It's 5:05! Daily cybersecurity and open source briefing

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to repost if your followers will find this of value.Segments in this EpisodeData Breach Victim Gets Fined In Court🇦🇺 Edwin Kwan, Sydney, Australia ↗ A data breach victim suffered additional emotional toll when she was charged by the courts and fined $1.2 million. The Australian victim had her information compromised in the Medibank data breach . The victim was served electronically with papers with charges for cybersquatting, trademark infringement, and IP infringement.This Day, September 1, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗September 1st, 1977. Pioneer 11 becomes the first manmade object to fly by Saturn. After passing Saturn, Pioneer 11 continued on a trajectory towards the center of the Milky Way. The last contact with Pioneer 11 was in November of 1995. CSF: Modernizing the NIST Cybersecurity Framework🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗The new draft of the NIST Cybersecurity Framework, CSF, is exciting. Why? Because the working group is applying modern software practices and techniques. The software architect in me is overjoyed that the CSF 2.0 includes a few updates that align with modern software practices.CSF: What’s cooking in the NIST kitchen?🇺🇸 Katy Craig, San Diego, California ↗The NIST Cybersecurity framework is getting a facelift and Version 2.0 is currently in draft form. So what's cooking in the NIST kitchen? Let's find out. First up, scope and intent. CSF: Defining Profiles and Tiers🇷🇴 Olimpiu Pop, Transylvania, Romania ↗Organizations using CSF may choose to handle a risk in different ways. You can create current profiles for the status quo of your cybersecurity or a target profile to define the end goal. Community profiles for different industries can be used as inspiration.

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Malicious Word Documents Hiding As PDFs🇦🇺 Edwin Kwan, Sydney, Australia ↗Japan's Computer Emergency Response Team, JPCERT, recently shared a newly-detected attack that bypasses detection by embedding malicious Word files in PDFs.Is it time to nuke your Venmo account?🇺🇸 Katy Craig, San Diego, California ↗Have you ever said, "I'll Venmo you," and think nothing of it? Well, it's time to think again. Venmo isn't just for easy payments. It's a data goldmine. It's like leaving breadcrumbs that form a trail of your life- where you go, who you see, and when you see 'em. Part Three: 10 Tasks Slowing Down Security Professionals🇺🇸 Ian Garrett, Arlington, Virginia ↗Have you ever wondered what challenges security teams face due to budgetary and staffing constraints? Today is the last part of a three-part series where we explore the 10 common tasks that often bogged down cybersecurity professionals and discuss strategies employed by security leaders to overcome these hurdles.Changes to NIST Cybersecurity Framework🇷🇴 Olimpiu Pop, Transylvania, Romania ↗NIST, the US National Institute of Standards and Technology, published the public draft of version 2.0 of their Cybersecurity Framework. It expanded from protecting just critical infrastructures like hospitals and power plants, to providing cybersecurity guidance for all organizations, regardless of type or size. This Day, August 31, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗August 31st, 1897. Thomas Edison receives a patent for the Kinetographic Camera, also called the Kinetograph. Edison and his assistant, W. K. L. Dickson, were credited with inventing the Kinetograph in the early 1890s, and it is often considered to be the first real motion picture camera. From Sourced Network Productions in Washington, DC, it's 5:05. I'm Hillary Coover. Today is Thursday, August 31st, 2023. Here's the full story behind today's cybersecurity and open source headlines.

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Data Stealing Libraries Found in Rust Registry🇦🇺 Edwin Kwan, Sydney, Australia ↗Early this month, malicious libraries were discovered in the RUST programming language 's crate registry. It is suspected that the libraries were discovered in the early stages of a campaign. It is unclear what the goal of the attackers were. Lazarus Group NK RATs🇺🇸 Katy Craig, San Diego, California ↗Let's talk CollectionRAT. This one is the new kid on the block, but don't underestimate it. It gathers data, reads and writes files, and even has its own tricks to avoid detection. This ain't no one trick pony. Spamouflage🇺🇸 Hillary Coover, Washington, DC ↗ Meta, the parent company of Facebook, has successfully dismantled a massive Chinese disinformation campaign known as Spamouflage. It was the largest cross-platform covert influence operation they've ever encountered. Adversaries say, "Show me the Money!"🇺🇸 Mark Miller, New York City↗One of the iconic scenes in Jerry McGuire is Cuba Gooding Jr. forcing Tom Cruise to scream, "Show me the money. Show me the money!" I was reminded of the scene as I was reading Hazel Burton's update on how Cisco Talos found clues of post authentication adversaries who left tracks that said, "show" me. Yeah, literally, "show" me. This Day, August 30, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗August 30th, 1963. A direct line of communication between the leaders of the US and the Soviet Union dubbed the Hotline, begins operation today. It was most famously represented as a red phone. From Sourced Network Production in New York city, it's 5 0 5. I'm Pokie Huang. Today's Wednesday, August 30th, 2023. Here's the full story behind today's cybersecurity and open source headlines. 

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Risks of Public Wi-Fi🇦🇺 Edwin Kwan, Sydney, Australia ↗The convenience of public Wi-Fi may come at a price, with attackers trying to steal sensitive information using approaches like Man-In-The-Middle attacks, eavesdropping, using rogue hotspots, spoofing, session hijacking, malware distribution, and login page phishing.Part Two: 10 Tasks Slowing Down Security Professionals🇺🇸 Ian Garrett, Arlington, Virginia ↗Have you ever wondered what challenges security teams face due to budgetary and staffing constraints? Today's part two of a three-part series where we explore the 10 common tasks that often bog down cybersecurity professionals and discuss strategies employed by security leaders to overcome these hurdles.Response to Surging Healthcare Cyberattacks🇺🇸 Hillary Coover, Washington, DC ↗ Curious about how innovators can help shield the US healthcare system from cyber threats? The Biden-Harris Administration's Advanced Research Projects Agency for Health is rolling out the Digital Health Security (DIGIHEALS) project and providing essential funding. The "Holy Grail" of on-device AI🇺🇸 Katy Craig, San Diego, California ↗Hold onto your smartphones because they're about to get a whole lot smarter. Imagine your phone not just correcting your typos, but also generating personalized solutions based on your data, like driving patterns, restaurant searches, and more. Qualcomm is set to introduce generative AI into its next-gen premium chips.This Day, August 29, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗ August 29th, 1831. English scientist, Michael Faraday, discovers electromagnetic induction. Electromagnetic induction is the primary principle behind electric motors and electric generators, two very important inventions that power and drive our electronic technology of today. From Sourced Network Productions in Washington, DC, it's 5:05. I'm Hillary Coover. Today is Tuesday, August 29th, 2023. Listen to the full story behind today's cybersecurity and open source headlines.

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Financial Effects of Medibank Data Breach May Reach $80M🇦🇺 Edwin Kwan, Sydney, Australia ↗The 2022 data breach of Medibank is set to cost the health insurer $35 million in 2024. The data breach had cost them $46.4 million in the 2022 to 2023 financial year. They forecast that the total cost by next year could pass $80 million. Poland Railway Disrupted by $30 Hack🇺🇸 Hillary Coover, Washington, DC ↗Could a $30 radio hack bring a nation's railway system to a standstill? Saboteurs disrupted Poland's railway system by using a basic "radio-stop" command that could be transmitted with inexpensive equipment- costing around $30. Cloud Account Takeovers on the Rise🇺🇸 Katy Craig, San Diego, California ↗ Cloud account takeover incidents have witnessed a sharp rise in recent times, The past six months have seen an astonishing 100% surge in successful breaches. Paradoxically, despite the widespread adoption of MFA by organizations, instances of account takeovers have risen significantly. It's startling that nearly 35% of compromised users had MFA enabled. This Day, August 27 and 28, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗August 27th, 2003. The city of Fairbanks, Alaska connected to what was at the time the world's largest battery backup. Designed to help prevent serious blackouts that plagued the city every two to three years, it was reported that in the first two years of operation, the battery system prevented at least 81 power failures.----------- From Sourced Network Productions in Washington, DC., It's 5:05. I'm Hillary Coover. Today is Monday, August 28th, 2023. Here's the full story behind today's cybersecurity and open source headlines...

