Big thank you to Cisco for sponsoring this video! (And for the FREE Ethical Hacking Training!) // Free Ethical Hacking course // Free Ethical Hacking course: skillsforall.com/course/ethical-hacker?courseLang=en-US // Talos Report // 2024 Q1 Trends: blog.talosintelligence.com/talos-ir-quarterly-trends-q1-2024/ These are the threats you need to be aware of in 2024 from the Talos Report: * Talos IR also observed a variety of threats in engagements, including data theft extortion, brute-force activ- ity targeting VPNs, and the previously seen commodity loader Gootloader. * Talos IR responded to new variants of Phobos and Akira ransomware for the first time this quarter as well as the previously seen LockBit and Black Basta ransomware operations. * A recent Talos IR engagement suggests that Akira has returned to using encryption as an additional extortion method, now deploying a multipronged attack strategy to target Windows and Linux ma- chines. * Security researchers discovered an MFA bypassing phishing kit called “Tycoon 2FA” that has since become one of the most widespread phishing kits. However, this has yet to appear in any Talos IR engagements. Firewalls getting hacked: ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices: blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ AI voice cloning: The use of voice cloning of voice mails to sound authentic. Attackers use voice clones to phone help desk and reset passwords etc. 2FA is a major issue: "Users accepting unauthorized MFA push notifications was the top observed security weakness, accounting for 25 percent of engagements this quarter. The lack of proper MFA implementation closely followed, accounting for 21 percent of engagements, a 44 percent decrease from the previous quarter" // Martin Lee’s SOCIAL // Twitter / X: twitter.com/mlee_security LinkedIn: www.linkedin.com/in/martinlee/ Talos Blog: blogs.cisco.com/tag/trac/ Security Website: sec.cloudapps.cisco.com/security/center/home.x Cisco Blog: blogs.cisco.com/author/martinlee // Book // Cyber Threat Intelligence by Martin Lee: USA: amzn.to/4dJ2LQj UK: amzn.to/3K3TqVH // Articles MENTIONED // Talos Incident Response Threat Summary for Jan- March 2024: blog.talosintelligence.com/content/files/2024/04/Talos-IR-Trends--Q1-2024-.pdf // David SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: twitter.com/davidbombal Instagram: instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal RUclips: www.youtube.com/@davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MY STUFF // www.amazon.com/shop/davidbombal // MENU // 00:00 - Coming up 00:58 - Intro 01:14 - Firewall Hacking 05:23 - Patching, Configuration & MFA 09:44 - Logging 13:14 - The Cuckoo's Egg 15:53 - MFA Fatigue 19:10 - Weaknesses in MFA 23:45 - SMS 2FA 25:15 - A.I Voice Cloning 31:11 - Brute Force VPNs 33:17 - Is MFA/2FA Effective? 36:03 - Tycoon 2FA 37:32 - Cyber Paranoia & Self-Care 42:46 - Final Thoughts 43:54 - Outro firewalls cisco talos cisco talos pegasus spyware hacking hacker malware Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #ai #iphone #android
Exactly: We need to Learn more Programming, cause if ai 🤖 gets in crazyness we have to know how to not pull the trigger. Coding ai 🤖 is not difficult, but what it is used 4, ex war industri we have to look out for buggs, debuggable machines that are used at war, is so dangerous! I ALLWAYS talk nice to ai 🤖 bots. We need to Learn: 1. How to Code ethically 2. How to turn criminals go and do better, 4 example: Disney Worl: They use ”bad” people as former car-thieves, to protected the car-areas! It is stupid, being thieve or criminal. Every body know: If you are to rob a bank, you need freaking projekt leading! 😅😂🤣😇 So do become Agile and Scrum lol 😜 And do it in Peace. 😅 There is allways Good to work towards ethics And protected human rights 😊😢 The programe of Tails does not leave trace it is encrypted! 😢 I have not used Tails, but in Sweden Climate & Treehuggers, and people manifesting against rasism, get in jail. That’s why the climate lovers use encrypted, programs, for we are beeing in lots of loss of democrazy rights. But the Nazis (Jimmy Åkesson) are allowed to do Chaos And then i really love the open source community that is nice to trust eachother. 😊
After passing Sec +, it’s really great to hear real life scenarios going on in cybersecurity world. These threat actors don’t stop either, u have to be defensive minded 24/7. Great content David.
Pls make a video with OTW that include topics like "Quantum Hacking.... Q - Day... AI Hackers.... Future of Cyber Security by 2030.... Scary reality of Cyber - War".... It's my humble request to David sir 🙏🙏🙏🙏🙏🙏🙏🙏
I've found that this tactical distraction technique can even help with finding those misplaced keys... "...what you will find is when you're thinking about something else this is when you have your best ideas when you've got your mind distracted and you're thinking about something else you're allowing your mind to wander it's at that moment that you will come up with hey I know how to solve that problem."
