Talkin' Bout [Infosec] News

00:00 - PreShow Banter™ — We’re Not Ready For the Finger Thing01:40 - Trading in Jock Straps for Jock Hacks – BHIS - Talkin’ Bout [infosec] News 2025-03-2403:24 - Story # 1: GitHub Action hack likely led to another in cascading supply chain attack07:53 - Story # 2: Wiz to Join Google Cloud: Making Magic Together14:47 - Story # 3: Oracle denies breach after hacker claims theft of 6 million data records19:52 - Story # 4: Critical flaw in Next.js lets hackers bypass authorization25:47 - Story # 5: Cloudflare builds an AI to lead AI scraper bots into a horrible maze of junk content29:20 - Story # 6: Ex-Michigan QB coach Matt Weiss facing 24 federal charges in hack of thousands of student accounts35:47 - Story # 7: DNA of 15 Million People for Sale in 23andMe Bankruptcy38:40 - Story # 8: Everything you say to your Echo will be sent to Amazon starting on March 2844:03 - Story # 9: We partner with world-renowned scambusters to create our own fraud-fighting call centre52:01 - Story # 10: Sperm donation giant California Cryobank warns of a data breach54:19 - Story # 11: Microsoft: New RAT malware used for crypto theft, reconnaissance56:32 - Story # 12: TrustedSec | Trimarc Joins Forces with TrustedSec to Strengthen… (00:00) - PreShow Banter™ — We're Not Ready For the Finger Thing (01:40) - Trading in Jock Straps for Jock Hacks – BHIS - Talkin' Bout [infosec] News 2025-03-24 (03:23) - Story # 1: GitHub Action hack likely led to another in cascading supply chain attack (07:53) - Story # 2: Wiz to Join Google Cloud: Making Magic Together (14:46) - Story # 3: Oracle denies breach after hacker claims theft of 6 million data records (19:51) - Story # 4: Critical flaw in Next.js lets hackers bypass authorization (25:46) - Story # 5: Cloudflare builds an AI to lead AI scraper bots into a horrible maze of junk content (29:20) - Story # 6: Ex-Michigan QB coach Matt Weiss facing 24 federal charges in hack of thousands of student accounts (35:46) - Story # 7: DNA of 15 Million People for Sale in 23andMe Bankruptcy (38:40) - Story # 8: Everything you say to your Echo will be sent to Amazon starting on March 28 (44:02) - Story # 9: We partner with world-renowned scambusters to create our own fraud-fighting call centre (52:00) - Story # 10: Sperm donation giant California Cryobank warns of a data breach (54:19) - Story # 11: Microsoft: New RAT malware used for crypto theft, reconnaissance (56:32) - Story # 12: TrustedSec | Trimarc Joins Forces with TrustedSec to Strengthen…

00:00 - PreShow Banter™ — Fun Jank Decks05:25 - BHIS - Talkin’ Bout [infosec] News 2025-03-17 - Malicious browser plugins will destroy us ALL!!!!!06:35 - Story # 1: Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension14:37 - Story # 1b: Chrome Web Store is a mess31:14 - Story # 2: Lazarus Strikes npm Again with New Wave of Malicious Packages36:17 - Story # 3: China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days44:44 - Story # 4: Saudi Arabia Buys Pokémon Go, and Probably All of Your Location Data49:31 - Story # 5: Second biggest bank in US hit by major data breach stealing social security numbers and other personal info51:25 - Story # 6: Hackers Take Credit for X Cyberattack54:32 - Story # 7: Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account (00:00) - PreShow Banter™ — Fun Jank Decks (05:24) - BHIS - Talkin' Bout [infosec] News 2025-03-17 - Malicious Browser Plugins will Destroy us ALL!! (06:35) - Story # 1: Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension (14:37) - Story # 1b: Chrome Web Store is a mess (31:14) - Story # 2: Lazarus Strikes npm Again with New Wave of Malicious Packages (36:17) - Story # 3: China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days (44:43) - Story # 4: Saudi Arabia Buys Pokémon Go, and Probably All of Your Location Data (49:31) - Story # 5: Second biggest bank in US hit by major data breach stealing social security numbers and other personal info (51:25) - Story # 6: Hackers Take Credit for X Cyberattack (54:32) - Story # 7: Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account

