This week in the bucket, BleepingComputer misses the mark on Verkada breach, how a potential Harris administration could be tough on cyber crime, and our best tips for staying safe online.

News Stories for Reference:

"Verkada to pay $2.95 million for alleged CAN-SPAM Act violations"

https://www.bleepingcomputer.com/news/security/verkada-to-pay-295-million-for-alleged-can-spam-act-violations/

"Threat Report: BEC and VEC Attacks Show No Signs of Slowing"

https://abnormalsecurity.com/blog/bec-vec-attacks

FBI IC3 Report 2023

"What a Harris administration could mean for cybersecurity"

https://www.axios.com/2024/09/06/kamala-harris-cyber-policy-agenda-election

"Platform | Profile or Channel"

Hyperlink URL to YouTube Channel, Instagram Feed, etc.

A Little Something Extra

Don't forget to vote! As of this publication, there are 53 days until election day. Check your registration and get all the information you need at https://www.vote.org

Extreme Privacy - 5th Edition

https://inteltechniques.com/book7.html

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, a massive data breach (again), attackers persuade AI to give up your data, and baking tips for starting a Sourdough.

News Stories for Reference:

"National Public Data confirms breach exposing Social Security numbers"

https://www.bleepingcomputer.com/news/security/national-public-data-confirms-breach-exposing-social-security-numbers/

Check to see if you are involved in the breach: https://npd.pentester.com/search

"Microsoft’s AI Copilot can be weaponized as an ‘automated phishing machine,’ but the problem is bigger than one company"

https://fortune.com/2024/08/13/microsoft-ai-copilot-hacking-prompt-injectoin-attack-black-hat/

Cyber Career Resources:

Cyber Seek Career Pathway | Link

SANS Cyber Security Roadmap | Link

SANS Cyber Courses and Certs by Job Role | Link

GIAC NICE Framework | Link

TCM Security | Link

A Little Something Extra

2030: Privacy's Dead. What happens next? | Tom Scott, YouTube

youtube.com/watch?v=_kBlH-DQsEg

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, CrowdStrike's RCA reads more like an advertisement, AMI released a private key in code marked "DO NOT TRUST" back in 2016, and how Cybersecurity Clinics are changing the cybersecurity education landscape. Plus, we demonstrate just how little we know about the Olympics.

News Stories for Reference:

"New CrowdStrike RCA Released"

https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdfc

"PKFail bug puts firmware security at risk"

https://www.scmagazine.com/news/pkfail-bug-puts-firmware-security-at-risk

Our Guest(s) This Week:

Francesca Lockhart, Cybersecurity Clinic Program Lead from the Strauss Center for International Security and Law, at the University of Texas at Austin | @FLockhartUT

A Little Something Extra

Sign up for the Extra Life Charity Challenge taking place on Saturday, September 28th at Kinnick Stadium in Iowa City. Text-to-Register Number: Text GAMEON to 51555

Or click here: bit.ly/ELCC25

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, a hacker gets a job, we dig into the aftermath of the Crowdstrike issue that took down 8.5 Million computers, and we reminisce over sci-fi of the 80s and 90s.

News Stories for Reference:

"North Korean hacker got hired by US security vendor, immediately loaded malware"

https://arstechnica.com/tech-policy/2024/07/us-security-firm-unwittingly-hired-apparent-nation-state-hacker-from-north-korea/

"Cybersecurity Threat Advisory: Fake CrowdStrike updates observed in the wild"

https://blog.barracuda.com/2024/07/26/cybersecurity-threat-advisory-fake-crowdstrike-updates-observed-in-the-wild

"CrowdStrike IT Outage Explained by a Windows Developer"

https://www.youtube.com/watch?v=wAzEJxOo1ts

"CrowdStrike Update: Latest News, Lessons Learned from a Retired Microsoft Engineer"

https://www.youtube.com/watch?v=ZHrayP-Y71Q

"Microsoft says EU to blame for the world's worst IT outage"

https://www.euronews.com/next/2024/07/22/microsoft-says-eu-to-blame-for-the-worlds-worst-it-outage

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

Extra! Extra! Pretty much everybody's computer is broken because of a bad update from a security company.

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Special Spotlight" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, RADIUS gets blasted, more passwords than there are living people on the planet get released in plain text, and we discuss merch opportunities for the podcast.

News Stories for Reference:

"New Blast-RADIUS attack bypasses widely-used RADIUS authentication"

https://www.bleepingcomputer.com/news/security/new-blast-radius-attack-bypasses-widely-used-radius-authentication/

"RockYou2024: 10 BILLION unique passwords exposed – what now?"

https://www.itsecurityguru.org/2024/07/09/rockyou2024-10-billion-unique-passwords-exposed-what-now/

"Twilio Authy Data Breach: 33 Million Phone Numbers Compromised"

https://news.trendmicro.com/2024/07/10/twilio-authy-data-breach/

A Little Something Extra

"YouTube | Morgan Eckroth"

https://www.youtube.com/@morgandrinkscoffee

"YouTube | Worst Wifi Password Ever"

https://www.youtube.com/watch?v=bLE7zsJk4AI

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, car dealerships are back to pen and paper, Snowflake loses data from a Bank and Ticketmaster alike, and why it's never too late to consider a career in Cyber.

News Stories for Reference:

"CDK Global works to restore dealer software after hack, but the auto sales fallout still looms"

https://finance.yahoo.com/news/cdk-global-works-to-restore-dealer-software-after-hack-but-the-auto-sales-fallout-still-looms-170520118.html

"Overview of the Snowflake Breach: Threat Actor Offers Data of Cloud Company’s Customers"

https://socradar.io/overview-of-the-snowflake-breach/

"TeamViewer's corporate network was breached in alleged APT hack"

bleepingcomputer.com/news/security/teamviewers-corporate-network-was-breached-in-alleged-apt-hack/

Our Guest(s) This Week:

Jimmy Minhinnett, an avid supporter of people trying to change their career | LinkedIn

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, a fired employee deletes 180 virtual servers, a deep-dive into Identity and Access Management, and we log in with our FACES!

News Stories for Reference:

"Fired employee accessed company’s computer 'test system' and deleted servers, causing it to lose S$918,000"

https://www.channelnewsasia.com/singapore/former-employee-hack-ncs-delete-virtual-servers-quality-testing-4402141

Our Guest This Week:

Bill Harper, Senior Manager of IAM at New American Funding | LinkedIn

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/