Back

Explore every episode of the podcast The Host Unknown Podcast

Dive into the complete episode list for The Host Unknown Podcast. Each episode is cataloged with detailed descriptions, making it easy to find and explore specific topics. Keep track of all episodes from your favorite podcast and never miss a moment of insightful content.

Rows per page:

1–50 of 223

TitlePub. DateDuration
Episode 200 - The Bicentennial men Episode02 Sep 202400:39:12

This week in InfoSec  (07:42)

With content liberated from the “today in infosec” twitter account and further afield

29th August 1990: The UK's Computer Misuse Act 1990 went into effect, introducing 3 criminal offences related to unauthorised access and modification of "computer material".

https://twitter.com/todayininfosec/status/1829252932178719161  

27th August 1999: One of the first companies to offer a dedicated web application firewall (WAF) was Perfecto Technologies with its AppShield product. But it didn't use the terminology "WAF", instead describing it as "a plug and play" Internet application security solution."

https://twitter.com/todayininfosec/status/1828483993001492969

 

Rant of the Week (13:25) 

Watchdog warns FBI is sloppy on secure data storage and destruction

The FBI has made serious slip-ups in how it processes and destroys electronic storage media seized as part of investigations, according to an audit by the Department of Justice Office of the Inspector General.

Drives containing national security data, Foreign Intelligence Surveillance Act information and documents classified as Secret were routinely unlabeled, opening the potential for it to be either lost or stolen, the report [PDF] addressed to FBI Director Christopher Wray states.

Ironically, this lack of identification might be considered a benefit, given the lax security at the FBI's facility used to destroy such media after they have been finished with.

The OIG report notes that it found boxes of hard drives and removable storage sitting open and unattended for "days or even weeks" because they were only sealed once the boxes were full. This potentially allows any of the 395 staff and contractors with access to the facility to have a rummage around.

 

Billy Big Balls of the Week (22:01)

Deadbeat dad faked his own death by hacking government databases

A US man has been sentenced to 81 months in jail for faking his own death by hacking government systems and officially marking himself as deceased.

The US Department of Justice on Tuesday detailed the case of Jesse Kipf, 39, who was sent down for computer fraud and aggravated identity theft.

In January 2023, Kipf used the credentials of a physician to access Hawaii's Death Registry System and create a "case" that recorded his own death.

"Kipf then completed a State of Hawaii Death Certificate Worksheet, assigned himself as the medical certifier for the case and certified his death, using the digital signature of the doctor," the DoJ wrote. The paperwork was all correct, so many government databases listed Kipf as deceased.

But he was very much alive and enjoying the fact that his "death" meant he didn't have to make child support payments or catch up on those he'd already missed. Evidence presented in court included internet search histories recorded on a laptop, with Kipf looking up terms including "Remove California child support for deceased."

 

Industry News (28:13)

Uber Hit With €290m GDPR Fine

FBI Flawed Data Handling Raises Security Concerns

Microsoft 365 Copilot Vulnerability Exposes User Data Risks

Money Laundering Dominates UK Fraud Cases

Ransomware Attacks Exposed 6.7 Million Records in US Schools

IT Engineer Charged For Attempting to Extort Former Employer

Surge in New Scams as Pig Butchering Dominates

Unpatched CCTV Cameras Exploited to Spread Mirai Variant

North Korean Hackers Launch New Wave of npm Package Attacks

 

Tweet of the Week (36:20)

https://x.com/fesshole/status/1828921760147767400

Come on! Like and bloody well subscribe!

Episode 199 - The Holiday Is Over Episode27 Aug 202400:35:54

This week in InfoSec  (06:43)

With content liberated from the “today in infosec” twitter account and further afield

18th August 2004: Text messages sent to promote the video game "Resident Evil: Outbreak" stated "Outbreak: I'm infecting you with t-virus". This scared recipients, who were only about 7% less technologically savvy than mobile phone users today.

https://x.com/todayininfosec/status/1825257955878641888   

 

20th August 2003: Philippe Oechslin shared his technique he called "rainbow tables" during a talk at the 23rd annual crypto conference, Crypto 2003.

It became a popular approach for cracking password hashes. Today it's less widely used due to adoption of practices that reduce its efficacy.

https://x.com/todayininfosec/status/1825865870716870802

 

Rant of the Week  (10:59)

This uni thought it would be a good idea to do a phishing test with a fake Ebola scare

University of California Santa Cruz (UCSC) students may be relieved to hear that an emailed warning about a staff member infected with the Ebola virus was just a phishing exercise.

The message, titled "Emergency Notification: Ebola Virus Case on Campus," went out to the university community on Sunday, August 18. It began, "We regret to inform you that a member of our staff, who recently returned from South Africa, has tested positive for the Ebola virus."

The message went on to say that the university has initiated a contact tracing protocol and asks message recipients to "Please Log In to the Access Information Page for more details" – the very activity phishing messages attempt to encourage in order to capture login credentials.

The simulated attack was similar to an actual phishing message sent on August 1, 2024, as shown on the UCSC Phish Bowl, a collection of real and test phishing attempts.

But the one sent on Sunday was intended to raise awareness of phishing rather than to actually steal information.

In that, it succeeded. The message prompted the UCSC Student Health Center to publish a notice about a "Phishing email with misleading health information."

On Monday, Brian Hall, chief information security officer for UCSC, sent out an apology to the university community.

 

Billy Big Balls of the Week (18:20)

Russia tells citizens to switch off home surveillance because the Ukrainians are coming

Russia's Ministry of Internal Affairs is warning residents of under-siege regions to switch off home surveillance systems and dating apps to stop Ukraine from using them for intel-gathering purposes.

Residents of the Bryansk, Kursk, and Belgorod regions were issued with the warnings amid what seems like Russia being thoroughly rattled by Ukraine's incursion into the country's southwest.

"The enemy is massively identifying IP ranges in our territories and connecting to unprotected video surveillance cameras remotely, viewing everything from private yards to roads and highways of strategic importance," said the ministry, according to Russian newswire Interfax. "In this regard, if there is no urgent need, it is better not to use video surveillance cameras.

"It is highly discouraged to use online dating services. The enemy actively uses such resources for the covert collection of information."

These warnings were just two of many included in a public memo aimed at protecting the identities of high-value Russian individuals, including military personnel, law enforcement agents, and nuclear energy workers.

 

Industry News (24:51)

Iran Behind Trump Campaign Hack, US Government Confirms

New DNS-Based Backdoor Threat Discovered at Taiwanese University

Most Ransomware Attacks Now Happen at Night

CISA to Get New Headquarters as $524M Contract Awarded

Australia Calls Off Clearview AI Investigation Despite Lack of Compliance

Backdoor in Mifare Smart Cards Could Open Doors Around the World

Security Flaws in UK Political Party Donation Platforms Exposed

Company Fined $1m for Fake Joe Biden AI Calls

FAA Admits Gaps in Aircraft Cybersecurity Rules: New Regulation Proposed

 

Tweet of the Week (32:19)

https://x.com/anon_opin/status/1826015107857416458?s=46&t=1-Sjo1Vy8SG7OdizJ3wVbg

Come on! Like and bloody well subscribe!

Episode 190 - The Very Serious Episode15 Apr 202400:55:19

This week in InfoSec  (08:49)

With content liberated from the “today in infosec” twitter account and further afield

7th April 1969: Steve Crocker, a graduate student at UCLA and part of the team developing ARPANET, writes the first “Request for Comments“. The ARPANET, a research project of the Department of Defense’s Advanced Research Projects Agency (ARPA), was the foundation of today’s modern Internet. RFC 1 defined the design of the host software for communication between ARPANET nodes. This host software would be run on Interface Message Processors or IMPs, which were the precursor to Internet routers. The “host software” defined in RFC 1 would later be known as the Network Control Protocol or NCP, which itself was the forerunner to the modern TCP/IP protocol the Internet runs on today.

https://thisdayintechhistory.com/04/07/rfc-1-defines-the-building-block-of-internet-communication/

7th April 2014: The Heartbleed Bug was publicly disclosed. The buffer over-read vulnerability had been discovered by Neel Mehta and later privately reported to the OpenSSL project, which patched it the next day. The vulnerability was inadvertently introduced into OpenSSL 2 years prior.

https://twitter.com/todayininfosec/status/1777136463882183076  

 

Rant of the Week (17:09)

OpenTable is adding your first name to previously anonymous reviews

Restaurant reservation platform OpenTable says that all reviews on the platform will no longer be fully anonymous starting May 22nd and will now show members' profile pictures and first names.

OpenTable notified members of this new policy change today in emails to members who had previously left a review on the platform, stating the change was made to provide more transparency.

"At OpenTable, we strive to build a community in which diners can help other diners discover new restaurants, and reviews are a big part of that," reads the OpenTable email seen by BleepingComputer.

"We've heard from you, our diners, that trust and transparency are important when looking at reviews."

"To build on the credibility of our review program, starting May 22, 2024, OpenTable will begin displaying diner first names and profile photos on all diner reviews. This update will also apply to past reviews.

 

Billy Big Balls of the Week (26:36)
Lloyds Bank axes risk staff after executives complain they are a ‘blocker’

Lloyds Banking Group plans to cut jobs in risk management after an internal review found the function was a “blocker to our strategic transformation”.  

The restructuring was outlined in a memo last month from Lloyds’ chief risk officer Stephen Shelley, who said two-thirds of executives believed risk management was blocking progress while “less than half our workforce believe intelligent risk-taking is encouraged”.  The lender was “resetting our approach to risk and controls”, Shelley said in the memo, seen by the Financial Times, adding that “the initial focus is on non-financial risks”. 

 

Industry News (33:55)

T: Famous YouTube Channels Hacked to Distribute Infostealers

A: US Federal Data Privacy Law Introduced by Legislators

J: Foreign Interference Drives Record Surge in IP Theft

T: Half of UK Businesses Hit by Cyber-Incident in Past Year, UK Government Finds

A: US Claims to Have Recovered $1.4bn in COVID Fraud

J: Women Experience Exclusion Twice as Often as Men in Cybersecurity

T: Threat Actors Game GitHub Search to Spread Malware

A: Data Breach Exposes 300k Taxi Passengers’ Information

J: Apple Boosts Spyware Alerts For Mercenary Attacks

 

Tweet of the Week  (52:08)

https://x.com/ErrataRob/status/1778536622163984590

Come on! Like and bloody well subscribe!

Episode 101 - My Brain Hurts29 Apr 202200:50:03

This Week in InfoSec (09:26)

With content liberated from the “today in infosec” Twitter  account and further afield

26th April 2013: LivingSocial informed its employees that 50 million users' names, emails, dates of birth, and SHA1 hashed passwords were compromised.

LivingSocial Hacked

https://twitter.com/todayininfosec/status/1519039747301199872

26th April 1999: The first known virus to target the flash BIOS of a PC, the CIH/Chernobyl Virus triggers on this day, erasing hard drives and disabling PCs primarily in Asia and Europe. One of the most destructive viruses in history, Turkey and South Korea alone reported 300,000 infected systems.

 

As Seen on Reddit (23:29)

My thoughts on a decade of Cyber Security: 10 Lessons I’ve learned

Reddit user u/CrowGrandFather has spent more than a decade in the Cyber Security Industry and has come up with 10 lessons he learned along the way.

