Holon Network Podcast
Welcome to the Holon Network, a part of the DarkNet Project. We are a collaborative experience to gain and share knowledge and understanding, to inspire the next generation of hacker and maker communities, and to ultimately enhance our human experience. Our primary goals are to inspire community efforts in learning new technology and promoting good information security practices.
Episodes

Monday Feb 21, 2022
Monday Feb 21, 2022
In The News This Week 1 Bitcoin equals $37,233.09 United States Dollar https://www.coindesk.com/price/bitcoin Gold Price Per Ounce $1,917.10https://www.apmex.com/gold-price Oil Price Per Barl $93.43https://markets.businessinsider.com/commodities/oil-price?type=wti 1 Dogecoin equals $0.1292 USD https://coinmarketcap.com/currencies/dogecoin/ This Week In Vulnerabilities: Vulnerability Summary for the Week of February 14, 2022https://www.cisa.gov/uscert/ncas/bulletins/sb22-052 This Week In Privacy Or Lack Thereof: Windows 11 Pro will soon require a Microsoft Accounthttps://www.theverge.com/2022/2/18/22940517/windows-11-pro-require-microsoft-account-internet-connection Never, Ever, Ever Use Pixelation for Redacting Texthttps://bishopfox.com/blog/unredacter-tool-never-pixelation Covid testing firm ‘selling swabs carrying customers’ DNA’ to third partieshttps://www.thelondoneconomic.com/news/covid-testing-firm-selling-swabs-carrying-customers-dna-to-third-parties-301236/ Clearview AI aims to put almost every human in facial recognition databasehttps://arstechnica.com/tech-policy/2022/02/clearview-ai-aims-to-put-almost-every-human-in-facial-recognition-database/ Magecart Attackers Compromised 500 E-Commerce Sites Through Vulnerable Plugin and Planted Credit Card Skimmer and Backdoorshttps://www.cpomagazine.com/cyber-security/magecart-attackers-compromised-500-e-commerce-sites-through-vulnerable-plugin-and-planted-credit-card-skimmer-and-backdoors/ This Week In Security: Linux developers patch security holes faster than anyone else, says Google Project Zerohttps://www.zdnet.com/article/google-project-zero-finds-linux-developers-patch-security-holes-faster-than-anyone-else/ A Hacker Group Has Been Framing People for Crimes They Didn't Commithttps://gizmodo.com/a-hacker-group-has-been-framing-people-for-crimes-they-1848522497 Severe WordPress Plug-In UpdraftPlus Bug Threatens Backupshttps://threatpost.com/severe-wordpress-plug-in-updraftplus-bug-threatens-backups/178528/ Miscellaneous Stories: Dad takes down town's internet by mistake to get his kids offlinehttps://www.bleepingcomputer.com/news/technology/dad-takes-down-towns-internet-by-mistake-to-get-his-kids-offline/ Microsoft eyeing deal to buy cybersecurity firm Mandiant -Bloomberg https://www.reuters.com/technology/microsoft-considers-deal-buy-cybersecurity-firm-mandiant-bloomberg-news-2022-02-08/ Cool Tools We Found This Week: https://hak5.org/products/shark-jack

Wednesday Feb 16, 2022
Wednesday Feb 16, 2022
In The News This Week 1 Bitcoin equals $43,996.34 United States Dollar https://www.coindesk.com/price/bitcoin Gold Price Per Ounce $1,859.80https://www.apmex.com/gold-price Oil Price Per Barl $91.93 https://markets.businessinsider.com/commodities/oil-price?type=wti 1 Dogecoin equals $0.1501 USD https://coinmarketcap.com/currencies/dogecoin/ This Week In Vulnerabilities: Vulnerability Summary for the Week of February 7, 2022https://www.cisa.gov/uscert/ncas/bulletins/sb22-045 Apple Releases iOS, iPadOS, macOS Updates to Patch Actively Exploited Zero-Day Flawhttps://thehackernews.com/2022/02/apple-releases-ios-ipados-macos-updates.html