Talkin' Bout [Infosec] News

00:00 - PreShow Banter™ — A Parent Process 03:01 - BHIS - Talkin’ Bout [infosec] News 2024-04-22 04:13 - Story # 1: Exploit code for Palo Alto Networks zero-day now public 07:44 - Story # 1b: (Timeline) Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) 23:22 - Story # 2: MGM says FTC can’t possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time 31:37 - Story # 3: MITRE was breached through Ivanti zero-day vulnerabilities 32:27 - Story # 4: Cisco Integrated Management Controller CLI Command Injection Vulnerability 41:20 - Story # 5: Cisco Duo’s Multifactor Authentication Service Breached 46:01 - Story # 6: DevSecOps security practices are doggone disastrous 54:57 - Story # 7: FYI: This site claims to have harvested 4B+ Discord chats, today all yours for a price (00:00) - PreShow Banter™ — A Parent Process (03:01) - BHIS - Talkin' Bout [infosec] News 2024-04-22 (04:13) - Story # 1: Exploit code for Palo Alto Networks zero-day now public (07:44) - Story # 1b: (Timeline) Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) (23:22) - Story # 2: MGM says FTC can't possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time (31:37) - Story # 3: MITRE was breached through Ivanti zero-day vulnerabilities (32:27) - Story # 4: Cisco Integrated Management Controller CLI Command Injection Vulnerability (41:20) - Story # 5: Cisco Duo's Multifactor Authentication Service Breached (46:01) - Story # 6: DevSecOps security practices are doggone disastrous (54:57) - Story # 7: FYI: This site claims to have harvested 4B+ Discord chats, today all yours for a price

00:00 - PreShow Banter™ — Retro Actions 04:48 - BHIS - Talkin’ Bout [infosec] News 2024-04-15 07:05 - Story # 1: FCC to vote on net neutrality rules on April 25 18:52 - Story # 2: “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass 23:40 - Story # 2b: Delinea has cloud security incident in Thycotic Secret Server gaff 28:23 - Story # 3: CISA Releases Malware Next-Gen Analysis System for Public Use 40:36 - Story # 4: Hacker Leaks 8.5M U.S. Environmental Protection Agency (EPA) Contact Data 45:55 - Story # 5: SoCal Man Arrested on Federal Charges Alleging He Schemed to Advertise and Sell ‘Hive’ Computer Intrusion Malware (00:00) - PreShow Banter™ — Retro Actions (04:48) - BHIS - Talkin' Bout [infosec] News 2024-04-15 (07:05) - Story # 1: FCC to vote on net neutrality rules on April 25 (18:52) - Story # 2: “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass (23:40) - Story # 2b: Delinea has cloud security incident in Thycotic Secret Server gaff (28:23) - Story # 3: CISA Releases Malware Next-Gen Analysis System for Public Use (40:36) - Story # 4: Hacker Leaks 8.5M U.S. Environmental Protection Agency (EPA) Contact Data (45:55) - Story # 5: SoCal Man Arrested on Federal Charges Alleging He Schemed to Advertise and Sell ‘Hive’ Computer Intrusion Malware

00:00 - PreShow Banter™ — BHIS Bees Corp® 04:08 - The FUTURE IS…… Kickstarter 05:29 - BHIS - Talkin’ Bout [infosec] News 2024-04-08 06:03 - Story # 1: New draft bipartisan US federal privacy bill unveiled 11:03 - Story # 2: How To Opt Out Of GM Sharing Your Driving Data With Insurance Companies 13:04 - Story # 2b: Request a Consumer Disclosure Report 14:25 - Story # 3: Hackers Hijacked Notepad++ Plugin To Execute Malicious Code 29:19 - Story # 4: A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask 46:15 - Story # 5: It’s Time to Hand Cybersecurity Over to the Computers (00:00) - PreShow Banter™ — BHIS Bees Corp® (04:08) - The FUTURE IS...... Kickstarter (05:29) - BHIS - Talkin' Bout [infosec] News 2024-04-08 (06:03) - Story # 1: New draft bipartisan US federal privacy bill unveiled (11:03) - Story # 2: How To Opt Out Of GM Sharing Your Driving Data With Insurance Companies (13:04) - Story # 2b: Request a Consumer Disclosure Report (14:25) - Story # 3: Hackers Hijacked Notepad++ Plugin To Execute Malicious Code (29:19) - Story # 4: A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask (46:15) - Story # 5: It’s Time to Hand Cybersecurity Over to the Computers

00:00 - PreShow Banter™ — Zippers, Jokes, & Lawyers (Not to be confused with the song "Lawyers, Guns and Money")02:59 - BHIS - Talkin’ Bout [infosec] News 2024-04-0103:57 - Story # 1: New Darcula phishing service targets iPhone users via iMessage11:57 - Story # 2: Recent ‘MFA Bombing’ Attacks Targeting Apple Users17:22 - Story # 3: Thousands of phones and routers swept into proxy service, unbeknownst to users22:11 - Story # 4: Digital signs around Brookline are collecting data from your phone as you walk by26:57 - Story # 5: Backdoor found in widely used Linux utility targets encrypted SSH connections28:22 - Story # 5b: XZ Outbreak diagram37:32 - Story # 6: Vans warns customers of data breach40:00 - Story # 7: Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers50:32 - Story # 8: Criminals Are Weaponizing Child Abuse Imagery to Ban Discord Servers56:41 - Story # 9: International car theft tool seized in Australia, sparking police warning58:14 - Story # 9b: Investigation into electronic device at Utah high school raises larger concerns for police (00:00) - PreShow Banter™ — Zippers, Jokes & Lawyers (02:59) - BHIS - Talkin' Bout [infosec] News 2024-04-01 (03:57) - Story # 1: New Darcula phishing service targets iPhone users via iMessage (11:57) - Story # 2: Recent ‘MFA Bombing’ Attacks Targeting Apple Users (17:22) - Story # 3: Thousands of phones and routers swept into proxy service, unbeknownst to users (22:11) - Story # 4: Digital signs around Brookline are collecting data from your phone as you walk by (26:57) - Story # 5: Backdoor found in widely used Linux utility targets encrypted SSH connections (28:22) - Story # 5b: XZ Outbreak diagram (37:32) - Story # 6: Vans warns customers of data breach (40:00) - Story # 7: Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (50:32) - Story # 8: Criminals Are Weaponizing Child Abuse Imagery to Ban Discord Servers (56:41) - Story # 9: International car theft tool seized in Australia, sparking police warning (58:14) - Story # 9b: Investigation into electronic device at Utah high school raises larger concerns for police

