Talkin' Bout [Infosec] News

The post Talkin’ About Infosec News – 4/3/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Always Checking For Leaks (02:56) - BHIS - Talkin' Bout [infosec] News 2023-03-27 (04:31) - Story # 1: Data breach leak site BreachForums shuts down (12:06) - Story # 2: Ralph's personal cybercrime story (21:43) - Story # 3: North Korean hackers using Chrome extensions to steal Gmail emails (31:13) - Story # 4: Gordon Moore, Intel Co-Founder, Dies at 94 (32:37) - Story # 4b: Beloved hacking veteran Kelly ‘Aloria’ Lum passes away at 41 (32:59) - Story # 5: Twitter Says Parts of Its Source Code Were Leaked Online (37:00) - Story # 6: AI image of Pope Francis in a puffer jacket fooled the internet and experts fear there’s worse to come (41:07) - Story # 6b: Samsung’s Moon Shots Force Us to Ask How Much AI Is Too Much (44:00) - Story # 7:New MacStealer macOS malware steals passwords from iCloud Keychain (45:22) - Story # 8: Windows 11, Tesla, Ubuntu, and macOS hacked at Pwn2Own 2023 (49:39) - Story # 9: Ferrari discloses data breach after receiving ransom demand (52:03) - Story # 10: How hackers took over Linus Tech Tips

00:00 – PreShow Banter™ — Tossing Money at Problems00:58 – BHIS – Talkin’ Bout [infosec] News 2023-03-1301:41 – Story # 1: Silicon Valley Bank collapse: Treasury, Fed, and FDIC announce […] The post Talkin’ About Infosec News – 3/16/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Tossing Money at Problems (00:58) - BHIS - Talkin' Bout [infosec] News 2023-03-13 (01:41) - Story # 1: Silicon Valley Bank collapse: Treasury, Fed and FDIC announce steps to ensure deposits will be paid in full (17:23) - Story # 1b: Silicon Valley Bank exec was Lehman Brothers CFO prior to 2008 collapse (21:21) - Story # 2: FBI investigates data breach impacting U.S. House members and staff (30:33) - Story # 3: Acronis downplays intrusion after 12GB trove leaks online (34:40) - Story # 4: Acer confirms breach after 160GB of data for sale on hacking forum (51:26) - Story # 5: The privacy loophole in your doorbell (57:28) - Spearfish General Store

THIS IS A TEST The post Talkin’ About Infosec News – 3/8/2023 (v2) appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Lil NAS (06:52) - BHIS - Talkin' Bout [infosec] News 2023-03-06 (08:13) - Story # 1: LastPass says employee’s home computer was hacked and corporate vault taken (28:32) - Story # 2: An Uncomfortable Reality: Occupational Hazards Associated with Thought Leadership in CTI (35:18) - Story # 3: FACT SHEET: Biden-⁠Harris Administration Announces National Cybersecurity Strategy (45:17) - Story # 4: Roku Doesn’t Support IPv6 and It Might Be a Big Deal (51:05) - Story # 5: Secret crawlspace cryptomine discovered in routine inspection of MA high school (57:18) - Story # 6: ATM thieves use glue and 'tap' function to drain accounts at Chase Bank

00:00 – PreShow Banter™ — Lil NAS06:52 – BHIS – Talkin’ Bout [infosec] News 2023-03-0608:13 – Story # 1: LastPass says employee’s home computer was hacked and corporate vault takenhttps://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/28:32 […] The post Talkin’ About Infosec News – 3/8/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Lil NAS (06:52) - BHIS - Talkin' Bout [infosec] News 2023-03-06 (08:13) - Story # 1: LastPass says employee’s home computer was hacked and corporate vault taken (28:32) - Story # 2: An Uncomfortable Reality: Occupational Hazards Associated with Thought Leadership in CTI (35:18) - Story # 3: FACT SHEET: Biden-⁠Harris Administration Announces National Cybersecurity Strategy (45:17) - Story # 4: Roku Doesn’t Support IPv6 and It Might Be a Big Deal (51:05) - Story # 5: Secret crawlspace cryptomine discovered in routine inspection of MA high school (57:18) - Story # 6: ATM thieves use glue and 'tap' function to drain accounts at Chase Bank

Story # 1: A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Lifehttps://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a Story # 1b: Apple’s iPhone Passcode Problem: Thieves Can Ruin Your Entire Digital Life in Minutes […] The post Talkin’ About Infosec News – 3/3/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Farm Raised Artificial Intelligence (04:01) - BHIS - Talkin' Bout [infosec] News 2023-02-27 (05:09) - Story # 1: A Basic iPhone Feature Helps Criminals Steal Your Entire Digital Life (18:52) - Story # 2: Sensitive US military emails spill online (27:55) - Story # 3: Fruit giant Dole suffers ransomware attack impacting operations (33:01) - Story # 4: Well-hidden Mac cryptomining malware found in pirate copies of Final Cut Pro; expect more (37:30) - Story # 5: AI Helps Crack NIST-Recommended Post-Quantum Encryption Algorithm (40:38) - Story # 6: Snapchat launches ChatGPT integration, warns to not share your secrets (43:28) - Story # 7: How I Broke Into a Bank Account With an AI-Generated Voice (47:55) - Story # 8: Firms Who Pay Ransom Subsidise 10 New Attacks: Report (53:51) - Story # 9: Valve set a trap to catch and ban 40,000 Dota 2 cheaters

00:00 – PreShow Banter™ — Pop Tart Pizza04:15 – BHIS – Talkin’ Bout [infosec] News 2023-02-2005:39 – Story # 1: Employee data from a major cybersecurity firm posted for sale […] The post Talkin’ About Infosec News – 2/22/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Pop Tart Pizza (04:15) - BHIS - Talkin' Bout [infosec] News 2023-02-20 (05:39) - Story # 1: Employee data from a major cybersecurity firm posted for sale on a hacker forum (13:43) - Story # 2: FBI is investigating a cybersecurity incident on its network (16:44) - Story # 3: GoDaddy: Hackers stole source code, installed malware in multi-year breach (21:44) - Story # 4: Hyundai, Kia pushing updates so you can’t just steal their cars with USB cables (30:21) - Story # 5: Eurostar forces 'password resets' — then fails and locks users out (33:37) - Story # 6: Hacker Uncovers How to Turn Traffic Lights Green With Flipper Zero (39:30) - Story # 7: Namecheap denies system breach after email service used to spread phishing scams (43:11) - Story # 8: Official: Twitter will now charge for SMS two-factor authentication (48:24) - Story # 9: Software suite of Israeli security firm Cellebrite leaks online (51:22) - Story # 10: The US Air Force may have shot down an Amateur Radio Pico Balloon over Canada (55:48) - Story # 11: ChatGPT Is Ingesting Corporate Secrets

