Security Serengeti

This week we discuss Salt Typhoon and the terrible idea of backdoors (and I mis-remember the backdoor discussion in 2008 - encryption vs. telcos!) and the Microsoft MFA brute forcing.   Article 1 - Salt Typhoon forces FCC's hand on making telcos secure their networksSupporting Articles: China's Salt Typhoon recorded top American officials' calls, says White HouseUS alleges China hacked calls of 'very senior' political figures, official saysUS lawmakers seek answers on alleged Salt Typhoon breach of telecom giantsWyden legislation would mandate FCC cybersecurity rules for telecomsWiretap Telecom Article 2 - Microsoft MFA AuthQuake Flaw Enabled Unlimited Brute-Force Attempts Without Alerts If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss an academic paper through Venture in Security talking about how companies will rely more and more on legal reasoning and decision making vs. technical reasoning and decision making, and we quickly hit on ATT&CK v16. Article 1 - Venture in Security Response - Blessed are the lawyers, for they shall inherit cybersecuritySupporting Articles:Original Paper - Blessed Are The Lawyers, For They Shall Inherit Cybersecurity Article 2 - V16 Brings (Re)Balance: Restructured Cloud, New Analytics, and More Cybercriminals If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Today we discuss the Detection Engineering Behavior Maturity Model, which is a new Capability Maturity Model for Detection Engineering (surprise!) from Elastic.  It seems a little overly complicated to me (M.) but super useful despite that! Article that we originally saw  Direct link to Elastic Blog Post If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss an attempted kidnapping and ransom of the parents of someone connected to a multi million dollar theft, stolen prompts and responses from Muah.ai's "companions", and how much attention should be paying low severity alerts? Article 1 - Lamborghini Carjackers Lured by $243M Cyberheist Article 2 - AI girlfriend site breached, user fantasies stolen Article 3 - Have you been keeping up with your low confidence detections? If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Does the T-Mobile Consent Decree mean that the government is going to get more involved in breaches?  Additionally, Kia closes a gap in it's dealership API which allowed researchers to geolocate and lock/unlock cars.  Finally, we briefly discuss a new method attackers are monetizing AWS credentials... it's not pretty. Article 1 -  T-Mobile US to cough up $31.5M after that long string of security SNAFUsSupporting Articles:The Cost of Doing BusinessT-Mobile hit with $60M fine over data security violationsT-Mobile to take $400M hit from hacking settlementT-Mobile Consent Decree Article 2 - Hacking Kia: Remotely Controlling Cars With Just a License PlateSupporting Articles:Plate to VINCar Companies Know When You Speed. Then They Sell That Data Article 3 - A Single Cloud Compromise Can Feed an Army of AI Sex Bots If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Spoiler alert - Not in the way the mass media is discussing it, and it's doing a disservice to aspiring security analysts and engineers. Supporting Articles:Packed. Crowded. Bursting. Crammed. Glutted. Jammed. Teeming. Saturated. Chock-full. Jam-packed. Brimming. Overflowing. Fungible Tokens Let’s get real: there is no such thing as “gatekeeping” in cybersecurity The ghost jobs haunting your career search Are We Now Living in a Parasite Culture? Is there really an information security jobs crisis? Defensive Security Podcast Episode 279 Global cybersecurity workforce growth flatlines, stalling at 5.5M pros If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week, David and I review the 2024 Picus Blue Report, in a more timely fashion than the last one.  As always, interesting insights. Link to Report If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week David and I talk about how current phishing tests closely resemble early attempts at fire drills, through the Google Security Blog, and then we discuss a Schneier post about what the recent CS failure says about the resiliency of the internet. Article 1 - On Fire Drills and Phishing Tests Article 2 - The CrowdStrike Outage and Market-Driven Brittleness If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss two articles - One about how the Technology Adoption Cycle applies to companies and how they acquire a new security capability, and a second about how Sysmon isn't a replacement for EDR, mostly due to the time commitment required. Article 1 - Cybersecurity technology adoption cycle and its implications for startups and security teams Article 2 - Sysmon: a viable alternative to EDR?Supporting Articles:Getting Started with ATT&CK: Detection and Analytics If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss the FY23 incidents in the US Government's annual report, and then we discuss Snowflake a bit, and some of the issues around SAAS and Malware Remediation (infostealers steal more than just the work accounts!) Article 1 - White House report dishes deets on all 11 major government breaches from 2023Supporting Article:Microsoft breach led to theft of 60,000 US State Dept emails Article 2 - Snowflake customers not using MFA are not unique – over 165 of them have been compromisedSupporting Articles:UNC5537 Targets Snowflake Customer Instances for Data Theft and ExtortionNo Snow, No Flakes: Pondering Cloud Security Shared Responsibility, Again!Mapping Snowflake’s Access Landscape If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss the shocking new revelation of ORB networks!  Oh wait, it's just a rebrand.  Still, kind of interesting.  Then we talk about the privacy implications of Apple and Android Wifi Positioning Systems, which is a little overblown, but still interesting.  Wow, this week was kind of a disappointment.   Article 1 - Chinese-linked hacking units increasingly use ‘ORBs’ to obfuscate espionage, researchers saySupporting Article:Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns Article 2 - Privacy Implications of Tracking Wireless Access Points If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