Please do a Torspy video. Torspy is a Python package available on Pip and is used for interacting with the Dark Web. Your RUclips videos are amazing, and I hope you reply to this comment.
Thank you, David, for bringing Martin to us. I really enjoyed Martin's way of approaching the basics of cybersecurity in general and threat intelligence in particular. A big thanks to him for his brilliant insights and advice.
Incredible David as always. Very informative. I have always said that MFA and cred rotation is still not enough as those creds have a lifetime and that is the vuln.
At this point 2024 onwards, you would be a fool not to use a password created with a program or command that does pseudo random generation. Its all about entropy now.
david , you are the. who I belive ,, thanks for this usefull things ,,, and I garanty we will definetly going to learn someting new ,,, love from India ,,, ❤❤
David, I have decade of experience in IT security and Unix skills are in my blood, however, there are no updates from my job applications to New Zealand and Australia. Ironically, visa is oftenly prioritized over the security and as a result, I foresee more Australia airlines systems and NZ infra is going to be intruded. I am not sure if you have HR from those countries that can you could link me to ? People are always saying shortage of security professionals but restricting to hire them from abroad.
31:01 About changing the default password, for my new Asus router, they ask you to first unplug the modem, do your changes and then plug back the modem. That was the first time I saw this kind of procedure on a normal everyday router.
You know David, the problem with shows like yours, it that those who most need them would never take the time watch these videos. And if a friend tried to tell them they would find some excuse not to take the warnings seriously. There are thousands of situations like this that fall into the same state of affairs.
Interesting. I can here once because my students recommended it and now I get notices for every video you post and I'm NOT subscribed? Love how RUclips's algos work sometimes.
@ 27:02 I personally know of an email forgery of a construction and a house of worship. The house of worship was billed for legitimate work. The Threat actor must have been watching the construction company for some time because as soon as the bill was sent a second was sent redirecting the payment a different way. As you can guess the threat actors received the church’s money.
hello please help me, some weeks ago i installed kali linux. i opened windows defender and it shows "threats found" there's so many of them, is this dangerous what should i do?
David Bombal, sincerely: "You have to look out for these hacks in 2024!" New Malware Phish Link Release: "You have to look out for these hacks in 2024!"! Click! Oops!
how can you possibly expect people to take any of this advice and apply it when you use so much slang and abbreviations without explaining …people don’t understand.
Big thank you to Cisco for sponsoring this video! (And for the FREE Ethical Hacking Training!)
// Free Ethical Hacking course //
Free Ethical Hacking course: skillsforall.com/course/ethical-hacker?courseLang=en-US
// Talos Report //
2024 Q1 Trends: blog.talosintelligence.com/talos-ir-quarterly-trends-q1-2024/
These are the threats you need to be aware of in 2024 from the Talos Report:
* Talos IR also observed a variety of threats in engagements, including data theft extortion, brute-force activ- ity targeting VPNs, and the previously seen commodity loader Gootloader.
* Talos IR responded to new variants of Phobos and Akira ransomware for the first time this quarter as well as the previously seen LockBit and Black Basta ransomware operations.
* A recent Talos IR engagement suggests that Akira has returned to using encryption as an additional extortion method, now deploying a multipronged attack strategy to target Windows and Linux ma- chines.
* Security researchers discovered an MFA bypassing phishing kit called “Tycoon 2FA” that has since become one of the most widespread phishing kits. However, this has yet to appear in any Talos IR engagements.
Firewalls getting hacked:
ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices: blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
AI voice cloning:
The use of voice cloning of voice mails to sound authentic. Attackers use voice clones to phone help desk and reset passwords etc.
