Steve Puluka
@spuluka.bsky.social
Network & Security Engineer / Cantor & Religious Education Instructor http://puluka.com/home
Another fallout from the Oracle E business Suite breach is the Washington Post. The group used this access to deploy Ransomware.
www.reuters.com/business/med...
www.reuters.com/business/med...
Washington Post says it is among victims of cyber breach tied to Oracle software
The Washington Post said it is among victims of a sweeping cyber breach tied to Oracle software.
www.reuters.com
November 12, 2025 at 10:28 AM
Another fallout from the Oracle E business Suite breach is the Washington Post. The group used this access to deploy Ransomware.
www.reuters.com/business/med...
www.reuters.com/business/med...
Good news that the shut down of internet scam centers continues as Cambodian police arrest over 600 suspects working at the compound.
www.phnompenhpost.com/national/sva...
www.phnompenhpost.com/national/sva...
www.phnompenhpost.com
November 11, 2025 at 11:10 AM
Good news that the shut down of internet scam centers continues as Cambodian police arrest over 600 suspects working at the compound.
www.phnompenhpost.com/national/sva...
www.phnompenhpost.com/national/sva...
Organized crime is merging cyber attacks on trucking and freight companies systems to feed information for physical heists of cargo in transit, creating a new multimillion dollar criminal enterprise.
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
Remote access, real cargo: cybercriminals targeting trucking and logistics | Proofpoint US
Key findings Cybercriminals are compromising trucking and freight companies in elaborate attack chains to steal cargo freight. Cargo theft is a multi-million-dollar criminal
www.proofpoint.com
November 10, 2025 at 10:07 AM
Organized crime is merging cyber attacks on trucking and freight companies systems to feed information for physical heists of cargo in transit, creating a new multimillion dollar criminal enterprise.
www.proofpoint.com/us/blog/thre...
www.proofpoint.com/us/blog/thre...
Good news from Europol that a large international team arrested 6 executives running a credit card fraud operation since 2016 affecting 4.3 million cards and 300 million euros.
www.europol.europa.eu/media-press/...
www.europol.europa.eu/media-press/...
Operation Chargeback: 4.3 million cardholders affected, EUR 300 million in damages – Three criminal networks suspected of misusing credit card data from cardholders across 193 countries; 18 suspects a...
On 4 November 2025, an international coordinated action day targeted three major fraud and money laundering networks as part of Operation “Chargeback.” Led by the Cybercrime Department (Landeszentrals...
www.europol.europa.eu
November 9, 2025 at 10:28 AM
Good news from Europol that a large international team arrested 6 executives running a credit card fraud operation since 2016 affecting 4.3 million cards and 300 million euros.
www.europol.europa.eu/media-press/...
www.europol.europa.eu/media-press/...
Good news that Polish authorities have arrested 11 suspects in running an investment scam call center pulling over $20 million from at least 1500 victims.
cbzc.policja.gov.pl/bzc/aktualno...
cbzc.policja.gov.pl/bzc/aktualno...
Fałszywe inwestycje - funkcjonariusze CBZC rozpracowali międzynarodową grupę przestępczą
W wyniku skoordynowanych działań prokuratury oraz Zarządu w Krakowie Centralnego Biura Zwalczania Cyberprzestępczości przy współudziale Zarządów z Radomia oraz Gorzowa Wielkopolskiego, rozbito grupę p...
cbzc.policja.gov.pl
November 8, 2025 at 11:01 AM
Good news that Polish authorities have arrested 11 suspects in running an investment scam call center pulling over $20 million from at least 1500 victims.
cbzc.policja.gov.pl/bzc/aktualno...
cbzc.policja.gov.pl/bzc/aktualno...
Search summaries are convenient but we are still seeing hallucinations like this from Microsoft Bing. I asked who was Tsar in 1647. What's a 100 years between friends?
November 7, 2025 at 8:22 PM
Search summaries are convenient but we are still seeing hallucinations like this from Microsoft Bing. I asked who was Tsar in 1647. What's a 100 years between friends?
An international team from Australia, Canada and the US CISA have created updated guidelines on how to security Microsoft Exchange servers for those still running email on premises.
