It's 5:05! Daily cybersecurity and open source briefing

Free, ungated access to all 270+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Val Cole: November 10th, 1983. In 1983, which was 25 years before I was born, Microsoft announced version 1. 0 of Windows. It was the first graphical user interface for IBM compatible PCs.Edwin Kwan: WhatsApp is rolling out a privacy feature that allows users to keep their location private. However, there is a potential trade off. The phone quality might be reduced due to the connection relay via the WhatsApp servers. Hillary Coover: We know many innovators are working to find ways to determine an image's authenticity with detection technology. What if there's another way? What if users held the power to determine image authenticity through content credentials? Olimpiu Pop: Based on estimates from the State of the Software Supply Chain, 96 percent of the running software is open source, and where there are high percentages, there is also government. And government regulates. Given the legislative changes around the globe, does that mean that open source is preparing to enter a new era?

Free, ungated access to all 265+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 9, 1922. Albert Einstein is named the winner of the 1922 nobel Prize for Physics for his explanation of the photoelectric effect. The Nobel Committee passed on several nominations for his many other seminal contributions, although these led to prizes for others who later applied more advanced technology to experimentally verify Einstein's work. Edwin Kwan: Security researchers have discovered modified versions of the Instant Messaging app being promoted and on website advertising on Telegram. Those versions contains suspicious components, such as a service and broadcast receiver, which cannot be found on the original WhatsApp client.Katy Craig: In the run up to the 2024 U. S. presidential election and key global elections, Russia, Iran, and China are expected to intensify their interference efforts, according to a Microsoft Threat Analysis report. Russia, in particular, is viewed as the most committed and capable threat to the upcoming U. S. election. Ian Garrett: Artificial intelligence is reshaping the dynamics of cybersecurity, offering both opportunities and challenges. The survey by Axonius, conducted among IT and security decision makers, reveals that 76 percent of organizations are increasing their spending on AI and machine learning compared to the previous year.

Free, ungated access to all 265+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 8, 1895. German physics professor Wilhelm Röntgen stumbles upon what he would later describe as "X-rays" while experimenting with electrical discharge tubes. Curious as to what was causing a faint green glow on a nearby fluorescent screen, Röntgen began systematically studying the unknown rays and published the first paper on the phenomenon less than two months later. Edwin Kwan: Google Play Store has rolled out a new badge to highlight apps that have been independently security reviewed. Google has emphasized that the security validation process only checks if a developer has prioritized security and privacy practices, it does not imply that the validated app is free of vulnerabilities Katy Craig: In recent years, Chinese state-sponsored cyber operations have transformed into a more mature and coordinated threat. They now focus on exploiting vulnerabilities in public-facing security and network appliances, both known and zero-day. Chinese cyber-enabled economic espionage has evolved towards a more targeted approach, supporting specific strategic and geopolitical goals, such as the Belt and Road Initiative.Olimpiu Pop: BigCode is an initiative from HuggingFace to provide open-source, state-of-the-art models for code generation. StarCoder is one of the stars, maybe the brightest. It was the outcome of refined training with Python tokens of StarCoderBase.

Free, ungated access to all 265+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Edwin Kwan: Okta has suffered yet another data breach, this one affecting their employees' personal information.Ian Garrett: How has ransomware impacted zero-trust adoption? With the rising threat of ransomware attacks, organizations have turned to the adoption of zero-trust and network segmentation strategies to counter these threats Olimpiu Pop: Even though there was always the choice, open-source versus closed-source, now, again, the world is at a turning point. Will you embrace open or closed?

Free, ungated access to all 265+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 5th, 2007. Google introduces the Android platform, it's mobile operating system for cell phones based on a modified version of the Linux operating system. The first Android-based phone would ship in September of 2008. Edwin Kwan: The Canadian government has announced a ban on the use of WeChat and Kaspersky's apps on government-issued mobile devices. The Canadian government banned TikTok in February 2023 and is now adding Tencent's WeChat and Kaspersky to the list. Mark Miller: Leave it to the North Korean nation state to release KandyKorn malware in time for the holiday season, starting with the Day of the Dead. On October 31st, Elastic Security Lab documented a malware infection that exposed an attempt by the DPRK to infect crypto exchange platforms through their blockchain engineers. Hillary Coover: The debate over the cost of privacy in the face of corporate surveillance is intensifying, as Meta introduces a subscription model allowing users to opt out of behavioral advertising. While Meta argues it aligns with regulatory requirements, critics see it as extortion and an attempt to maintain the status quo, potentially leading to further legal battles. What would you pay for privacy?

Free, ungated access to all 265+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 3rd, 1957. The Soviet Union launches Sputnik the second spacecraft launched into Earth orbit and the first spacecraft to carry a living creature into orbit. Laika, the Siberian Husky dog, unfortunately only survived a few hours into the flight and died from stress and overheating.Edwin Kwan: Who should bear the cost of invoice scam? The victim, the company the money was meant to be sent to, or the bank? A couple tried to purchase a Mercedes-Benz from a dealership, but transferred the money to hackers due to an invoice scam. Mercedes-Benz is claiming that the invoice scam was due to the customer's email being compromised. Olimpiu Pop :DORA Metrics became part of the silver bullets arsenal of the software industry. Follow the key metrics and all is well, right? Follow deployment frequency, time to restore the service, lead time for a change, and change failure rate and you're all set. Not really. It's much more than that. Shannon Lietz: This year, what I saw that was most remarkable in the report was the AI section. There's some interesting insights to glean from that section of the report. In particular, what folks are thinking about in terms of AI contributions. Top three was quite insightful if you ask me. Analyzing data, writing code clocks or data functions, and analyzing security. Nathen Harvey: Back in January of 2023, AI was certainly hot, but how do we assess its impact on things like software delivery performance and organizational performance. This was a thing that we as researchers really struggled with. So we asked this question... " for the primary application or service that you work on, how important is the role of AI in contributing to each of the following tasks?"

Free, ungated access to all 260+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 2nd, 1988. Robert Morris of Cornell University launches a self-replicating worm as part of a research project designed to determine the size of the early internet. Due to a programming error, the "Morris Worm" began repeatedly infecting machines, clogging network traffic, and causing machines to crash. Edwin Kwan: The US Securities and Exchange Commission has announced charges against SolarWinds Corporation and its CISO, its Chief Information Security Officer, for fraud and internal control failures relating to allegedly known cybersecurity risks and vulnerabilities. Hillary Coover: A coalition of 40 countries, led by the United States, is committing to never pay ransoms to cybercriminals again. This initiative, known as the International Counter Ransomware Initiative, ICRI, is a response to the increase of ransomware attacks on a global scale with the United States accounting for 46% of such incidents.Ian Garrett: A recent study from the International Information Systems Security Certification Consortium, the nonprofit member organization for cybersecurity professionals, highlights that the workforce shortage in the cybersecurity industry has reached an all-time high of nearly 4 million people.

Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: November 1st, 1963. The largest radio telescope ever constructed, the Arecibo Observatory opened in Puerto Rico. It would be used for many major discoveries including the first direct imaging of an asteroid. Hillary Coover: The cybersecurity landscape is experiencing a paradoxical challenge as cyberattacks continue to rise while budgets decrease and companies implement layoffs. A recent survey reveals that nearly half of cybersecurity professionals have seen their teams face spending cuts and personnel reductions in the past year, intensifying the pressure on these teams. Edwin Kwan: A malware that was initially thought to be a crypto miner has been discovered to be a sophisticated spy platform. The malware has infected over a million Windows and Linux systems. Mark Miller: On Monday, the Security and Exchange Commission filed suit against SolarWinds and their CISO, Tim Brown, for fraud and internal controls failure. You remember the old Gomer Pyle episodes, right? "Surprise, surprise!" That's kind of what I feel like right now. SolarWinds lied. Imagine that.

Free, ungated access to all 260+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 31st, 2000. Russia launches Soyuz TM-31 carrying the first crew to the International Space Station. Between the 2011 retirement of the space shuttle and the 2020 demo flight of SpaceX Crew Dragon, the Soyuz served as the only means to ferry crew to or from the International Space Station. Edwin Kwan: Casio has suffered a data breach that has affected over 120,000 customers in 149 countries. Casio said that the cause of the breach was due to some of the network settings in the development environment being disabled due to system operational error. Hillary Coover: US and Customs Enforcement Agency, ICE, is employing an AI powered tool known as Giant Oak Search Technology to scan social media posts for content that it deems derogatory to the United States. This revelation, first brought to light by 404 Media, has really ruffled some feathers. Ian Garrett: This is the second part of our exploration into software supply chain attacks. We'll explore dependency confusion, stolen SSL and code-signing certificates, the targeting of developers CI/CD infrastructure, and the use of social engineering to drop malicious code.

Free, ungated access to all 260+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today. Mark Miller: October 29, 1969. UCLA student Charley Kline attempts to transmit the text, "login", to a computer at the Stanford Research Institute. After the letters L and O are sent, the system crashes, making the first message ever sent on the internet "lo". Edwin Kwan: Since the Israel-Hamas war, there's been numerous crypto donation scam sites appearing online. Scammers have been capitalizing on the horrific events of the Israel-Hamas conflict by pretending to be legitimate charities and collecting donations.Hillary Coover: LinkedIn is currently testing the use of generative AI to address cybersecurity queries from its employees and external suppliers. Response times with the chatbot averaged just five seconds compared to the approximately 15 minutes that it took when handled by a human.Mark Miller: News continues to trickle out about the Akira Ransomware Group breach of the Stanford University Department of Public Safety. This morning, Bitdefender reported that the University is being pressured to pay a ransom of an undisclosed amount in order to stop the leak of 430 gigabytes of private information and confidential documents.

Free, ungated access to all 260+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 28th, 1998. US president Bill Clinton signs into law the Digital Millennium Copyright Act, or DMCA. The law is intended to criminalize production and dissemination of technology designed to circumvent digital copyright protection, known as Digital Rights Management, or DRM.Edwin Kwan: Security researchers discovered critical misconfiguration flaws in the implementation of the Open Authorization or OAuth standard by three popular websites. The flaw would have allowed attackers to take over user accounts and could lead to identity theft, financial fraud, access to credit cards, and other cybercriminal activity.Katy Craig: Recently, Google services and Cloud customers found themselves in the crosshairs of a novel and formidable distributed denial of service, or DDoS, attack, peaking in August, with one assault clocking a staggering 398 million requests per second. Olimpiu Pop: HTTP/2 was the first major revamp of the HTTP protocol in ages. It brought significant performance improvements enabled by stream multiplexing. This enables the simultaneous transmission of multiple request and response messages over a single connection without interference between streams. Shannon Lietz: I would like to see the industry be a little bit more actionable about what's happening, because you had to parse this one out to really understand it. I came to the realization of is, if you do have companies that you work with, or vendors that you work with, and they're getting told right away, all of a sudden they have a CVE they have to go deal with, it is going to set a whole bunch of things behind.

Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel brown: October 26th, 1861. Only two days after the Transcontinental Telegraph line opened, the Pony Express ceases operation. Prior to the opening of the cross-country telegraph line, the Pony Express was the fastest way to send communication between St. Joseph, Missouri and San Francisco, California.Edwin Kwan: 1Password has confirmed that it was attacked by cybercriminals using session information that was stolen in the recent Okta breach. 1Password is a popular password management platform used by over 100,000 businesses. Katy Craig: A new variant of the notorious Mirai malware is making headlines. This time, it's going after millions of Android TV set-top boxes used by people for media streaming. Ian Garrett: You've likely heard of supply chain attacks, but did you know there are different types of supply chain attacks? This is a two-part series where I cover the different type of attacks.

Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 25th, 2001. Microsoft releases the operating system Windows XP, the successor to both Windows 2000 and Windows ME. Edwin Kwan: Super SA, a dedicated superannuation fund for state government employees in South Australia, suffered a data breach. The data loss was through a third-party call center, which Super SA had previously contracted.Hillary Coover: Is your child's online safety at risk? I've asked this before in the context of privacy, but today we're talking about the health risks and implications of Instagram on young minds. Mark Miller: On October 10, 2023, Grant Bourzikas disclosed the finding of a massive DDoS attack of over 201 million requests per second. According to the CVE report, the HTTP/2 protocol "allows a denial of service because request cancellation can reset many streams quickly as exploited in the wild in August through October, 2023."

Free, ungated access to all 255+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 24th, 1861. Western Union completes the first transcontinental telegraph line across the United States. Not coincidentally, two days later, the Pony Express shut down operations.Edwin Kwan: Okta recently announced that their support case management system suffered a breach and sensitive customer data was stolen. Okta said that all affected customers have been notified, and that if you had not been contacted, then there is no impact to your Okta environment or support tickets.Katy Craig: Cisco's recent disclosure of a critical zero-day vulnerability in its Web UI reveals a concerning situation. Cybersecurity firm, Censys, has confirmed that over 40,000 hosts have been infected, with more than a quarter of them located in the United States.Ian Garrett: Generative AI is reshaping the phishing landscape, making attacks more sophisticated. Most security leaders are ill-prepared to protect against AI-generated email attacks. The majority still rely on cloud email providers or legacy tools for email security, with 53% using secure email gateways.