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.This Day, August 24, 25 and 26 in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗"I have always said if there ever came a day when I could no longer meet my duties and expectations as Apple's CEO, I would be the first to let you know. Unfortunately, that day has come." Steve Jobs, August 24th, 2011.Smart Bulb Vulnerabilities Allow Homes to Be Hacked🇦🇺 Edwin Kwan, Sydney, Australia ↗Researchers from universities in Italy and the UK have released a paper disclosing four vulnerabilities in a popular smart bulb . The vulnerabilities allow hackers to control other smart home devices and gain access to the wifi network.There’s no way to stop LLM adversaries. None.🇺🇸 Mark Miller, New York City↗From the research paper, " Universal and Transferable Adversarial Attacks on Aligned Language Models", the research team at CMU describe how they created adversarial prompts for the public interfaces to ChatGPT, Bard, and Claude, as well as open source LLMs, such as LLaMA-2-Chat, Pythia, Falcon, and others.Security Lapse Reveals Locations of Artworks🇺🇸 Katy Craig, San Diego, California ↗On a recent Wednesday evening, a university professor in western Germany prepared paintings for auction at Christie's . Using his iPhone, he snapped pictures of these artworks intending to upload them to Christie's website. As the images were uploaded, their GPS coordinates were unknowingly revealed to anyone who viewed them online. Hillary Coover, Host of It's 5:05From Sourced Network Productions in Washington, DC, it's 5:05. I'm Hillary Coover. Today is Friday, August 25th, 2023. Here's the full story behind today's cybersecurity and open source headlines.

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.HEADLINES FROM TODAY'S UPDATESMarcel Brown: This Day in Tech History August 24th, 1993. Perhaps the most famous lawsuit in technology history is decided for Microsoft. Apple claimed that Microsoft's Windows violated their copyrights on the so-called visual displays of the Macintosh. The judge in the case ruled that most of the claims were covered by a 1985 licensing agreement. Edwin Kwan: Australian Charities Suffer Data BreachThousands of donors to Australian charities have had their personal information stolen after a telemarketing company suffered a data breach. The stolen data has been published and includes full names, date of births, addresses, email addresses, and phone numbers. Ian Garrett: Part One - 10 Tasks Slowing Down Security ProfessionalsHave you ever wondered what challenges security teams face due to budgetary and staffing constraints? Today is part one of a three part series where we explore the 10 common tasks that often bog down cybersecurity professionals and discuss strategies employed by security leaders to overcome these hurdles.Katy Craig: Drama at Terraform...Just fork it!After nearly nine years under the Mozilla public license MPL version 2.0, Terraform has transitioned to the business source license BSL version 1.1, a non-open source license. For dedicated supporters of open source principles, the business source license doesn't align well with their values. Hillary Coover: Is YouTube Targeting Your Kids? Of course they are!A recent report highlights concerns over YouTube's advertising practices on children's channels, potentially leading to the tracking of children's online activities. A Canadian bank's ad campaign illustrates how ads meant for adults ended up on a children's video resulting in viewers being tracked by various tech companies.Mark Miller, Executive ProducerFrom Sourced Network Productions in New York City, It's 5:05. I'm Mark Miller, standing in this week for Hillary Coover. Today is Thursday, August 24th, 2023. Here's the full story behind today's cybersecurity and open source headlines...

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Today's HeadlinesEdwin Kwan: Remote Code Execution Vulnerability in Popular Windows SoftwareA popular Windows file archive and compression tool has a high-severity zero-day vulnerability that could allow attackers to gain control of your computer. A specially-crafted RAR file, when open, could give remote attackers the ability to conduct remote code execution on the target system.Katy Craig: Binding Operational Directive 22-01Today we dive into the realm of cybersecurity that unfolded some time ago. It’s with concern that we must address the actions of certain malicious actors who seek to exploit vulnerabilities in our digital infrastructure.Olimpiu Pop: Remember Cold Fusion? So do Hackers Not long ago Adobe disclosed three vulnerabilities, each of them with a various degree of criticality from high to very critical. The 120,000 small- to medium-sized organizations from the US that still use it might be more vulnerable than bigger companies with bigger paychecks.Hillary Coover: Live Facial Recognition Facing Scrutiny in UKLive Facial Recognition (LFR) technology is ” facing” scrutiny in the UK as police forces conduct trials. As facial recognition technology strides forward, so does the dialogue on its responsible integration.

🎙️ Free, ungated access to all 200+ episodes of “It’s 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. ♻️ You’re welcome to 𝗿𝗲𝗽𝗼𝘀𝘁 if your followers will find this of value.Australian Critical Infrastructure Suffers Data Breach🇦🇺 Edwin Kwan, Sydney, Australia ↗AUDA might have suffered a data breach. The hackers claim to have access to 15 gigabytes of data, which includes powers of attorney and legal documents, passport information, personal data, medical records, loan repayment information, death certificates, and customer bank account details.Mandiant: Generative AI is Biggest CyberThreat🇺🇸 Katy Craig, San Diego, California ↗Mandiant found that threat actors are eyeing AI and they're not just twiddling their thumbs. Social engineering cases might have seen the lowest AI usage, but when it comes to spreading disinformation using AI generated imagery and video, the game changes.Goliath Ad Agency Exploits Data Dominance in Bid to Undermine California Privacy Bill🇺🇸 Hillary Coover, Washington, DC ↗The Interpublic Group, IPG, one of the world's largest advertising firms, is orchestrating a campaign to counter a California bill known as SB-362 or the Delete Act. Emails obtained by Politico reveal that IPG is actively coordinating efforts against the bill. Amazon's Google Ad Dives into Microsoft Scam🇺🇸 Ian Garrett, Arlington, Virginia ↗A recent attack impersonates Amazon and Microsoft, while leveraging Google ads to scam unsuspecting users. Today's sneaky tactic and elaborate scheme acts as a legitimate looking Amazon ad in Google search results that takes an unexpected twist by leading unsuspecting users into a Microsoft support scam. This Day, August 22, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗August 22nd, 1987. The Legend of Zelda is released for the NES in North America. Considered one of the most influential games of all time, it was the forerunner of the role-playing video game genre and spawned one of the most successful series in video game history.

Full episode available on your favorite podcast platform: https://bit.ly/505-updates 📌From Sourced Network Productions in Washington, DC, it's 5:05. I'm Hillary Coover. Today is Monday, August 21st, 2023. Here's the full story behind today's cyber security and open source headlines Chrome to Get Quantum Resistant Encryption and Other Security Features🇦🇺 Edwin Kwan, Sydney, Australia ↗Google has announced plans for three new security features in upcoming versions of the Chrome web browser. These three security features are expected to be available by mid-September 2023.Google’s AI Life Coach🇺🇸 Katy Craig, San Diego, California ↗Picture this: AI, the latest tech darling, is now on a mission to guide you through life's twists and turns. The goal? To make AI not just smart, but also your trusted confidant and advisor. Tech's Tightrope: Navigating Vulnerabilities Amid Rising China-US Tensions🇺🇸 Hillary Coover, Washington, DC ↗The growing tensions between US and China in the tech sector could expose vulnerabilities in the coming years. The recent executive order bans US investments in Chinese firms working on advanced semiconductors and quantum computers. This Day, August 21, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗August 21st, 1993. NASA loses contact with the Mars Observer spacecraft, three days before it was to enter into orbit around Mars. The reason for the loss of contact was never definitively determined, but the most probable cause was a rupture of a fuel tank.

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/505-updates 📌LinkedIn Account Takeover Campaign🇦🇺 Edwin Kwan, Sydney, Australia ↗Security Research Company, Cyberint, has observed an ongoing and successful hacking campaign targeting LinkedIn accounts. This has resulted in victims being pressured into paying to regain control of their account or facing permanent deletion. Can Amazon's palm-scanning tech unlock an entire universe of identity possibilities?🇺🇸 Hillary Coover, Washington, DC ↗Can Amazon's palm scanning tech unlock an entire universe of identity possibilities? By the end of this year, Amazon's biometric technology, known as Amazon One, will enable you to scan your palm at over 500 locations for payments and access. This Day, August 18, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗August 19th, 2004. Google holds its Initial Public Offering, selling over 22 million shares at a starting price of $85. Google shares closed that day at $100.34, and the IPO created many instant millionaires and a few billionaires. From host Hillary Coover: It's 'Point of View Friday' where our team of journalists give us their take on one of the week's most important stories. Today, Trac Bannon, Olimpiu Pop and Katy Craig will explore Evaluating the Proposed Cyber Resilience Act, and how it could affect the open source community. Cyber Resiliency Act: Impacts on Open Source🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗The concept of crowdsourcing software development seems solid and altruistic at the surface. When open source is leveraged by for-profit corporations and commercial entities, who bears the burden for cyber resiliency?Cyber Resiliency Act: Save Open Source!🇺🇸 Katy Craig, San Diego, California ↗The European Union is currently advancing the Cyber Resilience Act (CRA). As the Act advances, it's critical for the open source community to engage with policymakers to strike a balance between security measures and the principles that underpin open source collaboration.Cyber Resiliency Act: Why You Should Care🇷🇴 Olimpiu Pop, Transylvania, Romania ↗Open source software is today's boiler waiting to explode. Why do we care? Because we understand that open source, it's so much more than some library for geeks to play in their free time. Because we understand that modern society relies on it, and part of most advancements are partly due to open source.

