Garett Moreau 🇺🇸
Newport Beach, California, United States
34K followers
500+ connections
About
Garett Moreau is a global authority in cybersecurity thought leadership, with over 30…
Services
Articles by Garett
-
CERTAIN SECTORS ARE PRIME TARGETS
CERTAIN SECTORS ARE PRIME TARGETS
Data breaches pose an elevated threat to small and large legal practices, alike. Allow me to explain: Law firms often…
-
Thoughts on SOHO:
Thoughts on SOHO:
CISA and the FBI have created guidance based upon recent and ongoing activity targeting small office/home office (SOHO)…
2 Comments -
SAFEGUARDING THE SUPPLY CHAIN: A WESTERN
SAFEGUARDING THE SUPPLY CHAIN: A WESTERN
In today's interconnected world, the supply chain plays a pivotal role in ensuring that goods flow seamlessly from…
3 Comments -
NAVIGATING THE ENIGMA: TRUTHS IN BUILDING A ROBUST CYBERSECURITY TEAM.
NAVIGATING THE ENIGMA: TRUTHS IN BUILDING A ROBUST CYBERSECURITY TEAM.
In the tumultuous realm of technology startups, where innovation must thrive while vulnerabilities lurk, the pursuit of…
9 Comments -
Busy Times, Risky Crimes: The Art of Cyber Attacks and Seasonal Timing.
Busy Times, Risky Crimes: The Art of Cyber Attacks and Seasonal Timing.
Busy Times, Risky Crimes: The Art of Cyber Attacks and Seasonal Timing. By: Garett Moreau Many don't realize it.
-
Don't Take the Bait! How to spot and avoid Impersonation Phishing scams.
Don't Take the Bait! How to spot and avoid Impersonation Phishing scams.
Phishing via breached contact information and impersonation refers to a type of cyber-attack where an attacker uses…
2 Comments -
Hey, You! Get Off of My Cloud.
Hey, You! Get Off of My Cloud.
The cloud is a way of storing data on remote servers rather than on a local computer or on-premises device. While cloud…
13 Comments -
China's Maxim: Leave No Access Point Unexploited. The Hidden Story of China's Telecom Hijacking of US Internet Traffic.
China's Maxim: Leave No Access Point Unexploited. The Hidden Story of China's Telecom Hijacking of US Internet Traffic.
China has been busily building a prolific presence in the West's internet backbone for decades. Since 2000, the Chinese…
39 Comments -
Institutions #FAIL when it comes to their wireless security, but why?
Institutions #FAIL when it comes to their wireless security, but why?
Writing this as a response to a question asked about guest wireless basics (hit the character limit too quickly):…
4 Comments -
287.5 Million Voter Records Breached! (and available)
287.5 Million Voter Records Breached! (and available)
Full Disclosure: As I cannot reveal the source of this information, feel free to disregard it, entirely. 21 State Voter…
Activity
34K followers
-
Garett Moreau 🇺🇸 shared thisHIGHER ED HACKED: The notorious ShinyHunters gang has struck again - this time defacing Canvas login portals used by universities worldwide after breaching Instructure, the company behind the platform. Students logging into Canvas (including at Virginia Tech, Harvard, Oxford, Cambridge, and many others) were met with a ransom-style message: contact us by May 12 or your data gets leaked. (The message also accused Instructure of ignoring prior contact attempts and applying “security patches” instead of negotiating.) Canvas powers coursework, grading, exams, and communication for over 40% of U.S. higher ed institutions. When a single SaaS provider gets compromised, entire education systems grind to a halt. You remember ShinyHunters right? They specialize in extortion over encryption - hitting cloud platforms and SaaS giants, then pressuring victims publicly. The pattern is clear: weak third-party access, credential stuffing, and aggressive data-leak threats. So, is centralizing critical ed-tech infrastructure with a few big vendors creating too much systemic risk? https://lnkd.in/gRb7aWvYShinyHunters Defaces Canvas LMS Portal, Hundreds of Universities AffectedShinyHunters Defaces Canvas LMS Portal, Hundreds of Universities Affected
-
