Talkin' Bout [Infosec] News

The post Talkin’ About Infosec News – 12/21/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Talking Bout Fabric (07:16) - BHIS - Talkin' Bout [infosec] News 2023-12-18 (10:06) - Story # 1: Cartels Are Using a Police Database to Track and Target Their Enemies (23:15) - Story # 2: CVS, Rite Aid, Walgreens hand out medical records to cops without warrants (37:18) - Story # 3: Cloud engineer gets 2 years for wiping ex-employer’s code repos (45:11) - Story # 4: Ukraine’s intelligence claims cyberattack on Russia’s state tax service (49:06) - Story # 5: A suspected cyberattack paralyzes the majority of gas stations across Iran (51:18) - Story # 6: Discord adds Security Key support for all users to enhance security (54:32) - Story # 7: Kraft Heinz reviewing claims of cyberattack but internal systems ‘operating normally’ (56:49) - Breach Season Speed Run (58:19) - Story # 8: Ten Years Later, New Clues in the Target Breach (01:00:38) - Story # 9: Oops, wrong number! The real story behind NORAD's Santa tracker (01:02:59) - Story # 9b: NORAD Santa Tracker

https://youtu.be/MaThvw_VWJ8 Brought to you by Antisyphon Training https://www.antisyphontraining.com (00:00) - PreShow Banter™ — Fine McDonalds Drinkware (04:36) - BHIS - Talkin' Bout [infosec] News 2023-12-11 (07:04) - Story # 1: America’s Water Infrastructure Act of 2018 (AWIA) (08:55) - Story # 1b: Dragos Launches Program to Provide Water, Electric Utilities With Free Cybersecurity Tools (09:42) - Story # 1c: Dragos Community Defense Program (11:38) - Story # 2: BlackCat ransomware crims threaten to directly extort victim's customers (20:17) - Story # 3: Fancy Bear goes phishing in US, European high-value networks (21:06) - Story # 3b: Guidance for investigating attacks using CVE-2023-23397 (24:16) - Story # 4: New AeroBlade hackers target aerospace sector in the U.S. (26:27) - Story # 5: Reuters Takes Down Blockbuster Hacker-for-Hire Investigation After Indian Court Order (27:51) - Story # 5b: How an Indian startup hacked the world (32:28) - Story # 6: Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack (39:28) - Story # 7: 23andMe confirms hackers stole ancestry data on 6.9 million users (51:02) - Story # 7b: 23andMe updates user agreement to prevent data breach lawsuits (55:12) - Story # 8: Facebook Messenger Rolls Out End-to-End Encryption by Default (57:31) - Story # 9: Police Arrest Hundreds of Human Traffickers Linked to Cyber Fraud (01:06:57) - Signal For Help

The post Talkin’ About Infosec News – 12/06/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Chaos Agency (08:16) - BHIS - Talkin' Bout [infosec] News 2023-12-04 (11:03) - Story # 1: 2 municipal water facilities report falling to hackers in separate breaches (30:49) - Story # 2: PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) (37:16) - Story # 3: ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation (39:44) - Story # 4: Zyxel warns of multiple critical vulnerabilities in NAS devices (43:09) - Story # 5: Russian developer of Trickbot malware pleads guilty, faces 35-year sentence (46:55) - Story # 6: Hackers spent 2+ years looting secrets of chipmaker NXP before being detected (52:24) - Story # 7: Okta hackers stole data on all customer support users in major breach (53:30) - Story # 7b: November 29, 2023 - October Customer Support Security Incident - Update and Recommended Actions (01:01:55) - Story # 8: Dollar Tree hit by third-party data breach impacting 2 million people (01:04:07) - Hal's 20,000 - Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks

The post Talkin’ About Infosec News – 11/30/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Glitch, Please (01:54) - BHIS - Talkin' Bout [infosec] News 2023-11-27 (04:55) - Story # 1: General Electric investigates claims of cyber attack, data theft (10:01) - Story # 2: CISA orders federal agencies to patch Looney Tunables Linux bug (16:26) - Story # 3: Phishing attacks spike attributed to generative AI adoption (18:49) - Story # 3b: SlashNext report uncovers 1,265% increase in phishing emails in a year (19:09) - Story # 3c: Complete Generative AI Security for Email, Mobile, and Browser (24:39) - Story # 4: Fidelity National Financial shuts down network in wake of cybersecurity incident (25:56) - Story # 4b: BlackCat claims it is behind Fidelity National Financial ransomware shakedown (38:08) - Story # 5: Chief Operating Officer of Network Security Company Charged with Cyberattack on Medical Center (01:01:52) - Snake Oil? Summit 2023

