Welcome to our new website!
Nov. 6, 2023

From Tech Newbie to $250k in 6 Months | PaloAlto acquires Dig Security and Talon

From Tech Newbie to $250k in 6 Months | PaloAlto acquires Dig Security and Talon
The player is loading ...
The TechTual Talk

Record your first video: https://creators.riverside.fm/TheTechtualTalkPodcast and my code techtualtalk for 15% off on your plan

What if you could ratchet up your earnings and make a staggering 250k within just six months of stepping into the tech world? Now, that's the incredible journey we're unpacking today! We share the riveting story of a young woman who did just that and the whirlwind of assumptions that followed her reveal. Not just a deep dive into tech salaries, we also explore the critical roles of a BA and a product owner, and how it's possible to reach such head-turning numbers.

Shifting gears, we explore the sometimes slippery world of cybersecurity, where breaches can have devastating impacts. We reveal some of the shady tactics hackers deploy, like exploiting session tokens and using calendar hacks to connect to C2 servers. We also discuss inspiring strides companies like Palo Alto are making to enhance cloud security, including strategic acquisitions and partnerships. We even highlight the importance of securing both managed and unmanaged devices - a lesson that's crucial in our tech-saturated world.

Finally, we expose the menacing Sox5 Systems Proxy Botnet and its global effects. You'll learn how this malware transforms innocent computers into traffic forwarding mechanisms for both malicious and legal anonymous traffic. We discuss the importance of disabling unused ports on machines and reveal the geographical distribution of the botnet. And in between these riveting discussions, we squeeze in chat about the tech giants' big deals, including the billion-dollar cloud deal between Amazon and Microsoft. Get ready for an eye-opening journey through the tech world.

Support the show

If you enjoyed the show don't forget to leave us a 5 star review, to help with the algorithm :)

Email: henridavis@thetechtualtalk.com

➡️ Need coaching help then go here (ask about our financing)⬇️
https://techualconsulting.com/offerings

➡️ Want to land your first IT Job? Then check out the IT course from Course careers use my link and code Techtual50 to get $50 off your course ⬇️
https://account.coursecareers.com/ref/50932/


➡️ Need help getting into Cybersecurity for a low price then check out Josh Madakor's Cybersecurity course at Leveld Careers and use my code TechTual10 to get 10%off your course.
⬇️
https://www.leveldcareers.com/a/2147530874/RuqjrBGj


If you want a high paying role in the cloud then click here⬇️
https://levelupintech.lpages.co/level-up-in-tech-book-a-call-tech/


Stop data brokers from exposing your information with Aura!

Click the link below to try out Aura's FREE 14 day trial and see if your personal information has been compromised🔽

https://aura.com/techtualchatter



Transcript
Speaker 1:

Yo yo. What's going on, man? I have not been live in a long time. I got a new setup, so you'll see me look at y'all occasionally. When I do like this, hang on. This is better, all right, so what we're basically gonna be talking about is Can you make 250k in tech within like your first six months? Also, palo Alto by the security, they also by Talon. Microsoft has a big deal that they recently announced with Amazon, with Microsoft 365 Also, I could explain what they think cost their breach and Google also wants you how hackers are going to use try to use your calendar to connect the C2 servers. So a Mur from our sponsors and we'll be right back. This video is being sponsored by Riverside Since 2020. We've seen so many remote podcasts come our way and they've been recording on all different type of platforms, but let me tell you what the best one is Meet Riverside. Riverside is so simple to use that when you want to get to join your podcast, All you have to do is send them a link and guess what? Riverside records not only you but your host locally on their machines, bypassing poor quality and internet connections, so that when you get to find a product, you have superb Video quality. Riverside provides you with the state of the art remote podcast studio in Riverside. It records great audio, it records in separate tracks and it also can use AI to transcribe your Podcasts within minutes. But that's not all can do. Riverside can also complete your podcast within minutes and it can create you short form content about Magic Clips AI within minutes. This is a game changer here, guys. We all know making podcast content and putting it out is really takes a long time, but, with the exception of AI, being used in Riverside is perfect. So if you want to get started using Riverside, check out my link in the description and use my code textual talk to get 15% off for your purchase. All right and we're back. Man, welcome to episode 107 of the textual talk podcast. I'm your host, hd, and I've been simple claiming me being the best podcast right now. We're the best tech podcast. I think I'm the most well-rounded and I think all y'all for showing up and saluting me today Help me out with that. And the reason why this wasn't put out is I got a new set of best. You can see this kind of like gonna be where I start doing some of my streaming stuff, but I was recording on stream labs and not tested. I always test my samify record anything test. Today I think I was getting the echo and I listened to it. It's like cool echo gone. So I record the whole thing. Yesterday, played it back. It kept on doing me a delayed echo all throughout the video, tried and tried to just figure out if I could just Get it to stop playing and I couldn't it was like 11 or something last night. Say no, I'm just gonna go live and I've been meaning to actually go live with y'all. I'm actually going live again on Friday with the job father will be talking my anime and tech. They'll be at 12 pm. So I'm gonna be putting that thumbnail out soon and you guys will hopefully y'all tune in at 12 pm Central time on Friday. But what we're gonna start the episode out with is um, last week Twitter was in a blaze with a young lady. She was talking about how she made 250k in her first six months in tech and I'm a preference this with people have to realize and that tech is actually a Industry. So you can actually I already have high level skills somewhere else and just come into the tech industry. That doesn't mean you're actually into a person. So I'm just preversing that when we start reading everything. But let's go ahead and get into it one second. So this banner up, all right now. Let's present it real quick, all right. So she said I hit a quarter meal within my first six months in tech. I need half by the end of my second year. I got stuff to do. It's time to double up. And so, listen, I like to always go up exactly what you say. And here's the thing you never want to make assumptions. You know what they say when you make an assumption. I'm not gonna sit on my stream because I monetize and uh, yeah, I want the bread. But look, anyways, people started inferring a lot of things that she did not say in this tweet and also we could tell people were not familiar with her by just making assumptions. But I want to look into the quotes so we can have a good time looking over this and we'll talk about it. What I did on the stream and I'm not gonna do it today because I'm kind of pressed for time is so I did look up like a ba and I'm in dfw area, so a ba, I think you can get like 110 120 just from one roll and then From a product owner, you can do, I think, like 250 just for one roll, right. So what she's saying is not impossible If you are doubling up as she says like this is what her role is, right here. So we could go through these if we want to, but out of spices is in the quote tweets. So look at the quotes and we're gonna play a game. I don't know if you're all familiar with uh. Shout out to the chat. I'm gonna try to talk to y'all, but I'm also, since I'm gonna use this audio as a podcast, I'll probably get to the chat later so I can answer any questions. People still have. Yo, we got uh 31 people watching, but like eight likes I need I need them likes up, man, please get those likes up for me. So we got, we got the first. We got the first hater on the thread, right, and if you're out for me with the joe button podcast, you know my god queens flip like that's hate. This is hate. I'll tell you why it's hate. Let's click on it, people. Please, please, please, stop listening to this bs. There are absolutely zero entry level jobs and tech. They are going to pay you 250k with just six months experience, especially w2 jobs, especially business analyst project. I don't what she said project manager, but she, I think, said project product owner job. She stays w2 and bapm in the thread. Now chat, did she ever say Is some going on my stuff? Hey, y'all, let me know if y'all can still see my screen. It shows me still live on there. I had the YouTube freed up to duplicate this. I just want to make sure everything's still good on y'all in. So give me a thumbs up if everything's still good on y'all in. Okay, perfect, perfect, perfect, cool. I won't worry about YouTube there. I guess it went back. So where are we at All right? So, number one she never said she was working an entry level job, unless he was. He said actually zero entry level jobs, yeah, and it. Also she didn't say anything about having entry level experience. So for people that aren't familiar with her, she does talk about like she's over employed. So if you don't know that, then you're gonna go in here and think that she owes you some type of transparency. When she's been given that transparency for the last year, like since I think I started following her, she's been talking about what she was doing. So let's keep on going. Some of y'all feel this is a hate post. It is hate. It's hate because you didn't get any clarifying questions. It's not trying to help set expectations for some of y'all who feel you can get into tech and six months later and make six figures. It can happen, but it's very, very rare. Been in this industry for two decades, check my league in. I'm easy if I hey, but people gotta stop doing that. I've been doing this for 20, 30 years. The pay