Free, ungated access to all 255+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 23, 2001. Using the slogan, 1, 000 songs in your pocket, Steve Jobs introduces the original iPod, featuring a 5GB hard drive, FireWire connectivity, and synchronization to iTunes. Edwin Kwan: Attackers are using cybersecurity best practices against users, prompting them to download malicious browser updates. The attackers start by compromising a legitimate but vulnerable website.Hillary Coover: A Dutch consumer-rights group, SDBN, has initiated a class-action lawsuit against Amazon for allegedly violating the European Union's privacy law by tracking website visitors without their consent using tracking cookies.Katy Craig: Quantum computing holds immense promise in fields like chemistry, materials science, and AI. Yet there's a flip side to this advancement. Deep-pocketed nations like China and Russia, equipped with the scientific expertise and resources, could be making secret strides in quantum computing.

Free, ungated access to all 255+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 21st, 1879. Thomas Edison perfects the first commercially practical incandescent light bulb using a filament of carbonized cotton thread. Edison's successful design came only after he had tested over 6, 000 different vegetable fibers. Edwin Kwan: Security researchers have discovered that IT administrators are using weak passwords to protect access to portals, providing easy access to attackers to enterprise networks. An analysis of over 1.8 million administrator accounts found that over 40, 000 were using the password "admin".Hillary Coover: X's Community Notes, originally designed to crowdsource fact-checking and combat disinformation, is facing scrutiny because of the vulnerabilities and ineffectiveness uncovered in a WIRED investigation. This investigation revealed that the tool may be manipulated by external groups and lacks transparencyOlimpiu Pop: There is a lot of noise around open source. Legislation, growing cyber threats, weaponizing open source, and others. Should we put a lid on it? That's something the HashiCorp CEO thinks. In August, the company changed the license to a closed sourced one, and last week, during the HashiConf, he underlined that the direction he took is a direction to success.Shannon Lietz: The challenge that really came out of this is HashiCorp has had a pretty rocket fueled life, if you will. They've looked out and realized that they've put Terraform out there for a very long time. Any company who creates something has the right to fork and end their investment. All they're saying is we're no longer going to invest in the constant creation of this open source software.

Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 19th, 1979. According to Dan Bricklin, one of the co-creators of VisiCalc, the first "real" release of VisiCalc was completed and packaged for shipment. VisiCalc was the first commercially available spreadsheet software and quickly became the first killer app of the personal computer market.Edwin Kwan: Malicious version of the Israeli incoming airstrike warning app has been found distributed over the internet. The fake site serving the malicious software was created on October 12th, 2023 and provided download options for both iOS and Android versions.Hillary Coover: In light of recent warnings from intelligence agencies, we have to consider our own readiness to face insider threats. The MI5 head's statements regarding over 20,000 covert online approaches by Chinese spies in the UK should serve as a sobering reminder of the evolving landscape.Ian Garrett: Security budgets can be tricky to manage, and often hidden costs can erode these budgets. Understanding these hidden expenses, negotiating for fair pricing, and aligning security strategies with business priorities can help optimize budgets.

Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 18th, 1985. Nintendo releases the Nintendo Entertainment System in New York and limited other North American markets. An immediate hit, Nintendo released the system nationwide in February of 1986.Julie Chatman: I'm Julie Chatman in Washington DC with a special message for cyber warriors, especially network defenders. The U. S. National Security Agency and the Cybersecurity and Infrastructure Security Agency have unveiled the Top 10 Cybersecurity Misconfigurations that attackers are hoping to find in your organization's network and what you can do about them.Hillary Coover: Ever wonder how satellite imagery data contribute to safeguarding both geopolitics and cybersecurity? This resource really amplifies their capacity to anticipate and address physical security challenges that directly influence cybersecurity.Edwin Kwan: Attackers are actively exploiting a zero-day vulnerability in Cisco devices to gain full administrative privileges and take complete control of the device remotely. Attackers have been exploiting this vulnerability since 18th September and over 10,000 devices have been hacked.

Free, ungated access to all 250+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 17, 1990. Colin Needham, an English movie fan, launches the "rec.arts.movies movie database," which would later be known as the Internet Movie Database, or IMDb. An engineer working for HP at the time, by 1996, Needham quit his job to work on IMDb full-time.Edwin Kwan: Equifax has been fined £11 million by Britain's financial watchdog for the 2017 cybersecurity breach. The British Financial Conduct Authority, or FCA, said that the cyber attack and unauthorized access to UK consumer data was entirely preventable. Mark Miller: The Broken Access Control Vulnerability in the Confluence Data Center and Server has been getting a lot of attention. This is a Level 10 vulnerability, the highest warning available. There is evidence that this is a nation-state attack, actively exploiting the vulnerability. Ian Garrett: Everyone hates hidden costs, and it's only worse when you're already on a shoestring budget. As CISOs navigate a landscape of complex pricing structures, overlapping services, and other traps, there are more than enough hidden costs that constrain precious cybersecurity budgets.

Free, ungated access to all 250+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 16th, 1959. Control Data Corporation releases their CDC 1604 computer, the world's fastest computer at the time, and the first commercially successful fully-transistorized computer. The 1604 was CDC's first computer, primarily designed by engineer Seymour Cray. Mark Miller: All the "recommendations" are saying use strong passwords, train your people, update your software, yadda, yadda, yadda, same ol', same ol'. That's not working- it never has. I'm not arguing against good practices like this, but when the shit hits the fan, what you REALLY want is a good backup. Hillary Coover: The technology ingrained in our smartphones and computers designed for displaying advertisements, inadvertently serves as a conduit for surveillance. A recent report from the US intelligence community emphasized that consumer technologies expose sensitive information about everyone, often without their awareness or ability to prevent it. Edwin Kwan: The Attorney General said that recent high-profile data breaches have demonstrated that disclosure of personal information has the potential to result in serious harm to individuals, which is why they are establishing the scheme so that there are clear, consistent requirements to notify individuals of data breaches of Queensland government agencies.

🎙️ Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we're covering today.Marcel Brown: October 13th, 1983. Ameritech Mobile Communications executive, Bob Barnett, makes a phone call from a car parked near Soldier Field in Chicago, officially launching the first cellular network in the United States.Edwin Kwan: Patches have been released for two security vulnerabilities affecting the Curl data transfer library, one of which could potentially result in code execution. Katy Craig: OpenAI, a leading AI startup, is considering venturing into the development of its own AI chips. The reverse integration move aims to reduce dependency on GPU-based hardware, which has been strained by the generative AI boom.Shannon Lietz: This essentially means that we're going to see AI be the beginning of the reunification of hardware and software. And ultimately, where I see cybersecurity getting built in is going to be in these mega players.Olimpiu Pop: An analysis considers that they would need $ 48 billion worth in GPU chips and another $16 billion per year in maintenance costs. That's quite a pile of money, even for a company with a sack of gold. For this reason, also for the shortage of the GPU chips, OpenAI considers building their own.