1. Cyber is risk and nothing else

2. No one cares about your stats

3. Understand that not everyone is as smart as you

4. Stop with the playbooks

5. Read the news for your boss

6. Blackhat is mostly pointless

7. Location, Location, Location

8. You’re probably doing threat intelligence wrong

9. Don’t write to be understood, write so that you can’t possibly be misunderstood

10. Make friends with your Marketing team

[That was this week's As seen on Reddit]

 

Industry News (42:07)

LinkedIn Becomes the Most Impersonated Brand for Phishing Attacks

Costa Rica Refuses to Pay Cyber Ransom

Bored Ape Yacht Club Customers Lose $3m in NFT Scam

French Hospitals Cut Internet Connection After Data Raid

Security Teams Should Be Addressing Quantum Cyber-Threats Now

Private Investigator Admits Role in Hedge Fund Hack

UK Schools Can Sign-Up to Free Government-Grade Security

Coca-Cola Investigates Data Breach Claim

Crypto Trading Fund Partners Accused of Fraud

 

Tweet of the Week (45:00)

https://twitter.com/austinpeay/status/1519397653305561088

https://twitter.com/austinpeay/status/1519399475785125889

Come on! Like and bloody well subscribe!

Episode 100 - Can We Go Home Now08 Apr 202200:46:34

This Week In InfoSec (10:15)

With content liberated from the “today in infosec” twitter account and further afield

1st April 1998: Hackers changed the MIT home page to read "Disney to Acquire MIT for $6.9 Billion".

https://twitter.com/todayininfosec/status/1245550127806201857

MIT says "Disney buys MIT" hack revealed by low price

1st April 2004: The now ubiquitous Gmail service is launched as an invitation-only beta service. At first met with skepticism due to it being launched on April Fool’s Day, the ease of use and speed that Gmail offered for a web-based email service quickly won converts. The fact that Gmail was invitation-only for a long time helped fuel a mystique that those who had a Gmail address were hip and uber-cool. 

 

Rant of the Week: (16:25)

Bank had no firewall license, intrusion or phishing protection – guess the rest

An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees.

 

Billy Big Balls of the Week (23:20)

Bearded Barbie hackers catfish high ranking Israeli officials

The Hamas-backed hacking group tracked as 'APT-C-23' was found catfishing Israeli officials working in defense, law, enforcement, and government agencies, ultimately leading to the deployment of new malware.

The campaign involves high-level social engineering tricks such as creating fake social media profiles and a long-term engagement with the targets before delivering spyware.

 

Industry News (30:50)

Scottish Power Parent Company Hit by Data Breach

Trezor Customers Phished After MailChimp Compromise

Cadbury Warns of Easter Egg Scam

Jail Releases 300 Suspects Due to Computer "Glitch"

WhatsApp 'Voice Message' Is an Info-Stealing Phishing Attack

Germany Shuts Down Russian Darknet Marketplace Hydra

Attack on Ukraine Telecoms Provider Caused by Compromised Employee Credentials

Block Warns Eight Million Customers of Insider Breach

Employee Info Among 13 Million Records Leaked by Fox News

 

Tweet of the Week (41:50)

https://twitter.com/_sn0ww/status/1511857122966835200

Come on! Like and bloody well subscribe!

Episode 99 - Do You Think They Will Notice?01 Apr 202200:52:59

This Week in InfoSec (09:55)

With content liberated from the “today in infosec” twitter account and further afield

31st March 1999: The hugely successful motion picture, The Matrix, is released on this day. Many call it a classic (ok, that’s me), many call it influential (ok, me again), but no one can deny that the impact it had on many aspects of our society from the emerging tech culture, to the movie industry, to science-fiction, to political thinking

25th March 2010: Albert Gonzales was sentenced to 20 years in prison for stealing credit card data from TJX and other companies. He is currently serving his sentence at FMC Lexington, a Kentucky facility for inmates requiring medical or mental health attention.

Sex, Drugs, and the Biggest Cybercrime of All Time

 

Rant of the Week (19:32)

Yale finance director stole $40m in computers to resell on the sly

A now-former finance director stole tablet computers and other equipment worth $40 million from the Yale University School of Medicine, and resold them for a profit.

https://www.dailymail.co.uk/news/article-10669329/Yale-School-Medicine-employee-stole-40-million-computers-electronics-school.html

 

Billy Big Balls of the Week (30:30)

Ubiquiti sues Krebs on Security for defamation

Network equipment maker Ubiquiti on Tuesday filed a lawsuit against infosec journalist Brian Krebs, alleging he defamed the company by falsely accusing the firm of covering up a cyber-attack.

On March 30, 2021, Krebs reported that Ubiquiti had disclosed a January breach involving a third-party cloud provider, later revealed to be AWS, and that an unnamed source within the firm had claimed the company was downplaying a catastrophic compromise.

Apple and Meta shared data with hackers pretending to be law enforcement officials

Apple and Meta handed over user data to hackers who faked emergency data request orders typically sent by law enforcement, according to a report by Bloomberg. The slip-up happened in mid-2021, with both companies falling for the phony requests and providing information about users’ IP addresses, phone numbers, and home addresses.

Law enforcement officials often request data from social platforms in connection with criminal investigations, allowing them to obtain information about the owner of a specific online account. While these requests require a subpoena or search warrant signed by a judge, emergency data requests don’t — and are intended for cases that involve life-threatening situations.

Industry News (37:24)

Dental Practice Fined for Sharing Patient Data on Social Media

Yandex is Sending iOS Users' Data to Russia

Attackers Steal $618m From Crypto Firm

New Research Claims Biden's Disclosure Deadlines Are Unrealistic

NCSC: Time to Rethink Russian Supply Chain Risks

Cyber-attack on California Healthcare Organization

New Version of PCI DSS Designed to Tackle Emerging Payment Threats

No Patch Available Yet for Critical SpringShell Bug

CISA Issues UPS Warning

 

Tweet of the Week (

https://twitter.com/AskAManager/status/1509246642364588040

https://twitter.com/HackingLZ/status/1509529191439425540

Come on! Like and bloody well subscribe!

Episode 98 - The Statin-Free Show25 Mar 202200:42:38
Episode 97 - He Is Back And He Really is Bad18 Mar 202200:43:52

This Week in InfoSec (08:06)

With content liberated from the “today in infosec” twitter account and further afield

15th March 1985: The first Internet domain symbolics.com is registered by Symbolics, a Massachusetts computer company.

16th March 2018: National Lottery owner Camelot has warned of a "low level" cyber-attack that affected customer accounts.  It has asked all of its customers to change the passwords on their accounts as a precaution.

 

Rant of the Week (16:31)

Germany advises citizens to uninstall Kaspersky antivirus

Nation's cybersecurity agency has doubts about Russian firm's reliability

Germany's BSI federal cybersecurity agency has warned the country's citizens not to install Russian-owned Kaspersky antivirus, saying it has "doubts about the reliability of the manufacturer."

Russia-based Kaspersky has long been a target of suspicious rumours in the West over its ownership and allegiance to Russia's rulers.

In an advisory published today, the agency said: "The BSI recommends replacing applications from Kaspersky's virus protection software portfolio with alternative products."

 

Billy Big Balls of the Week ( 24:49)

The Workaday Life of the World’s Most Dangerous Ransomware Gang

A Ukrainian researcher leaked 60,000 messages from inside the Conti ransomware group. 

The Conti ransomware gang was on top of the world. The sprawling network of cybercriminals extorted $180 million from its victims last year, eclipsing the earnings of all other ransomware gangs. Then it backed Vladimir Putin’s invasion of Ukraine. And it all started falling apart.

 

Industry News (31:24)

French Bank Denies Access to Russian Workforce

UK Unveils New Cyber Flashing Law

Israeli Government Websites Taken Offline in Large-Scale Cyber-Attack

Hackers Hit Rosneft

UK Blocks Assange's Extradition Appeal

Avast Merger Raises Competition Concerns

Irish Watchdog Fines Meta $19m Over Data Breach

Kaspersky Hits Back at "Politically Motivated" BSI Advisory

Thousands of Mobile Apps Expose User Data Via Cloud Misconfigurations

 

Tweet of the Week (39:12)

https://twitter.com/moonpolysoft/status/1503519499089186818  

Come on! Like and bloody well subscribe!

Episode 96 - We Don't Know What She Has But They Are Colossal11 Mar 202200:49:26

This Week in InfoSec (08:22)

With content liberated from the “today in infosec” Twitter account and further afield

6th March 1992:  The Michelangelo virus, so-named because it activates on March 6, the birthday of Michelangelo, begins infecting computers. The virus will also make news in 1993. It was one of the earliest viruses to receive widespread media attention and also one of the first to prompt widespread hysteria.  The irony of the name of the virus was that nothing in the virus’ code referenced Michelangelo. It is possible the virus author, who was never identified, did not know March 6th was Michelangelo’s birthday!

9th March 1999:  United States Vice President Al Gore gives an interview on CNN’s Late Edition in which he states, “During my service in the United States Congress, I took the initiative in creating the Internet. I took the initiative in moving forward a whole range of initiatives that have proven to be important to our country’s economic growth and environmental protection, improvements in our educational system.” This is the infamous statement which will be widely misquoted as “I invented the Internet.”

 

Rant of the Week  (13:59)

Most Orgs Would Take Security Bugs Over Ethical Hacking Help

A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways.

Enterprises are putting greater stock in cybersecurity, but outdated “security by obscurity” is still prevailing as companies wrestle with security awareness and shy away from bug-bounty programs.

That’s according to new survey data from HackerOne, which found that a full 65 percent of organizations surveyed claimed that they “want to be seen as infallible.” However, just as many – 64 percent – said they practice a culture of security through obscurity, where secrecy is used as the primary method of protecting sensitive systems and assets.

 

Carole's Colossal Cahones (24:49)

When Pigs Cry: Tool decodes the Emotional Lives of Swine

https://www.nytimes.com/2022/03/09/science/pigs-oinks-grunts.html

 

Industry News  (30:31)

Google to Acquire Mandiant

Dirty Pipe Exploit Rings Alarm Bells in the Linux Community

Chinese APT41 Group Compromises Six US Government Networks

Prison for Man Who Scammed US Government to Buy Pokémon Card

UK Announces New Rules to Tackle Surging Online Scam Adverts

Over 90% of Exposed Russian Cloud Databases Compromised

AI Accountability Framework Created to Guide Use of AI in Security

Conti Group Spent $6m on Salaries, Tools and Services in a Year

Qakbot Debuts New Technique

 

Tweet of the Week (39:33)

https://twitter.com/paygapapp  

https://twitter.com/achornback/status/1501677184515256321?s=12

Come on! Like and bloody well subscribe!

Episode 95 - Dammit He Came Back04 Mar 202200:46:47

This Week in InfoSec (08:37)

With content liberated from the “today in infosec” Twitter account and further afield

7th March 1997: During a hearing on Microsoft’s alleged antitrust activities, Bill Gates admits Microsoft’s contracts bar Internet content providers from promoting Netscape’s browser. Eventually, Internet Explorer dominates the web browser market as it is shipped for free with every copy of Windows.

3rd March 2009: “You may be wondering why I’ve turned myself into a zombie.