00:00 - PreShow Banter™ — “Allegedly”03:18 - BHIS - Talkin’ Bout [infosec] News 2024-03-2508:00 - Story # 1: Cisco Completes Acquisition of Splunk10:47 - Story # 2: General Motors Quits Sharing Driving Behavior With Data Brokers15:27 - Story # 3: Ron DeSantis signs bill requiring parental consent for kids under 16 to hold social media accounts24:34 - Story # 4: House passes bill to prevent the sale of personal data to foreign adversaries28:19 - Story # 5: Unsaflok - vulnerability impacts over 3 million hotel doors33:57 - Story # 6: Canada revisits decision to ban Flipper Zero36:57 - Story # 7: Truck-to-truck worm could infect – and disrupt – entire US commercial fleet42:59 - Story # 8: Cybercriminals Beta Test New Attack to Bypass AI Security46:31 - Story # 9: Russians will no longer be able to access Microsoft cloud services, business intelligence tools50:36 - Story # 10: New ‘Loop DoS’ Attack Impacts Hundreds of Thousands of Systems55:05 - Story # 11: New surveillance video of man catching a flight without ticket (00:00) - PreShow Banter™ — "Allegedly" (03:18) - BHIS - Talkin' Bout [infosec] News 2024-03-25 (08:00) - Story # 1: Cisco Completes Acquisition of Splunk (10:47) - Story # 2: General Motors Quits Sharing Driving Behavior With Data Brokers (15:27) - Story # 3: Ron DeSantis signs bill requiring parental consent for kids under 16 to hold social media accounts (24:34) - Story # 4: House passes bill to prevent the sale of personal data to foreign adversaries (28:19) - Story # 5: Unsaflok - vulnerability impacts over 3 million hotel doors (33:57) - Story # 6: Canada revisits decision to ban Flipper Zero (36:57) - Story # 7: Truck-to-truck worm could infect – and disrupt – entire US commercial fleet (42:59) - Story # 8: Cybercriminals Beta Test New Attack to Bypass AI Security (46:31) - Story # 9: Russians will no longer be able to access Microsoft cloud services, business intelligence tools (50:36) - Story # 10: New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems (55:05) - Story # 11: New surveillance video of man catching a flight without ticket

Brought to you by Antisyphon Training — https://www.antisyphontraining.com00:00:00 - PreShow Banter™ — New Arms Again00:03:24 - BHIS - Talkin’ Bout [infosec] News 2024-03-1800:04:54 - Story # 1: NIST Releases Version 2.0 of Landmark Cybersecurity Framework00:10:50 - Story # 2: The FCC has finally decreed that 25Mbps and 3Mbps are not ‘broadband’ speed00:14:33 - Story # 3: Welcome to the 2024 Threat Detection Report00:33:40 - Story # 4: NSA Releases Top Ten Cloud Security Mitigation Strategies00:47:33 - Story # 5: US government agencies demand fixable ice cream machines00:53:14 - Story # 6: Homeland Security is testing AI to help with immigration, trafficking investigations, and disaster relief01:03:19 - Story # 7: Feds seize $1.4 million of tech support scam proceeds with the help of crypto firm (00:00) - PreShow Banter™ — New Arms Again (03:24) - BHIS - Talkin' Bout [infosec] News 2024-03-18 (04:54) - Story # 1: NIST Releases Version 2.0 of Landmark Cybersecurity Framework (10:50) - Story # 2: The FCC has finally decreed that 25Mbps and 3Mbps are not ‘broadband’ speed (14:33) - Story # 3: Welcome to the 2024 Threat Detection Report (33:40) - Story # 4: NSA Releases Top Ten Cloud Security Mitigation Strategies (47:33) - Story # 5: US government agencies demand fixable ice cream machines (53:14) - Story # 6: Homeland Security is testing AI to help with immigration, trafficking investigations, and disaster relief (01:03:19) - Story # 7: Feds seize $1.4 million of tech support scam proceeds with the help of crypto firm

00:00 - PreShow Banter™ — Death to Clippy05:18 - BHIS - Talkin’ Bout [infosec] News 2024-03-11 – Featuring Josh Mason06:58 - Story # 1: Behind the doors of a Chinese hacking company, a sordid culture fueled by influence, alcohol, and sex13:43 - Story # 2: Top US cybersecurity agency hacked and forced to take some systems offline23:39 - Story # 3: Microsoft admits Russian state hack still not contained. ‘This has tremendous national security implications’30:27 - Story # 4: FBI’s 2023 Internet Crime Report38:18 - Story # 5: QNAP warns of critical auth bypass flaw in its NAS devices50:42 - Story # 6: Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies (00:00) - PreShow Banter™ — Death to Clippy (05:18) - BHIS - Talkin' Bout [infosec] News 2024-03-11 – Featuring Josh Mason (06:58) - Story # 1: Behind the doors of a Chinese hacking company, a sordid culture fueled by influence, alcohol and sex (13:43) - Story # 2: Top US cybersecurity agency hacked and forced to take some systems offline (23:39) - Story # 3: Microsoft admits Russian state hack still not contained. ‘This has tremendous national security implications’ (30:27) - Story # 4: FBI's 2023 Internet Crime Report (38:18) - Story # 5: QNAP warns of critical auth bypass flaw in its NAS devices (50:42) - Story # 6: Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies

A weekly Podcast with BHIS and Friends. stories. We discuss notable Infosec, and infosec-adjacent news stories. Brought to you by: Black Hills Information Securityhttps://www.blackhillsinfosec.com/Antisyphon Traininghttps://www.antisyphontraining.com/Story # 1: Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concernhttps://www.whitehouse.gov/briefing-r...Story # 2: A leaky database spilled 2FA codes for the world’s tech giantshttps://techcrunch.com/2024/02/29/lea...Story # 3: eBay, VMware, McAfee Sites Hijacked in Sprawling Phishing Operationhttps://www.darkreading.com/applicati...23:36 - LokiHakanin's related Post / sean-reilly-techopssec_8000-domains-of-tru... Story # 4: Ivanti Connect Secure hackers hide in plain sight, evading protectionshttps://www.cybersecuritydive.com/new...Story # 5: Over 100,000 Infected Repos Found on GitHubhttps://apiiro.com/blog/malicious-cod...Story # 6: Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warnshttps://arstechnica.com/security/2024... (00:00) - PreShow Banter™ — Adopting Cats (00:43) - BHIS - Talkin' Bout [infosec] News 2024-03-04 (01:40) - Story # 1: Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern (08:56) - Story # 2: A leaky database spilled 2FA codes for the world’s tech giants (20:14) - Story # 3: eBay, VMware, McAfee Sites Hijacked in Sprawling Phishing Operation (22:37) - LokiHakanin's related Post (31:37) - Story # 4: Ivanti Connect Secure hackers hide in plain sight, evading protections (39:44) - Story # 5: Over 100,000 Infected Repos Found on GitHub (48:44) - Story # 6: Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns

Story #1: Mr. Cooper leak exposes over two million customersStory #2: ConnectWise ScreenConnect attacks deliver malwareStory #3: LockBit Infrastructure Seized by US, UK PoliceStory #4: US health tech giant Change Healthcare hit by cyberattackStory #5: The reported leak of Chinese hacking documents supports experts’ warnings about how compromised the US could be (00:00) - PreShow Banter™ — It's a Wii Match (05:22) - BHIS - Talkin' Bout [infosec] News 2024-02-26 (07:10) - Story # 1: Mr. Cooper leak exposes over two million customers (17:42) - Story # 2: ConnectWise ScreenConnect attacks deliver malware (27:49) - Story # 3: LockBit Infrastructure Seized by US, UK Police (34:17) - Story # 4: US health tech giant Change Healthcare hit by cyberattack (39:43) - Story # 5: The reported leak of Chinese hacking documents supports experts' warnings about how compromised the US could be (53:24) - Story # 6: Vending machine error reveals secret face image database of college students

The post Talkin’ About Infosec News – 2/20/24 appeared first on Black Hills Information Security.

The post Talkin’ About Infosec News – 2/14/2024 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Fashion in Oregon (01:51) - BHIS - Talkin' Bout [infosec] News 2024-02-12 (08:54) - Story # 1: Ivanti devices hit by wave of exploits for latest security hole (31:53) - Story # 2: Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data (43:15) - Story # 3: Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros (54:13) - Story # 4: Feds Want to Ban the World’s Cutest Hacking Device. Experts Say It's a ‘Scapegoat’

The post Talkin’ About Infosec News – 2/6/24 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — 5 Min Webcasts (04:29) - BHIS - Talkin' Bout [infosec] News 2024-02-05 (09:06) - Story # 1: Thanksgiving 2023 security incident (22:09) - Story # 2: AnyDesk Incident Response 5-2-2024 (34:14) - Story # 3: Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ (50:13) - Story # 4: All federal civilian agencies ordered to disconnect at-risk Ivanti products by Friday

The post Talkin’ About Infosec News – 1/31/2024 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — No Hacking on Fridays (04:33) - BHIS - Talkin' Bout [infosec] News 2024-01-29 (09:48) - Story # 1: SEC confirms X account was hacked in SIM swapping attack (17:45) - Story # 2: MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries (23:03) - Story # 3: Fortra warns of new critical GoAnywhere MFT auth bypass, patch now (26:35) - Story # 4: Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024 (35:38) - Story # 5: Election cybersecurity director was a victim of a ‘swatting’ attack in her home (39:44) - Story # 6: Ring will no longer allow police to request users' doorbell camera footage (44:25) - Story # 7: Group permission misconfiguration exposes Google Kubernetes Engine clusters (47:03) - REPRISE STORY: Mega-Breach Database Exposes 26 Billion Records (47:50) - Story # 8: The NSA buys Americans’ internet data, newly released documents show (56:03) - Story # 9: Privacy predictions for 2024

