CyberheistNews Vol 11 #11
[AN IMPORTANT] NIST Update That You Should Be Aware Of 
Here is some brand-new high-power budget ammo. With the ongoing Exchange Mass Hack, it has become not only necessary but urgent to send simulated phishing attacks to your users, and NIST is confirming this with their new Special Publication 800-53. Here is what Perry Carpenter, KnowBe4's Chief Evangelist and Strategy Officer had to say:
"If you’ve been in IT or infosec for any length of time, you’ve probably heard of NIST (the National Institute of Standards and Technology). In fact, the NIST 800 series is widely heralded as the de facto “go to” resource for guidance running most aspects of a security program... including security awareness training.
NIST recently updated Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations, adding some critical new language to the sections covering security awareness. Here’s the skinny. The relevant language is within Section 3.2 (see page 60).
Notice that the updated NIST standard now includes providing frequent simulated social engineering testing. Specifically, their language states, “practical exercises include no-notice social engineering attempts to collect information, gain unauthorized access, or simulate the adverse impact of opening malicious email attachments or invoking, via spear phishing attacks, malicious web links.”
This is a significant addition from NIST and is a formal recognition that phishing simulation vendors, like KnowBe4, are providing a much-needed security control. This behavior-based training is the key to building an effective last line of defense. So, let’s examine their recommendation in detail.
"KnowBe4’s mission is to enable your employees to make smarter security decisions, every day. And we’ve been doing that for the past ten years through a combination of simulated social engineering testing, highly engaging content, and leading-edge automation. It is encouraging to see NIST’s formal recognition of the importance of simulated social engineering and we look forward to continuing to help our customers strengthen their last line of defense."
Please share this important news with your friends in the industry. Blog post with links to the updated NIST publication here:
https://blog.knowbe4.com/nist-updates-you-should-be-aware-about
Here is some brand-new high-power budget ammo. With the ongoing Exchange Mass Hack, it has become not only necessary but urgent to send simulated phishing attacks to your users, and NIST is confirming this with their new Special Publication 800-53. Here is what Perry Carpenter, KnowBe4's Chief Evangelist and Strategy Officer had to say:
"If you’ve been in IT or infosec for any length of time, you’ve probably heard of NIST (the National Institute of Standards and Technology). In fact, the NIST 800 series is widely heralded as the de facto “go to” resource for guidance running most aspects of a security program... including security awareness training.
NIST recently updated Special Publication 800-53, Security and Privacy Controls for Information Systems and Organizations, adding some critical new language to the sections covering security awareness. Here’s the skinny. The relevant language is within Section 3.2 (see page 60).
Notice that the updated NIST standard now includes providing frequent simulated social engineering testing. Specifically, their language states, “practical exercises include no-notice social engineering attempts to collect information, gain unauthorized access, or simulate the adverse impact of opening malicious email attachments or invoking, via spear phishing attacks, malicious web links.”
This is a significant addition from NIST and is a formal recognition that phishing simulation vendors, like KnowBe4, are providing a much-needed security control. This behavior-based training is the key to building an effective last line of defense. So, let’s examine their recommendation in detail.
- NIST’s recommendation is that security awareness testing be “no-notice.” This means that, while users may be aware of the fact that they should expect to be tested, they are not notified about the specifics of the test. In other words, there isn’t an announcement saying, “Hey! Be prepared for the phishing test this week!”.
- NIST is saying that the phishing tests should not be one-dimensional. It’s not just about being able to avoid clicking a link. They recommend testing to see if your people are vulnerable to credential harvesting attacks, downloading malicious attachments, enabling macros, and more.
- NIST adds that you should also include highly crafted spear phishing attacks. Any threat actor who is truly targeting your organization will take the time to do proper reconnaissance to build a potent attack. That’s what you are testing for. And that’s what NIST is recognizing here."
"KnowBe4’s mission is to enable your employees to make smarter security decisions, every day. And we’ve been doing that for the past ten years through a combination of simulated social engineering testing, highly engaging content, and leading-edge automation. It is encouraging to see NIST’s formal recognition of the importance of simulated social engineering and we look forward to continuing to help our customers strengthen their last line of defense."
Please share this important news with your friends in the industry. Blog post with links to the updated NIST publication here:
https://blog.knowbe4.com/nist-updates-you-should-be-aware-about
[NEW PhishER Feature] Remove, Inoculate, and Protect Against Email Threats Faster With PhishRIP
Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!
