Welcome to another_secpro!

This week, we go over a variety of commentaries about the emerging new issues around AI and cybersecurity in the new year - now that we are almost a whole month into it! We also free up our old podcasts to help a new gang of budding cybersecurity experts to wrap their ears around some of the best insights that our associated authors have had to share with you all over the last two years. There is plenty to keep you busy this week, so make sure to tune in!

That's why in the editor's spotlight this week, I advise you to all read Schneier's AI Will Write Complex Laws.

As always, make sure to check out the templates, podcasts, and other stuff on ourSubstackand access the very best that we have to offer. You might even learn something!

Cheers!
Austin Miller
Editor-in-Chief

In the run up to season three of the secpro podcast, here is a roll out of the first season - that we recorded all that time ago! - for free. This means everyone can get access to some great talks about getting ahead in cybersecurity, using different tools, and getting into exciting areas for cybersecurity professionals. Don't take my word for it - check it out!

1. Hack the Cybersecurity Interview with Ken, Christophe, and Tia

2. The Ultimate Kali Linux Guide with Glen D. Singh

3. Threat Hunting using Elastic Stack with Andrew Pease

4. Cybersecurity Threats, Malware Trends and Strategies with Tim Rains

5. What is Palo Alto Networks? with Tom Piens

6. Azure Penetration Testing for Ethical Hackers with Karl Fosaaen

7. Managing Challenges in Computer Forensics with William Oettinger

Backupify - The State of SaaS Backup and Recovery Report 2025: "How are organizations safeguarding their critical data in an age of hybrid work, rapid cloud adoption and evolving cyberthreats? The State of SaaS Backup and Recovery Report 2025 unveils key findings from more than 3,000 IT and information security professionals worldwide."

Bruce Schneier - Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024): "Last month, Henry Farrell and [Schneier] convened the Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024) at Johns Hopkins University’s Bloomberg Center in Washington DC. This is a small, invitational workshop on the future of democracy. As with the previous two workshops, the goal was to bring together a diverse set of political scientists, law professors, philosophers, AI researchers and other industry practitioners, political activists, and creative types (including science fiction writers) to discuss how democracy might be reimagined in the current century."

Bruce Schneier - AI Will Write Complex Laws: "Artificial intelligence (AI) is writing law today. This has required no changes in legislative procedure or the rules of legislative bodies—all it takes is one legislator, or legislative assistant, to use generative AI in the process of drafting a bill."

Bruce Schneier - Biden Signs New Cybersecurity Order: "President Biden has signed anew cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Somedetails: The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents­—namely, the security failures of federal contractors."

Bruce Schneier - Social Engineering to Disable iMessage Protections: "A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website. But because they came from unknown phone numbers, the links did not work. So—this is the new bit—the messages said something like: “Please reply Y, then exit the text message, reopen the text message activation link, or copy the link to Safari browser to open it."..."

Krebs on Security - MasterCard DNS Error Went Unnoticed for Years: "The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals."

Krebs on Security - Chinese Innovations Spawn Wave of Toll Phishing Via SMS: "Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states."

Push Security - 2024: A year of identity attacks: "Identity attacks where attackers look to take over accounts on internet-facing apps and services are by far the most common attack experienced by organizations today. But the events of 2024 show that they’re now also the most impactful."

Bipan101/Phishing-Site-Detector: A JavaScript-based browser extension that detects and blocks phishing sites, protecting users from malicious links.

codeesura/Anti-phishing-extension: Safeguard your online experience with Anti-Phishing Extension! This extension is meticulously developed to protect users from potential phishing attacks by actively scanning the websites visited in real-time. It employs an updated blacklist to cross-check each website and promptly alerts users if a potential threat is detected, enhancing.

julioliraup/Antiphishing: Suricata rulesets for protecting against phishing attack.

phishai/phish-protect: Chrome extension to alert and possibly block IDN/Unicode websites and zero-day phishing websites using AI and Computer Vision.

phished-co/phished_web_app: Protect your friends and family from phishing attacks by phishing them yourself.

Already, we've plunged back into the never ending conveyer belt of conference after conference (for those of you lucky enough to attend the Intersec meeting in Dubai, let us know how it went!). If you've started the year on the wrong foot, you might think you're already behind the pace of the industry and only have a difficult year battling with newer, more esoteric adversaries than ever before.

Here are the five conferences we're looking forward to the most this year (in no particular order...) and how you can get involved to boost your posture!

RSA Conference (28th April - 1st May): The RSA Conference is a cornerstone of the global cybersecurity calendar. Known for its comprehensive content tracks, this conference addresses everything from cloud security to zero-trust architectures. The event also features an innovation sandbox, where start-ups showcase breakthrough technologies.

CyberUK (6th-7th May): Organised by the UK’s National Cyber Security Centre (NCSC), CyberUK is the government’s flagship cybersecurity event. It brings together security leaders, policymakers, and industry professionals to discuss pressing cybersecurity issues. With a strong focus on collaboration and innovation, CyberUK is a hub for public and private sector expertise.

DSEI (9t-12th September): DSEI stands out as a global platform that bridges defence, security, and cybersecurity. With its broad focus on cutting-edge technologies, this event is critical for those involved in national defence, law enforcement, and private security. Cybersecurity is a prominent theme, with sessions addressing both offensive and defensive cyber strategies.

Defcon (7th-10th August): Defcon is a legendary event in the hacker and cybersecurity communities. Known for its hands-on approach, Defcon offers interactive workshops, capture-the-flag contests, and discussions on emerging threats. The conference is ideal for those looking to immerse themselves in technical aspects of cybersecurity.

Black Hat (2nd-7th August): Black Hat USA is synonymous with advanced security training and research. This premier event features technical briefings, hands-on workshops, and sessions led by global security experts. Attendees can explore the latest trends in penetration testing, malware analysis, and defensive techniques, making it a must-attend for cybersecurity professionals.

And here are our picks for next month:

Cyber Security Training at SANS Cyber Security Central (3rd-8th Feb, hybrid): "World-Class Training, Live Online: Join us for an unparalleled learning experience delivered by world-renowned cybersecurity instructors. Benefit from real-time access to industry experts, immersive training sessions, and industry-leading hands-on labs - all from the comfort of your own environment."

Conf42: Python 2025 (6th Feb, hybrid): Accelerate the AI lifecycle, algorithmic trading with Python, implementing agentic AI solutions from scratch, and maximising cloud - there's something here for everyone! Check out this Python-focused conference to get the most out of your skillset.

Cybersecurity Implications of AI (12th Feb, online): "The 2025 ISMG Virtual AI Security Summit is the ultimate digital gathering for cybersecurity leaders and AI innovators, offering unique case studies into how artificial intelligence is transforming security strategies across diverse sectors. This global summit will feature actionable perspectives from top industry experts, exploring AI’s role in shaping the future of threat defense and identity protection."

SecureWorld Financial Services Virtual Conference (27th Feb, hybrid): Investigate forensics, develop playbooks, and utilize AI towards the ends of securing your secuirty posture in the dangerous world of financial services. A variety of speakers and networking opportunities will help you make the step up.