Episodes

  • Safe Holiday Shopping Spectacular
    Oct 24 2024

    This week in the bucket, the Internet Archive continues to have a rough October, Amazon's customers are loving Passkeys, and various tales of online scam woes.

    News Stories for Reference:

    "Internet Archive Gets Pummeled in Round 2 Breach "

    https://www.darkreading.com/cyberattacks-data-breaches/internet-archive-pummeled-round-2-breach

    "Amazon says 175 million customers now use passkeys to log in"

    https://www.bleepingcomputer.com/news/security/amazon-says-175-million-customers-now-use-passkeys-to-log-in/

    "Varonis – Breach prevented within 30-minutes"

    https://view.highspot.com/viewer/6418b07d1bf0b78753945178

    Connect With Us:

    Twitter: @theeffitbucket

    Reddit: r/theeffitbucket

    E-mail: theeffitbucket@gmail.com

    Musical Attribution:

    "Limit 70" Kevin MacLeod (incompetech.com)

    Licensed under Creative Commons: By Attribution 4.0 License

    http://creativecommons.org/licenses/by/4.0/

    Show more Show less
    1 hr and 11 mins
  • Oops, All News Stories!
    Oct 10 2024

    This week in the bucket, what happens to all the spit data, Lego's website launches a scam product, and scammers take advantage of the hurricane like bottom-feeding scum.

    News Stories for Reference:

    "23andMe is on the brink. What happens to all its DNA data?"

    https://www.npr.org/2024/10/03/g-s1-25795/23andme-data-genetic-dna-privacy

    "Largest water utility company in the U.S. targeted in cyberattack"

    https://www.nbcnews.com/news/us-news/largest-water-utility-company-us-targeted-cyberattack-rcna174474

    "Reports: China hacked Verizon and AT&T, may have accessed US wiretap systems"

    https://arstechnica.com/tech-policy/2024/10/reports-china-hacked-verizon-and-att-may-have-accessed-us-wiretap-systems/

    "LEGO Shop Hacked To Promote Ethereum Crypto Scam"

    https://secalerts.co/news/lego-shop-hacked-to-promote-ethereum-crypto-scam/5pmeCydAUayw8A17f84dLR

    "Thousands of Linux systems infected by stealthy malware since 2021"

    https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/

    "Understanding the CUPS Vulnerability: What’s important to know"

    https://censys.com/understanding-the-cups-vulnerability-whats-important-to-know/

    "Fraud scams related to hurricanes"

    https://law.georgia.gov/key-issues/consumer-protection/consumer-alert-beware-storm-scams-fraud

    "Protects Your Identity. Be Alert to Fraud and Scams"

    https://www.fema.gov/press-release/20241006/protect-your-identity-be-alert-fraud-and-scams

    A Little Something Extra

    FLYING THROUGH HURRICANE MILTON in MSFS:

    https://www.youtube.com/watch?v=X2mouAeqCoY

    Connect With Us:

    Twitter: @theeffitbucket

    Reddit: r/theeffitbucket

    E-mail: theeffitbucket@gmail.com

    Musical Attribution:

    "Limit 70" Kevin MacLeod (incompetech.com)

    Licensed under Creative Commons: By Attribution 4.0 License

    http://creativecommons.org/licenses/by/4.0/

    Show more Show less
    1 hr and 10 mins
  • The Philosophy of AI
    Sep 26 2024

    This week in the bucket, LinkedIn probably trained their AI on your data without asking (hooray!), Kaspersky AV decides the best thing for everyone is to just delete itself, and OpenAI's new model troubleshoots its own issues.