PhishRIP as part of the PhishER platform is a new email quarantine feature that integrates with Microsoft 365 and G Suite to help you remove, inoculate, and protect your organization against email threats so you can shut down active phishing attacks fast.
Since user-reported messages require some level of analysis to prioritize, you need a simple and effective way to not only respond to and mitigate these reported messages, but also find and remove those suspicious messages still sitting in your users’ mailboxes.
Now you can with PhishER, which is the key ingredient of an essential security workstream. PhishER allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!
See how you can best manage your user-reported messages.
Join us TOMORROW, Wednesday, March 17 @ 2:00 PM (ET) for a live 30-minute demo of the PhishER platform. With PhishER you can:
Date/Time: TOMORROW, Wednesday, March 17 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3023985/8DBBAABA207E3372556E522A0E61516E?partnerref=CHN
Your users are likely already reporting potentially dangerous emails in some fashion within your organization. The increase of this email traffic can present a new problem!
PhishRIP as part of the PhishER platform is a new email quarantine feature that integrates with Microsoft 365 and G Suite to help you remove, inoculate, and protect your organization against email threats so you can shut down active phishing attacks fast.
Since user-reported messages require some level of analysis to prioritize, you need a simple and effective way to not only respond to and mitigate these reported messages, but also find and remove those suspicious messages still sitting in your users’ mailboxes.
Now you can with PhishER, which is the key ingredient of an essential security workstream. PhishER allows your Incident Response team to quickly identify and respond to email threats faster. This will save them so much time!
See how you can best manage your user-reported messages.
Join us TOMORROW, Wednesday, March 17 @ 2:00 PM (ET) for a live 30-minute demo of the PhishER platform. With PhishER you can:
- NEW! Easily search, find, and remove email threats with PhishRIP, PhishER’s email quarantine feature for Microsoft 365 and G Suite
- NEW! Use Security Roles to Create a Multi-Tiered Incident Response System in PhishER
- Cut through your Incident Response inbox noise and respond to the most dangerous threats more quickly
- Automate message prioritization by rules you set into one of three categories: Clean, Spam, or Threat
- Easy integration with KnowBe4’s email add-in button, Phish Alert, or forwarding to a mailbox works too!
Date/Time: TOMORROW, Wednesday, March 17 @ 2:00 PM (ET)
Save My Spot!
https://event.on24.com/wcc/r/3023985/8DBBAABA207E3372556E522A0E61516E?partnerref=CHN
[FUN DEPT] See What Happened When We "Zoom Bombed" a Customer With the Cast of The Inside Man
Yes, this actually happened. The employees at Tennessee Aquarium were massive fans of The Inside Man, were not aware of this gag, and you can see their reactions when they see who the 'security experts' are that are coming into the zoom meeting. One of the employees remarked that she only got 2 episodes per month and that she'd prefer to binge through all of them. Season 3 of The Inside Man was released a few weeks ago, and has been very well received.
This is 5 minutes of real fun. Watch their faces:
https://blog.knowbe4.com/see-what-happened-when-we-zoom-bombed-a-customer-with-the-cast-of-the-inside-man
Yes, this actually happened. The employees at Tennessee Aquarium were massive fans of The Inside Man, were not aware of this gag, and you can see their reactions when they see who the 'security experts' are that are coming into the zoom meeting. One of the employees remarked that she only got 2 episodes per month and that she'd prefer to binge through all of them. Season 3 of The Inside Man was released a few weeks ago, and has been very well received.
This is 5 minutes of real fun. Watch their faces:
https://blog.knowbe4.com/see-what-happened-when-we-zoom-bombed-a-customer-with-the-cast-of-the-inside-man
[URGENT ON-DEMAND WEBINAR] Microsoft Exchange Mass Hack
The Microsoft Exchange Mass Hack Is a Huge Security Risk For All Organizations and What You Can Do About It
On March 2, Microsoft released emergency security updates to plug multiple zero-day security holes in Exchange Server versions 2010 through 2019 that hackers were actively using to siphon email and compromise environments.
Literally hundreds of thousands of organizations globally have been affected by this Exchange mass hack and now may be victims compromised by multiple cybercrime groups. Whether your organization is running Exchange itself or receives emails from organizations using Exchange servers, the risk has just skyrocketed.
Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist has created a special security alert webinar to share critical insights about the Microsoft Exchange attack and what you can do about it.