The post Talkin’ About Infosec News – 1/24/2024 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — There's More Than Swim Meets (01:21) - BHIS - Talkin' Bout [infosec] News 2024-01-22 (05:21) - Story # 1 : Florida bill banning youth from social media moves forward (14:19) - Story # 2 : Microsoft network breached through password-spraying by Russia-state hackers (21:38) - Story # 3 : This new data poisoning tool lets artists fight back against generative AI (28:50) - Story # 4: Top 3 Priorities for CISOs in 2024 (41:37) - Story # 5 : Inside the Massive Naz.API Credential Stuffing List (48:09) - Story # 6 : Jamf discovers new malware disguised as popular macOS apps

The post Talkin’ About Infosec News – 1/16/2024 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Book-It Steak Dinners (05:25) - BHIS - Talkin' Bout [infosec] News 2024-01-15 (08:01) - Most Offensive Con - (08:16) - Story # 1: Linux devices are under attack by a never-before-seen worm (21:09) - Story # 2: Hacker spins up 1 million virtual servers to illegally mine crypto (25:47) - Story # 3: Actively exploited 0-days in Ivanti VPN are letting hackers backdoor networks (29:33) - Podcast Self-Awareness (32:14) - Story # 4: Hospital IT help desks targeted by sophisticated social engineering schemes

The post Talkin’ About Infosec News – 1/10/24 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Welcome to 2025 (03:36) - BHIS - Talkin' Bout [infosec] News 2024-01-08 (05:30) - Story # 1: Law firm that handles data breaches was hit by data breach (10:36) - Story # 2: Fred Hutch patients get blackmail emails after cyberattack (17:55) - Story # 3: Bitwarden Heist - How to Break Into Password Vaults Without Using Passwords (19:56) - Story # 3b: Privacy Harms – Daniel Solove (21:20) - Story # 4: 23andMe tells victims it’s their fault that their data was breached (33:12) - Story # 5: Hacked Mandiant X Account Abused for Cryptocurrency Theft (37:38) - Story # 6: Merck $1.4 Billion Cyberhack Settlement Ends ‘Warlike’ Act Claim (45:27) - Story # 7: Volkswagen is adding ChatGPT to its infotainment system (51:02) - Story # 8: US nuke reactor lab hit by 'gay furry hackers' demanding cat-human mutants

The post Talkin’ About Infosec News – 12/21/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Talking Bout Fabric (07:16) - BHIS - Talkin' Bout [infosec] News 2023-12-18 (10:06) - Story # 1: Cartels Are Using a Police Database to Track and Target Their Enemies (23:15) - Story # 2: CVS, Rite Aid, Walgreens hand out medical records to cops without warrants (37:18) - Story # 3: Cloud engineer gets 2 years for wiping ex-employer’s code repos (45:11) - Story # 4: Ukraine’s intelligence claims cyberattack on Russia’s state tax service (49:06) - Story # 5: A suspected cyberattack paralyzes the majority of gas stations across Iran (51:18) - Story # 6: Discord adds Security Key support for all users to enhance security (54:32) - Story # 7: Kraft Heinz reviewing claims of cyberattack but internal systems ‘operating normally’ (56:49) - Breach Season Speed Run (58:19) - Story # 8: Ten Years Later, New Clues in the Target Breach (01:00:38) - Story # 9: Oops, wrong number! The real story behind NORAD's Santa tracker (01:02:59) - Story # 9b: NORAD Santa Tracker

https://youtu.be/MaThvw_VWJ8 Brought to you by Antisyphon Training https://www.antisyphontraining.com (00:00) - PreShow Banter™ — Fine McDonalds Drinkware (04:36) - BHIS - Talkin' Bout [infosec] News 2023-12-11 (07:04) - Story # 1: America’s Water Infrastructure Act of 2018 (AWIA) (08:55) - Story # 1b: Dragos Launches Program to Provide Water, Electric Utilities With Free Cybersecurity Tools (09:42) - Story # 1c: Dragos Community Defense Program (11:38) - Story # 2: BlackCat ransomware crims threaten to directly extort victim's customers (20:17) - Story # 3: Fancy Bear goes phishing in US, European high-value networks (21:06) - Story # 3b: Guidance for investigating attacks using CVE-2023-23397 (24:16) - Story # 4: New AeroBlade hackers target aerospace sector in the U.S. (26:27) - Story # 5: Reuters Takes Down Blockbuster Hacker-for-Hire Investigation After Indian Court Order (27:51) - Story # 5b: How an Indian startup hacked the world (32:28) - Story # 6: Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack (39:28) - Story # 7: 23andMe confirms hackers stole ancestry data on 6.9 million users (51:02) - Story # 7b: 23andMe updates user agreement to prevent data breach lawsuits (55:12) - Story # 8: Facebook Messenger Rolls Out End-to-End Encryption by Default (57:31) - Story # 9: Police Arrest Hundreds of Human Traffickers Linked to Cyber Fraud (01:06:57) - Signal For Help

The post Talkin’ About Infosec News – 12/06/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Chaos Agency (08:16) - BHIS - Talkin' Bout [infosec] News 2023-12-04 (11:03) - Story # 1: 2 municipal water facilities report falling to hackers in separate breaches (30:49) - Story # 2: PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) (37:16) - Story # 3: ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation (39:44) - Story # 4: Zyxel warns of multiple critical vulnerabilities in NAS devices (43:09) - Story # 5: Russian developer of Trickbot malware pleads guilty, faces 35-year sentence (46:55) - Story # 6: Hackers spent 2+ years looting secrets of chipmaker NXP before being detected (52:24) - Story # 7: Okta hackers stole data on all customer support users in major breach (53:30) - Story # 7b: November 29, 2023 - October Customer Support Security Incident - Update and Recommended Actions (01:01:55) - Story # 8: Dollar Tree hit by third-party data breach impacting 2 million people (01:04:07) - Hal's 20,000 - Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks

The post Talkin’ About Infosec News – 11/30/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Glitch, Please (01:54) - BHIS - Talkin' Bout [infosec] News 2023-11-27 (04:55) - Story # 1: General Electric investigates claims of cyber attack, data theft (10:01) - Story # 2: CISA orders federal agencies to patch Looney Tunables Linux bug (16:26) - Story # 3: Phishing attacks spike attributed to generative AI adoption (18:49) - Story # 3b: SlashNext report uncovers 1,265% increase in phishing emails in a year (19:09) - Story # 3c: Complete Generative AI Security for Email, Mobile, and Browser (24:39) - Story # 4: Fidelity National Financial shuts down network in wake of cybersecurity incident (25:56) - Story # 4b: BlackCat claims it is behind Fidelity National Financial ransomware shakedown (38:08) - Story # 5: Chief Operating Officer of Network Security Company Charged with Cyberattack on Medical Center (01:01:52) - Snake Oil? Summit 2023

The post Talkin’ About Infosec News – 11/22/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — A clean-shaven galaxy, a long time away. (07:50) - BHIS - Talkin' Bout [infosec] News 2023-11-20 (09:53) - Story # 1: Ransomware gang files complaint with SEC complaining victim didn’t promptly announce breach (12:36) - Story # 1b: AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC (2) (17:04) - Story # 1c : Services in North Carolina town unavailable after ransomware attack (18:13) - Story # 1d: WHISTLEBLOWER AWARD PROCEEDING (20:32) - Story # 2: Taylor Swift Fans Spring Into Action After Singer’s Hotel Location Leaks (26:01) - Story # 3: Recognizing fake news now a required subject in California schools (35:34) - Story # 4: Hackers breach healthcare orgs via ScreenConnect remote access (37:07) - Story # 4b: Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyberattack (42:59) - Story # 5: Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (47:19) - Story # 6: US Announces IPStorm Botnet Takedown and Its Creator’s Guilty Plea (50:32) - Story # 7: Ignite News: Augment your EDR with deception tactics to catch adversaries early (59:54) - Snake Oil? Summit 2023

The post Talkin’ About Infosec News – 11/13/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Tinder Skills Endorsements (01:38) - BHIS - Talkin' Bout [infosec] News 2023-11-13 (02:42) - Story # 1: Boeing data published by Lockbit hacking gang (03:57) - Story # 2: Google, Meta, Discord, and more team up to fight child abuse online (28:06) - Story # 3: Data broker’s “staggering” sale of sensitive info exposed in unsealed FTC filing (39:37) - Story # 4: Maine government says data breach affects 1.3 million people (44:40) - Story # 1 REPRISE: Boeing data published by Lockbit hacking gang (50:52) - Story # 5: Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks

The post Talkin’ About Infosec News – 11/10/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — The Jerky Experience (03:40) - BHIS - Talkin' Bout [infosec] News 2023-11-06 (04:34) - Story # 1: Okta hit by third-party data breach exposing employee information (07:03) - Story # 1b: Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop (13:13) - Story # 2: Boeing confirms cyberattack, global services disrupted (14:34) - Story # 3: Four dozen countries declare they won’t pay ransomware ransoms (15:26) - Story # 4: https://www.healthcareinfosecurity.com/feds-levy-first-ever-hipaa-fine-for-ransomware-data-breach-a-23448 (27:08) - Story # 5: “This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard (30:52) - Story # 6: 3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (32:03) - Story # 7: Exploit released for critical Cisco IOS XE flaw, many hosts still hacked (33:28) - Story # 7b: Cisco IOS XE CVE-2023-20198: Deep Dive and POC (42:38) - Story # 8: SEC charges SolarWinds CISO with fraud for misleading investors before major cyberattack

The post Talkin’ About Infosec News – 11/09/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Costume Party (02:04) - BHIS - Talkin' Bout [infosec] News 2023-10-30 (03:24) - Story # 1: Okta cybersecurity breach wipes out more than $2 billion in market cap (18:43) - Story # 2: Boeing assessing Lockbit hacking gang threat of sensitive data leak (26:09) - Story # 3: The AI-Generated Child Abuse Nightmare Is Here (41:37) - Story # 4: MGM Resorts hackers 'one of the most dangerous financial criminal groups’

The post Talkin’ About Infosec News – 11/4/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Pre-Con-Crud (01:49) - BHIS - Talkin' Bout [infosec] News 2023-10-23 (04:33) - WWHF 2023 recap (12:20) - Story # 1: Mysterious APT compromises Asian government's secure USBs (16:13) - Story # 2: CIA exposed to potential intelligence interception due to X's URL bug (20:02) - Story # 3: EPA withdraws cyber audit requirement for water systems (22:54) - Story # 3b: Florida Water Treatment Plant Hit With Cyber Attack (27:00) - Story # 4: Thousands of remote IT workers sent wages to North Korea to help fund weapons program, FBI says (33:10) - Story # 5: Okta says its support system was breached using stolen credentials (37:13) - Story # 6: Casio discloses data breach impacting customers in 149 countries (41:44) - Story # 7: Ragnar Locker ransomware’s dark web extortion sites seized by police (44:02) - Story # 7b: Ragnar Locker ransomware developer arrested in France (46:54) - Story # 8: Flipper Zero can be used to crash iPhones running iOS 17, but there's a way to foil the attack (50:42) - Story # 9: U.S. Government Releases Popular Phishing Technique Used by Hackers (53:39) - Story # 10: Selfie-scraper, Clearview AI, wins appeal against UK privacy sanction