00:00 - PreShow Banter™ — Agent A.I.07:35 - BHIS - Talkin’ Bout [infosec] News 2025-03-1010:47 - Story # 1: 12 Chinese hackers charged with US Treasury breach — and much, much more15:25 - Story # 2: Signal President Meredith Whittaker calls out agentic AI as having ‘profound’ security and privacy issues25:33 - Story # 3: X/Twitter is down for a third time today27:33 - Story # 4: Developer sabotaged ex-employer with kill switch activated when he was let go33:37 - Story # 5: Undocumented commands found in Bluetooth chip used by a billion devices45:37 - Story # 6: Cybercrime’s Cobalt Strike Use Plummets 80% Worldwide46:19 - Story # 7: Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags55:01 - Story # 8: Ransomware gang encrypted network from a webcam to bypass EDR (00:00) - PreShow Banter™— Agent A.I. (07:35) - BHIS - Talkin' Bout [infosec] News 2025-03-10 (10:47) - Story # 1: 12 Chinese hackers charged with US Treasury breach — and much, much more (15:24) - Story # 2: Signal President Meredith Whittaker calls out agentic AI as having ‘profound’ security and privacy issues (25:32) - Story # 3: X/Twitter is down for a third time today (27:33) - Story # 4: Developer sabotaged ex-employer with kill switch activated when he was let go (33:37) - Story # 5: Undocumented commands found in Bluetooth chip used by a billion devices (45:36) - Story # 6: Cybercrime's Cobalt Strike Use Plummets 80% Worldwide (46:19) - Story # 7: Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags (55:00) - Story # 8: Ransomware gang encrypted network from a webcam to bypass EDR

00:00 - PreShow Banter™ — Not Talking About Anything04:29 - BHIS - Talkin’ Bout [infosec] News 2025-03-0305:42 - Story # 1: FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data24:28 - Story # 2: Disney engineer downloaded ‘helpful’ AI tool that ended up completely destroying his life34:28 - Story # 3: Have I Been Pwned adds 284M accounts stolen by infostealer malware43:22 - Story # 4: Dragos’s 8th Annual OT Cybersecurity Year in Review Is Now Available45:53 - Story # 5: Trump administration retreats in fight against Russian cyber threats55:19 - Story # 5b: Exclusive: US intel shows Russia and China are attempting to recruit disgruntled federal employees, sources say57:33 - Story # 6: Feds: Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’ (00:00) - PreShow Banter™ — Not Talking About Anything (04:28) - BHIS - Talkin' Bout [infosec] News 2025-03-03 (05:42) - Story # 1: FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data (24:27) - Story # 2: Disney engineer downloaded 'helpful' AI tool that ended up completely destroying his life (34:27) - Story # 3: Have I Been Pwned adds 284M accounts stolen by infostealer malware (43:22) - Story # 4: Dragos's 8th Annual OT Cybersecurity Year in Review Is Now Available (45:53) - Story # 5: Trump administration retreats in fight against Russian cyber threats (55:19) - Story # 5b: Exclusive: US intel shows Russia and China are attempting to recruit disgruntled federal employees, sources say (57:32) - Story # 6: Feds: Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’

00:00 - PreShow Banter™ — Get Political05:27 - BHIS - Talkin’ Bout [infosec] News 2025-02-2506:07 - Story # 1: Trump 2.0 Brings Cuts to Cyber, Consumer Protections37:57 - Story # 2: OpenAI Uncovers Evidence of A.I.-Powered Chinese Surveillance Tool49:48 - Story # 3: Apple pulls data protection tool after UK government security row55:00 - Story # 4: Judge dismisses Chris Hadnagy lawsuit against DEF CON (00:00) - PreShow Banter™ — Get Political (05:26) - BHIS - Talkin' Bout [infosec] News 2025-02-25 (06:07) - Story # 1: Trump 2.0 Brings Cuts to Cyber, Consumer Protections (37:56) - Story # 2: OpenAI Uncovers Evidence of A.I.-Powered Chinese Surveillance Tool (49:48) - Story # 3: Apple pulls data protection tool after UK government security row (54:59) - Story # 4: Judge dismisses Chris Hadnagy lawsuit against DEF CON