This Week In Privacy Or Lack Thereof: A Data Broker Has Millions of Workers' Paystubs; See If They Have Yourshttps://www.nbcbayarea.com/investigations/consumer/data-brokers-have-millions-of-workers-paystubs-see-if-they-have-yours/2806271/ The CIA Has a Secret Data Collection Program That Includes Some Records on Americans, Senators Sayhttps://gizmodo.com/cia-secret-bulk-collection-program-wyden-heinrich-1848519509 SFPD Puts Rape Victims' DNA Into Database Used To Find Criminals, DA Alleges https://yro.slashdot.org/story/22/02/15/2239206/sfpd-puts-rape-victims-dna-into-database-used-to-find-criminals-da-alleges Victory! ID.me to Drop Facial Recognition Requirement for Government Serviceshttps://www.eff.org/deeplinks/2022/02/victory-irs-wont-require-facial-recognition-idme Maryland Bill Offers Strong Privacy Protections Against Biometric Data Collection https://www.eff.org/deeplinks/2022/02/maryland-steps-strong-biometric-privacy-bill This Week In Security: FBI Sees Huge Increase in SIM-Swapping Attackshttps://www.pcmag.com/news/fbi-sees-huge-increase-in-sim-swapping-attacks Miscellaneous Stories: The reporter accused by the governor of Missouri of criminal hacking after reporting a data leak on a state website will not be charged. https://twitter.com/JoeUchill/status/1492548681479995396?t=BqKAdz0OLEOs_nGAfCGwVw&s=09 Akamai To Acquire Linode to Provide Businesses with a Developer-friendly and Massively-distributed Platform to Build, Run and Secure Applicationshttps://www.akamai.com/newsroom/press-release/akamai-to-acquire-linode Valve Releases Steam Deck CAD Files Allowing Anyone To 3D-Print Custom Shells https://games.slashdot.org/story/22/02/13/2129253/valve-releases-steam-deck-cad-files-allowing-anyone-to-3d-print-custom-shells Steam Deck Teardown: Everything Valve Said Not to Do!https://www.ifixit.com/News/57101/steam-deck-teardown Cool Tools We Found This Week: OSINT Geo-Tweethttps://birdhunt.co/ Nrich: a tool to quickly find the open ports and vulnerabilities for a list of IPs https://twitter.com/shodanhq/status/1493294091299348484?t=vUrL9QxTaV9XGN_EMydcqw&s=09 IntelOwl - Open-Source Threat Intelligence Platform!https://intelowlproject.github.io/ Projects For This Week: Badgelife Trackerhttps://twitter.com/Ciph3rdoc/status/1493374126077186049?t=bNkD6AU3UW5KdsV362CSXQ&s=09

Wednesday Feb 16, 2022
Wednesday Feb 16, 2022
In The News This Week 1 Bitcoin equals $44,054.49 United States Dollar https://www.coindesk.com/price/bitcoin Gold Price Per Ounce $1,830.30 https://www.apmex.com/gold-price Oil Price Per Barl $91.10 https://markets.businessinsider.com/commodities/oil-price?type=wti 1 Dogecoin equals $0.1643 USD https://coinmarketcap.com/currencies/dogecoin/ This Week In Vulnerabilities: Vulnerability Summary for the Week of January 24, 2022https://www.cisa.gov/uscert/ncas/bulletins/sb22-031 Vulnerability Summary for the Week of January 31, 2022https://www.cisa.gov/uscert/ncas/bulletins/sb22-038 Linux system service bug gives root on all major distros, exploit releasedhttps://www.bleepingcomputer.com/news/security/linux-system-service-bug-gives-root-on-all-major-distros-exploit-released/ UEFI firmware vulnerabilities affect at least 25 computer vendorshttps://www.bleepingcomputer.com/news/security/uefi-firmware-vulnerabilities-affect-at-least-25-computer-vendors/ Ransomware Wants You to Like and Subscribe, Or Elsehttps://www.vice.com/en/article/epx5ne/ransomware-wants-you-to-like-and-subscribe-or-else This Week In Privacy Or Lack Thereof: NSO tried to buy access to cell networks for “bags of cash,“ whistleblower sayshttps://arstechnica.com/tech-policy/2022/02/report-nso-offered-us-firm-bags-of-cash-for-help-spying-on-cellphone-users/ FBI confirms it obtained NSO’s Pegasus spywarehttps://www.theguardian.com/news/2022/feb/02/fbi-confirms-it-obtained-nsos-pegasus-spyware Facebook Says it Will Stop Operating in Europe If Regulators Don’t Back Dowhttps://9to5mac.com/2022/02/07/meta-pull-facebook-instagram-from-europe/ Facebook: Daily active users fall for first time in 18-year historyhttps://www.bbc.com/news/business-60238565 Google Workspace to strip privacy control from admins, re-enable trackinghttps://arstechnica.com/gadgets/2022/02/confusing-google-workspace-privacy-change-will-re-enable-tracking-for-users/ Google abandons FLoC, introduces Topics API to replace tracking cookieshttps://www.theverge.com/2022/1/25/22900567/google-floc-abandon-topics-api-cookies-tracking It’s Back: Senators Want EARN IT Bill to Scan All Online Messageshttps://www.eff.org/deeplinks/2022/02/its-back-senators-want-earn-it-bill-scan-all-online-messages List of EARN IT sponsershttps://www.reddit.com/r/privacy/comments/slulcn/list_of_politicians_pushing_the_draconian_earn_it/ IRS To Ditch Biometric Requirement for Online Accesshttps://krebsonsecurity.com/2022/02/irs-to-ditch-biometric-requirement-for-online-access/ ID.me CEO backtracks on claims company doesn't use powerful facial recognition techhttps://www.cyberscoop.com/id-me-ceo-backtracks-on-claims-company-doesnt-use-powerful-facial-recognition-tech/ This Week In Security: Microsoft will block downloaded macros in Office versions going back to 2013https://arstechnica.com/gadgets/2022/02/microsoft-will-block-downloaded-macros-in-office-versions-going-back-to-2013/ UK government plans to release Nmap scripts for finding vulnerabilitieshttps://therecord.media/uk-government-plans-to-release-nmap-scripts-for-finding-vulnerabilities/ Same folks who make https://gchq.github.io/CyberChef/ Miscellaneous Stories: Google wants schools to teach Chromebook repair classeshttps://arstechnica.com/gadgets/2022/02/google-launches-a-chromebook-repair-program-for-schools/ https://frame.work/blog/frameworks-series-a-and-the-years-ahead Subaru and Kia dealers in Massachusetts have disabled systems that allow remote starts and send maintenance alertshttps://www.wired.com/story/fight-right-repair-cars-turns-ugly/ 64-bit Raspberry Pi OS exits beta, is available for all Pi 3, 4, and Zero 2 boardshttps://arstechnica.com/gadgets/2022/02/64-bit-raspberry-pi-os-exits-beta-is-available-for-all-pi-3-4-and-zero-2-boards/ Finding Vulnerabilities in Open Source Projectshttps://www.schneier.com/blog/archives/2022/02/finding-vulnerabilities-in-open-source-projects.html North Korea Hacked Him. So He Took Down Its Internet - Thanks to kingrythttps://www.wired.com/story/north-korea-hacker-internet-outage/ Cool Tools We Found This Week: A knowledge graph of cybersecurity countermeasureshttps://d3fend.mitre.org/

Wednesday Feb 16, 2022
Wednesday Feb 16, 2022
In The News This Week 1 Bitcoin equals $29,999,49 United States Dollar https://www.coindesk.com/price/bitcoin Gold Price Per Ounce $1,845.50https://www.apmex.com/gold-price Oil Price Per Barl $83.10https://markets.businessinsider.com/commodities/oil-price?type=wti 1 Dogecoin equals $0.1532 USD https://coinmarketcap.com/currencies/dogecoin/ This Week In Vulnerabilities: Vulnerability Summary for the Week of January 10, 2022https://www.cisa.gov/uscert/ncas/bulletins/sb22-017 buffer overflow DoS attack in windows HTTP protocol stackhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-21907 