00:00 – PreShow Banter™ — Scalping Valentine’s Day Reservations04:13 – BHIS – Talkin’ Bout [infosec] News 2023-06-2305:52 – Story # 1: 5 Chinese companies and a research institute blacklisted by […] The post Talkin’ About Infosec News – 2/17/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Scalping Valentine's Day Reservations (04:13) - BHIS - Talkin' Bout [infosec] News 2023-06-23 (05:52) - Story # 1: 5 Chinese companies and a research institute blacklisted by U.S. over spy balloon program (12:00) - Story # 2: We had a security incident. Here’s what we know. (15:19) - Ean Reports Live! (21:44) - Story # 3: NameCheap's email hacked to send Metamask, DHL phishing emails (26:49) - Story # 4: Top mobile finance app Money Lover has some worrying security flaws (31:24) - Story # 5: Ukraine war: Elon Musk's SpaceX firm bars Kyiv from using Starlink tech for drone control (36:58) - Story # 6: NATO websites hacked, including that of the Headquarters of Special Operations Forces (38:58) - Story # 7: Khinshtein said that hackers acting in the interests of the Russian Federation should be released from liability (40:52) - Story # 8 NIST Standardizes Ascon Cryptographic Algorithm for IoT and Other Lightweight Devices (43:29) - Story # 9: Americans don't understand what companies can do with their personal data—and that's a problem (45:15) - Story # 9b: AMERICANS CAN’T CONSENT TO COMPANIES’ USE OF THEIR DATA (54:33) - Story # 10: Pentagon Staffers Found Installing Dating Apps, Games on Government Phones (57:34) - Story # 10b: Management Advisory: The DoD’s Use of Mobile Applications (Report No. DODIG-2023-041) (58:14) - Story # 11: When Facebook came for your battery, feudal security failed

00:00 – PreShow Banter™ — We’ve got nothing to say03:07 – BHIS – Talkin’ Bout [infosec] News 2023-06-2305:56 – Story # 1: Cybercrime job ads on the dark web pay […] The post Talkin’ About Infosec News – 2/13/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — We've got nothing to say (03:07) - BHIS - Talkin' Bout [infosec] News 2023-06-23 (05:56) - Story # 1: Cybercrime job ads on the dark web pay up to $20k per month (10:52) - Story # 2: Discrepancies Discovered in Vulnerability Severity Ratings (25:27) - Story # 3: GitHub Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom (28:48) - Story # 4: Ex-Ubiquiti worker pleads guilty to data theft, extortion, and smear plot (34:47) - Story # 5: North Korean hackers stole research data in two-month-long breach (42:19) - Story # 6: Hacker Group Releases 128GB Of Data Showing Russia's 'Wide-Ranging' Illegal Surveillance Of Citizens

00:00 – PreShow Banter™ — Woke Up Like This03:20 – BHIS – Talkin’ Bout [infosec] News 2023-01-3005:04 – Story # 1: GoTo says hackers stole customers’ backups and encryption keyhttps://www.bleepingcomputer.com/news/security/goto-says-hackers-stole-customers-backups-and-encryption-key/09:48 […] The post Talkin’ About Infosec News – 2/3/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Woke Up Like This (03:20) - BHIS - Talkin' Bout [infosec] News 2023-01-30 (05:04) - Story # 1: GoTo says hackers stole customers' backups and encryption key (09:48) - Story # 2: T-Mobile hacked to steal data of 37 million accounts in API data breach (11:29) - Story # 3: Appliance makers sad that 50% of customers won’t connect smart appliances (23:11) - Story # 4: More Ransomware Victims Are Refusing to Pay Hackers (25:34) - Story # 5: DOJ, FBI hack Hive Network, save US$130 mln from crypto ransomware attacks (27:27) - Story # 6: Ransomware gang steals data from KFC, Taco Bell, and Pizza Hut brand owner (29:35) - Story # 7: Pet fish commits credit card fraud on owner using a Nintendo Switch (34:15) - Story # 8: how to completely own an airline in 3 easy steps (38:43) - Story # 9: Nearly 35,000 PayPal users had SSNs, tax info leaked during December cyberattack (46:43) - Story # 10: The semiconductor monopoly: How one Dutch company has a stranglehold over the global chip industry (55:59) - Story # 11: Swipe right on our new credit card tokens!

00:00 – PreShow Banter™ — Wade’s Googly Eyes00:41 – BHIS – Talkin’ Bout [infosec] News 2023-01-2301:26 – Story # 1: BIG TECH LAYOFFS. LAYOFFS! DOOM! RECESSION! The post Talkin’ About Infosec News – 1/25/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Wade's Googly Eyes (00:41) - BHIS - Talkin' Bout [infosec] News 2023-01-23 (01:26) - Story # 1: BIG TECH LAYOFFS. LAYOFFS! DOOM! RECESSION!

00:00 – PreShow Banter™ — Ralph’s Guide to Satellite Bands 04:33 – BHIS – Talkin’ Bout [infosec] News 2023-01-16 05:25 – Story # 1: Microsoft’s new AI can simulate anyone’s […] The post Talkin’ About Infosec News – 1/17/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Ralph’s Guide to Satellite Bands (04:33) - BHIS - Talkin' Bout [infosec] News 2023-01-16 (05:25) - Story # 1: Microsoft’s new AI can simulate anyone’s voice with 3 seconds of audio (13:29) - Story # 2: Russian Hackers Tried to Break Into the U.S.'s Top Nuclear Labs: Report (16:42) - Story # 3: CircleCI breach post-mortem: Attackers got in by stealing engineer’s session cookie (26:59) - Story # 4: How a single developer dropped AWS costs by 90%, then disappeared (36:46) - Story # 5: A Widespread Logic Controller Flaw Raises the Specter of Stuxnet (48:38) - Story # 6: Meta sues “scraping-for-hire” service that sells user data to law enforcement

00:00 – PreShow Banter™ — Twitch Airways International00:59 – BHIS – Talkin’ Bout [infosec] News 2023-01-1003:56 – Story # 1: How ChatGPT could become a hacker’s friendhttps://betanews.com/2023/01/05/how-chatgpt-could-become-a-hackers-friend/14:05 – Story # […] The post Talkin’ About Infosec News – 1/12/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Twitch Airways International (00:59) - BHIS - Talkin' Bout [infosec] News 2023-01-10 (03:56) - Story # 1: How ChatGPT could become a hacker's friend (14:05) - Story # 2: Cybersecurity experts gaze into the 2023 crystal ball and see good, bad, ugly (16:40) - Story # 3: Chick-Fil-A and other Breaches to snack on (31:01) - Story # 4: Identity Thieves Bypassed Experian Security to View Credit Reports (36:29) - Story # 5: CircleCI security alert: Rotate any secrets stored in CircleCI (Updated Jan 7) (40:45) - Story # 6: Air France and KLM notify customers of account hacks (43:27) - Story # 7: Guardian offices closed until 23 January due to ongoing fallout from suspected ransomware attack

00:00 – PreShow Banter™ — Seven People00:51 – BHIS – Talkin’ Bout [infosec] News 2023-01-0201:37 – Story # 1: LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolenhttps://www.theverge.com/2022/12/28/23529547/lastpass-vault-breach-disclosure-encryption-cybersecurity-rebuttal32:22 – […] The post Talkin’ About Infosec News – 1/3/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Seven People (00:51) - BHIS - Talkin' Bout [infosec] News 2023-01-02 (01:37) - Story # 1: LastPass Admits to Severe Data Breach, Encrypted Password Vaults Stolen (32:22) - Story # 2: Southwest Airlines’ post-Christmas meltdown thanks to ‘outdated IT’ systems, poor scheduling (42:18) - Story # 3: McGraw Hill's S3 buckets exposed 100,000 students' grades (47:59) - Story # 4: Okta confirms another breach after hackers steal source code

