This week in the bucket, the Internet Archive continues to have a rough October, Amazon's customers are loving Passkeys, and various tales of online scam woes.

News Stories for Reference:

"Internet Archive Gets Pummeled in Round 2 Breach "

https://www.darkreading.com/cyberattacks-data-breaches/internet-archive-pummeled-round-2-breach

"Amazon says 175 million customers now use passkeys to log in"

https://www.bleepingcomputer.com/news/security/amazon-says-175-million-customers-now-use-passkeys-to-log-in/

"Varonis – Breach prevented within 30-minutes"

https://view.highspot.com/viewer/6418b07d1bf0b78753945178

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, what happens to all the spit data, Lego's website launches a scam product, and scammers take advantage of the hurricane like bottom-feeding scum.

News Stories for Reference:

"23andMe is on the brink. What happens to all its DNA data?"

https://www.npr.org/2024/10/03/g-s1-25795/23andme-data-genetic-dna-privacy

"Largest water utility company in the U.S. targeted in cyberattack"

https://www.nbcnews.com/news/us-news/largest-water-utility-company-us-targeted-cyberattack-rcna174474

"Reports: China hacked Verizon and AT&T, may have accessed US wiretap systems"

https://arstechnica.com/tech-policy/2024/10/reports-china-hacked-verizon-and-att-may-have-accessed-us-wiretap-systems/

"LEGO Shop Hacked To Promote Ethereum Crypto Scam"

https://secalerts.co/news/lego-shop-hacked-to-promote-ethereum-crypto-scam/5pmeCydAUayw8A17f84dLR

"Thousands of Linux systems infected by stealthy malware since 2021"

https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/

"Understanding the CUPS Vulnerability: What’s important to know"

https://censys.com/understanding-the-cups-vulnerability-whats-important-to-know/

"Fraud scams related to hurricanes"

https://law.georgia.gov/key-issues/consumer-protection/consumer-alert-beware-storm-scams-fraud

"Protects Your Identity. Be Alert to Fraud and Scams"

https://www.fema.gov/press-release/20241006/protect-your-identity-be-alert-fraud-and-scams

A Little Something Extra

FLYING THROUGH HURRICANE MILTON in MSFS:

https://www.youtube.com/watch?v=X2mouAeqCoY

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, LinkedIn probably trained their AI on your data without asking (hooray!), Kaspersky AV decides the best thing for everyone is to just delete itself, and OpenAI's new model troubleshoots its own issues.

News Stories for Reference:

"How to stop LinkedIn from training AI on your data"

https://arstechnica.com/tech-policy/2024/09/how-to-stop-linkedin-from-training-ai-on-your-data/

"Dark Reading Confidential: Pen Test Arrests, Five Years Later"

https://www.darkreading.com/vulnerabilities-threats/dark-reading-confidential-pen-test-arrests-five-years-later?is=19abe664615d20ad53fe7fe2b8af273540b98afc9232f728b7e898b0c73a80ad

"Kaspersky deletes itself, installs UltraAV antivirus without warning"

https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/

"OpenAI o1 System Card"

https://assets.ctfassets.net/kftzwdyauwt9/67qJD51Aur3eIc96iOfeOP/71551c3d223cd97e591aa89567306912/o1_system_card.pdf

A Little Something Extra

Ted Lasso Biscuit Recipe:

https://bromabakery.com/ted-lasso-biscuits/

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, BleepingComputer misses the mark on Verkada breach, how a potential Harris administration could be tough on cyber crime, and our best tips for staying safe online.

News Stories for Reference:

"Verkada to pay $2.95 million for alleged CAN-SPAM Act violations"

https://www.bleepingcomputer.com/news/security/verkada-to-pay-295-million-for-alleged-can-spam-act-violations/

"Threat Report: BEC and VEC Attacks Show No Signs of Slowing"

https://abnormalsecurity.com/blog/bec-vec-attacks

FBI IC3 Report 2023

"What a Harris administration could mean for cybersecurity"

https://www.axios.com/2024/09/06/kamala-harris-cyber-policy-agenda-election

"Platform | Profile or Channel"

Hyperlink URL to YouTube Channel, Instagram Feed, etc.

A Little Something Extra

Don't forget to vote! As of this publication, there are 53 days until election day. Check your registration and get all the information you need at https://www.vote.org

Extreme Privacy - 5th Edition

https://inteltechniques.com/book7.html

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, a massive data breach (again), attackers persuade AI to give up your data, and baking tips for starting a Sourdough.

News Stories for Reference:

"National Public Data confirms breach exposing Social Security numbers"

https://www.bleepingcomputer.com/news/security/national-public-data-confirms-breach-exposing-social-security-numbers/

Check to see if you are involved in the breach: https://npd.pentester.com/search

"Microsoft’s AI Copilot can be weaponized as an ‘automated phishing machine,’ but the problem is bigger than one company"

https://fortune.com/2024/08/13/microsoft-ai-copilot-hacking-prompt-injectoin-attack-black-hat/

Cyber Career Resources:

Cyber Seek Career Pathway | Link

SANS Cyber Security Roadmap | Link

SANS Cyber Courses and Certs by Job Role | Link

GIAC NICE Framework | Link

TCM Security | Link

A Little Something Extra

2030: Privacy's Dead. What happens next? | Tom Scott, YouTube

youtube.com/watch?v=_kBlH-DQsEg

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, CrowdStrike's RCA reads more like an advertisement, AMI released a private key in code marked "DO NOT TRUST" back in 2016, and how Cybersecurity Clinics are changing the cybersecurity education landscape. Plus, we demonstrate just how little we know about the Olympics.

News Stories for Reference:

"New CrowdStrike RCA Released"

https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdfc

"PKFail bug puts firmware security at risk"

https://www.scmagazine.com/news/pkfail-bug-puts-firmware-security-at-risk

Our Guest(s) This Week:

Francesca Lockhart, Cybersecurity Clinic Program Lead from the Strauss Center for International Security and Law, at the University of Texas at Austin | @FLockhartUT

A Little Something Extra

Sign up for the Extra Life Charity Challenge taking place on Saturday, September 28th at Kinnick Stadium in Iowa City. Text-to-Register Number: Text GAMEON to 51555

Or click here: bit.ly/ELCC25

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, a hacker gets a job, we dig into the aftermath of the Crowdstrike issue that took down 8.5 Million computers, and we reminisce over sci-fi of the 80s and 90s.

News Stories for Reference:

"North Korean hacker got hired by US security vendor, immediately loaded malware"

https://arstechnica.com/tech-policy/2024/07/us-security-firm-unwittingly-hired-apparent-nation-state-hacker-from-north-korea/

"Cybersecurity Threat Advisory: Fake CrowdStrike updates observed in the wild"

https://blog.barracuda.com/2024/07/26/cybersecurity-threat-advisory-fake-crowdstrike-updates-observed-in-the-wild

"CrowdStrike IT Outage Explained by a Windows Developer"

https://www.youtube.com/watch?v=wAzEJxOo1ts

"CrowdStrike Update: Latest News, Lessons Learned from a Retired Microsoft Engineer"

https://www.youtube.com/watch?v=ZHrayP-Y71Q

"Microsoft says EU to blame for the world's worst IT outage"

https://www.euronews.com/next/2024/07/22/microsoft-says-eu-to-blame-for-the-worlds-worst-it-outage

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

Extra! Extra! Pretty much everybody's computer is broken because of a bad update from a security company.

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Special Spotlight" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/