Full episode available on your favorite podcast platform: /bit.ly/505-updates📌Cybercrime Forums Selling Personal Information of Hackers🇦🇺 Edwin Kwan, Sydney, Australia ↗ Info-stealing malware does not discriminate when stealing personal information. Hackers are humans too, and some of them fell prey and installed info-stealing malware. Follow up to AI Red Team Hacking at Defcon🇺🇸 Katy Craig, San Diego, California ↗ People are becoming increasingly worried about AI. A recent report from LLM-attacks.org shows that even super smart AIs from Google and OpenAI can mess up if you ask them the right leading questions.Zero-day in File Transfer Software Leaves Health Data Exposed🇺🇸 Ian Garrett, Arlington, Virginia ↗That awkward moment when your data transfer solution is transferring a little too well... In this case, a zero-day in the file transfer software, MOVEit, allowed hackers to breach millions of records of sensitive health information. LinkedIn Compromised with Account Takeover Campaign🇺🇸 Mark Miller, New York City↗Just when you thought it was safe to go back in the water... hackers using a Russian internet portal and email provider Rambler.ru are using brute force attacks to compromise LinkedIn accounts.

200 episodes available for free on your favorite podcast platform: /bit.ly/505-updates📌August 16, 2023, Episode #208 - WednesdayHow Leaky is your VPN?🇦🇺 Edwin Kwan, Sydney, Australia ↗https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdfhttps://github.com/vanhoefm/vpnleakshttps://www.theregister.com/2023/08/10/tunnelcrack_vpn/Microsoft stops renewing licenses for Russian companies🇺🇸 Hillary Coover, Washington, DC ↗https://www.svoboda.org/a/microsoft-prekratit-prodlevatj-litsenzii-rossiyskim-kompaniyam/32543000.htmlhttps://www.rferl.org/a/russia-microsoft-suspends-licenses/32543751.htmlFortinet Critical Flaw🇺🇸 Katy Craig, San Diego, California ↗https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215ahttps://nvd.nist.gov/vuln/detail/CVE-2018-13379#vulnCurrentDescriptionTitlehttps://www.fortiguard.com/psirt/FG-IR-20-233https://www.fortiguard.com/psirt/FG-IR-18-384Trac Bannon: Break out of the Chains: Microsoft ProxyShell🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215ahttps://nvd.nist.gov/vuln/detail/CVE-2021-34473https://nvd.nist.gov/vuln/detail/CVE-2021-31207 https://nvd.nist.gov/vuln/detail/CVE-2021-34523Hackers Need Jira Too🇷🇴 Olimpiu Pop, Transylvania, Romania ↗https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-215ahttps://nvd.nist.gov/vuln/detail/CVE-2022-26134https://nvd.nist.gov/vuln/detail/CVE-2021-26084This Day in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗http://thisdayintechhistory.com/08/16

August 15, 2023, Episode #207 - TuesdayFull episode available on your favorite podcast platform: /bit.ly/505-updates📌Edwin Kwan: Popular Open Source Software Breaks Users' TrustPopular open source software, Moq, has broken user trust by quietly making changes that collect user email addresses. The popular software has been downloaded over 476 million times. 🇦🇺 Edwin Kwan, Sydney, Australia ↗https://www.bleepingcomputer.com/news/security/popular-open-source-project-moq-criticized-for-quietly-collecting-data/https://www.bleepingcomputer.com/news/security/amazon-aws-distances-itself-from-moq-amid-data-collection-controversy/Katy Craig: Goodbye PasswordsSoon passwords could be history. With passwordless tech, logging in will be safer and simple. Say goodbye to forgotten passwords, email phishing campaigns, and hello to a better online world.🇺🇸 Katy Craig, San Diego, California ↗https://www.axiad.com/newsroom/axiad-and-esg-survey-82-of-respondents-indicate-passwordless-authentication-is-a-top-five-priority/https://www.csoonline.com/article/649083/10-passwordless-authentication-solutions.htmlIan Garrett: Rapid Growth in Attacks Against Identity-based SecurityA recent report shows a rapid growth of identity-based security threats. Cyber criminals are evolving their tactics, making them harder to detect by gaining legitimate access to target systems. 🇺🇸 Ian Garrett, Arlington, Virginia ↗https://www.csoonline.com/article/648894/identity-based-security-threats-are-growing-rapidly-report.htmlHillary Coover: DARPA Wants to Know What Role AI will Play in CybersecurityWhat role will AI play in cybersecurity? The Defense Advanced Research Projects Agency, DARPA, will award a cumulative $18.5 million in prizes to winning teams and will fund up to seven small businesses with up to $1 million each to compete.🇺🇸 Hillary Coover, Washington, DC ↗https://www.darpa.mil/news-events/2023-08-09Full transcript and links to resources available at 505updates.com

Full episode available on your favorite podcast platform: /bit.ly/505-updates📌Edwin Kwan: The LF Open Source Maintainers Report🇦🇺 Edwin Kwan, Sydney, Australia ↗https://www.linuxfoundation.org/research/open-source-maintainersLinux Foundation research found that our technology infrastructure relies heavily on a few hundred open source projects. The maintainers of those projects bear a tremendous burden, as their projects are responsible for much of the global economy and disruptions to their project can cause massive problems and outages.Katy Craig: Microsoft Discloses OT Vulnerabilities🇺🇸 Katy Craig, San Diego, California ↗https://www.microsoft.com/en-us/security/blog/2023/08/10/multiple-high-severity-vulnerabilities-in-codesys-v3-sdk-could-lead-to-rce-or-dos/Germany-based industrial automation software provider, Codesys, faces a security crisis. Microsoft researchers have uncovered over a dozen vulnerabilities in its products that could lead to remote takeover or denial of service for millions of industrial control systems.Hillary Coover: 4 Step Guidance for Using ChatGPT🇺🇸 Hillary Coover, Washington, DC ↗https://www.reuters.com/technology/chatgpt-fever-spreads-us-workplace-sounding-alarm-some-2023-08-11/According to a recent Reuters poll, 28% of American workers claim to use ChatGPT regularly for work. Chatbot input data is similar to browser history data in that both are discoverable and, with the right datasets correlated, can be deanonymized.Marcel Brown: This Day, August 13, 14, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗http://thisdayintechhistory.com/08/13http://thisdayintechhistory.com/08/14August 13th, 1993. The Super NES version brought Street Fighter II into the home and uh, college dorm rooms where certain people spent many hours smacking down their dorm mates. I still have this game, so if anyone is feeling saucy, the smack downs can resume at any time.

Kadi McKean: Veilid launch with Paul Miller at BlackHat 2023🇺🇸 Kadi McKean, Alexandria, Virginia ↗Guest speaker: Paul Miller, Sr. Manager at VmWare Carbon Black​​https://www.linkedin.com/in/paulm3319/VeilidCult of the Dead Cow Launches Encryption Protocol Veilidhttps://twitter.com/VeilidNetwork?ref_src=twsrc%5Egoogle%7Ctwcamp%5Eserp%7Ctwgr%5Eauthor&nbsp;Edwin Kwan: Company using Keystroke Logging to Measure Employee Productivity🇦🇺 Edwin Kwan, Sydney, Australia ↗https://www.itnews.com.au/news/iag-used-keystroke-logging-to-investigate-productivity-of-remote-worker-598692http://www.austlii.edu.au/cgi-bin/viewdoc/au/cases/cth/FWC/2023/1792.htmlOlimpiu Pop: OWASP Releases Top 10 Threats LLM V1.0🇷🇴 Olimpiu Pop, Transylvania, Romania ↗https://owasp.org/www-project-top-10-for-large-language-model-applications/assets/PDF/OWASP-Top-10-for-LLMs-2023-slides-v1_0.pdfTrac Bannon: Help is on the way: OWASP Releases Top 10 LLM Threats🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗OWASP Top 10 for LLMhttps://github.com/OWASP/www-project-top-10-for-large-language-model-applications/wiki&nbsp;OWASP Top 10 for Large Language Model Applications | OWASP FoundationOfficial Release: The OWASP Top 10 for Large Language Model Applications v1.0Katy Craig: OWASP 4 LLM🇺🇸 Katy Craig, San Diego, California ↗OWASP Top 10 for Large Language Model Applications | OWASP FoundationOfficial Release: The OWASP Top 10 for Large Language Model Applications v1.0Marcel Brown: This Day, August 11, 12 in Tech History<a...