scale was very different back then. Like people was getting underpaid. A lot of people stayed at jobs too long. So some people who've been in a long time hadn't seen what the money of new people come in. It's a pretty approved fact. Unless you are high up at a company, you could possibly be making a lot of money, but that person who they just hired is making more than you. So sometimes you gotta leave and come back to get what you want because HR can't afford to. Well, it's policies in place that they can give you the biggest raise that you want. It sucks, but that's how it is. So that's why I never really say I've been in a decade and you can't do that. There are outliers. And then he said to prove why, I did a quick link, then search for PO or PM jobs, found a high paying PO for context. Read this description and you decide if someone with six months in tech will get the high salary range, even or even two jobs with low range. But that's the thing he's fixating on six months in tech. He doesn't know what her background is and then we're gonna get on her. I'm thinking she's working two W2 jobs in the country but publicly say this is kinda nuts. Now I think about it. Let me add there are absolutely zero W2BAPM jobs paying 125 K with six months of spirit. She's blading line and I see your post verse and your solid for your journey. All right, I'm not gonna go through much down here. But he, that's hate. I'm telling you, joseph Rutherford, that's hate. You should have just asked her some more clarifying information. That's hate. Now let's see what we got for the quotes. Here you go. This is the one that was most hate. Okay, I take my retweet back. How are you able to do this? Three W2 jobs, I understand workload wise is doable. I think transparency is key, especially if you're sharing info publicly. I have. Here you go. Hey look, comparison is a thief of joy. Everybody, don't compare your journey to nobody else's. I had the same skills as you scrum, ba, auto healthcare tech but no security clearance. And I don't realistically think I can clear 250 K in six months unless I'm doing something illegal. Now, look, that's hate. I need you all to comment that's hate in the chat. If this ain't hate Cause when you all make say I'm doing something illegal, that's hate. Also, saying because I had the same skills as you, that's hate too. It ain't incorporate the person who's sometimes smarter than you, the best person on a team, sometimes getting underpaid. So that has nothing to do with it. It ain't about. It's not about what you work is what you negotiate. I always remember that that's what it's about. So that's what it's really about. It ain't about what you work, it's what you negotiate. Hey, that's right before the billions. Most people are over employed. And I'm not gonna go through her whole thing to show you what she's talking about. But she doesn't owe anybody anything because, hey, if you're a first time person on her page like, go do your research first before you just kind of jump out there, it is envious. It is envious. That's facts. And look, child to my girl Marquisha. She gonna be on the show soon. As a career coach, I understand it's natural. I like this. It's funny. I understand it's natural to encounter moments of self-doubt, but making the income you desire is probably with the right strategies in place, live a strong professional network and surrounding yourself with mentors and supporters. It's key to success. Success in your career is a journey that requires patience, dedication and belief in yourself. If you're looking for guidance to achieve what others have, feel free to reach out. It's the self-doubt in the room with us right now. Look in your own words I had the same skills as you, but no security clearance and I don't really think I can clear 250K in six months unless I'm doing something illegal. That's it, and I tell people this all the time. You have to kind of change how you think about things. When you get older, companies do mergers and acquisitions all the time, and we're gonna actually talk about that when we start talking about what Palo Alto has been doing. They do mergers and acquisitions all the time. That's by multiple business, typically multiple jobs. People gotta run those things. But when you put yourself in your best self-interest and can maintain these multiple jobs, all of a sudden you're doing something illegal or it's supposed to be hating on. Nah, stuff is high. You got companies giving you 3%, 5% raises when inflation it costs so much to get groceries, like we probably spend, and there's a family of four and my kids are small so we probably spend it's way over the 1500 just on groceries alone. So imagine if you're not doing anything else on the side but your salary stays the same. You're gonna be struggling. Why wouldn't you do what you can if you can handle it? And the cheat code is a lot of people have multiple contracts because we wanna talk about can you make 500K? Absolutely, if you have high, you got high level skills, of course you can. You could get two contracts that pay you 100 an hour. That's $200,000 a piece for like two contracts. And most of the time, as your titles go up, you have less work unless you're like in a non-technical role. We have a lot of means. If you don't have a lot of means and you're just a fixer, it's absolutely doable if you can clear 500. There are people that clear 500 and 1W2 role I posted on here. Let me see if I can find it and then we'll go about to the next stuff. Actually, shout out to Bees they got a day in the tech life episode that's coming out. But some of these comments are funny. Tech Twitter and Sizzler certainly have something in common, but most of the people that say that you know what Chris Brown said, how you gonna hate from the outside of the club. You can't even get in. A lot of these people, not even in tech. This person Now this is what I'll describe a person coming in as entry level and doesn't know what they're talking about, because she says this person is lying. Even with commission and after-tech she weren't doing that. I was making that best 65K In the tech company from being promoted three months in no job, especially right now and especially with the layout. Boom is paying that. But see, she doesn't know. She just got in, she don't know nothing. So Capricorn's groom, know your place, fam. This is a blatant line entry level. This is DC 90L. You don't got a lot of kick it. She never said entry level. Where does she say entry level? I want somebody to show me that I have people that have years of experience doing IT and other areas. They don't have to go entry level. So if they said hey, I got into cybersecurity and in six months I made $300,000,. People gonna say, oh you lying, it's entry level. No, they just got into a different skill set niche. That's it. But we'll keep on going. But I want to show you guys something, cause I don't. I think I post these things sometimes because people sometimes lie when I bring, I mean get mad when I bring my. What are these people called? My guests know they'll say like they capping about their salaries and I vet most of everybody that comes on the show. I don't have a VA reaching out to people. I'm the one that established these connections to bring everybody on. Let me see, okay. So I initially responded to this guy. Right, he was talking about Mr Hader. He was saying black tech, twitter, steelscam, and I see no tech job is paying 250K unless you're like a consultant with a senior experience with the clearance. I'm gonna point some of these out. So he's talking about the clearance. Mgm Sejas Palace are hiring Linux developers and Pinterest for a hundred hour with experience. She had to be working four or five W2 jobs, a remote, to clear that number. But the point is he's saying so many different things he don't know what he talking about. He's conflating a lot of different things. People always equate security claims with a lot of money. So I posted this and I said not true at all. This is a road that reached out to me a couple of months ago. No clearance requires, not a consultant role either, and this isn't the highest number I've seen from just one road. Not really for you. I will quit. This is my LinkedIn DM's and I was talking to these people about this role and and they were pretty much hiring somebody. They want a security engineer specifically actually to deal with DLP or investment company and it says 250 K base but it could go up higher than 250 K base and that wasn't even including bonus or anything like that. And there's one, a consultant role. It's just a senior level role. So I do tell people that if you have the experience then you don't necessarily have to Always just worry about other stuff. But is it doable like bees just had a young man I think he's pulling in like 400. He got multiple contracts and some other stuff. It's doable being a being over employee? I think the real strategy is going from W2 Contract gigs and trying to start your own LLC and trying to do corporate corporate. You do corporate corporate. You can charge as you want to. You can absolutely hit that number at the park. That's what a lot of people and a lot of my friends that I know who have companies there Are working corporate the court and they started off working on the contract and then develop the good relationship with the company and ask them like, could they do corporate the court for them? So that's a strategy you can do and I'm going to bring on some friends to actually talk about that, because that's the side we don't know about, know a lot about. I Think I did, matter of fact, shout out to JB if you guys know JB, john breath, we did an episode a year or two ago and he talked about how he started getting his company up. It's how you start going corporate the court for the company. But that's the moment to talk about people because that's totally legal. That's really the best way to make a lot of money and then in that way you can also hire people, maybe give people a shot who wouldn't only get a shot. But yeah, that's one of the big ways you can do that. But now I Want to go into. I think the juicier thing is to talk about Optu and how they're blaming their employee on their breach and it's really Negligence and like a compliance controls on their part. And we're going to talk about GRC in a second, so let's get it real quick. We zoom in there. All right, this is octa hack blame. No employee use a personal Google account on company laptop. A Brief post-mortem from octa security chief, david Bradbury, said the internal lapse was most likely avenue for the briefs. That is, snare hundreds of octa customers, including Cyber security companies, beyond trust and cloud for you. We can confirm. From September 28 2023 to October 17 2023, a threat actor gain unauthorized access to files inside octa's customer support system associated with 134 octa customers, or less than 1% of octa customers. Some of these files were HR files that contain session tokens which could turn be, in turn, used for session hijacking attacks, and Session hijacking attacks are probably one of the biggest ways that people get hacked like, especially influencers on social media. With social media, and even if you have MFA, it won't matter, because they'll be able to bypass it and get into your session. So that's why you do have to be mindful when you get all these things in your DNA and you're not familiar who this person is. Don't click the link, because even if you have in your face setup there'll be in and Most of the time they go in and try to change your email and do everything else and it's a pain to get back into your account. But ski reading. He said a threat actor was able to use the session tokens to hijack the legitimate octa sessions of five customers. Bradbury said the leverage they leverage the service account stored in the system itself that was granted permission to view update customer support cases and guys. All of these things are Account. That's probably most of the time used for like automated tasks, like you'll see in environment. Since admin or somebody is using the service account, it has certain permissions that it could do things, but most of time it's a previous account that it could do things and but when you see it you also know that Most of the time is expected behavior from what you see from it. It's very rarely Not unexpected behavior and that's what a detection piece of this comes from is a very rare case and that's what a detections piece of this comes from is like when the service account is doing something you don't recognize. That's when you need to look into that a little bit more and say what's going on. They don't typically do this. This is out of the hours that we typically see them run schedule jobs, so Doing our investigation into suspicious uses of this account after security identified that an employer I mean employee has signed into their personal Google profile on the Chrome browser of their octa managed laptop. The username and password of the service account have been saved into the employees personal Google account. Whoo, let me stop sharing cuz I want to talk to you. Are y'all serious? First of all, why are you even able to sign into your personal account on your work laptop? Why would you even put company Proprietary confidential information onto your personal Google account, wherever it was? Why would you do that to? Why is the company not providing ways for people to store passwords in a Secure manner on their work laptops? These are questions that you got to ask yourself and I know they're asking. This is like why? It's very simple. It's very simple. People shouldn't be able to do that. Like even for us, like you can't. We can't even download plugins, know nothing. It's blocked Everything. You got to go through the help there. She got to put a ticket in for it. If you need a software, a needing to request it, because if you do have a local Hardware. I mean a local like password manager, like, for example, we used to use key pass at Opthos and I put all my passwords there. So in the case I did get compromised. They still have to figure out how to even get into that and then get there to get that password, but let's need to hear that. Let's keep on reading. Let's keep on reading. Let me go back to it. The most likely avenue for exposure of this credential is the compromise of the employees personal Google account or personal device, and that's it. Now. I'm talking about here how most of these things work from social engineering and they're very good at it. So if they know what you do and maybe you find out, okay, they work in the customer support