Talkin' Bout [Infosec] News

00:00 - PreShow Banter™ — Microsoft Sad Face02:13 - BHIS - Talkin’ Bout [infosec] News 2024-07-2903:08 - Story # 1: Fake CrowdStrike repair manual pushes new infostealer malware15:26 - Story # 1b: 83-year-old man found safe a week after going missing when CrowdStrike outage canceled flight20:39 - Story # 2: Multifactor Authentication Is Not Enough to Protect Cloud Data38:59 - Graphrunner47:19 - Story # 3: Data pilfered from Pentagon IT supplier Leidos57:57 - Story # 4: How a North Korean Fake IT Worker Tried to Infiltrate Us (00:00) - PreShow Banter™ — Microsoft Sad Face (02:13) - BHIS - Talkin' Bout [infosec] News 2024-07-29 (03:08) - Story # 1: Fake CrowdStrike repair manual pushes new infostealer malware (15:26) - Story # 1b: 83-year-old man found safe a week after going missing when CrowdStrike outage canceled flight (20:39) - Story # 2: Multifactor Authentication Is Not Enough to Protect Cloud Data (38:59) - Graphrunner (47:19) - Story # 3: Data pilfered from Pentagon IT supplier Leidos (57:57) - Story # 4: How a North Korean Fake IT Worker Tried to Infiltrate Us

00:00 - PreShow Banter™ — CrowdStroke Memes05:59 - BHIS - Talkin’ Bout [infosec] News 2024-07-2207:01 - Story # 1: A Windows version from 1992 is saving Southwest’s butt right now07:36 - Crowdstrike Global Outage - BHIS - Talkin’ Bout [infosec] #News09:48 - Story # 1b: CrowdStrike’s faulty update crashed 8.5 million Windows devices, says Microsoft12:13 - Story # 1c: Let’s blame the dev who pressed “Deploy”17:23 - Figure 122:14 - Story # 2: DHS Has a DoS Robot to Disable Internet of Things ‘Booby Traps’ Inside Homes25:58 - Story # 3: Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison28:08 - Story # 4: UK Police Arrest Suspect in MGM Ransomware Attack30:49 - Story # 5: Russians plead guilty to involvement in LockBit ransomware attacks33:24 - Story # 6: DHS watchdog rebukes CISA and law enforcement training center for failing to protect data38:32 - Story # 7: Yacht giant MarineMax data breach impacts over 123,000 people40:38 - Story # 8: Sizable Chunk of SEC Charges Against SolarWinds Tossed Out of Court47:14 - Story # 9: The US Supreme Court Kneecapped US Cyber Strategy52:12 - Story # 10: War Thunder does it again, this time with classified documents relating to 3 Russian tanks (00:00) - PreShow Banter™ — CrowdStroke Memes (05:59) - BHIS - Talkin' Bout [infosec] News 2024-07-22 (07:01) - Story # 1: A Windows version from 1992 is saving Southwest’s butt right now (07:36) - Crowdstrike Global Outage - BHIS - Talkin' Bout [infosec] #News (09:48) - Story # 1b: CrowdStrike’s faulty update crashed 8.5 million Windows devices, says Microsoft (12:13) - Story # 1c: Let's blame the dev who pressed "Deploy" (17:23) - Figure 1 (22:14) - Story # 2: DHS Has a DoS Robot to Disable Internet of Things ‘Booby Traps’ Inside Homes (25:58) - Story # 3: Notorious Hacker Kingpin ‘Tank’ Is Finally Going to Prison (28:08) - Story # 4: UK Police Arrest Suspect in MGM Ransomware Attack (30:49) - Story # 5: Russians plead guilty to involvement in LockBit ransomware attacks (33:24) - Story # 6: DHS watchdog rebukes CISA and law enforcement training center for failing to protect data (38:32) - Story # 7: Yacht giant MarineMax data breach impacts over 123,000 people (40:38) - Story # 8: Sizable Chunk of SEC Charges Against SolarWinds Tossed Out of Court (47:14) - Story # 9: The US Supreme Court Kneecapped US Cyber Strategy (52:12) - Story # 10: War Thunder does it again, this time with classified documents relating to 3 Russian tanks

The outage of the decade!

