Talkin' About [Infosec] News, Powered by Black Hills Information Security – Details, episodes & analysis

Register for Free, Live webcasts & summits:

https://poweredbybhis.com

00:00 - PreShow Banter™ — Government Linux

04:16 - Denmark is Done with Teams! - Talkin’ Bout [infosec] News 2025-06-16

05:02 - Story # 1: ‘We’re done with Teams’: German state hits uninstall on Microsoft

17:34 - Story # 1b: Denmark Wants to Dump Microsoft Software for Linux, LibreOffice

18:14 - Story # 2: Zero-click AI data leak flaw uncovered in Microsoft 365 Copilot

25:50 - Story # 3: Fog ransomware attacks use employee monitoring tool to break into business networks

30:25 - Story # 4: Expired Discord Invites Hijacked for Stealthy Malware Attacks

34:00 - Story # 5: SmartAttack uses smartwatches to steal data from air-gapped systems

40:25 - Story # 6: Mirai Botnets Exploiting Wazuh Security Platform Vulnerability

44:47 - Story # 7: Google Cloud and Cloudflare hit by widespread service outages

48:04 - Story # 8: UNFI cyberattack shuts down network and leaves Whole Foods and others in limbo

50:34 - Story # 9: New SharePoint Phishing Attacks Using Lick Deceptive Techniques

51:08 - Story # 10: US-backed Israeli company’s spyware used to target European journalists, Citizen Lab finds

53:32 - Story # 11: Five Zero-Days, 15 Misconfigurations Found in Salesforce Industry Cloud

Register for Free, Live webcasts & summits:

https://poweredbybhis.com

00:00 - PreShow Banter™ — Time to Bake

05:12 - Chatbot Tells Addict to Take Drugs - Talkin’ Bout [infosec] News 2025-05-06

06:08 - Story # 1: Meta and Yandex are de-anonymizing Android users’ web browsing identifiers

12:55 - Story # 2: Therapy Chatbot Tells Recovering Addict to Have a Little Meth as a Treat

16:11 - Story # 3: The Cost of a Call: From Voice Phishing to Data Extortion

26:56 - Story # 4: Questions Swirl Around ConnectWise Flaw Used in Attacks

27:40 - Story # 4b: ConnectWise email

35:28 - Story # 5: Critical Cisco ISE Auth Bypass Flaw Impacts Cloud Deployments on AWS, Azure, and OCI

39:27 - Story # 6: Misconfigured HMIs Expose US Water Systems to Anyone With a Browser

52:20 - Story # 7: Fact Sheet: President Donald J. Trump Reprioritizes Cybersecurity Efforts to Protect America

Register for upcoming webcasts & summits - 

https://poweredbybhis.com

Chapters

00:00 - PreShow Banter™ — A Complex Business

06:40 - BHIS - Talkin’ Bout [infosec] News 2025-04-07

07:34 - Story # 1: Oracle quietly admits data breach, days after lawsuit accused it of cover-up

12:47 - Story # 2: Twitter (X) Hit by 2.8 Billion Profile Data Leak in Alleged Insider Job

21:13 - Story # 3: Phishing platform ‘Lucid’ behind wave of iOS, Android SMS attacks

28:14 - Story # 4: GitHub expands security tools after 39 million secrets leaked in 2024

37:28 - Story # 5: The 10 Biggest Crypto Hacks in History

40:11 - Story # 6: OpenAI tests watermarking for ChatGPT-4o Image Generation model

45:44 - Story # 7: National Security Agency chief fired as Trump ousts another top military officer

00:00 - PreShow Banter™ — The Bed Slinger

08:34 - The Oracle of Lies! - BHIS - Talkin’ Bout [infosec] News 2025-03-31

10:43 - Story # 1: Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service

20:00 - Story # 2: A Sneaky Phish Just Grabbed my Mailchimp Mailing List

26:17 - Story # 3: Windows 11 is closing a loophole that let you skip making a Microsoft account

29:51 - Story # 4: The Trump Administration Accidentally Texted Me Its War Plans

32:51 - Story # 4b: Signal is ‘absolutely not suitable’ for government use: Former NSA hacker

37:42 - Story # 5: How the FBI Tracked, and Froze, Millions Sent to Criminals in Massive Caesars Casino Hack

42:27 - Story # 6: Retail giant Sam’s Club investigates Clop ransomware breach claims

45:07 - WEBCAST – Keeping Things Local – Making Your Own Private LLM w/ Bronwen Aker

46:16 - Story # 7: New VanHelsing ransomware targets Windows, ARM, ESXi systems

48:28 - Story # 8: Infostealer campaign compromises 10 npm packages, targets devs

53:13 - Story # 9: Risky Biz News: EU bans anonymous crypto payments

56:02 - ChickenSec: South African Poultry Company Reports $1M Loss After Cyber Intrusion

00:00 - PreShow Banter™ — We’re Not Ready For the Finger Thing

01:40 - Trading in Jock Straps for Jock Hacks – BHIS - Talkin’ Bout [infosec] News 2025-03-24

03:24 - Story # 1: GitHub Action hack likely led to another in cascading supply chain attack

07:53 - Story # 2: Wiz to Join Google Cloud: Making Magic Together

14:47 - Story # 3: Oracle denies breach after hacker claims theft of 6 million data records

19:52 - Story # 4: Critical flaw in Next.js lets hackers bypass authorization

25:47 - Story # 5: Cloudflare builds an AI to lead AI scraper bots into a horrible maze of junk content

29:20 - Story # 6: Ex-Michigan QB coach Matt Weiss facing 24 federal charges in hack of thousands of student accounts

35:47 - Story # 7: DNA of 15 Million People for Sale in 23andMe Bankruptcy

38:40 - Story # 8: Everything you say to your Echo will be sent to Amazon starting on March 28

44:03 - Story # 9: We partner with world-renowned scambusters to create our own fraud-fighting call centre

52:01 - Story # 10: Sperm donation giant California Cryobank warns of a data breach

54:19 - Story # 11: Microsoft: New RAT malware used for crypto theft, reconnaissance

56:32 - Story # 12: TrustedSec | Trimarc Joins Forces with TrustedSec to Strengthen…

00:00 - PreShow Banter™ — Fun Jank Decks

05:25 - BHIS - Talkin’ Bout [infosec] News 2025-03-17 - Malicious browser plugins will destroy us ALL!!!!!

06:35 - Story # 1: Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension

14:37 - Story # 1b: Chrome Web Store is a mess

31:14 - Story # 2: Lazarus Strikes npm Again with New Wave of Malicious Packages

36:17 - Story # 3: China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days

44:44 - Story # 4: Saudi Arabia Buys Pokémon Go, and Probably All of Your Location Data

49:31 - Story # 5: Second biggest bank in US hit by major data breach stealing social security numbers and other personal info

51:25 - Story # 6: Hackers Take Credit for X Cyberattack

54:32 - Story # 7: Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account

00:00 - PreShow Banter™ — Agent A.I.

07:35 - BHIS - Talkin’ Bout [infosec] News 2025-03-10

10:47 - Story # 1: 12 Chinese hackers charged with US Treasury breach — and much, much more

15:25 - Story # 2: Signal President Meredith Whittaker calls out agentic AI as having ‘profound’ security and privacy issues

25:33 - Story # 3: X/Twitter is down for a third time today

27:33 - Story # 4: Developer sabotaged ex-employer with kill switch activated when he was let go

33:37 - Story # 5: Undocumented commands found in Bluetooth chip used by a billion devices

45:37 - Story # 6: Cybercrime’s Cobalt Strike Use Plummets 80% Worldwide

46:19 - Story # 7: Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags

55:01 - Story # 8: Ransomware gang encrypted network from a webcam to bypass EDR

00:00 - PreShow Banter™ — Not Talking About Anything

04:29 - BHIS - Talkin’ Bout [infosec] News 2025-03-03

05:42 - Story # 1: FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data

24:28 - Story # 2: Disney engineer downloaded ‘helpful’ AI tool that ended up completely destroying his life

34:28 - Story # 3: Have I Been Pwned adds 284M accounts stolen by infostealer malware

43:22 - Story # 4: Dragos’s 8th Annual OT Cybersecurity Year in Review Is Now Available

45:53 - Story # 5: Trump administration retreats in fight against Russian cyber threats

55:19 - Story # 5b: Exclusive: US intel shows Russia and China are attempting to recruit disgruntled federal employees, sources say

57:33 - Story # 6: Feds: Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’

00:00 - PreShow Banter™ — Get Political

05:27 - BHIS - Talkin’ Bout [infosec] News 2025-02-25

06:07 - Story # 1: Trump 2.0 Brings Cuts to Cyber, Consumer Protections

37:57 - Story # 2: OpenAI Uncovers Evidence of A.I.-Powered Chinese Surveillance Tool

49:48 - Story # 3: Apple pulls data protection tool after UK government security row

55:00 - Story # 4: Judge dismisses Chris Hadnagy lawsuit against DEF CON

00:00 - PreShow Banter™ — Prove That You’re Wearing Pants

05:50 - BHIS - Talkin’ Bout [infosec] News 2025-05-17

06:46 - Story # 1: Fortinet discloses second firewall auth bypass patched in January

07:12 - Story # 1b: Fortinet CEO boasts it was voted the “most trusted” cybersecurity firm. Don’t die laughing

08:45 - Story # 1c: Forbes Most Trusted Companies in America 2025 List

16:25 - Story # 2: SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account

18:37 - Story # 2b: Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation

20:04 - Story # 3: Putting the human back into AI is key, former NSA Director Nakasone says

36:35 - Story # 4: Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack

37:44 - Story # 5: DOGE Exposes Once-Secret Government Networks, Making Cyber-Espionage Easier than Ever

43:14 - Story # 5b: DOGE’s .gov site lampooned as coders quickly realize it can be edited by anyone

46:59 - Story # 6: Man who SIM-swapped the SEC’s X account pleads guilty

51:26 - Story # 7: Russia’s Sandworm caught snarfing credentials, data from American and Brit orgs

53:55 - Story # 8: Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed