Security Serengeti

This week David and I discuss an article from Venture in Security on how other industries have consolidated, and what lessons we can take from that into Security.  It's more interesting than it sounds, I swear! Article - Three types of consolidation in cybersecurity, and how monopolization and commoditization are shaping the industry of tomorrow If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss eSIM Stealing (not swapping!), the EPA attempting to secure water systems again, and the coming, future Maximum Overdrive like Apocalypse where Big Rigs become the dominant life form. Article 1 - SIM swappers hijacking phone numbers in eSIM attacksSupporting Articles:About eSIM on iPhoneI Stopped Using Passwords. It’s Great—and a Total Mess Article 2 - US task force aims to plug security leaks in water sectorSupporting Articles:Official says 'hack' of Oldsmar city water treatment plant in 2021 didn't happenTop Cyber Actions for Securing Water Systems Article 3 -  Truck-to-truck worm could infect – and disrupt – entire US commercial fleet If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we take a look at a book that's been making the podcast rounds - Your Face Belongs to Us by Kashmir Hill.  We discuss the history of facial recognition, the privacy concerns and what exactly Clearview AI has been doing.  Then we finish up with our thoughts on where this all is going.  Spoiler - It's not a happy ending.  Good book, you should read it! We recorded this episode in a restaurant, and used an AI tool to remove background noise.  This can result in... weird transient sounds.  One of them sounded like a ghost.  This podcast is not haunted, I swear. Link - https://a.co/d/i3OJWbb If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we take a look at the Picus Security Blue Report, and provide some analysis of the statements.  Interesting findings here.  The report was reasonably short, so we also discussed the recent documents leak from the Chinese contractor iSoon, and a surprise article on autonomous drones! Article 1 - THE BLUE REPORT 2023Supporting Articles:SS-RPRT-103: The Red Report 2023 Article 2 - An online dump of Chinese hacking documents offers a rare window into pervasive state surveillanceSupporting Articles:@still@infosec.exchange Article 3 - Former Google CEO Gets Into the AI-Powered Kamikaze Drone Business With ‘White Stork’Supporting Articles:CW - Soldier Killed by Kamikaze DroneHorror Short Film - Slaughterbots If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we take a look at 2024 Security Predictions.  We found a summary article that listed 24 other companies predictions for the coming year, and we took a look and picked out the most interesting ones.  Then we completed the podcast with some of our own predictions! Article - The Top 24 Security Predictions for 2024 If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss the expansion of the EFF's Atlas of Surveillance, the Mother of all Breaches (not to be mistaken with the Mother of all Bombs), and AI Sleeper Agents that are going to eventually surround us all. Article 1 - EFF adds Street Surveillance Hub so Americans can check who's checking on themSupporting Articles:Atlas of SurveillanceRing will no longer allow police to request users' doorbell camera footageLicense plate readers used by repo businesses in the Valley Article 2 - ‘Mother of all breaches’ uncovered after 26 billion records leakedSupporting Articles:Mother of all breaches reveals 26 billion records: what we know so farCheck if your data has been leaked Article 3 - AI Sleeper Agents If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss serving lawsuits using the Blockchain, the SEC's poor Twitter security practices, LLM's as bug hunters, and an update to the 23andMe saga! Article 1 - Here’s Some Bitcoin: Oh, and You’ve Been Served!Supporting Articles:email-on-blockchainCourt Grills Government Over $86M FBI Raid On Security Deposit Boxes Article 2 - After hack, X claims SEC failed to use two-factor authenticationSupporting Articles:Capacity Enhancement Guide Article 3 - How AI hallucinations are making bug hunting harder Article 4 - 23andMe blames “negligent” breach victims, says it’s their own fault If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week David and Matthew sit down to discuss Modern SOC, as defined by Netflix, Facebook, Meta (and more!), and described by Anton Chuvakin.   We talk about what constitutes "SOC Classic" and "New SOC", some pros and cons, and finally, a 6 step mid-level plan (over a couple of years) to get there.   Original Article that sparked the conversation - WTH is Modern SOC, Part 1 We HIGHLY recommend reading the article and the many, many, internal links.  There's an enormous amount of information behind that single link. If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss Microsoft shutting down a bot network that created millions of fraudulent accounts, the coming AI Drone Overlords, OAuth Abuse, and 23andMe losing 5.5 million folks genetic information. Article 1 - Microsoft seizes infrastructure of top cybercrime groupSupporting Articles:Disrupting the gateway services to cybercrime Article 2 - A.I.-controlled killer drones become realitySupporting Articles:Kill Decision by Daniel Suarez Article 3 - Threat actors misuse OAuth applications to automate financially driven attacks Article 4 - 23andMe says, er, actually some genetic and health data might have been accessed in recent breach If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we did something a little different.  