Vulnerable U

Howdy friends. This week I discuss how ALPHV/Blackcat filed a SEC complaint against one of their ransomware victims, ALPHV/Blackcat’s use of Google Ads to target victims, LockBit’s leak of Boeing’s files, Google’s confirmation that they will disable uBlock in Chrome in 2024, the release of new CVSS 4.0 vulnerability severity rating standard, YouTube’s requirement on creators to disclose the use of generative AI, the latest Move-it breach affecting 1.3 million individuals, the cyber incident forcing an Australian port operator to suspend operations, the vulnerability of Bitcoin user’s wallets for those that created them before 2016, Dolly.com’s ransomware payment and subsequent leak, the FBI’s challenges with stopping a casino hacking gang, and Toyota’s recent breach. We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

Howdy friends. This week I cover Biden’s AI executive order, the pledge that 40 countries took to not pay ransom to cybercriminals, Prolific Puma, Lazarus hacking group’s focus on infecting blockchain experts with malware, the pwning of the JFK taxi system by Russian hackers, and Boeing’s recent ‘cyber incident’. We’re sticking with just the news on this episode, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

Howdy friends. This week I go over the Okta security breach, SolarWinds and their Chief Information Security Officer charged by the SEC with Fraud, Cisco’s second recent 0-day, Browser-based attacks on Apple devices, Telegram’s continued leaks, and the 34 Spanish cyber criminals arrested for stealing 4 million people's data. We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

Howdy friends. This week I discuss the North Korean IT workers found to have been sending wages from their remote jobs back to North Korea to fund weapons programs, the massive Cisco device 0-day, the fall of the ACG hacking group, a complex malvertising campaign that was recently uncovered, and the discovery of government-backed hackers exploiting WinRAR vulnerability. We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/

Howdy friends. This week I dive into Hacktivism in response to the Hamas-Israel war, MGM Resorts refusal to pay ransom in recent cyber attack, how X-Force found a global NetScaler Gateway credential harvesting campaign, Google’s adoption of passkeys, a recent HTTP/2 Zero-Day, how $7 billion in crypto was laundered, Github’s security weaknesses, Microsoft’s bug bounty program, Microsoft’s warning of foreign government-sanctioned hackers exploiting critical atlassian confluence vulnerability, the curl vulnerability that fell flat of expectations, and the thousands of Android devices with unkillable backdoor preinstalled. We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

Howdy friends. This week I explain the 23andMe data breach, the new group responsible for attacking iPhone encryption backed by a political dark-money network, the uptick in police use of Google’s data, the increase in hacking scam on the elderly community, Cisco Emergency Responder static credential vulnerability, the iOS 17 0-day, Qualcomm's three 0-day patches reported by Google, Vulnerabilities in Supermicro BMCs, Critical TorchServe Flaws that Could Expose the AI Infrastructure of Major Companies, Sony’s confirmation of latest data breach, and the link between the Clorox security breach and the recent casino hacks. We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

Howdy friends. This week I dive into the WebP 0day, the Youth hacking ring at the center of recent cybercrime spree, the financially motivated UNC3944 threat actor that has shifted its focus to ransomware attacks, University of Minnesota’s data breach, the $200 million crypto hack on Mixin, and the discovery of China-linked threat actors who have modified Cisco router firmware to compromise intellectual property and sensitive data. We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

Howdy friends. This week I will discuss the MGM Resorts and Caesars Entertainment hacks, Github’s launch of passkeys, Mark Cuban’s crypto wallet hack, the Microsoft AI researchers accidental data leak, the Microsoft teams phishing problem, Cisco’s acquisition of Splunk, and the latest T-mobile data breach We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

Howdy friends. This week I am covering the China-backed Flax Tycoon hack on Taiwan, a Brazilian phone spyware that was hacked, the MOVEit hack statistics, the FBI and partners dismantling of Qakbot infrastructure in a massive international cyber takedown, a fake Signal app planted on the Google Play store, and the tragic death of a Saudi man by death penalty over his tweets. We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

Howdy friends. In this video I go over UK Surveillance requirement revisions, CloudNordic’s ransomware incident, a SIM-Swap Crypto Hack perpetrated on a crypto investor, the Citrix Sharefile flaw exploit, Tesla’s massive data breach of employee’s personal information, and updates on the Discord and Lapsus$ stories from last week We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

Howdy friends. In this video, I cover GitHub’s plans to require two-factor authentication, Discord.io’s recent data breach and shutdown, the Kubernetes misconfiguration that exposes data of several Fortune 500 companies and possibly hundreds more, the PSNI and UK voter breaches and why they should be taken more seriously, and finally the $70 device that can spoof Apple products which was used at Def Con. We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

Howdy friends. In this video, I go over how hackers have rigged casino card-shuffling machines, my take on the Rapid7 layoffs, Homeland Security’s report on the Lapsus$ breaches,  EvilProxys phishing campaign, and the cyberattack that caused medical provider CardioComm to take their system offline.  We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

Howdy friends. In this video, the juiciest in infosec news including a vulnerability that led to unlimited airline miles, Microsoft gets called out, and Russian phishing in MS Teams.  We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

Howdy friends. In this video, I walk through the SEC vote requiring companies to disclose cybersecurity incidents, an intentional backdoor discovered in radio comms, Google’s 0-day year in review, malware in Call of Duty, and Lazarus linked to two heists.  We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

Howdy friends. In this video, I walk through two internet scams found by non-industry experts, how a typo led to a massive US military data leak, the possible death of Infosec twitter, and Google’s pilot program restricting internet access to employees.  We’re sticking with just the news on this video, but you can find more Vulnerable U personal and professional growth content on my blog: https://www.mattjay.com/blog/ Check out my free weekly newsletter Vulnerable U: https://www.mattjay.com/newsletter/ 

This week we try something new, talk about China & Russia based threat actors for Microsoft, Clarence Thomas is on Venmo, and an AT&T scam by an employee. Links to articles and references here: China based threat actor activity Russia based threat actor activity, zero day attacks Clarence Thomas on Venmo AT&T scam by actual employee

In this engaging episode of VulnU, discover how empathy can enhance our defenses, improve security postures, and make us better individuals. Learn five key steps to leverage empathy effectively, including understanding threat actors, designing user-centric security, supporting victims, implementing human-centric training, and promoting collaboration. Plus, the latest in vulnerability news including lots of malware things and more on the MOVEit File Transfer. Find all relevant news links on the latest edition of the Vulnerable U Newsletter here.

This week we have a short thought with a big impact. Plus, we cover some exciting news in the infosec world and show you gratitude for being part of this new and exciting journey with us. Verizon DBIR - https://www.verizon.com/business/resources/reports/dbir/ MY KEY LINKS 🌍  My website / blog - https://www.mattjay.com 🐦  Twitter - https://twitter.com/mattjay 🗞️  Vulnerable U Newsletter - https://vulnu.mattjay.com

This week we turn obstacles into opportunities for self improvement, talk through  riveting and (dare I say) comical news, and generally get comfortable in front of the mic and camera. Welcome to Vulnerable U!