Talkin' Bout [Infosec] News

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Wading Through Woods06:06 - DEF CON RECAP - Talkin’ Bout [infosec] News 2025-08-1109:16 - Story # 1: It’s time to acknowledge HTTP/1.1 is insecure12:36 - Story # 2: Research reveals possible privacy gaps in Apple Intelligence’s data handling17:51 - Story # 3: Federal court filing system hit in sweeping hack21:09 - Story # 4: Cisco discloses data breach impacting Cisco.com user accounts32:17 - Story # 5: Google says its AI-based bug hunter found 20 security vulnerabilities34:20 - Story # 6: Automate security reviews with Claude Code39:01 - Story # 7: Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands44:44 - Story # 7b: OnStar assists CHP in stopping fleeing SUV with toddler inside47:12 - Story # 7c: That viral video of a ‘deactivated’ Tesla Cybertruck is a fake49:37 - Story # 8: LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code50:53 - Story # 9: Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools53:08 - Story # 10: A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT58:10 - Story # 11: Millions of Dell Laptops Vulnerable to Device Takeover and Persistent Malware Attacks (00:00) - PreShow Banter™ — Wading Through Woods (06:06) - DEF CON RECAP - Talkin' Bout [infosec] News 2025-08-11 (09:15) - Story # 1: It's time to acknowledge HTTP/1.1 is insecure (12:36) - Story # 2: Research reveals possible privacy gaps in Apple Intelligence’s data handling (17:50) - Story # 3: Federal court filing system hit in sweeping hack (21:08) - Story # 4: Cisco discloses data breach impacting Cisco.com user accounts (32:16) - Story # 5: Google says its AI-based bug hunter found 20 security vulnerabilities (34:20) - Story # 6: Automate security reviews with Claude Code (39:00) - Story # 7: Flipper Zero ‘DarkWeb’ Firmware Bypasses Rolling Code Security on Major Vehicle Brands (44:43) - Story # 7b: OnStar assists CHP in stopping fleeing SUV with toddler inside (47:11) - Story # 7c: That viral video of a ‘deactivated’ Tesla Cybertruck is a fake (49:36) - Story # 8: LegalPwn Attack Tricks GenAI Tools Into Misclassifying Malware as Safe Code (50:52) - Story # 9: Microsoft Launches Project Ire to Autonomously Classify Malware Using AI Tools (53:08) - Story # 10: A Single Poisoned Document Could Leak ‘Secret’ Data Via ChatGPT (58:09) - Story # 11: Millions of Dell Laptops Vulnerable to Device Takeover and Persistent Malware Attacks

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00:00 - PreShow Banter™ — Stop Asking Wade if he’s in Vegas00:02:16 - Perplexity Uses Stealth Crawlers to Evade No-Crawl Directives – 2025-08-0400:11:25 - Story # 1: Insurance won’t cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security00:18:40 - Story # 2: States Enact Safe Harbor Laws that Provide Affirmative Defenses in Data Breach Litigation00:26:45 - Story # 3: Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations00:34:18 - Story # 4: Attackers exploit link-wrapping services to steal Microsoft 365 logins00:40:09 - Story # 5: Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons00:42:18 - Wade’s plugin recommendation00:44:39 - Story # 6: Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives00:51:11 - Story # 7: After Backlash, ChatGPT Removes Option to Have Private Chats Indexed by Google00:55:21 - AI 202701:01:01 - What’s Ralph been up to? (00:00) - PreShow Banter™ — Stop Asking Wade if he's in Vegas (02:16) - Perplexity Uses Stealth Crawlers to Evade No-Crawl Directives – 2025-08-04 (11:25) - Story # 1: Insurance won't cover $5M in City of Hamilton claims for cyberattack, citing lack of log-in security (18:39) - Story # 2: States Enact Safe Harbor Laws that Provide Affirmative Defenses in Data Breach Litigation (26:44) - Story # 3: Hackers Destroy Aeroflot’s IT Infrastructure, Causing Over 42 Flight Cancellations (34:18) - Story # 4: Attackers exploit link-wrapping services to steal Microsoft 365 logins (40:09) - Story # 5: Mozilla flags phishing wave aimed at hijacking trusted Firefox add-ons (42:17) - Wade’s plugin recommendation (44:38) - Story # 6: Perplexity is using stealth, undeclared crawlers to evade website no-crawl directives (51:10) - Story # 7: After Backlash, ChatGPT Removes Option to Have Private Chats Indexed by Google (55:20) - AI 2027 (01:01:00) - What’s Ralph been up to?