00:00 – PreShow Banter™ — Talkin’ Bout [Elon] News00:51 – BHIS – Talkin’ Bout [infosec] News 2022-12-1902:46 – Story # 1: Antivirus and EDR solutions tricked into acting as data […] The post Talkin’ About Infosec News – 12/21/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Talkin' Bout [Elon] News (00:51) - BHIS - Talkin' Bout [infosec] News 2022-12-19 (02:46) - Story # 1 : Antivirus and EDR solutions tricked into acting as data wipers (12:11) - Story # 2: Twitter suspends @ElonJet after Musk promises not to ban it (12:48) - Story # 2b: Elon Musk starts banning critical journalists from Twitter (14:37) - Story # 2c: Twitter abruptly bans all links to Instagram, Mastodon, and other competitors (15:08) - Story # 2d: Elon Musk should step down as head of Twitter, says poll (16:18) - Story # 2e: Your Car is Trackable by Law (22:41) - Story # 2f: AirNav RadarBox FlightStick - ADS-B USB Receiver with Integrated Filter, Amplifier and ESD Protection (26:41) - Story # 3: FBI’s Vetted Info Sharing Network ‘InfraGard’ Hacked (32:24) - Story # 4: Reno mayor sues after finding tracking device on vehicle (36:43) - Story # 5: Email hijackers scam food out of businesses, not just money (42:46) - Story # 6: Bugs in LEGO Resale Site Allowed Hackers to Hijack Accounts (45:41) - Story # 7: CISA Alert: Veeam Backup and Replication Vulnerabilities Being Exploited in Attacks (50:05) - Story # 8: CISA researchers: Russia's Fancy Bear infiltrated US satellite network

00:00 – PreShow Banter™ — Scissors Vs Paper00:15 – BHIS – Talkin’ Bout [infosec] News 2022-12-1202:12 – Story # 1: Rackspace confirms ransomware attack behind days-long email meltdownhttps://www.theregister.com/2022/12/06/rackspace_confirms_ransomware/07:56 – Story […] The post Talkin’ About Infosec News – 12/15/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Scissors Vs Paper (00:15) - BHIS - Talkin' Bout [infosec] News 2022-12-12 (02:12) - Story # 1: Rackspace confirms ransomware attack behind days-long email meltdown (07:56) - Story # 1b: Rackspace Hit With Lawsuits Over Ransomware Attack (09:13) - Story # 2: Uber suffers new data breach after attack on vendor, info leaked online (13:18) - Story # 3: Apple Plans New Encryption System to Ward Off Hackers and Protect iCloud Data (14:20) - Story # 3b: Apple Newsroom: Apple advances user security with powerful new data protections (16:46) - Story # 3c: FBI Calls End-to-End Encryption 'Deeply Concerning' as Privacy Groups Hail Apple's Advanced Data Protection as a Victory for Users (21:17) - Story # 3d: Learn more about iCloud in China mainland (22:53) - Story # 3e: Apple Kills Its Plan to Scan Your Photos for CSAM. Here’s What’s Next (25:02) - Story # 4: Pet Dog Unmasks Drug Trafficker on Encrypted Chat (28:34) - Story # 4b: Operation Venetic: Pet dog and accidental selfies help convict international drugs traffickers (30:06) - Story # 5: ChatGPT (45:43) - Story # 6: San Francisco decides killer police robots aren’t such a great idea

00:00 – PreShow Banter™ — Florida Bobsledding Team01:29 – PreShow Banter™ — Open AI Phishing Campaign05:17 – BHIS – Talkin’ Bout [infosec] News 2022-12-0507:53 – Story # 1: There are […] The post Talkin’ About Infosec News – 12/6/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Florida Bobsleding Team (01:29) - PreShow Banter™ — Open AI Phishing Campaign (05:17) - BHIS - Talkin' Bout [infosec] News 2022-12-05 (07:53) - Story # 1: There are no episodes of Darknet Diaries scheduled Q1 (09:45) - Story # 2: Elon Musk Meets With Apple CEO Tim Cook Amid Claims of Twitter App Store Dispute (14:46) - Story # 3: Anker's Eufy Cameras Caught Uploading Content to the Cloud Without User Consent (23:20) - Story # 3b: Eufy caught lying about local-only security cameras with footage sent to cloud, accessible in unencrypted streams (26:54) - Story # 4: FCC faces long road in stripping Chinese tech from US telecom networks (34:19) - Story # 5: TikTok NSFW if you work for the South Dakota government (37:40) - Story # 6: Never-before-seen malware is nuking data in Russia’s courts and mayors’ offices (41:56) - Story # 7: Lessons from Russia’s cyber-war in Ukraine (44:15) - Story # 8: DHS Cyber Safety Review Board to focus on Lapsus$ hackers (49:49) - Story # 8b: Cyber Safety Review Board to Conduct Second Review on Lapsus$ (50:42) - Story # 9: Rackspace rocked by ‘security incident’ that has taken out hosted Exchange services (57:05) - Story # 10: Red Alert: The SFPD Want the Power to Kill with Robots

00:00 – PreShow Banter™ — Inflatable Turkey00:15 – BHIS – Talkin’ Bout [infosec] News 2022-11-2802:34 – Story # 1: Musk recruits engineers for “Twitter 2.0”https://arstechnica.com/tech-policy/2022/11/musk-recruits-engineers-for-twitter-2-0-after-mass-layoffs-and-resignations/06:28 – Story # 2: Security […] The post Talkin’ About Infosec News – 11/30/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Inflatable Turkey (00:15) - BHIS - Talkin' Bout [infosec] News 2022-11-28 (02:34) - Story # 1: Musk recruits engineers for “Twitter 2.0” (06:28) - Story # 2: Security experts are laying Mastodon's flaws bare (15:01) - Story # 3: 5.4 million Twitter users' stolen data leaked online — more shared privately (18:23) - Story # 4: 34 Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware (19:48) - Story # 5: Sonder confirms data breach, documents and other PII potentially compromised (27:49) - Story # 6: Why Medibank should have paid the hackers (30:43) - Story # 7: Hackers are locking out Mars Stealer operators from their own servers (33:42) - Story # 8: Ransomware gang says it won’t attack AirAsia again due to the “chaotic organisation” and sloppy security of hacked airline’s network (40:09) - Story # 9: Over 1,600 Docker Hub Repositories Were Found to Hide Malware (46:25) - Story # 10: New Windows Server updates cause domain controller freezes, restarts (53:39) - Story # 11: Making Cobalt Strike harder for threat actors to abuse

00:00 – BHIS – Talkin’ Bout [infosec] News 2022-11-1402:26 – Story # 1: Hackers Dump Australian Health Records Online After Insurer Refuses to Pay Ransom– https://gizmodo.com/hackers-health-info-online-medibank-pay-onion-dark-web-184976074210:04 – Story # 2: TransUnion […] The post Talkin’ About Infosec News – 11/16/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-11-14 (02:26) - Story # 1: Hackers Dump Australian Health Records Online After Insurer Refuses to Pay Ransom (10:04) - Story # 2: TransUnion LLC Confirms Recent Data Breach with State Attorney General’s Office (18:08) - Story # 3: Russian LockBit ransomware operator arrested in Canada (22:58) - Story # 4: The downfall of FTX's Sam Bankman-Fried sends shockwaves through the crypto world (32:10) - Story # 4b: Coinsec Podcast. coinsecpodcast.com (40:23) - Story # 5: Install Latest Windows Update ASAP! Patches Issued for 6 Actively Exploited Zero-Days (42:12) - Story # 6: Elon Musk is putting Twitter at risk of billions in fines, warns company lawyer (51:12) - Story # 7: https://infosec.exchange/explore (55:04) - Story # 8: Microsoft Windows Sysmon Elevation of Privilege Vulnerability (55:30) - Story # 8b: https://twitter.com/filip_dragovic/status/1590104354727436290

00:00 – PreShow Banter™ — A is for All Team00:33 – BHIS – Talkin’ Bout [infosec] News 2022-11-0703:56 – Story # 1: Musk to cut half of Twitter jobs and […] The post Talkin’ About Infosec News – 11/11/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — A is for All Team (00:33) - BHIS - Talkin' Bout [infosec] News 2022-11-07 (03:56) - Story # 1: Musk to cut half of Twitter jobs and end remote work for the rest, report says (18:56) - Story # 2: Dropbox Data Breach Another Multifactor Fail (19:43) - Story # 2b: Dropbox Breach: Hackers Unauthorizedly Accessed 130 GitHub Source Code Repositories (24:24) - Story # 3: Hundreds of U.S. news sites push malware in supply-chain attack (28:38) - Story # 4: New TikTok Privacy Policy Confirms Chinese Staff Can Access European Users' Data (32:23) - Story # 5: A cyberattack blocked the trains in DenmarkSecurity Affairs (40:52) - Story # 6: Facebook probably has your phone number, even if you never shared it. Now it has a secret tool to let you delete it. (45:19) - Story # 7: China is likely stockpiling and deploying vulnerabilities, says Microsoft (48:44) - Story # 8: Hackers selling access to 576 corporate networks for $4 million

00:00 – PreShow Banter™ — Spook Show00:58 – BHIS – Talkin’ Bout [infosec] News 2022-10-3104:00 – Story # 1: OpenSSL warns of critical security vulnerability with upcoming patch– https://www.zdnet.com/article/openssl-warns-of-critical-security-vulnerability-with-upcoming-patch/04:42 – Story […] The post Talkin’ About Infosec News – 11/1/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Spook Show (00:58) - BHIS - Talkin' Bout [infosec] News 2022-10-31 (04:00) - Story # 1: OpenSSL warns of critical security vulnerability with upcoming patch (04:42) - Story # 1b: Notes on OpenSSL remote memory corruption (12:28) - Story # 2: GitHub Bug Exposed Repositories to Hijacking (16:20) - Story # 3: Gartner Identifies the Top 10 Strategic Technology Trends for 2023 (25:54) - Story # 4: Former U.K. Prime Minister Liz Truss’ Phone Allegedly Hacked By Kremlin Spies: Report (34:45) - Story # 5: New Azov data wiper tries to frame researchers and BleepingComputer

00:00 – PreShow Banter™ — Best WWHF Ever!00:31 – BHIS – Talkin’ Bout [infosec] News 2022-10-1704:55 – Story # 1: The Verge: Cybersecurity Week 2022– https://www.theverge.com/23365380/cybersecurity-week-series-phishing-encryption-device-security07:02 – Story # 2: Google […] The post Talkin’ About Infosec News – 10/17/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Best WWHF Ever! (00:31) - BHIS - Talkin' Bout [infosec] News 2022-10-17 (04:55) - Story # 1: The Verge: Cybersecurity Week 2022 (07:02) - Story # 2: Google Cybersecurity Action Team Threat Horizons Report #4 Is Out! (23:34) - Story # 3: Caffeine service lets anyone launch Microsoft 365 phishing attacks (28:05) - Story # 4: AirTags in Checked Baggage (31:55) - Story # 5: International crackdown on West-African financial crime rings (36:50) - Story # 6: Indian Energy Company Tata Power's IT Infrastructure Hit By Cyber Attack (38:17) - Story # 6b: This Is How They Tell Me the World Ends: The Cyberweapons Arms Race (56:08) - Story # 6c: Brave New War: The Next Stage of Terrorism and the End of Globalization (58:18) - Bear Vs Bear Breaking News

00:00 – PreShow Banter™ — Dumpster Fire Friends03:07 – PreShow Banter™ — WHHF Deadwood – https://wildwesthackinfest.com/deadwood/ 03:48 – BHIS – Talkin’ Bout [infosec] News 2022-10-0307:37 – Story # 1: High-severity […] The post Talkin’ About Infosec News – 10/17/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Dumpster Fire Friends (03:07) - PreShow Banter™ — WHHF Deadwood (03:48) - BHIS - Talkin’ Bout [infosec] News 2022-10-03 (07:37) - Story # 1: High-severity Microsoft Exchange 0-day under attack threatens 220,000 servers (19:30) - Story # 2: Stealthy hackers target military and weapons contractors in recent attack (25:52) - Story # 3: Putin grants Russian citizenship to Edward Snowden (29:09) - Story # 4: What the Securing Open Source Software Act does and what it misses (38:17) - Story # 4b: SecBSD Team (40:43) - Story # 5: New Malware Campaign Targeting Job Seekers with Cobalt Strike Beacons

02:28 – Story # 1: American Airlines Breach Exposes Customer and Staff Information– https://www.infosecurity-magazine.com/news/american-airlines-breach-customer/18:59 – Story # 2: London police arrest, charge teen hacking suspect but won’t confirm GTA 6, Uber […] The post Talkin’ About Infosec News – 10/5/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-09-26 (02:28) - Story # 1: American Airlines Breach Exposes Customer and Staff Information (18:59) - Story # 2: London police arrest, charge teen hacking suspect but won’t confirm GTA 6, Uber links (25:32) - Story # 3: LockBit ransomware builder leaked online by “angry developer” (30:11) - Story # 4: Malwarebytes blocks Google, YouTube as malware (32:14) - Story # 5: AdGuard’s new ad blocker struggles with Google’s Manifest v3 rules (37:29) - Story # 6: Adware on Google Play and Apple Store installed 13 million times (41:18) - Story # 7: Revealed: US Military Bought Mass Monitoring Tool That Includes Internet Browsing, Email Data (50:55) - Story # 8: SIM Swapper Abducted, Beaten, Held for $200k Ransom

The post Talkin’ About Infosec News – 9/22/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Special Operations Gig (00:28) - BHIS - Talkin' Bout [infosec] News 2022-09-19 (02:45) - Story # 1: Uber Security Update (04:26) - Story # 1b: A teen hacked Uber and announced it in the company Slack. Employees thought it was a joke (30:01) - Story # 2: White House Releases First-Ever Comprehensive Framework for Responsible Development of Digital Assets (35:34) - Story # 3: GTA 6 source code and videos leaked after Rockstar Games hack (44:40) - Story # 4: Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs (47:47) - Story # 5: LockBit 3.0 Ransomware Victim: First bounty payout $50,000

The post Talkin’ About Infosec News – 9/13/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Forbidden Snacks (02:41) - BHIS - Talkin' Bout [infosec] News 2022-09-12 (04:54) - Story # 1: China Accuses US of 'Tens of Thousands' of Cyberattacks (12:13) - Story # 2: Hackers Honeytrap Russian Troops Into Sharing Location, Base Bombed: Report (18:33) - Story # 3: Inside Fog Data Science, the Secretive Company Selling Mass Surveillance to Local Police (44:13) - Story # 4: Ireland fines Instagram a record $400 mln over children's data (46:29) - Story # 5: FBI, Secret Service join Kentucky investigation into $4 million cybercrime theft (50:12) - Story # 6: New Ransomware Group BianLian Activity Exploding (51:41) - Story # 6b: https://canarytokens.org/generate#