    News Stories for Reference:

    "How to stop LinkedIn from training AI on your data"

    https://arstechnica.com/tech-policy/2024/09/how-to-stop-linkedin-from-training-ai-on-your-data/

    "Dark Reading Confidential: Pen Test Arrests, Five Years Later"

    https://www.darkreading.com/vulnerabilities-threats/dark-reading-confidential-pen-test-arrests-five-years-later?is=19abe664615d20ad53fe7fe2b8af273540b98afc9232f728b7e898b0c73a80ad

    "Kaspersky deletes itself, installs UltraAV antivirus without warning"

    https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/

    "OpenAI o1 System Card"

    https://assets.ctfassets.net/kftzwdyauwt9/67qJD51Aur3eIc96iOfeOP/71551c3d223cd97e591aa89567306912/o1_system_card.pdf

    A Little Something Extra

    Ted Lasso Biscuit Recipe:

    https://bromabakery.com/ted-lasso-biscuits/

    Connect With Us:

    Twitter: @theeffitbucket

    Reddit: r/theeffitbucket

    E-mail: theeffitbucket@gmail.com

    Musical Attribution:

    "Limit 70" Kevin MacLeod (incompetech.com)

    Licensed under Creative Commons: By Attribution 4.0 License

    http://creativecommons.org/licenses/by/4.0/

    Show more Show less
    1 hr and 10 mins
  • Cyber Hygeine: The Easy, The Advanced, and the Crazy
    Sep 12 2024

    This week in the bucket, BleepingComputer misses the mark on Verkada breach, how a potential Harris administration could be tough on cyber crime, and our best tips for staying safe online.

    News Stories for Reference:

    "Verkada to pay $2.95 million for alleged CAN-SPAM Act violations"

    https://www.bleepingcomputer.com/news/security/verkada-to-pay-295-million-for-alleged-can-spam-act-violations/

    "Threat Report: BEC and VEC Attacks Show No Signs of Slowing"

    https://abnormalsecurity.com/blog/bec-vec-attacks

    FBI IC3 Report 2023

    "What a Harris administration could mean for cybersecurity"

    https://www.axios.com/2024/09/06/kamala-harris-cyber-policy-agenda-election

    "Platform | Profile or Channel"

    Hyperlink URL to YouTube Channel, Instagram Feed, etc.

    A Little Something Extra

    Don't forget to vote! As of this publication, there are 53 days until election day. Check your registration and get all the information you need at https://www.vote.org

    Extreme Privacy - 5th Edition

    https://inteltechniques.com/book7.html

    Connect With Us:

    Twitter: @theeffitbucket

    Reddit: r/theeffitbucket

    E-mail: theeffitbucket@gmail.com

    Musical Attribution:

    "Limit 70" Kevin MacLeod (incompetech.com)

    Licensed under Creative Commons: By Attribution 4.0 License

    http://creativecommons.org/licenses/by/4.0/

    Show more Show less
    1 hr and 18 mins
  • Plenty of Cyber Careers in the Sea
    Aug 29 2024

    This week in the bucket, a massive data breach (again), attackers persuade AI to give up your data, and baking tips for starting a Sourdough.

    News Stories for Reference:

    "National Public Data confirms breach exposing Social Security numbers"

    https://www.bleepingcomputer.com/news/security/national-public-data-confirms-breach-exposing-social-security-numbers/

    Check to see if you are involved in the breach: https://npd.pentester.com/search

    "Microsoft’s AI Copilot can be weaponized as an ‘automated phishing machine,’ but the problem is bigger than one company"

    https://fortune.com/2024/08/13/microsoft-ai-copilot-hacking-prompt-injectoin-attack-black-hat/

    Cyber Career Resources:

    Cyber Seek Career Pathway | Link

    SANS Cyber Security Roadmap | Link

    SANS Cyber Courses and Certs by Job Role | Link

    GIAC NICE Framework | Link

    TCM Security | Link

    A Little Something Extra

    2030: Privacy's Dead. What happens next? | Tom Scott, YouTube

    youtube.com/watch?v=_kBlH-DQsEg

    Connect With Us:

    Twitter: @theeffitbucket

    Reddit: r/theeffitbucket

    E-mail: theeffitbucket@gmail.com

    Musical Attribution:

    "Limit 70" Kevin MacLeod (incompetech.com)

    Licensed under Creative Commons: By Attribution 4.0 License

    http://creativecommons.org/licenses/by/4.0/

    Show more Show less
    1 hr and 1 min
  • Cybersecurity Clinics
    Aug 15 2024

    This week in the bucket, CrowdStrike's RCA reads more like an advertisement, AMI released a private key in code marked "DO NOT TRUST" back in 2016, and how Cybersecurity Clinics are changing the cybersecurity education landscape. Plus, we demonstrate just how little we know about the Olympics.