The post Talkin’ About Infosec News – 10/10/23 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Canadian Bacon Day (04:35) - BHIS - Talkin' Bout [infosec] News 2023-10-09 (06:19) - Story # 1: NSA and CISA reveal top 10 cybersecurity misconfigurations (13:35) - Story # 1b: NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations (21:21) - Story # 2: QR codes in emails? Watch out - it could be part of a 'Quishing' scam (25:07) - Story # 2b: https://github.com/jocephus/QuellR (28:16) - Story # 2c: https://twitter.com/vmyths/status/1212201412068818944 (30:47) - Story # 3: New Marvin attack revives 25-year-old decryption flaw in RSA (35:59) - Story # 4: Bounty offered for secret NSA seeds behind NIST elliptic curves algo (38:01) - Story # 5: Rules of engagement issued to hacktivists after chaos (01:02:55) - PROGRAMMING NOTE – WWHF2023

The post Talkin’ About Infosec News – 10/9/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — The Scented Podcast (04:42) - BHIS - Talkin' Bout [infosec] News 2023-10-02 (07:24) - Story # 1: Google assigns new maximum rated CVE to libwebp bug exploited in attacks (24:13) - Story # 2: Progress warns of maximum severity WS_FTP Server vulnerability (31:16) - Story # 3: Sony PlayStation Hack: What We Know So Far About the LAPSUS$ Cyberattack (36:10) - Story # 4: City of Fort Lauderdale loses $1.2 million in phishing scam, police in Florida say (41:42) - Story # 5: FCC announces plans to reinstate net neutrality (52:32) - Story # 6: [New research] Do longer passwords protect you from compromise?

The post Special Segment – Cyber Security Career Advice – 9/28/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ Segment Special – Cyber Security Career Advice (00:26) - Q :Entry Level Cybersecurity equals Mid-Level I.T. ? (08:05) - Q: How do I get started, I'm new in the Cyber Security Industry? (09:37) - Q: What Degree(s) do you recommend for Cyber Security / Infosec? (16:07) - Q: How did Chris Traynor join Black Hills Information Security? (18:58) - LINK– Pancake Con Chris Traynor Talk - https://youtube.com/watch?v=tMgDSb5_mKs (20:13) - LINK - BHIS Discord - https://discord.gg/bhis (23:35) - LINK - Chicago meetups : https://burbsec.com (25:53) - LINK: YouTube– Acess Granted Webcast – https://youtube.com/live/oaTEK9Feo5s

The post Talkin’ About Infosec News – 9/25/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Poop Shoots and Chocolate Bunnies (02:33) - BHIS - Talkin' Bout [infosec] News 2023-09-25 (07:15) - Story # 1: Cisco to Acquire Splunk (08:15) - CISCO RSA Plane https://assets-cdn.workingnotworking.com/a1w71r9as47v5iap49d6u2md0dfr (09:21) - Jack Rhysider on Splunk https://twitter.com/JackRhysider/status/1704986407415038213 (18:09) - Story # 2: Youth hacking ring at the center of cybercrime spree (26:45) - Story # 3: T-Mobile users say other people’s account information is appearing in their app (30:11) - Story # 4: Okta: Caesars, MGM hacked in social engineering campaign (35:40) - Story # 5: Data breach reveals distressing info: People who order pineapple on pizza (39:28) - Story # 6: National Student Clearinghouse data breach impacts 890 schools (46:16) - Story # 7: Kroll Suffers Data Breach: Employee Falls Victim to SIM Swapping Attack

The post Talkin’ About Infosec News – 9/18/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Billionare Traps & Dump Lists (05:11) - BHIS - Talkin' Bout [infosec] News 2023-09-18 (07:28) - Story # 1: Statement on MGM Resorts International (12:06) - Story # 1b: Okta & MGM sitting in a tree (14:53) - Story # 1c: Okta Agent Involved in MGM Resorts Breach, Attackers Claim (20:26) - Story # 1d: Social Engineering: How It Works, Examples & Prevention (26:49) - Story # 1e: Lina Khan Got Stuck in the Fallout of the MGM Hack at Las Vegas (44:09) - Story # 2: F-35 goes missing near North Charleston; pilot hospitalized after ejecting (48:38) - Story # 3: Pirated Software Likely Cause of Airbus Breach (53:48) - (K)night (I)ndustries (T)esla (T)hree opens parking garage gate

The post Talkin’ About Infosec News – 9/11/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Felling Trees 504 (02:03) - Talkin' Bout [infosec] News 2023-09-11 (05:51) - 22nd Anniversary of the 9-11 Tragedy (10:35) - Story # 1: AT&T Customers Doxed Themselves En Masse In Reply-All Nightmare (15:47) - Story # 1b: Senate email system crashes amid avalanche of reply-alls to security test (18:09) - Story # 2: Millions Infected by Spyware Hidden in Fake Telegram Apps on Google Play (23:47) - Story # 2b: BLASTPASS NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild (29:16) - Story # 3: Apple finally admits the CSAM scanning flaw we all pointed out (33:32) - Story # 4: Outlook Hack: Microsoft Reveals How a Crash Dump Led to a Major Security Breach (38:57) - Story # 4b: Microsoft finally explains cause of Azure breach: An engineer’s account was hacked (51:16) - Story # 5: FBI, Partners Dismantle Qakbot Infrastructure in Multinational Cyber Takedown — FBI (52:24) - Story # 5b: Data From The Qakbot Malware is Now Searchable in Have I Been Pwned, Courtesy of the FBI (57:49) - https://github.com/alephdata/aleph

