Today we discuss the Detection Engineering Behavior Maturity Model, which is a new Capability Maturity Model for Detection Engineering (surprise!) from Elastic. It seems a little overly complicated to me (M.) but super useful despite that!

Article that we originally saw

Direct link to Elastic Blog Post

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss an attempted kidnapping and ransom of the parents of someone connected to a multi million dollar theft, stolen prompts and responses from Muah.ai's "companions", and how much attention should be paying low severity alerts?

Article 1 - Lamborghini Carjackers Lured by $243M Cyberheist

Article 2 - AI girlfriend site breached, user fantasies stolen

Article 3 - Have you been keeping up with your low confidence detections?

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Does the T-Mobile Consent Decree mean that the government is going to get more involved in breaches? Additionally, Kia closes a gap in it's dealership API which allowed researchers to geolocate and lock/unlock cars. Finally, we briefly discuss a new method attackers are monetizing AWS credentials... it's not pretty.

Article 1 - T-Mobile US to cough up $31.5M after that long string of security SNAFUs
Supporting Articles:
The Cost of Doing Business
T-Mobile hit with $60M fine over data security violations
T-Mobile to take $400M hit from hacking settlement
T-Mobile Consent Decree

Article 2 - Hacking Kia: Remotely Controlling Cars With Just a License Plate
Supporting Articles:
Plate to VIN
Car Companies Know When You Speed. Then They Sell That Data

Article 3 - A Single Cloud Compromise Can Feed an Army of AI Sex Bots

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

Spoiler alert - Not in the way the mass media is discussing it, and it's doing a disservice to aspiring security analysts and engineers.

Supporting Articles:
Packed. Crowded. Bursting. Crammed. Glutted. Jammed. Teeming. Saturated. Chock-full. Jam-packed. Brimming. Overflowing.

Fungible Tokens

Let’s get real: there is no such thing as “gatekeeping” in cybersecurity

The ghost jobs haunting your career search

Are We Now Living in a Parasite Culture?

Is there really an information security jobs crisis?

Defensive Security Podcast Episode 279

Global cybersecurity workforce growth flatlines, stalling at 5.5M pros

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week, David and I review the 2024 Picus Blue Report, in a more timely fashion than the last one. As always, interesting insights.

Link to Report

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week David and I talk about how current phishing tests closely resemble early attempts at fire drills, through the Google Security Blog, and then we discuss a Schneier post about what the recent CS failure says about the resiliency of the internet.

Article 1 - On Fire Drills and Phishing Tests

Article 2 - The CrowdStrike Outage and Market-Driven Brittleness

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss two articles - One about how the Technology Adoption Cycle applies to companies and how they acquire a new security capability, and a second about how Sysmon isn't a replacement for EDR, mostly due to the time commitment required.

Article 1 - Cybersecurity technology adoption cycle and its implications for startups and security teams

Article 2 - Sysmon: a viable alternative to EDR?
Supporting Articles:
Getting Started with ATT&CK: Detection and Analytics

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!

This week we discuss the FY23 incidents in the US Government's annual report, and then we discuss Snowflake a bit, and some of the issues around SAAS and Malware Remediation (infostealers steal more than just the work accounts!)

Article 1 - White House report dishes deets on all 11 major government breaches from 2023
Supporting Article:
Microsoft breach led to theft of 60,000 US State Dept emails

Article 2 - Snowflake customers not using MFA are not unique – over 165 of them have been compromised
Supporting Articles:
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion
No Snow, No Flakes: Pondering Cloud Security Shared Responsibility, Again!
Mapping Snowflake’s Access Landscape

If you found this interesting or useful, please follow us on Twitter @serengetisec and subscribe and review on your favorite podcast app!