Well, it’s in honour of National Zombie Awareness Week in Australia, which is highlighting the problem of compromised computers (known as bots or zombies).

Zombie computers can be invisibly controlled by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or steal confidential information.”

 

Rant of the Week (15:36)

The zero-password future can't come soon enough

SpyCloud highlights poor password hygiene of consumers and the threat to enterprises

Passwords, long a weakness in the tapestry of defences designed to keep enterprises and individuals more secure, continue to be a problem due in large part to the same issue that has haunted them for years: the users themselves.

 

Billy Big Balls of the Week (27:41)

Russian Company Outsourced The Main Components In EV Chargers To A Ukrainian Company, Hilarity Ensues

The electric car chargers along one of the most important freeways in Russia are all down Monday after the Ukrainian company tasked with building the main components in the chargers used backdoor access to hack them, shut them down, and program anti-Putin/pro-Ukrainian messages to scroll past on their screens.

The outage affects chargers along the M11 motorway, which connects Moscow to St. Petersburg. The Russian energy company Rosseti confirmed the hack in a post on the company’s Facebook.

 

Industry News (33:52)

Ukraine Asks for Hackers’ Help

Russian TV Stations Hacked

Conti Encrypts Karma Ransom Note in Same Victim Network

Apple and Google Turn Off Map Features to Help Ukraine

NIST Seeks Cybersecurity Framework Feedback

Nvidia Admits Hackers Stole Employee and Internal Data

Russia Denies Satellite Hacking and Warns of Wider War

Swiss Bank Requests Destruction of Documents

Vulnerability Exploit Attempts Surge Tenfold Against Ukrainian Websites

 

Tweet of the Week (40:40)

https://twitter.com/gyarbij/status/1499289498005422083

Come on! Like and bloody well subscribe!

Episode 94 - Lost Sole Founder Reward If Found25 Feb 202200:48:02

This Week in InfoSec (11:37)

With content liberated from the “today in infosec” twitter account and further afield

23rd February 2005: The discovery of the first mobile phone virus, Cabir, is accounced. Specifically, Cabir is a worm which infects phones running the Symbian OS. Whenever an infected phone is activated, the message “Caribe” is displayed. Infected phones also attempts to spread the virus through Bluetooth signals.

 

Billy Big Balls (21:51)

https://nypost.com/2022/02/24/ukrainian-women-say-russian-troops-are-flirting-with-them-on-tinder/

From Russia with lust.

Russian soldiers poised to invade Ukraine have bombarded women on the other side of the border with Tinder messages Tuesday, according to the Sun.

Dasha Synelnikova’s app lit up with matches from soldiers named Andrei, Alexander, Gregory, Michail and “Black” some 20 miles away, the report said.

“I actually live in Kyiv but changed my location settings to Kharkiv after a friend told me there were Russian troops all over Tinder,” Synelnikova, a 33-year-old video producer, told the outlet.

Many would-be paramours reportedly flirted with treachery as they gave away their military positions while forces assembled north of Kharkiv prepared for what appeared to be an imminent attack, according to Ukrainian military intelligence officials.

“One muscular guy posed up trying to look sexy in bed posing with his pistol. Another was in full Russian combat gear and others just showed off in tight stripy vests,” Synelnikova told the British paper.

 

Rant of the Week (28:57)

A War in Europe Is Being Documented One Social Media Post at a Time

The rest of the world watches Russia's invasion into Ukraine through the lens of Twitter and Tiktok.

 

Industry News (35:28)

Banking World Rocked After Leak Exposes 18,000 Credit Suisse Accounts

Teen Framed for Cybercrime Files Lawsuit

US Receives Ransomware Warning

EU Deploys Cyber Response Unit to Ukraine

Ofcom Set to Crack Down on Phone Fraud

Vishing Makes Phishing Campaigns Three-Times More Successful

Nonprofits Form Cyber Coalition

WMATA Twitter Account Hacked

Ukraine Attacked with ‘Wiper’ Malware

 

Tweet of the Week  (44:10)

https://twitter.com/dcuthbert/status/1496935547171835911

Come on! Like and bloody well subscribe!

Episode 93 - Its That Man Again18 Feb 202200:49:43

 

This Week in InfoSec (07:54)

With content liberated from the “today in infosec” Twitter account and further afield

15th February 1999

Computer owners (dominated by Linux users) marched on Microsoft’s offices demanding refunds for the copies of Windows that came pre-installed on their computers. This day came to be known as Windows Refund Day.

15th February 2007: TSA Removes Online Traveller Redress System.  The Transportation Security Agency has removed from its website an online system designed for travellers who have been told they are on a watchlist and inserted a statement that the agency takes information security seriously, following reporting by 27B (and others) that the site could put travellers at risk of identity theft and looked like online fraud.

 

Rant of the Week (17:41)

3G network shutting down could disable millions of home security alarms and car safety systems

https://apple.news/AuLfeucEvTSOwz1aqMIUDow

Millions of burglar alarms, car safety systems, GPS trackers, medical monitors, and even prisoner ankle tags could stop working when American 3G mobile networks shut down later this year.

 

Billy Big Balls of the Week (29:26)

Gary Bowser was recently sentenced to over 3 years in prison and ordered to pay millions to Nintendo for what his lawyers say was a relatively minor role in a Nintendo Switch piracy ring.

He was the victim of domestic violence from a girlfriend, and another girlfriend of his was murdered. His older brother died in a plane crash, and Bowser’s mother died when he was 15, the court record adds. In response, Bowser drank, the court records state.

Bowser was charged in Canada in 2004 in a fraud case concerning less than $5,000, the court records say. In 2018, he contracted lymphedema, likely from a mosquito bite, which “caused morbid swelling of his left leg,” the lawyers wrote.

When Bowser did join Xecutor, he was the only member who did so under his own identity; his colleagues were pseudonymous on the site. 

Xecutor as “one of the most prolific video game hacking groups,” and said that Bowser also administered a website called rom-bank.com which contained illegal copies of over 10,000 video games, 

Bowser was paid $500 to $1,000 a month over the course of seven years to maintain the organization’s websites

Last week, Bowser was sentenced to more than three years in prison and has agreed to pay $4,500,000 in restitution to Nintendo. In a related civil lawsuit that concluded in December, a court ordered Bowser to also pay $10,000,000.

https://www.vice.com/en/article/epxm5n/gary-bowser-small-apartment-owes-nintendo-10-million

 

Unskilled hacker linked to years of attacks on aviation, transport sectors

For years, a low-skilled attacker has been using off-the-shelf malware in malicious campaigns aimed at companies in the aviation sector as well as in other sensitive industries.

The threat actor has been active since at least 2017, targeting entities in the aviation, aerospace, transportation, manufacturing, and defence industries.

Tracked as TA2541 by cybersecurity company Proofpoint, the adversary is believed to operate from Nigeria and its activity has been documented before in the analysis of separate campaigns.

 

Industry News (37:18) 

Trustpilot Sues Immigration Biz for Alleged Fake Reviews

Internet Society Data Leaked

Healthcare Data Breaches Impact 147k Illinoisans

Finance Officer Jailed After Stealing £200,000 from Charity

Red Cross Attackers Exploited Zoho Bug Used by China

Grand Prix CFO Sentenced for Identity Theft

Researchers Block "Largest Ever" Bot Attack

Data Privacy Lawsuit Could Cost Meta $90m

Phishing Top Threat to US Healthcare

 

Tweet of the Week (44:32 )

https://twitter.com/zebpalmer/status/1492742757185556483   

https://twitter.com/JackRhysider/status/1494330800564625413

 

[That was this week's TWEET OF THE WEEK!]

Come on! Like and bloody well subscribe!

Episode 92 - Just The Two Of Us11 Feb 202200:46:47

This Week in InfoSec (04:44)

February 5th 2009 Come on Kaspersky, if you think you’re hard enough..

February 5th 2009 The Sophos snowball fight

February 9th 2009 Hacked road sign warns of British invasion

 

Rant of the Week (16:01)

Hackers are hitting Britain where it hurts by targeting some of its favourite savoury snacks, with the likes of Hula Hoops, KP Nuts, Butterkist popcorn and Nik Naks in their cyber sights.

Hackers hold Hula Hoops hostage in cyber-raid on Britain's KP Snacks | Reuters

 

Billy Big Balls of the Week  (22:48)

A woman accused of laundering billions of dollars in stolen cryptocurrency alongside her husband may end up becoming better known for her excruciating music career as a self-styled “raunchy rapper” called Razzlekhan.

‘Sexy horror comedy’: Bitcoin laundering suspect is also ‘raunchy rapper’ Razzlekhan | Cryptocurrencies | The Guardian

 

Industry News  (29:50)

DDoS Attacks Hit All-time High

Californian College Attacked with Ransomware

SANS Institute Launches Nationwide Scholarship Program

ICO Hit by 2650% Rise in Email Attacks

Almost $1.3bn Paid to Ransomware Actors Since 2020

CISOs Reveal Biggest Challenges for Security Teams

 

Tweet of the Week  (38:58)

https://twitter.com/d0rkph0enix/status/1491914588811501568

 

Come on! Like and bloody well subscribe!

Episode 189 - The Something Something Band Something Something Together Episode08 Apr 202400:39:51

This week in InfoSec  (06:10)

With content liberated from the “today in infosec” twitter account and further afield

3rd April 2011: Email marketing and loyalty program management company Epsilon reported a data breach of names and email addresses of numerous companies' customers, totaling at least 60 million records. Dozens of companies were impacted, including Kroger, Walgreens, Verizon, and Chase.

https://twitter.com/todayininfosec/status/1775598288277835996  

1st April 1995: US President Bill Clinton and Russian President Boris Yeltsin announced a pact to exchange their personal PGP keys and to make the technology available to all citizens worldwide. (April Fools' Day)

https://twitter.com/todayininfosec/status/1774994645053010184

 

Rant of the Week (13:06)

William Wragg honey trap scandal is ‘extremely troubling’ says minister

Explosive revelations that a senior Conservative MP leaked colleagues’ phone numbers to a man he had met on the gay dating app Grindr are “very serious”, a minister has warned, amid questions over whether the MP will face sanctions.

Vice chairman of the 1922 committee William Wragg admitted he sent the numbers after becoming concerned about the power the recipient had over him since he had sent intimate pictures of himself.

Treasury minister Gareth Davies said the situation was “incredibly troubling and very serious” but maintained that Mr Wragg would keep the party whip while the incident is being investigated.

 

Billy Big Balls of the Week (24:09)
Amazon Ditches 'Just Walk Out' Checkouts at Its Grocery Stores

Amazon Fresh is moving away from a feature of its grocery stores where customers could skip checkout altogether.

Amazon is phasing out its checkout-less grocery stores with “Just Walk Out” technology, first reported by The Information Tuesday. The company’s senior vice president of grocery stores says they’re moving away from Just Walk Out, which relied on cameras and sensors to track what people were leaving the store with.

Just over half of Amazon Fresh stores are equipped with Just Walk Out. The technology allows customers to skip checkout altogether by scanning a QR code when they enter the store. Though it seemed completely automated, Just Walk Out relied on more than 1,000 people in India watching and labeling videos to ensure accurate checkouts. The cashiers were simply moved off-site, and they watched you as you shopped.