Free, ungated access to all 245+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 12th, 1988. Hailed by Steve Jobs as a computer five years ahead of its time, NeXT Incorporated introduces their NeXT computer. While not a significant commercial success, the NeXT computer and the technology developed for it have a long and storied history. Edwin Kwan: Thousands of WordPress websites have been compromised by attackers exploiting a vulnerability in a popular plugin. A fixed version of the plugin has been released and users are urged to update to version 4.2 or later, immediately.Ian Garrett: Does hearing the term "zero-trust" make you roll your eyes? More organizations are taking zero-trust from a buzzword to reality as the traditional castle-in-moat approach to security is becoming obsolete. Let's cover some practical recommendations for implementing a zero-trust cybersecurity framework. Mark Miller: AvosLocker, the Ransomware as a Service (RaaS) group, continues to get the attention of CISA and the FBI. Yesterday, October 11, the March 2023 joint advisory on AvosLocker was updated with the latest warnings.

Free, ungated access to all 245+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today.Marcel Brown: October 11, 1887. Dorr Eugene Felt is granted the second of two patents on his comptometer, the first practical and commercially successful key-driven, mechanical calculator. Various comptometers were in continuous production from 1887 to the mid 1970s.Edwin Kwan: A popular D-Link WiFi range extender device is susceptible to remote command injection, and there is currently no fix available. The researchers reached out to D-Link to report the flaw in May 2023, but despite multiple follow ups, did not receive any replies.Katy Craig: Google is taking a significant step towards enhancing online security by making 'passkeys' the default login method on its platforms. Passkeys are digital credentials stored on a user's device, eliminating the need to remember passwords and offering a more secure alternative. Hillary Coover: Can the FDA keep pace with the rapidly evolving world of AI in healthcare? As developers incorporate more advanced AI systems with human-like outputs, debates around FDA regulation are going to intensify.

Free, ungated access to all 245+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we’re covering today:Marcel Brown: October 10th, 1980. Namco officially transfers rights to Midway for distribution of the games Pac-Man and Rally-X in North America. While the exact date that Pac-Man started shipping to arcades in North America is currently unknown, most sources cite October of 1980.Edwin Kwan: A new Linux vulnerability, known as the Looney Tunables, impacts most Linux distributions and allows attackers to gain administrative root privileges. Katy Craig: In the midst of ongoing clashes between Hamas and the Israel Defense Forces, hacktivist groups have entered the digital battleground. Cybersecurity experts warn of the growing involvement of threat actor groups in digital attacks on government websites and IT systems.Ian Garrett: Is this the beginning of the end of passwords as we know them? Google has made the move to make passkeys the default sign-in option for personal Google accounts, simplifying the login process and enhancing security.

Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value. The stories we’re covering today.Marcel Brown: October 8th, 1992. The video game Mortal Kombat is released into arcades. Now one of the most popular fighting game series in history, the original Mortal Kombat became well known for its graphic display of blood and deadly finishing moves known as Fatalities.Edwin Kwan: Security researchers have disclosed multiple critical vulnerabilities in the TorchServe tool that could be chained together to achieve remote code execution on affected systems. Hillary Coover: Could TikTok's recent personnel shifts from Beijing to the United States be a threat to security of US data? And is the popular app truly independent from its Chinese parent company, ByteDance? Katy Craig: In a concerning shift, ransomware attacks have taken a sinister turn, with a significant rise in human-operated ransomware incidents, according to Microsoft's annual digital defense report.

🎙️ Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we're covering today.Marcel Brown: October 6th, 1942. Chester Carlson is issued a patent on a process called electrophotography, now commonly known as photocopying. It was not until 1946 that a company had any interest in pursuing photocopying commercially.Edwin Kwan: A malicious component in the npm package registry has been found to be deploying an open-source rootkit. This incident is a reminder that developers need to take caution when installing open-source components.Trac Bannon: Sonatype has released the 9th Annual State of Supply Chain Report. One of the most important evolutions is the emphasis on security during software creation.Olimpiu Pop: Sonatype published the 9th edition of their already-traditional state of the software supply chain report. There is a high need of continuously monitoring the state of the libraries that we are using in our projects. According to the report, 18.6% of the open-source projects are not maintained anymore.Katy Craig: OpenSSF is to software, what a health inspector is to restaurants. And guess what? They’ve got scorecards. Good scores here don’t just get you bragging rights. They predict fewer vulnerabilities, so your software is not just rocking it, it’s also locking it down.

🎙️ Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.The stories we're covering today.Marcel Brown: October 5th, 1991. At just 21 years old, Linus Torvalds releases the first publicly available version of the Linux kernel, version 0.2, weighing in at just over 10,000 lines of code when first released. As of 2020, the Linux kernel was nearly 30 million lines of code. Edwin Kwan: Security researchers have spotted evidence of mass exploitation of vulnerabilities in Progress Software's WS_FTP server file-sharing platform. The server file-sharing platform has a maximum severity remote code execution vulnerability, which attackers can exploit using a simple HTTP request.Katy Craig: There's a new app called Permission Slip by CR that empowers you to take control of your personal information. With Permission Slip, you can swipe through a list of companies that may possess your data, and with a simple tap, request them to delete your account or halt the sale of your information.Did you know that over 50 million people are affected worldwide by modern human trafficking? Have you ever considered the fact that the very technology cybersecurity and open-source professionals use day in and day out could be used to help combat such evil?

🎙️ Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Mark Miller: October 4th, 1968. The new issue of Science Magazine contains a Hewlett Packard ad for its new HP9100A. The ad boasted the dynamic functionality of this new device called both a personal computer. and a programmable calculator. Edwin Kwan: A popular library for rendering images in the WebP format has a critical vulnerability that is under active exploitation. The vulnerability is with the LibWebP library and it suffers from a heap buffer overflow, which allows a remote attacker to perform an out-of-bounds memory write.Katy Craig: Google is secretly altering billions of queries every day, all with one goal in mind: to lead you into purchasing more products and services.Hillary Coover: We're all familiar with the "She-cession," but were you aware that the cybersecurity industry lost 40 percent of its female workforce in that time? That, along with many other jaw-dropping insights, came out of this week's gathering of hundreds of women in cybersecurity. From Sourced Network Productions in Washington, DC, it's 5:05. I'm Hillary Coover. Today is Monday, October 4th, 2023. Here's the full story behind today's cyber security and open-source headlines.

🎙️ Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Marcel Brown: October 3rd, 1950. AT&T Bell Laboratories researchers John Bardeen, Walter Brattain, and William Shockley receive a U. S. patent for their invention of the transistor, which they had successfully demonstrated two years earlier.Edwin Kwan: BingChat was first introduced in February this year. However, incorporating ads into the platform has opened the doors to threat actors who have been purchasing advertisement to distribute malware.Ian Garrett: Under the new SEC regulations, publicly traded companies will be required to disclose cybersecurity incidents within four days, including details about the incident’s nature, scope, timing, and its impact.Katy Craig: Malicious ads within Microsoft Bing’s AI chatbot are spreading malware. Threat actors insert ads in various ways, like when a user hovers over a link, triggering an ad before displaying the organic result.Today is Tuesday, October 3rd, 2023. From Sourced to Network Productions in New York City, It’s 5:05. I’m Mark Miller. To start today’s updates, Edwin Kwan and Katy Craig talk about a flaw in the Microsoft Bing ChatBot platform that allows adversaries to place malware inside of advertisements.

