The Cyber Why: What We Read This Week...
... and why you should too! (2/2/24)
What a week! This week we reached an agreement with
to have their owner come onboard to help write content at TCW! Katie extends our expertise and with her help we commit to create great content at an even higher frequency than ever before. Thanks for being a TCW fan and subscribing to our content.This week in The Cyber Why we discuss social media’s impact on youth mental health, present a deepfake image of our leader as a 90’s rapper, Apple Goggles get popped even before GA, commentary on China hacking attacks, and Tyler (#oldhead) learns what a “grail” is! Give it a read, click subscribe, and share with your friends!
10 Reasons Why You Need an AI Cyber Analyst Now
LinkedIn, Board Meetings, Blackhat: everyone's talking about AI in cybersecurity. It's the future of efficiency for both you and the bad guys, but how can you be sure you're investing in the right AI? Here are the top 10 most compelling reasons you need an AI cyber analyst.
Find the cyber alerts that matter at SalemCyber.com
Both Parties Unite In Their Hatred Of Social Media
Accusations, tears and rants: 5 takeaways from today’s tech CEO hearing (CNN)
Big Tech faces brutal questioning on Capitol Hill over content harming kids (Fox)
Zuckerberg tells parents of social media victims at Senate hearing: ‘I’m sorry for everything you’ve been through’ (The Guardian)
(Rick pick) The CEOs of Meta, TikTok, X, Snap, and Discord testified before Congress on Wednesday and Congress really put the "united" in the United States. These days, there is very little that Republicans and Democrats can agree on, but disgust with social media is one. I'm with them. As a father, I worry about the negative implications of social media every day. In his testimony, Zuckerberg said:
"Mental health is a complex issue, and the existing body of scientific work has not shown a causal link between using social media and young people having worse mental health outcomes."
I'm sorry. WAT? 🤢🤢🤢🤢 I'm no researcher nor a scientist, but it doesn't take a Ph.D. to assess that social media can have a detrimental effect on mental health. It was horrible to hear the stories of the suffering families. I wish we could come up with bipartisan solutions here. Sigh, its also an election year which means even less will get done.
Deepfake Voice and Video Attacks Go Viral
A deepfake audio recording of a candidate boasting about rigging an election went viral in Slovakia, raising concerns about the potential impact of deepfakes on elections. US officials see this as a warning for the 2024 presidential election and are preparing for the use of deepfakes to inject confusion among voters. Efforts to counter deepfakes vary among US states, with some passing laws to regulate them, while others lack specific programs or resources. The spread of deepfakes on social media poses a challenge in stopping their dissemination, and the fear of foreign interference complicates public response.
Deepfakes are a very serious issue and, as this article articulates, will likely play a significant role in the elections this coming fall. We have to get ahead of this problem from a security perspective before more people fall prey to the audio and video deepfakes that will flood the Internet later this year.
I teach a class at UNC Kenan Flagler Business School, and a group of students used a new deepfake technology to embed my face in pictures for a class project. Here’s a deep fake of yours truly as a ’90s rapper (this is the stuff that nightmares are made of!)
Apple Vision Pro - Popped Before GA!
Apple fixes zero-day bug in Apple Vision Pro that ‘may have been exploited’ (TechCrunch)
Well, that didn’t take long now. Apple just released a security patch for its brand-new Vision Pro headset to fix a vulnerability that “may have been exploited” by hackers. This bug appears to have been an arbitrary code execution bug within the WebKit component of the headset operating system. This is a common exploit technique for iPads, iPhones, Macs, and AppleTV as it targets the browser engine running Safari and other web apps on these devices. Apple would not elaborate on the “may have been exploited” comment and didn’t provide any additional indication of the compromise depth. If you want to spend $3500 for an ugly set of ski goggles, you two can be the proud owner of the now-exploitable Apple Vision Pro!
FBI Director Wray Sounds The China Alarm (Again)
5 Threats FBI Director Wray Warns the U.S. Should Be Worried About (US News)
FBI Director Chris Wray warns Congress that Chinese hackers targeting U.S. infrastructure as U.S. disrupts foreign botnet "Volt Typhoon" (CBS)
(Rick pick) This week, FBI Director Wray (among others) testified on the Hill in front of the House Select Committee on the Chinese Communist Party. Fun fact: the 118th Congress is one of the least productive legislative bodies in the history of Earth. Let's see what results from this testimony. He testified,
“There has been far too little public focus on the fact that PRC hackers are targeting our critical infrastructure -- our water treatment plants, our electrical grid, our oil and natural gas pipelines, our transportation systems. And the risk that poses to every American requires our attention -- now."
These warnings are nothing new. They remind me of Leon Panetta's famous "cyber Pearl Harbor" speech from 2012. Mocked by the cybersecurity peanut gallery for his comments, Panetta may have had some Nostradamus in him after all. Securing US infrastructure is a generational problem, and we are making little progress in addressing it. Sadly, it will take a cyber attack that results in significant loss of life or financial impact to force Congress' hand.
TIL What A Grail Was! #oldhead #musichacks
Fla. Man Charged in SIM-Swapping Spree is Key Suspect in Hacker Groups Oktapus, Scattered Spider (Krebs on Security)
Let me be the first to say it. Krebs is the absolute BEST investigative security and hacking journalist on the planet. His writing and reports are so in-depth that the hair on the back of my neck stands up. Read the details of this report. It’ll really help you come to terms with exactly how some of these more modern cyber-attacks are conducted and what the results can be.
In this fantastic research piece, a 19-year-old Florida man, Noah Michael Urban, was arrested and charged with wire fraud, aggravated identity theft, and conspiring with others to use SIM-swapping to steal cryptocurrency. Urban is believed to be a vital member of a criminal hacking group responsible for cyber intrusions at major U.S. technology companies in 2022. The group, known as Oktapus or Scattered Spider, was involved in breaches at Twilio, LastPass, DoorDash, Mailchimp, and Plex. Urban, who went by the aliases "Sosa" and "King Bob," is also known for his involvement in trading stolen, unreleased rap music recordings (grails). The arrest follows a series of violent attacks and rivalries within the SIM-swapping community. Urban faces multiple charges and could be sentenced to up to 20 years in federal prison.
Quick Hits and Hidden Gems
Bigger, Faster, Stronger: The New Standard for Public Cybersecurity Companies (Strategy of Security) - An excellent read about the “eras” of cybersecurity IPO and late-stage companies. In particular of note is that commentary on the most recent era where low burn and high growth are mandatory to build a generational company. Go read this one!
Trump says red marks on hands may have been AI (MSN) - This one nearly made the joke of the week status above. How do you NOT KNOW how you got red ink on your hand? This man baffles me sometimes! Maybe it’s a DEEPFAKE!
Altitude Cyber Q4 Cybersecurity Market Review (PDF) - Great overall cyber market analysis. Right up there with Momentum Cyber quarterly reports.
Caveat emptor: product-led growth in cybersecurity can be a great idea, but it can also hurt or even kill security startups (Venture In Security) - TCW covered this a year ago here and here. VIS has some exciting and unique takes to add.
Cybersecurity As Relatable As Possible (#4)— Hackers (Cyb3r Philosoph3r) - Very 101-level background of white-hat, black-hat, and grey-hat hacking history. For those newbies on the list.
Plagues, Cyborgs, and Supersoldiers The Human Domain of War Research Report (Document Cloud) - Woah. Biomechanical war with cyborgs and supersoldiers. This shit is SCARY!
The dawning of the unicorpses: The boom and bust of billion-dollar startups (Fortune) - If you pay for a Fortune subscription, this one is a decent one reporting on the new era of Unicorpses. It’s worth the cover art alone.
If you’ve made it this far, you either found our musings at least semi-entertaining, OR you enjoyed the pain and kept going regardless. No matter how you made it to this point, you should know that we appreciate you. Please do us a solid and share The Cyber Why with your friends. We would love to reach a bigger audience, and referrals are how we do it. Help us out, and we’ll see you next week!