The post Talkin’ About Infosec News – 11/22/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — A clean-shaven galaxy, a long time away. (07:50) - BHIS - Talkin' Bout [infosec] News 2023-11-20 (09:53) - Story # 1: Ransomware gang files complaint with SEC complaining victim didn’t promptly announce breach (12:36) - Story # 1b: AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC (2) (17:04) - Story # 1c : Services in North Carolina town unavailable after ransomware attack (18:13) - Story # 1d: WHISTLEBLOWER AWARD PROCEEDING (20:32) - Story # 2: Taylor Swift Fans Spring Into Action After Singer’s Hotel Location Leaks (26:01) - Story # 3: Recognizing fake news now a required subject in California schools (35:34) - Story # 4: Hackers breach healthcare orgs via ScreenConnect remote access (37:07) - Story # 4b: Bitter Pill: Third-Party Pharmaceutical Vendor Linked to Pharmacy and Health Clinic Cyberattack (42:59) - Story # 5: Russian hackers use Ngrok feature and WinRAR exploit to attack embassies (47:19) - Story # 6: US Announces IPStorm Botnet Takedown and Its Creator’s Guilty Plea (50:32) - Story # 7: Ignite News: Augment your EDR with deception tactics to catch adversaries early (59:54) - Snake Oil? Summit 2023

The post Talkin’ About Infosec News – 11/13/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Tinder Skills Endorsements (01:38) - BHIS - Talkin' Bout [infosec] News 2023-11-13 (02:42) - Story # 1: Boeing data published by Lockbit hacking gang (03:57) - Story # 2: Google, Meta, Discord, and more team up to fight child abuse online (28:06) - Story # 3: Data broker’s “staggering” sale of sensitive info exposed in unsealed FTC filing (39:37) - Story # 4: Maine government says data breach affects 1.3 million people (44:40) - Story # 1 REPRISE: Boeing data published by Lockbit hacking gang (50:52) - Story # 5: Inside Denmark’s hell week as critical infrastructure orgs faced cyberattacks

The post Talkin’ About Infosec News – 11/10/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — The Jerky Experience (03:40) - BHIS - Talkin' Bout [infosec] News 2023-11-06 (04:34) - Story # 1: Okta hit by third-party data breach exposing employee information (07:03) - Story # 1b: Okta Hack Blamed on Employee Using Personal Google Account on Company Laptop (13:13) - Story # 2: Boeing confirms cyberattack, global services disrupted (14:34) - Story # 3: Four dozen countries declare they won’t pay ransomware ransoms (15:26) - Story # 4: https://www.healthcareinfosecurity.com/feds-levy-first-ever-hipaa-fine-for-ransomware-data-breach-a-23448 (27:08) - Story # 5: “This vulnerability is now under mass exploitation.” Citrix Bleed bug bites hard (30:52) - Story # 6: 3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online (32:03) - Story # 7: Exploit released for critical Cisco IOS XE flaw, many hosts still hacked (33:28) - Story # 7b: Cisco IOS XE CVE-2023-20198: Deep Dive and POC (42:38) - Story # 8: SEC charges SolarWinds CISO with fraud for misleading investors before major cyberattack

The post Talkin’ About Infosec News – 11/09/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Costume Party (02:04) - BHIS - Talkin' Bout [infosec] News 2023-10-30 (03:24) - Story # 1: Okta cybersecurity breach wipes out more than $2 billion in market cap (18:43) - Story # 2: Boeing assessing Lockbit hacking gang threat of sensitive data leak (26:09) - Story # 3: The AI-Generated Child Abuse Nightmare Is Here (41:37) - Story # 4: MGM Resorts hackers 'one of the most dangerous financial criminal groups’

The post Talkin’ About Infosec News – 11/4/2023 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Pre-Con-Crud (01:49) - BHIS - Talkin' Bout [infosec] News 2023-10-23 (04:33) - WWHF 2023 recap (12:20) - Story # 1: Mysterious APT compromises Asian government's secure USBs (16:13) - Story # 2: CIA exposed to potential intelligence interception due to X's URL bug (20:02) - Story # 3: EPA withdraws cyber audit requirement for water systems (22:54) - Story # 3b: Florida Water Treatment Plant Hit With Cyber Attack (27:00) - Story # 4: Thousands of remote IT workers sent wages to North Korea to help fund weapons program, FBI says (33:10) - Story # 5: Okta says its support system was breached using stolen credentials (37:13) - Story # 6: Casio discloses data breach impacting customers in 149 countries (41:44) - Story # 7: Ragnar Locker ransomware’s dark web extortion sites seized by police (44:02) - Story # 7b: Ragnar Locker ransomware developer arrested in France (46:54) - Story # 8: Flipper Zero can be used to crash iPhones running iOS 17, but there's a way to foil the attack (50:42) - Story # 9: U.S. Government Releases Popular Phishing Technique Used by Hackers (53:39) - Story # 10: Selfie-scraper, Clearview AI, wins appeal against UK privacy sanction

The post Talkin’ About Infosec News – 10/10/23 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Canadian Bacon Day (04:35) - BHIS - Talkin' Bout [infosec] News 2023-10-09 (06:19) - Story # 1: NSA and CISA reveal top 10 cybersecurity misconfigurations (13:35) - Story # 1b: NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations (21:21) - Story # 2: QR codes in emails? Watch out - it could be part of a 'Quishing' scam (25:07) - Story # 2b: https://github.com/jocephus/QuellR (28:16) - Story # 2c: https://twitter.com/vmyths/status/1212201412068818944 (30:47) - Story # 3: New Marvin attack revives 25-year-old decryption flaw in RSA (35:59) - Story # 4: Bounty offered for secret NSA seeds behind NIST elliptic curves algo (38:01) - Story # 5: Rules of engagement issued to hacktivists after chaos (01:02:55) - PROGRAMMING NOTE – WWHF2023