On Wednesday, GeekWire reported that Amazon Web Services is cutting a few hundred jobs in its Physical Stores Technology team, according to internal emails. The layoffs will allegedly impact portions of Amazon’s identity and checkout teams.

 

Industry News (29:46)

Dataset of 73 Million AT&T Customers Linked to Dark Web Data Breach

Firms Must Work Harder to Guard Children’s Privacy, Says UK ICO

Threat Actor Claims Classified Five Eyes Data Theft

Leicester Council Confirms Confidential Documents Leaked in Ransomware Attack

Jackson County IT Systems Hit By Ransomware Attack

LockBit Scrambles After Takedown, Repopulates Leak Site with Old Breaches

China Using AI-Generated Content to Sow Division in US, Microsoft Finds

Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft

Chinese Threat Actors Deploy New TTPs to Exploit Ivanti Vulnerabilities

 

Tweet of the Week (35:58)

https://twitter.com/belldotbz/status/1776187040813441272

Come on! Like and bloody well subscribe!

Episode 91 - Shorter Than The Average Podcast04 Feb 202200:34:55

This Week in InfoSec (05:24)

With content liberated from the “today in infosec” Twitter account and further afield

30th January 1982: The first computer virus was written.  Richard Skrenta writes the first PC virus code, which is 400 lines long and disguised as an Apple II boot program called “Elk Cloner“.

3rd February 1986: "Vaporware" Announced.  Time magazine reports on frustrations with the slow development of software for use in the computer industry. Reporter Philip Elmer-DeWitt complained about delays in Microsoft Corporation's new Windows operating system, which had been delayed much longer than promised. Silicon Valley pundits had taken to calling such software "Vaporware," the magazine noted.

30th January 2007:  Six years after the launch of Windows XP, the infamous operating system, Windows Vista, was released to an unsuspecting public. For various reasons, the launch of Vista was marred by numerous incompatibility, stability, and otherwise onerous problems. While Microsoft actually made Vista much more palatable after 2 Service Pack upgrades, the damage was already done. Vista’s reputation never recovered. Many wonder if this is why Microsoft so quickly followed only two years later with Windows 7.

 

Rant of the Week (10:45)

Execs keep flinging money at us instead of understanding security, moan infosec pros

Fresh from years of complaining about underfunding and not having enough staff to deal with problems, infosec bods are now complaining that corporate execs merely firehose cash at them without getting their own hands dirty or engaging with the problem.

That's one conclusion that could be drawn from a Trend Micro study published yesterday. Around half of businesses surveyed are spending more on "cyber attacks" than they used to, it said, while a similar number reckon their C-suites don't know what "cyber risk management" means – possibly something about ensuring monitors are firmly bolted to desks.

 

Billy Big Balls of the Week (16:55)

How a US hacker took down North Korea's internet in a revenge cyber-attack

The blame for North Korea's persistent internet failures does not lie with the United States Cyber Command or any other state-sponsored hacker organisation.

In fact, it was the work of an American man, who sat in his living room night after night, watching Alien movies and munching on spicy corn snacks—and periodically walking over to his home office to check on the progress of the programmes he was running to disrupt the internet of an entire country.

US Hacker Brings Down North Korea's Internet After Latter's Attack On Security Researchers

Facebook says Apple iOS privacy change will result in $10 billion revenue hit this year

 

Industry News (23:55)

Social Security Numbers Most Targeted Sensitive Data

FBI: Olympic Athletes Should Leave Devices at Home

British Council Students' Data Exposed in Major Breach

Data Leak Exposes IDs of Airport Security Workers

Scottish Agency Still Recovering from 2020 Ransomware Attack

Fake Influencer Flags Hacking Tactics

Online Thieves Steal $320m from Crypto Firm Wormhole

Home Improvement Firm Fined £200k for Nuisance Calls

Growing Number of Phish Kits Bypass MFA

 

Tweet of the Week (30:23)

https://twitter.com/1MrStoner/status/1488941503049261059  

Come on! Like and bloody well subscribe!

Episode Joe 90 - Filmed in SuperMarionation28 Jan 202200:44:51

This Week in InfoSec (07:20)

With content liberated from the “today in infosec” Twitter account and further afield

26th January 2011: Facebook Enables HTTPS So You Can Share Without Being Hijacked.  Facebook announced Wednesday it would begin supporting a feature to protect users from having their accounts hijacked over Wi-Fi connections or snooped on by schools and businesses.

19th January 2012: Feds Shutter Megaupload, Arrest Executives.  Since the shutdown of Megaupload, stories have erupted about the life and exploits of the company’s founder, a self-styled “Dr. Evil” of file sharing. Kim Dotcom’s opulent digs, high-end cars, fondness for models and other Bond-villain-esque behaviours have been splashed across websites and have confused evening newscasts for the last week.

25th January 2003: A new worm took the Internet by storm, infecting thousands of servers running Microsoft’s SQL Server software every minute. The worm, which became known as SQL Slammer, eventually became the fastest-spreading worm ever and helped change the way Microsoft approached security and reshaped the way many researchers handled advisories and exploit code. The Inside Story of SQL Slammer

 

Rant of the Week (15:35)

Court papers indicate text messages from HMRC's 60886 number could snoop on Brit taxpayers' locations

Britain's tax collection agency asked a contractor to use the SS7 mobile phone signalling protocol that would make available location data of alleged tax defaulters, a High Court lawsuit has revealed.

Her Majesty's Revenue and Customs had the potential to use SS7 to silently request that tax debtors' mobile phones give up location data over the past six years, according to papers filed in an obscure court case about a contract dispute.

 

Billy Big Balls of the Week (25:31)

Unmasking Poopsenders, The Anonymous Website That Sends People Fake Poop

Since 2007, Poopsenders.com has let people send packages filled with disturbingly realistic feces. Now, 'United States of America v. Poopsenders.com' has named two men who may be responsible.

 

Industry News (34:25)

Merck Wins $1.4bn NotPetya Payout from Insurer

Cyber Essentials Overhauled for New Hybrid Working Era

Experts Call for More Open Security Culture After VW Sacking

EyeMed Fined $600k Over Data Breach

Government Trials Effort to Make Bug Scanning Easier

Best Cybersecurity Research Paper Revealed

North Korea Loses Internet in Suspected Cyber-Attack

Florida Considers Deepfake Ban

IT and DevOps Staff More Likely to Click on Phishing Links

 

Tweet of the Week (41:12)

https://twitter.com/ra6bit/status/1486695164332711939

Come on! Like and bloody well subscribe!

Episode 89 - Normal Audio is Resumed21 Jan 202200:50:11

This Week in InfoSec (06:23)

With content liberated from the “Today in InfoSec” twitter account and further afield

19th January 1999: The Happy99 worm first appeared. It invisibly attached itself to emails, displayed fireworks to hide the changes being made, and wished the user a happy New Year. It was the first of a wave of malware that struck Microsoft Windows computers over the next several years, costing businesses and individuals untold amounts of money to resolve. 

19th January 1999: RIM introduces the BlackBerry. The original BlackBerry devices were not phones, but instead were the first mobile devices that could do real-time e-mail. They looked like big pagers.  It is alleged the name “BlackBerry” came from the similarity that the buttons on the original device had to the surface of a blackberry fruit.

London riots: how BlackBerry Messenger played a key role

 

Rant of the Week (18:01)

Singapore gives banks two-week deadline to fix SMS security

A widespread phishing operation targeting Southeast Asia's second-largest bank – Oversea-Chinese Banking Corporation (OCBC) – has prompted the Monetary Authority of Singapore (MAS) to introduce regulations for internet banking that include use of an SMS Sender ID registry.

Singapore banks have two weeks to remove clickable links in text messages or e-mails sent to retail customers. Furthermore, activation of a soft token on a mobile device will require a 12-hour cooling off period, customers must be notified of any request to change their contact details, and fund transfer threshold will by default be set to SG$100 ($74) or lower.

MAS has also offered a vague directive requiring banks to issue more scam education alerts, and to do so more often.

 

Billy Big Balls of the Week  (25:49)

Train Robberies Are Back

Freight trains loaded with valuable merchandise sitting on apparently unguarded tracks make for awfully inviting targets.

For months, Union Pacific freight trains have been getting systematically robbed in the Los Angeles area, according to local news reports, as thieves target valuable merchandise and online orders from retailers like Amazon sitting on delayed trains.

Superyacht Security: The 10 Best Ways To Protect From Pirates And Paparazzi

 

Industry News (33:12)

European Regulators Hand Out €1.1bn in GDPR Fines

NCA: Kids as Young as Nine Have Launched DDoS Attacks

Government to Regulate Crypto Advertising in New Crack Down

Man Charged with Smuggling Tech Exports to Iran

Researchers Hack Olympic Games App

Red Cross: Supply Chain Data Breach Hit 500K People

Eleven Arrested in Bust of Prolific Nigerian BEC Gang

Twitter Mentions More Effective Than CVSS at Reducing Exploitability

Biden Signs Memo to Boost National Cybersecurity

 

Tweet of the Week (42:00)

https://twitter.com/blkcybersources/status/1483826713561862159?s=21

https://twitter.com/BLKCybersources/status/1483826713561862159/photo/1

Come on! Like and bloody well subscribe!

Episode 88 - Only 345 Days Until Christmas14 Jan 202200:41:34

This week in Infosec (06:30)

With content liberated from the “today in infosec” twitter account

12th January 1981: Time Magazine published "Superzapping in Computer Land". Its primary focus was four 13-year-olds from New York City who broke into 2 computer networks and destroyed 1 million bits of data. Yes, a whopping 0.125 MB. Have a read of the article.

Superzapping in Computer Land - The ride of the "Dalton Gang"

https://twitter.com/todayininfosec/status/1481352763476832256

13th January 1989: The “Friday the 13th” virus strikes hundreds of IBM computers in Britain. This is one of the most famous early examples of a computer virus making headlines.

THE EXECUTIVE COMPUTER; Friday the 13th: A Virus Is Lurking

 

Rant of the Week (13:43)

Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps

Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.

Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story.

The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors' and 'faker.' 

 

Billy Big Balls of the Week (23:18)

Info-saturated techie builds bug alert service that phones you to warn of new vulns

An infosec pro fed up of having to follow tedious Twitter accounts to stay on top of cybersecurity developments has set up a website that phones you if there's a new vuln you really need to know about.

 

Industry News (30:37)

FlexBooker Reveals Major Customer Data Breach

Forensics Expert Kept Murder Snaps on PC

Romance Scammers Stole £92m From Victims Last Year

European Union to Launch Supply Chain Attack Simulation

Europol Ordered to Delete Vast Trove of Personal Information

Teen Makes Tesla Hacking Claim

Two Years for Man Who Used RATs to Spy on Women and Children

FCC Proposes Stricter Data Breach Reporting Requirements

New "Undetected" Backdoor Runs Across Three OS Platforms

 

Tweet of the Week (38:32)

https://twitter.com/dominotree/status/1481646565869584385?s=21

Come on! Like and bloody well subscribe!

Episode 87 - Merry New Year07 Jan 202200:50:08

This Week in InfoSec (6:20)

With content liberated from the “today in infosec” twitter account

1st January 1997: The Cult of the Dead Cow admitted it was responsible for the Good Times virus hoax of 1994.