There's been a list of Security GPT's that's been making the rounds, so we tested a few of them, and checked out the custom GPT creation functionality, and tried to create a custom SerengetiSecGPT to provide information about the podcast! Links:Awesome GPTs (Agents) for CybersecurityIntroducing GPTs   If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we talk about a Ransomware gang reporting a victim to the SEC, the CyberSecurity Skills shortage is not what it seems to be, and the disconnect between Threat Intelligence and Detection Engineering. Late breaking news article about Microsoft Defender for Endpoint adding Deception Article 1 - Ransomware gang files SEC complaint over victim’s undisclosed breach Article 2 - A Simple SOAR Adoption Maturity Model Article 3 - Cybersecurity talent shortage: not the lack of people, but the lack of the right people Article 4 - Frameworks for DE-Friendly CTI (Part 5) If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

We had originally planned on a discussion about Threat Intel AI this week, but after some discussions with a few vendors, I don't think that the current "state of the art" is worth discussing yet.  Still Alpha products. So instead, there were a couple of really big announcements this week, so we discuss those in some depth.  We will get back to Threat Intel next episode!  Article 1 - SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control FailuresSupporting Articles:SEC sues SolarWinds and CISO, says they ignored flaws that led to major hack Article 2 - FACT SHEET: President Biden Issues Executive Order on Safe, Secure, and Trustworthy Artificial IntelligenceSupporting Articles:Cyber pros praise Biden executive order on artificial intelligenceEliezer Yudkowsky on the Dangers of AIYour phone vs. SupercomputersWhy Biden’s AI Executive Order Only Goes So Far If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss Malware stored on the Blockchain (coming soon to a theater near you!), how to stop Heroes in your SOC (common discussion topic amongst villains!), US Gov requesting governments stop paying ransoms, and a slightly over excited paper on using ciphers to bypass alignment restrictions in LLMs.   I actually personally found the language issues introduced by chatting with LLMs in ciphertext more interesting personally, but... Article 1 - The Fake Browser Update Scam Gets a Makeover Article 2 - How to Banish Heroes from Your SOC?Supporting Articles:Does Your Company Lurch from Crisis to Crisis?Delivering Security at Scale: From Artisanal to Industrial6 ways to keep your top performers from jumping ship Article 3 - The US wants governments to commit to not paying ransoms Article 4 - GPT-4 IS TOO SMART TO BE SAFE: STEALTHY CHAT WITH LLMS VIA CIPHERSupporting Articles:Manna: Two Visions of Humanity's Future If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss Avogadro Corp - The Singularity is Closer Than You Think.  This book, written in 2011, was very prescient, and predicted a number of things that AI seems capable of, or on the cusp of, doing.  We re-read the book, and go through some security related discussions on how to prevent the corporate takeover that occurs in the book, and then talk about the most and least believable capabilities of ELOPe.  Spoilers abound, but we tried to stay away from them.  If you truly care about spoilers, read the book first! Supporting Articles: Amazon.com - Avogadro Corp: The Singularity is Closer Than It AppearsIntroducing Microsoft 365 CopilotOpenAI Chat GPT Solved Problem with TaskRabbit - Business Insider ArticleHow Many Emails are Sent Per Day - Zippia ArticleNumber of Text Messages in the United States - Statista Article If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Today we take a look at some tools that provide "Detection Posture Management", which is the fanciest way I found to describe it.  These tools provide content for SIEMS, a Management Platform, data validation, and make SIEM engineering easier.  We take a look at three vendors, do some comparison and contrasting, and discuss the overall capabilities of these tools. Vendor 1 - Cardinal Ops Vendor 2 - SOC Prime Vendor 3 - Anvilogic Supporting Links:Hype Cycle for Security Operations, 2023Can We Have “Detection as Code”?Detection as Code: How To Embed Threat Detection into Code If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Back in the news cycle, we discuss the AI Challenges at Defcon, FraudGPT and similar, Smart Cities and a new wrinkle in Ransomware Behavior.   Article 1 - White House challenges hackers to break top AI models at DEF CON 31Supporting Articles:DEFCON 31 AI VillageFACT SHEET: Biden-⁠Harris Administration Announces New Actions to Promote Responsible AI Innovation that Protects Americans’ Rights and Safety Article 2 - FraudGPT, a new malicious generative AI tool appears in the threat landscapeSupporting Articles:FraudGPT: The Villain Avatar of ChatGPTAn Updated Non-VBV/MSC BINs List for 2023 - Suspicious site, visit with careDarkBERT: New AI Tool Trained on Data From the Dark WebDark AI tools: How profitable are they in the underground ecosystem? Article 3 - Smart Cities: Utopian Dream, Security Nightmare, or Political Gimmick? Article 4 - Yet Another Glitch In The Matrix If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Matthew has returned from Hacker Summer Camp, full of stories and information about new technology.  