The Eff It Bucket

This week in the bucket, we go on the defensive.Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, Direct Send causes direct issues, a lively debate among hosts, and a discussion about how recipes should be written.News Stories for Reference:"Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails"https://www.varonis.com/blog/direct-send-exploitConnect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, Clorox cleans house with their tech support, Design and Development roles in the NICE Framework, and more discussion about the movie Event Horizon than you would think would be featured in a Cybersecurity podcast.News Stories for Reference:"Hackers fooled Cognizant help desk, says Clorox in $380M cyberattack lawsuit"https://www.bleepingcomputer.com/news/security/hackers-fooled-cognizant-help-desk-says-clorox-in-380m-cyberattack-lawsuit/A Little Something ExtraDan Chuparkoff on The Heirarchy of Human Expertise:https://www.linkedin.com/posts/chuparkoff_ai-flips-the-work-pyramid-upside-down-heres-activity-7262524625018920960-gB7SMillions of Americans have mental and substance use disorders. Find treatment here:https://findtreatment.gov/ | 1-800-662-4357Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, discussing the Oversight and Governance roles in the NICE Framework.Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, an introduction to the NICE Framework.References:"NICE Framework Resource Center | NIST"https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center"Job Builder | CyberSN"https://cybersn.com/public/build-a-job"CyberSeek"https://www.cyberseek.org/"The NICE Framework | CISA"https://niccs.cisa.gov/tools/nice-frameworkConnect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, the largest plaintext password breach in history just happened (unless it didn't), and we introduce a series we will be beginning over the next few episodes.News Stories for Reference:"16 Billion Apple, Facebook, Google And Other Passwords Leaked"https://www.forbes.com/sites/daveywinder/2025/06/20/16-billion-apple-facebook-google-passwords-leaked---change-yours-now/"The NICE Framework | CISA"https://niccs.cisa.gov/tools/nice-frameworkConnect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, everyone loves fancy cybersecurity tools, but we explore the pitfalls that can occur when they become the entirety of a cybersecurity program.Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, a Cybersec CEO is charged with uploading malware (quite the opposite of what they are meant to do), a dev in Maryland outsources his own job, and a single guy steals 1.1TB of Slack data from the Mouse.News Stories for Reference:"CEO of cybersecurity firm charged with installing malware on hospital systems"https://securityaffairs.com/177020/cyber-crime/ceo-of-cybersecurity-firm-charged-with-installing-malware-on-hospital-systems.html"Maryland man pleads guilty to outsourcing US govt work to North Korean dev in China"https://www.theregister.com/2025/04/30/maryland_man_farming_web_dev/"Hacker 'NullBulge' pleads guilty to stealing Disney's Slack data"https://www.bleepingcomputer.com/news/security/hacker-nullbulge-pleads-guilty-to-stealing-disneys-slack-data/Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, we talk Tariffs; their direct impacts on the cybersecurity industry, how fluctuations in the global economy could leave companies open to cyber attacks, and changing regulations on how technical products will (or won't) be tariffed. Plus, how executive power is being abused to punish those who have spoken out against the Trump administration.News Stories for Reference:"How Trump’s tariffs are shaking up the cybersecurity sector"https://www.csoonline.com/article/3955013/how-trumps-tariffs-are-shaking-up-the-cybersecurity-sector.html"Tariffs May Prompt Increase in Global Cyberattacks"https://www.darkreading.com/cyber-risk/tariffs-increase-global-cyberattacks"CSMS # 64724565 - UPDATED GUIDANCE – Reciprocal Tariff Exclusion for Specified Products; April 5, 2025 Effective Date"https://content.govdelivery.com/accounts/USDHSCBP/bulletins/3db9e55"Cybersecurity industry falls silent as Trump turns ire on SentinelOne"https://www.reuters.com/world/us/cybersecurity-industry-falls-silent-trump-turns-ire-sentinelone-2025-04-10/Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, classified conversations leaked by top government officials - fun and informative!News Stories for Reference:"Annotating the Trump administration's Yemen war plans from their Signal group chat"https://www.cnn.com/interactive/2025/03/politics/yemen-war-plans-signal-chat-annotated-dg/"The Trump Administration Accidentally Texted Our Editor Their War Plans"https://www.youtube.com/watch?v=HFunw-2jKKc"A DHS staffer faces