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — National Chicken Wing Day04:16 - BHIS - Talkin’ Bout [infosec] News 2025-07-2805:30 - Story # 1: Bad vibes: How an AI agent coded its way to disaster08:40 - Story # 1b: Replit goes rogue, deletes entire database.15:44 - Story # 2: A major AI training data set contains millions of examples of personal data26:05 - Story # 3: Women Dating Safety App ‘Tea’ Breached, Users’ IDs Posted to 4chan33:19 - Story # 4:A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors40:28 - Story # 5: Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers49:46 - Story # 6: Businesses banned from paying hackers’ ransoms to target cybercrime57:38 - SharePoint Follow Up (00:00) - PreShow Banter™ — National Chicken Wing Day (04:15) - BHIS - Talkin' Bout [infosec] News 2025-07-28 (05:29) - Story # 1: Bad vibes: How an AI agent coded its way to disaster (08:39) - Story # 1b: Replit goes rogue, deletes entire database. (15:43) - Story # 2: A major AI training data set contains millions of examples of personal data (26:04) - Story # 3: Women Dating Safety App 'Tea' Breached, Users' IDs Posted to 4chan (33:18) - Story # 4:A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors (40:27) - Story # 5: Clorox Sues IT Provider Cognizant For Simply Giving Employee Password to Hackers (49:46) - Story # 6: Businesses banned from paying hackers’ ransoms to target cybercrime (57:38) - SharePoint Follow Up

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — PaintBallers03:55 - BHIS - Talkin’ Bout [infosec] News 2025-07-2104:21 - Story # 1: Microsoft 0-day Mass Exploitation09:39 - Story # 2: Replit AI went rogue, deleted a company’s entire database, then hid it and lied about it13:15 - Story # 3: ‘All US forces must now assume their networks are compromised’ after Salt Typhoon breach18:08 - Story # 4: After FBI Warning, Alaska Airlines Grounded; Salt Typhoon Suspected20:45 - Story # 5: FBI Cybersecurity Breach Led to Murders of Informants in El Chapo Case21:54 - Story # 5b: FBI’s Report29:57 - Story # 6: Google fixes actively exploited sandbox escape zero day in Chrome31:30 - Story # 7: Exploited Wing file transfer bug risks ‘total server compromise,’ CISA warns32:33 - Story # 8: CitrixBleed 2 situation update — everybody already got owned33:01 - Story # 9: At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds46:14 - Story # 10: Amazon Ring Doorbell May 28 Mass Hacking Claim Goes Viral48:56 - jdbgmgr.exe virus hoax51:52 - Story # 11: HPE warns of hardcoded passwords in Aruba access points (00:00) - PreShow Banter™ — PaintBallers (03:55) - BHIS - Talkin' Bout [infosec] News 2025-07-21 (04:20) - Story # 1: Microsoft 0-day Mass Exploitation (09:39) - Story # 2: Replit AI went rogue, deleted a company's entire database, then hid it and lied about it (13:14) - Story # 3: ‘All US forces must now assume their networks are compromised’ after Salt Typhoon breach (18:08) - Story # 4: After FBI Warning, Alaska Airlines Grounded; Salt Typhoon Suspected (20:44) - Story # 5: FBI Cybersecurity Breach Led to Murders of Informants in El Chapo Case (21:53) - Story # 5b: FBI's Report (29:56) - Story # 6: Google fixes actively exploited sandbox escape zero day in Chrome (31:30) - Story # 7: Exploited Wing file transfer bug risks ‘total server compromise,’ CISA warns (32:32) - Story # 8: CitrixBleed 2 situation update — everybody already got owned (33:00) - Story # 9: At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds (46:14) - Story # 10: Amazon Ring Doorbell May 28 Mass Hacking Claim Goes Viral (48:55) - jdbgmgr.exe virus hoax (51:52) - Story # 11: HPE warns of hardcoded passwords in Aruba access points

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com 00:00 - PreShow Banter™ — Traditional Finger00:21 - BHIS - Talkin’ Bout [infosec] News 2025-07-1401:29 - Story # 1: ‘123456’ password exposed chats for 64 million McDonald’s job chatbot applications22:12 - Story # 2: Employee gets $920 for credentials used in $140 million bank heist33:50 - Story # 3: Microsoft laying off about 9,000 employees in latest round of cuts37:21 - Story # 5: Scammy YouTube Ads46:31 - Story # 6: New ServiceNow flaw lets attackers enumerate restricted data (00:00) - PreShow Banter™ — Traditional Finger (00:21) - BHIS - Talkin' Bout [infosec] News 2025-07-14 (01:28) - Story # 1: '123456' password exposed chats for 64 million McDonald’s job chatbot applications (22:12) - Story # 2: Employee gets $920 for credentials used in $140 million bank heist (33:50) - Story # 3: Microsoft laying off about 9,000 employees in latest round of cuts (37:20) - Story # 5: Scammy YouTube Ads (46:31) - Story # 6: New ServiceNow flaw lets attackers enumerate restricted data

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Pre Stream Appropriate03:39 - N. Korean Remote Workers are at it Again! – BHIS - Talkin’ Bout [infosec] News 2025-07-0705:41 - Story # 1: Fortune 500 Cyber Spending Pays Off: Large Enterprise Risk Falls 33% Despite Rising Threats20:01 - Story # 2: Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations25:49 - Story # 2b: Engineer caught juggling multiple startup jobs is a cautionary tale of ‘extreme’ hustle culture, experts say34:47 - Story # 3: Taking SHELLTER: a commercial evasion framework abused in- the- wild42:15 - Story # 3b: Statement Regarding Recent Misuse of Shellter Elite and Elastic Security Labs’ Handling46:58 - Story # 4: Ingram Micro outage caused by SafePay ransomware attack49:45 - Story # 5: Germany asks Google, Apple to remove DeepSeek AI from app stores53:13 - Story # 6: This Call of Duty game just hit Xbox Game Pass, but it’s infested with RCE hackers — I’d take cover and avoid playing until there’s a fix (00:00) - PreShow Banter™ — Pre Stream Appropriate (03:39) - N. Korean Remote Workers are at it Again! – BHIS - Talkin' Bout [infosec] News 2025-07-07 (05:40) - Story # 1: Fortune 500 Cyber Spending Pays Off: Large Enterprise Risk Falls 33% Despite Rising Threats (20:00) - Story # 2: Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations (25:49) - Story # 2b: Engineer caught juggling multiple startup jobs is a cautionary tale of ‘extreme’ hustle culture, experts say (34:47) - Story # 3: Taking SHELLTER: a commercial evasion framework abused in- the- wild (42:14) - Story # 3b: Statement Regarding Recent Misuse of Shellter Elite and Elastic Security Labs’ Handling (46:58) - Story # 4: Ingram Micro outage caused by SafePay ransomware attack (49:44) - Story # 5: Germany asks Google, Apple to remove DeepSeek AI from app stores (53:13) - Story # 6: This Call of Duty game just hit Xbox Game Pass, but it's infested with RCE hackers — I'd take cover and avoid playing until there's a fix

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.comChapters:00:00 - PreShow Banter™ — Names on Cups01:39 - Year of the [European Union] Linux Desktop Finally Arrives? | BHIS - Talkin’ Bout [infosec] News 2025-06-3003:34 - Story # 1: You should probably delete any sensitive screenshots you have in your phone right now.10:55 - Story # 2: Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails14:07 - Story # 3: The year of the European Union Linux desktop may finally arrive24:46 - Story # 4: Restricted data once again leaked on War Thunder forums27:04 - Story # 5: Scale AI Leaks Meta, Google, xAI Confidential Files Through ‘Incredibly Janky’ Document Practices31:47 - Story # 6: French police reportedly arrest suspected BreachForums administrators34:22 - Story # 7: Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages39:41 - Story # 8: CitrixBleed 2: Electric Boogaloo — CVE-2025–577742:16 - Story # 9: Millions of Brother Printers Hit by Critical, Unpatchable Bug47:05 - Story # 10: Canada orders China’s Hikvision to close Canadian operations50:13 - Story # 11: US House bans WhatsApp on staff devices over security concerns53:17 - ChickenSec: Chickens are becoming 3rd most popular pet: Tractor Supply CEO56:34 - Story # 12: Norway Dam Hacked, Valve Opened But No Danger58:11 - Review your calendar invites! (00:00) - PreShow Banter™ — Names on Cups (01:38) - Year of the [European Union] Linux Desktop Finally Arrives? | BHIS - Talkin' Bout [infosec] News 2025-06-30 (03:33) - Story # 1: You should probably delete any sensitive screenshots you have in your phone right now. (10:55) - Story # 2: Ongoing Campaign Abuses Microsoft 365’s Direct Send to Deliver Phishing Emails (14:07) - Story # 3: The year of the European Union Linux desktop may finally arrive (24:45) - Story # 4: Restricted data once again leaked on War Thunder forums (27:03) - Story # 5: Scale AI Leaks Meta, Google, xAI Confidential Files Through ‘Incredibly Janky’ Document Practices (31:46) - Story # 6: French police reportedly arrest suspected BreachForums administrators (34:21) - Story # 7: Another Wave: North Korean Contagious Interview Campaign Drops 35 New Malicious npm Packages (39:40) - Story # 8: CitrixBleed 2: Electric Boogaloo — CVE-2025–5777 (42:16) - Story # 9: Millions of Brother Printers Hit by Critical, Unpatchable Bug (47:05) - Story # 10: Canada orders China's Hikvision to close Canadian operations (50:12) - Story # 11: US House bans WhatsApp on staff devices over security concerns (53:16) - ChickenSec: Chickens are becoming 3rd most popular pet: Tractor Supply CEO (56:33) - Story # 12: Norway Dam Hacked, Valve Opened But No Danger (58:11) - Review your calendar invites!

Register for Free, Live webcasts & summits:https://poweredbybhis.com00:00 - PreShow Banter™ — Explaining the Muppets03:09 - Iran Shuts Down It's Own Internet- BHIS - Talkin’ Bout [infosec] News 2025-06-2304:52 - Story # 1: Iran’s government says it shut down internet to protect against cyberattacks20:20 - Story # 2: Iranian bank linked to revolutionary guard hit by ‘cyber attack’22:11 - Story # 3: Hackers switch to targeting U.S. insurance companies23:32 - Story # 3b: Statement: Erie Insurance Information Security Incident (June 23)33:33 - Story # 4: No, the 16 billion credentials leak is not a new data breach43:23 - Story # 5: ‘Water Curse’ Targets Infosec Pros via Poisoned GitHub Repositories47:09 - Story # 6: CISA Reveals ‘Pattern’ of Ransomware Attacks Against SimpleHelp RMM48:49 - Story # 7: Report Links Los Pollos and RichAds to Malware Traffic Operations58:29 - Story # 8: Minnesota lawmaker’s alleged killer had list of data broker websites in car, FBI says (00:00) - PreShow Banter™ — Explaining the Muppets (03:08) - Iran Shuts Down It's Own Internet - BHIS - Talkin' Bout [infosec] News 2025-06-23 (04:52) - Story # 1: Iran’s government says it shut down internet to protect against cyberattacks (20:19) - Story # 2: Iranian bank linked to revolutionary guard hit by ‘cyber attack’ (22:11) - Story # 3: Hackers switch to targeting U.S. insurance companies (23:31) - Story # 3b: Statement: Erie Insurance Information Security Incident (June 23) (33:32) - Story # 4: No, the 16 billion credentials leak is not a new data breach (43:22) - Story # 5: 'Water Curse' Targets Infosec Pros via Poisoned GitHub Repositories (47:09) - Story # 6: CISA Reveals 'Pattern' of Ransomware Attacks Against SimpleHelp RMM (48:48) - Story # 7: Report Links Los Pollos and RichAds to Malware Traffic Operations (58:29) - Story # 8: Minnesota lawmaker’s alleged killer had list of data broker websites in car, FBI says