The post Talkin’ About Infosec News – 9/9/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Accidental Furry Hoodies (02:19) - BHIS - Talkin' Bout [infosec] News 2022-08-29 (04:37) - Story # 1: Plex breach exposes usernames, emails, and encrypted passwords (09:06) - Story # 2: LastPass Breach (18:33) - Story # 3: DoorDash data breach exposes customer details (22:47) - Story # 4: Greek gas operator refuses to negotiate with ransomware group after attack (25:01) - Story # 5: Ex-Twitter exec blows the whistle, alleging reckless and negligent cybersecurity policies (35:46) - Story # 6: Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers (42:16) - Story # 7: Google opens up its experimental AI chatbot for public testing (45:22) - Story # 8: Microsoft finds critical hole in operating system that for once isn't Windows (46:56) - Story # 9: VMware confirms Carbon Black causes BSODs, boot loops on Windows (56:01) - Story # 10: Nato investigates hacker sale of missile firm data

ORIGINALLY AIRED ON AUGUST 22, 2022 00:00 – PreShow Banter™ — Ralph’s Birthday00:53 – BHIS – Talkin’ Bout [infosec] News 2022-08-2203:27 – Story # 1: PC store told it can’t […] The post Talkin’ About Infosec News – 8/26/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Ralph's Birthday (00:53) - BHIS - Talkin' Bout [infosec] News 2022-08-22 (03:27) - Story # 1: PC store told it can't claim full cyber-crime insurance after social-engineering attack (13:48) - Story # 2: Lloyd’s to Exclude Catastrophic Nation-Backed Cyberattacks From Insurance Coverage (15:33) - Story # 2b: LLOYD'S Market Bulletin (24:53) - Story # 3: AirTag leads to arrest of airline worker accused of stealing at least $15,000 worth of items from luggage (30:12) - Story # 4: Apple security updates fix 2 zero-days used to hack iPhones, Macs (37:58) - Story # 5: Microsoft Sysmon can now block malicious EXEs from being created (43:37) - Story # 6: Def Con hacker shows John Deere’s tractors can run Doom (53:44) - Story # 7: Janet Jackson’s ‘Rhythm Nation’ apparently vibed too hard for some laptops

ORIGINALLY AIRED ON AUGUST 15, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Sneaking Candy03:32 – BHIS – Talkin’ Bout [infosec] News 2022-08-1507:06 – Story # 1: […] The post Talkin’ About Infosec News – 8/18/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Sneaking Candy (03:32) - BHIS - Talkin' Bout [infosec] News 2022-08-15 (07:06) - Story # 1: Blackhat 2022 recap – Trends and highlights (09:52) - Story # 2: The Zoom installer let a researcher hack his way to root access on macOS (14:15) - Story # 3: Researchers Find Vulnerabilities in Software Underlying Discord, Microsoft Teams, and Other Apps (16:18) - Story # 4: Starlink Successfully Hacked Using $25 Modchip (21:47) - Story # 5: Anonymous poop gifting site hacked, customers exposed (28:58) - Story # 6: Automotive supplier breached by 3 ransomware gangs in 2 weeks (33:49) - Story # 7: Man who built ISP instead of paying Comcast $50K expands to hundreds of homes (38:09) - Story # 8: Slack leaked hashed passwords from its servers for years (40:33) - Story # 9: Cisco Talos shares insights related to recent cyber attack on Cisco (48:07) - Story # 10: Incident Report: Employee and Customer Account Compromise (50:54) - Story # 11: Hackers Behind Twilio Breach Also Targeted Cloudflare Employees

ORIGINALLY AIRED ON JULY 25, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-07-25 03:59 – Story # 1: DOJ seized ransoms paid by […] The post Talkin’ About Infosec News – 7/25/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-07-25 (03:59) - Story # 1: DOJ seized ransoms paid by health centers in Kansas, Colorado after 2021 attacks (08:38) - Story # 1b: twitter.com/cryptowhale (17:34) - Story # 2: How Conti ransomware hacked and encrypted the Costa Rican government (22:29) - Story # 3: Experts Uncover New CloudMensis Spyware Targeting Apple macOS Users (36:49) - Story # 4: Google Play hides app permissions in favor of developer-written descriptions (39:09) - Story # 4b: Google is reinstating app permissions list on Play Store (41:31) - Story # 5: Hack the pump: Rising prices lead to more reports of gas theft (46:04) - Story # 5b: Gas pump manipulators steal ‘millions of dollars’ in fuel (50:40) - Story # 5c: Secret Service agents warn fleets about 'fuel skimming' (53:13) - Story # 6: Atlassian fixes critical Confluence hardcoded credentials flaw (53:33) - Story # 6b: Cisco fixes bug that lets attackers execute commands as root (53:57) - Story # 7: New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals

ORIGINALLY AIRED ON JULY 18, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Talkin’ Bout Audio 07:23 – BHIS – Talkin’ Bout [infosec] News 2022-07-18 09:28 – […] The post Talkin’ About Infosec News – 7/18/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Talkin' Bout Audio (07:23) - BHIS - Talkin' Bout [infosec] News 2022-07-18 (09:28) - Story # 1: Russian “hacktivists” are causing trouble far beyond Ukraine (12:19) - Wade Into International Relations (21:25) - Story # 2: UK Info Commissioner slams use of WhatsApp by health officials during pandemic (26:11) - Story # 3: Microsoft warns of massive phishing campaign that can bypass MFA (31:44) - Bud Patches Reporting (37:08) - Story # 4: Today I learned Amazon has a form so police can get my data without permission or a warrant (48:35) - Story # 4b: San Francisco cops want real-time access to private security cameras for surveillance (56:59) - Story # 5: Man Arrested After Impersonating Disney Cast Member, Stealing $10,000 ‘Star Wars’ Droid (59:06) - Story # 6: Disneyland social media accounts hacked, offensive messages posted

ORIGINALLY AIRED ON JULY 11, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Cons, China, and Florida Man, oh my! 07:03 – Story # 1: North Korean […] The post Talkin’ About Infosec News – 7/11/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Cons, China, and Florida Man, oh my! (02:37) - BHIS - Talkin' Bout [infosec] News 2022-07-11 (07:03) - Story # 1: North Korean Hackers Target US Health Providers With 'Maui' Ransomware (10:29) - Story # 2: Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (24:24) - Story # 3: DoD issues call for hackers to dig into networks (29:21) - Story # 3b: Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act (33:15) - Story # 4: FCC Commissioner urges Google and Apple to ban TikTok (41:41) - Story # 5: Microsoft rolls back decision to block Office macros by default (42:01) - Story # 5b: Microsoft says decision to stop blocking Office VBA macros by default is ‘temporary’

ORIGINALLY AIRED ON JUNE 27, 2022 Articles discussed in this episode: 02:13 – Story # 1: The #1 Period Tracker on the App Store Will Hand Over Data Without a […] The post Talkin’ About Infosec News – 6/27/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-06-27 (02:13) - Story # 1: The #1 Period Tracker on the App Store Will Hand Over Data Without a Warrant (20:56) - Story # 2: LockBit 3.0 introduces the first ransomware bug bounty program (25:44) - Story # 3: Former AWS engineer convicted over hack that cost Capital One $270m (28:52) - Story # 4: CISA experts propose ‘311’ cybersecurity emergency call line for small businesses (38:25) - Story # 5: Clever phishing method bypasses MFA using Microsoft WebView2 apps (40:00) - Story # 5b: mrd0x/WebView2-Cookie-Stealer (43:28) - Story # 6: Game on! The 2022 Google CTF is here (46:07) - Story # 7: Critical PHP flaw exposes QNAP NAS devices to RCE attacks (50:03) - Story # 8: Japanese man loses USB stick with entire city's personal details (54:51) - Story # 9: A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