VICTORY: Google Releases “disable 2g” Feature for New Android Smartphoneshttps://www.eff.org/deeplinks/2022/01/victory-google-releases-disable-2g-feature-new-android-smartphones This Week In Privacy Or Lack Thereof: Revealed: UK Gov’t Plans Publicity Blitz to Undermine Privacy of Your Chats https://www.rollingstone.com/culture/culture-news/revealed-uk-government-publicity-blitz-to-undermine-privacy-encryption-1285453/ Thanks to Karma/SMAG for the update on this story Insurer of McDonald’s Operator Off Hook for Privacy Litigationhttps://news.bloomberglaw.com/privacy-and-data-security/insurer-of-mcdonalds-operator-off-hook-for-privacy-litigation https://topclassactions.com/lawsuit-settlements/privacy/mcdonalds-knew-clock-in-system-would-violate-the-rights-of-employees-says-insurer-in-bid-to-escape-bipa-suits/ IRS Will Soon Require Selfies for Online Accesshttps://krebsonsecurity.com/2022/01/irs-will-soon-require-selfies-for-online-access/ This Week In Security: Microsoft fixes Patch Tuesday bug that broke VPN in Windows 10 and 11https://arstechnica.com/gadgets/2022/01/microsoft-fixes-patch-tuesday-bug-that-broke-vpn-in-windows-10-and-11/ REvil ransomware gang arrested in Russiahttps://www.bbc.com/news/technology-59998925 If you Install Windows 11 with a local account instead of a Microsoft account it uses bitlocker, but keeps it in plaintexthttps://twitter.com/atomicthumbs/status/1482859329858404352?t=pJfbJLB3fV3xOb7HJlCmrA&s=09 Miscellaneous Stories: Cybersecurity conferences 2022: A rundown of online, in person, and ‘hybrid’ eventshttps://portswigger.net/daily-swig/cybersecurity-conferences-a-rundown-of-online-in-person-and-hybrid-events zevlag feels the pain, Google to free G Suite users: Pay up or lose your accounthttps://arstechnica.com/gadgets/2022/01/google-tells-free-g-suite-users-pay-up-or-lose-your-account/ McAfee Enterprise and FireEye are now called Trellixhttps://www.zdnet.com/article/mcafee-enterprise-and-fireeye-are-now-called-trellix/ Silk: Proof of Pwnagehttps://www.youtube.com/watch?v=F18D7IXIz4U Nine-year-old kids are launching DDoS attacks against schoolshttps://www.bitdefender.com/blog/hotforsecurity/nine-year-old-kids-are-launching-ddos-attacks-against-schools/ Cool Tools We Found This Week: Projects For This Week: Thanks Praxaeushttps://www.humblebundle.com/books/arduino-circuits-electronics-morgan-claypool-books Gaterhttps://www.crowdsupply.com/nabu-casa/home-assistant-yellow Digital_Tinkerhttps://tasmota.github.io/docs/https://github.com/ct-Open-Source/tuya-converthttps://community.home-assistant.io/t/geeni-gnc-sw003-wifi-power-bar-tasmotized/87075/8

Wednesday Feb 16, 2022
Wednesday Feb 16, 2022
In The News This Week 1 Bitcoin equals $41,867.33 United States Dollar https://www.coindesk.com/price/bitcoin Gold Price Per Ounce $1,814.20https://www.apmex.com/gold-price Oil Price Per Barl $78.48 https://markets.businessinsider.com/commodities/oil-price?type=wti 1 Dogecoin equals $0.1436 USD https://coinmarketcap.com/currencies/dogecoin/ This Week In Vulnerabilities: Vulnerability Summary for the Week of January 3, 2022https://www.cisa.gov/uscert/ncas/bulletins/sb22-010 VMware Patches Important Bug Affecting ESXi, Workstation and Fusion Products https://thehackernews.com/2022/01/vmware-patches-important-bug-affecting.html This Week In Privacy Or Lack Thereof: T-Mobile begins blocking iPhone users from enabling iCloud Private Relay in the UShttps://9to5mac.com/2022/01/10/t-mobile-block-icloud-private-relay/ Facebook Launches 'Privacy Center' to Educate Users on Data Collection and Privacy Optionshttps://thehackernews.com/2022/01/facebook-launches-privacy-center-to.html This Week In Security:Norton 360 Now Comes With a Cryptominerhttps://krebsonsecurity.com/2022/01/norton-360-now-comes-with-a-cryptominer/ FAQ: Norton Cryptohttps://community.norton.com/en/forums/faq-norton-crypto 500M Avira Antivirus Users Introduced to Cryptomininghttps://krebsonsecurity.com/2022/01/500m-avira-antivirus-users-introduced-to-cryptomining/ Crypto Miner in Norton Antivirus, Why I care and you SHOULD too - Silk's Channelhttps://www.youtube.com/watch?v=H4uiSLs0kzE Miscellaneous Stories: Amazon Unveils Sidewalk Bridge Pro by Ring, Offering a Five-Mile Range for LoRa IoT Connectivityhttps://www.hackster.io/news/amazon-unveils-sidewalk-bridge-pro-by-ring-offering-a-five-mile-range-for-lora-iot-connectivity-c36f5a8f8d42 Moxie Marlinspike has stepped down as CEO of Signal https://www.theverge.com/2022/1/10/22876891/signal-ceo-steps-down-moxie-marlinspike-encryption-cryptocurrency Cool Tools We Found This Week: Projects For This Week: ConBee2https://phoscon.de/en/conbee2

Monday Jan 03, 2022
Monday Jan 03, 2022
Holon Network Podcast for 2022-01-03 1 Bitcoin equals $47,059.12 United States Dollar https://www.coindesk.com/price/bitcoin Gold Price Per Ounce $1,811.80 https://www.apmex.com/gold-price Oil Price Per Barl $76.47https://markets.businessinsider.com/commodities/oil-price?type=wti 1 Dogecoin equals $0.1698 USD https://coinmarketcap.com/currencies/dogecoin/ This Week In Vulnerabilities: https://www.cisa.gov/uscert/ncas/bulletins/2022 Vulnerability Summary for the Week of December 20, 2021https://www.cisa.gov/uscert/ncas/bulletins/sb21-361 New Apache Log4j Update Released to Patch Newly Discovered Vulnerabilityhttps://thehackernews.com/2021/12/new-apache-log4j-update-released-to.html CISA releases Apache Log4j scanner to find vulnerable appshttps://www.bleepingcomputer.com/news/security/cisa-releases-apache-log4j-scanner-to-find-vulnerable-apps/ Google Log4J scannerhttps://github.com/google/log4jscanner This Week In Privacy Or Lack Thereof: Feds admit tracking 33 million mobile phone devices during lockdownshttps://torontosun.com/news/national/feds-admit-tracking-33-million-mobile-phone-devices-during-lockdowns EU's Digital Identity Framework Endangers Browser Securityhttps://www.eff.org/deeplinks/2021/12/eus-digital-identity-framework-endangers-browser-security Fighting For You From Coast to Coast: 2021 In Reviewhttps://www.eff.org/deeplinks/2021/12/fighting-you-coast-coast-year-review-2021 This Week In Security: Detecting Evasive Malware on IoT Devices Using Electromagnetic Emanationshttps://thehackernews.com/2022/01/detecting-evasive-malware-on-iot.html Gov. Parson Says He Believes Prosecutor Will Bring Charges Against Reporter For Using 'View Source' https://yro.slashdot.org/story/21/12/30/1930230/gov-parson-says-he-believes-prosecutor-will-bring-charges-against-reporter-for-using-view-source Apache Log4j bug: China’s industry ministry pulls support from Alibaba Cloud for not reporting flaw to government firsthttps://www.scmp.com/tech/big-tech/article/3160670/apache-log4j-bug-chinas-industry-ministry-pulls-support-alibaba-cloud DHS Admits Facial Recognition Photos Were Hacked, Released on Dark Webhttps://www.vice.com/en/article/m7jzbb/dhs-admits-facial-recognition-photos-were-hacked-released-on-dark-web Miscellaneous Stories: Cool Tools We Found This Week: 12 HOURS of Free Ethical Hacking Traininghttps://twitter.com/thecybermentor/status/1477990622720102402 Hot Email Filtering Tiphttps://twitter.com/RayRedacted/status/1477520919425953792 