This week in the bucket, researchers can get LLM-driven robots to kill us by telling them they are action movie stars, hackers hang out at the Library of Congress for months, and Ivanti poops the bed (again).

News Stories for Reference:

"Out of 29 Billion Cybersecurity Events, Phishing was the Primary Method of Initial Attack"

https://blog.knowbe4.com/out-of-29-billion-cybersecurity-events-phishing-was-the-primary-method-of-initial-attack

"It's Surprisingly Easy to Jailbreak LLM-Driven Robots - Researchers induced bots to ignore their safeguards without exception"

https://spectrum.ieee.org/jailbreak-llm

"Library of Congress Says an Adversary Hacked Some Emails"

https://www.securityweek.com/library-of-congress-says-an-adversary-hacked-some-emails/?is=19abe664615d20ad53fe7fe2b8af273540b98afc9232f728b7e898b0c73a80ad

"Ivanti Patches 50 Vulnerabilities Across Several Products"

https://www.securityweek.com/ivanti-patches-50-vulnerabilities-across-several-products/

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, thoughts about what the next four years could look like from a cyber perspective, general complaints about the election, and some comfort shows that make us happy.

News Stories for Reference:

"Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure"

https://www.cisa.gov/topics/cybersecurity-best-practices/executive-order-strengthening-cybersecurity-federal-networks-and-critical-infrastructure

"President Trump Unveils America’s First Cybersecurity Strategy in 15 Years"

https://trumpwhitehouse.archives.gov/articles/president-trump-unveils-americas-first-cybersecurity-strategy-15-years/

"Project 2025’s Plan for Cybersecurity Agency Threatens Election Security"

https://www.brennancenter.org/our-work/research-reports/project-2025s-plan-cybersecurity-agency-threatens-election-security

"How Trump could change cybersecurity"

https://www.axios.com/2024/09/03/donald-trump-2024-cybersecurity-agenda

"4 tech issues to watch in Trump’s second term"

https://www.ciodive.com/news/4-tech-policies-donald-trump/732196/

"Platform | Profile or Channel"

Hyperlink URL to YouTube Channel, Instagram Feed, etc.

"Colorado Libertarians sue Secretary of State Jena Griswold over leak of voting equipment passwords"

https://www.coloradopolitics.com/elections/2024/colorado-libertarians-sue-secretary-of-state-jena-griswold-over-leak-of-voting-equipment-passwords/article_0a27e3f2-98aa-11ef-8cb3-a7da55f4f664.html

"Ballot boxes were set on fire in Oregon and Washington. What happens to the votes?"

https://www.msnbc.com/opinion/msnbc-opinion/ballot-box-fires-oregon-washington-early-voting-safety-rcna177743

"Bomb threats disrupted what was otherwise relatively smooth voting on Election Day"

https://www.npr.org/2024/11/06/nx-s1-5181834/election-day-voting-bomb-threats

A Little Something Extra

"Why Democracy Is Mathematically Impossible | Veritasium"

https://youtu.be/qf7ws2DF-zk?si=sQNRhBWELxyC6cbe

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail:

This week in the bucket, the Internet Archive continues to have a rough October, Amazon's customers are loving Passkeys, and various tales of online scam woes.

News Stories for Reference:

"Internet Archive Gets Pummeled in Round 2 Breach "

https://www.darkreading.com/cyberattacks-data-breaches/internet-archive-pummeled-round-2-breach

"Amazon says 175 million customers now use passkeys to log in"

https://www.bleepingcomputer.com/news/security/amazon-says-175-million-customers-now-use-passkeys-to-log-in/

"Varonis – Breach prevented within 30-minutes"

https://view.highspot.com/viewer/6418b07d1bf0b78753945178

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, what happens to all the spit data, Lego's website launches a scam product, and scammers take advantage of the hurricane like bottom-feeding scum.

News Stories for Reference:

"23andMe is on the brink. What happens to all its DNA data?"

https://www.npr.org/2024/10/03/g-s1-25795/23andme-data-genetic-dna-privacy

"Largest water utility company in the U.S. targeted in cyberattack"

https://www.nbcnews.com/news/us-news/largest-water-utility-company-us-targeted-cyberattack-rcna174474

"Reports: China hacked Verizon and AT&T, may have accessed US wiretap systems"

https://arstechnica.com/tech-policy/2024/10/reports-china-hacked-verizon-and-att-may-have-accessed-us-wiretap-systems/

"LEGO Shop Hacked To Promote Ethereum Crypto Scam"

https://secalerts.co/news/lego-shop-hacked-to-promote-ethereum-crypto-scam/5pmeCydAUayw8A17f84dLR

"Thousands of Linux systems infected by stealthy malware since 2021"

https://arstechnica.com/security/2024/10/persistent-stealthy-linux-malware-has-infected-thousands-since-2021/

"Understanding the CUPS Vulnerability: What’s important to know"

https://censys.com/understanding-the-cups-vulnerability-whats-important-to-know/

"Fraud scams related to hurricanes"

https://law.georgia.gov/key-issues/consumer-protection/consumer-alert-beware-storm-scams-fraud

"Protects Your Identity. Be Alert to Fraud and Scams"

https://www.fema.gov/press-release/20241006/protect-your-identity-be-alert-fraud-and-scams

A Little Something Extra

FLYING THROUGH HURRICANE MILTON in MSFS:

https://www.youtube.com/watch?v=X2mouAeqCoY

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, LinkedIn probably trained their AI on your data without asking (hooray!), Kaspersky AV decides the best thing for everyone is to just delete itself, and OpenAI's new model troubleshoots its own issues.

News Stories for Reference:

"How to stop LinkedIn from training AI on your data"

https://arstechnica.com/tech-policy/2024/09/how-to-stop-linkedin-from-training-ai-on-your-data/

"Dark Reading Confidential: Pen Test Arrests, Five Years Later"

https://www.darkreading.com/vulnerabilities-threats/dark-reading-confidential-pen-test-arrests-five-years-later?is=19abe664615d20ad53fe7fe2b8af273540b98afc9232f728b7e898b0c73a80ad

"Kaspersky deletes itself, installs UltraAV antivirus without warning"

https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/

"OpenAI o1 System Card"

https://assets.ctfassets.net/kftzwdyauwt9/67qJD51Aur3eIc96iOfeOP/71551c3d223cd97e591aa89567306912/o1_system_card.pdf

A Little Something Extra

Ted Lasso Biscuit Recipe:

https://bromabakery.com/ted-lasso-biscuits/

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, BleepingComputer misses the mark on Verkada breach, how a potential Harris administration could be tough on cyber crime, and our best tips for staying safe online.

News Stories for Reference:

"Verkada to pay $2.95 million for alleged CAN-SPAM Act violations"

https://www.bleepingcomputer.com/news/security/verkada-to-pay-295-million-for-alleged-can-spam-act-violations/

"Threat Report: BEC and VEC Attacks Show No Signs of Slowing"

https://abnormalsecurity.com/blog/bec-vec-attacks

FBI IC3 Report 2023

"What a Harris administration could mean for cybersecurity"

https://www.axios.com/2024/09/06/kamala-harris-cyber-policy-agenda-election

"Platform | Profile or Channel"

Hyperlink URL to YouTube Channel, Instagram Feed, etc.

A Little Something Extra

Don't forget to vote! As of this publication, there are 53 days until election day. Check your registration and get all the information you need at https://www.vote.org

Extreme Privacy - 5th Edition

https://inteltechniques.com/book7.html

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, a massive data breach (again), attackers persuade AI to give up your data, and baking tips for starting a Sourdough.

News Stories for Reference:

"National Public Data confirms breach exposing Social Security numbers"

https://www.bleepingcomputer.com/news/security/national-public-data-confirms-breach-exposing-social-security-numbers/

Check to see if you are involved in the breach: https://npd.pentester.com/search

"Microsoft’s AI Copilot can be weaponized as an ‘automated phishing machine,’ but the problem is bigger than one company"

https://fortune.com/2024/08/13/microsoft-ai-copilot-hacking-prompt-injectoin-attack-black-hat/

Cyber Career Resources:

Cyber Seek Career Pathway | Link

SANS Cyber Security Roadmap | Link

SANS Cyber Courses and Certs by Job Role | Link

GIAC NICE Framework | Link

TCM Security | Link

A Little Something Extra

2030: Privacy's Dead. What happens next? | Tom Scott, YouTube

youtube.com/watch?v=_kBlH-DQsEg

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/

This week in the bucket, CrowdStrike's RCA reads more like an advertisement, AMI released a private key in code marked "DO NOT TRUST" back in 2016, and how Cybersecurity Clinics are changing the cybersecurity education landscape. Plus, we demonstrate just how little we know about the Olympics.

News Stories for Reference:

"New CrowdStrike RCA Released"

https://www.crowdstrike.com/wp-content/uploads/2024/08/Channel-File-291-Incident-Root-Cause-Analysis-08.06.2024.pdfc

"PKFail bug puts firmware security at risk"

https://www.scmagazine.com/news/pkfail-bug-puts-firmware-security-at-risk

Our Guest(s) This Week:

Francesca Lockhart, Cybersecurity Clinic Program Lead from the Strauss Center for International Security and Law, at the University of Texas at Austin | @FLockhartUT

A Little Something Extra

Sign up for the Extra Life Charity Challenge taking place on Saturday, September 28th at Kinnick Stadium in Iowa City. Text-to-Register Number: Text GAMEON to 51555

Or click here: bit.ly/ELCC25

Connect With Us:

Twitter: @theeffitbucket

Reddit: r/theeffitbucket

E-mail: theeffitbucket@gmail.com

Musical Attribution:

"Limit 70" Kevin MacLeod (incompetech.com)

Licensed under Creative Commons: By Attribution 4.0 License

http://creativecommons.org/licenses/by/4.0/