ORIGINALLY AIRED ON JUNE 20, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-06-20 01:31 – Story # 1: Internal TikTok Meetings Shows That […] The post Talkin’ About Infosec News – 6/20/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-06-20 (01:31) - Story # 1: Internal TikTok Meetings Shows That US User Data Accessed From China (05:14) - Story # 2: Mullvad VPN Removes Ability to Create New Subscriptions (09:23) - Story # 3: Flagstar Bank discloses data breach impacting 1.5 million customers (13:25) - Story # 4: Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability (17:39) - Story # 5: Tesla cars barred for 2 months in Beidaihe, site of China leadership meet (20:18) - Story # 6: Microsoft 365 credentials targeted in new fake voicemail campaign (22:27) - Bud Patches Reporting with Dancing John Strand. (27:19) - Story # 7: FBI says fraud on LinkedIn a ‘significant threat’ to platform and consumers (30:04) - Story # 8: Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second (33:22) - Story # 9: Critical Code Execution Vulnerability Patched in Splunk Enterprise (35:53) - Story # 10: Google AI Reprise (37:43) - Story # 11: RSA was a Covid Superspreader event. (42:03) - Story # 12: Facebook Is Receiving Sensitive Medical Information from Hospital Websites (43:58) - Story # 12b: 18 HIPAA Identifiers

ORIGINALLY AIRED ON JUNE 13, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-06-13 02:26 – Story # 1: Roblox Game Pass store used […] The post Talkin’ About Infosec News – 6/13/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-06-13 (02:26) - Story # 1: Roblox Game Pass store used to sell ransomware decryptor (07:35) - Story # 2: New Jersey school district forced to cancel final exams amid ransomware recovery effort (10:31) - Story # 3: Security Fixes Won't Require Full iOS Update in iOS 16, Will Be Installed Automatically (15:08) - Story # 4: Gone in 130 seconds: New Tesla hack gives thieves their own personal key (20:07) - Story # 5: DuckDuckGo browser allows Microsoft trackers due to search agreement (30:44) - Story # 6: Apple demos Safari’s ‘passkeys’ support in macOS Ventura that will help bring an end to passwords (38:34) - Story # 6: Mass Account Takeover in the Yunmai smart scale API (42:27) - Story # 7: Credentials for thousands of open source projects free for the taking—again! (48:09) - Story # 8: Internet Explorer (almost) breathes its final byte on Wednesday (55:28) - Story # 9: Google suspends engineer who claims its AI is sentient

ORIGINALLY AIRED ON JUNE 6, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Boat Facts 01:38 – BHIS – Talkin’ Bout [infosec] News 2022-06-06 03:51 – Story […] The post Talkin’ About Infosec News – 6/6/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Boat Facts (01:38) - BHIS - Talkin' Bout [infosec] News 2022-06-06 (03:51) - Story # 1: Elon Musk threatens to scrap Twitter deal (07:04) - Story # 2: Confluence Server and Data Center CVE (13:55) - Story # 3: Mandiant: “No evidence” we were hacked by LockBit ransomware (18:29) - Story # 4: Fake Windows exploits target infosec community with Cobalt Strike (27:37) - Story # 5: Hacker Steals Database of Hundreds of Verizon Employees (36:14) - Story # 6: India Flights grounded after SpiceJet hit with ransomware (40:40) - Story # 7: Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message (42:15) - Story # 7b: Zoom's Bug Bounty Programs Soar to $1.8M (45:29) - Story # 8: Twitter pays $150M fine for using two-factor login details to target ads (49:27) - Story # 9: Microsoft finds severe bugs in Android apps from large mobile providers

ORIGINALLY AIRED ON MAY 23, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-05-23 02:38 – Story # 1 – National bank trolls hackers […] The post Talkin’ About Infosec News – 5/23/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-05-23 (02:38) - Story # 1 - National bank trolls hackers with dick pics (06:59) - Story # 2 - Ransomware attack exposes data of 500,000 Chicago students (14:09) - Story # 3 - Zola seems tight lipped on an unconfirmed breach (21:57) - Weather With Bud Patches (28:22) - Story # 4 - Snake Keylogger Spreads Through Malicious PDFs (34:47) - Story # 5 - Bluetooth Hack - Remotely Unlock Smart Locks & Cars (43:37) - Story # 6 - DOJ Changes CFAA Policy, Will No Longer Bring Criminal Charges Against Security Researchers

ORIGINALLY AIRED ON MAY 16, 2022 Articles discussed in this episode: 00:56 – Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors – https://threatpost.com/microsofts-may-patch-tuesday-updates-cause-windows-ad-authentication-errors/179631/ 08:56 – Update rings for Windows 10 and later policy in Intune – https://docs.microsoft.com/en-us/mem/intune/protect/windows-10-update-rings 09:06 – Infosec Weather Report With Bud Patches – 12:26 – FBI, CISA, and NSA warn […] The post Talkin’ About Infosec News – 5/16/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-05-16 (01:02) - Microsoft’s May Patch Tuesday Updates Cause Windows AD Authentication Errors (09:17) - Update rings for Windows 10 and later policy in Intune (09:31) - Infosec Weather Report With Bud Patches (12:26) - FBI, CISA, and NSA warn of hackers increasingly targeting MSPs (17:57) - Ransomware has gone down because sanctions against Russia are making life harder for attackers (27:55) - Conti Ransomware Attack Spurs State of Emergency in Costa Rica (31:19) - BPFDoor — an active Chinese global surveillance tool (38:55) - Lincoln College to Close Permanently After Ransomware Attack (43:47) - Certifried: Active Directory Domain Privilege Escalation (CVE-2022–26923) (53:20) - Malware Can Be Loaded Even Onto Phones That Are Turned Off, Researchers Show

ORIGINALLY AIRED ON MAY 9, 2022 Articles discussed in this episode: 00:00 – Bud Patches Reporting 02:27 – BHIS – Talkin’ Bout [infosec] News 2022-05-09 03:47 – Story # 1 […] The post Talkin’ About Infosec News – 5/9/2022 appeared first on Black Hills Information Security. (00:00) - Bud Patches Reporting (02:27) - BHIS - Talkin' Bout [infosec] News 2022-05-09 (03:47) - Story # 1 - CISA Shields Up (09:44) - Story # 2 - Critical BIG-IP Remote Code Execution Vulnerability (29:25) - Story # 3 - Colonial Pipeline faces nearly $1m fine (38:02) - Story # 4 - Another Set of Joker Trojan-Laced Android Apps Resurfaces on Google Play Store (45:15) - Story # 5 – FBI: Rise in Business Email-based Attacks is a $43B Headache