WIFI PINEAPPLE MK7 Ac module https://shop.hak5.org/products/wifi-pineapple Projects For This Week: 3d Print your own 19cm network rackhttps://www.prusaprinters.org/prints/108975-19cm-network-rack DT - want to make Valve Humming Bird headphoneshttps://cdn.akamai.steamstatic.com/valvesoftware/images/index/speakers06.jpg Upcoming Events: Wednesday Night Workshop: Building a Home Lab Resources Building Virtual Machine Labs: A Hands-on Guide (Second Edition)https://leanpub.com/avatar2 Network Diagram Softwarehttps://app.diagrams.net/

Monday Dec 20, 2021
Monday Dec 20, 2021
In The News This Week Last Podcast for 2021 1 Bitcoin equals $46,923.78 United States Dollar https://www.coindesk.com/price/bitcoin Gold Price Per Ounce $1,797.60 https://www.apmex.com/gold-price Oil Price Per Barl $70.98 https://markets.businessinsider.com/commodities/oil-price?type=wti 1 Dogecoin equals $0.1667 USD https://coinmarketcap.com/currencies/dogecoin/ This Week In Vulnerabilities: No CISA Weekly Bulletin has been posted by the time of recording Researchers Uncover New Coexistence Attacks On Wi-Fi and Bluetooth Chips https://thehackernews.com/2021/12/researchers-uncover-new-coexistence.html?m=1 Google Says NSO Pegasus Zero-Click 'Most Technically Sophisticated Exploit Ever Seen' https://www.securityweek.com/google-says-nso-pegasus-zero-click-most-technically-sophisticated-exploit-ever-seen CISA Guidance on GitHub for Log4J https://github.com/cisagov/log4j-affected-db Google: More than 35,000 Java packages impacted by Log4j vulnerabilities https://therecord.media/google-more-than-35000-java-packages-impacted-by-log4j-vulnerabilities/ Log4J Memeshttps://log4jmemes.com/ New Mobile Network Vulnerabilities Affect All Cellular Generations Since 2G https://thehackernews.com/2021/12/new-mobile-network-vulnerabilities.html This Week In Privacy Or Lack Thereof: Apple scrubs controversial CSAM detection feature from webpage https://www.theverge.com/2021/12/15/22837631/apple-csam-detection-child-safety-feature-webpage-removal-delay Google Drive could soon start locking your files https://www.techradar.com/news/google-drive-could-soon-start-locking-your-personal-files Qualcomm’s new always-on smartphone camera is a potential privacy nightmare https://www.theverge.com/22811740/qualcomm-snapdragon-8-gen-1-always-on-camera-privacy-security-concerns Verizon tries to defend collecting browsing data on its network https://www.theverge.com/2021/12/17/22841372/verizon-custom-experience-opt-out-notification-email-marketing-data-collection Facebook bans 7 'surveillance-for-hire' companies that spied on 50,000 users https://www.npr.org/2021/12/16/1064628654/facebook-bans-surveillance-firms-that-spied-on-50000-people Boston Police Bought Spy Tech With a Pot of Money Hidden From the Public https://www.propublica.org/article/boston-police-bought-spy-tech-with-a-pot-of-money-hidden-from-the-public#1203986 Apple releases Android app to help find sneaky AirTags https://www.theverge.com/2021/12/13/22832731/apple-android-app-airtag-search-tracker-detect-find-my This Week In Security: PinePhone Malware Surprises Users, Raises Questions https://hackaday.com/2021/12/16/pinephone-malware-surprises-users-raises-questions/ Firefox fixes password leak via Windows Cloud Clipboard feature https://therecord.media/firefox-fixes-password-leak-via-windows-cloud-clipboard-feature/ Miscellaneous Stories: Cool Tools We Found This Week: Simula One VR https://simulavr.com/ https://www.humblebundle.com/books/gifts-for-technically-inclined-oreilly-books Syft - CLI tool and Go library for generating a Software Bill of Materials (SBOM) https://github.com/anchore/syft Grype - A vulnerability scanner for container images and filesystems. https://github.com/anchore/grype Projects For This Week: log4j Holiday Spinning Ornament https://www.prusaprinters.org/prints/98697-log4j-holiday-spinning-ornament New Podcast upgrades New Intro music from HeckSeven New Graphics New Website up

