Published By
Created On
15 Oct 2021 01:41:39 UTC
Transaction ID
Cost
Safe for Work
Free
Yes
Twitch.tv Had a Massive Data Breach!!!
Twitch.tv Had a Massive Data Breach... CyberNews 2021/10/11
My Website: https://talkelley3.com
Other Channel: https://www.youtube.com/c/SuperTal3
Instagram: https://instagram.com/talkelley3
Check out my other videos!
Day in the Life - https://youtu.be/CdQV4Ci3v0M
How to Get Into Ethical Hacking - https://youtu.be/TrPw6ahXsPw
How to Get Into Cybersecurity - https://youtu.be/K7I_j8PWUXo
1. Google has announced plans to auto-enroll nearly 150 million users into it's 2FA program.
- It plans to automatically enroll about 150 million users into it's two-factor authentication scheme by the end of 2021 to prevent unauthorized access to accounts and improve security.
- They also intend to require 2 million YouTube creators to switch on the setting.
- They use your password, and your phone, through text or the gmail app.
2. Apache Warns of a 0-day exploit in the Wild!
- There was a flaw in a change made to path normalization in Apache HTTP Server 2.4.49, that allowed attackers to use a path traversal attack to map URL's to files outside the expected document root.
- If files outside the document root are not protected by 'require all denied' these requests can succeed. It could leak the source of interpreted files like CGI scripts as well.
- This flaw is actively exploited, and a new PoC exploit shows it is RCE provided that mod-cgi is enabled!
- Patch your systems now!
3. Twitch Had 125GB of data leaked!
- The entirety of Twitch's source code with commit history "going back to its early beginnings"
- Proprietary software development kits and internal AWS services used by Twitch
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Information on other Twitch properties like IGDB and CurseForge
- Creator revenue reports from 2019 to 2021
- Mobile, desktop and console Twitch clients, and
- Cache of internal "red teaming" tools designed to improve security
4. A New APT Group Targets Fuel, Energy, and Aviation Industries
- ChamelGang the APT group, named because of chamelion like tactics of disguising it's malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google.
- They used Supply-chain attacks.
- They used the Microsoft Exchange Server vulnerabilities from a while ago.
- Attacked an Energy Company using a Red Hat JBoss Enterprise Application Vulnerability to RCE commands and deploy malicious payloads with elevated privileges, pivot, and deploy a backdoor called DoorMe.
- Used ProxyShell flaws to attack a Russian aviation production sector company. They dropped web shells, conducted recon, and installed a DoorMe backdoor again.
. Ransomware Group Fin12 Going After Healthcare Targets
- FIN12 linked with the RYUK ransomware has been attacking healthcare targets. They purchase acce
...
https://www.youtube.com/watch?v=gs-7z5urJBM
My Website: https://talkelley3.com
Other Channel: https://www.youtube.com/c/SuperTal3
Instagram: https://instagram.com/talkelley3
Check out my other videos!
Day in the Life - https://youtu.be/CdQV4Ci3v0M
How to Get Into Ethical Hacking - https://youtu.be/TrPw6ahXsPw
How to Get Into Cybersecurity - https://youtu.be/K7I_j8PWUXo
1. Google has announced plans to auto-enroll nearly 150 million users into it's 2FA program.
- It plans to automatically enroll about 150 million users into it's two-factor authentication scheme by the end of 2021 to prevent unauthorized access to accounts and improve security.
- They also intend to require 2 million YouTube creators to switch on the setting.
- They use your password, and your phone, through text or the gmail app.
2. Apache Warns of a 0-day exploit in the Wild!
- There was a flaw in a change made to path normalization in Apache HTTP Server 2.4.49, that allowed attackers to use a path traversal attack to map URL's to files outside the expected document root.
- If files outside the document root are not protected by 'require all denied' these requests can succeed. It could leak the source of interpreted files like CGI scripts as well.
- This flaw is actively exploited, and a new PoC exploit shows it is RCE provided that mod-cgi is enabled!
- Patch your systems now!
3. Twitch Had 125GB of data leaked!
- The entirety of Twitch's source code with commit history "going back to its early beginnings"
- Proprietary software development kits and internal AWS services used by Twitch
- An unreleased Steam competitor, codenamed Vapor, from Amazon Game Studios
- Information on other Twitch properties like IGDB and CurseForge
- Creator revenue reports from 2019 to 2021
- Mobile, desktop and console Twitch clients, and
- Cache of internal "red teaming" tools designed to improve security
4. A New APT Group Targets Fuel, Energy, and Aviation Industries
- ChamelGang the APT group, named because of chamelion like tactics of disguising it's malware and network infrastructure under legitimate services of Microsoft, TrendMicro, McAfee, IBM, and Google.
- They used Supply-chain attacks.
- They used the Microsoft Exchange Server vulnerabilities from a while ago.
- Attacked an Energy Company using a Red Hat JBoss Enterprise Application Vulnerability to RCE commands and deploy malicious payloads with elevated privileges, pivot, and deploy a backdoor called DoorMe.
- Used ProxyShell flaws to attack a Russian aviation production sector company. They dropped web shells, conducted recon, and installed a DoorMe backdoor again.
. Ransomware Group Fin12 Going After Healthcare Targets
- FIN12 linked with the RYUK ransomware has been attacking healthcare targets. They purchase acce
...
https://www.youtube.com/watch?v=gs-7z5urJBM
Author
Content Type
Unspecified
video/mp4
Language
More from the publisher
Controlling
VIDEO
WHY Y
why-you-should-buy-the-logitech-ergo
Here's why I think you should buy the Logitech Ergo K860 and MX Master 3 as the best keyboard and mouse combination for programming or cybersecurity.
Logitech ERGO K860 Wireless Split Ergonomic Keyboard: https://www.logitech.com/en-us/products/keyboards/k860-split-ergonomic.920-009166.html
Logitech MX Master 3 Wireless Mouse: https://www.logitech.com/en-us/products/mice/mx-master-3.910-005620.html
My Channel: https://www.youtube.com/c/BigBroSecurity
Best keyboard for programmers, Best keyboard for cybersecurity, cybersecurity desk setup, BigBroSecurity, Best ergonomic keyboard, what is the ergo k860, logitech k860 ergo, logitech mxkeys
...
https://www.youtube.com/watch?v=49Y-f1f0hMA
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
DO I
do-i-need-to-program-for-cybersecurity
Do I need to Program for Cybersecurity?
Find me here!
https://linktr.ee/talkelley3
What's going on everyone? In today's video we're going to discuss whether or not you need to know how to program in cybersecurity.
The short answer is No. You don't, but it is very useful nonetheless.
If you're in a blue-team style position, not knowing how to program won't impact you to a great degree. For example, using Splunk, Stealthwatch, Nessus, Security Onion, etc. doesn't require you to know how to code either, though knowing how could sometimes be a benefit.
The long answer, is sometimes yes. If you're looking to do any sort of automation, knowing how to code is a must. This can be especially useful if you're doing red-team style work, where you're wanting to automate scanning and reconnaissance.
Some languages you might want to learn include:
Python, for some automation, or data science type stuff.
Bash, for Linux automation.
Powershell, for windows automation.
C or C++ for writing low-level malware etc.
Javascript, for most anything web related.
Thanks and hope you enjoyed the video!
...
https://www.youtube.com/watch?v=u5NYHfcJxn8
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
HOW T
how-to-get-started-in-ethical-hacking
My Website: https://www.talkelley3.com/
My Channel: https://www.youtube.com/c/BigBroSecurity
https://mbsy.co/37jhqr
https://elearnsecurity.com
https://offensivesecurity.com
https://tryhackme.com/
https://hackthebox.eu/
Chapters:
0:00 | Introduction
0:54 | Step 1
5:11 | Step 2
6:19 | Step 3
9:45 | Final Thoughts
Step 1: The Fundamentals
The first thing you need to do is get down the fundamentals. CompTIA Triad.
CompTIA A+
This certification will provide you with a good general knowledge of computer hardware and software. It is divided into 2 main exams. One of them is a hardware focused exam and the other is a software focused exam. This will give you a pretty decent base-level knowledge when it comes to that type of stuff.
Network+
This certification will provide you with a good general knowledge of networking concepts like routing, switching etc. It gives a very good baseline knowledge of networking concepts though it’s probably not the greatest networking exam if you want to get a network engineer job. That’s beside the point of this video though.
Security+
The Security+ builds up a solid base of conceptual cybersecurity/information security concepts, such as Confidentiality, Integrity, Availability, Encryption, Data Loss Prevention, etc.
Step 1b: A Degree (or Two!)
I would highly recommend you look into getting a degree in cybersecurity if you have the time and money and are planning to get a job working for the Federal or State governments in the United States, it’ll really help to get a degree. Even if you’re going to go in the Cybersecurity field in the private industry, it may help especially with more advanced management jobs in the future.
Bachelors of Cybersecurity and Information Assurance – WGU
This is an amazing Bachelors of Cybersecurity program offered by Western Governors University. It is much cheaper than an alternative at a traditional university, and it is designed in a much smarter way than other degrees.
Masters of Cybersecurity and Information Assurance – WGU
This is a great Masters program with really good assignments that seem to align closely with some real world assessments that you would see as a Penetration Tester etc. They also both include some industry standard certifications like the A+, Network+, Security+, SSCP, CEH, CIH, and more.
Step 2: Basic Penetration Testing
eLearnSecurity Junior Penetration Tester (eJPT)
It covers Network and System Security, common pentesting tools, with loads of practical labs.
TryHackMe
This is a free platform to use with some lessons to help teach you ethical hacking concepts through practical learning. It’s a great resource and I highly recommend it especially in the beginning!
HackTheBox
TryHackMe at least in the beginning.