🎙️ Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Marcel Brown: October 1st, 1982. The first commercial compact disc player, the Sony CDP-101, goes on sale in Japan. At a list price of 168,000 yen, this would have been approximately 730 US dollars. It was later introduced worldwide in March of 1983.Edwin Kwan: A fake Bitwarden password manager lookalike site is distributing malware to unsuspecting visitors. The Bitwarden password manager has increased in popularity lately and with a growing user base, the software and its users are becoming a popular target for cybercriminals. Katy Craig: Is your privacy at risk? Intelligence agencies are diving headfirst into the world of open-source data and it's stirring up some serious concerns. Hillary Coover: Can artificial intelligence rig elections? The sooner we anticipate and prepare for these challenges, the better equipped we'll be to safeguard the integrity of elections worldwide.From Sourced Network Productions in Washington, DC, it's 5:05. I'm Hillary Coover. Today is Monday, October 2nd, 2023. Here's the full story behind today's cyber security and open-source headlines.

🎙️ Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Marcel Brown: September 28th, 1997. Just a little over two weeks after naming Steve Jobs interim CEO, Apple launches their Think Different ad campaign. “Here’s to the Crazy Ones, the misfits, the rebels, the troublemakers, the round pegs in the square holes. Because the people who are crazy enough to think they can change the world, are the ones who do.”Edwin Kwan: Security researchers have discovered a campaign where attackers were attempting to sneak code into software projects by disguising them as changes made by GitHub Dependabot.Trac Bannon: CISA has published a comprehensive guide for planning and implementing effective security measures. Why does it matter that the security planning workbook comes from CISA? By CISA taking lead and making the workbook public, the techniques and guidance are accessible to any organization, regardless of size or resources.Katy Craig: Prepare for security success with the Cybersecurity and Infrastructure Security Agency’s Security Planning Workbook. What’s unique about this workbook is its accessibility. You don’t need to be a security expert to use it effectively.Olimpiu Pop: This month, the Cybersecurity and Infrastructure Security Agency published its security planning workbook for those who want to improve their security, regardless of the scope of their organization. The workbook will respond to questions like, ” How do you form a planning team? How do you assess risk? What should you consider when mitigating risk?”Today is Friday, September 29th, 2023. From Sourced Network Productions in New York City, It’s 5:05. I’m Mark Miller sitting in for Hillary Coover, who will be back on Monday. Today’s episode includes our Friday Point of View segments with updates from Trac Bannon, Katy Craig, and Olimpiu Pop on CISA’s Security Planning Workbook. To start today’s updates, Edwin Kwan talks about a campaign where attackers were attempting to sneak code into software projects by disguising them as changes made by GitHub Dependabot.

🎙️ Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Edwin Kwan: ​ Attackers have been running a campaign this month using malicious open source packages to steal sensitive data from software developers. The attackers utilized typosquatting to trick developers into downloading the packages.Katy Craig: In the wake of Russia’s invasion of Ukraine and the subsequent year and a half of conflict, the Pentagon is revising its perspective on the role of cyber operations in war. It’s become clear that cyber alone won’t yield immediate results. The Russia-Ukraine conflict revealed discrepancies between expectations and reality in terms of cyber disruptions and impacts.Ian Garret: Web application and API attacks against the financial services sector increased by a staggering 65 percent in Q2 2023 compared with the same period from the previous year. This surge resulted in a total of 9 billion attacks within just 18 months, with banks being the primary target.Hillary Coover: Addressing employees non compliance with cybersecurity rules is a pressing concern for most organizations. The threat of sanctions often fails to deter rule violations, primarily due to rationalizations that diminish the wrongness of these actions. To combat this, management can employ two key strategies.Today is Thursday, September 28th, 2023. From sourced network productions in New York City, It’s 5:05. I’m Mark Miller sitting in for Hillary Coover. Today’s episode begins with Ian Garrett presenting highlights from the Akamai report examining the trends in the financial services industry.

🎙️ Free, ungated access to all 235+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Edwin Kwan: Researchers have published a paper demonstrating how a malicious website can exploit a vulnerability in the GPU to perform a cross origin attack, and get access to sensitive visual data displayed by other websites.Katy Craig: SIn a pivotal move to fortify the security of U. S. election systems, the Information Technology Information Sharing Analysis Center recently hosted the inaugural Election Security Research Forum. The focus was on systems encountered by voters at polling sites, from digital scanners to ballot marking devices.Kadi McKean: Your phone and computer can be unwitting hosts to malicious software, all because you clicked on that enticing ad. How can we protect ourselves from this silent menace, when even the ads we encounter daily are potential vectors of intrusion?Trac Bannon: Hello there. This is Trac Bannon reporting from Jersey City, New Jersey. Hey, today I'm here with Mike Vizard from Techstrong Group, and we are at the DevOps World Tour in Jersey City. Bob Bannon: This is Bob Bannon. We're here at DevOps World Tour in Jersey City, New Jersey, and I'm talking with Trac and Topo . I just wanted to know, what did you intend to get out of today?

🎙️ Free access to 230+ episodes of “It’s 5:05!” on your favorite podcast platforms: bit.ly/505-updates  ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value. 📌This Day, September 26, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗September 26, 1996. IOmega kicked off a 17 stop Zip Across America promotional tour demonstrating their new mass storage device, the ZipDrive. Do you all remember those? It was a 3. 5 inch, 100 megabyte capacity disk. Beware: Phishing Scam from Legitimate Booking Platforms🇦🇺 Edwin Kwan - Sydney, Australia ↗Phishing scams just got more sophisticated with scammers targeting hotel staff in order to phish their customers. They first make contact with the hotel staff under the guise of making a reservation.Google Basic HTML Users Need to Find a New Home🇺🇸 Ian Garrett, Arlington, Virginia ↗There's another casualty in the war between security and usability. Google has started notifying Gmail users about the retirement of basic HTML view in January 2024. After this date, users will need modern web browsers to continue accessing Gmail.Live From DevOps World Tour🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗I'm reporting from Jersey City, New Jersey. I'm at the DevOps World Tour sponsored by CloudBees and dang, I'm excited. I'm getting to see old friends and meeting new. Our topics are including AI Augmented DevOps, Platform Engineering for App Modernization, SEI Quality of Service at Scale with CI Observability. From Sourced Network Productions in New York City, It's 5:05. I'm Executive Producer, Mark Miller. Today is Tuesday, September 26th, 2023. We're going to start off with something new Trac Bannon has been live at the CloudBees DevOps World Tour in Jersey City. She's recorded a couple segments with people that have been presenters at the conference itself. This is going to be a short, ongoing series over the next couple of days. Today Trac is going to talk with Bill Bensing about governance engineering. Sit tight, this is kind of fun.