2FA is a major issue:
"Users accepting unauthorized MFA push notifications was the top observed security weakness, accounting for 25 percent of engagements this quarter. The lack of proper MFA implementation closely followed, accounting for 21 percent of engagements, a 44 percent decrease from the previous quarter"
// Martin Lee’s SOCIAL //
Twitter / X: twitter.com/mlee_security
LinkedIn: www.linkedin.com/in/martinlee/
Talos Blog: blogs.cisco.com/tag/trac/
Security Website: sec.cloudapps.cisco.com/security/center/home.x
Cisco Blog: blogs.cisco.com/author/martinlee
// Book //
Cyber Threat Intelligence by Martin Lee:
USA: amzn.to/4dJ2LQj
UK: amzn.to/3K3TqVH
// Articles MENTIONED //
Talos Incident Response Threat Summary for Jan- March 2024: blog.talosintelligence.com/content/files/2024/04/Talos-IR-Trends--Q1-2024-.pdf
// David SOCIAL //
Discord: discord.com/invite/usKSyzb
Twitter: twitter.com/davidbombal
Instagram: instagram.com/davidbombal
LinkedIn: www.linkedin.com/in/davidbombal
Facebook: facebook.com/davidbombal.co
TikTok: tiktok.com/@davidbombal
RUclips: www.youtube.com/@davidbombal
// SPONSORS //
Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com
// MY STUFF //
www.amazon.com/shop/davidbombal
// MENU //
00:00 - Coming up
00:58 - Intro
01:14 - Firewall Hacking
05:23 - Patching, Configuration & MFA
09:44 - Logging
13:14 - The Cuckoo's Egg
15:53 - MFA Fatigue
19:10 - Weaknesses in MFA
23:45 - SMS 2FA
25:15 - A.I Voice Cloning
31:11 - Brute Force VPNs
33:17 - Is MFA/2FA Effective?
36:03 - Tycoon 2FA
37:32 - Cyber Paranoia & Self-Care
42:46 - Final Thoughts
43:54 - Outro
firewalls
cisco
talos
cisco talos
pegasus
spyware
hacking
hacker
malware
Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel!
Disclaimer: This video is for educational purposes only.
#ai #iphone #android
Exactly: We need to Learn more Programming, cause if ai 🤖 gets in crazyness we have to know how to not pull the trigger. Coding ai 🤖 is not difficult, but what it is used 4, ex war industri we have to look out for buggs, debuggable machines that are used at war, is so dangerous! I ALLWAYS talk nice to ai 🤖 bots.
We need to Learn:
1. How to Code ethically
2. How to turn criminals go and do better, 4 example: Disney Worl: They use ”bad” people as former car-thieves, to protected the car-areas!
It is stupid, being thieve or criminal.
Every body know: If you are to rob a bank, you need freaking projekt leading! 😅😂🤣😇
So do become Agile and Scrum lol 😜 And do it in Peace. 😅
There is allways Good to work towards ethics
And protected human rights 😊😢
The programe of Tails does not leave trace it is encrypted! 😢
I have not used Tails, but in Sweden Climate & Treehuggers, and people manifesting against rasism, get in jail.
That’s why the climate lovers use encrypted, programs, for we are beeing in lots of loss of democrazy rights. But the Nazis (Jimmy Åkesson) are allowed to do Chaos
And then i really love the open source community that is nice to trust eachother. 😊
Can u make a video talking about the cybersecurity opportunities in uk plz ?
Need some more content with OTW as well
After passing Sec +, it’s really great to hear real life scenarios going on in cybersecurity world. These threat actors don’t stop either, u have to be defensive minded 24/7. Great content David.
Thanks David,you always come with things that are very important,and we love that❤
I love the in-person round table format! Would love to see more of those!
Pls make a video with OTW that include topics like "Quantum Hacking.... Q - Day... AI Hackers.... Future of Cyber Security by 2030.... Scary reality of Cyber - War".... It's my humble request to David sir 🙏🙏🙏🙏🙏🙏🙏🙏
I've found that this tactical distraction technique can even help with finding those misplaced keys...
"...what you will find is when you're thinking about something else this is when you
have your best ideas when you've got your mind distracted and you're thinking about
something else you're allowing your mind to wander it's at that moment that you
will come up with hey I know how to solve that problem."
Enjoyed this interview way more than i expected, please keep bringing him on the channel dear David
Please do a Torspy video. Torspy is a Python package available on Pip and is used for interacting with the Dark Web. Your RUclips videos are amazing, and I hope you reply to this comment.
Sir please reply
Love the new way you are filming your videoes
Thank you, David, for bringing Martin to us. I really enjoyed Martin's way of approaching the basics of cybersecurity in general and threat intelligence in particular. A big thanks to him for his brilliant insights and advice.
Another good one.Keep it going Sir.Love your content.🔥❤️
What a great and insightful conversation! Martin Lee is amazing and always with a real world business point of you. Thank you David!
Thank You David please also make a full SDR FOR BEGINNER COURSE
So the basic things to do could save u from a lot of pbs thx David as usual
Loved the video, very good guest.
keep it up sir
Thanks so much David ❤
You're very welcome!
Incredible David as always. Very informative. I have always said that MFA and cred rotation is still not enough as those creds have a lifetime and that is the vuln.
Having a default password is bad. Thank you David!
You're welcome!
At this point 2024 onwards, you would be a fool not to use a password created with a program or command that does pseudo random generation. Its all about entropy now.