Watch these 25 minutes now to learn:
https://info.knowbe4.com/microsoft-exchange-mass-hack
The Microsoft Exchange Mass Hack Is a Huge Security Risk For All Organizations and What You Can Do About It
On March 2, Microsoft released emergency security updates to plug multiple zero-day security holes in Exchange Server versions 2010 through 2019 that hackers were actively using to siphon email and compromise environments.
Literally hundreds of thousands of organizations globally have been affected by this Exchange mass hack and now may be victims compromised by multiple cybercrime groups. Whether your organization is running Exchange itself or receives emails from organizations using Exchange servers, the risk has just skyrocketed.
Roger A. Grimes, KnowBe4’s Data-Driven Defense Evangelist has created a special security alert webinar to share critical insights about the Microsoft Exchange attack and what you can do about it.
Watch these 25 minutes now to learn:
- Details about the hack and your defense strategies
- What makes this so different from other mass attacks
- Why “trusted third-party phishing” makes your organization a target whether you run Exchange or not
- What you need to do now to protect your organization
https://info.knowbe4.com/microsoft-exchange-mass-hack
Fake reCAPTCHA Found in Phishbait Targeting Senior Exec Strata
Researchers at Zscaler warn of an ongoing phishing campaign targeting executives with fake voicemail notifications. More than half of the phishing emails have targeted organizations’ vice presidents or managing directors.
“ThreatLabZ, the Zscaler threat research team, recently observed a new series of Microsoft-themed phishing attacks aimed at senior-level employees at multiple organizations,” the researchers write. “The Zscaler cloud has blocked over 2,500 of these phishing attempts over the last three months.
The attack is notable for its targeted aim at senior business leaders with titles such as Vice President and Managing Director who are likely to have a higher degree of access to sensitive company data. The aim of these campaigns is to steal these victims’ login credentials to allow threat actors access to valuable company assets. Attacks have been spread across a range of industries, with the heaviest activity in the banking and IT sectors.”
More:
https://blog.knowbe4.com/fake-recaptcha-found-in-phishbait
Researchers at Zscaler warn of an ongoing phishing campaign targeting executives with fake voicemail notifications. More than half of the phishing emails have targeted organizations’ vice presidents or managing directors.
“ThreatLabZ, the Zscaler threat research team, recently observed a new series of Microsoft-themed phishing attacks aimed at senior-level employees at multiple organizations,” the researchers write. “The Zscaler cloud has blocked over 2,500 of these phishing attempts over the last three months.
The attack is notable for its targeted aim at senior business leaders with titles such as Vice President and Managing Director who are likely to have a higher degree of access to sensitive company data. The aim of these campaigns is to steal these victims’ login credentials to allow threat actors access to valuable company assets. Attacks have been spread across a range of industries, with the heaviest activity in the banking and IT sectors.”
More:
https://blog.knowbe4.com/fake-recaptcha-found-in-phishbait
Avoiding Business Email Compromise Phishing Scams During Tax Season
Taxes are unavoidable, and unfortunately, so are the annual tax-related phishing scams. This year, with the COVID-19 pandemic continuing to keep people working from home, cybercriminals have all they need to cause serious disruptions to your organization.
From traditional Business Email Compromise (BEC) scams to W2 scams the bad guys are going to be very busy, but we can help you navigate these challenges and keep your organization secure.
Join us for this on-demand webinar with Erich Kron, Security Awareness Advocate at KnowBe4, to understand how these attacks work, why they are so effective and why the pandemic will make them even more potent than usual.
This webinar will discuss:
https://info.knowbe4.com/bec-tax-scams-2021
Let's stay safe out there.
Taxes are unavoidable, and unfortunately, so are the annual tax-related phishing scams. This year, with the COVID-19 pandemic continuing to keep people working from home, cybercriminals have all they need to cause serious disruptions to your organization.
From traditional Business Email Compromise (BEC) scams to W2 scams the bad guys are going to be very busy, but we can help you navigate these challenges and keep your organization secure.
Join us for this on-demand webinar with Erich Kron, Security Awareness Advocate at KnowBe4, to understand how these attacks work, why they are so effective and why the pandemic will make them even more potent than usual.
This webinar will discuss:
- The methodology behind BEC and tax scams
- The psychology behind the attacks and why they work
- How these attacks are carried out and why COVID-19 makes them scarier than ever
- Defensive strategies and the tricks you can use for making them most effective
- How to defend your organization by strengthening your human firewall
https://info.knowbe4.com/bec-tax-scams-2021
Let's stay safe out there.
