Talkin' Bout [Infosec] News

ORIGINALLY AIRED ON AUGUST 22, 2022 00:00 – PreShow Banter™ — Ralph’s Birthday00:53 – BHIS – Talkin’ Bout [infosec] News 2022-08-2203:27 – Story # 1: PC store told it can’t […] The post Talkin’ About Infosec News – 8/26/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Ralph's Birthday (00:53) - BHIS - Talkin' Bout [infosec] News 2022-08-22 (03:27) - Story # 1: PC store told it can't claim full cyber-crime insurance after social-engineering attack (13:48) - Story # 2: Lloyd’s to Exclude Catastrophic Nation-Backed Cyberattacks From Insurance Coverage (15:33) - Story # 2b: LLOYD'S Market Bulletin (24:53) - Story # 3: AirTag leads to arrest of airline worker accused of stealing at least $15,000 worth of items from luggage (30:12) - Story # 4: Apple security updates fix 2 zero-days used to hack iPhones, Macs (37:58) - Story # 5: Microsoft Sysmon can now block malicious EXEs from being created (43:37) - Story # 6: Def Con hacker shows John Deere’s tractors can run Doom (53:44) - Story # 7: Janet Jackson’s ‘Rhythm Nation’ apparently vibed too hard for some laptops

ORIGINALLY AIRED ON AUGUST 15, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Sneaking Candy03:32 – BHIS – Talkin’ Bout [infosec] News 2022-08-1507:06 – Story # 1: […] The post Talkin’ About Infosec News – 8/18/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Sneaking Candy (03:32) - BHIS - Talkin' Bout [infosec] News 2022-08-15 (07:06) - Story # 1: Blackhat 2022 recap – Trends and highlights (09:52) - Story # 2: The Zoom installer let a researcher hack his way to root access on macOS (14:15) - Story # 3: Researchers Find Vulnerabilities in Software Underlying Discord, Microsoft Teams, and Other Apps (16:18) - Story # 4: Starlink Successfully Hacked Using $25 Modchip (21:47) - Story # 5: Anonymous poop gifting site hacked, customers exposed (28:58) - Story # 6: Automotive supplier breached by 3 ransomware gangs in 2 weeks (33:49) - Story # 7: Man who built ISP instead of paying Comcast $50K expands to hundreds of homes (38:09) - Story # 8: Slack leaked hashed passwords from its servers for years (40:33) - Story # 9: Cisco Talos shares insights related to recent cyber attack on Cisco (48:07) - Story # 10: Incident Report: Employee and Customer Account Compromise (50:54) - Story # 11: Hackers Behind Twilio Breach Also Targeted Cloudflare Employees

ORIGINALLY AIRED ON JULY 25, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-07-25 03:59 – Story # 1: DOJ seized ransoms paid by […] The post Talkin’ About Infosec News – 7/25/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-07-25 (03:59) - Story # 1: DOJ seized ransoms paid by health centers in Kansas, Colorado after 2021 attacks (08:38) - Story # 1b: twitter.com/cryptowhale (17:34) - Story # 2: How Conti ransomware hacked and encrypted the Costa Rican government (22:29) - Story # 3: Experts Uncover New CloudMensis Spyware Targeting Apple macOS Users (36:49) - Story # 4: Google Play hides app permissions in favor of developer-written descriptions (39:09) - Story # 4b: Google is reinstating app permissions list on Play Store (41:31) - Story # 5: Hack the pump: Rising prices lead to more reports of gas theft (46:04) - Story # 5b: Gas pump manipulators steal ‘millions of dollars’ in fuel (50:40) - Story # 5c: Secret Service agents warn fleets about 'fuel skimming' (53:13) - Story # 6: Atlassian fixes critical Confluence hardcoded credentials flaw (53:33) - Story # 6b: Cisco fixes bug that lets attackers execute commands as root (53:57) - Story # 7: New Air-Gap Attack Uses SATA Cable as an Antenna to Transfer Radio Signals

