Talkin' Bout [Infosec] News

00:00 - PreShow Banter™ — Antichafing Training.04:31 - BHIS - Talkin’ Bout [infosec] News 2024-05-2007:12 - Story # 1: Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach29:49 - Story # 2: Palo Alto Networks is buying security assets from IBM to expand customer base36:50 - Story # 3: Charges and Seizures Brought in Fraud Scheme Aimed at Denying Revenue for Workers Associated with North Korea43:55 - Story # 4: FCC might require telecoms to report on securing internet’s BGP technology52:45 - Story # 5: Slack under attack over sneaky AI training policy (00:00) - PreShow Banter™ — Antichafing Training. (04:31) - BHIS - Talkin' Bout [infosec] News 2024-05-20 (07:12) - Story # 1: Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach (29:49) - Story # 2: Palo Alto Networks is buying security assets from IBM to expand customer base (36:50) - Story # 3: Charges and Seizures Brought in Fraud Scheme Aimed at Denying Revenue for Workers Associated with North Korea (43:55) - Story # 4: FCC might require telecoms to report on securing internet's BGP technology (52:45) - Story # 5: Slack under attack over sneaky AI training policy

00:00 - PreShow Banter™ — World Class RSA Cookies04:49 - BHIS - Talkin’ Bout [infosec] News 2024-05-1406:33 - Story # 1: Zscaler takes “test environment” offline after rumors of a breach18:48 - Story # 2: Okta’s security chief on the company’s own cyberattack and how the ‘battleground’ has shifted43:36 - Story # 3: Leaked FBI email stresses need for warrantless surveillance of Americans48:46 - Story # 4: Despite big tech lobbying, Maryland passes two internet privacy bills52:26 - Story # 4b: The Anxious Generation53:46 - Story # 5:Hackers are now targeting the children of corporate executives in elaborate ransomware attacks (00:00) - PreShow Banter™ — World Class RSA Cookies (04:49) - BHIS - Talkin' Bout [infosec] News 2024-05-14 (06:33) - Story # 1: Zscaler takes "test environment" offline after rumors of a breach (18:48) - Story # 2: Okta’s security chief on the company’s own cyberattack and how the ‘battleground’ has shifted (43:36) - Story # 3: Leaked FBI email stresses need for warrantless surveillance of Americans (48:46) - Story # 4: Despite big tech lobbying, Maryland passes two internet privacy bills (52:26) - Story # 4b: The Anxious Generation (53:46) - Story # 5:Hackers are now targeting the children of corporate executives in elaborate ransomware attacks

00:00 - PreShow Banter™ — RSA Power Moves08:14 - BHIS - Talkin’ Bout [infosec] News 2024-05-0609:49 - Story # 1: Shortridge Makes Sense of the 2024 Verizon DBIR15:04 - Story # 2: A recent security incident involving Dropbox Sign20:30 - Story # 3: Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover28:40 - Story # 4: Millions of Docker repos found pushing malware, phishing sites32:53 - Story # 5: 1,400 GitLab Servers Impacted by Exploited Vulnerability42:07 - Story # 6: LastPass goes independent over a year after serious breaches50:16 - Cyber Security Basics for Muggles & Minions with Ashley and Chris50:40 - Story # 7: Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million54:12 - Story # 8: Lockbit’s seized site comes alive to tease new police announcements56:27 - Story # 9: Systemd v256 Introduces run0: A Safer Alternative to sudo (00:00) - PreShow Banter™ — RSA Power Moves (08:14) - BHIS - Talkin' Bout [infosec] News 2024-05-06 (09:49) - Story # 1: Shortridge Makes Sense of the 2024 Verizon DBIR (15:04) - Story # 2: A recent security incident involving Dropbox Sign (20:30) - Story # 3: Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover (28:40) - Story # 4: Millions of Docker repos found pushing malware, phishing sites (32:53) - Story # 5: 1,400 GitLab Servers Impacted by Exploited Vulnerability (42:07) - Story # 6: LastPass goes independent over a year after serious breaches (50:16) - Cyber Security Basics for Muggles & Minions with Ashley and Chris (50:40) - Story # 7: Ukrainian REvil Hacker Sentenced to 13 Years and Ordered to Pay $16 Million (54:12) - Story # 8: Lockbit's seized site comes alive to tease new police announcements (56:27) - Story # 9: Systemd v256 Introduces run0: A Safer Alternative to sudo

00:00 - BHIS - Talkin’ Bout [infosec] News 2024-04-29 02:33 - Story # 1: Cyber Hygiene Helps Organizations Mitigate Ransomware-Related Vulnerabilities 10:38 - Story # 2: ‘Admin’ and ‘12345’ banned from being used as passwords in UK crackdown on cyber attacks 16:34 - Story # 3: Maximum severity Flowmon bug has a public exploit, patch now 21:06 - Story # 3b: CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon 22:45 - Story # 4:GitHub comments abused to push malware via Microsoft repo URLs 30:52 - Story # 5: Security bugs in popular phone-tracking app iSharing exposed users’ precise locations 36:47 - Story # 6: Biden signs bill criticized as “major expansion of warrantless surveillance” 49:38 - Story # 7: ChatGPT’s hallucinations draw EU privacy complaint 57:46 - Story # 8: Sweden’s liquor shelves to run empty this week due to ransomware attack (00:00) - BHIS - Talkin' Bout [infosec] News 2024-04-29 (02:33) - Story # 1: Cyber Hygiene Helps Organizations Mitigate Ransomware-Related Vulnerabilities (10:38) - Story # 2: 'Admin' and '12345' banned from being used as passwords in UK crackdown on cyber attacks (16:34) - Story # 3: Maximum severity Flowmon bug has a public exploit, patch now (21:06) - Story # 3b: CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon (22:45) - Story # 4:GitHub comments abused to push malware via Microsoft repo URLs (30:52) - Story # 5: Security bugs in popular phone-tracking app iSharing exposed users’ precise locations (36:47) - Story # 6: Biden signs bill criticized as “major expansion of warrantless surveillance” (49:38) - Story # 7: ChatGPT’s hallucinations draw EU privacy complaint (57:46) - Story # 8: Sweden's liquor shelves to run empty this week due to ransomware attack

00:00 - PreShow Banter™ — A Parent Process 03:01 - BHIS - Talkin’ Bout [infosec] News 2024-04-22 04:13 - Story # 1: Exploit code for Palo Alto Networks zero-day now public 07:44 - Story # 1b: (Timeline) Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) 23:22 - Story # 2: MGM says FTC can’t possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time 31:37 - Story # 3: MITRE was breached through Ivanti zero-day vulnerabilities 32:27 - Story # 4: Cisco Integrated Management Controller CLI Command Injection Vulnerability 41:20 - Story # 5: Cisco Duo’s Multifactor Authentication Service Breached 46:01 - Story # 6: DevSecOps security practices are doggone disastrous 54:57 - Story # 7: FYI: This site claims to have harvested 4B+ Discord chats, today all yours for a price (00:00) - PreShow Banter™ — A Parent Process (03:01) - BHIS - Talkin' Bout [infosec] News 2024-04-22 (04:13) - Story # 1: Exploit code for Palo Alto Networks zero-day now public (07:44) - Story # 1b: (Timeline) Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) (23:22) - Story # 2: MGM says FTC can't possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time (31:37) - Story # 3: MITRE was breached through Ivanti zero-day vulnerabilities (32:27) - Story # 4: Cisco Integrated Management Controller CLI Command Injection Vulnerability (41:20) - Story # 5: Cisco Duo's Multifactor Authentication Service Breached (46:01) - Story # 6: DevSecOps security practices are doggone disastrous (54:57) - Story # 7: FYI: This site claims to have harvested 4B+ Discord chats, today all yours for a price

00:00 - PreShow Banter™ — Retro Actions 04:48 - BHIS - Talkin’ Bout [infosec] News 2024-04-15 07:05 - Story # 1: FCC to vote on net neutrality rules on April 25 18:52 - Story # 2: “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass 23:40 - Story # 2b: Delinea has cloud security incident in Thycotic Secret Server gaff 28:23 - Story # 3: CISA Releases Malware Next-Gen Analysis System for Public Use 40:36 - Story # 4: Hacker Leaks 8.5M U.S. Environmental Protection Agency (EPA) Contact Data 45:55 - Story # 5: SoCal Man Arrested on Federal Charges Alleging He Schemed to Advertise and Sell ‘Hive’ Computer Intrusion Malware (00:00) - PreShow Banter™ — Retro Actions (04:48) - BHIS - Talkin' Bout [infosec] News 2024-04-15 (07:05) - Story # 1: FCC to vote on net neutrality rules on April 25 (18:52) - Story # 2: “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass (23:40) - Story # 2b: Delinea has cloud security incident in Thycotic Secret Server gaff (28:23) - Story # 3: CISA Releases Malware Next-Gen Analysis System for Public Use (40:36) - Story # 4: Hacker Leaks 8.5M U.S. Environmental Protection Agency (EPA) Contact Data (45:55) - Story # 5: SoCal Man Arrested on Federal Charges Alleging He Schemed to Advertise and Sell ‘Hive’ Computer Intrusion Malware

00:00 - PreShow Banter™ — BHIS Bees Corp® 04:08 - The FUTURE IS…… Kickstarter 05:29 - BHIS - Talkin’ Bout [infosec] News 2024-04-08 06:03 - Story # 1: New draft bipartisan US federal privacy bill unveiled 11:03 - Story # 2: How To Opt Out Of GM Sharing Your Driving Data With Insurance Companies 13:04 - Story # 2b: Request a Consumer Disclosure Report 14:25 - Story # 3: Hackers Hijacked Notepad++ Plugin To Execute Malicious Code 29:19 - Story # 4: A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask 46:15 - Story # 5: It’s Time to Hand Cybersecurity Over to the Computers (00:00) - PreShow Banter™ — BHIS Bees Corp® (04:08) - The FUTURE IS...... Kickstarter (05:29) - BHIS - Talkin' Bout [infosec] News 2024-04-08 (06:03) - Story # 1: New draft bipartisan US federal privacy bill unveiled (11:03) - Story # 2: How To Opt Out Of GM Sharing Your Driving Data With Insurance Companies (13:04) - Story # 2b: Request a Consumer Disclosure Report (14:25) - Story # 3: Hackers Hijacked Notepad++ Plugin To Execute Malicious Code (29:19) - Story # 4: A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask (46:15) - Story # 5: It’s Time to Hand Cybersecurity Over to the Computers

00:00 - PreShow Banter™ — Zippers, Jokes, & Lawyers (Not to be confused with the song "Lawyers, Guns and Money")02:59 - BHIS - Talkin’ Bout [infosec] News 2024-04-0103:57 - Story # 1: New Darcula phishing service targets iPhone users via iMessage11:57 - Story # 2: Recent ‘MFA Bombing’ Attacks Targeting Apple Users17:22 - Story # 3: Thousands of phones and routers swept into proxy service, unbeknownst to users22:11 - Story # 4: Digital signs around Brookline are collecting data from your phone as you walk by26:57 - Story # 5: Backdoor found in widely used Linux utility targets encrypted SSH connections28:22 - Story # 5b: XZ Outbreak diagram37:32 - Story # 6: Vans warns customers of data breach40:00 - Story # 7: Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers50:32 - Story # 8: Criminals Are Weaponizing Child Abuse Imagery to Ban Discord Servers56:41 - Story # 9: International car theft tool seized in Australia, sparking police warning58:14 - Story # 9b: Investigation into electronic device at Utah high school raises larger concerns for police (00:00) - PreShow Banter™ — Zippers, Jokes & Lawyers (02:59) - BHIS - Talkin' Bout [infosec] News 2024-04-01 (03:57) - Story # 1: New Darcula phishing service targets iPhone users via iMessage (11:57) - Story # 2: Recent ‘MFA Bombing’ Attacks Targeting Apple Users (17:22) - Story # 3: Thousands of phones and routers swept into proxy service, unbeknownst to users (22:11) - Story # 4: Digital signs around Brookline are collecting data from your phone as you walk by (26:57) - Story # 5: Backdoor found in widely used Linux utility targets encrypted SSH connections (28:22) - Story # 5b: XZ Outbreak diagram (37:32) - Story # 6: Vans warns customers of data breach (40:00) - Story # 7: Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers (50:32) - Story # 8: Criminals Are Weaponizing Child Abuse Imagery to Ban Discord Servers (56:41) - Story # 9: International car theft tool seized in Australia, sparking police warning (58:14) - Story # 9b: Investigation into electronic device at Utah high school raises larger concerns for police

00:00 - PreShow Banter™ — “Allegedly”03:18 - BHIS - Talkin’ Bout [infosec] News 2024-03-2508:00 - Story # 1: Cisco Completes Acquisition of Splunk10:47 - Story # 2: General Motors Quits Sharing Driving Behavior With Data Brokers15:27 - Story # 3: Ron DeSantis signs bill requiring parental consent for kids under 16 to hold social media accounts24:34 - Story # 4: House passes bill to prevent the sale of personal data to foreign adversaries28:19 - Story # 5: Unsaflok - vulnerability impacts over 3 million hotel doors33:57 - Story # 6: Canada revisits decision to ban Flipper Zero36:57 - Story # 7: Truck-to-truck worm could infect – and disrupt – entire US commercial fleet42:59 - Story # 8: Cybercriminals Beta Test New Attack to Bypass AI Security46:31 - Story # 9: Russians will no longer be able to access Microsoft cloud services, business intelligence tools50:36 - Story # 10: New ‘Loop DoS’ Attack Impacts Hundreds of Thousands of Systems55:05 - Story # 11: New surveillance video of man catching a flight without ticket (00:00) - PreShow Banter™ — "Allegedly" (03:18) - BHIS - Talkin' Bout [infosec] News 2024-03-25 (08:00) - Story # 1: Cisco Completes Acquisition of Splunk (10:47) - Story # 2: General Motors Quits Sharing Driving Behavior With Data Brokers (15:27) - Story # 3: Ron DeSantis signs bill requiring parental consent for kids under 16 to hold social media accounts (24:34) - Story # 4: House passes bill to prevent the sale of personal data to foreign adversaries (28:19) - Story # 5: Unsaflok - vulnerability impacts over 3 million hotel doors (33:57) - Story # 6: Canada revisits decision to ban Flipper Zero (36:57) - Story # 7: Truck-to-truck worm could infect – and disrupt – entire US commercial fleet (42:59) - Story # 8: Cybercriminals Beta Test New Attack to Bypass AI Security (46:31) - Story # 9: Russians will no longer be able to access Microsoft cloud services, business intelligence tools (50:36) - Story # 10: New 'Loop DoS' Attack Impacts Hundreds of Thousands of Systems (55:05) - Story # 11: New surveillance video of man catching a flight without ticket

Brought to you by Antisyphon Training — https://www.antisyphontraining.com00:00:00 - PreShow Banter™ — New Arms Again00:03:24 - BHIS - Talkin’ Bout [infosec] News 2024-03-1800:04:54 - Story # 1: NIST Releases Version 2.0 of Landmark Cybersecurity Framework00:10:50 - Story # 2: The FCC has finally decreed that 25Mbps and 3Mbps are not ‘broadband’ speed00:14:33 - Story # 3: Welcome to the 2024 Threat Detection Report00:33:40 - Story # 4: NSA Releases Top Ten Cloud Security Mitigation Strategies00:47:33 - Story # 5: US government agencies demand fixable ice cream machines00:53:14 - Story # 6: Homeland Security is testing AI to help with immigration, trafficking investigations, and disaster relief01:03:19 - Story # 7: Feds seize $1.4 million of tech support scam proceeds with the help of crypto firm (00:00) - PreShow Banter™ — New Arms Again (03:24) - BHIS - Talkin' Bout [infosec] News 2024-03-18 (04:54) - Story # 1: NIST Releases Version 2.0 of Landmark Cybersecurity Framework (10:50) - Story # 2: The FCC has finally decreed that 25Mbps and 3Mbps are not ‘broadband’ speed (14:33) - Story # 3: Welcome to the 2024 Threat Detection Report (33:40) - Story # 4: NSA Releases Top Ten Cloud Security Mitigation Strategies (47:33) - Story # 5: US government agencies demand fixable ice cream machines (53:14) - Story # 6: Homeland Security is testing AI to help with immigration, trafficking investigations, and disaster relief (01:03:19) - Story # 7: Feds seize $1.4 million of tech support scam proceeds with the help of crypto firm