Step 3: Advanced Penetration Testing
eLearnSe
...
https://www.youtube.com/watch?v=TrPw6ahXsPw
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
VIDEO
WHICH
which-operating-system-should-you-choose
Which Operating System Should I Choose?!?!?
In today's video I go over the pro's and con's of all of the top 3 operating systems, for programming, cybersecurity, hacking, content creation, video editing, and business professionals. I also cover my top 3 criteria for choosing my personal daily-driver operating system, friction privacy, and ui design/customizability.
My Channel:
https://www.youtube.com/channel/supertal3
My Website:
https://www.talkelley3.com
Keyword time!
which os should i use for programming
which os should I use for gaming
what operating system is best
what operating system is best for gaming
what is the best operating system
cybersecurity
what is the best os
which operating system is the best
adobe cc
choosing an operating system
macos
windows
linux
macos vs windows vs linux
windows vs linux
...
https://www.youtube.com/watch?v=cBVR-be3A58
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
HOW T
how-to-run-pihole-and-unbound-dns-on
How to Run PiHole and Unbound DNS on Podman on Fedora Server!
Blog Article: https://talkelley3.com/blog/2024/1/how-to-install-pihole-and-unbound-dns-in-podman-on-fedora-linux
CC by Abigail E Kelley - https://www.linkedin.com/in/abigail-fehrman-7095391b1/
Hello everyone! In today’s video we are going to be going over how to install PiHole and Unbound DNS within two Podman containers, on Fedora Linux Server edition!
My Channel: https://www.youtube.com/@BigBroSecurity
pihole, podman, linux, fedora linux, running pihole on podman container, running pihole on docker, is docker better than podman, installing fedora linux, unbound dns server with pihole. raspberry pi
...
https://www.youtube.com/watch?v=B7gt1E2ToT0
Transaction
Created
2 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
.NET
.net-core-3-just-released!!-introduction
.NET Core 3 has just been released by Microsoft at their .NET virtual conference!! In this video we discuss the new features to DotNet Core, and how easy it is to create the new projects.
Channel:
https://www.youtube.com/channel/UCN_2m0PCG_Db166BTFn-fYw
.NET Core 3 Website
https://www.dotnet.microsoft.com/
...
https://www.youtube.com/watch?v=cEoIf2uBbcQ
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
INSTA
installing-proxmox-and-splunk-in-my-home
In this video, I install Proxmox on a Laptop, set it up, and configure a Splunk Server on a CentOS 8 VM.
My Channel:
https://www.youtube.com/channel/UCN_2...
My Website:
http://www.talkelley3.com
My Blog:
http://www.supertal3.com
...
https://www.youtube.com/watch?v=6M3yR5sV_4o
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
Controlling
VIDEO
SPLUN
splunk-architecture-overview-learn
In this video we discuss the Splunk Architecture for a Distributed Deployment, and go over each part of the Splunk deployment and what it does. #Splunk #SIEM
My Channel:
https://www.youtube.com/channel/UCN_2m0PCG_Db166BTFn-fYw
My Website:
https://www.talkelley3.com
Twitter:
https://twitter.com/supertal3
How to set up a distributed Splunk deployment. Splunk How To Splunk How to set up a splunk deployment.
...
https://www.youtube.com/watch?v=ZCirjHj3OVg
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English
Controlling
VIDEO
GETTI
getting-my-sony-a7iii!!
Sony A7III in 2021?
My Brother's Channel: https://www.youtube.com/channel/UCX-YMnynyo6ixO-XSkRMBfg
Follow me on Instagram: https://instagram.com/talkelley3
What's going on everyone, I'm Tal and in today's video I take delivery of my brand new Sony A7III!! I'm super excited about it and can't wait to start using this camera even more for all of my videos. #Sony #SonyA7III #2021 #NewCamera
It turns out the Sony A7III is one of the best "budget" hybrid cameras in 2020 and 2021, in y opinion. Especially if you're looking to have good video capabilities in a camera, while also having quite good photo capabilities as well. It has dual SD-Card slots, a 24.3 MP Sensor, and uses Sony's E-Mount for lenses. I also got the Tamron 17-28mm F/2.8 and the Tamron 28-75mm F/2.8 lenses to go with this and they are also probably the best budget lenses of 2020/2021.
Sony A7III at B&H: https://www.bhphotovideo.com/c/product/1444401-REG/sony_alpha_a7_iii_mirrorless.html
Tamron 17-28mm F/2.8 at B&H: https://www.bhphotovideo.com/c/product/1461529-REG/tamron_a046_17_28mm_f_2_8_di_iii.html?
Tamron 28-75mm F/2.8 at B&H: https://www.bhphotovideo.com/c/product/1393332-REG/tamron_a036_28_75mm_f_2_8_di_iii.html
Other Links!
My Channel: https://www.youtube.com/channel/supertal3
...
https://www.youtube.com/watch?v=OLZ1vO6kZ8w
Transaction
Created
3 weeks ago
Content Type
Language
video/mp4
English