February 19, 2023

TSD #029: SMS 2FA is a premium feature 🤔

Presented by CultureAI

Say hello to CultureAI. They help companies monitor and respond to over 35 human cyber risk behaviours. CultureAI can deliver automated nudges when users fail attack sims via email/Slack/MFA. They can also deliver fully automated, intelligent email phishing and stop users from sharing PII on public platforms. Discover today how easily CultureAI can connect with your workplace apps and change risky user behaviour in your organisation. Learn more about CultureAI.

Hello friend 👋

A lot going on this week across the cyber landscape. My favourite bit of reading this week was from Google's Threat Analysis Group which provided a huge report on Russian State operations throughout 2022 within Ukraine. It's a beautiful and easy-to-read report and well worth your attention.

1 in 4 coins is a scam

Senior Wired reporter Andy Greenberg gave us a deep dive into cryptocurrency scams based on research from Chainalysis and demonstrated that a staggering 1 in 4 new tokens of any value is a scam:

Looking across the million-plus crypto tokens created in 2022, Chainalysis found that only a tiny fraction of them, 9,902, ever convinced anyone to buy them and thus gained any value. Of those, they found that fully 24 percent were brazen, short-term pump-and-dumps perpetrated by the token's creator, dumped within their first week on sale.

I haven't bought any crypto in a long time, but if you're in that game...the word of the day is caution.

Atlassian employee data leaked

If you work in a large company you will have undoubtedly heard of Atlassian. They power big businesses with their Confluence and Jira applications. This week, they announced a data breach after a developer stored their credentials in a public repository 😬

SMS 2FA is a premium feature?

Twitter announced that only paying Twitter users will be able to use SMS-based 2FA. This is likely a cost-cutting exercise to force people to use software-based 2FA tokens. It's also a good move from a security perspective because SMS 2FA is the worst kind.

The FBI got hacked

CNN reported that the FBI is dealing with a hacking incident on their systems. As this is an ongoing incident, we're not likely to hear the results for some time.

You can get in touch with me by simply hitting reply. I respond to every email that hits my inbox.

Until next week,

Gary ✌️

Fun Things This Week

📓 Books

If you were here for last week's newsletter, you know I've started writing near-daily cyber news on my new site, TEARLINE. In an effort to raise the quality of my writing and reporting, I've picked up a copy of The Universal Journalist by David Randall & Jemma Crew. If you're into writing, this book is a must-read.

👾 Cool Tools

Upload Bypass Carnage is a tool to help you upload restricted files to servers. Like when you have a reverse shell inside a PNG file, but the server doesn't accept PNG files. This might help!

Invoke-Transfer is a PowerShell clipboard data transfer tool that helps you send files in restricted environments such as Citrix, RDP, VNC, and Guacamole. As long as you can send text through the clipboard, you can send files in text format, in small Base64 encoded chunks.

Whenever you’re ready, there are a few ways I can help you:

1. If you'd like to get daily cyber news updates, follow Tearline on LinkedIn or join the Telegram channel.

2. If you'd like to learn how to create content to raise your online profile, I have a free email crash course and a whole series of video workshops.

3. If you want to land a career in cyber security but don't know where to start, your best bet is through my SWITCHFIRE guide.

4. If you'd like to promote yourself or your business and help keep this newsletter free to its readers, you can sponsor it by dropping me an email.

More Articles
Subscribe to The Sunday Download

Receive weekly news and insights in your inbox. Don't miss out!

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.