Talkin' Bout [Infosec] News

00:00:00 - PreShow Banter™ — An RGB State of Mind00:07:20 - BHIS - Talkin’ Bout [infosec] News 2025-01-1300:10:24 - Story # 1: A Day in the Life of a Prolific Voice Phishing Crew00:18:39 - Story # 2: Dental group lied through teeth about data breach, fined $350,00000:25:49 - Story # 3: Hacker claims breach of US location tracking company Gravy Analytics00:27:48 - Story # 4: License Plate Readers Are Leaking Real-Time Video Feeds and Vehicle Data00:33:19 - Story # 5: US Cyber Trust Mark launches as the Energy Star of smart home security00:43:08 - Story # 6: Hackers are exploiting a new Ivanti VPN security bug to hack into company networks00:45:09 - Story # 7: Hacker Broke into ‘Path of Exile 2’ Admin Account, Hijacked Wave of Characters00:47:36 - Story # 8: Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit00:54:47 - Story # 9: Ransomware crew abuses AWS native encryption01:00:41 - Story # 10: Cannabis company Stiiizy says hackers accessed customers’ ID documents (00:00) - PreShow Banter™ — An RGB State of Mind (07:19) - BHIS - Talkin' Bout [infosec] News 2025-01-13 (10:24) - Story # 1: A Day in the Life of a Prolific Voice Phishing Crew (18:38) - Story # 2: Dental group lied through teeth about data breach, fined $350,000 (25:48) - Story # 3: Hacker claims breach of US location tracking company Gravy Analytics (27:47) - Story # 4: License Plate Readers Are Leaking Real-Time Video Feeds and Vehicle Data (33:18) - Story # 5: US Cyber Trust Mark launches as the Energy Star of smart home security (43:08) - Story # 6: Hackers are exploiting a new Ivanti VPN security bug to hack into company networks (45:09) - Story # 7: Hacker Broke into ‘Path of Exile 2’ Admin Account, Hijacked Wave of Characters (47:35) - Story # 8: Information Stealer Masquerades as LDAPNightmare (CVE-2024-49113) PoC Exploit (54:47) - Story # 9: Ransomware crew abuses AWS native encryption (01:00:40) - Story # 10: Cannabis company Stiiizy says hackers accessed customers’ ID documents

00:00:00 - PreShow Banter™ — Coffee With Wade Wells00:05:41 - BHIS - Talkin’ Bout [infosec] News 2025-01-0600:06:45 - Story # 1: BeyondTrust says hackers breached Remote Support SaaS instances00:13:18 - Things Continued to be ignored in 202500:24:39 - Story # 2: Classified fighter jet specs leaked on War Thunder – again00:28:26 - Story # 3: New Proposed HIPAA Security Rule Changes00:34:33 - Story # 4: The Breachies 2024: The Worst, Weirdest, Most Impactful Data Breaches of the Year00:35:47 - Story # 5: AT&T and Verizon say networks secure after Salt Typhoon breach00:37:20 - Story # 6: Net Neutrality Rules Struck Down by Appeals Court00:41:56 - Story # 7: U.S. Army Soldier Arrested in AT&T, Verizon Extortions00:45:28 - Story # 8: New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy00:48:38 - Story # 9: Meta’s AI Profiles Are Indistinguishable From Terrible Spam That Took Over Facebook00:50:42 - Story # 9b: Meta deletes AI character profiles after backlash, racism accusations00:51:40 - Story # 10: Watch: Tiny robot ‘kidnaps’ 12 big Chinese bots from a Shanghai showroom, shocks world00:55:27 - Story # 11: China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks00:58:42 - Story # 12: Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence01:01:22 - Story # 13: Germany cuts hacker access to 30,000 devices infected with BadBox malware (00:00) - PreShow Banter™ — Coffee With Wade Wells (05:40) - BHIS - Talkin' Bout [infosec] News 2025-01-06 (06:44) - Story # 1: BeyondTrust says hackers breached Remote Support SaaS instances (13:17) - Things Continued to be ignored in 2025 (24:38) - Story # 2: Classified fighter jet specs leaked on War Thunder – again (28:25) - Story # 3: New Proposed HIPAA Security Rule Changes (34:32) - Story # 4: The Breachies 2024: The Worst, Weirdest, Most Impactful Data Breaches of the Year (35:46) - Story # 5: AT&T and Verizon say networks secure after Salt Typhoon breach (37:19) - Story # 6: Net Neutrality Rules Struck Down by Appeals Court (41:55) - Story # 7: U.S. Army Soldier Arrested in AT&T, Verizon Extortions (45:28) - Story # 8: New U.S. DoJ Rule Halts Bulk Data Transfers to Adversarial Nations to Protect Privacy (48:38) - Story # 9: Meta's AI Profiles Are Indistinguishable From Terrible Spam That Took Over Facebook (50:41) - Story # 9b: Meta deletes AI character profiles after backlash, racism accusations (51:40) - Story # 10: Watch: Tiny robot ‘kidnaps’ 12 big Chinese bots from a Shanghai showroom, shocks world (55:27) - Story # 11: China Arrests 4 Who Weaponized ChatGPT for Ransomware Attacks (58:42) - Story # 12: Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence

Explore the wild world of cybersecurity as North Korean hackers pull off a staggering $50 million heist. Delve into the Trump administration's plans for a cyber offensive against China and the fallout from a Krispy Kreme cyberattack that disrupts their online orders. Learn about Europol's takedown of a major DDoS-for-hire network and a worrying data breach at a senior dating site leaking info of 765,000 users. This lively discussion balances serious issues with humor and personal anecdotes that keep you engaged!

00:00 - PreShow Banter™ — A Better Mike04:46 - BHIS - Talkin’ Bout [infosec] News 2024-12-0905:43 - Story # 1: FBI Warns iPhone And Android Users—Stop Sending Texts23:36 - Story # 2: US agency proposes new rule blocking data brokers from selling Americans’ sensitive personal data42:55 - Story # 3: Vodka maker Stoli files for bankruptcy in US after ransomware attack46:48 - Story # 4: British hospitals hit by cyberattacks still battling to get systems back online (00:00) - PreShow Banter™ — A Better Mike (04:46) - BHIS - Talkin' Bout [infosec] News 2024-12-09 (05:43) - Story # 1: FBI Warns iPhone And Android Users—Stop Sending Texts (23:36) - Story # 2: US agency proposes new rule blocking data brokers from selling Americans’ sensitive personal data (42:55) - Story # 3: Vodka maker Stoli files for bankruptcy in US after ransomware attack (46:48) - Story # 4: British hospitals hit by cyberattacks still battling to get systems back online

00:00:00 - PreShow Banter™ — C Squad00:11:03 - BHIS - Talkin’ Bout [infosec] News 2024-12-0200:15:43 - Story # 1: Gaming Engines: An Undetected Playground for Malware Loaders - Check Point Research00:30:41 - Story # 2: FTC finds that smart-device makers fail to make clear how long their products will be supported00:44:47 - Story # 3: US senators propose law to require bare minimum security standards00:46:35 - Story # 4: Starbucks baristas can’t view their schedules after ransomware attack on vendor01:04:26 - Story # 5: Volunteer DEF CON hackers dive into America’s leaky water infrastructure01:08:45 - Shameless Plugs (00:00) - PreShow Banter™ — C Squad (11:02) - BHIS - Talkin' Bout [infosec] News 2024-12-02 (15:42) - Story # 1: Gaming Engines: An Undetected Playground for Malware Loaders - Check Point Research (30:40) - Story # 2: FTC finds that smart-device makers fail to make clear how long their products will be supported (44:46) - Story # 3: US senators propose law to require bare minimum security standards (46:35) - Story # 4: Starbucks baristas can’t view their schedules after ransomware attack on vendor (01:04:26) - Story # 5: Volunteer DEF CON hackers dive into America's leaky water infrastructure (01:08:44) - Shameless Plugs - 40% off all items in the store -- cYb3rM0nD@Y40OFF This discount is good until Tuesday, Dec 2nd at 8pm ET. https://spearphish-general-store.myshopify.com/

00:00:00 - PreShow Banter™ — Discordgate00:09:24 - BHIS - Talkin’ Bout [infosec] News 2024-11-2500:10:46 - Story # 1: DOJ says Google must sell Chrome to crack open its search monopoly00:12:08 - Story # 1b: DOJ’s staggering proposal would hurt consumers and America’s global technological leadership00:19:16 - Story # 2: The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access00:24:37 - Story # 3: Palo Alto Networks tackles firewall-busting zero-days with critical patches00:25:46 - Discordgate Follow Up00:26:26 - Story # 4: Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization00:31:08 - Story # 5: Fintech giant Finastra investigates data breach after SFTP hack00:34:01 - Story # 6: CFPB Finalizes Rule on Federal Oversight of Popular Digital Payment Apps to Protect Personal Data, Reduce Fraud, and Stop Illegal “Debanking”00:38:49 - Story # 7: T-Mobile finally managed to thwart a data breach before it occured00:40:22 - Story # 8: D-Link urges users to retire VPN routers impacted by unfixed RCE flaw00:43:07 - Story # 9: US seizes PopeyeTools cybercrime marketplace, charges administrators00:46:19 - Story # 10: Razzlekhan, crypto’s most embarrassing rapper, is going to prison00:48:31 - Story # 10b: Netflix has a perfectly timed Razzlekhan doc coming out in December00:50:10 - Story # 11: Microsoft Defender Is Not Enough Anymore—This Malware Gets Around It00:55:11 - Story # 12: Microsoft president asks Trump to “push harder” against Russian hacks00:57:02 - Story # 13: Hackers Breach Andrew Tate’s Online ‘University,’ Exposing 800,000 Users01:00:36 - Story # 14: 7-Zip affected by dangerous vulnerability: users must update the app manually01:01:31 - Story # 15: Microsoft disrupts ONNX phishing-as-a-service infrastructure01:03:07 - Story # 16: US charges five linked to Scattered Spider cybercrime gang01:04:25 - Plug: Secure Code Summit 2024 (00:00) - PreShow Banter™ — Discordgate (09:23) - BHIS - Talkin' Bout [infosec] News 2024-11-25 (10:45) - Story # 1: DOJ says Google must sell Chrome to crack open its search monopoly (12:07) - Story # 1b: DOJ’s staggering proposal would hurt consumers and America’s global technological leadership (19:15) - Story # 2: The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access (24:37) - Story # 3: Palo Alto Networks tackles firewall-busting zero-days with critical patches (25:46) - Discordgate Follow Up (26:25) - Story # 4: Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization (31:07) - Story # 5: Fintech giant Finastra investigates data breach after SFTP hack (34:01) - Story # 6: CFPB Finalizes Rule on Federal Oversight of Popular Digital Payment Apps to Protect Personal Data, Reduce Fraud, and Stop Illegal “Debanking” (38:49) - Story # 7: T-Mobile finally managed to thwart a data breach before it occured (40:21) - Story # 8: D-Link urges users to retire VPN routers impacted by unfixed RCE flaw (43:06) - Story # 9: US seizes PopeyeTools cybercrime marketplace, charges administrators (46:19) - Story # 10: Razzlekhan, crypto’s most embarrassing rapper, is going to prison (48:31) - Story # 10b: Netflix has a perfectly timed Razzlekhan doc coming out in December (50:10) - Story # 11: Microsoft Defender Is Not Enough Anymore—This Malware Gets Around It (55:11) - Story # 12: Microsoft president asks Trump to “push harder” against Russian hacks (57:02) - Story # 13: Hackers Breach Andrew Tate's Online 'University,' Exposing 800,000 Users (01:00:36) - Story # 14: 7-Zip affected by dangerous vulnerability: users must update the app manually (01:01:31) - Story # 15: Microsoft disrupts ONNX phishing-as-a-service infrastructure (01:03:06) - Story # 16: US charges five linked to Scattered Spider cybercrime gang (01:04:25) - Plug: Secure Code Summit 2024

00:00 - PreShow Banter™ — Yacht Doc07:40 - BHIS - Talkin’ Bout [infosec] News 2024-11-1808:49 - Story # 1: Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit16:02 - Story # 2: CISA Director Jen Easterly to depart agency on January 2019:26 - Story # 3: Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack28:44 - Story # 4: T-Mobile hacked in massive Chinese breach of telecom networks, WSJ reports30:55 - Story # 4b: T-Mobile confirms it was hacked in recent wave of telecom breaches33:03 - Story # 5: An Interview With the Target & Home Depot Hacker40:04 - Story # 6: Hacker gets 10 years in prison for extorting US healthcare provider42:47 - Story # 7: Ransomware fiends boast they’ve stolen 1.4TB from US pharmacy network44:21 - Story # 8: A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine45:23 - Story # 9: 23andMe cuts 40% of its workforce and discontinues therapeutics division50:38 - Story # 10: FBI, CISA, and NSA reveal most exploited vulnerabilities of 202356:45 - CPTC - Education Through Competition (00:00) - PreShow Banter™ — Yacht Doc (07:39) - BHIS - Talkin' Bout [infosec] News 2024-11-18 (08:49) - Story # 1: Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit (16:01) - Story # 2: CISA Director Jen Easterly to depart agency on January 20 (19:26) - Story # 3: Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack (28:43) - Story # 4: T-Mobile hacked in massive Chinese breach of telecom networks, WSJ reports (30:55) - Story # 4b: T-Mobile confirms it was hacked in recent wave of telecom breaches (33:02) - Story # 5: An Interview With the Target & Home Depot Hacker (40:03) - Story # 6: Hacker gets 10 years in prison for extorting US healthcare provider (42:47) - Story # 7: Ransomware fiends boast they've stolen 1.4TB from US pharmacy network (44:20) - Story # 8: A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine (45:22) - Story # 9: 23andMe cuts 40% of its workforce and discontinues therapeutics division (50:37) - Story # 10: FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (56:44) - CPTC - Education Through Competition

00:00 - PreShow Banter™ — The Old and The New02:27 - BHIS - Talkin’ Bout [infosec] News 2024-11-1103:44 - Story # 1: Mattel pulls thousands of ‘Wicked’ dolls off shelves after printing adult website on packaging08:03 - Story # 2: Office apps crash on Windows 11 24H2 PCs with CrowdStrike antivirus11:41 - Story # 3: Mislabeled patch sends Windows Server 2022 admins on unwanted upgrade to 202516:49 - Story # 4: Suspected Snowflake Hacker Arrested in Canada18:26 - Story # 5: Interpol Cybercrime Sweep Takes Down 22,000 IP Addresses, Arrests 4129:47 - Story # 6: Google Cloud to mandate MFA for all users in 202541:30 - Story # 7: Cisco scores a perfect CVSS 10 with critical flaw in its wireless system49:26 - Story # 8: H.I.G. Capital and Thoma Bravo to Acquire CompTIA Brand and Products59:05 - SANS Holiday Hack Challenge™ 2024 (00:00) - PreShow Banter™ — The Old and The New (02:27) - BHIS - Talkin' Bout [infosec] News 2024-11-11 (03:44) - Story # 1: Mattel pulls thousands of 'Wicked' dolls off shelves after printing adult website on packaging (08:03) - Story # 2: Office apps crash on Windows 11 24H2 PCs with CrowdStrike antivirus (11:41) - Story # 3: Mislabeled patch sends Windows Server 2022 admins on unwanted upgrade to 2025 (16:48) - Story # 4: Suspected Snowflake Hacker Arrested in Canada (18:25) - Story # 5: Interpol Cybercrime Sweep Takes Down 22,000 IP Addresses, Arrests 41 (29:47) - Story # 6: Google Cloud to mandate MFA for all users in 2025 (41:30) - Story # 7: Cisco scores a perfect CVSS 10 with critical flaw in its wireless system (49:26) - Story # 8: H.I.G. Capital and Thoma Bravo to Acquire CompTIA Brand and Products (59:04) - SANS Holiday Hack Challenge™ 2024

00:00:00 - PreShow Banter™ — The Grey Times00:04:33 - BHIS - Talkin’ Bout [infosec] News 2024-11-0400:05:54 - Story # 1: Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files00:16:45 - Story # 2: Follow Up - 5 Things To Know On Delta’s Lawsuit Against CrowdStrike00:17:43 - Story # 2b: CrowdStrike Sues Delta: 5 Key Takeaways00:22:04 - Story # 3: Russian charged by U.S. for creating RedLine infostealer malware00:22:59 - Story # 3b: How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware00:28:09 - Story # 4: Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info00:30:02 - Story # 4b: ‘We strive to put humanity above all’: Disney drops arbitration demand over wrongful death lawsuit after woman died from fatal food allergy00:37:10 - Story # 5: OCR Announces First Financial Penalty Under HIPAA Risk Analysis Enforcement Initiative00:44:54 - Story # 6: Security researchers found a serious zero-click bug in Synology’s Photos app00:50:10 - Story # 7: Inside a Firewall Vendor’s 5-Year War With the Chinese Hackers Hijacking Its Devices00:52:21 - Story # 8: Microsoft wants $30 if you want to delay Windows 11 switch01:00:03 - Story # 9: Colorado Secretary of State posted spreadsheet with voting system passwords (00:00) - PreShow Banter™ — The Grey Times (04:33) - BHIS - Talkin' Bout [infosec] News 2024-11-04 (05:54) - Story # 1: Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files (16:46) - Story # 2: Follow Up - 5 Things To Know On Delta’s Lawsuit Against CrowdStrike (17:44) - Story # 2b: CrowdStrike Sues Delta: 5 Key Takeaways (22:05) - Story # 3: Russian charged by U.S. for creating RedLine infostealer malware (23:00) - Story # 3b: How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware (28:10) - Story # 4: Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info (30:04) - Story # 4b: ‘We strive to put humanity above all’: Disney drops arbitration demand over wrongful death lawsuit after woman died from fatal food allergy (37:11) - Story # 5: OCR Announces First Financial Penalty Under HIPAA Risk Analysis Enforcement Initiative (44:56) - Story # 6: Security researchers found a serious zero-click bug in Synology's Photos app (50:12) - Story # 7: Inside a Firewall Vendor's 5-Year War With the Chinese Hackers Hijacking Its Devices (52:23) - Story # 8: Microsoft wants $30 if you want to delay Windows 11 switch (01:00:06) - Story # 9: Colorado Secretary of State posted spreadsheet with voting system passwords

00:00:00 - PreShow Banter™ — Sarsaparilla00:05:50 - BHIS - Talkin’ Bout [infosec] News 2024-10-2800:06:46 - Story # 1: AWS, Azure auth keys found in Android and iOS apps used by millions00:15:02 - Story # 2: Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs00:29:03 - Story # 3: Delta officially launches lawyers at $500M CrowdStrike problem00:40:60 - Story # 4: New Rules for US National Security Agencies Balance AI’s Promise With Need to Protect Against Risks00:46:25 - Story # 4b: CISA proposes new security requirements to protect govt, personal data00:51:03 - Story # 5: Largest Retail Breach in History: 350 Million “Hot Topic” Customers’ Personal & Payment Data Exposed — As a Result of Infostealer Infection00:55:35 - Story # 6: Throne’s toilet camera takes pictures of your poop01:04:57 - A Community Support Moment - https://www.crisistextline.org (00:00) - PreShow Banter™ — Sarsaparilla (05:49) - BHIS - Talkin' Bout [infosec] News 2024-10-28 (06:45) - Story # 1: AWS, Azure auth keys found in Android and iOS apps used by millions (15:02) - Story # 2: Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs (29:03) - Story # 3: Delta officially launches lawyers at $500M CrowdStrike problem (40:59) - Story # 4: New Rules for US National Security Agencies Balance AI’s Promise With Need to Protect Against Risks (46:25) - Story # 4b: CISA proposes new security requirements to protect govt, personal data (51:02) - Story # 5: Largest Retail Breach in History: 350 Million “Hot Topic” Customers’ Personal & Payment Data Exposed — As a Result of Infostealer Infection (55:35) - Story # 6: Throne’s toilet camera takes pictures of your poop (01:04:56) - A Community Support Moment - https://www.crisistextline.org