ORIGINALLY AIRED ON JULY 18, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Talkin’ Bout Audio 07:23 – BHIS – Talkin’ Bout [infosec] News 2022-07-18 09:28 – […] The post Talkin’ About Infosec News – 7/18/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Talkin' Bout Audio (07:23) - BHIS - Talkin' Bout [infosec] News 2022-07-18 (09:28) - Story # 1: Russian “hacktivists” are causing trouble far beyond Ukraine (12:19) - Wade Into International Relations (21:25) - Story # 2: UK Info Commissioner slams use of WhatsApp by health officials during pandemic (26:11) - Story # 3: Microsoft warns of massive phishing campaign that can bypass MFA (31:44) - Bud Patches Reporting (37:08) - Story # 4: Today I learned Amazon has a form so police can get my data without permission or a warrant (48:35) - Story # 4b: San Francisco cops want real-time access to private security cameras for surveillance (56:59) - Story # 5: Man Arrested After Impersonating Disney Cast Member, Stealing $10,000 ‘Star Wars’ Droid (59:06) - Story # 6: Disneyland social media accounts hacked, offensive messages posted

ORIGINALLY AIRED ON JULY 11, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Cons, China, and Florida Man, oh my! 07:03 – Story # 1: North Korean […] The post Talkin’ About Infosec News – 7/11/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Cons, China, and Florida Man, oh my! (02:37) - BHIS - Talkin' Bout [infosec] News 2022-07-11 (07:03) - Story # 1: North Korean Hackers Target US Health Providers With 'Maui' Ransomware (10:29) - Story # 2: Ransomware, hacking groups move from Cobalt Strike to Brute Ratel (24:24) - Story # 3: DoD issues call for hackers to dig into networks (29:21) - Story # 3b: Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act (33:15) - Story # 4: FCC Commissioner urges Google and Apple to ban TikTok (41:41) - Story # 5: Microsoft rolls back decision to block Office macros by default (42:01) - Story # 5b: Microsoft says decision to stop blocking Office VBA macros by default is ‘temporary’

ORIGINALLY AIRED ON JUNE 27, 2022 Articles discussed in this episode: 02:13 – Story # 1: The #1 Period Tracker on the App Store Will Hand Over Data Without a […] The post Talkin’ About Infosec News – 6/27/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-06-27 (02:13) - Story # 1: The #1 Period Tracker on the App Store Will Hand Over Data Without a Warrant (20:56) - Story # 2: LockBit 3.0 introduces the first ransomware bug bounty program (25:44) - Story # 3: Former AWS engineer convicted over hack that cost Capital One $270m (28:52) - Story # 4: CISA experts propose ‘311’ cybersecurity emergency call line for small businesses (38:25) - Story # 5: Clever phishing method bypasses MFA using Microsoft WebView2 apps (40:00) - Story # 5b: mrd0x/WebView2-Cookie-Stealer (43:28) - Story # 6: Game on! The 2022 Google CTF is here (46:07) - Story # 7: Critical PHP flaw exposes QNAP NAS devices to RCE attacks (50:03) - Story # 8: Japanese man loses USB stick with entire city's personal details (54:51) - Story # 9: A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould

ORIGINALLY AIRED ON JUNE 20, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-06-20 01:31 – Story # 1: Internal TikTok Meetings Shows That […] The post Talkin’ About Infosec News – 6/20/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-06-20 (01:31) - Story # 1: Internal TikTok Meetings Shows That US User Data Accessed From China (05:14) - Story # 2: Mullvad VPN Removes Ability to Create New Subscriptions (09:23) - Story # 3: Flagstar Bank discloses data breach impacting 1.5 million customers (13:25) - Story # 4: Russia-linked APT targets Ukraine by exploiting the Follina RCE vulnerability (17:39) - Story # 5: Tesla cars barred for 2 months in Beidaihe, site of China leadership meet (20:18) - Story # 6: Microsoft 365 credentials targeted in new fake voicemail campaign (22:27) - Bud Patches Reporting with Dancing John Strand. (27:19) - Story # 7: FBI says fraud on LinkedIn a ‘significant threat’ to platform and consumers (30:04) - Story # 8: Cloudflare Saw Record-Breaking DDoS Attack Peaking at 26 Million Request Per Second (33:22) - Story # 9: Critical Code Execution Vulnerability Patched in Splunk Enterprise (35:53) - Story # 10: Google AI Reprise (37:43) - Story # 11: RSA was a Covid Superspreader event. (42:03) - Story # 12: Facebook Is Receiving Sensitive Medical Information from Hospital Websites (43:58) - Story # 12b: 18 HIPAA Identifiers