Garett Moreau 🇺🇸 shared thisDIRTY FRAG: "A great disturbance in the cyberspace, as if millions of sysadmins suddenly cried out in terror." There's a local privilege escalation bug that affects all recent versions of Linux. No, not that one, another one. It abuses bugs in 3 optional kernel modules to give any local user root access. Good news: It's relatively easy to prevent. Bad news: It's already out in the wild even though none of the Linux distributions has had a chance to patch it yet. There's a script available that prevents the affected kernel modules from loading that blocks the exploit. Run it once and you're good - unless you depend on one of those modules and you have untrusted local users, in which case you're... Not good. https://lnkd.in/gttkrcZkDevastating 'Dirty Frag' exploit leaks out, gives immediate root access on most Linux machines since 2017, no patches available, no warning given — Copy Fail-like vulnerability had its embargo brokenDevastating 'Dirty Frag' exploit leaks out, gives immediate root access on most Linux machines since 2017, no patches available, no warning given — Copy Fail-like vulnerability had its embargo broken
-
Garett Moreau 🇺🇸 shared thisJUST IN: ‼️🇲🇽 Sunset World Resorts allegedly breached exposing 257GB of corporate data from the Mexican hotel group A threat actor claims to have exfiltrated 257GB of unique data from Sunset World Group, a Mexican family-owned hospitality business operating six hotels in Cancun and the Riviera Maya. The advertised package spans contracts with customers and suppliers, financial documents, Oracle databases, employee records, and legal documents. Post details: ▸ Actor(s): wower ▸ Sector: Hospitality / Hotels & Resorts ▸ Type: Data Sale ▸ Format: 257GB (includes Oracle DB exports and documents) ▸ Price: Negotiable Compromised data: ▪ Customer and supplier contracts ▪ Financial documents ▪ Oracle database exports ▪ Employee records ▪ Legal documents
-
Garett Moreau 🇺🇸 shared thisBROUGHT TO YOU BY 'DON'T BE EVIL' INC. Chrome quietly pushed a 4GB on‑device AI model to users. No prompt. No consent moment. Just an update that suddenly eats storage like a runaway process. Google frames it as “helpful features.” Users however tend to see it as “why is my browser installing a small LLM without telling me.” On 24 April 2026, the browser created a folder cand downloaded a file named weights.bin in just 14 minutes. Most importantly, the profile had no human input during this time; the browser "initiated the process on its own while idle." So why did so many freak out about this when we first reported it on Tuesday? Here’s the core of it: "Loss of agency." A browser installing a 4GB AI model without an explicit consent moment feels like a boundary violation. People don’t like software making unilateral decisions about their hardware. It triggers the same instinct as a device turning on its camera unprompted. "Erosion of trust." Google already operates under a trust deficit. So, when Chrome behaves like an OS and quietly deploys heavyweight components, users assume the worst. Even if the model is local, the optics are terrible. Then there is what I call "AI fatigue". People are tired of every product being force‑marched into “AI integration.” A browser is supposed to be a window, not a co‑pilot. Leave that to God. And then there's this... a large, opaque model running locally expands the attack surface. Users don’t know what it does, how it’s sandboxed, or whether it can be exploited. Ambiguity breeds fear. When core infrastructure begins making decisions without user authorization, the trust budget depletes fast - and the risk surface expands even faster. https://lnkd.in/guq6c5EE #AuguryIT #ai #gemini #malwareGoogle Chrome Accused of Silently Installing 4GB AI Model on User DevicesGoogle Chrome Accused of Silently Installing 4GB AI Model on User Devices
-
Garett Moreau 🇺🇸 shared thisYou and 300 other guests. Same subnet. No segmentation. MITM party, anyone? 🎉
-
Garett Moreau 🇺🇸 shared thisREVOKE FAST, DETECT FASTER: Security teams should stop treating browsers as passive clients and start treating them as high‑value assets that require the same segmentation and rapid revocation controls we apply to servers and cloud workloads. As the past few weeks have shown, browsers are no longer a safe vault. Infostealers can bypass Chrome’s App‑Bound Encryption and extract master keys, turning legitimate sessions into live attack paths Chrome’s App‑Bound Encryption was meant to stop stealers from reading cookies and session tokens by tying decryption to the browser process, but attackers adapted fast. This article shows how malware authors have demonstrated multiple bypasses. The