So sit with us for a while, and listen to a recap of Black Hat and Defcon (and a brief mention of B-Sides LV)! Related Links:Veilid - Take Back Control If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we take a look at CISO pay, the Biden-Harris National Cybersecurity Strategy, and a dystopian future vision by Bruce Schneier.  You know we love our dystopian visions! Article 1 - 2023 Global Chief Information Security Officer (CISO) SurveySupporting Articles:How physician pay in the US compares to other countries: 11 findings Article 2 - FACT SHEET: Biden-⁠Harris Administration Publishes the National Cybersecurity Strategy Implementation Plan Article 3 - AI and MicrodirectivesSupporting Articles:You break the law every dayThree Felonies A Day: How the Feds Target the InnocentWith Liberty and Justice for Some: How the Law Is Used to Destroy Equality and Protect the Powerful If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss the TSA and their endless privacy invasions (this time... facial recognition!), an Anton Chuvakin post on the end of Log Centralization, and finally, France decides it's time that your phone started snitching on you, with a bill to allow the police to turn on microphones and cameras remotely to monitor folks under suspicious. Article 1 - TSA wants to expand facial recognition to hundreds of airports within next decadeSupporting Articles:Biometric and Digital Identity Solutions For TSA PreCheck® MembersEPIC Supports Senators’ Call for TSA to Halt the Use of Facial Recognition Article 2 - Log Centralization: The End Is Nigh? Article 3 - France Passes New Bill Allowing Police to Remotely Activate Cameras on Citizens' PhonesSupporting Articles:Why Apple’s threat to kill iMessage and FaceTime isn’t a bluff If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Back from summer break baby!  WARNING - There is a spicy joke to open up the episode.  I went back and forth on bleeping it.  We don't want to turn into Paul's Security Weekly.  Let me know if you would prefer that to be bleeped out. This week we discuss the debacle with Microsoft and their keys, Google blocking staff internet access, and QR Code Phishing!  Because we just don't have enough ways to defraud folks. Article 1 - Stolen Microsoft key may have opened up a lot more than US govt email inboxesSupporting Articles:Under CISA pressure/collab, Microsoft makes cloud security logs available for free Article 2 - Google blocks staff's internet access to reduce attacks - but will it work?Supporting Articles:BeyondCorp A new approach to enterprise security. Article 3 - Phishing with QR Codes: How Darktrace Detected and Blocked the Bait If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss JP Morgan's document retention snafu, the US Intelligence Community's reliance on Data Brokers to purchase data they're legally prevented from collecting, and the final results of the EncroChat bust from 2020. Article 1 - JP Morgan accidentally deletes evidence in multi-million record retention screwup Article 2 - U.S. Intelligence Has Amassed 'Sensitive and Intimate' Data on 'Nearly Everyone'Supporting Articles:The FBI Has Been Buying Bulk Internet Data from This Florida CompanyODNI SENIOR ADVISORY GROUP PANEL DECLASSIFIED REPORT ON COMMERCIALLY AVAILABLE INFORMATIONCrisis and Leviathan Critical Episodes in the Growth of American Government (25th Anniversary Edition)Parallel construction Article 3 - EncroChat dismantling led to 6,558 arrests and the seizure of $979M in criminal fundsSupporting Article:Busted ‘secure’ EncroChat messaging service leads to over 6,500 arrests by police If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss the SEC targeting Solarwinds Executives, the recent Teams vulnerability allowing malware to be sent to your users, and Japan's Digital ID card woes. Article 1 - SolarWinds Execs Targeted by SEC, CEO Vows to FightSupporting Articles:SolarWinds executives receive Wells notice from US SECU.S. SEC considering action against SolarWinds over cyber disclosuresSS-NEWS-086: Solarwinds facing Lawsuit and Gov Action Article 2 - Microsoft Teams bug allows malware delivery from external accountsSupporting Article:Can Microsoft Teams chat be monitored? Article 3 - Japan's digital ID card gets emergency review amid data leaksSupporting Articles:Fujitsu admits it fluffed the fix for Japan’s flaky ID card schemeReal ID Act If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss the Mt. Gox hack, 9 years on, due to the recent charging, we discuss how sextortion is changing with the addition of AI, and then Public Wifi... is it finally safe to use?  Spoiler alert, depends on where you are and what you're doing.   Article 1 - Two Russian Nationals Charged for Masterminding Mt. Gox Crypto Exchange HackSupporting Articles:WizSec - The missing MtGox bitcoins17 biggest crypto heists of all timeMt Gox Hack Explained Article 2 - Warning: Victims' faces placed on explicit images in sextortion scamSupporting Articles:It’s way too easy to trick Lensa AI into making NSFW images Article 3 - Public and free WiFi: Can I safely use it?Supporting Articles:Research Shows 25% of Travelers Hacked Via Public Wi-Fi While AbroadBiggest Wi-Fi Hacks of Recent Times - Lessons Learnt? If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!