We turn back to one of my (Matthew's) favorite analysts, Anton Chuvakin and his recent article on what a Minimum Viable SOC Transformation looks like.  Then we take a few minutes at the end to discuss making self-driving cars ignore stop signs. Cheeky and fun shenanigans! Article 1 - Baby ASO: A Minimal Viable Transformation for Your SOC Article 2 - GhostStripe attack haunts self-driving cars by making them ignore road signs If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week, David and I discuss how GM is fraudulently collecting driving data and selling it to insurers, and Anton Chuvakin has another article on Detection Engineering - How to test your detections! Article 1 - Long Article on GM Spying on Its Cars’ DriversSupporting Articles:How GM Tricked Millions of Drivers Into Being Spied On (Including Me) [Non-Paywalled]GM Shuts Down Tool That Collects Data on Driving Style Article 2 - Testing in Detection Engineering (Part 8) If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we review the new, proposed American Privacy Rights Act.  Lots of words that sound good, but like most government legislation, there are exceptions big enough to drive a truck through. Article - Committee Chairs Rodgers, Cantwell Unveil Historic Draft Comprehensive Data Privacy LegislationSupport Links:Philip Dru: Administrator If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week David and I discuss an article from Venture in Security on how other industries have consolidated, and what lessons we can take from that into Security.  It's more interesting than it sounds, I swear! Article - Three types of consolidation in cybersecurity, and how monopolization and commoditization are shaping the industry of tomorrow If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss eSIM Stealing (not swapping!), the EPA attempting to secure water systems again, and the coming, future Maximum Overdrive like Apocalypse where Big Rigs become the dominant life form. Article 1 - SIM swappers hijacking phone numbers in eSIM attacksSupporting Articles:About eSIM on iPhoneI Stopped Using Passwords. It’s Great—and a Total Mess Article 2 - US task force aims to plug security leaks in water sectorSupporting Articles:Official says 'hack' of Oldsmar city water treatment plant in 2021 didn't happenTop Cyber Actions for Securing Water Systems Article 3 -  Truck-to-truck worm could infect – and disrupt – entire US commercial fleet If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we take a look at a book that's been making the podcast rounds - Your Face Belongs to Us by Kashmir Hill.  We discuss the history of facial recognition, the privacy concerns and what exactly Clearview AI has been doing.  Then we finish up with our thoughts on where this all is going.  Spoiler - It's not a happy ending.  Good book, you should read it! We recorded this episode in a restaurant, and used an AI tool to remove background noise.  This can result in... weird transient sounds.  One of them sounded like a ghost.  This podcast is not haunted, I swear. Link - https://a.co/d/i3OJWbb If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we take a look at the Picus Security Blue Report, and provide some analysis of the statements.  Interesting findings here.  The report was reasonably short, so we also discussed the recent documents leak from the Chinese contractor iSoon, and a surprise article on autonomous drones! Article 1 - THE BLUE REPORT 2023Supporting Articles:SS-RPRT-103: The Red Report 2023 Article 2 - An online dump of Chinese hacking documents offers a rare window into pervasive state surveillanceSupporting Articles:@still@infosec.exchange Article 3 - Former Google CEO Gets Into the AI-Powered Kamikaze Drone Business With ‘White Stork’Supporting Articles:CW - Soldier Killed by Kamikaze DroneHorror Short Film - Slaughterbots If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we take a look at 2024 Security Predictions.  We found a summary article that listed 24 other companies predictions for the coming year, and we took a look and picked out the most interesting ones.  Then we completed the podcast with some of our own predictions! Article - The Top 24 Security Predictions for 2024 If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss the expansion of the EFF's Atlas of Surveillance, the Mother of all Breaches (not to be mistaken with the Mother of all Bombs), and AI Sleeper Agents that are going to eventually surround us all. Article 1 - EFF adds Street Surveillance Hub so Americans can check who's checking on themSupporting Articles:Atlas of SurveillanceRing will no longer allow police to request users' doorbell camera footageLicense plate readers used by repo businesses in the Valley Article 2 - ‘Mother of all breaches’ uncovered after 26 billion records leakedSupporting Articles:Mother of all breaches reveals 26 billion records: what we know so farCheck if your data has been leaked Article 3 - AI Sleeper Agents If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!