system. When they do this and they do that and they target you like they've been doing, it's going to be. It's going to be easy for them to figure out and get you, especially on your personal machine, let alone if they have to get on the work laptop for a period of 14 days, while actually investigating after did not identify suspicious downloads in our logs. When a user opens and views files attached to a support case, a specific log event type and ID generated time to that file. If a user is standing navigates directly to the files tab in the customer support system, as the third actor did in this attack, they will stay generate in entirely different log event with a different record ID. And I wonder how did they not know that that happened, like it's a third actor the only person that did that to where they got those two different audit logs, those IDs. If it is that's a shame, that's another thing that could have been brought up. The after chief security officer said his team's initial investigations focused on access to support cases and later made a major breakthrough at the beyond sure shared a suspicious IP address attributed to the third actor. But this indicator we identified the additional file access events associated with the compromise account. I've been found a self in the crosshairs of multiple hacking groups that targets this infrastructure to break into third party organizations. Now they say a sophisticated hacking group targeted IT service this personnel in an effort to convince them to reset multi fact authentication for high pillars users within the target organization. Also, these are different controls you can put in place. When people are high profile VIP users. They typically shouldn't call to help us to get a reset. They should have their own separate communications. That everyone I know is only on a need to know basis, that it's like executive support, like when I used to and I tell you right, this my stream, so when I work the author. We manage security for security operations for Disney. So we see someone with a VIP person that needed a password or something change. So we need to verify where they're traveling because they're executive support, not the regular help desk, because we're the only people that had that number was certain people in the company but it's easy to find, like the regular help desk number for general regular clients or customers or workers, but that's one that should be segmented so they shouldn't be able to really had a number unless they got a mold in the house. They say in that attack after said actors use a new lateral movement and defensive Asian methods, but has not shared any information on third actor itself or ultimate goal. It's unclear if it's related, but last year many customers were targeted as part of a financially motivated cyber crime campaign called octopus. Alright, yeah, I thought is a. They need a better GRC team is speaking to GRC. If you're interested in GRC, you need to check out tech maneuvers club. I got the link in my description. They help people get into GRC. They also provide you, like mentors, interview prep, access to some internships. So GRC is still a thing. I think I skipped over the part in the article where they're saying like it was a field control that they didn't recognize. So they'll get better from this. But it sucks if it's like Every time I think of breaches are thinking about okay, controls, security ops, when they notice that like hey, this unauthorized IP we don't recognize logged into our system to do to hijack some sessions. Like I always think about these things, how long were they even in the environment? How did they maintain persistence? So hopefully author keeps on providing everyone information on how this happened, because what we typically do with these cases is we take this information, like our threat intel teams on ability management, sec ops, ir. We all look at this information and we start trying to build out the tations around this so we can fortify our defenses so we are not susceptible to the same attacks. That's typically what happens. So if you're playing on interviewing this week or the coming weeks for security job, they're going to try to ask you hey, how do you keep up with the news? Something like this. I got go through and I researched through like bleep computer tech crunch business inside any anywhere that's public curves on security. I think sans has one. To anybody that's purpose and security related content, tell her. And I read that. That's how I keep open on the latest attacks and I share my on my team. I had a client one time. He was in my slack channel and because my security news channel that I have in the slack channel speaking of, I think you can join my slack with the link in the description and not I posted it to the chat, but he saw my stuff and he was able to share with his team and they were able to come up and fix the vulnerabilities that they had with whatever exploit that was out there and I think he got promoted or raised from that. I got to ask Derek about that. But that's the whole point. You'd be surprised who's not paying attention, who's just going home and coming to work. So be that person that just just a little bit extra. Whether you don't even have security stuff coming out all the time or a really good threat intel team, if you see some stuff just in the email for everybody every day, just something to stand out. Let's say, ok, he's, he got his head on a swivel. You know football, you got to keep your head on a swivel so you don't get cleaned up. But I want to talk about Palo Alto's. Where is it the security? And we'll talk about them confirming the talent by. So Palo Alto network buys the security, sources say for $400 million. So you remember I did a video, I think, last month. Cisco wants to buy Splunk and they're doing some layoffs for that too. So when they can do those mergers. So that's how it happens. Hey, we got what? 50 some people watching, but only 28 likes. Come on, y'all get me up there, y'all get me up there. I want to make sure I got some content out to y'all this Monday because I know I got a busy week and, yeah, I need y'all get them likes. So eventually I'm gonna hit y'all with that rock and roll music that Kevin Samuels is to hit people with when they want to like. But we reported September that Palo Alto was getting ready to make yet more security acquisitions out of Israel, specifically dig security and talent. Today's confirmation on one of those has arrived. The US security John said it would be a crime. The company is not disclosing the financial terms, but we know it's around 400 million. Okay, let's get to the good stuff. Tech is a huge part of the country's economy, with cybersecurity being especially a big part of that, but movements in that industry investments, mergers and acquisitions, expansions, product launches have in many ways, ground to a heart in the wake of current political events. Remember I just talked about mergers and acquisitions and expansions, the companies looking out for their best self-interest. I suggest you always do the same. It's not like the old days. You can't work 25, 30 years in one place and get a pension and retire they taking their money back. So do what you got to do. Anyways, we already know what's going on with Israel and Palestine