00:00 - PreShow Banter™ — Absolute Madmen02:28 - BHIS - Talkin’ Bout [infosec] News 2024-07-1503:18 - Wi-Fi Forge07:31 - Story # 1: CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth22:39 - Story # 2: AT&T says criminals stole phone records of ‘nearly all’ customers in new data breach33:35 - Story # 3: FTC study finds ‘dark patterns’ used by a majority of subscription apps and websites38:48 - Story # 4: Club Penguin fans breached Disney Confluence server, stole 2.5GB of data41:52 - Story # 5: Heritage Foundation Exec Threatens ‘Gay Furry Hackers’ in Unhinged Texts47:51 - Story # 6: German Navy to replace aging 8-inch floppy drives with an emulated solution for its anti-submarine frigates50:14 - Story # 7: 1.4 GB NSA Data Leaked Online – Email Address, Phone Number & Gov Classified Data Exposed53:56 - Story # 8: Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages (00:00) - PreShow Banter™ — Absolute Madmen (02:28) - BHIS - Talkin' Bout [infosec] News 2024-07-15 (03:18) - Wi-Fi Forge (07:31) - Story # 1: CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth (22:39) - Story # 2: AT&T says criminals stole phone records of ‘nearly all’ customers in new data breach (33:35) - Story # 3: FTC study finds ‘dark patterns’ used by a majority of subscription apps and websites (38:48) - Story # 4: Club Penguin fans breached Disney Confluence server, stole 2.5GB of data (41:52) - Story # 5: Heritage Foundation Exec Threatens ‘Gay Furry Hackers’ in Unhinged Texts (47:51) - Story # 6: German Navy to replace aging 8-inch floppy drives with an emulated solution for its anti-submarine frigates (50:14) - Story # 7: 1.4 GB NSA Data Leaked Online – Email Address, Phone Number & Gov Classified Data Exposed (53:56) - Story # 8: Hackers Claim to Have Leaked 1.1 TB of Disney Slack Messages

00:00 - PreShow Banter™ — A Bunch of Lunatics05:09 - BHIS - Talkin’ Bout [infosec] News 2024-07-0808:41 - Story # 1: Europol takes down 593 Cobalt Strike servers used by cybercriminals09:54 - Story # 1b: National Crime Agency leads international operation to degrade illegal versions of Cobalt Strike15:17 - Story # 2: ‘RockYou2024’: Nearly 10 billion passwords leaked online22:12 - Story # 3: Ticketmaster Breach: ShinyHunters Leak 440K Taylor Swift Eras Tour Ticket Data24:20 - Story # 3b: Hackers reverse-engineer Ticketmaster’s barcode system to unlock resales on other platforms27:41 - Story # 4: US Supreme Court ruling will likely cause cyber regulation chaos39:39 - Story # 5: California Advances Unique Safety Regulations for AI Companies Despite Tech Firm opposition41:13 - Story # 5b: Senator Scott Wiener43:45 - Story # 6: OpenAI Did Not Disclose 2023 Breach to Feds, Public: Report53:10 - Story # 7: Microsoft’s Midnight Blizzard source code breach also impacted federal agencies55:27 - Story # 8: Japan’s Government Finally Stops Using Floppy Disks57:48 - Story # 9: This smart toilet paper monitor tells you when you need a new roll58:50 - Story # 10: Twilio says hackers identified cell phone numbers of two-factor app Authy users (00:00) - PreShow Banter™ — A Bunch of Lunatics (05:09) - BHIS - Talkin' Bout [infosec] News 2024-07-08 (08:41) - Story # 1: Europol takes down 593 Cobalt Strike servers used by cybercriminals (09:54) - Story # 1b: National Crime Agency leads international operation to degrade illegal versions of Cobalt Strike (15:17) - Story # 2: ‘RockYou2024’: Nearly 10 billion passwords leaked online (22:12) - Story # 3: Ticketmaster Breach: ShinyHunters Leak 440K Taylor Swift Eras Tour Ticket Data (24:20) - Story # 3b: Hackers reverse-engineer Ticketmaster’s barcode system to unlock resales on other platforms (27:41) - Story # 4: US Supreme Court ruling will likely cause cyber regulation chaos (39:39) - Story # 5: California Advances Unique Safety Regulations for AI Companies Despite Tech Firm opposition (41:13) - Story # 5b: Senator Scott Wiener (43:45) - Story # 6: OpenAI Did Not Disclose 2023 Breach to Feds, Public: Report (53:10) - Story # 7: Microsoft’s Midnight Blizzard source code breach also impacted federal agencies (55:27) - Story # 8: Japan's Government Finally Stops Using Floppy Disks (57:48) - Story # 9: This smart toilet paper monitor tells you when you need a new roll (58:50) - Story # 10: Twilio says hackers identified cell phone numbers of two-factor app Authy users

00:00 - PreShow Banter™ — Ice Cream Season07:22 - BHIS - Talkin’ Bout [infosec] News 2024-07-0107:48 - Story # 1: TeamViewer’s corporate network was breached in alleged APT hack09:11 - Story # 1b: TeeamViewer Security Update – June 28, 2024, 12:10 PM CEST16:33 - Story # 2: Supreme Court orders new look at Texas, Florida social media laws21:32 - Story # 3: New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems24:52 - Story # 4: CISA: Most critical open source projects not using memory safe code40:03 - Story # 5: Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released42:35 - Story # 6: South Korean telecom company attacks customers with malware — over 600,000 torrent users report missing files, strange folders, and disabled PCs49:24 - Story # 7: Drone As First Responder Programs Are Swarming Across the United States55:22 - GRC Rapid Fire (00:00) - PreShow Banter™ — Ice Cream Season (07:22) - BHIS - Talkin' Bout [infosec] News 2024-07-01 (07:48) - Story # 1: TeamViewer's corporate network was breached in alleged APT hack (09:11) - Story # 1b: TeeamViewer Security Update – June 28, 2024, 12:10 PM CEST (16:33) - Story # 2: Supreme Court orders new look at Texas, Florida social media laws (21:32) - Story # 3: New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems (24:52) - Story # 4: CISA: Most critical open source projects not using memory safe code (40:03) - Story # 5: Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released (42:35) - Story # 6: South Korean telecom company attacks customers with malware — over 600,000 torrent users report missing files, strange folders, and disabled PCs (49:24) - Story # 7: Drone As First Responder Programs Are Swarming Across the United States (55:22) - GRC Rapid Fire

00:00 - PreShow Banter™ — Life is a Highway04:28 - BHIS - Talkin’ Bout [infosec] News 2024-06-2405:30 - Story # 1: Colorado Privacy Act Amended To Include Biometric Data Provisions14:18 - Story # 2: Scathing report on Medibank cyberattack highlights unenforced MFA24:30 - Story # 3: CDK suffered another data breach as it was attempting to recover35:08 - Story # 4: LockBit claims the hack of the US Federal Reserve40:00 - Story # 5: Amazon-Powered AI Cameras Used to Detect Emotions of Unwitting UK Train Passengers45:36 - Story # 6: That PowerShell ‘fix’ for your root cert ‘problem’ is a malware loader in disguise 51:13 - Story # 7: US sanctions Kaspersky Lab executives, board members over ‘cooperation’ with Russia 53:23 - Story # 7b: Treasury Sanctions Kaspersky Lab Leadership in Response to Continued Cybersecurity Risks (00:00) - PreShow Banter™ — Life is a Highway (04:28) - BHIS - Talkin' Bout [infosec] News 2024-06-24 (05:30) - Story # 1: Colorado Privacy Act Amended To Include Biometric Data Provisions (14:18) - Story # 2: Scathing report on Medibank cyberattack highlights unenforced MFA (24:30) - Story # 3: CDK suffered another data breach as it was attempting to recover (35:08) - Story # 4: LockBit claims the hack of the US Federal Reserve (40:00) - Story # 5: Amazon-Powered AI Cameras Used to Detect Emotions of Unwitting UK Train Passengers (45:36) - Story # 6: That PowerShell 'fix' for your root cert 'problem' is a malware loader in disguise (51:13) - Story # 7: US sanctions Kaspersky Lab executives, board members over ‘cooperation’ with Russia (53:23) - Story # 7b: Treasury Sanctions Kaspersky Lab Leadership in Response to Continued Cybersecurity Risks

00:00 - PreShow Banter™ — Hungry Hungry Hipaa03:39 - BHIS - Talkin’ Bout [infosec] News 2024-06-17 05:40 - Story # 1: Windows security hole allows attackers to install malware via Wi-Fi — new patch plugs gaping vulnerability16:27 - Story # 2: Microsoft’s all-knowing Recall AI feature is being delayed25:34 - Story # 3: Here’s how Apple’s AI model tries to keep your data private32:27 - Story # 4: New Linux malware is controlled through emojis sent from Discord35:28 - Story # 5: Pure Storage confirms data breach after Snowflake account hack38:44 - Story # 6: Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says  (00:00) - PreShow Banter™ — Hungry Hungry Hipaa (03:39) - BHIS - Talkin' Bout [infosec] News 2024-06-17 (05:40) - Story # 1: Windows security hole allows attackers to install malware via Wi-Fi — new patch plugs gaping vulnerability (16:27) - Story # 2: Microsoft’s all-knowing Recall AI feature is being delayed (25:34) - Story # 3: Here’s how Apple’s AI model tries to keep your data private (32:27) - Story # 4: New Linux malware is controlled through emojis sent from Discord (35:28) - Story # 5: Pure Storage confirms data breach after Snowflake account hack (38:44) - Story # 6: Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says

00:00 - PreShow Banter™ — Louie is Live04:53 - BHIS - Talkin’ Bout [infosec] News 2024-06-1007:09 - Story # 1: UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion18:39 - Story # 2: Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.39:02 - Story # 3: TikTok fixes zero-day bug used to hijack high-profile accounts41:34 - Story # 4: The Age of the Drone Police Is Here52:07 - Story # 5: London hospitals declare emergency following ransomware attack54:45 - Story # 6: Former Senior Executive and Former Sales Manager Convicted of Selling Data on Millions of U.S. Consumers to Perpetrators of Mail Fraud Schemes56:40 - Story # 7: FBI Kicks Hackers In The Teeth With Free 7,000 Ransomware Key Giveaway57:32 - Story # 8: FCC OKs pilot to bolster school, library cybersecurity  (00:00) - PreShow Banter™ — Louie is Live (04:53) - BHIS - Talkin' Bout [infosec] News 2024-06-10 (07:09) - Story # 1: UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion (18:39) - Story # 2: Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. (39:02) - Story # 3: TikTok fixes zero-day bug used to hijack high-profile accounts (41:34) - Story # 4: The Age of the Drone Police Is Here (52:07) - Story # 5: London hospitals declare emergency following ransomware attack (54:45) - Story # 6: Former Senior Executive and Former Sales Manager Convicted of Selling Data on Millions of U.S. Consumers to Perpetrators of Mail Fraud Schemes (56:40) - Story # 7: FBI Kicks Hackers In The Teeth With Free 7,000 Ransomware Key Giveaway (57:32) - Story # 8: FCC OKs pilot to bolster school, library cybersecurity

00:00:00 - PreShow Banter™ — In an RV down by the dumpster 00:07:39 - BHIS - Talkin’ Bout [infosec] News 2024-06-03 00:09:21 - Story # 1: Ticketmaster confirms massive breach after stolen data for sale online 00:10:46 - Story # 1b: Snowflake, Cloud Storage Giant, Suffers Massive Breach: Hacker Confirms to Hudson Rock Access Through Infostealer Infection 00:13:03 - Story # 1c: Detecting and Preventing Unauthorized User Access: Instructions 00:13:42 - Story # 1d: Snowflake Denies Responsibility for Ticketmaster, Santander Breaches 00:21:21 - Story # 2: Chinese hackers hide on military and govt networks for 6 years 00:29:17 - Story # 3: Federal agency warns critical Linux vulnerability being actively exploited 00:34:19 - Story # 4: US dismantles 911 S5 botnet used for cyberattacks, arrests admin 00:39:19 - Story # 4b: How the FBI’s fake cell phone company put criminals into real jail cells 00:43:48 - Story # 5: Exploit released for maximum severity Fortinet RCE bug, patch now 00:46:09 - Story # 6: Enforcement Alert: Drinking Water Systems to Address Cybersecurity Vulnerabilities 00:54:44 - Story # 6b: Hackers attempt to poison Florida city’s water supply near Super Bowl 01:03:32 - Story # 7: GPT-4o’s Chinese token-training data is polluted by spam and porn websites  (00:00) - PreShow Banter™ — In an RV down by the dumpster (07:39) - BHIS - Talkin' Bout [infosec] News 2024-06-03 (09:21) - Story # 1: Ticketmaster confirms massive breach after stolen data for sale online (10:46) - Story # 1b: Snowflake, Cloud Storage Giant, Suffers Massive Breach: Hacker Confirms to Hudson Rock Access Through Infostealer Infection (13:03) - Story # 1c: Detecting and Preventing Unauthorized User Access: Instructions (13:42) - Story # 1d: Snowflake Denies Responsibility for Ticketmaster, Santander Breaches (21:21) - Story # 2: Chinese hackers hide on military and govt networks for 6 years (29:17) - Story # 3: Federal agency warns critical Linux vulnerability being actively exploited (34:19) - Story # 4: US dismantles 911 S5 botnet used for cyberattacks, arrests admin (39:19) - Story # 4b: How the FBI's fake cell phone company put criminals into real jail cells (43:48) - Story # 5: Exploit released for maximum severity Fortinet RCE bug, patch now (46:09) - Story # 6: Enforcement Alert: Drinking Water Systems to Address Cybersecurity Vulnerabilities (54:44) - Story # 6b: Hackers attempt to poison Florida city's water supply near Super Bowl (01:03:32) - Story # 7: GPT-4o’s Chinese token-training data is polluted by spam and porn websites