Security Serengeti

This week we review the new, proposed American Privacy Rights Act.  Lots of words that sound good, but like most government legislation, there are exceptions big enough to drive a truck through. Article - Committee Chairs Rodgers, Cantwell Unveil Historic Draft Comprehensive Data Privacy LegislationSupport Links:Philip Dru: Administrator If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

This week David and I discuss an article from Venture in Security on how other industries have consolidated, and what lessons we can take from that into Security.  It's more interesting than it sounds, I swear! Article - Three types of consolidation in cybersecurity, and how monopolization and commoditization are shaping the industry of tomorrow If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

This week we discuss eSIM Stealing (not swapping!), the EPA attempting to secure water systems again, and the coming, future Maximum Overdrive like Apocalypse where Big Rigs become the dominant life form. Article 1 - SIM swappers hijacking phone numbers in eSIM attacksSupporting Articles:About eSIM on iPhoneI Stopped Using Passwords. It’s Great—and a Total Mess Article 2 - US task force aims to plug security leaks in water sectorSupporting Articles:Official says 'hack' of Oldsmar city water treatment plant in 2021 didn't happenTop Cyber Actions for Securing Water Systems Article 3 -  Truck-to-truck worm could infect – and disrupt – entire US commercial fleet If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

This week we take a look at a book that's been making the podcast rounds - Your Face Belongs to Us by Kashmir Hill.  We discuss the history of facial recognition, the privacy concerns and what exactly Clearview AI has been doing.  Then we finish up with our thoughts on where this all is going.  Spoiler - It's not a happy ending.  Good book, you should read it! We recorded this episode in a restaurant, and used an AI tool to remove background noise.  This can result in... weird transient sounds.  One of them sounded like a ghost.  This podcast is not haunted, I swear. Link - https://a.co/d/i3OJWbb If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

This week we take a look at the Picus Security Blue Report, and provide some analysis of the statements.  Interesting findings here.  The report was reasonably short, so we also discussed the recent documents leak from the Chinese contractor iSoon, and a surprise article on autonomous drones! Article 1 - THE BLUE REPORT 2023Supporting Articles:SS-RPRT-103: The Red Report 2023 Article 2 - An online dump of Chinese hacking documents offers a rare window into pervasive state surveillanceSupporting Articles:@still@infosec.exchange Article 3 - Former Google CEO Gets Into the AI-Powered Kamikaze Drone Business With ‘White Stork’Supporting Articles:CW - Soldier Killed by Kamikaze DroneHorror Short Film - Slaughterbots If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

This week we take a look at 2024 Security Predictions.  We found a summary article that listed 24 other companies predictions for the coming year, and we took a look and picked out the most interesting ones.  Then we completed the podcast with some of our own predictions! Article - The Top 24 Security Predictions for 2024 If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

This week we discuss the expansion of the EFF's Atlas of Surveillance, the Mother of all Breaches (not to be mistaken with the Mother of all Bombs), and AI Sleeper Agents that are going to eventually surround us all. Article 1 - EFF adds Street Surveillance Hub so Americans can check who's checking on themSupporting Articles:Atlas of SurveillanceRing will no longer allow police to request users' doorbell camera footageLicense plate readers used by repo businesses in the Valley Article 2 - ‘Mother of all breaches’ uncovered after 26 billion records leakedSupporting Articles:Mother of all breaches reveals 26 billion records: what we know so farCheck if your data has been leaked Article 3 - AI Sleeper Agents If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

This week we discuss serving lawsuits using the Blockchain, the SEC's poor Twitter security practices, LLM's as bug hunters, and an update to the 23andMe saga! Article 1 - Here’s Some Bitcoin: Oh, and You’ve Been Served!Supporting Articles:email-on-blockchainCourt Grills Government Over $86M FBI Raid On Security Deposit Boxes Article 2 - After hack, X claims SEC failed to use two-factor authenticationSupporting Articles:Capacity Enhancement Guide Article 3 - How AI hallucinations are making bug hunting harder Article 4 - 23andMe blames “negligent” breach victims, says it’s their own fault If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

This week David and Matthew sit down to discuss Modern SOC, as defined by Netflix, Facebook, Meta (and more!), and described by Anton Chuvakin.   We talk about what constitutes "SOC Classic" and "New SOC", some pros and cons, and finally, a 6 step mid-level plan (over a couple of years) to get there.   Original Article that sparked the conversation - WTH is Modern SOC, Part 1 We HIGHLY recommend reading the article and the many, many, internal links.  There's an enormous amount of information behind that single link. If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

This week we discuss Microsoft shutting down a bot network that created millions of fraudulent accounts, the coming AI Drone Overlords, OAuth Abuse, and 23andMe losing 5.5 million folks genetic information. Article 1 - Microsoft seizes infrastructure of top cybercrime groupSupporting Articles:Disrupting the gateway services to cybercrime Article 2 - A.I.-controlled killer drones become realitySupporting Articles:Kill Decision by Daniel Suarez Article 3 - Threat actors misuse OAuth applications to automate financially driven attacks Article 4 - 23andMe says, er, actually some genetic and health data might have been accessed in recent breach If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

This week we did something a little different.  There's been a list of Security GPT's that's been making the rounds, so we tested a few of them, and checked out the custom GPT creation functionality, and tried to create a custom SerengetiSecGPT to provide information about the podcast! Links:Awesome GPTs (Agents) for CybersecurityIntroducing GPTs   If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

This week we talk about a Ransomware gang reporting a victim to the SEC, the CyberSecurity Skills shortage is not what it seems to be, and the disconnect between Threat Intelligence and Detection Engineering. Late breaking news article about Microsoft Defender for Endpoint adding Deception Article 1 - Ransomware gang files SEC complaint over victim’s undisclosed breach Article 2 - A Simple SOAR Adoption Maturity Model Article 3 - Cybersecurity talent shortage: not the lack of people, but the lack of the right people Article 4 - Frameworks for DE-Friendly CTI (Part 5) If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

We had originally planned on a discussion about Threat Intel AI this week, but after some discussions with a few vendors, I don't think that the current "state of the art" is worth discussing yet.  Still Alpha products. So instead, there were a couple of really big announcements this week, so we discuss those in some depth.  We will get back to Threat Intel next episode!  Article 1 - SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control FailuresSupporting Articles:SEC sues SolarWinds and CISO, says they ignored flaws that led to major hack Article 2 - FACT SHEET: President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial IntelligenceSupporting Articles:Cyber pros praise Biden executive order on artificial intelligenceEliezer Yudkowsky on the Dangers of AIYour phone vs. SupercomputersWhy Biden’s AI Executive Order Only Goes So Far If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

This week we discuss Malware stored on the Blockchain (coming soon to a theater near you!), how to stop Heroes in your SOC (common discussion topic amongst villains!), US Gov requesting governments stop paying ransoms, and a slightly over excited paper on using ciphers to bypass alignment restrictions in LLMs.   I actually personally found the language issues introduced by chatting with LLMs in ciphertext more interesting personally, but... Article 1 - The Fake Browser Update Scam Gets a Makeover Article 2 - How to Banish Heroes from Your SOC?Supporting Articles:Does Your Company Lurch from Crisis to Crisis?Delivering Security at Scale: From Artisanal to Industrial6 ways to keep your top performers from jumping ship Article 3 - The US wants governments to commit to not paying ransoms Article 4 - GPT-4 IS TOO SMART TO BE SAFE: STEALTHY CHAT WITH LLMS VIA CIPHERSupporting Articles:Manna: Two Visions of Humanity's Future If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!

This week we discuss Avogadro Corp - The Singularity is Closer Than You Think.  This book, written in 2011, was very prescient, and predicted a number of things that AI seems capable of, or on the cusp of, doing.  We re-read the book, and go through some security related discussions on how to prevent the corporate takeover that occurs in the book, and then talk about the most and least believable capabilities of ELOPe.  Spoilers abound, but we tried to stay away from them.  If you truly care about spoilers, read the book first! Supporting Articles: Amazon.com - Avogadro Corp: The Singularity is Closer Than It AppearsIntroducing Microsoft 365 CopilotOpenAI Chat GPT Solved Problem with TaskRabbit - Business Insider ArticleHow Many Emails are Sent Per Day - Zippia ArticleNumber of Text Messages in the United States - Statista Article If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

<p><strong>Title 1:</strong> <a href="https://www.theregister.com/2023/09/08/russian_insider_training_prison/">Russian infosec boss gets nine years for $100M insider-trading caper using stolen data</a></p><p><strong>Summary:</strong> Vladislav Klyushin, owner of Russian firm M-13, was sentenced to nine years in the US for stealing corporate financial data and making $93 million through insider trading. He was only arrested because he flew to Switzerland for a Family Holiday. His four co-conspirators are still out there, probably still hacking.</p><p><strong>Supporting Articles:</strong></p><ul><li><a href="https://www.justice.gov/usao-ma/pr/russian-businessman-sentenced-nine-years-prison-93-million-hack-trade-conspiracy">US Justice Department Article</a></li> <li><a href="https://www.sec.gov/files/litigation/complaints/2021/comp-pr2021-265.pdf">SEC Complaint Document</a></li> <li><a href="https://www.zdnet.com/article/sec-admits-data-breach-suggests-insider-trading-was-the-key/">ZDNet Article on SEC Data Breach</a></li></ul> <p><strong>Title 2:</strong> <a href="https://www.darkreading.com/attacks-breaches/fbi-cisa-issue-joint-warning-on-snatch-ransomware-as-a-service">FBI, CISA Issue Joint Warning on 'Snatch' Ransomware-as-a-Service</a></p><p><strong>Summary:</strong> The FBI and CISA issue an advisory on the Snatch ransomware-as-a-service operation, highlighting its targeting of critical infrastructures and unique ability to force Windows systems to reboot in Safe Mode, evading antivirus detection.</p><p><strong>Supporting Articles:</strong></p><ul> <li><a href="https://www.darkreading.com/attacks-breaches/fbi-cisa-issue-joint-warning-on-snatch-ransomware-as-a-service">DarkReading Article</a></li></ul> <p><strong>Title 3:</strong> <a href="https://www.bleepingcomputer.com/news/security/retool-blames-breach-on-google-authenticator-mfa-cloud-sync-feature/">Retool blames breach on Google Authenticator MFA cloud sync feature</a></p><p><strong>Summary:</strong> Retool suffered a security breach after attackers compromised 27 cloud accounts through social engineering, exploiting a new Google Authenticator feature. This breach may be linked to the theft of $15 million from Fortress Trust.</p><p><strong>Supporting Articles:</strong></p><ul> <li><a href="https://arstechnica.com/security/2023/09/how-google-authenticator-gave-attackers-one-companys-keys-to-the-kingdom/">ArsTechnica Article</a></li></ul> <p><strong>Title 4:</strong> <a href="https://www.oneusefulthing.org/p/centaurs-and-cyborgs-on-the-jagged">Centaurs and Cyborgs on the Jagged Frontier</a></p><p><strong>Summary:</strong> Wharton School of Business partnered with BCG to conduct an experiment on the efficiency of consultants using ChatGPT 4. AI-assisted tasks were completed faster and rated higher. The impact varied based on skill level, and the article discusses the implications of AI in the workforce.</p> <p>If you found this interesting or useful, please follow us on Twitter <a href="https://twitter.com/serengetisec">@serengetisec</a> and subscribe and review on your favorite podcast app!</p>

Today we take a look at some tools that provide "Detection Posture Management", which is the fanciest way I found to describe it.  These tools provide content for SIEMS, a Management Platform, data validation, and make SIEM engineering easier.  We take a look at three vendors, do some comparison and contrasting, and discuss the overall capabilities of these tools. Vendor 1 - Cardinal Ops Vendor 2 - SOC Prime Vendor 3 - Anvilogic Supporting Links:Hype Cycle for Security Operations, 2023Can We Have “Detection as Code”?Detection as Code: How To Embed Threat Detection into Code If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Back in the news cycle, we discuss the AI Challenges at Defcon, FraudGPT and similar, Smart Cities and a new wrinkle in Ransomware Behavior.   Article 1 - White House challenges hackers to break top AI models at DEF CON 31Supporting Articles:DEFCON 31 AI VillageFACT SHEET: Biden-⁠Harris Administration Announces New Actions to Promote Responsible AI Innovation that Protects Americans’ Rights and Safety Article 2 - FraudGPT, a new malicious generative AI tool appears in the threat landscapeSupporting Articles:FraudGPT: The Villain Avatar of ChatGPTAn Updated Non-VBV/MSC BINs List for 2023 - Suspicious site, visit with careDarkBERT: New AI Tool Trained on Data From the Dark WebDark AI tools: How profitable are they in the underground ecosystem? Article 3 - Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick? Article 4 - Yet Another Glitch In The Matrix If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Matthew has returned from Hacker Summer Camp, full of stories and information about new technology.  So sit with us for a while, and listen to a recap of Black Hat and Defcon (and a brief mention of B-Sides LV)! Related Links:Veilid - Take Back Control If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we take a look at CISO pay, the Biden-Harris National Cybersecurity Strategy, and a dystopian future vision by Bruce Schneier.  You know we love our dystopian visions! Article 1 - 2023 Global Chief Information Security Officer (CISO) SurveySupporting Articles:How physician pay in the US compares to other countries: 11 findings Article 2 - FACT SHEET: Biden-⁠Harris Administration Publishes the National Cybersecurity Strategy Implementation Plan Article 3 - AI and MicrodirectivesSupporting Articles:You break the law every dayThree Felonies A Day: How the Feds Target the InnocentWith Liberty and Justice for Some: How the Law Is Used to Destroy Equality and Protect the Powerful If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!