ORIGINALLY AIRED ON APRIL 25, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Broken Twitter Finger 01:38 – ISO – Talkin’ Bout [infosec] News 2022-04-26 03:08 – […] The post Talkin’ About Infosec News – 4/25/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Broken Twitter Finger (01:57) - Talkin' Bout [infosec] News 2022-04-26 (03:23) - Elon Buys Twitter (09:28) - Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code (16:14) - Threat actors exploited more zero-day vulnerabilities in 2021 (27:12) - FBI Releases IOCs Associated with BlackCat/ALPHV Ransomware (41:18) - Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability (45:22) - New BotenaGo Malware Variant Targeting Lilin Security Camera DVR Devices (51:52) - The War in Ukraine – Everyone Could Help. Volunteer centre “Palyanycia”, Zaporizhzhya (53:24) - Antisyphon Training on Twitch

ORIGINALLY AIRED ON APRIL 18, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-04-18 02:05 – Current Activity | CISA | https://www.cisa.gov/uscert/ncas/current-activity 02:58 – CISA orders agencies to fix actively exploited VMware, Chrome bugs | https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-fix-actively-exploited-vmware-chrome-bugs/ 08:45 – Russian invasion of Ukraine exposes cybersecurity threat to commercial satellites | […] The post Talkin’ About Infosec News – 4/25/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-04-18 (02:09) - Current Activity | CISA (03:04) - CISA orders agencies to fix actively exploited VMware, Chrome bugs (08:46) - Russian invasion of Ukraine exposes cybersecurity threat to commercial satellites (11:06) - Leaked documents show notorious ransomware group has an HR department, performance reviews and an ‘employee of the month’ (15:48) - Hacking forum taken offline and UK suspect arrested (19:35) - GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens (23:55) - AWS API Keys Token - Canary Tokens (25:36) - First Malware Targeting AWS Lambda Serverless Platform Discovered (27:05) - Make phishing great again. VSTO office files are the new macro nightmare? (33:49) - my university financial hardship PHISHING exercise... (36:01) - 25% Of Workers Lost Their Jobs In The Past 12 Months After Making Cybersecurity Mistakes (46:49) - Elon Musk Believes Twitter Algorithm Should Be Open-Source

ORIGINALLY AIRED ON APRIL 11, 2022 Articles discussed in this episode: The US Navy had cybersecurity wrong. Expect change. – https://www.c4isrnet.com/digital-show-dailies/navy-league/2022/04/05/us-navy-had-cybersecurity-wrong-expect-change/ Hackers have found a clever new way to steal your Microsoft 365 credentials. – https://www.techradar.com/news/hackers-have-found-a-clever-new-way-to-steal-your-microsoft-365-credentials Exclusive: Senior EU officials were targeted with Israeli spyware. – https://www.reuters.com/technology/exclusive-senior-eu-officials-were-targeted-with-israeli-spyware-sources-2022-04-11/ Snap-on discloses data breach claimed by Conti ransomware […] The post Talkin’ About Infosec News – 4/12/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-02-11 (02:21) - The US Navy had cybersecurity wrong. Expect change. (17:23) - Hackers have found a clever new way to steal your Microsoft 365 credentials (21:17) - Exclusive: Senior EU officials were targeted with Israeli spyware (28:40) - Snap-on discloses data breach claimed by Conti ransomware gang (37:26) - Bearded Barbie hackers catfish high ranking Israeli officials (44:02) - Justice Department Announces Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU) (47:47) - WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers (55:09) - Ukrainians use 'Find My iPhone' to see where Russians took their stolen Apple devices

ORIGINALLY AIRED ON APRIL 4, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Blame it on the Intern 06:24 – Spring Time for Java – https://www.darkreading.com/application-security/zero-day-vulnerability-discovered-in-java-spring-framework 09:10 – GitLab for Account Access – https://www.bleepingcomputer.com/news/security/critical-gitlab-vulnerability-lets-attackers-take-over-accounts/ 10:33 – No Passwords for Okta – https://www.bleepingcomputer.com/news/security/sitel-on-okta-breach-spreadsheet-did-not-contain-passwords/ 11:11 – Legacy Networks for Okta – https://therecord.media/sitel-blames-okta-breach-on-legacy-network-from-acquisition/ 12:40 – […] The post Talkin’ About Infosec News – 4/6/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Blame it on the Intern (06:24) - Spring Time for Java (09:10) - GitLab for Account Access (10:33) - No Passwords for Okta (11:11) - Legacy Networks for OKta - https://therecord.media/sitel-blames-okta-breach-on-legacy-network-from-acquisition/ (12:40) - Lawsuit for Ubiquity (17:01) - MITRE ATT&CK for EDMs (21:17) - Breach for Mailchimp (30:54) - 15 Characters for John (40:17) - Data Requests for Apple (46:52) - Drones for Ukraine

ORIGINALLY AIRED ON MARCH 28, 2022 Articles discussed in this episode: 01:42 – Suspected Okta hackers arrested by British police – https://www.reuters.com/world/uk/british-police-say-seven-people-arrested-after-okta-hack-2022-03-24/ 11:16 – A Closer Look at the LAPSUS$ Data Extortion Group – https://krebsonsecurity.com/2022/03/a-closer-look-at-the-lapsus-data-extortion-group/ 14:04 – Anonymous Starts ‘Huge’ Data Dump That Will ‘Blow Russia Away,’ Leaks Rostproekt Emails – https://www.ibtimes.com/anonymous-starts-huge-data-dump-will-blow-russia-away-leaks-rostproekt-emails-3452789 22:28 – Most […] The post Talkin’ About Infosec News – 3/31/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-03-28 (01:42) - Suspected Okta hackers arrested by British police (11:16) - A Closer Look at the LAPSUS$ Data Extortion Group (14:04) - Anonymous Starts 'Huge' Data Dump That Will 'Blow Russia Away,' Leaks Rostproekt Emails (22:28) - Most Severe’ Cyberattack Since Russian Invasion Crashes Ukraine Internet Provider (27:53) - Man linked to multi-million dollar ransomware attacks gets 66 months in prison for online fraud (34:17) - Greece’s national postal service restoring systems after ransomware attack (37:02) - FCC puts Kaspersky on security threat list, says it poses “unacceptable risk” (42:07) - We blocked North Korea's Chrome exploit, says Google (43:43) - North Korean hackers unleashed Chrome 0-day exploit on hundreds of US targets (47:08) - New Variant of Chinese Gimmick Malware Targeting macOS Users (49:57) - Hackers remotely start, unlock Honda Civics with $300 tech (55:08) - https://flipperzero.one/

ORIGINALLY AIRED ON MARCH 22, 2022 Articles discussed in this episode: 00:00 – BHIS – 2022-03-22 Special Newscast –Okta and Microsoft — Everything’s not burning down 10:27 – https://github.com/SigmaHQ/sigma/tree/master/rules/cloud/okta 13:29 – https://github.com/elastic/detection-rules/tree/main/rules/integrations/okta 18:20 – https://www.dsolutionsgroup.com/pci-dss-password-requirements/ 27:44 – https://twitter.com/BushidoToken/status/1506338850557337603 The post Talkin’ About Infosec News – 3/30/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - 2022-03-22 Special Newscast –Okta and Microsoft — Everything's not burning down (10:27) - https://github.com/SigmaHQ/sigma/tree/master/rules/cloud/okta (13:29) - https://github.com/elastic/detection-rules/tree/main/rules/integrations/okta (18:20) - https://www.dsolutionsgroup.com/pci-dss-password-requirements/#:~:text=According%20to%20PCI%20DSS%2C%20employees,bare%20minimum%20for%20password%20security (27:44) - https://twitter.com/BushidoToken/status/1506338850557337603

