We've just launched the public edition of the CISO Lens 2024 Benchmark, drawing on data from 96 member organisations in Australia and New Zealand. www.cisolens.com/benchmark

https://therecord.media/cyberattack-causes-credit-card-readers-in-israel-to-malfunction I feel like this entire conflict is under analyzed by the academic community. It would be cool if jags and costin did a huge rundown on the next podcast .

A registered Russian agent paid an X user $100 to post the bogus video about Haitians voting repeatedly in Georgia, CNN reports. I wonder if bigger names charge more. https://www.cnn.com/2024/11/04/politics/fake-georgia-voting-video-russian-disinformation

Now live: the discussion I had with Chris Hughes and @caseyjohnellis on systemic issues in #cybersecurity:

https://www.resilientcyber.io/p/resilient-cyber-w-wendy-nather-and

In which I pulled a “Legally Blonde” on Casey; see if you can catch it 😉

👏👏👏

Doubling Down on Trusted Partnerships: Our Commitment to Researchers | @ONCD | The @White House https://www.whitehouse.gov/oncd/briefing-room/2024/10/22/doubling-down-on-trusted-partnerships-our-commitment-to-researchers/

TLP:🌈

OpenAI’s October “Influence and cyber operations: an update” just dropped 👀

https://cdn.openai.com/threat-intelligence-reports/influence-and-cyber-operations-an-update_October-2024.pdf

#protect2024 #pdf #offensiveai

Case in point: there's no way to build a backdoor that only the "good guys" can use.

When the entire technical community says that the EU's ChatControl legislation + similar pose serious cybersecurity threats, we're not exaggerating for effect.

https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b?st=byoB7m

Justice Department Disrupts Russian Intelligence Spear-Phishing Efforts https://www.justice.gov/opa/pr/justice-department-disrupts-russian-intelligence-spear-phishing-efforts #starblizzard #protect2024

HPE patches three critical flaws in Aruba software • The Register https://www.theregister.com/2024/09/26/hpe_aruba_patch_papi/

How to build a secure recon network using Tailscale | @Bugcrowd https://m.cje.io/4e8xRR8

Unveiling TE.0 HTTP Request Smuggling: Discovering a Critical Vulnerability in Thousands of Google Cloud Websites by @sw33tlie @bsysop @_medusa_1_ | @Bugcrowd https://m.cje.io/4d9TWxA

STOP. SHOOTING. THE. MESSENGER.

106 cybersecurity pros are urging Columbus, Ohio City Attorney Zach Klein to drop the lawsuit against Connor Goodwolf. Our argument is that prosecuting good faith security research diverts attention from the real threat—the ransomware group—and harms public safety efforts by reinforcing a chilling effect. The letter calls for transparency and refocusing on protecting citizens. #Cybersecurity #GoodFaithResearch #PublicSafety

Full letter: https://disclose.io/open_letter_columbus_attorney_zach_klein

HEY FUN FACT: this was used as part of an Alexa/google home type thing! this is the "cloud" half, as in the part sitting in a warehouse somewhere.
It turns out every time the customer asked for something from the smart assistant, the WAV file was sent to the cloud box

where it is still stored. and I now have eleven thousand wave files

Yo, we did a @Deciphersec hacker movie pod episode on HEAT! W/ @caseyjohnellis and @MegGardiner, no less!

The Kelso character in HEAT is a fascinating hacker prototype, who happens to have a background at DARPA.

Full Deciphering HEAT podcast episode here, with
@MegGardiner1
and
@caseyjohnellis
: https://youtu.be/b2cfEXeWSn0

“The ecosystem for assessing and auditing AI models is still in its formative stages, but is growing rapidly,” said Casey Ellis, founder and chief strategy officer at Bugcrowd. “We're seeing a mix of traditional cybersecurity firms expanding their services to include AI security, as well as new startups specifically focused on AI risk management.”

https://duo.com/decipher/the-emerging-ecosystem-dedicated-to-ai-accountability

“An attacker would be able to take control of the ICS/SCADA endpoint, effectively gaining physical access" #icssecurity #otsecurity #scada https://m.cje.io/3RqMBBG

NVIDIA and Arm Urge Customers to Patch Bugs https://www.infosecurity-magazine.com/news/nvidia-arm-urge-customers-patch/

Builders and Breakers: Partnering for Secure Elections #rsac2024 #protect2024 #electionsecurity #ittakesacrowd https://m.cje.io/4bWyEUj

Our panel from #rsac2024 is live... Enjoy!

"Bugs on a Plane: Implementing a Bug Bounty in an Airline IT/OT Environment"

https://buff.ly/3xdqfwF

The material impact [of #operationendgame] to attackers is that they’ve just had it laid out to them, very clearly, that there’s a capable, resourced, and persistent threat in play on the defender side.

https://www.cpomagazine.com/cyber-security/international-law-enforcement-operation-cracks-down-on-some-of-the-biggest-dropper-malware-and-botnets/

#dropper #malware #disruptops #takedown