Thank you for your continuing contribution David. follower from Australia.👍👍👍👍👍
Totally awesome! Thank you for Sharing! 💯✴
Watching from Ghana
Thanks for watching! Welcome Ghana!
2FA/MFA also allows big tech to track, monitor, sell, and ultimately control you as a consumer product. How do you balance security and privacy?
Thank you for sharing 👍🏾
Inspirational. I'm 39 and currently retraining to get into cyber security and this talk reinforces why I want to do it. Thanks
Thank you, Mr. David.
`
You're welcome!
david , you are the. who I belive ,, thanks for this usefull things ,,, and I garanty we will definetly going to learn someting new ,,, love from India ,,, ❤❤
Nice, interview yes my bank in the UK asked as well for voice recording but I didn't agree
Can't wait to see the video
I hope you enjoy the video :)
Not all MFAs are made equal. The SMS is considered (one of the) weakest forms of it while something like Yubikey is the most resilient one.
Big thank you, that was very helpful.
Probably the best ending of any video!
8:52 OK I’m gonna be on the lookout for the udb packet. I know it’s crazy how that can happen. Thank you guys.
David, I have decade of experience in IT security and Unix skills are in my blood, however, there are no updates from my job applications to New Zealand and Australia. Ironically, visa is oftenly prioritized over the security and as a result, I foresee more Australia airlines systems and NZ infra is going to be intruded. I am not sure if you have HR from those countries that can you could link me to ? People are always saying shortage of security professionals but restricting to hire them from abroad.
I think discussing how google voice can mimic your number is significant
I've got it, looking forward to this. Thanks Mr. David
Hope you enjoy it!
Watching from guine bissau thank you Devid I hope one day I can thank you in person 😊
Watching from 🇿🇲🇿🇲🇿🇲
Welcome! And thank you for watching :)
31:01 About changing the default password, for my new Asus router, they ask you to first unplug the modem, do your changes and then plug back the modem. That was the first time I saw this kind of procedure on a normal everyday router.
Most folks would get bored on this..... ... Expect resistance
1st view frome INDIA(TAMIL NADU)
Thank you for your support!
Hey BleuDucky does not work now. Please make another video on it and how to use it with the Bluetooth adaptor u suggested (ASUs one )
You know David, the problem with shows like yours, it that those who most need them would never take the time watch these videos. And if a friend tried to tell them they would find some excuse not to take the warnings seriously. There are thousands of situations like this that fall into the same state of affairs.
If i take my sec+ and pass should i take the ethical hacking course?
Interesting. I can here once because my students recommended it and now I get notices for every video you post and I'm NOT subscribed? Love how RUclips's algos work sometimes.
MFA Fatigue ... what are we doing about it..
please sir, i can be able to connect to the network from linux os. please what can i do?.
@ 27:02 I personally know of an email forgery of a construction and a house of worship. The house of worship was billed for legitimate work. The Threat actor must have been watching the construction company for some time because as soon as the bill was sent a second was sent redirecting the payment a different way. As you can guess the threat actors received the church’s money.
Thats is why I am very doubtful about protocols like RNDR or any other decentralized uses of hardware (DEPIN).
Comments please ? Thank you
Login token/cookies really need to be moved to secure hardware like the TPM.
Voice cloning happened to me. I believe somehow the number was spoofed too.
hello please help me, some weeks ago i installed kali linux. i opened windows defender and it shows "threats found" there's so many of them, is this dangerous what should i do?
Please explain Triton cyber attack…
Ser oppo a 17 bootloder please please iam from 🇧🇩🇧🇩🇧🇩
Craziness 😮
Voltage and low voltage
Hi David!
Now lets talk about ciscos backdoors
👍💯
Okay, Cisco, I viewed u as an enemy for last 6months, but in this 1 video you have just earned yourself an ally for life!
David Bombal, sincerely: "You have to look out for these hacks in 2024!"
New Malware Phish Link Release: "You have to look out for these hacks in 2024!"! Click! Oops!
Don't click on links in e-mails!
Hi sir ❤
Hi!
Watching this video has helped a lot. Will help improve my skills @@davidbombal
Its built in, goes back to IBM
Yep interesting times, these days. Only the paranoid will survive. 😄
😂
Bro i used morse code for my password😂😂 gotta be secured right
Add a salt to your pw! 😁
pokemon go is my exercise, thank you
Help me
Rooters
Ser kali linux live boot install 📲
how can you possibly expect people to take any of this advice and apply it when you use so much slang and abbreviations without explaining …people don’t understand.
😂 learn the terminology
Woohoo
I hope you enjoy the video :)
They got my name address. N.I no. Know I'm broke, and inherite. My pass transgressions. Help Uself.
Bad analogy.
wastimgf so manyy youngsters futuyureeee