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/505-updates 📌Today's Cybersecurity Briefing:Marcel Brown: August 10th, 1966. The first lunar orbiter, creatively named Lunar Orbiter I, is launched. Its primary mission is to photograph potential landing sites for future Apollo missions. Edwin Kwan:How are malicious apps getting past Google's Play Store's review process and their rigorous, potentially harmful application screening? Well, they're using a technique called versioning, which is sneaky and hard to detect. Hillary Coover:Amidst this year's conference, one of the most prominent and pressing topics under discussion continues to be the critical shortage of cybersecurity talent. While companies have introduced innovative recruitment techniques to broaden their cyber talent pools, the size of the pool remains constrained.Ian Garrett:Ransomware has had a glow up. As organizations have become increasingly resilient to traditional ransomware techniques, malicious actors have been exploiting more zero-day vulnerabilities and are also targeting the exfiltration of critical files, raising the stakes for victims and organizations alike.Katy Craig: Medical Secrets. Bank heist blueprints. Racial bias. What happens when red teams go after generative AI? A web of fabricated tales emerge. One even suggesting Justin Bieber's hand in Selena Gomez's grisly death. And for each transgression, a cause for celebration in this strange twist of artificial intelligence. Hillary Coover:From Sourced Network Productions, reporting from Las Vegas, Nevada at Black Hat, It's 5:05. I'm Hillary Coover. Today is Thursday, August 10th, 2023. Here's the full story behind today's cybersecurity and open source headlines

Free access to “It’s 5:05!” on your favorite podcast platforms:&nbsp;bit.ly/its505-free-access-on-all-podcast-platforms&nbsp;Edwin Kwan: Highly Accurate Acoustic Keylogger Attack🇦🇺 Edwin Kwan, Sydney, Australia ↗Academic researchers from British universities have developed a deep learning side channel attack that can be used to steal data from keyboard strokes that are recorded using a microphone with an accuracy of up to 95%.Trac Bannon: Top Vulnerabilities: Why don’t we learn?🇺🇸&nbsp;Tracy (Trac) Bannon, Camp Hill, PennsylvaniaCybersecurity agencies from around the world have co-authored an alert that is peppered with words like “routinely” and “frequently”. It’s interesting to note the distribution of vendors involved in the Top 12 routinely exploited CVEs and CWEs.Katy Craig: Review of 2022 Vulnerabilities🇺🇸 Katy Craig, San Diego, CaliforniaThe world of cybercrime mirrors, the laws of nature; adapt or perish. The choice of targets heavily influence the selection of vulnerabilities. Cyber actors with precision akin to surgeons opt for vulnerabilities more rampant within the network landscape of their targets.Olimpiu Pop: Vulnerabilities PoV - Log4j Still Dangerous Two Years Later🇷🇴 Olimpiu Pop, Transylvania, RomaniaAccording to Sonatype, around a third of the related downloads from Maven Center are vulnerable. The main reason this happens is due to the shaky software supply chain. The report provides a couple of advices on how to decrease the risk of supply chain attacks.Marcel Brown: This Day, August&nbsp;9 in Tech History🇺🇸&nbsp;Marcel Brown, St. Louis, MissouriAugust 9th, 1991. Astronauts aboard the Space Shuttle Atlantis, Mission STS43, use an Apple Macintosh portable computer to send what is considered the first email from space.

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 📌Edwin Kwan: Frequently Exploited Vulnerabilities in 2022🇦🇺 Edwin Kwan, Sydney, Australia ↗A number of cybersecurity agencies have co-authored a joint Cybersecurity Advisory (CSA) on frequently exploited vulnerabilities in 2022. The advisory provides details on CVEs routinely and frequently exploited by cyber criminals.&nbsp;Ian Garrett: North Korean Hackers Versus Russian Missile Makers🇺🇸 Ian Garrett, Arlington, Virginia ↗North Korean hackers and Russian missile makers sound like an excellent start to a movie. The North Korean Hacking Group known as ScarCruft has made headlines once again- this time for breaching the IT infrastructure and email server of a prominent Russian space rocket designer and intercontinental ballistic missile engineering organization.Katy Craig: Volt Typhoon creeps into Texas🇺🇸 Katy Craig, San Diego, California ↗Brace yourselves for a grave cybersecurity threat lurking right at our doorstep. A notorious Chinese advanced persistent threat known as Volt Typhoon, has plans to sabotage the utilities and communication systems powering US military bases. And they've got their eyes on TexasHillary Coover: Regulation China FR🇺🇸 Hillary Coover, Washington, DC ↗China responds to mounting privacy concerns by drafting stringent rules for facial recognition technology, demanding purpose, necessity, and consent in its use while curbing its application in sensitive spaces.

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 📌Edwin Kwan: Tax Refund Scams costing Australian Tax Office Over Half a Billion Dollars🇦🇺 Edwin Kwan, Sydney, Australia ↗Cyber criminals have scammed the Australian Tax Office of more than half a billion dollars. They have done so by exploiting a weakness in the identification system used by the myGov online portal. The weakness allows them to redirect other people's tax refund to their own bank accounts.Julie Chatman: Close that IDOR!🇺🇸 Julie Chatman, Washington, DC ↗Do you remember a major breach from 2019 involving 800 million financial files, including bank account statements and mortgage payment documents? It happened due to a specific security flaw known as Insecure Direct Object References, or IDORs.&nbsp;&nbsp;Katy Craig: FraudGPT🇺🇸 Katy Craig, San Diego, California ↗Recently spotted in various dark web marketplaces and telegram channels, FraudGPT is not to be taken lightly. If the experts are right, this AI-powered bot is exclusively designed for offensive purposes.&nbsp; Think spear phishing emails, stealthy, malware creation, carding, and more.&nbsp;Hillary Coover: Building Social Resilience🇺🇸 Hillary Coover, Washington, DC ↗Amidst the rise of AI-powered disinformation and deep fakes, the world's upcoming elections in the US, UK, and India present a high-stakes battleground, where the fate of information integrity hangs in the balance.

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 📌Today is August 4th and it's our 200th episode at "It's 5:05". So we have something special planned. This is Executive Producer, Mark Miller. In addition to our regular format, we are extending the show today to include "The Story of the Week", where four of our journalists examine the same topic from different viewpoints.&nbsp;With Apple's announcement of a critical exploit in it's kernel prior to 15.7.1, Tracy Bannon, Katy Craig, Olimpiu Pop, and Marcel Brown will give you their individual takes on this known vulnerability and what you can do about it.&nbsp;It's a new format for us, so let us know what you think.&nbsp;Thanks for joining us for our 200th episode. Here's to the next 200.&nbsp; Marcel Brown: This Day, August 4, 5 in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗August 4th, 2007. NASA launches the Mars Phoenix lander. Phoenix would become the first spacecraft to land on the Martian arctic surface. Its mission was to dig for ice and assess if the Martian arctic ever had conditions that could have supported life.Edwin Kwan: Potential WeChat Ban on Australian Government Devices🇦🇺 Edwin Kwan, Sydney, Australia ↗A senate committee investigating interference in Australia by foreign powers through social media have released a report this week, which found that TikTok and WeChat could be the country's biggest security risk.&nbsp;Hillary Coover: NATO Tech Funding🇺🇸 Hillary Coover, Washington, DC ↗ NATO just launched a €1 billion fund to support defense and security startups, benefiting its member countries during the ongoing Ukraine conflict. Katy Craig: Apple Kernel Flaw CVE 2023-38606🇺🇸 Katy Craig, San Diego, California ↗Trac Bannon: New Apple Vulnerability: Device Owner Call To Action🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗Marcel Brown: Apple CVE🇺🇸 Marcel Brown, St. Louis, Missouri ↗Olimpiu Pop: Apple Gadgets Exploited in Data Stealing Operations🇷🇴 Olimpiu Pop, Transylvania, Romania ↗

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 📌Marcel Brown: This Day, August&nbsp; 3 in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗August 3rd, 1977. Radio Shack introduces their first computer, the TRS80. Originally forecasting sales of just 3000 to 5,000 per year, the TRS80 sold over 10,000 units in the first month and a half of sales. and 200,000 over the lifetime of the product.&nbsp;&nbsp;Edwin Kwan: Don't Let Your Printer Compromise Your Network🇦🇺 Edwin Kwan, Sydney, Australia ↗Canon recently released a security advisory stating that Wi-Fi connection information does not get wiped on some of their inkjet printers during initialization. The Wi-Fi connection information includes wifi network,&nbsp; SSID,&nbsp; password, network type, such as WPA3 or WEP,&nbsp; assigned IP address, MAC address, and network profile.&nbsp;Ian Garrett: Space Pirates Attack Across Russia and Serbia🇺🇸 Ian Garrett, Arlington, Virginia ↗First aliens and now Space Pirates? In this case, it's the notorious threat actor known as Space Pirates, and they've launched attacks across Russia and Serbia using novel tactics targeting various sectors, from government agencies and educational institutions, to aerospace manufacturers and healthcare firms.Olimpiu Pop: Break the Silos to Achieve Cyberresillience🇷🇴 Olimpiu Pop, Transylvania, Romania ↗The expected investment in cybersecurity is estimated at $1.75 trillion by 2025- equivalent to the GDP of the ninth largest economy in the world, Canada. What beats that? The projected cost of global cybercrime- $10.5 trillion- about half of the GDP of the largest economy, the US.Katy Craig: Worldcoin says it will share its data🇺🇸 Katy Craig, San Diego, California ↗Worldcoin, the brainchild of OpenAI's Sam Altman, keeps making headlines with its iris-scanning orb. Worldcoin's ambition goes beyond just offering free crypto tokens.&nbsp;Marcel Brown: Apple and UK🇺🇸 Marcel Brown, St. Louis, Missouri ↗The UK government is attempting to update the Investigatory Powers Act of 2016, in order to force message providers to provide back doors into their encrypted messaging systems. Apple has joined WhatsApp and Signal in basically stating&nbsp; their only option will be to remove their services if these laws are passed.Olimpiu Pop: UK Ambulance Patient Records Hauled Offline Cyber Attack Probe🇷🇴 Olimpiu Pop, Transylvania, Romania ↗Ambulance patients from cities such as Bristol or Oxfordshire, and regions of Cornwall and Devon were impacted by a cyber attack targeted against health software company Ortivus, based in Sweden.