    News Stories for Reference:

    "New CrowdStrike RCA Released"

    https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdfc

    "PKFail bug puts firmware security at risk"

    https://www.scmagazine.com/news/pkfail-bug-puts-firmware-security-at-risk

    Our Guest(s) This Week:

    Francesca Lockhart, Cybersecurity Clinic Program Lead from the Strauss Center for International Security and Law, at the University of Texas at Austin | @FLockhartUT

    A Little Something Extra

    Sign up for the Extra Life Charity Challenge taking place on Saturday, September 28th at Kinnick Stadium in Iowa City. Text-to-Register Number: Text GAMEON to 51555

    Or click here: bit.ly/ELCC25

    Connect With Us:

    Twitter: @theeffitbucket

    Reddit: r/theeffitbucket

    E-mail: theeffitbucket@gmail.com

    Musical Attribution:

    "Limit 70" Kevin MacLeod (incompetech.com)

    Licensed under Creative Commons: By Attribution 4.0 License

    http://creativecommons.org/licenses/by/4.0/

    Show more Show less
    1 hr and 21 mins
  • Crowdstrike ran into a problem and needs to restart.
    Aug 1 2024

    This week in the bucket, a hacker gets a job, we dig into the aftermath of the Crowdstrike issue that took down 8.5 Million computers, and we reminisce over sci-fi of the 80s and 90s.

    News Stories for Reference:

    "North Korean hacker got hired by US security vendor, immediately loaded malware"

    https://arstechnica.com/tech-policy/2024/07/us-security-firm-unwittingly-hired-apparent-nation-state-hacker-from-north-korea/

    "Cybersecurity Threat Advisory: Fake CrowdStrike updates observed in the wild"

    https://blog.barracuda.com/2024/07/26/cybersecurity-threat-advisory-fake-crowdstrike-updates-observed-in-the-wild

    "CrowdStrike IT Outage Explained by a Windows Developer"

    https://www.youtube.com/watch?v=wAzEJxOo1ts

    "CrowdStrike Update: Latest News, Lessons Learned from a Retired Microsoft Engineer"

    https://www.youtube.com/watch?v=ZHrayP-Y71Q

    "Microsoft says EU to blame for the world's worst IT outage"

    https://www.euronews.com/next/2024/07/22/microsoft-says-eu-to-blame-for-the-worlds-worst-it-outage

    Connect With Us:

    Twitter: @theeffitbucket

    Reddit: r/theeffitbucket

    E-mail: theeffitbucket@gmail.com

    Musical Attribution:

    "Limit 70" Kevin MacLeod (incompetech.com)

    Licensed under Creative Commons: By Attribution 4.0 License

    http://creativecommons.org/licenses/by/4.0/

    Show more Show less
    1 hr and 1 min
  • Special Bulletin #1: CrowdStrike Breaks The Internet
    Jul 21 2024

    Extra! Extra! Pretty much everybody's computer is broken because of a bad update from a security company.

    Connect With Us:

    Twitter: @theeffitbucket

    Reddit: r/theeffitbucket

    E-mail: theeffitbucket@gmail.com

    Musical Attribution:

    "Special Spotlight" Kevin MacLeod (incompetech.com)

    Licensed under Creative Commons: By Attribution 4.0 License

    http://creativecommons.org/licenses/by/4.0/

    Show more Show less
    21 mins