We continuously monitor the cyber, Gen AI landscape and its impact on us all. We help you stay up to speed with this collection of useful threat intelligence and News, Events, Jobs, & Innovators.
Wednesday, 4 Dec. (745-9am CDT) Honored to have Christopher Hetner presenting. His topic is SEC Cyber Regulations and the Year End Race to the Finish Line. Chris is the Cyber Risk Advisor at NACD (National Association of Corporate Directors), Former SEC and Treasury cyber. (Chicago Chapter, all are welcome)
Thursday, 5 Dec., (745-9am EDT) we are honored to have Christopher Hetner - AGAIN!… Cyber Risk Advisor at NACD (National Association of Corporate Directors) speaking. (Florida Chapter, all are welcome)
Thanks for reading Daniel’s Substack! Subscribe for free to receive new posts and support my work.
To RSVP any (or all) of these: https://www.cyberbreakfastclub.com/join-today https://www.linkedin.com/company/cyberbreakfastclub/ Questions, details and contracts with me: daniel.haney@cyberbuyer.io; RSVP with laura.robayo@cyberbuyer.io
…………….JOB ALERTS
Boston-based security jobs available at WHOOP: https://www.linkedin.com/company/whoop/
GoHealth is a leading health insurance marketplace and Medicare-focused digital health company. Through the efficient, multi-tiered guidance of our highly specialized licensed insurance agents, GoHealth meets Medicare consumers where they are in their enrollment journeys and empowers them to choose the plan and carrier best suited for their healthcare needs. https://www.linkedin.com/jobs/view/3977892551/
FED: U.S. Office of Personnel Management (OPM) Cyber is looking for an Enterprise Operations Center (EOC) Section Chief within our Cyber Integration Center branch. The selectee would be responsible for leading the merging of OPM's Security Operations Center and Network Operations Center into the EOC then leading it to the future! If interested apply on USAJOBS today https://lnkd.in/e7yDMTTM.
………………LATEST NEWS & UPDATES
Major Financial Data Breach at Finastra: (Fintech For 45 Of 50 Top Banks Confirms Data Breach) article:
Thousands of Palo Alto Firewalls Exploited (The two security flaws are an authentication bypass (CVE-2024-0012) in the PAN-OS management web interface that remote attackers can exploit to gain administrator privileges and a PAN-OS privilege escalation (CVE-2024-9474) that helps them run commands on the firewall with root privileges) article:
Cyberattack on French Hospital (A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system). article:
Russian Spies Jumped From One Network to Another Via Wi-Fi in an Unprecedented Hack: article link:
Government agencies and non-governmental organizations in the United States have become the target of a nascent China state threat actor known as Storm-2077.
The adversary, believed to be active since at least January 2024, has also conducted cyber attacks against the Defense Industrial Base (DIB), aviation, telecommunications, and financial and legal services across the world, Microsoft said.
Recorded Future's Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The hacking crew has been active since at least 2021. article:
…………..THINKERS and DRINKERS
**F1 Racing and the Innovators in 2024. Formula 1, the pinnacle of motorsport, is continually evolving with cutting-edge technologies that push the boundaries of speed, performance, and safety.
What does the acronym "MITRE ATT&CK" stand for, and what is its primary purpose? submit answers to info@fedsbd.io. Points for correct answer and for the most creatively wrong….
"They collect budget details of Facebook Ads Manager accounts of their victims, which might be a gateway for Facebook malvertisement," Netskope Threat Labs researcher Jan Michael Alcantara said in a report shared with The Hacker News.
Apple has released security updates for iOS, iPadOS, macOS, visionOS, and its Safari web browser to address two zero-day flaws that have come under active exploitation in the wild.
The flaws are listed below -
CVE-2024-44308 (CVSS score: 8.8) - A vulnerability in JavaScriptCore that could lead to arbitrary code execution when processing malicious web content
CVE-2024-44309 (CVSS score: 6.1) - A cookie management vulnerability in WebKit that could lead to a cross-site scripting (XSS) attack when processing malicious web content
"World on the Brink: How America Can Beat China in the Race for the Twenty-First Century" by Dmitri Alperovitch and Garrett Graff: This book explores the geopolitical and cybersecurity challenges posed by China's rise and offers strategies for the U.S. to maintain its global leadership.
"Quantum Machine Learning: Quantum Algorithms and Neural Networks" by Houbing Song: A heavy read with a $171 price tag! This work delves into the intersection of quantum computing and machine learning, discussing potential applications and implications for cybersecurity.
"Darknet Diaries": Hosted by Jack Rhysider, This chilling podcast narrates true stories about cybercrimes, hackers, and the dark web, providing insights into the complexities of cyber & AI threats. new update on the first Tuesday of the month!
Credo AI is on a mission to empower enterprises to responsibly build, adopt, procure, and use AI at scale. Credo AI’s cutting-edge AI governance platform automates AI oversight and risk management while enabling regulatory compliance to emerging global standards like the EU AI Act, NIST, and ISO.
Dratadistinguishes itself through several key features:
Comprehensive Compliance Automation: Drata automates the compliance process across multiple frameworks, including SOC 2, ISO 27001, HIPAA, and GDPR. This automation reduces manual effort and ensures continuous adherence to regulatory standards.
Continuous Control Monitoring: The platform offers 24/7 monitoring of security controls, providing real-time visibility into an organization's compliance status. This proactive approach enables immediate identification and remediation of potential issues.
and let’s remember our history: George Washington's Thanksgiving Proclamation (1789)
This was the first official Thanksgiving proclamation in U.S. history. As the newly established nation's first president, George Washington issued this proclamation to set aside a day of gratitude for the adoption of the Constitution and the blessings of liberty.
Washington emphasized unity, gratitude, and humility, urging Americans to acknowledge divine providence and commit to justice, kindness, and harmony.
This proclamation established Thanksgiving as a national observance, tying it to American identity and values.
Thank you. Have a peaceful and blessed Thanksgiving holiday.
Thanks for reading Daniel’s Substack! Subscribe for free to receive new posts and support my work.