serious punishment for accidentally adding a reporter to a group email"https://www.nbcnews.com/politics/national-security/dhs-staffer-faces-serious-punishment-accidentally-adding-reporter-grou-rcna198233Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, another healthcare breach, the FTC stops the breach case against MGM, and Switzerland does even more stuff better than the US, as if they didn't already have the market cornered on being better than we are.News Stories for Reference:"560,000 People Impacted Across Four Healthcare Data Breaches"https://www.securityweek.com/560000-people-impacted-across-four-healthcare-data-breaches/"Trump administration ends FTC’s ransomware data breach case against MGM Resorts"https://therecord.media/trump-admin-ends-ftc-ransomware-case"Swiss critical sector faces new 24-hour cyberattack reporting rule"https://www.bleepingcomputer.com/news/security/swiss-critical-sector-faces-new-24-hour-cyberattack-reporting-rule/Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, Recruiters, Employees, Managers, and the Market all push the need for Degrees, Certifications, and Experience, but new and budding resources don't have the money and time to come equipped with everything. Which pair of focuses wins, and why? Plus, is there really a resource shortage, or is this just another Crowdsourced "fake news" story?News Stories for Reference:"Pick Again Please: How Another Unqualified Cybersecurity Appointment Undermines U.S. National Security"https://www.linkedin.com/pulse/pick-again-please-how-another-unqualified-appointment-cunningham-pcv0e/"The Cybersecurity Crisis: Companies Can’t Fill Roles, Workers Shut Out"https://www.forbes.com/sites/emilsayegh/2025/02/05/the-cybersecurity-crisis-companies-cant-fill-roles-workers-shut-out/Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, we talk about the TikTok ban. And reinstatement. And possible ban again in 90 days.Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

We're back from all having the plague! This week in the bucket, we talk about our best (and worst) stories from our careers in technology.Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, researchers can get LLM-driven robots to kill us by telling them they are action movie stars, hackers hang out at the Library of Congress for months, and Ivanti poops the bed (again).News Stories for Reference:"Out of 29 Billion Cybersecurity Events, Phishing was the Primary Method of Initial Attack"https://blog.knowbe4.com/out-of-29-billion-cybersecurity-events-phishing-was-the-primary-method-of-initial-attack"It's Surprisingly Easy to Jailbreak LLM-Driven Robots - Researchers induced bots to ignore their safeguards without exception"https://spectrum.ieee.org/jailbreak-llm"Library of Congress Says an Adversary Hacked Some Emails"https://www.securityweek.com/library-of-congress-says-an-adversary-hacked-some-emails/?is=19abe664615d20ad53fe7fe2b8af273540b98afc9232f728b7e898b0c73a80ad"Ivanti Patches 50 Vulnerabilities Across Several Products"https://www.securityweek.com/ivanti-patches-50-vulnerabilities-across-several-products/Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, thoughts about what the next four years could look like from a cyber perspective, general complaints about the election, and some comfort shows that make us happy.News Stories for Reference:"Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure"https://www.cisa.gov/topics/cybersecurity-best-practices/executive-order-strengthening-cybersecurity-federal-networks-and-critical-infrastructure"President Trump Unveils America’s First Cybersecurity Strategy in 15 Years"https://trumpwhitehouse.archives.gov/articles/president-trump-unveils-americas-first-cybersecurity-strategy-15-years/"Project 2025’s Plan for Cybersecurity Agency Threatens Election Security"https://www.brennancenter.org/our-work/research-reports/project-2025s-plan-cybersecurity-agency-threatens-election-security"How Trump could change cybersecurity"https://www.axios.com/2024/09/03/donald-trump-2024-cybersecurity-agenda"4 tech issues to watch in Trump’s second term"https://www.ciodive.com/news/4-tech-policies-donald-trump/732196/"Platform | Profile or Channel"Hyperlink URL to YouTube Channel, Instagram Feed, etc."Colorado Libertarians sue Secretary of State Jena Griswold over leak of voting equipment passwords"https://www.coloradopolitics.com/elections/2024/colorado-libertarians-sue-secretary-of-state-jena-griswold-over-leak-of-voting-equipment-passwords/article_0a27e3f2-98aa-11ef-8cb3-a7da55f4f664.html"Ballot boxes were set on fire in Oregon and Washington. What happens to the votes?"https://www.msnbc.com/opinion/msnbc-opinion/ballot-box-fires-oregon-washington-early-voting-safety-rcna177743"Bomb threats disrupted what was otherwise relatively smooth voting on Election Day"https://www.npr.org/2024/11/06/nx-s1-5181834/election-day-voting-bomb-threatsA Little Something Extra"Why Democracy Is Mathematically Impossible | Veritasium"https://youtu.be/qf7ws2DF-zk?si=sQNRhBWELxyC6cbeConnect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail:

This week in the bucket, the Internet Archive continues to have a rough October, Amazon's customers are loving Passkeys, and various tales of online scam woes.News Stories for Reference:"Internet Archive Gets Pummeled in Round 2 Breach "https://www.darkreading.com/cyberattacks-data-breaches/internet-archive-pummeled-round-2-breach"Amazon says 175 million customers now use passkeys to log in"https://www.bleepingcomputer.com/news/security/amazon-says-175-million-customers-now-use-passkeys-to-log-in/"Varonis – Breach prevented within 30-minutes"https://view.highspot.com/viewer/6418b07d1bf0b78753945178Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, what happens to all the spit data, Lego's website launches a scam product, and scammers take advantage of the hurricane like bottom-feeding scum.News Stories for Reference:"23andMe is on the brink. What happens to all its DNA data?"https://www.npr.org/2024/10/03/g-s1-25795/23andme-data-genetic-dna-privacy"Largest water utility company in the U.S. targeted in cyberattack"https://www.nbcnews.com/news/us-news/largest-water-utility-company-us-targeted-cyberattack-rcna174474"Reports: China hacked Verizon and AT&T, may have accessed US wiretap systems"https://arstechnica.com/tech-policy/2024/10/reports-china-hacked-verizon-and-att-may-have-accessed-us-wiretap-systems/"LEGO Shop Hacked To Promote Ethereum Crypto Scam"https://secalerts.co/news/lego-shop-hacked-to-promote-ethereum-crypto-scam/5pmeCydAUayw8A17f84dLR"Thousands of Linux systems infected by stealthy malware since 2021"https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/"Understanding the CUPS Vulnerability: What’s important to know"https://censys.com/understanding-the-cups-vulnerability-whats-important-to-know/"Fraud scams related to hurricanes"https://law.georgia.gov/key-issues/consumer-protection/consumer-alert-beware-storm-scams-fraud"Protects Your Identity. Be Alert to Fraud and Scams"https://www.fema.gov/press-release/20241006/protect-your-identity-be-alert-fraud-and-scamsA Little Something ExtraFLYING THROUGH HURRICANE MILTON in MSFS:https://www.youtube.com/watch?v=X2mouAeqCoYConnect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, LinkedIn probably trained their AI on your data without asking (hooray!), Kaspersky AV decides the best thing for everyone is to just delete itself, and OpenAI's new model troubleshoots its own issues.News Stories for Reference:"How to stop LinkedIn from training AI on your data"https://arstechnica.com/tech-policy/2024/09/how-to-stop-linkedin-from-training-ai-on-your-data/"Dark Reading Confidential: Pen Test Arrests, Five Years Later"https://www.darkreading.com/vulnerabilities-threats/dark-reading-confidential-pen-test-arrests-five-years-later?is=19abe664615d20ad53fe7fe2b8af273540b98afc9232f728b7e898b0c73a80ad"Kaspersky deletes itself, installs UltraAV antivirus without warning"https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/"OpenAI o1 System Card"https://assets.ctfassets.net/kftzwdyauwt9/67qJD51Aur3eIc96iOfeOP/71551c3d223cd97e591aa89567306912/o1_system_card.pdfA Little Something ExtraTed Lasso Biscuit Recipe:https://bromabakery.com/ted-lasso-biscuits/Connect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/

This week in the bucket, BleepingComputer misses the mark on Verkada breach, how a potential Harris administration could be tough on cyber crime, and our best tips for staying safe online.News Stories for Reference:"Verkada to pay $2.95 million for alleged CAN-SPAM Act violations"https://www.bleepingcomputer.com/news/security/verkada-to-pay-295-million-for-alleged-can-spam-act-violations/"Threat Report: BEC and VEC Attacks Show No Signs of Slowing"https://abnormalsecurity.com/blog/bec-vec-attacksFBI IC3 Report 2023"What a Harris administration could mean for cybersecurity"https://www.axios.com/2024/09/06/kamala-harris-cyber-policy-agenda-election"Platform | Profile or Channel"Hyperlink URL to YouTube Channel, Instagram Feed, etc.A Little Something ExtraDon't forget to vote! As of this publication, there are 53 days until election day. Check your registration and get all the information you need at https://www.vote.orgExtreme Privacy - 5th Editionhttps://inteltechniques.com/book7.htmlConnect With Us:Twitter: @theeffitbucketReddit: r/theeffitbucketE-mail: theeffitbucket@gmail.comMusical Attribution:"Limit 70" Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0 Licensehttp://creativecommons.org/licenses/by/4.0/