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
CISA, NSA and Global Partners Unveil Security Blueprint for Hardening Microsoft Exchange Servers | CISA
www.cisa.gov
November 7, 2025 at 12:32 PM
An international team from Australia, Canada and the US CISA have created updated guidelines on how to security Microsoft Exchange servers for those still running email on premises.
www.cisa.gov/news-events/...
www.cisa.gov/news-events/...
Going live with the #NFD39 presentation from Cisco for @techfieldday.com getting an update on the new #AI features for their cluster network fabric.
www.linkedin.com/video/live/u...
www.linkedin.com/video/live/u...
Cisco Presents at Networking Field Day 39 | Tech Field Day
Day Two of Networking Field Day #NFD39 begins with a great presentation from our friends at Cisco! Tune in to learn more.
Presenters: Arun Annavarapu, Paresh Gupta
Moderator: Tom Hollingsworth
Del...
www.linkedin.com
November 6, 2025 at 6:31 PM
Going live with the #NFD39 presentation from Cisco for @techfieldday.com getting an update on the new #AI features for their cluster network fabric.
www.linkedin.com/video/live/u...
www.linkedin.com/video/live/u...
In the continued fight to prevent malicious usage of administrator credentials, Microsoft has pushed revised security features on these accounts.
www.bleepingcomputer.com/news/microso...
www.bleepingcomputer.com/news/microso...
Windows 11 KB5067036 update rolls out Administrator Protection feature
Microsoft has released the KB5067036 preview cumulative update for Windows 11 24H2 and 25H2, which begins the rollout of the Administrator Protection cybersecurity feature and an updated Start Menu.
www.bleepingcomputer.com
November 6, 2025 at 12:54 PM
In the continued fight to prevent malicious usage of administrator credentials, Microsoft has pushed revised security features on these accounts.
www.bleepingcomputer.com/news/microso...
www.bleepingcomputer.com/news/microso...
Going live with the #NFD39 presentation from Graphiant for @techfieldday.com getting an update on the new #AI features for their NaaS.
www.linkedin.com/video/live/u...
www.linkedin.com/video/live/u...
Graphiant Presents at Networking Field Day 39 | Tech Field Day
Graphiant Presents at Networking Field Day 39
www.linkedin.com
November 5, 2025 at 5:02 PM
Going live with the #NFD39 presentation from Graphiant for @techfieldday.com getting an update on the new #AI features for their NaaS.
www.linkedin.com/video/live/u...
www.linkedin.com/video/live/u...
The annual report from Github shows impressive adoption with over 180 million users and 630 million projects. Also interesting that TypeScript has beat Python as the top language.
github.blog/news-insight...
github.blog/news-insight...
Octoverse: A new developer joins GitHub every second as AI leads TypeScript to #1
In this year’s Octoverse, we uncover how AI, agents, and typed languages are driving the biggest shifts in software development in more than a decade.
github.blog
November 5, 2025 at 1:12 PM
The annual report from Github shows impressive adoption with over 180 million users and 630 million projects. Also interesting that TypeScript has beat Python as the top language.
github.blog/news-insight...
github.blog/news-insight...
The upgrade to SafeBrowsing v5 is now in the nightly releases of Firefox browser for testing. This helps improve real time detection phishing and malware on the web.
attackanddefense.dev/2025/10/28/f...
attackanddefense.dev/2025/10/28/f...
Firefox Security & Privacy Newsletter 2025 Q3
Welcome to the Q3 2025 edition of the Firefox Security and Privacy newsletter!
attackanddefense.dev
November 4, 2025 at 9:08 AM
The upgrade to SafeBrowsing v5 is now in the nightly releases of Firefox browser for testing. This helps improve real time detection phishing and malware on the web.
attackanddefense.dev/2025/10/28/f...
attackanddefense.dev/2025/10/28/f...
The Canadian Cyber authorities have noted lessons learned for CISOs from three recent industrial control systems breaches this year.
www.cyber.gc.ca/en/alerts-ad...
www.cyber.gc.ca/en/alerts-ad...