Gaza. I'm not covering that. As we previously reported, the focus is data security posture management. Specifically, it helps understand where an organization's assets reside across the cloud. This is huge. Most companies don't just have one cloud environment, they have multiple cloud environments. If you take that into effect, if they have different companies that they own now and they got their cloud environments, it can get a little heckier or more likely like a misalclad environment, providing pictures to security teams, both to help understand what is moving where, but also what to look down and where in the event of a breach. The company's tool will become a part of Palo Alto's Prisma business, which focuses on cloud security. Yeah, we currently use Prisma right now, and right now I think we're using it more of letting us know if a policy out of day or some type of change is made. This is a violation. This needs to be fixed ASAP. So it's kind of like, right now it's more like compliance auditory. It gives us pretty much enriches the alerts we get like typically from AWS and Azure now. But this is big. This is huge for Palo Alto. As companies build AI-enabled applications, there will be a substantial increase in the amount of data transferred to the cloud. Dig's highly innovative DSPM technology have safely enabled this shift, and a dedicated team will come in to help advance Palo Alto network's strengths across cloud security. So they're going to buy DIG. We'll let DIG operate as a solo. The announcement of our intent to join forces with DIG reinforces our longstanding commitment to our team and Israel and to continue growing our footprint with its talent and dedicated cybersecurity professionals. Modern cloud applications leverage abroad, set up data stores to meet complex needs of businesses. They develop a work with DSPM solution. Yada, yada, yada. That's a lot of stuff. I'm not going to bore you over all that, but check this out, guys, because people always talk about is it still too late to get in cyber and cloud? I'm about to read this for you. A McKinsey report from last year notes that breaches are on track to collectively cost $10.5 trillion annually by 2025, a 300% increase on 2015 figures. While a lot of companies have clamped down on spending an IT budget over the last couple of years, security is one area where they have returned to spending, even when other categories have remained frozen or constrained. Now I just want to tell you that Everybody is always talking about don't get in the cyber. It's oversaturated. It's oversaturated. All those other stuff Listen, man, breaches still happening every day. People losing more and more money every day. Companies still want to fortify their systems. That's what I've been telling people too. A lot of people want to get onto the red team. I'm like blue team, purple team really. Where is that? They need more help defending from the threats than trying to get that. They can get people to do penetration tests actually for cheap now. The blue team is the hardest part right now because you're having to adapt so fast. That's where the value is right there. Speaking of that, if you want to get into cybersecurity and you don't know where to start and you need a good course with a good instructor, check out the sponsor right here. This video will be sponsored by Level Careers. It has a 14-day money bag guarantee. It's a Weself Pays course. It's for your reimbursement and counts for continuing education. Here are some of the reasons why you can choose cybersecurity High demand, job security, competitive salary, work variety and fulfilling work. The national average salary for information security analysis of 113,000. Your instructor is Josh Madakor. Here is the brief overview of the course Theory, introduction, security refresher, security frameworks, security regulations and standards, security operations, signals. Then you have these great labs where Azure Login and Monitoring, microsoft Signals, secure Cloud configuration and they help you with job punt and job hunt execution. Use my code to try out Level Careers. You'll get 10% off. By using my code, you'll be taking the next step in propelling your career to new height. Now back to our schedule program. All right, as you all have seen, that's a big number. Do not stop about getting to cloud, especially cloud security. If you can get into the cloud and then niche cloud security, man, you're going to do a great job. You're going to get a lot of water, but I briefly want to talk about Talon, because that's the other company that they bought. They're doing some big things over there. There we go. Talon Confirm Palo Alto has acquired Talon's cybersecurity, sources say for $625 million. Now, not too familiar with Talon, so it'll probably tell us on here. Palo Alto has just confirmed one more major piece of security startup. It has acquired Talon's cybersecurity, especially since they're building enterprise browsers for securing distributed workforce sources sources at the deals value of $625 million. All right, let's see. Talon has raised about $143 million. I don't care about that. No-transcript, let's see. Let's see the bigger I want to get to like why Talon is a good company or a good fit for the Dubai. The bigger cyber picture and how Talon fits in. The deal Palo Alto said will help address the rise of different devices and apps that are being used in organizations, some of which are not provisioned by organizations themselves. The average enterprise uses hundreds of SaaS and web applications, meaning that most workers now done primarily via the browser. Yep. Talon enables organizations to secure all work activity via enterprise browser without touching the personal users of the device or impacting user privacy. Integrating Talon with Prisma SAE I mean SASE will enable Palo Alto Networks to securely connect all users and devices to all applications, including private applications, and apply consistent security, no matter who the user is, what device they use for work. Today's announcement underscores our continued belief in the strength of Israeli cyber security ecosystem and our commitment to our growing team of Israel. While I bring you on device offers an advantage for productivity, it also assures a significant security risk. I agree. Let me see Talon's enterprise browser and power security teams with deep visibility and control over all work related SaaS and web activity on all devices, including personal and unmanaged endpoints. Sase solutions must evolve to secure unmanaged devices with the same consistent security applied to managed devices, so that users can securely access business applications using any device from any location. The unique combination of Prisma, sase and Talon will transform how organizations never get the challenges of today's modern and connected digital environments All right. Yeah, this is a lot. I'm not going to read all this. I'll probably eventually post all these articles I use today. But that's cool because I remember at two of my last financial companies it was BYOD. We use these Citrix on our own computers and in a way it's kind of secure, but not really, because there's a lot of things I can still do on my own computer that you would not be aware of with me using Citrix on there, but if it was on an actual company issue device, it'd be totally different. So I think this actually will help bring your own device actually be a little bit more secure. I don't mind bringing your own device, but I don't think it's that. I don't think it's that secure For people who don't know how to do stuff for technology, no, but for people that, like this term that you use in cyber, that people don't realize it pays a lot of money inside a risk management. Those people you got to watch out for. Bring your own device. Those are the people you got to watch out for. So hats off to them. They're really killing it now. They may or may not have some layouts when it comes to that, but I don't know. I need to see what the rankings are, because Palo Alto really makes some good products. I really like using Cortex. I think Cortex took like came in, cute Phantom for real, all right. So we're briefly going to talk about this, and then I got the last Google thing and towards the end I may be able to get into some questions before I have to go, so I'm trying to speed through some of this stuff. Amazon's one billion cloud deal with Microsoft includes 500,000 license for corporate employees and one million for warehouse workers. So I don't know. These people are like. They're not enemies but they are rivals. So imagine Nickelodeon and Cartoon Network teaming up, right ABC NBC anybody. Imagine them teaming up. So Amazon's multi-year commitments to use Microsoft 365 includes more than 1.5 million licenses seats across different tiers of Microsoft cloud based productivity suite. According to a person with direct knowledge of the deal, this arrangement involves Amazon spending more than a billion over five years. According to an internal Microsoft document viewed by insider and two people familiar with the matter, amazon already uses an on-premise version of Microsoft Office products, but it's moving to the cloud based version of these productivity tools. According to one of the people, the pack includes around 550,000 seats of Microsoft 365, a five product for corporate workers and one million seats for Microsoft 365 at five For frontline staff, such as fulfillment center employees. The person said All right, so Amazon had around 1.5 employees at the end of 2022. We believe that number to be lower now. That's not what it says right here, but I believe the number to be lower now, based on some layoffs. The move represents a major reset of relationship between Amazon and Microsoft. The two companies are bigger cross-town rivals and are fighting for dominance of the cloud computing market. Now Amazon is becoming a major cloud customer of Microsoft, and this is big. That's why I want to get at like how Microsoft and Amazon were able to do this deal, because this is the thing people always want to do their own thing sometimes but sometimes it's just somebody that's much better than you at doing that specific thing and you just let them do it and go do what you're good at. A person familiar with Amazon operates at the company state of the cloud versions of Microsoft 365 products because they didn't previously want to save anything on a competitors cloud, and I agree with that sentiment as well. As you guys know, back in the day we didn't have access to 365 like we have now. It used to be well. When I first started about like got introduced to computers, probably like what 20 years ago was? You get the Microsoft CD and it had like Word and stuff on it. You download that and now it's locally, it's like installed on your host, but I couldn't go to the library and access my files, I had to, like send it to myself in an email or something. Many enterprise companies had things like SharePoint at the time, so now everybody pretty much has their own individual personalized version of SharePoint 365. When I got this new computer that I'm using right now, all my stuff came back from the laptop I previously had, and all my documents that I've been saving in my OneDrive were there. So that's what they said hey, we didn't want that Like. You got to think about it too. I was like do I want my rival having access to my pretty much confidential information? That's one of the things you have to think about. However, I'm pretty sure there's a lot of verbage in that contract about what they can and can't do. Even like, for example, when you do we were talking about penetration testing early in Blue Team when we have companies come in and do penetration tests for us, there are only certain things that you do. They got to get access to the environment and do this. They can't do certain things or it's going to be a big fine or somebody's going to get in trouble. So you still got to have pretty much implicit access to say, okay, you can do that Right here. They just talk about the difference between E5 and F5. E5 is the more expensive one that comes with more security features and can let you do up to a thousand attendees. F5 is like a upscale version but it has some of the same features as E5, but it's a lower price for Microsoft. They're talking about right here the price which we know. Since they're going to lock into a contract, it's not going to be as expensive as everyone else. Amazon's spokesperson said adding up these M365 sticker prices grossly overestimates the value of the deal, but declined to comment on the $1 billion spending commitment described in Microsoft's internal document. Microsoft did not comment. Who knows, but all I say this is good. Now, when I was pre-recordness at one point in time I said I wonder, will we ever see Apple say, hey, we want to use G Suite products, or will we see Apple say, hey, we want to use 365 now? So, who knows, who knows? Now I think we got the last one right here. I saw this earlier. I had something else that I was going to talk about. I talked about the stream I did yesterday, but I felt like this may be a little bit more important to people, based on how many people use Google Calendar and other things on their phone that they're not paying attention. All right, google wants how hackers could abuse Calendar Service as Covert C2 channel. Google is one of multiple threat actors sharing the public proof of concept exploit that leverages its Calendar Service to host, command and control C2 infrastructure. The tool, called Google Calendar Rat GCR, employs Google Calendar events for C2 using a Gmail account. It was first published to GitHub in June 2023. The script creates a covert channel by exploiting the event descriptions in Google Calendar. According to its developer and researcher, who goes by online alias, mr, I don't know how to say that the target will connect directly to Google. The tech giant, in its eighth threat horizon report, said it has not observed the use of the tool in a while, but noted its many threat. Intelligence unit has detected several threat actors sharing the proof of concept on underground forms. Gcr, running on a compromised machine, periodically posts the calendar event description for new commands, executes those commands on the target device and then upstates the event description with command output. The fact that the tool operates exclusively on legitimate infrastructure makes it difficult for defenders to detect suspicious activity. Yeah, I think this is going to be a big one. Now I know on your cell phone if you're not paying attention and