Warm Regards,
Stu Sjouwerman
Founder and CEO
KnowBe4, Inc
PS: Discuss the Mass Exchange Hack with your peers at KnowBe4's HackBusters Forum:
https://discuss.hackbusters.com/t/chinese-hafnium-group-probably-pwned-your-exchange-server-now-a-ticking-time-bomb/5386
Quotes of the Week
"Do what you feel in your heart to be right, for you’ll be criticized anyway."
- Eleanor Roosevelt - Former First Lady of the United States (1884 - 1962)
"Character is doing the right thing when nobody's looking. There are too many people who think that the only thing that's right is to get by, and the only thing that's wrong is to get caught."
- J. C. Watts - American Politician Born: November 18, 1957
Thanks for reading CyberheistNews
- Eleanor Roosevelt - Former First Lady of the United States (1884 - 1962)
"Character is doing the right thing when nobody's looking. There are too many people who think that the only thing that's right is to get by, and the only thing that's wrong is to get caught."
- J. C. Watts - American Politician Born: November 18, 1957
Thanks for reading CyberheistNews
Security News
FINRA Warns of Phishing Attacks
The Financial Industry Regulatory Authority (FINRA) has warned of a phishing campaign that’s trying to trick users into responding to a phony regulatory non-compliance issue. The emails contain malicious links or documents.
“FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from ‘FINRA Membership’ and using the email address ‘supports@finra-online[.]com,’ FINRA says. “The email asks the recipient to respond to an issue of ‘regulatory non-compliance for which your immediate response is required’ and then asks the recipient to click on a link or document.
FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.”
The documents against which FINRA is warning will presumably deliver malware and the links will lead to a malicious website. The phishing emails read, “Good day, Please find the following attached report from FINRA on regulatory non-compliance for which your immediate response is required. As part of a disclosure review process, we require this background report be completed. Review the enclosed document in respect to our compliance policy. If you've got more questions regarding this letter don't hesistate [sic] to contact us. Regards, Team FINRA.”
This type of issue would catch the attention of many employees, and FINRA recommends that users be vigilant when dealing with emails that seem urgent. (On the plus side, note that the social engineers show that loose idiomatic control that’s helped so many potential victims spit the hook before they’re landed. Spelling and grammar count in life as much as in high school.)
“The domain of ‘finra-online[.]com’ is not connected to FINRA and firms should delete all emails originating from this domain name,” the alert states. “FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links. FINRA has requested that the Internet domain registrar suspend services for ‘finra-online[.]com.’
New-school security awareness training can teach your employees to be wary of unsolicited emails so they can avoid falling for phishing attacks.
FINRA has the story:
https://www.finra.org/rules-guidance/notices/21-08
The Financial Industry Regulatory Authority (FINRA) has warned of a phishing campaign that’s trying to trick users into responding to a phony regulatory non-compliance issue. The emails contain malicious links or documents.
“FINRA warns member firms of an ongoing phishing campaign that involves fraudulent emails purporting to be from ‘FINRA Membership’ and using the email address ‘supports@finra-online[.]com,’ FINRA says. “The email asks the recipient to respond to an issue of ‘regulatory non-compliance for which your immediate response is required’ and then asks the recipient to click on a link or document.
FINRA recommends that anyone who clicked on any link or image in the email immediately notify the appropriate individuals in their firm of the incident.”
The documents against which FINRA is warning will presumably deliver malware and the links will lead to a malicious website. The phishing emails read, “Good day, Please find the following attached report from FINRA on regulatory non-compliance for which your immediate response is required. As part of a disclosure review process, we require this background report be completed. Review the enclosed document in respect to our compliance policy. If you've got more questions regarding this letter don't hesistate [sic] to contact us. Regards, Team FINRA.”
This type of issue would catch the attention of many employees, and FINRA recommends that users be vigilant when dealing with emails that seem urgent. (On the plus side, note that the social engineers show that loose idiomatic control that’s helped so many potential victims spit the hook before they’re landed. Spelling and grammar count in life as much as in high school.)
“The domain of ‘finra-online[.]com’ is not connected to FINRA and firms should delete all emails originating from this domain name,” the alert states. “FINRA reminds firms to verify the legitimacy of any suspicious email prior to responding to it, opening any attachments or clicking on any embedded links. FINRA has requested that the Internet domain registrar suspend services for ‘finra-online[.]com.’