AL25-016 Internet-accessible industrial control systems (ICS) abused by hacktivists - Canadian Centre for Cyber Security
AL25-016 Internet-accessible industrial control systems (ICS) abused by hacktivists
www.cyber.gc.ca
November 3, 2025 at 10:29 AM
The Canadian Cyber authorities have noted lessons learned for CISOs from three recent industrial control systems breaches this year.
www.cyber.gc.ca/en/alerts-ad...
www.cyber.gc.ca/en/alerts-ad...
New tool called Find-WSUS that assists in discovering WSUS servers with configurations susceptible to the CVE-2025-59287 attacks. Thanks to @mubix.com Rob Fuller
github.com/mubix/Find-W...
github.com/mubix/Find-W...
GitHub - mubix/Find-WSUS: Helps defenders find their WSUS configurations in the wake of CVE-2025-59287
Helps defenders find their WSUS configurations in the wake of CVE-2025-59287 - mubix/Find-WSUS
github.com
November 2, 2025 at 10:32 AM
New tool called Find-WSUS that assists in discovering WSUS servers with configurations susceptible to the CVE-2025-59287 attacks. Thanks to @mubix.com Rob Fuller
github.com/mubix/Find-W...
github.com/mubix/Find-W...
Australia is suing Microsoft claiming they are basically forcing customers to pay for #AI features in the M365 subscriptions.
www.theguardian.com/australia-ne...
www.theguardian.com/australia-ne...
Microsoft sued for allegedly misleading millions of Australians with its AI pricing
Tech giant faces hefty fines from consumer watchdog for allegedly trying to convince customers to pay more than needed for their Microsoft 365 subscription
www.theguardian.com
November 1, 2025 at 8:58 AM
Australia is suing Microsoft claiming they are basically forcing customers to pay for #AI features in the M365 subscriptions.
www.theguardian.com/australia-ne...
www.theguardian.com/australia-ne...
The CAPTACHA feature is now in GA for Azure hosting sites to help cut down on bots crawling web sites.
techcommunity.microsoft.com/blog/azurene...
techcommunity.microsoft.com/blog/azurene...
General Availability of CAPTCHA in Azure Front Door WAF | Microsoft Community Hub
We are excited to announce the General Availability (GA) of the Azure Web Application Firewall (WAF) CAPTCHA challenge for Azure Front Door, empowering...
techcommunity.microsoft.com
October 31, 2025 at 9:10 AM
The CAPTACHA feature is now in GA for Azure hosting sites to help cut down on bots crawling web sites.
techcommunity.microsoft.com/blog/azurene...
techcommunity.microsoft.com/blog/azurene...
For a change the security issues at F5 are affecting revenue for at least the next two quarters according to their latest filings. I’m not sure why this set of vulnerabilities finally matters in a world that normally ignores them.
www.axios.com/2025/10/27/f...
www.axios.com/2025/10/27/f...
Cybersecurity firm F5 anticipates revenue hit after attack
The company anticipates customers will slow their purchasing decisions as they respond to the incident.
www.axios.com
October 30, 2025 at 9:20 AM
For a change the security issues at F5 are affecting revenue for at least the next two quarters according to their latest filings. I’m not sure why this set of vulnerabilities finally matters in a world that normally ignores them.
www.axios.com/2025/10/27/f...
www.axios.com/2025/10/27/f...
The good news from the latest Ransomware report by Coveware is that payment rates have dropped below 25% in the 3rd quarter, scoring a win for blue teams and law enforcement as fewer are needing to pay out for recovery.
www.coveware.com/blog/2025/10...
www.coveware.com/blog/2025/10...
Insider Threats Loom while Ransom Payment Rates Plummet
The percentage of companies choosing to pay ransoms dropped significantly, while threat actors shift their tactics in response to decreasing profits.
www.coveware.com
October 29, 2025 at 8:52 AM
The good news from the latest Ransomware report by Coveware is that payment rates have dropped below 25% in the 3rd quarter, scoring a win for blue teams and law enforcement as fewer are needing to pay out for recovery.
www.coveware.com/blog/2025/10...
www.coveware.com/blog/2025/10...