insidious VoidStealer family now uses a debugger‑style trick to capture the browser’s master key from memory during brief, legitimate decryption windows. That technique sidesteps privilege escalation and traditional injection detection. Remember: cookies and saved logins are not inert artifacts. When an attacker can extract the master key, they can impersonate users across services without ever stealing a password. So, treat every browser session as an active credential. Enforce process isolation and reduce the lifetime of session material. Apply strict allowlists for extensions and integrations. And just assume that endpoint compromise is possible and design controls to limit what a single compromised user process can expose. https://lnkd.in/ght6Gw-7 #auguryit #encryptionYet Another Way to Bypass Google Chrome's Encryption ProtectionYet Another Way to Bypass Google Chrome's Encryption Protection
-
Garett Moreau 🇺🇸 shared thisWHEN COLLABORATION BECOMES COMPROMISE: Persia‑linked MuddyWater is now using Microsoft Teams chats as the delivery vehicle for espionage. It’s a subtle evolution: not in an email, but malware in a meeting. The attackers send fake Teams invites that look legitimate, then drop payloads through what users perceive as trusted collaboration channels. This matters because it exposes the blind spot in modern enterprise security: trust by design. Every productivity tool assumes good intent. Every user assumes authenticity. The result is a perfect attack surface disguised as convenience. And convenience flattens suspicion. A Teams message feels internal. A calendar invite feels routine. A shared document feels harmless. The interface signals safety, so the brain stops evaluating risk. Attackers know this. They don’t need to outsmart the technology. They just need to blend into the workflow. The result is an environment where trust is pre‑installed. Identity is assumed. Verification is optional. And every frictionless feature becomes a potential delivery system for compromise. The perimeter isn’t gone. It’s just wearing a headset and asking if you have five minutes to talk. https://lnkd.in/dB2HaMBi #auguryit #microsoftteamsMuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware AttackMuddyWater Uses Microsoft Teams to Steal Credentials in False Flag Ransomware Attack
-
Garett Moreau 🇺🇸 shared this🚨 CRITICAL: Palo Alto Networks has disclosed CVE-2026-0300, a buffer overflow in PAN-OS that is already being exploited in the wild. CVSS 4.0 score: 9.3. Unauthenticated attackers can hit the User-ID Authentication Portal (the Captive Portal service) with crafted packets and pop a root shell on the firewall. The flaw is an out-of-bounds write (CWE-787) in PA-Series and VM-Series firewalls. Prisma Access, Cloud NGFW, and Panorama are not affected. The vulnerability only triggers when the User-ID Authentication Portal is enabled and reachable from untrusted networks.
-
Garett Moreau 🇺🇸 shared thisWILD GIFT: Straight-up malware from the folks at google. Do you understand what just happened to your computer… Google Chrome secretly downloaded a 4GB AI model onto your device. Without asking. Without telling you.. It's called weights.bin. It lives deep in your system folders. It powers Gemini Nano (Google's on-device AI.) And if you delete it? Chrome re-downloads it automatically. Just like nothing happened. No big deal. Just Google deciding your hard drive is their storage unit. At 1 billion Chrome users - that's 4 BILLION gigabytes of data pushed silently across the internet. The download triggers when Chrome's AI features are active, and those features are active by default in recent Chrome versions. On any machine that meets the hardware requirements, Chrome treats the user's hardware as a delivery target and writes the model. Check your disk right now: 📁 %LOCALAPPDATA%\Google\Chrome\User Data\OptGuideOnDeviceModel Reshare so people know what's sitting on their computers. Don’t be evil, they said. Sure, Jan. https://lnkd.in/gMN4_Vgs #auguryitGoogle Chrome silently installs a 4 GB AI model on your device without consent. At a billion-device scale the climate costs are insane. — That Privacy Guy!Google Chrome silently installs a 4 GB AI model on your device without consent. At a billion-device scale the climate costs are insane. — That Privacy Guy!
