Be aware of fraudsters taking advantage of the devastating incident in Beirut

As we have seen in the past, any major breaking news and large events draw the attention of cyber criminals, as they try to take advantage of such situations. It is devastating what happened in Beirut, and many countries have already sent help. 

As a cyber security professional, I would like to seize the opportunity and bring into people’s attention that malicious groups and fraudsters most probably will try to take advantage of the situation in order to profit from it. During such times there is a rise in different types of malicious communications such as, emails pretending to be from legitimate charities, spear phishing messages through all types of social media, even actual phone calls. 

This is a call to everyone to be vigilant, and especially to the security community to come together with a common message, to raise awareness. 

Please do your diligence if you want to help. Do not send money to charities that “pop-up” the last minute without any tangible evidence that these are legitimate. Do not trust links posted on social media about online donations. If you want to send financial aid, do that only through official channels (such as, official government sites). 

Whatever the reason in such difficult times, be always aware that there are malicious groups out there that they only care about taking advantage of such situations. Please keep in mind that every dollar given unintentionally to fraudsters, is a dollar that will be missed by the people who are affected from this unprecedented incident. 

SHe CISO - May 2020, Mentoring Call - CISO Talk

It was a really great to be invited to the SHe CISO mentoring call this May.  Lyn Webb and myself had the opportunity to have a chat with Chani Simms and Didar Gelici around Cybersecuiry challenges. 

In this call I had an opportunity to give a brief inside to my 3xM approach when it comes to dealing with challenges in the cybersecurity culture of organisations. 

The 3xM approach is composed of Mentality > Mindset > Maturity and how these interconnect with each other, in order to compliment each other, in a continuous cycle. Stay tuned for an upcoming talk that will attempt to set some foundations on how leading roles in cybersecurity have a responsibility to evolve towards a holistic 360 approach across all verticals of an organisation (digital ecosystem). 

Security BSides Athens 2020

Given the current situation with most conferences having been canceled in 2020, Security BSides Athens 2020 (www.bsidesath.gr) took the decision to convert this year's event into a virtual conference. Based on that decision, we seized the opportunity to reach out to more people around Greece, and of course, welcoming anyone who wanted to join us from around the world (see here).

A virtual event has many challenges, especially when having to make sure everything is 100% ready before you hit the "go live" button. For the past 5 year, this annual meetup of Security BSides in Athens brought people together from all over the world, both Greeks and non-Greeks. We all have busy lives and we wanted to give people to opportunity to keep in touch with friends & colleagues that we tend to see once a year. Hence, even though we do not want this virtual get-together to be the norm, at the same time, it allows us to stay in touch. In our case, we used this year’s virtual event as an opportunity to a) increase the number of people who can “attend”, b) invest to a bigger/better event in 2021. In other words, as we do this for the community despite how much more work it needed, we are very happy that we are now in a position to say: Security BSides Athens 2020, was not cancelled! ;) 

A big -Thank You- to the whole team for supporting the event and spending their time putting this year's virtual conference together. It goes without saying that we couldn't have done this without our sponsors and speaker, who decided to support this year's Security BSides Athens 2020. 

We have now archived the Security BSides Athens 2020 and you can find all the relevant information (speakers, sponsors, participation, youtube videos, etc.) here: 2020.bsidesath.gr 

youtube-dl (how to) - best guide to get you started

####################################################################

###        youtube-dl - the best guide to get you started        ###

###                                                              ###

>> Installing

[Note]: Before you start; 

If you have upgraded to Catalina (on never have installed xcode and gcc before), then you will need to:

install Xcode (from Apple's App Store), then run the command: xcode-select --install 

then install gcc, and then install youtube-dl

[TIP]: You must run brew update first. Then you can either use the brew upgrade to update all packages, or, run brew upgrade youtube-dl to update only youtube-dl

//To install youtube-dl [1] under MacOS use:
brew install youtube-dl

//Once it is installed, update the application:
sudo youtube-dl -U

Re-encode screen recordings to work in iMovie

There was a case where I did some screen recordings but iMovie refused to see the video files .mp4 format. Video captures can be very useful as proof-of-concept and/or evidence of actions performed, for example during a security assessment, such as penetration testing sessions. 

In my case, it was showing only a "green screen" instead of what it was actually captured during the screen recording. Bear in mind that VLC could play the video file without any issues, but when loaded in iMovie, the same video file was failing to show properly.

If you have ffmpeg installed on your MacOS, you can very easily fix this problem, by re-encoding e.g. from an .mp4 file to a .mov file. 

Keep in mind, simply changing the "container" from an .mp4 video to .avi/.mov in most cases won't fix your problem. Hence, doing something like the following, as many others advice online, it will simply not work for you:
- ffmpeg -i Video.mp4 -c copy Video.mp4
- ffmpeg -i Video.mp4 -acodec copy -vcodec copy -f mov Video.mov


Re-encoding however, will fix your problem and ensure that iMovie can see the video as they were captured:

ffmpeg -i ScreenRec.mp4 -c:v libx264 -preset fast -profile:v baseline outRec.mov 

Of course, if you want to keep the same format, you can do:

ffmpeg -i ScreenRec.mp4 -c:v libx264 -preset fast -profile:v baseline outRec.mp4