🎙️ Free access to 230+ episodes of “It’s 5:05!” on your favorite podcast platforms: bit.ly/505-updates  ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value. 📌Malware Disguised as Fake Proof of Concept Exploit🇦🇺 Edwin Kwan - Sydney, Australia ↗Beware of what you download! A malicious actor has attempted to disguise a malware as a proof of concept exploit for the recently-released WinRAR vulnerability. iOS 17 Privacy Settings🇺🇸 Katy Craig - San Diego, California ↗With the release of iOS 17, there's a heads-up you need to know about. iOS 17 has a knack for reactivating sensitive location options you might have disabled. Balancing Conversational AI Advancements with Privacy Concerns🇺🇸 Hillary Coover, Washington, DC ↗Amazon has made some big improvements to its Alexa devices, making them even more conversational. However, these advances have sparked important concerns about our privacy. Is the convenience of conversational AI devices like Alexa truly worth the potential privacy violations and increased security risks they bring into our homes?This Day, September 22-25, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗September 25th, 1973, Micro Computer Machines of Canada introduces their MCM 70 microcomputer at a programmer's user conference in Toronto. 

🎙️ Free access to 230+ episodes of “It’s 5:05!” on your favorite podcast platforms: bit.ly/505-updates ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value. 📌Pizza Hut Australia Suffers Data Breach🇦🇺 Edwin Kwan - Sydney, Australia Pizza Hut Australia notified 193, 000 customers that the company had suffered a data breach. That information included full name, delivery address, delivery instructions, email address, phone number, mass credit card data, and encrypted passwords for online accounts. DOD’s Replicator: Future of Autonomous Defense Systems🇺🇸 Katy Craig - San Diego, California Deputy Secretary of Defense Kathleen Hicks has just unveiled a vision called Replicator that's all about scale and efficiency. Replicator isn't just about mass-producing these systems, it's about creating a blueprint for future scalability.Unmasking Election Security🇺🇸 Hillary Coover, Washington, DCUS voting machine companies are collaborating with cybersecurity experts to conduct additional stress tests on their systems in preparation for the 2024 election and to counter misinformation. Three major voting equipment manufacturers allowed a group of verified cybersecurity researchers access to their software and hardware for nearly two days.GoLang Flaw in go.mod directive🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania Golang introduced a new cool feature called the go.mod directive in Go version 1.21. Unfortunately, the bad guys can exploit this. too. According to the 2021 Go Developer Survey, there are approximately 2. 7 million developers who use Golang. That's a pretty nice-sized attack surface.The First Perfect Reproducible Toolchain Shadowed By Critical Vulnerabilities🇷🇴 Olimpiu Pop, Transylvania, RomaniaThe libraries we use in our projects are used in their binary format. Yes, even open source ones. That means that the open part in the open source is not fully used, as the code is not inspected. Given the growing number of supply chain attacks, we need a solution for it. Reproducible builds will guarantee that what you have is actually what you wanted.

🎙️ Free, ungated access to all 225+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.This Day in Tech History🇺🇸 Marcel Brown - St. Louis, Missouri September 21st, 2003. After 14 years in space, eight of those as the first man-made object orbiting Jupiter, the unmanned NASA spacecraft, Galileo, is sent into the atmosphere of the giant planet. Australian Federal Government Introduces Digital Identity Legislation🇦🇺 Edwin Kwan - Sydney, AustraliaIn an effort to reduce cybercrime, the Australian Federal Government has introduced digital identity legislation to Parliament. This will allow businesses to verify information about their customers without needing to collect information that would be useful to cybercriminals.Beijing Thwarted by Digital Tripwire🇺🇸 Katy Craig - San Diego, CaliforniaImagine setting up a digital tripwire and then BAM! It catches a major hacking attempt in real-time. Well, that's exactly what happened at the U.S. State Department. Two years ago, a sharp-eyed government IT analyst set up a custom warning system within the agency's network. This past June, that system alerted them to a Chinese-linked hack targeting their Microsoft email systems. Gen Z's Battle with Online Scams🇺🇸 Hillary Coover, Washington, DCGen Z, raised in the digital age, is surprisingly more vulnerable to online scams than their tech-unsavvy, Boomer grandparents. A Deloitte survey shows Gen Z members born from the late 1990s to the early 2010s are falling victim to phishing, identity theft, romance scams and cyber bullying at higher rates.

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/505-updates 📌Marcel Brown: September 20th, 1989. Apple releases the Macintosh Portable Computer, Apple's first attempt at a laptop. That being said, at a weight of 16 pounds, the machine was hardly workable on your lap. Edwin Kwan: Microsoft's AI research division has been leaking 38 terabytes worth of sensitive data for over three years. The leak started back in July 2020 and was due to a Microsoft employee inadvertently sharing the URL for a misconfigured Azure blob storage bucket.Katy Craig: Ireland's Data Protection Commission, or DPC, found a glaring security flaw in TikTok's Family Pairing feature. This feature was supposed to let adults chat with kids they're related to. Now what could go wrong here? Mark Miller: When a hospital or a health care system is hit with a breach, there are life and death consequences to consider. The people who perpetuate these breaches are concerned about nothing more than money, not the families affected. It puts the healthcare provider in an untenable situation. t's Wednesday, September 20th, 2023, and here are your cybersecurity and open source headlines for the day.♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to repost if your followers will find this of value.Segments in this EpisodeAustralia to Create Six Cyber Shields as part of Cyber Strategy🇦🇺 Edwin Kwan, Sydney, Australia ↗As part of a coordinated national action plan, the Australian Government will release a revised Cybersecurity Strategy later this year around six cyber shields.Cyber Adversaries Place their Bets Against the House🇺🇸 Mark Miller - White Rock, New Mexico↗MGM Resorts and Caesar's aren't bragging about their losses right now. According to numerous reports, a major hack against the casinos was started with a social engineering scheme against an outsourced IT support vendor on September 11. Now that this type of hack has been proven to work, it's only a matter of time before the next set of casino attacks roll a big fat 7 against the house.Cyber War Crimes🇺🇸 Katy Craig, San Diego, California ↗ The International Criminal Court, or ICC, is stepping into the digital age and setting its sights on cybercrimes that breach international law. In a world where the battlefield is as likely to be a server farm as a desert, the ICC is saying enough is enough.TikTok Tracks US Employees🇺🇸 Hillary Coover, Washington, DC ↗ Is TikTok's office attendance tracking a glimpse into the future of workplace surveillance? TikTok, owned by Chinese company ByteDance, unveiled an internal app called MyRTO.This Day, September 19, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗September 19th, 2006. Microsoft began testing its new video sharing service, Soapbox, which they hoped would compete with YouTube. Clearly, it did not compete very well because, personally, I had never heard of Soapbox, and probably neither did you.