Good times virus

https://twitter.com/todayininfosec/status/1212558619205607426

[Covered this story last month so will axe it]

2nd January 1975: Gates and Allen Name "Micro-Soft".  Microsoft founders Bill Gates and Paul Allen write a letter to MITS, the Albuquerque, New Mexico, company that manufactured the Altair computer, offering a version of BASIC for MITS's "Altair 8800" computer. The contract for BASIC reflected the first time Gates and Allen referred to themselves as the company Microsoft, spelled in the document as "Micro-Soft."

Gates and Allen name Micro-Soft

Microsoft v. MikeRoweSoft

3rd January 1977: Apple Computer, Inc. is Incorporated

Apple Computer, Inc. is incorporated by Steven Jobs and Stephen Wozniak. Its IPO, which took place three years later, was the largest one since the Ford Motor Company went public in 1956. The stock rose almost 32% that day giving the company a market valuation of $1.778 billion. Seven years later, on January 24, 1984, the company revealed the Macintosh personal computer in a publicity campaign that compared IBM with Big Brother and Apple as the savior of the masses.

Apple becomes first company to hit $3 trillion market value, then slips

 

Rant of the Week (17:22)

Remember Norton 360's bundled cryptominer? Irritated folk realise Ethereum crafter is tricky to delete

Back in June, NortonLifeLock, owner of the unloved PC antivirus product, declared it was offering Ethereum mining as part of its antivirus suite. NortonLifeLock's pitch, was that people dabbling in cryptocurrency mining probably weren't paying attention to security – so what better way than to take up a cryptocurrency miner than installing one from a trusted consumer security brand?

In return for you installing their cryptominer on your home PC, NortonLifeLock skims off a mere 15 per cent of whatever digital currency you generate. 

https://twitter.com/jwz/status/1478022085737803776?s=20

 

Billy Big Balls (25:18)

A set of balls to bring us back 

Former CEO of Theranos Elizabeth Holmes convicted on 4 counts

US clothing supplier Pro Wrestling Tees hit by data breach

A quick story that is near and dear to mine and Andy’s heart - which Thom will have absolutely no idea about. 

But Pro wrestling Tee’s - which sells t-shirts designed by professional wrestlers, has discovered that some customers’ credit card numbers have been compromised in a data breach. 

a small portion of our customers’ credit card numbers had been compromised,” reads a breach notification letter signed by Pro Wrestling Tees owner Ryan Barkan

“We immediately conducted a thorough investigation of our system and concluded that a malicious virus was the source of the breach.”

A cybersecurity firm has since helped to remove the malware.

Barkan added that they had found “no evidence that current individual personal information has been compromised”, or evidence “of any current misuse of your information” – despite admitting that the payment details were accessed.

You may be thinking that this isn’t a big deal. 

But what kind of Jabroni thinks it’s a good idea to attack a wrestling store. It’s almost like they’re looking for a smack down. 

I get it, they may have thought - oooh what a rush, but whatcha gonna do? Whatcha gonna do when the feds come looking for you brother? 

Criminals can rest in peace - and that’s the bottom line, cos the host unknown podcast said so. 

[That was this weeks BILLY BIG BALLS] Jav:

 

Industry News (39:53)

Microsoft Fixes New Year's Day Exchange Server Bug

UK Defence Academy Attack Forced IT Rebuild

Investigation Launched into App “Selling” Women

FTC: Patch Log4j Now or Risk Major Fines

UK's Information Commissioner Starts New Role Amid Major Changes

Morgan Stanley Agrees to Data Breach Settlement

Credential Stuffers Compromised 1.1 Million Accounts

Crypto Firm Pulls the Rug from Under Investors with $10m Scam

Man Pleads Guilty to $50m Investment Fraud Scheme

 

Tweet of the Week (43:15)

https://twitter.com/avrovulcanxh607/status/1445102818348699746

Ceefax replica goes TITSUP* as folk pine for simpler times

But creator runs server from home – we can forgive him

A young man who would have been around 10 when the plug was pulled on Ceefax has recreated the BBC's teletext information service online, replete with a digital remote control to punch in the number of your choice.

NMS Ceefax

 

The joke that Jav didn't understand:

Come on! Like and bloody well subscribe!

Episode 86 - The Oh So Christmas Special17 Dec 202100:50:23

This Week in InfoSec

With content liberated from the “today in infosec” twitter account

16th December 1988: 25-year-old computer hacker Kevin Mitnick was charged for crimes including theft of software from DEC (Digital Equipment Corporation), including VMS source code and allegedly causing $4 million in damages to DEC.

Ex-Computer Whiz Kid Held on New Fraud Counts

https://twitter.com/todayininfosec/status/1471639991008825344

15th December 1994: Netscape Communications Corporation releases Netscape Navigator 1.0, the world’s first commercially developed web browser, although this particular version was free for non-commercial use.

15th December 1995: Developed by researchers at Digital Equipment Research Laboratories, the AltaVista search engine is launched. It was the first worldwide    web search service to gain significant popularity. One of the most popular search engines in the early world wide web, Google didn’t overtake AltaVista until 2001. AltaVista was eventually purchased by Yahoo! in 2003.

 

Rant of the Week (15:49)

Thom starts but quickly hands the baton Jav who takes a clear lead on this weeks rant... about Andy. This is Andy's response:

Songs that build up tension and stumble forward: Songs that skip a beat

 

Billy Big Balls of the Week (21:34)

National Lottery scratch card fraud: Men jailed over £4m jackpot claim

I talk about the time Thom went solo with (TL)2 ventures and highlights how going solo is a brave move for someone in a cushy CISO job. 

 

Industry News (28:23)

Hackers Target India’s Prime Minister

“Worst-Case Scenario” Log4j Exploits Travel the Globe

Christmas Payroll Fears After Ransomware Hits Software Provider

Grindr Fined €6.5m for Selling User Data Without Explicit Consent

Log4j Looms Large Over Patch Tuesday

France Orders Clearview AI to Delete Data

Regulator: Venues Must Protect User Privacy During #COVID19 Checks

All Change at the Top as New Ransomware Groups Emerge

US and Australia Enter CLOUD Act Agreement

 

Tweet of the Week ( 38:09)

https://twitter.com/GeekChickUK/status/541242616407687168?s=20

Come on! Like and bloody well subscribe!

Episode 85 - The Not So Christmas Special10 Dec 202100:51:09

Andy’s mattress

This Week in InfoSec (11:46)

With content liberated from the “today in infosec” Twitter account

 7th December 1999: The Recording Industry Association of America sues the peer-to-peer file sharing service Napster alleging copyright infringement for allowing users to download copyrighted music for free. The RIAA would eventually win injunctions against Napster forcing the service to suspend operations and eventually file bankruptcy. In the end the RIAA and its members would settle with Napster’s financial backers for hundreds of millions of dollars.

How The Founder of Napster Trolled Metallica at the VMAs

Shawn Fanning at the MTV Video Music Awards in 2000

 

December 2009, when Yahoo! Doesn't Want You To Know Its Spying Price List; Issues DMCA Takedown

Compliance Guide for Law Enforcement

 

Rant of the Week (22:37)

The vice president should not be using Bluetooth headphones

This week, Politico opened its newsletter with an article on Vice President Kamala Harris’ aversion to using Bluetooth headphones. The VP was “Bluetooth-phobic,” the story claimed, “wary” of her AirPods and cautious with her technology use to an extent former aides described as “a bit paranoid.” Proof could be seen in her televised appearances: wires dangling from her ears in an interview with MSNBC’s Joy Reid or clutched in her hand during the famous “We did it, Joe” call.

But for a high-profile public official, this is a lot more reasonable than you might think. As security researchers were quick to point out, Bluetooth has a number of well-documented vulnerabilities that could be exploited if a bad actor wanted to hack, say, the second most powerful person in the US government.

 

Billy Big Balls of the Week

Feds charge two men with claiming ownership of others' songs to steal YouTube royalty payments

Alleged scheme said to have netted $20m since 2017

"Batista and Teran perpetrated their fraud by falsely representing to Y.T. [YouTube] and to A.R., an intermediate company responsible for enforcing their music library, that they were the owners of a wide swath of music and that they were entitled to collect any resulting royalty payments."

The government claims that around April, 2017, two men, through their company MediaMuv, LLC, entered into a contract with A.R., which administers and distributes YouTube royalty payments, claiming to control a 50,000 song catalog of music.

They subsequently sent the corresponding song files to A.R., which in turn uploaded the files to YouTube, the indictment claims. The court filing cites as an example the song "Viernes Sin Tu Amor," which A.R. is said to have uploaded to YouTube in 2017 and has earned around $24,000 in royalty payments since then.

This was allegedly done for numerous songs, with A.R. eventually, at the direction of the MediaMuv, writing to YouTube "to bulk clear potential copyright conflicts from MediaMuv's entire music catalog."

 

Industry News (36:28) 

Nine State Department Phones Hijacked by Spyware

Cyber-attack Closes UK Convenience Stores

French Transport Giant Exposes 57,000 Employees and Source Code

Hotel Guests Locked Out of Rooms After Ransomware Attack

Passports Now Most Attacked Form of ID

AWS Outage Hits Eastern US

IT Execs Half as Likely to Face the Axe After Breaches

Most Phishing Pages are Short-lived

Half of Websites Still Using Legacy Crypto Keys

 

Tweet of the Week (44:08)

https://twitter.com/TJ_Null/status/1469006847449440262

https://twitter.com/johnjhacking/status/1468860997272174594

Come on! Like and bloody well subscribe!

Episode 84 - The New Tiger King03 Dec 202100:38:20

This Week in InfoSec (06:57)

With content liberated from the “today in infosec” twitter account

4th December 2013: Troy Hunt launched the site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed.  

https://twitter.com/todayininfosec/status/1335020238765744129

1st December 1996: America Online launches a new subscription plan offering their subscribers unlimited dial-up Internet access for $19.95/month. Previously, AOL charged $9.95/month for 5 hours of usage. The new plan brought in over one million new customers to AOL within weeks and daily usage doubled among subscribers (to a whole 32 minutes per day!). 

AOL goes unlimited

 

Billy Big Balls of the Week (16:06)

https://www.bleepingcomputer.com/news/security/former-ubiquiti-dev-charged-for-trying-to-extort-his-employer/

 

Industry News (21:15)

Clearview AI to be Fined $22.6m for Breaching UK Data Protection Laws

Cyber Essentials Set for Major Update in 2022

Texas School District to Scan Children's Devices

MI6 Boss: Digital Attack Surface Growing "Exponentially"

Organizations Now Have 76 Security Tools to Manage

Twitter to Remove Private Media

Russian Bulletproof Hosting Kingpin Gets Five Years

Police Arrest 1800 in Major Money Laundering Crackdown

Phishing Scam Targets Military Families

 

Tweets of the Week (29:50)

https://twitter.com/j_opdenakker/status/1466380453036838913

https://twitter.com/bettersafetynet/status/1466460853105053699

 

Come on! Like and bloody well subscribe!

Episode 83 - The Super Spreader Amateur Hour26 Nov 202100:49:56

This Week in InfoSec (11:00)

With content liberated from the “today in infosec” Twitter account

23rd November 2011: It was reported that Apple took over 3 years to fix the iTunes installer vulnerability which the FinFisher remote spying Trojan exploited.

Apple Took 3+ Years to Fix FinFisher Trojan Hole

https://twitter.com/todayininfosec/status/1331028461612392448

20th November 2000: eBay cancelled a listing for Kevin Mitnick's Bureau of Prisons inmate ID card due to uncertainty about his right to sell it. This was after an initial claim it was a prohibition from committing a "violent felony" and profiting from it.

eBay pulls Kevin Mitnick trinkets: Taking a firm stand against "violent felons"

https://twitter.com/todayininfosec/status/1329940298399703042

 

Rant of the Week (18:50)

SSL keys, sFTP passwords and more exposed after someone broke into GoDaddy Managed WordPress using 'compromised password'

GoDaddy has admitted to America's financial watchdog that one or more miscreants broke into its systems and potentially accessed a huge amount of customer data, from email addresses to SSL private keys.

In a filing on Monday to the SEC, the internet giant said that on November 17 it discovered an "unauthorized third-party" had been roaming around part of its Managed WordPress service, which essentially stores and hosts people's websites.

GoDaddy’s chief information security officer Demetrius Comes said his company "immediately began an investigation with the help of an IT forensics firm and contacted law enforcement."

Those infosec sleuths, we're told, found evidence that an intruder had been inside part of GoDaddy's website provisioning system, described by Comes as a "legacy code base," since September 6, gaining access using a "compromised password."

GoDaddy’s latest rebranding is a break from its sexist past

 

Billy Big Balls of the Week (28:36)

Huge fines and a ban on default passwords in new UK law

The government has introduced new legislation to protect smart devices in people's homes from being hacked.

Recent research from consumer watchdog Which? suggested homes filled with smart devices could be exposed to more than 12,000 attacks in a single week.

Default passwords for internet-connected devices will be banned, and firms which do not comply will face huge fines.

 

Industry News (34:36)

Sky Slow to Fix Bug in Routers

GoDaddy Announces Data Breach

Teen Accused of Stealing Bitcoin Worth $36.5M

Multiple Bugs Enable Eavesdropping on 37% of Android Phones

Apple Sues “State-Sponsored” Spyware Firm NSO Group

Malicious JavaScript Loader is a Multi-RAT Dispenser

YouTube Live Crypto Scams Made Nearly $9m in October

UK Introduces New Cybersecurity Legislation for IoT Devices

Ukrainian Cops Bust Mobile Device Hacking Group

 

Tweet of the Week (43:09)

https://twitter.com/sociosploit/status/1462440968658079763

https://twitter.com/Raspberry_Pi/status/1463803587180511233?s=20

Come on! Like and bloody well subscribe!

Episode 82 - The Irishman19 Nov 202100:44:39

IRISSCON - https://www.iriss.ie/

 

This week in Infosec (12:19)

With content liberated from the “today in infosec” twitter account

15th November 1994: The earliest known example of the Good Times email hoax virus was posted to the TECH-LAW mailing list. Variants of the hoax spread for several years. In 1997, Cult of the Dead Cow (cDc) claimed responsibility for initiating the hoax. 

Good Times Virus Hoax

https://twitter.com/todayininfosec/status/1195353643857391623

12th November 2012: John McAfee went into hiding because his neighbor Gregory Faull was found dead from a gunshot the day before. Belize police wanted McAfee to come in for questioning, but McAfee stated the police were “out to get him”. 

John McAfee hiding from police after businessman's murder in Belize

https://twitter.com/todayininfosec/status/1326993312247656451

 

The Box © Charlie Langford

 

Rant of the Week (18:52)

Amazon tells folks it will stop accepting UK Visa credit cards via weird empty email

How will you be able to buy things you can't afford now?

Amazon has confirmed it will no longer accept payment via Visa credit cards issued in the United Kingdom after several Reg readers wrote in complaining of a cryptic message they'd been sent this morning.

The online sales giant has indicated the move was "due to the high fees Visa charges for processing credit card transactions."

 

Billy Big Balls of the Week (26:22)

New Memento ransomware switches to WinRar after failing at encryption

(The embodiment of: Improvise, adapt, overcome)

A new ransomware group called Memento takes the unusual approach of locking files inside password-protected archives after their encryption method kept being detected by security software.

 

Industry News (33:15)

FBI Fixes Misconfigured Server After Hoax Email Alert

Cryptojackers Disable Alibaba Cloud Security Agent

China Telecom Appeals Against US Ban

Emotet is Rebuilding its Botnet

Ghostwriter Disinformation Operation Linked to Belarus

US to Sell $56m in Seized Crypto-Currency

Threat Actors Discuss Leasing Zero-Day Exploits

China's APT41 Manages Library of Breached Certificates

Russian Cybercrime Forums Open Doors to Chinese-Speakers

 

Tweet of the Week (39:15)

https://twitter.com/benawad/status/1460738174783791105

Come on! Like and bloody well subscribe!

Episode 188 The Don't Mention The Name Episode01 Apr 202400:46:41

This week in InfoSec   (07:32)

With content liberated from the “today in infosec” twitter account and further afield

20th March 2007: Dragos Ruiu announced the first Pwn2Own contest, which was held that April in Vancouver, Canada. The contest is still being held today - and in fact Pwn2Own Vancouver 2024 started today.

https://twitter.com/todayininfosec/status/1770592695255249038

16th March 1971: The first computer virus, Creeper, infected computers on the ARPANET, displaying "I'M THE CREEPER : CATCH ME IF YOU CAN." It was named after the Creeper - a villain from a 1970 episode of the TV series "Scooby-Doo, Where Are You!"

https://twitter.com/todayininfosec/status/1768973007555375317

 

Rant of the Week (14:29)

Majority of Americans now use ad blockers

More than half of Americans are using ad blocking software, and among advertising, programming, and security professionals that fraction is more like two-thirds to three-quarters.

According to a survey of 2,000 Americans conducted by research firm Censuswide, on behalf of Ghostery, a maker of software to block ads and online tracking, 52 percent of Americans now use an ad blocker, up from 34 percent according to 2022 Statista data.

 

Billy Big Balls of the Week (23:01)


Execs in Japan busted for winning dev bids then outsourcing to North Koreans

Two executives were issued arrest warrants in Japan on Wednesday, reportedly for charges related to establishing a business that outsourced work to North Korean IT engineers.

At least one of the individuals – a 53 year old named Pak Hyon-il – is a South Korean national. His alleged accomplice, 42-year old Toshiron Minomo, is Japanese and once worked for Hyon-il, according to local media.

Pak served as president of Fuchu-based IT firm ITZ, while Minomo was the head of Fukuyama-based Robast.

 

Industry News (29:09)

UK Blames China for 2021 Hack Targeting Millions of Voters' Data

Fake Ozempic Deals on the Rise as Experts Warn of Phishing Scams

Portugal Forces Sam Altman's Worldcoin to Stop Collecting Biometric Data

Only 5% of Boards Have Cybersecurity Expertise, Despite Financial Benefits

UK Law Enforcers Arrest 400 in Major Fraud Crackdown

Chinese Hackers Target ASEAN Entities in Espionage Campaign

NHS Trust Confirms Clinical Data Leaked by “Recognized Ransomware Group”

US Treasury Urges Financial Sector to Address AI Cybersecurity Threats

CISA Launches New Cyber Incident Reporting Rules for US Defense Contractors

 

Tweet of the Week  (40:52)

https://twitter.com/bettersafetynet/status/1773626490384511113

Come on! Like and bloody well subscribe!

Episode 81 - Thom AI ver 212 Nov 202100:41:07

This Week in InfoSec (09:55)

With content liberated from the “today in infosec” twitter account

10th November 1983: At a security seminar, Len Adleman used "virus" in connection with self-replicating computer programs. Afterwards, use of the term took off. But it wasn't the first use of "virus" in this way - the 1973 movie "Westworld" used it to describe malfunctions spreading in robots.

https://twitter.com/todayininfosec/status/1193706921733189632

 

Rant of the Week (14:24)

EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms

According to the report, Outpost24's "2021 Web Application Security for Healthcare," EU pharmaceutical businesses often run large numbers of web applications and 3.3% of those scanned by the firm are deemed "suspicious," including open test environments that should have been closed. 

In addition, 18% of organizations analyzed are using outdated, unpatched web components that contain known vulnerabilities. US healthcare organizations have roughly the same amount of suspicious apps in operation but tend to run far fewer apps on the whole -- however, 23.74% of them are outdated.

Over 200 EU pharmaceutical application forms noted in the report are operating without encryption, which puts users at risk of both the interception and theft of their information online. 

Outpost24 said that basic SSL failures, privacy policy misconfigurations, and cookie settings also feature as common security and compliance problems. 

The damage a cyberattack can cause a healthcare or pharmaceutical company can be severe. The COVID-19 pandemic put a target on the back of many of these organizations, with an Oxford University lab with COVID-19 research links and the UK Research and Innovation organization being only two examples of recent victims of incidents leading to data theft and disruption. 

 

Billy Big Balls of the Week (21:18)

Hack leaves fertility clinic medical data at risk

The Lister Fertility Clinic said the firm, which it used for scanning medical records, had been "hacked" by a"cyber-gang", in a letter sent to about 1,700 patients.

 

Industry News  (27:32)

Ukraine Unmasks Armageddon Group as FSB Officers

Facial Recognition Firm Could Be Ordered to "Close" in UK, Warn Experts

One in Three Workers Monitored by Their Employers

Robinhood Data Breach Hits Seven Million Customers

US to Charge Suspects Over Kaseya Ransomware Attack

Class Action Against Google Blocked

Anglers Redirected to Pornhub

Scam PACs Allegedly Stole $3.5m from Trump Voters

Researchers Uncover Prolific Hacker-for-Hire Group

 

Tweet of the Week (35:44)

https://twitter.com/bcmerchant/status/1457849195738451975

https://twitter.com/sherrod_im/status/1458460638561382401

Come on! Like and bloody well subscribe!

Episode 80 - The Thom Langford A.I.05 Nov 202100:36:40

This week in infosec

With content liberated from the “today in infosec” twitter account

Honourable mention for the Morris Worm

  1. 3rd November 2000: A Dutch hacker gained access to Microsoft's network by exploiting a vulnerability Microsoft issued a patch for 10 weeks earlier. 

The Patch MS Forgot to Apply

https://twitter.com/todayininfosec/status/1323807889425895424

  1. 25th October 2013: Adobe revealed that a breach of 2.9 million customer accounts made public 3 weeks earlier actually affected 38 million users.

Adobe breach THIRTEEN times worse than thought, 38 million users affected

https://twitter.com/todayininfosec/status/1323807889425895424  

Rant of the week

Cisco fixes hard-coded credentials and default SSH key issues

Billy big balls 

These Parents Built a School App. Then the City Called the Cops

Stockholm’s official app was a disaster. So annoyed parents built their own open source version—ignoring warnings that it might be illegal.

[INDUSTRY NEWS]

Cops Receive Stalkerware Training

Conti Group Leak Celebs' Data After Ransom Attack on Jeweller

Venmo to Reimburse Hacking Victims

BlackMatter Group Speeds Up Data Theft with New Tool

 Student Loans Company Dismissals Highlight Insider Risk

 NSO Group Blacklisted by US for Trade in Spyware

Cyber-Incident Impacts UK Labour Party

#SecTorCa: Jeff Moss Defines the Role of Hacking 

Threat Actor Claims 'Groove' Ransomware Gang Was Hoax

Tweet of the week

https://twitter.com/summer__heidi/status/1456099556622364672 

Come on! Like and bloody well subscribe!