Register for Free, Live webcasts & summits:https://poweredbybhis.com00:00 - PreShow Banter™ — Government Linux04:16 - Denmark is Done with Teams! - Talkin’ Bout [infosec] News 2025-06-1605:02 - Story # 1: ‘We’re done with Teams’: German state hits uninstall on Microsoft17:34 - Story # 1b: Denmark Wants to Dump Microsoft Software for Linux, LibreOffice18:14 - Story # 2: Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot25:50 - Story # 3: Fog ransomware attacks use employee monitoring tool to break into business networks30:25 - Story # 4: Expired Discord Invites Hijacked for Stealthy Malware Attacks34:00 - Story # 5: SmartAttack uses smartwatches to steal data from air-gapped systems40:25 - Story # 6: Mirai Botnets Exploiting Wazuh Security Platform Vulnerability44:47 - Story # 7: Google Cloud and Cloudflare hit by widespread service outages48:04 - Story # 8: UNFI cyberattack shuts down network and leaves Whole Foods and others in limbo50:34 - Story # 9: New SharePoint Phishing Attacks Using Lick Deceptive Techniques51:08 - Story # 10: US-backed Israeli company’s spyware used to target European journalists, Citizen Lab finds53:32 - Story # 11: Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud (00:00) - PreShow Banter™ — Government Linux (04:15) - Denmark is Done with Teams! - Talkin' Bout [infosec] News 2025-06-16 (05:02) - Story # 1: 'We're done with Teams': German state hits uninstall on Microsoft (17:33) - Story # 1b: Denmark Wants to Dump Microsoft Software for Linux, LibreOffice (18:14) - Story # 2: Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot (25:49) - Story # 3: Fog ransomware attacks use employee monitoring tool to break into business networks (30:24) - Story # 4: Expired Discord Invites Hijacked for Stealthy Malware Attacks (33:59) - Story # 5: SmartAttack uses smartwatches to steal data from air-gapped systems (40:25) - Story # 6: Mirai Botnets Exploiting Wazuh Security Platform Vulnerability (44:47) - Story # 7: Google Cloud and Cloudflare hit by widespread service outages (48:03) - Story # 8: UNFI cyberattack shuts down network and leaves Whole Foods and others in limbo (50:33) - Story # 9: New SharePoint Phishing Attacks Using Lick Deceptive Techniques (51:08) - Story # 10: US-backed Israeli company’s spyware used to target European journalists, Citizen Lab finds (53:31) - Story # 11: Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud

Register for Free, Live webcasts & summits:https://poweredbybhis.com00:00 - PreShow Banter™ — Time to Bake05:12 - Chatbot Tells Addict to Take Drugs - Talkin’ Bout [infosec] News 2025-05-0606:08 - Story # 1: Meta and Yandex are de-anonymizing Android users’ web browsing identifiers12:55 - Story # 2: Therapy Chatbot Tells Recovering Addict to Have a Little Meth as a Treat16:11 - Story # 3: The Cost of a Call: From Voice Phishing to Data Extortion26:56 - Story # 4: Questions Swirl Around ConnectWise Flaw Used in Attacks27:40 - Story # 4b: ConnectWise email35:28 - Story # 5: Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI39:27 - Story # 6: Misconfigured HMIs Expose US Water Systems to Anyone With a Browser52:20 - Story # 7: Fact Sheet: President Donald J. Trump Reprioritizes Cybersecurity Efforts to Protect America (00:00) - PreShow Banter™ — Time to Bake (05:12) - Chatbot Tells Addict to Take Drugs - Talkin' Bout [infosec] News 2025-05-06 (06:08) - Story # 1: Meta and Yandex are de-anonymizing Android users’ web browsing identifiers (12:55) - Story # 2: Therapy Chatbot Tells Recovering Addict to Have a Little Meth as a Treat (16:11) - Story # 3: The Cost of a Call: From Voice Phishing to Data Extortion (26:56) - Story # 4: Questions Swirl Around ConnectWise Flaw Used in Attacks (27:40) - Story # 4b: ConnectWise email (35:27) - Story # 5: Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI (39:26) - Story # 6: Misconfigured HMIs Expose US Water Systems to Anyone With a Browser (52:19) - Story # 7: Trump cyber executive order takes aim at prior orders, secure software, identity