In the continued crack down on internet scam centers the Thailand government is working to revoke the naturalized citizenship of one of the scam center leaders.
bangkokpost.com/thailand/general/3125874/thailandrevokes-citizenship-ofcambodiatycoon-on-scam-activity
bangkokpost.com/thailand/general/3125874/thailandrevokes-citizenship-ofcambodiatycoon-on-scam-activity
Thailand revokes citizenship of Cambodia tycoon on scam activity
Thailand’s government revoked citizenship of a Cambodian high-ranking businessman after he was accused of being involved with cyber-scam operations and human trafficking networks.
bangkokpost.com
October 28, 2025 at 9:20 AM
In the continued crack down on internet scam centers the Thailand government is working to revoke the naturalized citizenship of one of the scam center leaders.
bangkokpost.com/thailand/general/3125874/thailandrevokes-citizenship-ofcambodiatycoon-on-scam-activity
bangkokpost.com/thailand/general/3125874/thailandrevokes-citizenship-ofcambodiatycoon-on-scam-activity
So it appears that Starlink is the major internet provider for scam compounds in Myanmar.
www.france24.com/en/live-news...
www.france24.com/en/live-news...
Myanmar scam cities booming despite crackdown -- using Musk's Starlink
They said they had smashed them. But fraud factories in Myanmar blamed for scamming Chinese and American victims out of billions of dollars are still in business and bigger than ever, an AFP investiga...
www.france24.com
October 27, 2025 at 8:49 AM
So it appears that Starlink is the major internet provider for scam compounds in Myanmar.
www.france24.com/en/live-news...
www.france24.com/en/live-news...
Interesting report from Epic shows an upward trend of US state AG laughing more privacy protection lawsuits with over 1200 cases between 2020-2024.
epic.org/state-ag-pri...
epic.org/state-ag-pri...
State Attorneys General & Privacy: Enforcement Trends, 2020-2024
epic.org
October 26, 2025 at 9:47 AM
Interesting report from Epic shows an upward trend of US state AG laughing more privacy protection lawsuits with over 1200 cases between 2020-2024.
epic.org/state-ag-pri...
epic.org/state-ag-pri...
Four companies are facing lawsuits from Reddit over data scraping from the site in what looks like a continuation of their attempt to monetize content in the #AI era.
www.reuters.com/world/reddit...
www.reuters.com/world/reddit...
www.reuters.com
October 25, 2025 at 9:17 AM
Four companies are facing lawsuits from Reddit over data scraping from the site in what looks like a continuation of their attempt to monetize content in the #AI era.
www.reuters.com/world/reddit...
www.reuters.com/world/reddit...
If you ever wondered why those creepy ads follow you around the internet this provides a pretty good deep dive on the browser survaliance state.
www.wired.com/story/what-i...
www.wired.com/story/what-i...
Here’s What Your Browser is Telling Everyone About You
Your browser sends a lot of information with each website you visit. That can be used to track you across the internet.
www.wired.com
October 24, 2025 at 9:03 AM
If you ever wondered why those creepy ads follow you around the internet this provides a pretty good deep dive on the browser survaliance state.
www.wired.com/story/what-i...
www.wired.com/story/what-i...
Nice overview by Itential on what MCP does and how to use them to interface with #AI agent systems.
www.itential.com/blog/company...
www.itential.com/blog/company...
MCP 101: Understanding the Model Context Protocol
Learn how the Model Context Protocol (MCP) standardizes AI tool integration, enabling seamless, secure, and scalable automation across platforms.
www.itential.com
October 23, 2025 at 9:19 AM
Nice overview by Itential on what MCP does and how to use them to interface with #AI agent systems.
www.itential.com/blog/company...
www.itential.com/blog/company...
Interesting story on how the iLife A11 smart vacuum is spying on users and disables if you cut off the phone home feed.
codetiger.github.io/blog/the-day...
codetiger.github.io/blog/the-day...
The Day My Smart Vacuum Turned Against Me
Would you allow a stranger to drive a camera-equipped computer around your living room? You might have already done so without even realizing it.
The Beginning: A Curious Experiment
It all started ...
codetiger.github.io
October 22, 2025 at 9:07 AM
Interesting story on how the iLife A11 smart vacuum is spying on users and disables if you cut off the phone home feed.
codetiger.github.io/blog/the-day...
codetiger.github.io/blog/the-day...