Episode 79 - Is it a bird a plane or JavMan?29 Oct 202100:46:46

This Week in InfoSec (08:13)

With content liberated from the “today in infosec” Twitter account

29th October 1969: The first message sent over the ARPANET was from Leonard Kleinrock’s UCLA computer, sent by student programmer Charley Kline at 10:30 PM to the second node at Stanford Research Institute’s computer in Menlo Park, California.

The message was simply "Lo." But not on purpose.

Charley Kline Sends the First Message Over the ARPANET from Leonard Kleinrock's Computer

https://twitter.com/todayininfosec/status/1321861878985953282

25th October 2008: A 43-year-old woman in Japan was arrested after she hacked into the computer of the man she'd married in the online game MapleStory and erased his carefully constructed digital character after their relationship curdled.

Woman faces jail for hacking her virtual husband to death

https://twitter.com/todayininfosec/status/1320513559500128257

 

Rant of the Week (18:18)

Why You Should Delete Your Facebook App

A stark new warning for almost all iPhone users, as Facebook is suddenly caught “secretly” harvesting sensitive data without anyone realizing. And worse, there’s no way to stop this especially invasive tracking other than by deleting the app.

 

Billy Big Balls of the Week (27:15)

Teen bought Google ad for his scam website and made 48 Bitcoins duping UK online shoppers

The schoolboy set up a website impersonating gift voucher site Love2Shop. Having done that he then bought Google ads which resulted in his fake site appearing above the real one in search results.

 

Industry News (34:03) 

Government Agents Compromise REvil Backups to Force Group Offline

Halloween Horror-Show for Candy-Maker Hit by Ransomware

New Cybersecurity World Record Set

Tesco App and Website Back Online After Cyber Incident

BlackMatter Bug Saved Victims Millions in Ransom Payments

Study Coordinator Falsified Clinical Trial Data

EC-Council Offers Free Cybersecurity Training

Ofcom's Scam Call-Blocking Plan Could Save Consumers Millions

North Korean Lazarus APT Targets Software Supply Chain

 

Tweet of the week (41:28)

https://twitter.com/coriplusplus/status/1453483418944159748

https://twitter.com/MegabitMeghan/status/1453398057312215042

Come on! Like and bloody well subscribe!

Episode 78 - A Record Breaking Breaking Episode22 Oct 202100:56:12

This Week in InfoSec (13:03)

With content liberated from the “today in infosec” Twitter account

20th October 1996: Twenty-five years ago today. Happy birthday, Ping of Death. 

Ping of Death

https://twitter.com/ajMSFT/status/1450833383597043713?s=20

15th October 1985: 50 FBI agents raided more than 20 homes, seizing 25 personal computers (mostly Commodore 64s) after a group of at least 23 teenagers in San Diego County remotely broke into Chase Manhattan Bank computer systems that July and August.

CHASE COMPUTER RAIDED BY YOUTHS

https://twitter.com/todayininfosec/status/1184283049204174849

 

On the Group Chat (20:27) 

From @maxsec friend of the show:

Cybercrime gang sets up fake company to hire security experts to aid in ransomware attacks

https://twitter.com/campuscodi/status/1451241038908121099

 

Billy Big Balls of the Week  (29:04)

https://twitter.com/ImposeCost/status/1449738212696641538?s=20

 

Industry News (36:50)

US Treasury Tracks $5.2bn of Ransomware Transactions in Six Months

Twitch: No Passwords Were Taken in Data Breach

UK in Midst of $200m Crypto Fraud Epidemic

Apple iCloud Hacker Steals Nudes

LightBasin Operation Compromises 13 Global Telcos in Two Years

Microsoft, Intel and Goldman Sachs Team Up For New Supply Chain Security Initiative

Twitter Pulls Account After Argentinian Mega Breach Claims

Data Scrapers Expose 2.6 Million Instagram and TikTok Users

US to Ban Export of Hacking Tools to Authoritarian States

 

Tweet of the Week (46:02)

https://twitter.com/ElJefeDSecurIT/status/1451232980463075332

Come on! Like and bloody well subscribe!

Episode 77 - An Analogy Wrapped in an Inception Surrounded by Idiots15 Oct 202100:51:25

This Week in Infosec

With content liberated from the “today in infosec” twitter account

13th October 1999: An episode of the "True Life" documentary series titled "I'm a Hacker" aired on MTV. Afterwards one of the hackers featured on the show, Shamrock, issued a statement revealing that the whole thing was a hoax to dupe MTV. D'oh

MTV made to look ridiculous by fake hacker

True Life 'I'm a Hacker' 1 of 2

True Life ‘I’m a Hacker’ 2 of 2

https://twitter.com/todayininfosec/status/1316187816540413953  

9th October 1999: A year after Staples launched its website, it was compromised.

Add malicious code? Nope.

Deface with a political message. No. 

Redirect to a porn site? Nah. 

Then what!? Advertisements were added which led to one of its competitors, Office Depot. 

Staples Sues Unnamed Hacker

https://twitter.com/todayininfosec/status/1314710023931559937

 

As Seen on Reddit

Superlative levels of TechBro shithousery in the technical recruitment zone of San Francisco

Tech bro invents a "skip the interview" tool where you can crowdfund your way into getting a job. r/recruitinghell is having none of it.

 

 Billy Big Balls of the Week

Fraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police Find

AI voice cloning is used in a huge heist in the U.A.E., according to Dubai investigators, amidst warnings about cybercriminal use of the new technology.

 

Industry News

NatWest Pleads Guilty in £400m Money Laundering Case

Brewer's Token Gaffe Causes Massive PII Breach

Couple Arrested Over Sale of Nuclear Secrets  Android Phones Sharing Significant User Data Without Opt-Outs

NCSC CEO: Ransomware the "Most Immediate Threat" Facing UK Businesses

Ghanaian Women Cautioned Against Sharing Nudes

Crypto Romance Scam Drains $1.4M

Financial Regulator Warns of Hybrid Working Security Risks

Met Police Loses 2280 Electronic Devices in Last Two Years

 

As Seen on TikTok

The Ron Burgandy of British "politics"

Nigel Farage promoting drug dealers

 

The Box © Charlie Langford 

charlie@clmediagroup.com for all of your video and sound production and postproduction needs.

Come on! Like and bloody well subscribe!

Episode 76 - Our Best Episode Ever08 Oct 202100:49:32

This Week in InfoSec (08:01)

With content liberated from the “today in infosec” Twitter account

8th September 2009: FBI director Robert Mueller disclosed that his wife banned him from banking online after he nearly fell for an email phishing scam.

Wife bans FBI head from online banking

https://twitter.com/todayininfosec/status/1314002293226905600

3rd October 2017: A week after he retired as the result of Equifax's data breach, former CEO Richard F. Smith told members of Congress one person in the IT department was at fault.

Equifax Breach Caused by Lone Employee’s Error, Former C.E.O. Says

How the Equifax hack happened, and what still needs to be done

https://twitter.com/todayininfosec/status/1312589059559170050

 

Rant of the Week (16:35)

IKEA: Cameras were hidden in the ceiling above warehouse toilets for 'health and safety'

IKEA has removed hidden security cameras from its warehouse in Peterborough, England, after an employee spotted one in the ceiling void while using the toilet.

 

As Seen on TikTok (24:59)

Facebook rendered spineless by buggy audit code that missed catastrophic network config error

Facebook has admitted buggy auditing code was at the core of Tuesday’s six-hour outage – and revealed a little more about its infrastructure to explain how it vanished from the internet.

As described by rey.nbows on TIK TOK

 

Industry News (34:18)

Facebook Whistleblower to Testify Before Senate

Pandora Spills Secrets of Super Rich

DeepMind Technologies Sued Over Data Sharing

Facebook Blames Global Outage on Configuration Error

Text Message Giant Reveals Five-Year Breach

Squid Game Scenes Cut Over Data Exposure

NCSC: Revoke Admin Access for BYOD Users Immediately

Infosec Experts: Twitch Breach “As Bad as it Gets”

US Creates National Cryptocurrency Enforcement Team

 

Tweet of the Week (42:42)

https://twitter.com/cybersecstu/status/1446104732578328583

https://twitter.com/SmashinSecurity/status/1445520598017314826

 

The Box © Charlie Langford

Come on! Like and bloody well subscribe!

Episode 75 - The Old Men of InfoSec01 Oct 202100:51:38

Jav's Record Breakers 14th October 
https://www.eventbrite.ie/e/biggest-virtual-cybersecurity-lesson-tickets-166314899341 

https://www.prnewswire.com/news-releases/organizers-of-security-serious-week-aim-to-set-new-guinness-world-records-title-for-viewership-of-an-online-security-lesson-301376191.html

 

This week in Infosec

With content liberated from the “today in infosec” Twitter account

27th September 2001: Jan de Wit was sentenced to 150 hours of community service in the Netherlands for creating and spreading the Anna Kournikova virus. It was one of the first of the major viruses created from a virus toolkit - the dawn of cybercrime toolkits.

Kournikova virus kiddie gets 150 hours community service

https://twitter.com/todayininfosec/status/1177772557077843968

27th September 1998: On this day in 1998: Google launches

Google Milestones

8 Search Engines That Rocked Before Google Even Existed

https://twitter.com/JonErlichman/status/1442432706877399049?s=20  

 

Rant of the Week

Secure those Macs: Apple must step up and support older machines

For the good of the planet and the safety of its users, it's time for Apple to step up and support its older machines.

 

Billy big Balls of the Week

Mr Gox

A hamster has been trading cryptocurrencies in a cage rigged to automatically buy and sell tokens since June - and it's currently outperforming the S&P 500

 

Industry News

EU Slams Russia Over Disinformation Hacking Campaign

Huawei CFO Released After Admitting She Misled Bank

Computer Scientist Jailed Over Dark Web Conspiracy

Crypto Developer Pleads Guilty to North Korean Plot

Canadian Vaccine Passport App Exposes Data

SolarWinds Attackers Develop New FoggyWeb Backdoor

Vulnerability Exposes iPhone Users to Payment Fraud

Scammers Capitalize on Release of New Bond Movie

Cyber Second Only to Climate Change as Biggest Global Risk

 

Tweet of the Week

https://twitter.com/csoandy/status/1442501996750118915?s=20

https://twitter.com/dcuthbert/status/1442821545047601163?s=20

 

"The Boc" © Charlie Langford

Come on! Like and bloody well subscribe!

Episode 74 - Was it me or was it a long week?24 Sep 202100:47:02

This Week in InfoSec (04:56)

With content liberated from the “today in infosec” Twitter account

  1. 18th September 2015: Google notified Symantec that the latter issued 23 test certificates for five organizations, including Google and Opera, without the domain owners' knowledge. Symantec performed an audit and announced that an additional 2,622 test certificates were mis-issued.

Sustaining Digital Certificate Security

https://twitter.com/todayininfosec/status/1439388653264965638

20th September 1996: An email began spreading about a destructive virus named Irina. Some virus nerd called Graham Cluley discovered it was a hoax "marketing ploy" from Penguin Books.