 00:00 - PreShow Banter™ — Prove That You’re Wearing Pants05:50 - BHIS - Talkin’ Bout [infosec] News 2025-05-1706:46 - Story # 1: Fortinet discloses second firewall auth bypass patched in January07:12 - Story # 1b: Fortinet CEO boasts it was voted the “most trusted” cybersecurity firm. Don’t die laughing08:45 - Story # 1c: Forbes Most Trusted Companies in America 2025 List16:25 - Story # 2: SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account18:37 - Story # 2b: Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation20:04 - Story # 3: Putting the human back into AI is key, former NSA Director Nakasone says36:35 - Story # 4: Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack37:44 - Story # 5: DOGE Exposes Once-Secret Government Networks, Making Cyber-Espionage Easier than Ever43:14 - Story # 5b: DOGE’s .gov site lampooned as coders quickly realize it can be edited by anyone46:59 - Story # 6: Man who SIM-swapped the SEC’s X account pleads guilty51:26 - Story # 7: Russia’s Sandworm caught snarfing credentials, data from American and Brit orgs53:55 - Story # 8: Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed  (00:00) - PreShow Banter™ — Prove That You're Wearing Pants (05:49) - BHIS - Talkin' Bout [infosec] News 2025-05-17 (06:46) - Story # 1: Fortinet discloses second firewall auth bypass patched in January (07:11) - Story # 1b: Fortinet CEO boasts it was voted the “most trusted” cybersecurity firm. Don't die laughing (08:44) - Story # 1c: Forbes Most Trusted Companies in America 2025 List (16:24) - Story # 2: SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account (18:37) - Story # 2b: Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation (20:04) - Story # 3: Putting the human back into AI is key, former NSA Director Nakasone says (36:34) - Story # 4: Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack (37:43) - Story # 5: DOGE Exposes Once-Secret Government Networks, Making Cyber-Espionage Easier than Ever (43:14) - Story # 5b: DOGE’s .gov site lampooned as coders quickly realize it can be edited by anyone (46:58) - Story # 6: Man who SIM-swapped the SEC's X account pleads guilty (51:26) - Story # 7: Russia's Sandworm caught snarfing credentials, data from American and Brit orgs (53:55) - Story # 8: Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed

00:00 - PreShow Banter™ — Walking Through Denver02:23 - BHIS - Talkin’ Bout [infosec] News 2025-02-1004:35 - Story # 1: Ransomware payments declined in 2024 despite massive. well-known hacks05:02 - Story # 1b: 35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Payments14:19 - Story # 2: Critical Cisco ISE bug can let attackers run commands as root16:43 - Story # 3: The Untold Story of a Crypto Crimefighter’s Descent Into Nigerian Prison24:18 - Story # 4: IoT’s botnet problem is up 500% – three things admins must do now31:49 - Story # 5: WhatsApp identifies dozens of users hacked by Paragon spyware company39:41 - Story # 6: Sri Lanka goes bananas after monkey unplugs nation43:36 - Story # 7: Microsoft Study Finds AI Makes Human Cognition “Atrophied and Unprepared”50:17 - ChickenSec Story #: 1 Here’s a Super Bowl riddle: Why are egg prices surging — but not chicken wings?52:21 - Story # 8: DOGE Staffer Previously Fired From Cybersecurity Company for Leaking Secrets58:07 - ChickenSec Story #2: Americans to Eat 1.47 Billion Chicken Wings for Super Bowl LIX (00:00) - PreShow Banter™ — Walking Through Denver (02:23) - BHIS - Talkin' Bout [infosec] News 2025-02-10 (04:34) - Story # 1: Ransomware payments declined in 2024 despite massive. well-known hacks (05:02) - Story # 1b: 35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Payments (14:18) - Story # 2: Critical Cisco ISE bug can let attackers run commands as root (16:42) - Story # 3: The Untold Story of a Crypto Crimefighter’s Descent Into Nigerian Prison (24:17) - Story # 4: IoT’s botnet problem is up 500% – three things admins must do now (31:48) - Story # 5: WhatsApp identifies dozens of users hacked by Paragon spyware company (39:40) - Story # 6: Sri Lanka goes bananas after monkey unplugs nation (43:35) - Story # 7: Microsoft Study Finds AI Makes Human Cognition “Atrophied and Unprepared” (50:16) - ChickenSec Story #: 1 Here's a Super Bowl riddle: Why are egg prices surging — but not chicken wings? (52:21) - Story # 8: DOGE Staffer Previously Fired From Cybersecurity Company for Leaking Secrets (58:06) - ChickenSec Story #2: Americans to Eat 1.47 Billion Chicken Wings for Super Bowl LIX

00:00 - PreShow Banter™ — Community Swear Bucket01:40 - BHIS - Talkin’ Bout [infosec] News 2025-02-0503:27 - Story # 1: DeepSeek R1 Exposed: Security Flaws in China’s AI Model11:25 - Story # 2: Backdoor found in two healthcare patient monitors, linked to IP in China15:21 - Story # 3: Facebook flags Linux topics as ‘cybersecurity threats’ — posts and users being blocked20:56 - Story # 4: Here’s how Musk’s access to Treasury system may impact Social Security, other government payments31:29 - Story # 5: Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections34:34 - Story # 6: Insurance Company Globe Life Notifying 850,000 People of Data Breach36:15 - Story # 10: DeepSeek Fails Researchers’ Safety Tests38:35 - Story # 11: Engineering giant Smiths Group discloses security breach (00:00) - PreShow Banter™ — Community Swear Bucket (01:39) - BHIS - Talkin' Bout [infosec] News 2025-02-05 (03:26) - Story # 1: DeepSeek R1 Exposed: Security Flaws in China’s AI Model (11:24) - Story # 2: Backdoor found in two healthcare patient monitors, linked to IP in China (15:20) - Story # 3: Facebook flags Linux topics as 'cybersecurity threats' — posts and users being blocked (20:55) - Story # 4: Here’s how Musk’s access to Treasury system may impact Social Security, other government payments (31:28) - Story # 5: Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections (34:34) - Story # 6: Insurance Company Globe Life Notifying 850,000 People of Data Breach (36:15) - Story # 10: DeepSeek Fails Researchers' Safety Tests (38:35) - Story # 11: Engineering giant Smiths Group discloses security breach

