START CONTENT



* Anthem, the second largest healthcare company, had a major breach



* They lost around 80 million socials, addresses, emails, etc., which is roughly double the Target breach

* There’s speculation that it was China, trying to penetrate government, but it’s early

* Watch for phishing scams related to it

* The megabreaches continue…weee!


* A WordPress plugin called FancyBox had a serious compromise in it last week, which affected thousands of websites



* If you’re going to run WordPress, understand that Plugins are the best way to get yourself hacked

* Specifically, the type of plugins that handle user input and do something with it that affects the site’s output

* Image manipulation plugins have been particularly vulnerable, usually to XSS


* There was another critical Flash vulnerability this week



* Like I said last week, and the week before, there’s a first time for everything


* Three bug hunters at HP received the 125,000 prize for finding a major vulnerability in Internet Explorer



* Because they work for HP they couldn’t take the cash, and instead donated it to charity


* Microsoft released Outlook for iOS last week, which looks pretty slick



* Unfortunately it is riddled with security flaws

* Recommendation: wait for a few updates, and for them to get a security assessment



END CONTENT



Play Podcast

START CONTENT 
 
 
* Anthem, the second largest healthcare company, had a major breach 
 
 
* They lost around 80 million socials, addresses, emails, etc., which is roughly double the Target breach 
* There&#8217;s speculation that it was China, trying to penetrate government, but it&#8217;s early 
* Watch for phishing scams related to it 
* The megabreaches continue…weee! 
 
* A WordPress plugin called FancyBox had a serious compromise in it last week, which affected thousands of websites 
 
 
* If you&#8217;re going to run WordPress, understand that Plugins are the best way to get yourself hacked 
* Specifically, the type of plugins that handle user input and do something with it that affects the site&#8217;s output 
* Image manipulation plugins have been particularly vulnerable, usually to XSS 
 
* There was another critical Flash vulnerability this week 
 
 
* Like I said last week, and the week before, there&#8217;s a first time for everything 
 
* Three bug hunters at HP received the 125,000 prize for finding a major vulnerability in Internet Explorer 
 
 
* Because they work for HP they couldn&#8217;t take the cash, and instead donated it to charity 
 
* Microsoft released Outlook for iOS last week, which looks pretty slick 
 
 
* Unfortunately it is riddled with security flaws 
* Recommendation: wait for a few updates, and for them to get a security assessment 
 
 
END CONTENT 
 
 
Play Podcast

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Unsupervised Learning is a Security, AI, and Meaning-focused podcast that looks at how best to thrive as humans in a post-AI world. It combines original ideas, analysis, and mental models to bring not just the news, but why it matters and how to respond.

Exploring the fascinating intersection of security, technology, and humans.

Unsupervised Learning

START CONTENT Anthem, the second largest healthcare company, had a major breach They lost around 80 million socials, addresses, emails, etc., which is roughly double the Target breach There’s speculation that it was China,

Take 1 Security Podcast: Episode 5

In this sponsored conversation, I speak with Corey Ranslem, CEO of Dryad—and the resident expert on Maritime Attacks—and Ismael Valenzuela, VP of Threat Intelligence and Research at Blackberry.

We talked about all things Maritime Security, and I learned a whole lot from the conversation.

Digital Hijacking at Sea: Unveiling a Cyber Attack Scenario in the Red Sea

BlackBerry Quarterly Global Threat Report — March 2024

00:00:00 Introduction and Guest Welcome
00:00:30 Maritime Security Overview
00:01:15 Baltimore Incident Discussion
00:02:00 Legacy Systems on Ships
00:03:20 Connectivity Challenges at Sea
00:04:10 Cyber Threats in Maritime Industry
00:05:00 Post-Accident Cyber Investigations
00:06:00 Potential Cyber Attacks on Ships
00:07:30 Threat Scenarios and Models
00:08:45 USB and External Media Threats
00:09:30 Evolution of Navigation System Connectivity
00:10:30 Crew Connectivity and Cyber Risks
00:11:30 Lessons from Other Industries
00:12:15 GPS Spoofing and Navigation Interference
00:13:30 Digital Hijacking of Ships
00:14:45 Economic Disruption via Cyber Attacks
00:16:00 Financial Motivation Behind Attacks
00:17:15 Ransomware in Maritime Context
00:18:30 Panama Canal and Economic Impact
00:19:30 Cyber Security Maturity in Maritime Industry
00:21:00 Legacy Systems and Geopolitical Interests
00:22:15 Challenges with Security Solutions at Sea
00:23:30 Historical Cyber Incidents in Maritime
00:24:30 GPS Spoofing Techniques
00:25:15 International Maritime Organization Standards
00:26:30 Criminal Trends and Cyber Attacks
00:27:45 Open Source Tools and Threat Actors
00:28:45 Information Sharing in Maritime Industry
00:29:30 Real-World Examples of Cyber Incidents
00:31:00 Cruise Ships and Large Yachts Security
00:32:15 Autonomous Vessels and Cyber Protection
00:33:30 Future of Autonomous Vessels
00:34:15 Learning and Improving Cyber Security in Maritime
00:35:30 Role of Threat Intelligence in Maritime Security
00:36:15 Optimism for the Future of Maritime Security
00:37:30 Industry Awareness and Education Efforts
00:38:30 AI Integration in Maritime Security Solutions
00:39:15 Conclusion and Final Thoughts

In this sponsored conversation, I speak with Corey Ranslem, CEO of Dryad—and the resident expert on Maritime Attacks—and Ismael Valenzuela, VP of Threat Intelligence and Research at Blackberry.
We talked about all things Maritime Security, and I learned a whole lot from the conversation.
<a href="https://event.on24.com/wcc/r/4530009/DF690F9C60A307C572ED2AFC9EB232D3">Digital Hijacking at Sea: Unveiling a Cyber Attack Scenario in the Red Sea</a>
<a href="https://www.blackberry.com/us/en/solutions/threat-intelligence/threat-report">BlackBerry Quarterly Global Threat Report — March 2024</a>
00:00:00 Introduction and Guest Welcome 00:00:30 Maritime Security Overview 00:01:15 Baltimore Incident Discussion 00:02:00 Legacy Systems on Ships 00:03:20 Connectivity Challenges at Sea 00:04:10 Cyber Threats in Maritime Industry 00:05:00 Post-Accident Cyber Investigations 00:06:00 Potential Cyber Attacks on Ships 00:07:30 Threat Scenarios and Models 00:08:45 USB and External Media Threats 00:09:30 Evolution of Navigation System Connectivity 00:10:30 Crew Connectivity and Cyber Risks 00:11:30 Lessons from Other Industries 00:12:15 GPS Spoofing and Navigation Interference 00:13:30 Digital Hijacking of Ships 00:14:45 Economic Disruption via Cyber Attacks 00:16:00 Financial Motivation Behind Attacks 00:17:15 Ransomware in Maritime Context 00:18:30 Panama Canal and Economic Impact 00:19:30 Cyber Security Maturity in Maritime Industry 00:21:00 Legacy Systems and Geopolitical Interests 00:22:15 Challenges with Security Solutions at Sea 00:23:30 Historical Cyber Incidents in Maritime 00:24:30 GPS Spoofing Techniques 00:25:15 International Maritime Organization Standards 00:26:30 Criminal Trends and Cyber Attacks 00:27:45 Open Source Tools and Threat Actors 00:28:45 Information Sharing in Maritime Industry 00:29:30 Real-World Examples of Cyber Incidents 00:31:00 Cruise Ships and Large Yachts Security 00:32:15 Autonomous Vessels and Cyber Protection 00:33:30 Future of Autonomous Vessels 00:34:15 Learning and Improving Cyber Security in Maritime 00:35:30 Role of Threat Intelligence in Maritime Security 00:36:15 Optimism for the Future of Maritime Security 00:37:30 Industry Awareness and Education Efforts 00:38:30 AI Integration in Maritime Security Solutions 00:39:15 Conclusion and Final Thoughts

A Conversation on Maritime Security with BlackBerry Threat Intelligence

https://api.omny.fm/orgs/070af456-729b-4a0f-9c09-a6c100397b59/clips/3b4c84ee-2bb3-4b83-a9ba-b1720003721d/transcript

The US goes skills-based, AI is mostly prompting, simulation -> reality, 30 useful concepts, and more……

Subscribe to the newsletter at: 
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://twitter.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

See you in the next one!

The US goes skills-based, AI is mostly prompting, simulation -&gt; reality, 30 useful concepts, and more……
Subscribe to the newsletter at:  <a href="https://danielmiessler.com/subscribe">https://danielmiessler.com/subscribe</a>
Join the UL community at: <a href="https://danielmiessler.com/upgrade">https://danielmiessler.com/upgrade</a>
Follow on X: <a href="https://twitter.com/danielmiessler">https://twitter.com/danielmiessler</a>
Follow on LinkedIn: <a href="https://www.linkedin.com/in/danielmiessler">https://www.linkedin.com/in/danielmiessler</a>
See you in the next one!

UL NO. 431: Companies are Graphs of Algorithms

https://api.omny.fm/orgs/070af456-729b-4a0f-9c09-a6c100397b59/clips/d98ef94c-1fdb-4ec7-99cf-b16b01115225/transcript

How I use local AI models, MI5 vetting research students, the first AI deepfake racism attack, and more…

Subscribe to the newsletter at: 
https://danielmiessler.com/subscribe

Join the UL community at:
https://danielmiessler.com/upgrade

Follow on X:
https://twitter.com/danielmiessler

Follow on LinkedIn:
https://www.linkedin.com/in/danielmiessler

See you in the next one!

How I use local AI models, MI5 vetting research students, the first AI deepfake racism attack, and more…
Subscribe to the newsletter at:  <a href="https://danielmiessler.com/subscribe">https://danielmiessler.com/subscribe</a>
Join the UL community at: <a href="https://danielmiessler.com/upgrade">https://danielmiessler.com/upgrade</a>
Follow on X: <a href="https://twitter.com/danielmiessler">https://twitter.com/danielmiessler</a>
Follow on LinkedIn: <a href="https://www.linkedin.com/in/danielmiessler">https://www.linkedin.com/in/danielmiessler</a>
See you in the next one!

UL NO. 430: The Courage to be Disliked

https://api.omny.fm/orgs/070af456-729b-4a0f-9c09-a6c100397b59/clips/600d13eb-b0f4-4230-adc6-b165017057cd/transcript

Take 1 Security Podcast: Episode 5

In 1 playlist(s)

Unsupervised Learning

Social links

Follow podcast

Recent clips