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to repost if your followers will find this of value.Segments in this EpisodeAuckland's Transport System Hit by Ransomware Attack🇦🇺 Edwin Kwan, Sydney, Australia ↗The Auckland Transport Authority in New Zealand has suffered a cybersecurity incident that is impacting services relating to ticketing.Deep Fakes: A Real Threat🇺🇸 Katy Craig, San Diego, California ↗Ever wonder if seeing is really believing? Well, in the age of deepfakes, you might want to think twice. Today we're diving into a fresh advisory from the NSA, CISA, and the FBI that's a must-read for any organization.TikTok Fine🇺🇸 Hillary Coover, Washington, DC ↗Ever wonder if seeing is really believing? Well, in the age of deepfakes, you might want to think twice. Today we're diving into a fresh advisory from the NSA, CISA, and the FBI that's a must-read for any organization.This Day, September 17, 18, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗September 17th, 1976. NASA rolls out the first space shuttle, Enterprise, from its assembly facility to a waiting crowd. Included in the crowd was a delegation of actors from the Star Trek TV series.

🎙️ Free, ungated access to all 225+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Marcel Brown: This Day in Tech HistorySeptember 16th, 1997. Twelve years to the day after resigning from Apple, Steve Jobs is named interim CEO of Apple. Only seven months earlier, Jobs' company Next was purchased by Apple. Much of the technology acquired with the purchase was used to build the Mac OS X operating system.Edwin Kwan: Fake Telegram Apps Infect Thousands with SpywareSpyware masquerading as Telegram applications have been spotted in the Google Play Store and have been downloaded over 60,000 times. According to security researchers, the app appears visually identical to the official Telegram application.Trac Bannon: Secure by Design: Fortifying AIWe can and should apply CISA's Secure-by-Design and -Default guidance to the sexy trifecta: AI, ML, and Generative AI. Applying the CISA Secure-by-Design guidance presents many considerations and challenges.Olimpiu Pop: Transparency, Accountability, Responsibility for AI ModelsArtificial intelligence, though not always understood, holds enchanting promise to reshape everything. Medicine with faster, more accurate diagnostics, and even our leisure time with Netflix's suggestions and Nest's intuitive thermostats.

🎙️ Free, ungated access to all 225+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.This Day, September 14, in Tech History🇺🇸 Marcel Brown - St. Louis, Missouri September 14th, 2000. Microsoft launches Windows Millennium, otherwise known as Windows ME, or as Microsoft wanted you to pronounce it, Windows Me. Windows ME would be known for its many problems and is a footnote in history as Windows XP was released just over a year later.Aussie Feds Mandate Entities Have Dedicated CISO🇦🇺 Edwin Kwan - Sydney, Australia ↗The Australian federal government is now mandating that non -corporate Commonwealth entities appoint a CISO to be responsible for cybersecurity leadership in the entity. The CISO role is expected to complement that of the existing CSO, and in some cases, the same officer may be appointed to both roles.DoD's 2023 Cyber Playbook🇺🇸 Katy Craig - San Diego, CaliforniaThe Department of Defense just released an unclassified summary of its 2023 Cyber Strategy, and it's a must-know for anyone interested in national security and cyber defense. This strategy isn't just a bunch of buzzwords; it's grounded in real-world experience.UFOs Seen Flying over New Mexico🇺🇸 Mark Miller - White Rock, New Mexico

🎙️ Free, ungated access to all 225+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.This Day, September 13, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri September 13th, 1959. The Soviet space probe, Luna 2, becomes the first man-made object to impact any celestial object. In this case, the Moon.Cyber Security Tune Up for Festival Goers🇦🇺 Edwin Kwan, Sydney, AustraliaIn an effort to promote cybersecurity, staff and students from three universities and across three states attended an annual Australian music festival to run daily cybersecurity tune-ups for festival-goers. TEMU App: A Trojan Horse in Your Palm🇺🇸 Katy Craig, San Diego, California Temu, a shopping app that's been downloaded over 100 million times in the US and Europe, is under serious scrutiny for some shady business practices. This app poses a significant risk to consumers. If you've got it on your phone, it might be time for a digital detox.Diversity Trends Emerge in Growing Cybersecurity Workforce🇺🇸 Hillary Coover, Washington, DCDiversity is gaining ground in the cybersecurity sector and there is now a wealth of data resources available. Despite this positive shift, there's still a need to attract and retain more minority workers in the industry.

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to repost if your followers will find this of value.Segments in this EpisodeWyze Suffers Broken Access Control🇦🇺 Edwin Kwan, Sydney, Australia ↗Users reported on Reddit on Friday that when they log into Wyze's web viewer, their web feeds disappeared and they had access to other people's camera feeds instead. The company revealed that they had been aware of a security vulnerability for three years. It's Not Just A Vehicle; It's A Data Mine on Wheels🇺🇸 Kadi McKean, Alexandria, Virginia ↗In the ever-evolving landscape of digital privacy, one product category stands out as a poster child for disregard: cars. Cars have officially earned the problematic honor of being the worst reviewed product category in terms of privacy.Introducing the Small Business Cyber Resiliency Act🇺🇸 Katy Craig, San Diego, California ↗U.S. Senator Jim Risch, along with bipartisan support, has introduced the Small Business Cyber Resiliency Act. If passed, this legislation could be a significant step forward in protecting the often vulnerable small business sector from cyber threats.How Will Elon Musk's X Reshape the Digital Landscape?🇺🇸 Hillary Coover, Washington, DC ↗Elon Musk's company, X, formerly Twitter, is tightening its grip on data scraping by updating its Terms of Service. Starting on September 29th, X will ban all data scraping and crawling activities without "prior written consent."This Day, September 12, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗September 12th, 1962. In a speech given at Rice University, President John F. Kennedy gives his famous "We choose to go to the Moon" speech, in which he uttered the famous phrase " I believe that this nation should commit itself to achieving the goal, before this decade is out, of landing a man on the moon and returning him safely to earth." It took just under 7 years before man set foot on the Moon in July of 1969.

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to repost if your followers will find this of value.Segments in this EpisodeAustralian Companies Suffers Data Breach Due to Third Party Compromise🇦🇺 Edwin Kwan, Sydney, Australia ↗A notorious ransomware gang has compromised a number of Australian companies and are extorting them. They have claimed responsibility over attacks of several Australian companies in the health, real estate, and law sectors, and have stolen at least 4.95 terabytes of data.Can You Trust That Picture?🇺🇸 Katy Craig, San Diego, California ↗Google Cloud and Vertex AI are rolling out SynthID, a groundbreaking tool designed to watermark and identify AI-generated images. As the landscape of AI-generated content expands, tools like SynthID are becoming crucial in the fight for digital authenticity. Is Your Phone Listening To You🇺🇸 Hillary Coover, Washington, DC ↗40 percent of Americans who have a smartphone believe that their phone is listening to them without their permission. They're not entirely wrong. Why should you care? The more identifiable data corporations collect on you, the larger your susceptibility to a cybersecurity incident.This Day, September 10, 11 in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗From Sourced Network Productions in Washington, DC, it's 5:05. I'm hillary Coover. Today is Monday, September 11th, 2023. Here's the full story behind today's cybersecurity and open-source headlines.

