Talkin' Bout [Infosec] News

00:00:00 - PreShow Banter™ — Log Con00:11:41 - BHIS - Talkin’ Bout [infosec] News 2024-10-2100:12:51 - Story # 1: Internet Archive exposed again – this time through Zendesk00:14:57 - Story # 1b: Hackers steal information from 31 million Internet Archive users00:20:42 - Story # 2: Sophos buys Secureworks for $859 mln to beef up cybersecurity portfolio00:24:21 - Story # 3: USDoD hacker behind National Public Data breach arrested in Brazil00:27:12 - Story # 4: Debunking Hype: China Hasn’t Broken Military Encryption With Quantum00:32:14 - Story # 5: Microsoft said it lost weeks of security logs for its customers’ cloud products00:35:03 - Story # 6: Should We Chat, Too? FAQ00:40:05 - Story # 7: More than two dozen countries have used internet outages to sway elections00:43:50 - Story # 8: Pokemon dev Game Freak confirms breach after stolen data leaks online00:46:32 - Story # 9: Hackers made robot vacuums randomly yell racial slurs00:49:19 - Story # 9b: We hacked a robot vacuum — and could watch live through its camera00:50:19 - Story # 10: The government is getting fed up with ransomware payments fueling endless cycle of cyberattacks00:54:55 - Story # 11: Google’s Chrome Browser Starts Disabling uBlock Origin01:01:00 - WWHF Recorvery (00:00) - PreShow Banter™ — Log Con (11:41) - BHIS - Talkin' Bout [infosec] News 2024-10-21 (12:50) - Story # 1: Internet Archive exposed again – this time through Zendesk (14:56) - Story # 1b: Hackers steal information from 31 million Internet Archive users (20:42) - Story # 2: Sophos buys Secureworks for $859 mln to beef up cybersecurity portfolio (24:20) - Story # 3: USDoD hacker behind National Public Data breach arrested in Brazil (27:11) - Story # 4: Debunking Hype: China Hasn't Broken Military Encryption With Quantum (32:13) - Story # 5: Microsoft said it lost weeks of security logs for its customers’ cloud products (35:02) - Story # 6: Should We Chat, Too? FAQ (40:05) - Story # 7: More than two dozen countries have used internet outages to sway elections (43:49) - Story # 8: Pokemon dev Game Freak confirms breach after stolen data leaks online (46:32) - Story # 9: Hackers made robot vacuums randomly yell racial slurs (49:18) - Story # 9b: We hacked a robot vacuum — and could watch live through its camera (50:19) - Story # 10: The government is getting fed up with ransomware payments fueling endless cycle of cyberattacks (54:54) - Story # 11: Google's Chrome Browser Starts Disabling uBlock Origin (01:01:00) - WWHF Recorvery

00:00:00 - PreShow Banter™ — Cast of Special Characters00:06:37 - BHIS - Talkin’ Bout [infosec] News 2024-09-3000:08:06 - Story # 1: CUPS flaws enable Linux remote code execution, but there’s a catch00:23:40 - Story # 2: US Capitol Hit by Massive Dark Web Cyber Attack - Newsweek00:27:40 - Story # 2b: ‘I’m a black NAZI!’: NC GOP nominee for governor made dozens of disturbing comments on porn forum00:35:57 - Story # 3: NIST proposes barring some of the most nonsensical password rules00:47:01 - Story # 3b: Why Two-Factor Authentication Is So Important - Teen Vogue00:54:04 - Story # 4: Hacker plants false memories in ChatGPT to steal user data in perpetuity01:00:42 - Story # 5: Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug01:02:54 - Story # 6: Massive E-Learning Platform Udemy Gave Teachers a Gen AI ‘Opt-Out Window’. It’s Already Over. (00:00) - PreShow Banter™ — Cast of Special Characters (06:37) - BHIS - Talkin' Bout [infosec] News 2024-09-30 (08:06) - Story # 1: CUPS flaws enable Linux remote code execution, but there’s a catch (23:39) - Story # 2: US Capitol Hit by Massive Dark Web Cyber Attack - Newsweek (27:40) - Story # 2b: ‘I’m a black NAZI!’: NC GOP nominee for governor made dozens of disturbing comments on porn forum (35:56) - Story # 3: NIST proposes barring some of the most nonsensical password rules (47:00) - Story # 3b: Why Two-Factor Authentication Is So Important - Teen Vogue (54:03) - Story # 4: Hacker plants false memories in ChatGPT to steal user data in perpetuity (01:00:42) - Story # 5: Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug (01:02:53) - Story # 6: Massive E-Learning Platform Udemy Gave Teachers a Gen AI 'Opt-Out Window'. It's Already Over.

00:00 - PreShow Banter™ — Plane Talk05:50 - BHIS - Talkin’ Bout [infosec] News 2024-09-2306:16 - A SANS Difference Maker Award Finalist09:47 - Story # 1: Pagers attack brings to life long-feared supply chain threat24:08 - Story # 2: Recaptcha Phish - John Hammond25:49 - Story # 2b: Clever ‘GitHub Scanner’ campaign abusing repos to push malware30:05 - Story # 3: Lazarus Group Targets Developers in Fresh VMConnect Campaign35:22 - Story # 4: LinkedIn Addresses User Data Collection for AI Training37:40 - Story # 5: Disney ditching Slack after massive July data breach41:42 - Story # 6: FTC exposes massive surveillance of kids, teens by social media giants51:35 - Story # 7: Kaspersky deletes itself, installs UltraAV antivirus without warning (00:00) - PreShow Banter™ — Plane Talk (05:49) - BHIS - Talkin' Bout [infosec] News 2024-09-23 (06:15) - A SANS Difference Maker Award Finalist (09:46) - Story # 1: Pagers attack brings to life long-feared supply chain threat (24:08) - Story # 2: Recaptcha Phish - John Hammond (25:49) - Story # 2b: Clever 'GitHub Scanner' campaign abusing repos to push malware (30:05) - Story # 3: Lazarus Group Targets Developers in Fresh VMConnect Campaign (35:22) - Story # 4: LinkedIn Addresses User Data Collection for AI Training (37:39) - Story # 5: Disney ditching Slack after massive July data breach (41:42) - Story # 6: FTC exposes massive surveillance of kids, teens by social media giants (51:35) - Story # 7: Kaspersky deletes itself, installs UltraAV antivirus without warning

00:00 - PreShow Banter™ — Pour Over News06:01 - BHIS - Talkin’ Bout [infosec] News 2024-09-1607:14 - Story # 1: Fortinet confirms data breach after hacker claims to steal 440GB of files15:37 - Story # 2: Snowflake slams ‘more MFA’ button again – months after Ticketmaster, Santander breaches21:30 - Story # 3: Omnipresent AI cameras will ensure good behavior, says Larry Ellison28:11 - Story # 4: Mastercard bolsters threat intelligence capabilities with $2.65 billion deal for Recorded Future34:27 - Story # 5: Cyber insurance set for explosive growth40:20 - Story # 6: 23andMe will pay $30 million to settle 2023 data breach lawsuit45:25 - Story # 7: Google faces EU investigation over AI data compliance50:35 - Story # 8: Rogue WHOIS server gives researcher superpowers no one should ever have (00:00) - PreShow Banter™ — Pour Over News (06:01) - BHIS - Talkin' Bout [infosec] News 2024-09-16 (07:14) - Story # 1: Fortinet confirms data breach after hacker claims to steal 440GB of files (15:36) - Story # 2: Snowflake slams 'more MFA' button again – months after Ticketmaster, Santander breaches (21:29) - Story # 3: Omnipresent AI cameras will ensure good behavior, says Larry Ellison (28:11) - Story # 4: Mastercard bolsters threat intelligence capabilities with $2.65 billion deal for Recorded Future (34:27) - Story # 5: Cyber insurance set for explosive growth (40:19) - Story # 6: 23andMe will pay $30 million to settle 2023 data breach lawsuit (45:24) - Story # 7: Google faces EU investigation over AI data compliance (50:35) - Story # 8: Rogue WHOIS server gives researcher superpowers no one should ever have

00:00 - Introduction01:22 - The Scenario02:50 - First Steps03:48 - Endpoint Analysis Roll04:22 - Logon Scripts Were installed05:09 - I.R. Team Introductions07:17 - Second Step10:32 - Network Threat Hunting Roll11:36 - Third Step15:12 - Anyway Here’s Firewall Roll15:43 - Fourth Step18:26 - SIEM Roll19:41 - Fifth Step20:47 - UEBA Roll21:19 - Senario Recap22:20 - Senario Plausibility?25:51 - Wrap-up Takeaways (00:00) - Introduction (01:21) - The Scenario (02:50) - First Steps (03:47) - Endpoint Analysis Roll (04:21) - Logon Scripts Were installed (05:09) - I.R. Team Introductions (07:16) - Second Step (10:32) - Network Threat Hunting Roll (11:36) - Third Step (15:12) - Anyway Here's Firewall Roll (15:42) - Fourth Step (18:26) - SIEM Roll (19:41) - Fifth Step (20:47) - UEBA Roll (21:18) - Senario Recap (22:19) - Senario Plausibility? (25:50) - Wrap-up Takeaways

00:00 - PreShow Banter™ — Revenge of the Nerds / More Chicken Related Crimes05:19 - N.Y. Official Charged With Taking Money, Travel and Poultry to Aid China09:23 - BHIS - Talkin’ Bout [infosec] News 2024-09-0909:50 - Story # 1: YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel20:35 - Story # 2: Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database25:24 - Story # 3: California legislature passes sweeping AI safety bill38:02 - Story # 4: Brain Cipher claims attack on Olympic venue, promises 300 GB data leak41:59 - Story # 5: How Navy chiefs conspired to get themselves illegal warship Wi-Fi42:45 - Story # 5b: After seeing Wi-Fi network named “STINKY,” Navy found hidden Starlink dish on US warship49:18 - Story # 6: Researchers say a bug let them add fake pilots to rosters used for TSA checks51:32 - Story # 7: Durex India spilled customers’ private order data54:53 - Story # 8: City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack (00:00) - PreShow Banter™ — Revenge of the Nerds / More Chicken Related Crimes (05:19) - N.Y. Official Charged With Taking Money, Travel and Poultry to Aid China (09:23) - BHIS - Talkin' Bout [infosec] News 2024-09-09 (09:50) - Story # 1: YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (20:34) - Story # 2: Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database (25:23) - Story # 3: California legislature passes sweeping AI safety bill (38:02) - Story # 4: Brain Cipher claims attack on Olympic venue, promises 300 GB data leak (41:59) - Story # 5: How Navy chiefs conspired to get themselves illegal warship Wi-Fi (42:44) - Story # 5b: After seeing Wi-Fi network named “STINKY,” Navy found hidden Starlink dish on US warship (49:18) - Story # 6: Researchers say a bug let them add fake pilots to rosters used for TSA checks (51:32) - Story # 7: Durex India spilled customers’ private order data (54:53) - Story # 8: City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack

00:00 - PreShow Banter™ — Move to Signal03:47 - BHIS - Talkin’ Bout [infosec] News 2024-08-2604:37 - Story # 1: Pavel Durov’s Arrest Leaves Telegram Hanging in the Balance11:03 - Story # 1b: Moxie on X.com23:17 - Story # 2: Unveiling “sedexp”: A Stealthy Linux Malware Exploiting udev Rules29:39 - Story # 3: Seattle airport ‘possible cyberattack’ snarls travel yet again32:42 - Story # 4: Iran named as source of Trump campaign phish, leaks38:53 - Story # 5: Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months44:11 - Story # 6: Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide47:26 - Story # 7: New ‘ALBeast’ Misconfiguration Exposes Weakness in AWS Application Load Balancer48:52 - Story # 8: “We will hold them accountable”: General Motors sued for selling customer driving data to third parties (00:00) - PreShow Banter™ — Move to Signal (03:47) - BHIS - Talkin' Bout [infosec] News 2024-08-26 (04:37) - Story # 1: Pavel Durov’s Arrest Leaves Telegram Hanging in the Balance (11:03) - Story # 1b: Moxie on X.com (23:17) - Story # 2: Unveiling "sedexp": A Stealthy Linux Malware Exploiting udev Rules (29:39) - Story # 3: Seattle airport 'possible cyberattack' snarls travel yet again (32:42) - Story # 4: Iran named as source of Trump campaign phish, leaks (38:52) - Story # 5: Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months (44:10) - Story # 6: Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide (47:25) - Story # 7: New 'ALBeast' Misconfiguration Exposes Weakness in AWS Application Load Balancer (48:51) - Story # 8: “We will hold them accountable”: General Motors sued for selling customer driving data to third parties

00:00:00 - PreShow Banter™ — Nine Years for Chicken Wings00:08:19 - BHIS - Talkin’ Bout [infosec] News 2024-08-1900:09:03 - Story # 1: NationalPublicData.com Hack Exposes a Nation’s Data00:18:17 - Story # 1b: National Public Data Published Its Own Passwords00:25:01 - Story # 2: RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks00:26:52 - Story # 3: T-Mobile fined $60 million for failing to stop data breaches00:34:03 - Story # 4: Massive Cyber Attack On AWS Targets 230 Million Unique Cloud Environments00:45:43 - Story # 5: The US wants to use facial recognition to identify migrant children as they age00:54:16 - Story # 6: Six ransomware gangs behind over 50% of 2024 attacks00:59:56 - Story # 7: US accuses man of being ‘elite’ ransomware pioneer they’ve hunted for years01:01:57 - Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World’s Deadliest Crooks (00:00) - PreShow Banter™ — Nine Years for Chicken Wings (08:19) - BHIS - Talkin' Bout [infosec] News 2024-08-19 (09:02) - Story # 1: NationalPublicData.com Hack Exposes a Nation’s Data (18:17) - Story # 1b: National Public Data Published Its Own Passwords (25:01) - Story # 2: RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks (26:52) - Story # 3: T-Mobile fined $60 million for failing to stop data breaches (34:02) - Story # 4: Massive Cyber Attack On AWS Targets 230 Million Unique Cloud Environments (45:42) - Story # 5: The US wants to use facial recognition to identify migrant children as they age (54:16) - Story # 6: Six ransomware gangs behind over 50% of 2024 attacks (59:55) - Story # 7: US accuses man of being 'elite' ransomware pioneer they've hunted for years (01:01:56) - Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World's Deadliest Crooks

00:00 - PreShow Banter™ — Scotty’s Pizza (Not Sponsored)03:38 - BHIS - Talkin’ Bout [infosec] News 2024-08-1203:59 - Hacker Summer Camp Report 202408:56 - Story # 1: ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections14:26 - Story # 2: Black Hat USA 2024, DEF CON 32 attendees treated like children – or criminals – with invasive hotel room checks29:49 - Story # 3: DEF CON Badge Maker Pulled Off Stage Amid Claims of Non-Payment and Failed Work30:06 - New raspberry pi chip in badge33:31 - Story # 4: Exploit released for Cisco SSM bug allowing admin password changes34:12 - Story # 5: 0.0.0.0 Day: Exploiting Localhost APIs From the Browser38:02 - Story # 6: Intelligence bill would elevate ransomware to a terrorist threat44:36 - Story # 6b: Proposed bill would block large ransomware payments by financial institutions46:26 - Story # 6c: Report shows decreased ransomware payments54:26 - Story # 7: After global IT meltdown, CrowdStrike courts hackers with action figures and gratitude55:12 - Story # 8: CrowdStrike pursuing deal to buy patch management specialist Action157:24 - Story # 9: Microsoft punches back at Delta Air Lines and its legal threats (00:00) - PreShow Banter™ — Scotty's Pizza (Not Sponsored) (03:38) - BHIS - Talkin' Bout [infosec] News 2024-08-12 (03:59) - Hacker Summer Camp Report 2024 (08:55) - Story # 1: ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections (14:25) - Story # 2: Black Hat USA 2024, DEF CON 32 attendees treated like children – or criminals – with invasive hotel room checks (29:49) - Story # 3: DEF CON Badge Maker Pulled Off Stage Amid Claims of Non-Payment and Failed Work (30:05) - New raspberry pi chip in badge (33:31) - Story # 4: Exploit released for Cisco SSM bug allowing admin password changes (34:11) - Story # 5: 0.0.0.0 Day: Exploiting Localhost APIs From the Browser (38:02) - Story # 6: Intelligence bill would elevate ransomware to a terrorist threat (44:35) - Story # 6b: Proposed bill would block large ransomware payments by financial institutions (46:26) - Story # 6c: Report shows decreased ransomware payments (54:26) - Story # 7: After global IT meltdown, CrowdStrike courts hackers with action figures and gratitude (55:11) - Story # 8: CrowdStrike pursuing deal to buy patch management specialist Action1 (57:24) - Story # 9: Microsoft punches back at Delta Air Lines and its legal threats

00:00 - PreShow Banter™ — What’s the f___03:34 - BHIS - Talkin’ Bout [infosec] News 2024-08-0506:57 - Story # 1: Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails23:57 - Story # 2: Bumble and Hinge allowed stalkers to pinpoint users’ locations down to 2 meters, researchers say36:47 - Story # 3: Eavesdropping on HDMI cables can reveal computer screen’s content37:43 - Story # 3b Hak5 Screen Crab39:18 - Story # 4: Microsoft says massive Azure outage was caused by DDoS attack43:31 - Story # 5: CrowdStrike says it’s not to blame for Delta’s days-long outage55:34 - Story # 6: CrowdStrike sued by investors over massive global IT outage (00:00) - PreShow Banter™ — What's the f___ (03:34) - BHIS - Talkin' Bout [infosec] News 2024-08-05 (06:57) - Story # 1: Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails (23:57) - Story # 2: Bumble and Hinge allowed stalkers to pinpoint users’ locations down to 2 meters, researchers say (36:47) - Story # 3: Eavesdropping on HDMI cables can reveal computer screen’s content (37:43) - Story # 3b Hak5 Screen Crab (39:18) - Story # 4: Microsoft says massive Azure outage was caused by DDoS attack (43:31) - Story # 5: CrowdStrike says it’s not to blame for Delta’s days-long outage (55:34) - Story # 6: CrowdStrike sued by investors over massive global IT outage