Monday Dec 20, 2021
Monday Dec 20, 2021
In The News This Week 1 Bitcoin equals $46,864.50 United States Dollar https://www.coindesk.com/price/bitcoin Gold Price Per Ounce $1,796.20 https://www.apmex.com/gold-price Oil Price Per Barl $71.33 https://markets.businessinsider.com/commodities/oil-price?type=wti 1 Dogecoin equals $0.1574 USD https://coinmarketcap.com/currencies/dogecoin/ This Week In Vulnerabilities: Vulnerability Summary for the Week of December 6, 2021 https://www.cisa.gov/uscert/ncas/bulletins/sb21-347 Log4Shell: RCE 0-day exploit found in log4j 2, a popular Java logging package https://www.lunasec.io/docs/blog/log4j-zero-day/ LunaSec Guide to Log4J https://www.lunasec.io/docs/blog/log4j-zero-day-mitigation-guide/ Facing cybersecurity threats, Quebec shuts down government websites for evaluation https://www.cbc.ca/news/canada/montreal/quebec-cybersecurity-threat-government-website-1.6283133 BHIS - Talkin' Bout [infosec] News 2021-12-13 | The Floor is Java https://www.youtube.com/watch?v=igoDXnkYDy8 Diagrams for the #Log4j #Log4Shell that can help people discuss things. Hope this helps https://twitter.com/mubix/status/1470430085169745920 https://www.tenable.com/blog/cve-2021-44228-proof-of-concept-for-critical-apache-log4j-remote-code-execution-vulnerability https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592 current running list of affected software and what companies has made a post about it for the c-level 2 questions are going to ask: How many machines have this installed? How many are compromised and talking with the outside world? Get your Zeek logs and search for Java, and it will answer both of those questions SheHacksPurple: Log4J explained for Software Developers and AppSec Folks https://www.youtube.com/watch?v=-LcgOCcP7Hs How Log4J Works and Detecting It In Your Environment (DEMO AND TOOLS) https://www.youtube.com/watch?v=GvS-V27kFps https://hub.crowdsec.net/author/crowdsecurity/configurations/apache_log4j2_cve-2021-44228 This Week In Privacy Or Lack Thereof: Swiss tech company boss accused of selling mobile network access for spying https://www.thebureauinvestigates.com/stories/2021-12-06/swiss-tech-company-boss-accused-of-selling-mobile-network-access-for-spying Ukraine Arrests 51 For Selling Data of 300 Million People In US, EU https://yro.slashdot.org/story/21/12/13/2128259/ukraine-arrests-51-for-selling-data-of-300-million-people-in-us-eu This Week In Security: Microsoft says it took over servers being used by China-based hacking group Nickel https://www.theverge.com/2021/12/7/22822255/microsoft-hackers-china-nickel-apt15 iOS 15.2 and macOS 12.1 add several previously delayed features https://arstechnica.com/gadgets/2021/12/apples-ios-15-2-and-macos-12-1-updates-hit-supported-devices-today/ Miscellaneous Stories: Hackers Are Spamming Businesses’ Receipt Printers With ‘Antiwork’ Manifestos https://www.vice.com/en/article/qjbb9d/hackers-are-spamming-businesses-receipt-printers-with-antiwork-manifestos Toyota owners have to pay $8/mo to keep using their key fob for remote start https://arstechnica.com/cars/2021/12/toyota-owners-have-to-pay-8-mo-to-keep-using-their-key-fob-for-remote-start/