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 📌Marcel Brown: This Day, August&nbsp; 2 in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗August 2nd, 1873. The Clay Street Railroad begins operation, making it the first cable car in San Francisco's now famous cable car system. And for many of us growing up in the 1980's, cable cars also became synonymous with Rice-A-Roni®, the San Francisco treat.Edwin Kwan: Australian Government Initiative to Improve Cyber Security Suffers Data Leak🇦🇺 Edwin Kwan, Sydney, Australia ↗The Home Affairs Department suffered a data leak when they accidentally published personal information of more than 50 small businesses who participated in a cybersecurity survey.Kadi Grigg: What the fork?🇺🇸 Kadi Grigg,Alexandria, Virginia ↗As of July 11th, SUSE publicly announced its intention to fork the open source version of Red Hat Enterprise Linux, also known as RHEL, and will be developing and maintaining that code in compatible distribution that will be available without any restrictions as per the announcement.Olimpiu Pop: Break the Silos to Achieve Cyberresillience🇷🇴 Olimpiu Pop, Transylvania, Romania ↗The expected investment in cybersecurity is estimated at $1.75 trillion by 2025- equivalent to the GDP of the ninth largest economy in the world, Canada. What beats that? The projected cost of global cybercrime- $10.5 trillion- about half of the GDP of the largest economy, the US.Katy Craig: Connected Cars🇺🇸 Katy Craig, San Diego, California ↗ In today's digital age, it seems our cars aren't just for driving anymore. They're another frontier in the quest for privacy.&nbsp;

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 📌Marcel Brown: This Day, August&nbsp; 1 in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗August 1st, 1981. MTV, presumably standing for "Music Television," launches on cable TV. As most people know, after the introduction sequence, the first video played was "Video Killed the Radio Star" by The Buggles. However, a bit of trivia is that the second song played was "You Better Run" by Pat Benatar.Edwin Kwan: Déjà vu-lnerability - What is Old can be a Zero-day Again🇦🇺 Edwin Kwan, Sydney, Australia ↗Researchers from Google's Threat Analysis Group released a review report of zero-day vulnerabilities that were exploited in the wild in 2022. A total of 41&nbsp; zero-day vulnerabilities were detected and disclosed that year. This is a 40% decrease from the previous year, which had 69 detected zero-day vulnerabilities.Ian Garrett: Android Messaging Spyware App Steals Signal and WhatsApp Data🇺🇸 Ian Garrett, Arlington, Virginia ↗SafeChat is anything but safe. The spyware app is being used by hackers to steal sensitive user data. Researchers at CYFIRMA have discovered that this malicious app is suspected to be a variant of the infamous " Coverlm" spyware, known for targeting popular communication apps like Signal, WhatsApp, and Telegram.Katy Craig: France balks at Worldcoin🇺🇸 Katy Craig, San Diego, California ↗Imagine walking into a sign-up location and encountering a shiny, futuristic sphere scanning your face like something out of Star Trek. That's exactly what's happening at various Worldcoin locations across the globe.&nbsp; It seems to be working, as they've already attracted 2.1 million users.&nbsp;But not everything is smooth sailing for Worldcoin.Hillary Coover: China Misinformation🇺🇸 Hillary Coover, Washington, DC ↗A Chinese marketing firm with connections to Chinese government actors has been involved in an influence campaign aimed at improving Beijing's image abroad. Who cares? Doesn't every government do this?

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 📌Easy to Exploit Vulnerabilities Affecting 40% of Ubuntu Systems🇦🇺 Edwin Kwan, Sydney, Australia ↗40% of Ubuntu cloud workloads are affected by two easy-to-exploit privilege escalation vulnerabilities. Ubuntu has an approximate user base of over 40 million.CRA Moves Into Negotiations With The Council🇷🇴 Olimpiu Pop, Transylvania, Romania ↗The Cyber Resilience Act, a significant piece of legislation, has caused a stir among the foundations backing open source software. The endorsement from the Industry, Research, and Energy Committee of the EU has only added fuel to the fire.&nbsp;Hackers unleash ZIP Domains🇺🇸 Katy Craig, San Diego, California ↗Phishing attacks are getting sneakier, my cyber-savvy friends. The bad guys have found a new trick by exploiting the newly introduced '.ZIP' Top-Level Domain. You know, those final bits of a website, address like '.COM,' or '.ORG.'&nbsp;Hillary Coover: Smart Car Data🇺🇸 Hillary Coover, Washington, DC ↗Connected cars can gather a wealth of information through free built-in apps, sensors, and cameras, raising concerns about who controls this data. Do you know how valuable you are as a product or how your data is being used?&nbsp;Marcel Brown: This Day, July 30 &amp; 31 in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗July 31st, 1971. Using the battery-powered Lunar Roving Vehicle, Astronaut David Scott of the Apollo 15 mission becomes the first person to drive a vehicle on the Moon.

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 📌Dear Jen, Merrick, and Lina. What's up with Microsoft?🇺🇸 Mark Miller, New York City↗"Dear Director Easterly, Attorney General Garland, and Chair Khan. I write to request that your agencies take action to hold Microsoft responsible for its negligent cybersecurity practices."&nbsp; That's the beginning of a letter from Senator Ron Wyden, Democrat from Oregon. What set this off for Wyden? Why is he asking for Microsoft's head on a platter?&nbsp;&nbsp;Call of Duty? Watch out for the malware in the lobby.🇦🇺 Edwin Kwan, Sydney, Australia ↗Call of Duty game players are getting infected by a self-spreading malware. The malware, which is also a worm, spreads to other users who are online and in the game lobby. It does this automatically from one infected player to another.Here’s looking at you, Worldcoin!🇺🇸 Katy Craig, San Diego, California ↗Step right up, folks, and get your eyeballs scanned by a mysterious silver orb! Welcome to the fascinating world of Worldcoin, a cryptocurrency project with the twist- biometric verification.&nbsp;9mm smart gun? What took you so long.🇺🇸 Hillary Coover, Washington, DC ↗The Wall Street Journal recently covered an emerging innovation in firearm safety- smart gun technology. My question is, what took so long to develop this? According to research, 37% of accidental deaths could have been prevented with this type of technology.This Day, July 28 &amp; 29 in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗July 29th, 1914. The first test call is made on the newly completed transcontinental telephone line taking place between New York and San Francisco. The last pole was erected and the line completed two days earlier on July 27th, but commercial service did not start until January 25th of the next year.

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 📌Microsoft Makes Access to Cloud Logging Free After Criticisms from Storm-0558 Breach🇦🇺 Edwin Kwan, Sydney, Australia ↗Microsoft is expanding access to cloud logging to all customers for free, with more becoming available in September, 2023. This came after they received strong criticisms as a result of the Storm-055 8 breach on July 11th.&nbsp;Cybersecurity Crisis: Citrix Vulnerability Exposes US Infrastructure🇺🇸 Ian Garrett, Arlington, Virginia ↗Thousands of companies are at risk from a recently discovered Citrix zero-day exploit that has already targeted a critical infrastructure organization in the United States. The vulnerability affects some devices that are widely used for secure application delivery and VPN connectivity.&nbsp;Cyber Implementation Plan🇺🇸 Katy Craig, San Diego, California ↗The White House has crafted a plan to beef up the nation's cyber defenses called the Cybersecurity Implementation Plan, but now comes the tricky part: actually making it happen.&nbsp;This Day, July 26, July 27 in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗July 26th, 1963. Syncom 2, the world's first geosynchronous satellite is launched. Syncom 1 was intended to be the first geosynchronous satellite, but an electronics failure rendered the satellite inoperable during the ascent to orbit.

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 📌Unintentional Data Leak by VirusTotal Exposes 5,600 Account Details🇦🇺 Edwin Kwan, Sydney, Australia ↗VirusTotal has suffered a data leak. The popular online service was launched in 2004 and is used to analyze suspicious files and URLs to detect malicious content or malware. The data leak involved a database with 5,600 registered customer names and email addresses.Death of Twitter Info Sec🇷🇴 Olimpiu Pop, Transylvania, Romania ↗Twitter was the information source for many technologist; security experts included. The Cyentia Institute wanted to know the size of what they called " InfoSec Twitter." Under this umbrella, they followed all information related to CVEs posted on the platform.&nbsp;&nbsp;CT License Plate Scans🇺🇸 Hillary Coover, Washington, DC ↗License plate readers are becoming more common on Connecticut roads, raising privacy concerns. However, the readers, which scan and record license plates, are not really an infringement of privacy since vehicle registration data are publicly available.&nbsp;CITRIX Pwned🇺🇸 Katy Craig, San Diego, California ↗In a cybersecurity cat-and-mouse-game, attackers are taking advantage of a critical Remote Code Execution (RCE) vulnerability in Citrix's NetScaler ADC and NetScaler Gateway Technologies. The scary part? No authentication is needed for the exploit.

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 📌Australian Cyber Crime Reporting Resource🇦🇺 Edwin Kwan, Sydney, Australia ↗The Australian Cybersecurity Centre, ACSC, is urging all Australians to report cyber crimes using their easy online service. The reporting can be done anonymously and reports by individuals will be referred directly to the relevant state or territory law enforcement agency.Casualties of ChatGPT🇺🇸 Hillary Coover, Washington, DC ↗ChatGPT and other cutting-edge AI chatbots are revolutionizing industries with the potential to replace human jobs from customer service representatives to screenwriters. However, behind the scenes, the technology relies on a disturbing form of human labor.&nbsp;Coast to Coast - The Rise of State Data Privacy Laws in 2023🇺🇸 Ian Garrett, Arlington, Virginia ↗2023 has been the year for state privacy laws to take off. While California has long been at the forefront of the privacy conversation, this year, several other states are joining the ranks with their own regulations. Organizations doing business in Virginia, Colorado, Utah, and Connecticut are facing new compliance challenges, and the cost of data breaches is taking on a whole new dimension.Cloud Wars🇺🇸 Katy Craig, San Diego, California ↗Google is side-eyeing Microsoft's Office 365, alleging it's been used to coax Azure adoption. Salesforce, owner of Slack, is alleging Microsoft is using its Office suite to unfairly bundle Teams.&nbsp;This Day, July 25, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗July 25th, 2008. The FCC approves the merger of the two satellite radio companies, Sirius and XM, now known as SiriusXM. The development of the internet and streaming mobile radio has diminished the competitive advantages of satellite radio.&nbsp;

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/505-updates 📌Cloud Build Vulnerable to Supply Chain Attacks🇦🇺 Edwin Kwan, Sydney, Australia ↗Security researchers have discovered a design flaw in Google Cloud Build, which can allow for supply chain attacks.&nbsp;Cloud Shared Responsibility Model: Time for an (R)Evolution?🇺🇸 Chris Hughes, Virginia Beach, Virginia ↗This week, we have an update around the discussion of the Cloud Shared Responsibility Model. The past week and a half, we've seen a compromise with the Microsoft Azure Cloud environment, and we've seen an incident disclosed by Microsoft and CISA that has attributed to a Chinese threat actor named Storm-0558.Microsoft Breach May Expose Deeper Problems🇺🇸 Tracy (Trac) Bannon, Camp Hill, Pennsylvania↗On July 12th, Redmond revealed that Chinese hackers had breached Exchange Online and Azure Active Directory by exploiting a zero-day validation flaw. Government agencies in the US and Western Europe were affected, including the US Department of State and the Commerce Department.&nbsp;This Day, July 24, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗July 23rd, 1903. Ford sells its first Model A car to Ernest Pfennig of Chicago, Illinois. This was Henry Ford's third attempt at creating a company that manufactured cars.

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 📌Thousands of Container Images Leaking Secrets🇦🇺 Edwin Kwan, Sydney, Australia ↗Researchers from a German university recently published a paper revealing that tens of thousands of container images hosted on Docker Hub contained confidential secrets.Google DeepMind🇺🇸 Hillary Coover, Washington, DC ↗Google DeepMind just made a game-changing AI discovery for designing computer chips, and it's got some major national security implications. They've come up with a way to create faster and more specialized chips, which means a big boost in AI capabilities for businesses and government uses.US Office of Management and Budget gathers software attestation letters🇷🇴 Olimpiu Pop, Transylvania, Romania ↗May 12th, 2021. President Biden signed the executive order 14028. The intent was to improve the nation's cybersecurity in the aftermath of the Log4Shell tsunami.&nbsp;This Day, July 21, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗July 21st, 1999. Apple introduces the iBook laptop, the first mainstream computer designed and sold with built-in wireless networking.&nbsp;

🎙️ Free access to “It’s 5:05!” on your favorite podcast platforms: bit.ly/its505-free-access-on-all-podcast-platforms 📌What's Your Social Media OpSec?🇦🇺 Edwin Kwan, Sydney, Australia ↗Sharing on social media is a good way to keep in touch with friends, but sometimes that can get you in trouble. A Russian neighbor officer was recently killed near his home and it was believed that he may have been tracked on the Strava app. The Dark Side of Generative AI🇺🇸 Ian Garrett, Arlington, Virginia ↗You can't throw a stone without another company releasing a capability powered by the rise of large language models, otherwise known as LLMs. Did you ever wonder if there were problems with the underlying APIs or dependencies?Typo Leak Sends Email to Mali🇺🇸 Katy Craig, San Diego, California ↗In a blunder of epic proportions, a spelling mistake sent millions of US military emails to the country domain for Mali, Africa.Microsoft expanding access to AI🇺🇸 Hillary Coover, Washington, DC ↗Microsoft just announced their new Office 365 artificial intelligence subscription service, and people are going nuts. The stock market responded with a bang, pushing Microsoft's shares to an all-time high. This Day, July 20, in Tech History🇺🇸 Marcel Brown, St. Louis, Missouri ↗July 20th, 1969. Eagle, the Apollo 11 Lunar module, successfully lands in the area of the moon known as the Sea of Tranquility. Upon landing, Neil Armstrong utters the now famous phrase, "The Eagle has landed."

Listen to the full episode on your favorite streaming platform: https://bit.ly/available-on-all-platforms📌. Edwin Kwan: Spike in Attacks Using Infected USB DrivesDo using USB drivers as an initial infection vector still work today? Well, what is old is new again. Security researchers at Mandiant have observed a threefold increase in the number of attacks using infected USB drives to steal secrets.Hillary Coover: European Spyware BannedThe Biden administration has taken a significant step to address global concerns over digital privacy and security. It's added two foreign technology companies, Intellexa and Cytrox, to its export prohibition list.Olimpiu Pop: Just - a language-agnostic build automation tool written in RustJust do it! And this is exactly what Just does. It executes commands. Just is a command runner tool that is designed to save and run project specific commands stored in files called "justfile".Trac Bannon: ChatGPT has an evil twin?&nbsp; WormGPTIf you have used the wildly popular ChatGPT, you may have run into different rules and guardrails that can be frustrating. As someone who researches cybersecurity and the impact of AI on the software industry, ChatGPT sometimes classifies my questions as off limits. What if there was a large language model with no guardrails and no restrictions?Katy Craig: Cyber Trust MarkLet's talk cyber stickers. Get ready to see shiny new Shield logo on your routers and IoT devices starting in 2024. The White House and the FCC are rolling out the US Cyber Trust Mark, a voluntary cybersecurity labeling program that screams, "pick me, I'm secure."Marcel Brown: Today in Tech HistoryJuly 19th, 2000. Apple introduces the G4 "Cube" Power Macintosh. At the time of introduction, it was one of the smallest desktop computers ever produced. While not considered a commercial success, it did find a small, dedicated following, and it was a foreshadowing of future Apple designs.&nbsp;Full show notes, resources and transcript available at 505updates.com

Listen to the full episode on your favorite streaming platform: https://bit.ly/available-on-all-platforms📌. Edwin Kwan: Account Takeovers using Evil QRLogging in via QR code is something that more websites are starting to embrace. Security researcher. Kuba Gretzky, from breakdev.org, published an article demonstrating how attackers could take over accounts by convincing users to scan supplied QR codes using phishing techniques.Julie Chatman: SIM swap attacks on the riseImagine waking up one day to find that your smartphone is not working. You can't make calls, send text messages, or access your bank account, and it's not because you forgot to charge your phone overnight or because the internet is down. It is due to a SIM swap attack.&nbsp;Olimpiu Pop: Crypto scams have dropped faster than Twitter’s user baseCrypto scams have dropped faster than Twitter's user base, going from $4.3 billion in the first half of 2022 to a mere $1 billion in 2023. In the scamming business, the bear market came early.&nbsp;Katy Craig: Navy Unveils New Cyber Operations RolesRemember those days when the Navy was the only kid in school without a dedicated cyber role? Those days are history. The Navy unveiled new cyberspace operations roles for officers and enlisted personnel with a little prodding from Congress.&nbsp;Marcel Brown: Today in Tech HistoryJuly 18th, 1968. Robert Noyce, Andy Grove and Gordon Moore incorporate Intel in Santa Clara, California to build microprocessors. Their first processor, the 4004, was released in 1971 for use in calculators.Full show notes, resources and transcript available at 505updates.com