ORIGINALLY AIRED ON JUNE 13, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-06-13 02:26 – Story # 1: Roblox Game Pass store used […] The post Talkin’ About Infosec News – 6/13/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-06-13 (02:26) - Story # 1: Roblox Game Pass store used to sell ransomware decryptor (07:35) - Story # 2: New Jersey school district forced to cancel final exams amid ransomware recovery effort (10:31) - Story # 3: Security Fixes Won't Require Full iOS Update in iOS 16, Will Be Installed Automatically (15:08) - Story # 4: Gone in 130 seconds: New Tesla hack gives thieves their own personal key (20:07) - Story # 5: DuckDuckGo browser allows Microsoft trackers due to search agreement (30:44) - Story # 6: Apple demos Safari’s ‘passkeys’ support in macOS Ventura that will help bring an end to passwords (38:34) - Story # 6: Mass Account Takeover in the Yunmai smart scale API (42:27) - Story # 7: Credentials for thousands of open source projects free for the taking—again! (48:09) - Story # 8: Internet Explorer (almost) breathes its final byte on Wednesday (55:28) - Story # 9: Google suspends engineer who claims its AI is sentient

ORIGINALLY AIRED ON JUNE 6, 2022 Articles discussed in this episode: 00:00 – PreShow Banter™ — Boat Facts 01:38 – BHIS – Talkin’ Bout [infosec] News 2022-06-06 03:51 – Story […] The post Talkin’ About Infosec News – 6/6/2022 appeared first on Black Hills Information Security. (00:00) - PreShow Banter™ — Boat Facts (01:38) - BHIS - Talkin' Bout [infosec] News 2022-06-06 (03:51) - Story # 1: Elon Musk threatens to scrap Twitter deal (07:04) - Story # 2: Confluence Server and Data Center CVE (13:55) - Story # 3: Mandiant: “No evidence” we were hacked by LockBit ransomware (18:29) - Story # 4: Fake Windows exploits target infosec community with Cobalt Strike (27:37) - Story # 5: Hacker Steals Database of Hundreds of Verizon Employees (36:14) - Story # 6: India Flights grounded after SpiceJet hit with ransomware (40:40) - Story # 7: Zero-Click Zoom Bug Allows Code Execution Just by Sending a Message (42:15) - Story # 7b: Zoom's Bug Bounty Programs Soar to $1.8M (45:29) - Story # 8: Twitter pays $150M fine for using two-factor login details to target ads (49:27) - Story # 9: Microsoft finds severe bugs in Android apps from large mobile providers

ORIGINALLY AIRED ON MAY 23, 2022 Articles discussed in this episode: 00:00 – BHIS – Talkin’ Bout [infosec] News 2022-05-23 02:38 – Story # 1 – National bank trolls hackers […] The post Talkin’ About Infosec News – 5/23/2022 appeared first on Black Hills Information Security. (00:00) - BHIS - Talkin' Bout [infosec] News 2022-05-23 (02:38) - Story # 1 - National bank trolls hackers with dick pics (06:59) - Story # 2 - Ransomware attack exposes data of 500,000 Chicago students (14:09) - Story # 3 - Zola seems tight lipped on an unconfirmed breach (21:57) - Weather With Bud Patches (28:22) - Story # 4 - Snake Keylogger Spreads Through Malicious PDFs (34:47) - Story # 5 - Bluetooth Hack - Remotely Unlock Smart Locks & Cars (43:37) - Story # 6 - DOJ Changes CFAA Policy, Will No Longer Bring Criminal Charges Against Security Researchers