Hello friend 👋
We're 7 days out from Christmas. Let's hope there are no more critical Citrix zero-days that need to be urgently patched as IT and cyber teams start taking their well-earned holidays between now and the new year.
This week in the world of cyber has been reasonably eventful. Lots of little things going on.
The FBI Got Hacked
The FBI operates a site called InfraGuard, which connects the FBI and critical infrastructure people together. So if you run a huge oil company and need to get in touch with the FBI or share intelligence with the community, you can do it through InfraGuard. The problem is, InfraGuard got hacked and now 80,000 of its members' contact information is being sold on the dark web. Much of this information is public, like simple email addresses, but collating it (bringing it together) for threat actors to use in phishing attacks will definitely increase the threat within the Critical National Infrastructure sector. Read the full story on Krebs.
GitHub Scanning For Passwords and More
GitHub will now scan all public repositories for secrets. Meaning that if you put an API key, credentials or secrets in over 200 different formats into a public repository, you'll get an alert. For free! I think this was a paid feature for a while, so it's awesome to see Microsoft making such a positive change for free here. If you're a developer, this is a great thing for you to be signed up for. This week's Cool Tools section below includes 2 GitHub tools! Read the full story on GitHub's blog.
Europol Shuts Down DDoS Websites
Through Operation POWER OFF, law enforcement across the US, UK, Germany, Poland and Netherlands seized servers belonging to some of the top DDoS tools available. Sites like these make it really easy for anyone to launch DDoS attacks for an affordable fee. This will have at least a short-term impact on global DDoS levels. The developers of the tools are likely to move to new servers and set up shop once again. Hopefully, law enforcement will be able to make some bold arrests in the near future. Read the announcement on Europol's website.
You can get in touch with me by simply hitting reply. I respond to every email that hits my inbox.
Until next week,
Fun Things This Week
Risky Business put out a great episode, the last one of the year for Patrick and the team. They cover a lot of hot topics in this episode, including Apple's new encryption efforts that have annoyed the FBI and updates to a few incidents I covered in recent editions of this newsletter like the Vanuatu hack.
1. SWITCHFIRE v2
As some of you may know, I've been busy developing v2 of my SWITCHFIRE Cyber Career Course and I'm very pleased to say that it's live! This course is aimed at people trying to land their first role in cyber security. With v1 I helped dozens of military people make the leap into cyber, v2 widens the scope to help anyone break into cyber security. If that sounds like you, check it out here!
If you're already in a cyber security role but want to get more opportunities coming to your inbox, I've released a series of workshops to help: LinkedIn 101, YouTube 101, Newsletters 101. Designed to help you make the most of your online presence through engaged audience building. If you'd like to check them out, go here.
3. Free Creator Crash Course
If you'd like to get a taste of these workshops, you can sign up for the Creator Crash Course for free by simply putting your email in the box below and hitting that big blue button!
👾 Cool Tools
Octosuite (from Bellingcat) is an OSINT framework that targets GitHub users and organizations. With over 20+ features, Octosuite only runs on 2 external dependencies. And returns the gathered intelligence in a well and highly readable format.
Legitify helps you detect and remediate misconfigurations and security & compliance issues across all your GitHub assets with ease.
If you've written a tool and you'd like me to see it, just drop me an email!
Whenever you’re ready, there are a few ways I can help you:
1. If you'd like to learn how to create content to raise your online profile, I have a free email crash course and a whole series of video workshops.
2. If you want to land a career in cyber security but don't know where to start, your best bet is through my SWITCHFIRE guide.
3. If you'd like to promote yourself or your business and help keep this newsletter free to its readers, you can sponsor it by dropping me an email.