Brought to you by Antisyphon Training — https://www.antisyphontraining.com (00:00) - PreShow Banter™ — Deep Disruptions (04:01) - BHIS - Talkin' Bout [infosec] News 2023-08-28 (05:43) - Story # 1: Exclusive: Cybersecurity firm SentinelOne explores sale -sources (13:28) - Story # 2: WinRAR 0-day that uses poisoned JPG and TXT files under exploit since April (20:17) - Story # 3: NIST Publishes Draft Post-Quantum Cryptography Standards (23:29) - Story # 4: Mysterious Cyberattack Shuts Down Yet More Telescopes For Weeks (29:31) - Story # 5: Danish cloud host says customers ‘lost all data’ after ransomware attack (35:04) - Story # 6: Lapsus$: Court finds teenagers carried out hacking spree (35:45) - Story # 6b: GTA 6 Hacker Found To Be Teen With Amazon Fire Stick In Small Town Hotel Room (44:36) - Story # 7: New Juniper Junos OS Flaws Expose Devices to Remote Attacks - Patch Now

Brought to you by Antisyphon Training — https://www.antisyphontraining.com (00:00) - PreShow Banter™ — Overarching Hot Takes (01:27) - BHIS - Talkin' Bout [infosec] News 2023-08-21 (04:30) - Story # 1: Hackers red-teaming A.I. are ‘breaking stuff left and right,’ but don’t expect quick fixes from DefCon: ‘There are no good guardrails’ (06:18) - Story # 1b: What happens when thousands of hackers try to break AI chatbots (08:46) - Story # 2: US lawmaker says FBI notified him of email breach linked to Microsoft cloud hack (11:18) - Story # 3: Elon Musk's army of inactive followers paints a bleak picture of X as a whole (12:42) - Story # 3b: Elon Musk’s Shadow Rule (18:45) - Story # 4: Haggling With Hackers: Surprising Lessons From 50 Negotiations With Ransomware Gangs (23:42) - Story # 5: WinRAR flaw lets hackers run programs when you open RAR archives (27:55) - Story # 6: CISA, experts warn of Citrix vulnerabilities being exploited by hackers (29:44) - Story # 7: Ongoing Duo outage causes Azure Auth authentication errors (30:38) - Story # 8: Phishing campaign steals accounts for Zimbra email servers worlwide (35:48) - Story # 9: WD refused to answer our questions about its self-wiping SanDisk SSDs (38:35) - Story # 9b: Backblaze Drive Stats for Q2 2023 (42:07) - Story # 10: NYC Bans TikTok on City Devices (55:38) - Story # 11: IMAX Still Runs on PalmPilot Operating System (57:25) - Story # 12: Major LinkedIn Account Takeover Campaign Underway

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories. Brought to you by: /// (00:00) - PreShow Banter™ — Messed With Your Head (05:25) - Story # 1: Chinese Malware Could Cut Power To U.S. Military Bases, Businesses And Homes, Report Claims (18:14) - Story # 2: US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence’ (18:39) - Story # 2b: US senator victim-blames Microsoft for Chinese hack (19:08) - Story # 2c: https://www.wyden.senate.gov/imo/media/doc/ (27:27) - Story # 3: Russian court jails cyber security executive for 14 years in treason case (33:47) - Story # 4: Almost 40% of Ubuntu users vulnerable to new privilege elevation flaws (47:29) - Story # 5: SEC now requires companies to disclose cyberattacks in 4 days (48:19) - Story # 5b: SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (57:55) - Take Joe's Class https://www.theosintion.com/courses/

The post Talkin’ About Infosec News – 6/9/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Pick Your Crap (02:01) - BHIS - Talkin' Bout [infosec] News 2023-06-05 (02:35) - Story # 1: International Underwear Model and Insurrectionist Was Just Sentenced to 32 Months in Prison (05:39) - Story # 2: Mass exploitation of critical MOVEit flaw is ransacking orgs big and small (07:46) - Story # 2b: https://github.com/AhmetPayaslioglu/YaraRules (14:11) - Story # 2c: Critical Vulnerability in Progress MOVEit Transfer: Technical Analysis and Recommendations (42:31) - Story # 3: Millions of PC Motherboards Were Sold With a Firmware Backdoor (44:01) - Story # 3b: Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards (46:31) - Story # 4: Cyberweapon manufacturers plot to stay on the right side of US (54:16) - Story # 5: Hackers steal around $170,000 after compromising Steve Aoki's Twitter account

The post Talkin’ About Infosec News – 5/26/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — The Power of PreShow Banter™ (02:19) - BHIS - Talkin' Bout [infosec] News 2023-05-22 (04:40) - Story # 1: Meta slapped with record $1.3 billion EU fine over data privacy (09:23) - Story # 2: Toyota Discloses Decade-Long Data Leak Exposing 2.15M Customers' Data (11:58) - Story # 3: Microsoft is scanning the inside of password-protected zip files for malware (21:53) - Story # 4: ChatGPT chief says artificial intelligence should be regulated by a US or global agency (28:38) - Story # 5: 15million Bug Bounty - LayerZero Labs (33:38) - Story # 6: Dish Network likely paid ransom after recent ransomware attack (38:13) - Story # 7: New ZIP domains spark debate among cybersecurity experts (41:09) - Story # 7b: https://twitter.com/_JohnHammond/status/1657427727425626113 (43:56) - Story # 8: Apple Bans Employees From Using ChatGPT Amid Its Own AI Efforts (52:21) - Story # 9: TikTok sues Montana over controversial state ban