you are, I'm just going to say, on some sites that got a lot of malware potential stuff that's malicious that you can come across. There are times when you'll see something like you're opening your calendar and try to make an event or something on your calendar. You got to close everything out real quick or else I don't know what's going to happen to your phone, but I'm thinking that's a little bit of what this is. I would love to probably see a video of the proof of concept, just to actually see that. Here's a picture of showing what's going on. So that's a good little diagram. Development highlights threat actors continue entering and abusing cloud services to blend in with victim environments and flying in the radar. This includes an Iranian nation state actor that was spotted employing macro lace docks to compromise users with a small dynamic backdoor code name. I'm just going to say banana mail. Yeah, banana mail for Windows that uses email for C2. The backdoor uses an iMap to connect to an attacker control webmail account where it parses emails for commands, executes them and sends back an email containing the results. Google threat analysis group said it has since disabled the attacker control Gmail accounts that were used by the malware as a conduit, found this article. It's interesting. Follow us on Twitter and link them. All right, that was actually sure I thought it was going to be longer, so let me throw this last one, because I know I didn't. Where is it? Real quick? That was the last one I had, but then, since it was so short, I want to see if I can go into the one I was looking at yesterday. Probably can't. Oh, you know what? Let's talk about this real quick. Mr Cooper was hit by a cyber attack, so that was pretty interesting. They initially said they had an outage, but we know most of the time when the companies say they got an outage, they've been attacked, and they say that because they don't want to just alarm everybody and put them in disarray. You only want to tell somebody what they need to know and then eventually you have to let your customers know like, hey, your information possibly could be out there. We don't know yet, but yeah, we were hit. Ok, this is the one I want to talk about real quick, because I thought this one was interesting. Sox5 systems proxy service effects 10,000 systems worldwide and we'll just get over it real quick. But a proxy botnet called Sox5 Systems has been affecting computers worldwide via the private loader and the made in malware loaders, currently counting 10,000 effective devices. And the reason why I want to go through this one because it was a more in-depth write-up and it talked about how they want to establish the persistence on the machine. The malware effects computers and turns them into traffic forwarding processes for malicious and legal anonymous traffic. It sells the service to subscribers who pay between $1.40 per day and crypto to access it. Now let's see Sox5 systems. Detailed report by Bitsite clarifies that the proxy botnet has been around since 2016, but has remained relatively under the radar until recently. All right, let's go right here. The proxy bot payload is a 300 kilobyte 32-bit DLL. It uses a domain generation algorithm to connect with its command and control server and send profiling info on an effective machine. In response, the C2 can send one of the following commands idle forming no action. Connect to a back connect server. Disconnect from the back connect server. Updips means update the list of IP address. Authorize to send traffic and updoers not implemented yet. The connected command is crucial in structing the bot to establish a back connect server. Connection of report 1074. Once connected to the threat actor's infrastructure, the effective device can now be used as a proxy server and sold to the other threat actor. So one of the things that we always typically talk about when it comes to security is kind of disabling ports you don't need. So I want to make sure you disable all ports that you have on your device. Make sure you disable all ports that you do not need for a reason. And what we used to do when I worked with JP Morgan I was like on data analytics, as connectivity assurance team. We just went through reports of our firewalls and what type of traffic they were doing by certain ports were needed and why they were open. And that's one of the reasons right there. If it doesn't need to be open, then we need to close it because it's potentially a risk. When connecting to the back connect server, it uses a field that determines the IP address proxy back where, I'm sorry. When connected to the back connect server, it uses fields that determine the IP address proxy password list of block ports. These field parameters ensure that only boxing that allow this, with the necessary locking credentials, can interact with the control servers locking on authorize attempts. So let's see where we go. Bitsight map. I want to talk about that I'm trying to see. It's a point where it tells us because I'm almost dealt with the article but I might have skipped over this and see something real quick. Let's see something real quick. There we go. I skipped over this, but I want to read this part. The simple thing about BitSight. Are named previewerexe and their task is to inject the proxy bot onto the host memory and establish persistence via Windows service called content dwsvc. So sometimes in interviews they may say how would somebody want to establish persistence on a host? So you can say, hey, well, they could possibly inject the proxy bot onto the host memory and establish persistence with their own type of Windows service. That's trying to make it look legitimate and you can research a little bit more in case they want to go more indefinite. Like I said earlier, if you start going through some of these, you'll learn a lot and then you can just start researching and using this information in your interviews, because nobody's going to know 100% everything. All you got to do is know what you know and know what you don't know. But this is anything that big a thing. Now they see most of this distribution in the United States, brazil, colombia, south Africa, argentina and Nigeria. And they got two subscription services for standard VIP and it's limited to the VIP is SOX4, sox5, or HTTP, which is these are just secure ways of connecting. And yeah, here are the tiers. But let me stop sharing that. All right, guys, that's that's pretty much all I have for you all today. Let me see if I got any questions in the chat before I get out of here. Drew Nicos, yeah, I already. I talked about the Dallas attack a couple of weeks ago and yeah, I went over to Octa Breach. It's, it's earlier on in the stream, it's early on the stream. But yeah, guys, that's pretty much what I have for you. If you enjoyed everything, please make sure you like this, share it out and come back and watch it in, add some comments or something. Also, like I said, I'll be going live on Friday with the job father. We'll be talking about anime and tix. So come with some questions. We'll be marketing it at some more to everybody so we can really help people out. That we can in the timeframe that we have for that live stream. But I appreciate everybody, appreciate y'all for rock with me until next time. Shubah HD Peace.