Listen to the full episode on your favorite streaming platform: https://bit.ly/available-on-all-platforms📌. Edwin Kwan: Ghostscript allows remote code accessPopular open source PDF library, Ghostscript, has been discovered to have a critical vulnerability that allows for remote code execution. The vulnerability can be exploited upon opening a malicious file.Katy Craig: Tax services playing fast and loose with client dataTaxes and data privacy- two things we all love to hear about, right? Well, it appears our favorite tax preparation services, TaxAct, H&amp;R Block and Tax Layer have been playing a little fast and loose with our personal data.Mark Miller: FTC Takes on ChatGPTAl Capone was brought down almost a hundred years ago. It was evasion of taxes that got him, completely unrelated to what he was actually being pursued for. Friday's filing of a Civil Investigative Demand by the FTC against OpenAI reminds me a lot of that process. Marcel Brown: Today in Tech HistoryJuly 16th, 1969. Apollo 11 is launched from Cape Kennedy, Florida on the way to becoming the first space mission to land men on the moon. Stay tuned this week for more Apollo 11 technology history.Full show notes, resources and transcript available at 505updates.com

Resources for this episode available at 505updates.com. From Edwin Kwan in Sydney, Australia: Early this week, critical infrastructure service provider Ventia took some of its key systems offline to contain a cyber incident. The company provides management, maintenance and operation services for critical infrastructure to more than 400 sites across defense, electricity, water, and gas industries in Australia and New Zealand.From Olimpiu Pop in Transylvania, Romania: THT - TimișoaraHackerTeam. A somewhat obscure ransom group recently disrupted operations of a US cancer center, potentially putting patient data at risk.&nbsp;From Katy Craig in San Diego, California: &nbsp;A breach of Microsoft-hosted US government email servers by a Chinese hacking group was detected and fixed " fairly rapidly," according to National Security Advisor, Jake Sullivan. The group, known as Storm-0558, was caught forging digital authentication tokens to access federal government email servers hosted on Microsoft's Outlook platform.From Hillary Coover in Washington, DC: The Wall Street Journal reports that as AI tools become more accessible, we'll see a disturbing trend of fake news and what they call "AI junk" flooding the internet. This has some serious implications for spreading misinformation and all of the risks that come with that.From Sourced Network Production in New York City. "It's 5:05". I'm Pokie Huang. Today is Friday, July 14th. Here's the full story behind today's cyber security and open source headlines...

Resources for this episode available at 505updates.com. From Edwin Kwan in Sydney, Australia: The New South Wales cashless gambling trial suffered a cyber attack. The state's gaming minister said that it would soon announce an oversight panel, which among other focuses, will also be looking into the data security and data privacy of trial participants.From Olimpiu Pop in Transylvania, Romania: The other week, I decided that ChatGPT is obsolete. I wanted to try Google Bard. Whoops. It doesn't work. According to the site, it's not available in the EU. Does it have something to do with the new European AI Act?&nbsp;From Kadi Grigg in Alexandria, Virginia: The Android Malware family now has a new member: Fluhorse, a dangerous android malware that is targeting users in Eastern Asia.&nbsp;From Katy Craig in San Diego, California: Brett Callow, a threat analyst at Emsisoft, reports that over 200 organizations have fallen victim to the MOVEit bug exploitation. This led to 33 breach disclosures affecting the personal information of more than seventeen and a half million people. The scale of the breach is staggering.&nbsp;From Sourced Network Production in New York City. "It's 5:05". I'm Pokie Huang. Today is Thursday, July 13th. Here's the full story behind today's cyber security and open source headlines...

Resources for this episode available at 505updates.com. From Edwin Kwan in Sydney, Australia: As small households embrace green energy and install solar panels, they could unknowingly be exposing their home networks. Your home solar system could be connecting to the manufacturer's servers to send data that is displayed on the app.From Olimpiu Pop in Transylvania, Romania: The European AI Act is the first of its kind in the world. Being the first, it creates a precedent and a benchmark for those that will follow, but it also imposes explicit obligations on foundational model providers like OpenAI and Google.&nbsp;From Katy Craig in San Diego, California: In a bizarre case of unauthorized access, a 53-year-old man from California has been charged for meddling with a water treatment facility's critical software.From Hillary Coover in Washington, DC: Today, WIRED released an article discussing Discord's new "Family Center" safety settings designed for teens. Discord launched the Family Center, aiming to strike a balance between safety and teen privacy.From Marcel Brown in St. Louis, Missouri: &nbsp;July 12th, 1990. Nintendo releases the original Final Fantasy video game for it's Nintendo Entertainment System in North America. Final Fantasy helped to popularize the genre and has gone on to spawn one of the most well-known RPG franchises in history.From Sourced Network Production in New York City. "It's 5:05". I'm Pokie Huang. Today is Wednesday, July 12th. Here's the full story behind today's cyber security and open source headlines...

Resources for this episode available at 505updates.com. From Edwin Kwan in Sydney, Australia: Security researchers have discovered two spyware in the Google Play Store that have been installed by up to 1.5 million users. Both apps have similar malicious behaviors, such as launching silently without any user interaction.From Katy Craig in San Diego, California: In a jaw dropping twist, approximately $126 million worth of crypto assets has vanished from Multichain's accounts in what could be a classic case of a rug pull. The incident left experts scratching their heads and investors clutching their virtual wallets.&nbsp;From Hillary Coover in Washington, DC: Massachusetts is considering a groundbreaking law that would ban the sale of location data collected from mobile phones used within the state. The proposed Location Shield Act would also require law enforcement to obtain a warrant before accessing such data.From Ian Garrett in Arlington, Virginia: Even recession-proof industries are feeling the squeeze when it comes to funding. While cybersecurity has traditionally been shielded from downward funding trends, it is now seeing a major shift from investors. With that, you may be wondering how bad is the decline.&nbsp;From Marcel Brown in St. Louis, Missouri: July 11th, 2008. Apple's second iPhone, the iPhone 3G goes on sale. The higher speed 3G data capability certainly helped the iPhone solidify its status as the premier smartphone of the time.&nbsp;From Sourced Network Production in New York City. "It's 5:05". I'm Pokie Huang. Today is Tuesday, July 11th. Here's the full story behind today's cyber security and open source headlines...

Resources for this episode available at 505updates.com. From Edwin Kwan in Sydney, Australia: Mastadon has recently patched for vulnerabilities. One of those vulnerabilities is TootRoot. Attackers can exploit the vulnerability by using media files on Toots to perform attacks like denial of service and arbitrary remote code execution.&nbsp;From Olimpiu Pop in Transylvania, Romania: Natural language is the primary means of attack for LLM powered AI systems. It can be used to attack components throughout the stack.From Katy Craig in San Diego, California: US and Canadian cybersecurity agencies have issued a joint alert warning about the resurgence of Truebot malware. Operated by the Silence cybercrime group, Truebot serves as an initial infection point for delivering secondary payloads on compromised systems.From Marcel Brown in St. Louis, Missouri: July 9th, 1981. The game that launched two of the most famous characters in video game history is released for sale. Donkey Kong was created by Nintendo, a Japanese playing card and toy company turned fledgling video game developer who was trying to create a hit game for the North American market.From Sourced Network Production in New York City. "It's 5:05". I'm Pokie Huang. Today is Monday, July 10th. Here's the full story behind today's cyber security and open source headlines...

Resources for this episode available at 505updates.com. From Edwin Kwan in Sydney, Australia: A proof of concept program has been recently published that exploits an unresolved security vulnerability in Microsoft Teams. The program allows the bypass of Microsoft Teams file sending restraints to deliver malware from an external account.From Olimpiu Pop in Transylvania, Romania: OWASP moves fast. In late May, they initiated the Top 10 Security Risks for LLM applications project. Version 0.5 was released this week and they are aiming to release version 1.0 by the end of the month.&nbsp;From Katy Craig in San Diego, California: In a thought-provoking blog post, Mark Curphy challenges the effectiveness of shifting left in software security. In fact, he says that shifting left is a myth.&nbsp;From Hillary Coover in Washington, DC: In-flight wifi is a convenience, but also potentially a vulnerability to flight safety. According to CSOOnline, commercial airliners are more vulnerable to cyber threats originating from in-flight internet access systems than from avionics.From Marcel Brown in St. Lous, Missouri: July 7th, 1936. Several US patents are issued for the Phillips head screw and screwdriver to inventor Henry F. Phillips. Phillips founded the Phillips Screw Company to license his patents.From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Friday, July 7th. Here's the full story behind today's cyber security and open source headlines...