00:00 - PreShow Banter™ — Fake Australian04:17 - BHIS - Talkin’ Bout [infosec] News 2025-01-2704:34 - Story # 1: DeepSeek sparks AI stock selloff; Nvidia posts record market-cap loss30:50 - Story # 2: Tech giants are putting $500bn into ‘Stargate’ to build up AI in US42:23 - Story # 3: DeepSeek Faces Large-scale Cyberattack, Halts New User Registrations43:34 - Story # 4: DHS cyber review board cleaned out in Trump move to eliminate ‘misuse of resources’47:38 - Story # 5: UnitedHealth estimates 190M people impacted by Change Healthcare cyberattack50:02 - Story # 5b: UnitedHealth now says 190 million impacted by 2024 data breach53:09 - Story # 6: Cloudflare Issue Can Leak Chat App Users’ Broad Location54:09 - Story # 7: Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel59:40 - Story # 8: Researchers say new attack could take down the European power grid (00:00) - PreShow Banter™ — Fake Australian (04:17) - BHIS - Talkin' Bout [infosec] News 2025-01-27 (04:34) - Story # 1: DeepSeek sparks AI stock selloff; Nvidia posts record market-cap loss (30:49) - Story # 2: Tech giants are putting $500bn into 'Stargate' to build up AI in US (42:23) - Story # 3: DeepSeek Faces Large-scale Cyberattack, Halts New User Registrations (43:33) - Story # 4: DHS cyber review board cleaned out in Trump move to eliminate ‘misuse of resources’ (47:38) - Story # 5: UnitedHealth estimates 190M people impacted by Change Healthcare cyberattack (50:01) - Story # 5b: UnitedHealth now says 190 million impacted by 2024 data breach (53:08) - Story # 6: Cloudflare Issue Can Leak Chat App Users' Broad Location (54:09) - Story # 7: Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel (59:39) - Story # 8: Researchers say new attack could take down the European power grid

00:00 - PreShow Banter™ — Highest Rated Chalk04:14 - BHIS - Talkin’ Bout [infosec] News 2025-01-2008:53 - Story # 1: Data From 15,000 Fortinet Firewalls Leaked by Hackers14:25 - Story # 2: China’s Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says16:29 - Story # 3: TikTok reportedly plans ‘immediate’ Sunday shutdown in the US if it’s banned25:47 - Story # 4: FBI forces Chinese malware to delete itself from thousands of US computers35:06 - WWHF Denver36:03 - BSides San Diego37:23 - Security Stadium38:22 - Story # 5: Exchange 2016 and 2019 reach end-of-life status later this year42:45 - Story # 6: Snyk security researcher deploys malicious NPM packages targeting Cursor.com46:17 - Story # 7: New UEFI Secure Boot flaw exposes systems to bootkits, patch now57:34 - Story # 8: Lawsuit: Allstate used GasBuddy and other apps to quietly track driving (00:00) - PreShow Banter™ — Highest Rated Chalk (04:13) - BHIS - Talkin' Bout [infosec] News 2025-01-20 (08:53) - Story # 1: Data From 15,000 Fortinet Firewalls Leaked by Hackers (14:24) - Story # 2: China's Salt Typhoon spies spotted on US govt networks before telcos, CISA boss says (16:28) - Story # 3: TikTok reportedly plans ‘immediate’ Sunday shutdown in the US if it’s banned (25:47) - Story # 4: FBI forces Chinese malware to delete itself from thousands of US computers (35:05) - WWHF Denver (36:03) - BSides San Diego (37:22) - Security Stadium (38:21) - Story # 5: Exchange 2016 and 2019 reach end-of-life status later this year (42:45) - Story # 6: Snyk security researcher deploys malicious NPM packages targeting Cursor.com (46:16) - Story # 7: New UEFI Secure Boot flaw exposes systems to bootkits, patch now (57:33) - Story # 8: Lawsuit: Allstate used GasBuddy and other apps to quietly track driving behavior