-
Garett Moreau 🇺🇸 liked thisGarett Moreau 🇺🇸 liked thisLI und Spaß mit der #DSGVO. 🤗 Ein Problem mit der Symmetrie bei der Datenverarbeitung deutet auf einen Mangel bei der Entwicklung hin. Oder ist es einfach nur Ignoranz? "Der Datenschutzjurist Martin Baumann von Noyb kritisiert dieses Vorgehen: "Es ist absurd, dass Unternehmen das Thema Datenschutz gerade dann für sich entdecken, wenn sie Daten verkaufen wollen. Etwa, wenn Linkedin keinerlei Probleme hat, gewisse Daten gegen Geld herauszugeben – aber plötzlich um die Privatsphäre anderer Personen besorgt ist, wenn man das kostenfreie Auskunftsrecht geltend macht." Kann ich ja gar nicht glauben, dass es LI nur ums Geld geht. 🤗 Eher vermute ich, die #DSGVO zu schleifen liegt im langfristigen Ziel des Konzerns. 🙁 Mir wäre ein professionelleres Vorgehen von LI lieber, denn als Plattform für Geschäftsleute ist LI durchaus (noch) sinnvoll. 🙂 https://lnkd.in/e9AXgA8PDSGVO-Beschwerde eingelegt: Linkedin will Nutzerdaten lieber verkaufen als beauskunften - Golem.deDSGVO-Beschwerde eingelegt: Linkedin will Nutzerdaten lieber verkaufen als beauskunften - Golem.de
-
Garett Moreau 🇺🇸 liked thisGarett Moreau 🇺🇸 liked thisAnthropic, ChatGPT, and DeepSeek AI appraised several recent Whitethorn Shield Security Assessment Reports and scored them between 9 and 9.5. Each confirmed Whitethorn Shield's unique capabilities and granularity across ASM including TLS, HTTP, HSTS, DNS, and PKI. The AI platform's agreed that Whitethorn Shield provided market leading ASM and when coupled with AI, would transform the world of Internet security and reduction of Attack Surface Management exposure. To fight fire with fire it is clear that Whitethorn Shield is by far the leader in what is a fragmented world. Bring on the AI orgs to revolutionise Security.
Experience
-
Augury IT
-
-
-
-
-
-
-
-
Publications
-
The Invisible Man
California Business Journal
See publicationYou walk into work and your ashen-faced CTO is in a state of shock. Your entire IT system and intranet is compromised. Bank accounts, credits cards and your most sacred company information are at risk. You are locked out of your own system and now you are on the outside, looking in.
Languages
-
English
Native or bilingual proficiency
Other similar profiles
Explore more posts
-
Syed Izzat Maab Jaffar
🚨 90% of Companies Think Their Network is Secure… They’re Wrong. Let that sink in. Most “secure environments” are just: ✔ Default firewall configurations ✔ Outdated policies ✔ Zero real-time monitoring And the classic line… 👉 “We’ve never been hacked.” That’s not security. That’s luck… with an expiry date. Let’s be real 👇 If your organization has NEVER done: ❌ Penetration Testing ❌ Proper Network Segmentation ❌ Zero Trust Implementation Then you’re not secure. You’re just next in line. 💣 Hard Truth: Companies invest in hardware… But ignore strategy. And when things go wrong? IT becomes the scapegoat. 🔥 Unpopular Opinion: “Buying expensive firewalls doesn’t make you secure — knowing how to configure them does.” 💬 Let’s talk honestly: Do companies in your region truly invest in network security… or just do enough to feel secure? #CyberSecurity #ComputerNetworking #NetworkSecurity #InfoSec #ITInfrastructure #TechDebate #LinkedInTech #DigitalSecurity #ITProfessionals
-
Rick Spair
TorchLight Approved as Cybersecurity Vendor Across California and Washington Education Markets: Managed security, compliance auditing, penetration testing, and virtual CISO services now available through the Foundation for California Community Colleges and Washington Learning Source cooperative purchasing programsLiberty Lake, WA, March 05, 2026 (GLOBE NEWSWIRE) -- TorchLight, a managed cybersecurity services provider, today announced its approval as an authorized vendor through two major cooperative purchasing programs serving educational institutions and public agencies across California http://dlvr.it/TRKNzb #Cybersecurity #ManagedSecurity #ComplianceAuditing #PenetrationTesting
-
Dan Lohrmann