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Identity Theft Victim Targeted While On Holidays🇦🇺 Edwin Kwan, Sydney, Australia ↗Australian couple returns from holiday to discover their bank accounts were drained, shares sold, and 20 new credit and debit cards created under their names. This incident highlighted several issues, including the ability for cybercriminals to open online accounts without the bank verifying the person behind those accounts.There may be something lurking in your Apple Wallet🇺🇸 Julie Chatman, Washington, DC ↗ There may be something lurking in your Apple Wallet. Users are urged to update their devices now. Apple has confirmed that if you have a job, which makes you a target, you can place your phone in Lockdown mode to block this attack.Microsoft signing key exposed in crash dump🇺🇸 Katy Craig, San Diego, California ↗A consumer signing key was exposed in a crash dump in April 2021 and later exploited by a China-based threat group, Storm0558. The exposure of the consumer signing key occurred due to what Microsoft describes as a "race condition," which allowed the key to be present in the crash dump.Wiretaps on Wheels🇺🇸 Hillary Coover, Washington, DC ↗Is your modern car spying on you? Discover the shocking truth about the "wiretaps on wheels" and how your data privacy may be at risk. This Day, September 7, 8, and 9 in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗ ​September 8, 2003. The Recording Industry Association of America, RIAA, sues 261 people for sharing music on internet peer-to-peer networks, including 12-year-old Brianna LaHara.

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Today's Cybersecurity and Open Source HeadlinesEdwin Kwan: Australian Data Breach NotificationsThe Office of the Australian Information Commissioner, OAIC, has just released a report of data breach notifications made between January to June, 2023. The top sectors to notify of data breaches were health service providers, financial services and recruitment agencies.Ian Garrett: Most Attacked and Most Vulnerable Cyber AssetsArmis, a security company, conducted a study focused on cyber assets with the highest number of attack attempts and weaponized common vulnerabilities and exposures, or CVEs. The most vulnerable assets are among the Internet of Medical Things, or IoMT, and the most targeted among Operational Technology, or OT assets.Katy Craig: How to Comply with SEC’s New Cyber Disclosure RulesThe US Securities and Exchange Commission’s new cyber incident disclosure rules have recently come into effect. Although the specific requirement will not be enforced until December, experts recommend that companies begin preparations immediatelyHillary Coover: Can TikTok Truly Safeguard your Privacy?Curious about how TikTok is handling your data and whether it’s safe from prying eyes? TikTok’s recent move to open its first European data center, along with third-party security audits, aims to ease concerns. But the real question is, will these steps truly safeguard your privacy?Full episode plus two hundred more: https://bit.ly/505-updates.

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to repost if your followers will find this of value.Segments in this EpisodeWebsite on Children's Snack Compromised and Serving Porn🇦🇺 Edwin Kwan, Sydney, Australia ↗A UK supermarket chain is recalling four types of children's snacks as the website published on the packaging has been compromised. Usually when a supermarket recalls a food item, it's due to an issue with the food content. In this instance, the recall is due to the website listed on the packaging.GenAIVulnerability🇺🇸 Hillary Coover, Washington, DC ↗Concerned about the security of your conversations with AI chatbots? Discover how a hidden threat called 'prompt injection' could be compromising your privacy and data safety. Microsoft’s August Patch Tuesday addresses 73 CVEs🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗Microsoft recently rolled out its August Patch Tuesday updates, and it's crucial for everyone, from individual users to large organizations, to pay attention. Microsoft addressed a staggering total of 73 Common Vulnerabilities and Exposures (CVEs).High-alert Vulnerability in Ivanti MobileIron Sentry🇺🇸 Katy Craig, San Diego, California ↗ Today we're talking about a high-alert vulnerability in Ivanti MobileIron Sentry, versions 9.18.0 and below. If you're using one of these vulnerable versions of Ivanti MobileIron Sentry, you're essentially handing over the keys to the kingdom.Critical Vulnerability in Zyxel Routers🇷🇴 Olimpiu Pop, Transylvania, Romania ↗Do you have a router in your house that is connected to the internet? Yes, those have firmware too. Firmware that more often than not, we forget to update. Who would hack you? The number of regular folks attacked is growing and proof to this is the vulnerability affecting Zyxel routers.This Day, September 6, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗September 6th, 2001. Microsoft announces that consumers can pre-order Windows XP. Windows XP would remain Microsoft's flagship operating system for over five years until the release of Windows Vista in January of 2007.

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to repost if your followers will find this of value.Segments in this EpisodeWordPress Migration Add-on Vulnerable to Sensitive Information Disclosure🇦🇺 Edwin Kwan, Sydney, Australia ↗A WordPress migration plugin contains add-ons that suffer from a vulnerability that could result in sensitive information disclosure. The free plugin is not affected by the vulnerability. It is the premium extensions that are affected.Social Engineering to Bypass Multi-factor Authentication🇺🇸 Ian Garrett, Arlington, Virginia ↗​​Okta, an identity and access management company has issued a warning regarding a new social engineering attack targeting IT service desks in the US.Okta hack affects US customers🇺🇸 Katy Craig, San Diego, California ↗Today we're talking about Okta, the identity and access management company, which has been dealing with a series of targeted attacks. The attackers are going after the IT help desk of Okta's US-based customers. Even the gatekeepers need to double-check who's knocking.This Day, September 3-5, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗4th, 1998. Larry Page and Sergey Brin filing corporation papers for Google in California. Filing on a Friday, the date of official incorporation would be marked as Monday, September 7th. Starting out as a privately held company, Google would hold their IPO about six years later, on August 19th, 2004. 

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to repost if your followers will find this of value.Segments in this EpisodeUniversity of Sydney Students Suffers Data Breach🇦🇺 Edwin Kwan, Sydney, Australia ↗The University of Sydney has suffered a third party data breach exposing students' personal information. The university said that the issue was isolated to a single platform and had no impact on other university systems. FBI takes down Qakbot🇺🇸 Katy Craig, San Diego, California ↗The FBI working with international partners has dismantled Qakbot a massive and disruptive botnet. QakBot was behind at least 40 ransomware attacks causing hundreds of millions in damages, and was running on over 700,000 endpoints worldwide, 200,000 of which were in the US.First Year in Review🇺🇸 Mark Miller, New York City↗It is a holiday here in the United States. With many taking the day off, I'm going to take a couple minutes to evaluate where we've come in the first year of It's 5:05, and let you know where we're headed in the second year.