New-school security awareness training can teach your employees to be wary of unsolicited emails so they can avoid falling for phishing attacks.
FINRA has the story:
https://www.finra.org/rules-guidance/notices/21-08
The Different Scenarios How Backups Are Vulnerable to Ransomware Attacks
Organizations need to ensure that their data backups aren’t tampered with by attackers, according to security firm Datto. In an article for Channel Futures, Datto explained that backups are an important layer of defense, but they aren’t foolproof.
The firm also notes that, while encryption may keep your data private, it won’t prevent a ransomware attacker from simply putting another layer of encryption on top of it and locking you out. Additionally, if an attacker gains access to your internal accounts, they might be able to access the data unencrypted.
Datto says organizations should be on the lookout for the following vulnerabilities associated with backups:
It’s also worth noting that, as organizations have gotten better about backing up their data, ransomware actors have started exfiltrating the data and holding its confidentiality for ransom. As a result, it’s best to prevent the attackers from gaining access in the first place. New-school security awareness training can help your organization avoid falling victim to these attacks by teaching your employees to follow security best practices.
Channel Futures has the story:
https://www.channelfutures.com/from-the-industry/backup-vulnerability-4-targets-hackers-might-utilize-to-infiltrate-your-backup-solution
Organizations need to ensure that their data backups aren’t tampered with by attackers, according to security firm Datto. In an article for Channel Futures, Datto explained that backups are an important layer of defense, but they aren’t foolproof.
The firm also notes that, while encryption may keep your data private, it won’t prevent a ransomware attacker from simply putting another layer of encryption on top of it and locking you out. Additionally, if an attacker gains access to your internal accounts, they might be able to access the data unencrypted.
Datto says organizations should be on the lookout for the following vulnerabilities associated with backups:
- "Backup software: Backup software solutions, by nature, require a high level of access. Hackers have been known to steal a backup administrator’s credentials as a backdoor to access systems and data.
- “Backup files: Backup files can be targets simply because backup file extensions—for example, BAK–are easy to find. Hackers may gain access to the backup software and either turn off or delete the backup files.
- “Remote access: Since many backup products must connect remotely to servers to back them up or to administer backups, password authentication can open up a path to attack protected systems simply because passwords are easy to steal.
- “Backup encryption: It isn’t uncommon for backups to be encrypted. However, if attackers gain access to this key, they can read the backup and/or change the key to make the data inaccessible.”
It’s also worth noting that, as organizations have gotten better about backing up their data, ransomware actors have started exfiltrating the data and holding its confidentiality for ransom. As a result, it’s best to prevent the attackers from gaining access in the first place. New-school security awareness training can help your organization avoid falling victim to these attacks by teaching your employees to follow security best practices.
Channel Futures has the story:
https://www.channelfutures.com/from-the-industry/backup-vulnerability-4-targets-hackers-might-utilize-to-infiltrate-your-backup-solution
What KnowBe4 Customers Say
"Thank you for the personal touch! Yes, I am a very happy camper. I love the KnowBe4 service. I have seen how it is bringing our numbers down and creating awareness for our user community. I love all of the extras like "Phish Alert", PhishRIP, PhishML, all great stuff. Thank you again!"
S.J., Director of IT
"Hi Stu! Thanks for reaching out, I was just commenting to my boss (CISO) how it's service like this that sets you apart from the others. Since we re-signed with KB4, we've been really impressed with the level of service your team has provided us (and the product, of course) so please pass on our Kudo's to them.
At this point, I don't think there's anything we're in need of but thank you for taking the time to reach out! Thanks,
L.M., Director, Information Security
PS: PhishER Webhooks is officially out of beta now and pushed live to all! Docs here - https://support.knowbe4.com/hc/en-us/articles/360013919314-PhishER-Settings#WEBHOOKS
"Thank you for the personal touch! Yes, I am a very happy camper. I love the KnowBe4 service. I have seen how it is bringing our numbers down and creating awareness for our user community. I love all of the extras like "Phish Alert", PhishRIP, PhishML, all great stuff. Thank you again!"
S.J., Director of IT
"Hi Stu! Thanks for reaching out, I was just commenting to my boss (CISO) how it's service like this that sets you apart from the others. Since we re-signed with KB4, we've been really impressed with the level of service your team has provided us (and the product, of course) so please pass on our Kudo's to them.