Nevada Cyber Bill to Formalize Security Operations Center The Nevada Legislature has approved Assembly Bill 1, which would affirm a statewide Security Operations Center and expand the cyber workforce. It now awaits Gov. Joe Lombardo’s signature. #cyber #Opscenter #operations #cybersecurity https://lnkd.in/eJrVCwgN
-
Chris Petersen
Want to guarantee failure on your NIST 800-171 or CMMC assessment? Skip the system security plan. Think of your SSP as the master document that ties everything together. It includes your CAGE code, assessment scope, network diagrams, and specific references to how you address each control requirement. Assessors need to see all this because without it, there's no way to validate your compliance efforts. It proves you understand not just what you're supposed to do, but exactly how you're doing it. Our Compliance Consultant, Victor Cich, says don't treat the SSP as an afterthought or something to rush through at the end. This document requires careful planning, detailed documentation, and regular updates as your environment evolves. Getting it right from the start saves time, money, and potential assessment failures down the road. See the whole conversation with Bank of America here: https://bit.ly/3InOihu #CMMC #SystemSecurityPlan #NIST800171 #ComplianceDocumentation #DefenseContracting
-
PeopleTec, Inc.
Last week, our very own Armando Guerrero, Cyber SEC/DEV/Ops Engineer, visited the Glen Rose Senior Citizen Center to lead an important conversation on #cybersecurity safety! 🔐🖥️ Armando shared how meaningful it was to sit down face-to-face with seniors, looking them in the eye, simplifying the complex, and empowering them to protect themselves online. With a passion for defending our elders and combating digital #fraud, he walked the group through real-world examples of scams like #phishing emails, fake distress calls, and misleading ads. ⚠️📱 Together, they practiced spotting suspicious links, discussed red flags to watch for, and explored practical #defenses like strong passwords and multi-factor authentication. The group’s thoughtful questions reflected a true eagerness to learn and a shared commitment to staying safe in an increasingly #digital world. 👨💻🌎 In a time when online scams are rapidly evolving and often target older adults, these hands-on, personal interactions are more valuable than ever. It’s not just about #technology; it’s about trust, awareness and giving people the tools they need to feel confident and secure. 🔗🌟 #PeopleTec #PeopleFirst #TechnologyAlways #CybersecurityAwareness #Cyber
-
ISC2 SoCal Inland Empire Chapter
Inland Empire—let’s build cyber confidence together. Whether you’re brand new to cybersecurity, pivoting careers, or already working in the field, the ISC2 SoCal Inland Empire Chapter is here to help you grow through community, mentorship, and practical learning. ✅ Connect with local professionals (Riverside County • San Bernardino • nearby areas) ✅ Learn real-world security concepts you can use at work ✅ Find support if you’re pursuing a certification or career change ✅ Get involved in giving back through community service & awareness Drop a comment: What area are you in—Riverside County, San Bernardino, or Orange County—and what are you hoping to learn this year? #ISC2 #Cybersecurity #InlandEmpire #RiversideCounty #SanBernardino #InfoSec #CyberAwareness #Networking #ProfessionalDevelopment
-
Cohesity
💬 “It’s not if, it’s when — and you better be ready.” At #RSAC2025, our Field CISO, Dale "Dr. Z" Zabriskie CISSP CCSK, and Blaine County School District No. 61's Paul Zimmerman reveal how immutable backups + a practiced recovery plan saved the district from a catastrophic ransomware attack. 🎥 Watch now → https://lnkd.in/grRsdU5x
2 Comments -
Dr. Victor Monga
Cyber tip: Always patch your systems. AI tip: ChatGPT won’t build your network—but showing up to happy hour might. 🤖🍻 Whether you’re defending networks or just trying to make new ones (friends, not IPs), join us on Sept 18 at Ballast Point Brewing Company (San Diego) for a FUEL Happy Hour. Smart convos, cold drinks, and zero awkward breakout rooms. RSPV: https://lnkd.in/g824-jrg
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content