ORIGINALLY AIRED ON MARCH 21, 2022 Articles discussed in this episode: 03:27 – Netflix to clamp down on password sharing – https://about.netflix.com/en/news/paying-to-share-netflix-outside-your-household 10:15 – Ransomeware is still a thing 12:31 – Ransomeware Tell-All – https://www.zdnet.com/article/hit-by-ransomware-or-paid-a-ransom-now-some-companies-will-have-to-tell-the-government/ 24:01 – Microsoft Defender tags Office Updates as ransomware – https://www.bleepingcomputer.com/news/security/microsoft-defender-tags-office-updates-as-ransomware-activity/ 31:01 – Microsft Double Patch Tuesday – https://www.bleepingcomputer.com/news/microsoft/windows-zero-day-flaw-giving-admin-rights-gets-unofficial-patch-again/ 32:28 […] The post Talkin’ About Infosec News – 3/29/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-03-21 (03:27) - Netflix to clamp down on password sharing (10:15) - Ransomeware is still a thing (12:31) - Ransomeware Tell-All (24:01) - Microsoft Defender tags Office Updates as ransomware (31:01) - Microsft Double Patch Tuesday (32:28) - BitB attack (39:44) - Women make up just 24% of the cyber workforce

ORIGINALLY AIRED ON MARCH 7, 2022 Articles discussed in this episode: 00:08:57 – Hacker Group Anonymous and Others Targeting Russian Data – https://www.websiteplanet.com/blog/cyberwarfare-ukraine-anonymous/ The post Talkin’ About Infosec News – Special Ukraine Edition – 3/10/2022 appeared first on Black Hills Information Security. (00:00) - Start (08:57) - Hacker Group Anonymous and Others Targeting Russian Data

ORIGINALLY AIRED ON FEBRUARY 28, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Off-Brand Trickx 00:43 – BHIS – Talkin’ Bout [infosec] News 2022-02-28 02:40 – BHIS Anti-Vigilante PSA 04:17 – Biden has been presented with options for massive cyberattacks against Russia – https://www.nbcnews.com/politics/national-security/biden-presented-options-massive-cyberattacks-russia-rcna17558?mc_cid=e57638ad42 09:46 – Russia has been preparing to have […] The post Talkin’ About Infosec News – 3/4/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Off-Brand Trickx (00:43) - BHIS - Talkin' Bout [infosec] News 2022-02-28 (02:40) - BHIS Anti-Vigilante PSA (04:17) - Biden has been presented with options for massive cyberattacks against Russia (09:46) - Russia has been preparing to have its internet cut off (12:45) - Conti ransomware gang chats leaked by pro-Ukraine member (14:43) - 'Hundreds of computers' in Ukraine hit with wiper malware as conflict continues (18:04) - NVIDIA Hit By Major Cyberattack That May Have ‘Completely Compromised’ Parts of Its Business (22:28) - A SWIFT discussion ( no article ) (28:59) - Russia started blocking Tor (32:28) - Elon Musk pledges to send Starlink terminals to Ukraine (36:10) - Insurance giant AON hit by a cyberattack over the weekend (46:02) - People & orgs providing FREE cyber services to Ukrainians (52:39) - Threatbutt Internet Hacking Attack Attribution Map

ORIGINALLY AIRED ON FEBRUARY 21, 2022 Articles discussed in this episode: 02:36 – Story # 1: Massive cyberattack takes Ukraine military, big bank websites offline – https://www.theregister.com/2022/02/15/ukraine_cyberattack/ 04:26 – Story # 2: The Elite Hackers of the FSB – https://interaktiv.br.de/elite-hacker-fsb/en/index.html 07:47 – Story # 3: Exclusive: FBI Braces for Russian Cyber Attacks in US as […] The post Talkin’ About Infosec News – 3/1/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-02-21 (02:36) - Story # 1: Massive cyberattack takes Ukraine military, big bank websites offline (04:26) - Story # 2: The Elite Hackers of the FSB (07:47) - Story # 3: Exclusive: FBI Braces for Russian Cyber Attacks in US as Ukraine Tensions Rise (18:22) - Story # 4: Microsoft Defender will soon block Windows password theft (22:28) - Story # 5: Dad takes down town's internet by mistake to get his kids offline (28:50) - Story # 6: Akamai acquires Linode for $900M (34:49) - Story # 7: Microsoft eyeing deal to buy cybersecurity firm Mandiant -Bloomberg (40:00) - Story # 8: If the Cloud Is More Secure, Then Why Is Everything Still Broken? (44:40) - Story # 9: Never, Ever, Ever Use Pixelation for Redacting Text

ORIGINALLY AIRED ON FEBRUARY 7, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — I’m a Rocket Mail 01:21 – BHIS – Talkin’ Bout [infosec] News 2022-02-07 02:18 – Story # 1: Be Careful When Sharing Data in Photos – https://twitter.com/amateuradam/status/1490394034900197388 03:44 – Story # 2: China-Linked Group Attacked Taiwanese Financial Firms for […] The post Talkin’ About Infosec News – 2/11/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — I'm a Rocket Mail (01:21) - BHIS - Talkin' Bout [infosec] News 2022-02-07 (02:18) - Story # 1: Be Careful When Sharing Data in Photos (03:44) - Story # 2: China-Linked Group Attacked Taiwanese Financial Firms for 18 Months (20:56) - Story # 3: Microsoft to block internet macros by default in five Office applications (28:11) - Story # 4: Apple's Privacy Measures to Cost Facebook $10 Billion in 2022 (47:27) - Noisy browser plugin (51:15) - Cool Leather Jackets

ORIGINALLY AIRED ON JANUARY 31, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Legions of the Undead 01:26 – BHIS – Talkin’ Bout [infosec] News 2022-01-31 04:06 – Story # 1: Hacktivists say they hacked Belarus rail system to stop Russian military buildup – https://arstechnica.com/information-technology/2022/01/hactivists-say-they-hacked-belarus-rail-system-to-stop-russian-military-buildup/ 08:46 – Story # 2: Ukrainian government […] The post Talkin’ About Infosec News – 2/4/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Legions of the Undead (01:26) - BHIS - Talkin' Bout [infosec] News 2022-01-31 (04:06) - Story # 1: Hactivists say they hacked Belarus rail system to stop Russian military buildup (08:46) - Story # 2: Ukrainian government calls out false flag operation in recent data wiping attack (11:18) - Story # 3: Ukrainian cyber defense in need of upgrades as tensions rise (17:32) - Story # 4: DoD weapons testers to assess cybersecurity of GPS satellites, ground system and user equipment (24:50) - Story # 5: FBI Reportedly Considered Buying NSO Spyware (28:02) - Story # 6: Hacking the Apple Webcam (again) (30:36) - Story # 7: Microsoft Teams users can now chat with any Teams user outside their organization (34:11) - Story # 7b: https://twitter.com/rucam365/status/1487861808081915906 (38:15) - Story # 8: Lazarus hackers use Windows Update to deploy malware (41:38) - Story # 9: Elon Musk Tried To Pay A Teen Thousands Of Dollars To Stop Tracking His Plane (45:36) - Story # 10: 1.5M US bank cards have been hacked: NordVPN (51:15) - Story # 11: 2FA app with 10,000 Google Play downloads loaded well-known banking trojan (54:50) - Story # 12: Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets