open source and cybersecurity news

May 26, 2023

150th Episode, Business Email Compromise, GUI-Vil, EU AI Act

In this Episode:

Episode Transcription:

Pokie Huang:

Hey, it’s 5:05 on Friday, May 26th, 2023. From the Sourced Podcast Network in New York City, this is your host, Pokie Huang. Stories in today’s episode come from Mark Miller in Albuquerque, New Mexico, Edwin Kwon in Sydney, Australia, Katy Craig in San Diego, California, Olimpiu Pop in Transylvania, Romania, Marcel Brown in St. Louis, Missouri.

Let’s get to it.

Mark Miller: 

When we first started this little journey a little over six months ago, it was one of those, “Wouldn’t it be cool if…” ideas. I reached out to a couple of colleagues to run it by them and it seemed to hit a sweet spot that wasn’t being covered yet. That’s the short story of “It’s 5:05” and how it started. 

150 episodes later, we’re still here! 

That’s an incredible number. Normally a weekly podcast would take three years to produce 150 episodes. We accomplished it in less than seven months. The credit goes to the people who volunteer to get up each morning, whether in Sydney, Australia or Transylvania, Romania or San Diego, California, Camp Hill, Pennsylvania, or even Washington DC, to submit a segment for that day’s show. 

One of the things that’s available to you that you might not know about as a listener is you have access to each individual segment of an episode as a standalone “Audiogram” report. If you like a specific reporter, you can actually follow them on Twitter or LinkedIn to have access to those Audiogram reports. We’ve discovered that those are the heart of our contribution to the community of listeners, receiving thousands of listens each week. 

I would be remiss at this point, if I didn’t offer a special thank you to Pokie Huang, the sound engineer for the show. Pokie came in within the first month and basically took over the daily task of putting the segments together into a coherent show, making us sound professional, and getting the episode out the door on time each day. 

As a closing note. If you’re listening to this as an Audiogram on LinkedIn or Twitter, jump over to your favorite podcast platform and subscribe to the show. We’d appreciate the support and you won’t have to go searching around to find us each day. 

Edwin Kwan: 

This is Edwin Kwan from Sydney, Australia. 

Microsoft has released the fourth edition of their threat intelligence report titled Cyber Signals. The report highlights a search and cyber criminal activity around business email compromise. 

Microsoft has observed a 38% increase in cybercrime as a service (CaaS) ,targeting business emails between 2019 and 2022. The FBI has reported over 21,000 complaints with an adjusted loss of over $2.7 billion. 

 Between April, 2022 and April, 2023, Microsoft threat intelligence detected and investigated 35 million business email compromise attempts, which is an average of around 156,000 daily attempts. Instead of exploiting vulnerabilities in unpatched devices, business email compromise operators use contrived date lines and urgency to spur recipients who may be distracted or accustomed to these types of urgent requests 

Recommendations to combat business email compromise includes security awareness to train employees to spot warning signs, and also using a DMARC policy of reject. DMARC stands for, domain based message authentication, reporting, and conformance, and it provides the strongest protection against spoofed emails, ensuring that unauthenticated messages are rejected at the mail server.

Additionally, DMARC reports provides a mechanism for organizations to be made aware of the source of an apparent forgery, which is information that they will not normally receive.

Katy Craig: 

Permiso has been on the case for a year and a half tracking a bunch of miscreants they’re calling “GUI-vil.”. Yeah, you heard that right? GUI-vil. And the reason for being is crypto mining. 

This is Katy Craig in San Diego, California. 

The bad guys are based in Indonesia and they’re using Amazon web services for their shady operations. These hackers aren’t using some fancy command line tools, though. They’re all about that graphical user interface, hence the name GUI-vil.. 

They’re using an old version of the S3 browser dated back to early 2021, and that’s where they conduct their dirty work once they gain access to the AWS management console. According to the researchers, these low-life start by doing some recon. They scout public sources for exposed AWS keys like GitHub and Pastebin. They also scan for vulnerable GitLab instances. They’re digging deep to find their way in. 

 Let this be a reminder to keep your AWS keys locked up tight. Watch out for vulnerable GitLab instances and for crying out loud, update your software. Don’t make it easy for these GUI-vil gangsters to break into your cloud. 

This is Katy Craig. Stay safe out there.

Olimpiu Pop: 

The gold star blue flag, the EU, is well known for being harsh with the tech companies and their ruling-the-world plans. Italy already banned ChatGPT altogether. On the other extreme, France adopted AI-based surveillance against massive pushback from public opinion. 

So two of the most powerful European countries are on two different poles. That begs the question: How will the AI act already in work for two years look like? You have to ask yourself that no more. Members of the European Parliament agreed to push the draft through to the next stage, the trilogue. 

During this, EU lawmakers and member states will thrash out the final details of the bill. AI tools will be classified according to their perceived risk level: from minimal to limited, high and unacceptable. Areas of concern could include surveillance (Oui Oui, watch out France), spreading misinformation or hate speech. 

While high risk tools will not be banned, those using them will need to be highly transparent in their operations. I have to say that I am surprised by the approach. So seem to be some of the members of the EU Parliament as well. 

Svenja Hahn, EU’ Parliament Deputy declared, “Against conservative wishes for more surveillance and leftist fantasies of overregulation, parliament found a solid compromise that would regulate AI proportionately, protect citizens rights, as well as foster innovation and boost the economy.”

Macquarie analyst Fred Havemeyer said the EU proposal was “tactful” rather than a “ban” first and ask questions later, approach proposed by some. 

For once the EU was on the frontier of regulating something, and that’s something is AI. In plain words, the old continent will push OpenAI to remain true to its name. Yes. The open part. When the legislation will be applied, they will need to disclose anything that is used for training the model. The same applies to others as well, like Mid-Journey. 

This was the 150th episode of “It’s 5:05!”. Thank you for listening. On, you can find all resources and transcripts. This was Olimpiu Pope reporting from Transylvania, Romania.

Marcel Brown: 

This is Marcel Brown, the most trusted name in technology, delivering some technology history for May 24th, 25th, and 26th. 

May 24th, 1844. Samuel Morse sends the first telegraphic message over a line from Washington, DC to Baltimore. The message, “What hath God wrought?”, was transmitted to his partner Alfred Veil, who retransmitted the same message back to Morse.

This formerly opened America’s first telegraph line, launching America’s first form of instant communication in history. The biblical text was selected by Annie Ellsworth, the teenage daughter of the US Commissioner of Patents. 

May 24th, 1935. The first night major League baseball game is played in Cincinnati. The hometown Reds defeated the visiting Philadelphia Phillies two to one. Night baseball caught on around the league very quickly, except for the Chicago Cubs who didn’t play a home night game until 1988. Why am I not surprised? 

May 25th. 1977. The motion picture Star Wars is released in 32 US theaters. The film will immediately break records unlike any before it essentially becoming the first blockbuster in history. The film’s unprecedented use of special effects, sparked a revolution of movies, using technology based visual effects. Perhaps the film’s greatest contribution to technology was the creation two years earlier of the company, industrial Light and Magic, which is still the leading special effects house in the industry.

May 25th, 1983. The third installment in the original Star Wars trilogy, return of the Jedi, is released six years to the day after the first Star Wars movie. Return of the Jedi continued to raise the bar in special effects technology that its predecessors set. The film’s final space battle, for example, was of a size and scale unprecedented at the time.

May 26th, 1995. Realizing his company had missed the boat in estimating the impact and popularity of the internet, Microsoft CEO Bill Gates issues a memo titled “The Internet Tidal Wave”, which signaled the company’s focus on the global network. In the memo, Gates declared that the internet was the “most important single development “, since the IBM personal computer, a development that he was assigning the highest level of importance. 

Still it is curious why it took someone who was regarded as a technology innovator so long to realize this. 

That’s your technology history for today. For more, tune in next week or visit my website

Pokie Huang: 

That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.

5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there. 

Thank you to Mark Miller, Edwin Kwan, Katy Craig, Olimpiu Pop, Marcel Brown for today’s contributions.

The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by This is Pokie Huang. See you next Monday… at 5:05.



Leave the first comment