The post Talkin’ About Infosec News – 5/17/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Hardcore Mountain J-Biking (02:37) - BHIS - Talkin' Bout [infosec] News 2023-05-15 (03:37) - Story # 1: Discord discloses data breach after support agent got hacked (12:12) - Story # 2: Cybersecurity firm Dragos discloses cybersecurity incident, extortion attempt (13:02) - Story # 2b: Deconstructing a Cybersecurity Event (29:02) - Story # 3: How Apple catches leakers: From color changes to comma placement (31:32) - Story # 3b: The ingenious way ‘Star Trek Beyond’ is making sure its script doesn’t leak online (34:34) - Story # 3c: Genius hid a Morse code message in song lyrics to prove Google was copying them (40:17) - Story # 4: How one of Vladimir Putin’s most prized hacking units got pwned by the FBI (43:03) - Story # 4b: Hunting Russian Intelligence “Snake” Malware (51:26) - Story # 4c: Microsoft recommended driver block rules (55:50) - Story # 4d: Bypassing PatchGuard 3 (58:15) - Story # 5: The Team of Sleuths Quietly Hunting Cyberattack-for-Hire Services

The post Talkin’ About Infosec News – 5/11/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Notes about Music (01:19) - BHIS - Talkin' Bout [infosec] News 2023-05-08 (01:59) - Story # 1: China’s hackers outnumber FBI cyber staff ‘at least 50 to 1,’ Wray tells Congress (06:57) - Story # 2: Drone goggles maker claims firmware sabotaged to ‘brick’ devices (12:27) - Story # 3: Twitter says a 'security incident' led to private Circle tweets becoming public (13:46) - Story # 4: Billy Corgan Paid Off Hacker to Prevent ATUM Leak (21:15) - Story # 5: New Atomic macOS info-stealing malware targets 50 crypto wallets (39:35) - Story # 5b ChatGPT maker OpenAI lost about $540 million last year (47:51) - Story # 6: QR codes used in fake parking tickets, surveys to steal your money

The post Talkin’ About Infosec News – 5/5/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Swords in San Francisco (01:32) - BHIS - Talkin' Bout [infosec] News 2023- 04-24 (04:00) - Story # 1: Pentagon Leaks: What's the Damage? (13:09) - Story # 2: Hacker Group Names Are Now Absurdly Out of Control (21:15) - Story # 3: 3CX Breach Was a Double Supply Chain Compromise (38:31) - Story # 4: What’s more prevalent than juice jacking? Fake public WiFi networks, says researcher (45:23) - Story # 5: Hundreds of Southwest Airlines flights are delayed after FAA lifts nationwide ground stop (49:06) - Story # 6: European air traffic control confirms website 'under attack' by pro-Russia hackers (50:56) - Story # 7: APC warns of critical unauthenticated RCE flaws in UPS software (53:16) - Story # 8: ‘AuKill’ EDR killer malware abuses Process Explorer driver

The post Talkin’ About Infosec News – 4/18/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Hardest to Handle (02:41) - BHIS - Talkin' Bout [infosec] News 2023-04-17 (04:22) - Story # 1: Actually, Charging Your Phone in a Public USB Port Is Fine (16:04) - Story # 2: Israeli Irrigation Water Controllers & Postal Service Breached (16:48) - Story # 2b: Did someone really hack into the Oldsmar, Florida, water treatment plant? New details suggest maybe not. (27:30) - Story # 2c: Ridley turns a horrific true story involving Hurricane Katrina into a scripted drama (29:13) - Story # 3: 3CX blames North Korea for supply chain mass-hack (35:09) - Story # 4: FBI arrests 21-year-old Air National Guardsman suspected of leaking classified documents (53:59) - Story # 5: Montana lawmakers vote to completely ban TikTok in the state

The post Talkin’ About Infosec News – 4/11/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Canada Man (03:49) - BHIS - Talkin' Bout [infosec] News 2023-04-10 (05:10) - Story # 1: IRS-authorized eFile.com tax return software caught serving JS malware (11:52) - Story # 2: Hackers using Log4j bug to profit from victim IP addresses through ‘proxyjacking’ scheme (19:45) - Story # 3: Two-Fifths of IT Pros Told to Keep Breaches Quiet (27:27) - Story # 4: Samsung reportedly leaked its own secrets through ChatGPT (30:16) - Story # 4b: Introducing Microsoft Security Copilot: Empowering defenders at the speed of AI (32:07) - Story # 5: Tesla workers shared images from car cameras, including “scenes of intimacy” (47:37) - HBS News Hour (52:01) - Story # 6: KFC, Pizza Hut owner discloses data breach after ransomware attack

The post Talkin’ About Infosec News – 4/5/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Jazzy Saxophone (01:13) - BHIS - Talkin' Bout [infosec] News 2023-04-03 (02:40) - Story # 1: He Would Still Be Here': Man Dies by Suicide After Talking with AI Chatbot, Widow Says (08:45) - Story # 1b: Elon Musk, Steve Wozniak Join AI Experts In Pushing To 'Pause Giant AI Experiments' (14:51) - Story # 2: S.686 - RESTRICT Act (26:01) - Story # 3: Leaked IT contractor files detail Kremlin's stockpile of cyber-weapons (29:27) - Story # 4: 3CX thought supply chain attack was a false positive (35:46) - Story # 5: Twitter takes its algorithm ‘open-source,’ as Elon Musk promised (39:40) - Story # 6: 20-Year-Old BreachForums Founder Faces Up to 5 Years in Prison (44:16) - Story # 7: Hacker Agrees to Return $197 Million Stolen from Euler Finance (47:46) - Story # 8: India-based cybergang busted for selling fake KFC franchises (51:50) - Story # 8b: https://twitter.com/cyberabadpolice (52:42) - Story # 8c: https://www.cyberabadpolice.gov.in (56:07) - Story # 9: Meta wants EU users to apply for permission to opt out of data collection