5+All Security Resource Digest for 2023–11–23

Here are my favorite 5 security resources added to my security resource database since yesterday. These resources will range from blogs and Reddit posts, through paid resource subscriptions and events, to official agency communications or newsletters.

Top 5 Security Resource Summaries for Nov 23, 2023

#1: OpenAI researchers warned board of AI breakthrough ahead of CEO ouster

CNBC | Link to Resource

• OpenAI CEO ousted due to staff letter on powerful AI discovery with potential to threaten humanity, triggering employee backlash.

#2: Employee Policy Violations Cause 26% of Cyber Incidents

Infosecurity | Link to Resource

• 26% of cyber incidents in businesses caused by intentional security protocol violations by employees, challenging the belief of human error, with deliberate weak passwords, visiting unsecured websites, and neglecting updates as factors; financial services sector reports 34% of incidents for personal gain.

#3: AI Solutions Are the New Shadow IT

The Hacker News | Link to Resource

• Employees’ use of AI tools without following proper IT and cybersecurity procedures poses serious risks to SaaS security, especially with indie AI startups lacking enterprise-level security measures, resulting in data leakage, content quality issues, product vulnerabilities, and compliance risks; integrating indie AI with enterprise SaaS apps can enhance productivity but also increase the probability of backdoor attacks. CISOs and cybersecurity teams can mitigate indie AI tool security risks by conducting due diligence, implementing application and data policies, delivering regular employee training, asking critical questions during vendor assessments, and fostering relationships with business teams.

#4: InfectedSlurs Botnet Spreads Mirai via Zero-Days

Akamai | Link to Resource

• Akamai SIRT discovered two zero-day vulnerabilities being actively exploited in the wild to build a Mirai-based DDoS botnet, emphasizing the importance of honeypots for threat intelligence and early detection, and the need to change default passwords to prevent unauthorized access.

#5: Stealthy Malware Leverages MQTT Protocol in Spam Campaigns

Decipher | Link to Resource

• - WailingCrab malware expands targeting and updates communication tactics, now delivered via spam emails worldwide and uses MQTT protocol for C2 communication, making it harder to detect; Hive0133 threat actor actively expands campaign, promoting awareness of IoCs and phishing tactics, and blocking or monitoring MQTT protocol recommended.

All Security Resources Added by Nov 23, 2023

View all of the security-related resources added in the last day

Access the full security database!

To see these full records — including any downloadable PDFs, files, or additional links to related sources — or find any of the other records added to the SSD, you can browse it (for free!):

• On desktop dashboards , with full search / sort / filter functionality
• In a mobile app , with embedded tables and a form for you to add your own materials :)

And, take a look at some of my other security projects — including research reports, guides, webinars, podcasts, and personal certifications.

Please share this digest and database with anyone you think would find these resources helpful! And, let me know what you think?

Final Notes:

• These are the top resources added to my personal security database in the last day. So, while many of them are timely, it’s based on their add date to the database. They might have been published five years ago or five minutes ago!
• This database project — including all its supporting automations and content subscriptions — is entirely self-funded. It’ll remain free to anyone who would like to use it! However, you can help support the project, either on Ko-Fi or simply by sharing it with others. :)
• Originally published on Medium .