February 26, 2023

TSD #030: Publicly available Special Forces emails.

3 mins

Presented by Career Transitions

Say hello to Career Transitions. Whether you’re just starting out in your career, a seasoned pro looking to progress or you’re looking to change careers - they have the expertise to support you. Securing a new job can be life-changing, so you should give yourself the best possible chance of success and let Career Transitions build you a truly professional CV/resumé. Think of them as Personal Trainers for your career: you might achieve results on your own, but why not be the best that you can be and partner with experts? Build a winning resumé

Hello friend 👋

I hope you're all keeping well. It's been a zany week in the cyber landscape with governments and banks being kept on their toes by pesky threat actors and sloppy IT administrators. Let's run through this week's cyber news:

Special Forces emails

The highlight of the week was the US Special Operations Command (SOCOM) leaving a completely unsecured email server exposed to the public-facing Internet. No password. Nothing. Just sitting there available for anyone to read. Be it a casual bystander or a Nation State's intelligence service. SOCOM used Microsoft's Azure to run the server and it was discovered by a security researcher and then ultimately reported to SOCOM. Read more.

Bank's biometrics bypassed

Motherboard reporter Joe Cox used a free AI voice tool to bypass the biometric security of his own Lloyd's bank account. The proliferation of AI technology, from image generation, content authoring, voice cloning and more, is starting to heat up in the cybersecurity world. Read more.

Dutch police deal with a DIVD insider

Three people were arrested in the Netherlands for computer crimes, one of the detained was an insider at the Dutch Institute for Vulnerability Disclosure (DIVD). Insider cases are seldom reported, and this one is a shocking breach of trust in the DIVD's code of conduct. Read more.

You can get in touch with me by simply hitting reply. I respond to every email that hits my inbox.

Until next week,

Gary ✌️

Fun Things This Week

📽️ Gear

I just ordered a Sony ZV-E10L (Sony has the best product names 🙄). It's sold as a vlogging camera. It'll arrive today and I'll give my thoughts in next week's newsletter. Stay tuned on my YouTube for some shorts about it.

🎙️ Podcasts

This week on Risky Business, Patrick interviews Andrew Boyd, the Director of CIA's Centre for Cyber Intelligence. This is a must-listen episode for us all! Lots to be learned. Listen on: Spotify or Apple Podcasts.

👾 Cool Tools

CVE Vulnerability Information Downloader is a tool that downloads information from NIST, First.Org, and CISA and then combines it into a single list.

Gmail-RAT is a fully undetectable C2 server that communicates via Google SMTP to evade antivirus protections and some network traffic restrictions.

See you next week,

Gary

Say hi 👋 on Twitter or LinkedIn

☎️ Book a 1:1 call with me

👋 Ways I can help you

  1. Sponsor this newsletter - get in front of 1,500+ infosec readers.
  2. Get daily cyber news - LinkedIn, Twitter, or Telegram.
  3. Cyber Career Course - the fastest way to a career in cybersecurity.
  4. Take a workshop - learn essential skills to create content.
  5. Have me speak at your event.