Resources for this episode available at 505updates.com. From Edwin Kwan in Sydney, Australia: Mitre has recently released their CWE Top 25 Most Dangerous Software Weaknesses list for 2023. This list demonstrates the currently most common and impactful software weaknesses.&nbsp;From Katy Craig in San Diego, California: Driverless cars may be the future, but are they ready for prime time? According to the fire chief in San Francisco, the answer is a resounding no.&nbsp;From Marcel Brown in St. Louis, Missouri: July 6th, 1996. America Online settles 11 class action lawsuits alleging misleading billing practices. Who here remembers that point in time when this pricing change caused AOL to have such a huge spike in new users, that for a time it was almost impossible to connect to AOL due to the busy signals.From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Thursday, July 6th. Here's the full story behind today's cyber security and open source headlines...

Resources for this episode available at 505updates.com. From Edwin Kwan in Sydney, Australia: WordPress plugin, Ultimate Member, is vulnerable to a privileged escalation vulnerability that allows attackers to gain administrator access to the WordPress site.&nbsp;From Trac Bannon in Salem, Massachusetts: Over the past few weeks, a number of US soldiers opened their mail and found a pretty cool gift, a free smartwatch. What could be so bad about that?&nbsp;From Hillary Coover in Washington, DC: In a pilot project conducted by the Transportation Security Administration at 16 airports across the United States, facial recognition technology is being used to enhance air airport security and streamline procedures.&nbsp;From Katy Craig in San Diego, California: The US has been actively curbing China's access to advanced microprocessors and other critical technologies. The semiconductor industry has become a focal point in the intense rivalry between the two largest economies.From Marcel Brown in St. Louis, Missouri: July 4th, 1956. MIT's whirlwind, which had been completed five years earlier, becomes the first computer in the world to allow its users to enter commands through a keyboard. Previously, all input was accomplished through dials, switches, and or punch cards.&nbsp;From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Wednesday, July 5th. Here's the full story behind today's cyber security and open source headlines...

Resources for this episode available at 505updates.com. From Edwin Kwan in Sydney, Australia: A high school in Illinois recently demonstrated how not to do a false password reset. The high school decided to set all the students' passwords to be change me exclamation mark. That's right. They changed all the students' password to the same password.&nbsp;From Hillary Coover in Washington, DC: When searching social media sites for known child exploitation images, law enforcement agencies and organizations use databases of face prints associated with identified victims or offenders. They take those known face prints and they compare them to those pulled from social media platforms.From Katy Craig in San Diego, California: Have you ever encountered an age check, those popups that ask you for your ID or some other form of verification to confirm your age? They're becoming increasingly common online, all in the name of protecting children's safety.&nbsp;From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Tuesday, July 4th. Here's the full story behind today's cyber security and open source headlines...

Resources for this episode available at 505updates.com. From Hillary Coover in Washington, DC: Many of you might be thinking enough with the Chinese balloon story, but did you know it was fitted with American technology?From Edwin Kwan in Sydney, Australia: It's bad enough when apps you use suffers a data breach. It's worse when apps you didn't know you have gets breached.&nbsp;From Katy Craig in San Diego, California: US Cyber Command's team of tech savvy military and civilian experts known as "Under Advisement", is set to double in size over the next year. Under Advisement's role complements the Cybersecurity and Infrastructure Security Agencies Joint Cyber Defense Collaborative.From Mark Miller in New York City: Last week an article in the New York Times evaluated the accuracy of a set of five AI detection tools for evaluating images. In the best case scenario, 20% incorrectly identified whether an image was AI generated or not. In the worst case, all evaluation engines were incorrect.&nbsp;From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Monday, July 3rd. Here's the full story behind today's cyber security and open source headlines...

Resources for this episode available at 505updates.com. From Edwin Kwan in Sydney, Australia: Everyone deserves privacy by default. That's Proton's slogan. This week they announced the global launch of their password manager, Proton Pass.&nbsp;From Katy Craig in San Diego, California: The US Army's Criminal Investigation Division (CID) is sounding the alarm advising soldiers who received unsolicited D18 smartwatches in the mail not to turn them on over concerns that these devices might be carrying some nasty malware.&nbsp;From Hillary Coover in Washington, DC: There's a big debate going on among lawmakers in the United States about government surveillance. They're trying to figure out whether the FBI should be required to get a warrant before searching a database of foreign intelligence that might have information on American citizens.From Marcel Brown in St. Lous, Missouri: July 1st, 1979. The first Sony Walkman, the TPS L2, goes on sale in Japan. By allowing owners to carry their personal music with them, the Walkman and their iconic headphones introduce a revolution in listening habits and popular culture at large.&nbsp;From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Friday, June 30th. Here's the full story behind today's cyber security and open source headlines...

Resources for this episode available at 505updates.com. From Edwin Kwan in Sydney, Australia: The JavaScript NPM registry has a manifest confusion vulnerability which can allow the installation and execution of malicious files without the user's knowledge.&nbsp;From Ian Garrett in Arlington, Virginia: Microsoft Sysmon just got a beefy upgrade. Sysmon is a free Microsoft Sysinternals tool that can monitor and block malicious or suspicious activity and log events to the Windows event log.From Katy Craig in San Diego, California: There's a new process injection technique that could give threat actors a way to bypass security solutions and wreak havoc on compromised systems.&nbsp;From Marcel Brown in St. Lous, Missouri: The iPhone turned out to be the computing device that we all wished we had, yet didn't know what we were missing until we had one. It has literally impacted nearly every aspect of our society, and it is no stretch to say that the iPhone has changed the world.From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Thursday, June 29th. Here's the full story behind today's cyber security and open source headlines...

Resources for this episode available at 505updates.com. From Edwin Kwan in Sydney, Australia: There is a new version of Super Mario 3 making its way on gaming forums and social media groups. It's a Trojanized version.From Katy Craig in San Diego, California: APT37 is taking surveillance to a whole new level. They're using a Go-based backdoor to exploit a real-time data transform platform called Ably.&nbsp;From Hillary Coover in Washington, DC: Three weeks ago, YouTube sent a cease and desist letter to Invidious, an open source alternative front end for YouTube that allows users to watch videos without data tracking.&nbsp;From Marcel Brown in St. Lous, Missouri: June 28th, 1955. The HMTS Monarch, the largest cable lane ship in the world at the time, launches from Clarenville, Newfoundland to begin laying TAT-1, the first transatlantic telephone cable.&nbsp;From Sourced Network Production in New York city. "It's 5:05". I'm Pokie Huang. Today is Wednesday, June 28th. Here's the full story behind today's cyber security and open source headlines...

Resources for this episode available at 5:05updates.com. From Katy Craig in San Diego, California: Get ready for an AI showdown folks. Meta's new open source AI chatbots were just offered up to people and they're using them for sex. From Edwin Kwan in Sydney, Australia: Medibank Private, a health insurance provider, suffered a data breach in October, 2022, and that resulted in the compromise of 9.7 million current and former customers.From Mark Miller in New York City: He professes that he was tricked by ChatGPT, that he had no idea that the output could be generated from non-existent cases. If we are to believe him, and I do actually believe him, that doesn't make him stupid. It makes him lazy. From Marcel Brown in St. Louis, Missouri: June 27th, 1972. The iconic video game company Atari is founded by Nolan Bushnell in Ted Dabney. Their first video game Pong was the first commercially successful video game and led to the start of the video game industry.From Sourced Network Productions in New York City. I’m Mark Miller. Today is Tuesday, June 27. Here’s the full story behind each of our headlines...

It's 5:05 on Monday, June 26th, 2023. From the Sourced Podcast Network in New York city, this is Pokie Huang. Stories in today's episode come from Edwin Kwan in Sydney, Australia, Julie Chatman in Washington, DC, Katy Craig in San Diego, California, Hillary Coover in Washington, DC, and Marcel Brown in St. Louis, Missouri.Let's get to it!Australia's First Cyber Security Coordinator Announced🇦🇺 Edwin Kwan, Sydney, Australia ↗Air Force commander to take on hackers as Australia's first cybersecurity bossNation's first cyber security coordinator appointed, as government reckons with HWL Ebsworth breach - ABC NewsSBOMS are a security staple in the software supply chain🇺🇸 Julie Chatman, Washington, DC ↗SBOMs become a security staple for the software supply chain • The RegisterWhy The US Government Is Mandating Software Bill Of Materials (SBOM)UPS Breach🇺🇸 Katy Craig, San Diego, California ↗UPS discloses data breach after exposed customer info used in SMS phishingFollow the Money&nbsp;🇺🇸 Hillary Coover, Washington, DC ↗The Money Behind Yevgeny Prigozhin and the Wagner Group - The New York TimesThis Day in Tech History&nbsp;🇺🇸 Marcel Brown, St. Louis, Missouri ↗https://thisdayintechhistory.com/06/25https://thisdayintechhistory.com/06/26