At this point, I don't think there's anything we're in need of but thank you for taking the time to reach out! Thanks,
L.M., Director, Information Security
PS: PhishER Webhooks is officially out of beta now and pushed live to all! Docs here - https://support.knowbe4.com/hc/en-us/articles/360013919314-PhishER-Settings#WEBHOOKS
The 10 Interesting News Items This Week
- Preparing for Retaliation Against Russia, U.S. Confronts Hacking by China:
https://www.nytimes.com/2021/03/07/us/politics/microsoft-solarwinds-hack-russia-china.html - New ransomware strain exploits Microsoft Exchange security flaw:
https://today.rtl.lu/news/business-and-tech/a/1687658.html - Most decision makers plan to increase spending on cybersecurity this year:
https://www.helpnetsecurity.com/2021/03/10/spending-cybersecurity-2021/ - Social engineering explained: How criminals exploit human behavior:
https://www.csoonline.com/article/2124681/what-is-social-engineering.html - This trojan malware is now your biggest security headache:
https://blog.checkpoint.com/2021/03/11/february-2021s-most-wanted-malware-trickbot-takes-over-following-emotet-shutdown/ - Cisco found cryptomining malware activity within 69% of customers:
https://searchsecurity.techtarget.com/news/252497670/Cisco-found-cryptomining-activity-within-69-of-customers - Actionable Tips for Engaging the Board on Cybersecurity:
https://www.darkreading.com/careers-and-people/actionable-tips-for-engaging-the-board-on-cybersecurity/a/d-id/1340317 - Innovation In Ransomware! Darkside 2.0 Ransomware Promises Fastest Ever Encryption Speeds:
https://www.infosecurity-magazine.com/news/darkside-20-ransomware-fastest/ - Bill introduced by lawmakers would give CISA more control over critical infrastructure attacks:
https://thehill.com/policy/cybersecurity/542828-lawmakers-roll-out-bill-to-protect-critical-infrastructure-after-florida - Really interesting research. Metadata Left in Security Agency PDFs. “Exploitation and Sanitization of Hidden Data in PDF Files”:
https://www.schneier.com/blog/archives/2021/03/metadata-left-in-security-agency-pdfs.html
Cyberheist 'Fave' Links
This Week's Links We Like, Tips, Hints and Fun Stuff
- Virtual Vaca to Russia, an astounding 6 min. documentary by a group of German filmmakers:
https://www.flixxy.com/in-russia.htm?utm_source=4 - Your second Virtual Vaca To Dublin. Here is your Travel Guide:
https://www.youtube.com/watch?v=LcKnx7I97yk - Last Monday it was International Women's Day! Let's celebrate women kicking butt at anything and everything, like timber tossing, extreme limbo, & skydiving yoga:
https://www.flixxy.com/women-are-awesome-2021.htm?utm_source=4 - People Are Awesome - The First Woman To Ascend The Indomitable Eiger North Face, Sasha Digiulian:
https://www.youtube.com/watch?v=HN_y-1-C_v0 - Super Cool Drone Video... "Right Up Our Alley":
https://youtu.be/VgS54fqKxf0 - The YOUNGEST Fooler Yet! Sanjeev Vinodh on Penn and Teller Fool Us:
https://www.youtube.com/watch?v=72wV2tYjUHk - GoPro: Parachute Fail with Andy Lewis. He survives...but barely:
https://www.youtube.com/watch?v=_a_3purUySQ - Will Smith - What Skydiving Taught Me About Fear:
https://www.youtube.com/watch?v=bFIB05LGtMs - Tesla Cybertruck 2021 The Final Updates. I want mine already!:
https://www.youtube.com/watch?v=ELG43LAP5LE - This Scary Pocket EMP Generator Opens An Electronic Timer Padlock:
https://www.youtube.com/watch?v=MtNkUjQAHqY - Short but stinky. GoPro: Sulfuric Volcano MTB Ride with Kilian Bron:
https://www.youtube.com/watch?v=T7RIwfxyZZc - For Da Kids #1 - The video isn’t the best but the Cockatoo is great, meows Like a cat:
https://www.youtube.com/watch?v=B-eeNvUEGDk - For Da Kids #2 - This Guy Just Keeps On Saving Baby Manatees:
https://www.youtube.com/watch?v=exyhpLue3SI - For Da Kids #3 and parents too. (Don’t let the supermarket scene kill it, there's cool kids after it):
https://www.youtube.com/watch?v=KoNgWV8oiZ0
