craig: Malaysian police have taken down the notorious Phishing-as-a-Service provider, BulletProftLink, and apprehended eight suspects, including the platform's main administrator.