Computer Viruses and Hoaxes

https://twitter.com/todayininfosec/status/1307862674387144705

 

The Box © Charlie Langford

 

Rant of the Week (12:55)

Investigation launched after MoD email blunder

 

Billy Big Balls of the Week (20:55)

Tick, tick, tick … TikTok China just limited kids to 40 minutes' use each day

 

Industry News (34:17)

Experts Concerned Over New Digital Secretary's Lack of Cyber Knowledge

Romance Scammers Make $133m in First Half of 2021

Former IT Exec Pleads Guilty to Insider Trading Conspiracy

Data of 106 Million Visitors to Thailand Breached

European Police Bust €10m Mafia Fraud Ring

Prison for AT&T Phone-Unlocking Fraudster

Afghan Interpreters' Data Exposed in MoD Breach

Half of Web Owners Don't Know if Their Site Has Been AttackedUS Eye-Care Providers Report Data Breaches

 

Tweet of the Week (41:43)

https://twitter.com/aprivateguy/status/1441091095471874053?s=20

https://twitter.com/ReverseICS/status/1441048111292506112

And just for Andy...

https://twitter.com/AlyssaM_InfoSec/status/1441135546961563649?s=20

Come on! Like and bloody well subscribe!

Judas Priest! It's The Triple Crown!17 Sep 202100:42:02

This Week in InfoSec (04:09)

With content liberated from the “today in infosec” twitter account

16th September 2008: 20-year-old David Kernell compromised the Yahoo! email account of US vice presidential candidate Sarah Palin, then posted her emails to 4chan.

2 years later he was found guilty and sentenced to a year in prison. At age 30 he died of complications related to MS.

Student convicted of hacking Sarah Palin e-mail account

Sarah Palin email hack

https://twitter.com/todayininfosec/status/1306360597915865097

9th September 2015: The security of 300 million travel locks was compromised after 3-D printing files were posted online.

Then again, these travel locks never were particularly secure.

Lockpickers 3-D Print TSA Master Luggage Keys From Leaked Photos

https://twitter.com/todayininfosec/status/1303847394556219392  

 

Tweet of the Week (13:06)

https://twitter.com/yolkfolk_com/status/1438580784294735875

 

Sticky Pickle of the Week (18:16)

Sticky Pickle of the Week is the part of the show where everyone chooses something that they like. It could be a funny story, a book they’ve read, a TV show, movie, record, a podcast, a website, or an app, whatever they like.  It doesn’t have to be security-related necessarily.

Better not be!

Brits open doors for tech-enabled fraudsters because they 'don't want to seem rude'

Brits are too polite to tell phone scammers to "get stuffed", "take a hike" or "sling yer 'ook" when they impersonate so-called "trusted organisations" such as banks.

That's according to the trade association UK Finance, which found that the number of "impersonation scam cases" more than doubled in the first half of 2021 to 33,115 – up from 14,947 during the same period last year.

That is a Sticky Pickle

It's time to delete that hunter2 password from your Microsoft account, says IT giant

From this week, Microsoft won't require you, or your password manager, to come up with strings of letters, numbers, and special characters forming a silly sentence or a reconfiguration of an ex’s name and birthday to access the Windows giant's services.

That is to say, you can delete the password from your Microsoft account, and login using the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your cellphone or email inbox. (Last year, Redmond said SMS codes were unsafe for authentication, we note.)

That is a Sticky Pickle

Ransomware crims saying 'We'll burn your data if you get a negotiator' can't be legally paid off anyway

A couple of ransomware gangs have threatened to start deleting files if targeted companies call in professional negotiators to help lower prices for decryption tools.

Grief Corp is the latest criminal crew to warn its victims with instant data destruction if it suspects a mark has engaged a mediator.

In a statement posted to its Tor-hosted blog, Grief Corp said: "We wanna play a game. If we see professional negotiator from Recovery Company™ – we will just destroy the data.

That is a Sticky Pickle

 

Industry News (31:16)

Poland Extradites Alleged Botnet Operator to US

UK Man Gets Five Years for Online Abuse Campaign

WhatsApp to Roll Out Encrypted Backups

US Locks Up Key Player in Nigerian Romance Scam

Apple Releases Urgent Patch Following Discovery of Pegasus Spyware

Massachusetts AG Launches Probe into T-Mobile Data Breach

Microsoft Patches OMIGOD, MSHTML and PrintNightmare Bugs

Americans Fined After Hacking for Foreign Government

Household Names Hit with £500K Fine for Spamming Consumers

 

Tweet of the Week (38:05)

https://twitter.com/snipeyhead/status/1437935968460304384?s=20

Come on! Like and bloody well subscribe!

Episode 72 - Better Late Than Never10 Sep 202100:46:58

This Week in InfoSec (11:14)

With content liberated from the “today in infosec” twitter account

5th September 1983: The term "hacker" was used by Newsweek, mainstream media's earliest known use of the term in the pejorative sense.

The magazine's cover photo of 17-year-old 414s (hacker group) member Neal Patrick was captioned '414 "Hacker" Neal Patrick.'.

‘Hacker’ is used by mainstream media, September 5, 1983

the414s.com

https://twitter.com/todayininfosec/status/1302239152046563328

https://en.wikipedia.org/wiki/Phreaking_box

 

9th September 2001: Mark Curphey started OWASP (the Open Web Application Security Project).

Who is the OWASP® Foundation?

https://twitter.com/todayininfosec/status/1303830903987359744   

 

Tweet of the Week (21:26)

https://twitter.com/RSnake/status/1435989191414976512?s=20

 

Tweet of the Week (26:41) 

https://twitter.com/hanbandit/status/1436008564020088833

 

Industry News (31:55)

FTC Bans Stalkerware App in Industry First

Texan Accused of Cyber-Stalking and Murder Dies in Jail

ID Theft Couple on the Run

ICO Requests International Support to Tackle Cookie Pop-Ups

Cybersecurity Student Scams Senior Out of $55K

Stress and Burnout Affecting Majority of Cybersecurity Professionals

Data Breach Lawsuit Against Sonic Will Proceed

Berners-Lee Joins ProtonMail Following Privacy Debacle

Security Now a "Thankless Task" For 80% of IT Teams

 

Tweet of the Week (40:01)

https://twitter.com/hondanhon/status/1436027395115393024

 

The Box © Charlie Langford

Come on! Like and bloody well subscribe!

Episode 187 - Mess of Trois17 Mar 202400:55:14

This week in InfoSec  (14:26)

With content liberated from the “today in infosec” twitter account and further afield

7th March 2017: WikiLeaks began its new series of leaks on the U.S. Central Intelligence Agency (CIA). Code-named Vault 7 by WikiLeaks, it was the largest ever publication of confidential documents on the agency.

https://twitter.com/todayininfosec/status/1765828993713090565

14th March 2013: Security journalist Brian Krebs was swatted when police responded to a spoofed 911 call claiming Russians had broken into his home and had shot his wife.

One of several people who made the false report, Eric Taylor (aka Cosmo the God), was sentenced to probation in 2017.

https://twitter.com/todayininfosec/status/1768253237260435814

 

Rant of the Week (21:38)

US Congress goes bang, bang, on TikTok sale-or-ban plan

The United States House of Representatives on Wednesday passed the Protecting Americans from Foreign Adversary Controlled Applications Act – a law aimed at forcing TikTok's Chinese parent ByteDance to sell the app's US operations or face the prospect of a ban.

The bill names only TikTok as a "foreign adversary controlled application" and prohibits "Providing services to distribute, maintain, or update" the app – including by offering it for sale in an app store. Even updates to the app aren't allowed.

If TikTok's US operations were locally owned and operated, none of the sanctions the bill mentions would be enforceable. And US lawmakers' fears that TikTok gives Beijing a way to gather intelligence and surveil citizens would be eased.

[Related or coincidental? Or a BBB?]

Former US Treasury secretary Steve Mnuchin thinking about buying TikTok

On the heels of the US House of Representatives passing a TikTok ban bill, former US Treasury secretary and private equity mogul Steve Mnuchin is apparently thinking about buying the platform.

Speaking to CNBC's pre-market team at Squawk Box, Mnuchin said he hoped the TikTok ban would pass in the Senate, forcing a sale of the platform to a US-based parent. 

"It's a great business and I'm going to put together a group to buy TikTok," Mnuchin told CNBC. Mnuchin didn't mention whether partners had been identified, or what phase the purchase was in.

 

Billy Big Balls of the Week (32:14)


CEO of Data Privacy Company Onerep.com Founded Dozens of People-Search Firms

The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years.

Onerep’s “Protect” service starts at $8.33 per month for individuals and $15/mo for families, and promises to remove your personal information from nearly 200 people-search sites. Onerep also markets its service to companies seeking to offer their employees the ability to have their data continuously removed from people-search sites.

 

Industry News (41:21)

UnitedHealth Sets Timeline to Restore Change Healthcare Systems After BlackCat Hit

Russia’s Midnight Blizzard Accesses Microsoft Source Code

Third-Party Breach and Missing MFA Contributed to British Library Cyber-Attack

Lawmakers Slam UK Government’s “Ostrich Strategy” for Cybersecurity

Google to Restrict Election-Related Answers on AI Chatbot Gemini

Meta Sues Former VP After Defection to AI Startup

Google Paid $10m in Bug Bounties to Security Researchers in 2023

French Employment Agency Data Breach Could Affect 43 Million People

TikTok Faces US Ban as House Votes to Compel ByteDance to Sell

 

Tweet of the Week (50:29)

https://twitter.com/andylapteff/status/1767952062279492006

Come on! Like and bloody well subscribe!

Episode 71 - Thank You For the Music03 Sep 202100:58:11

This Week in InfoSec

With content liberated from the “today in infosec” twitter account

1st September 1997: Nmap was first released as a simple port scanner via an article in issue 51 of Phrack magazine which included the source code.

http://phrack.org/issues/51/11.html

https://twitter.com/todayininfosec/status/1300864278497558528

31st August 2014: A user of the message board 4chan posted leaked photos of actress Jennifer Lawrence and numerous other celebrities.

https://mashable.com/archive/celebrity-nude-photo-hack

https://twitter.com/todayininfosec/status/1300537361676283905  

 

Rant of the Week

Guntrader site hacked and plotted onto Google Maps

 

Billy Big Balls of the Week

Scam artists are recruiting English speakers for business email campaigns

According to Intel 471, forums are now being used to seek out English speakers, in particular, to bring together teams able to manage both the technical aspects and social engineering elements of a BEC scam. 

If a scam is to succeed, the target employee must believe communication comes from a legitimate source -- and secondary language use, spelling mistakes, and grammatical issues could all be indicators that something isn't right, in the same way that run-of-the-mill spam often contains issues that alert recipients to attempted fraud. 

"Actors like those we witnessed are searching for native English speakers since North American and European markets are the primary targets of such scams," the researchers say.

In addition, threat actors are also trying to recruit launderers to clean up the proceeds from BEC schemes, often achieved through cryptocurrency mixer and tumbler platforms. One advert spotted by the team asked for a service able to launder up to $250,000. 

"The BEC footprint on underground forums is not as large as other types of cybercrime, likely since many of the operational elements of BEC use targeted social engineering tactics and fraudulent domains, which do not typically require technical services or products that the underground offers," Intel 471 says. "[...] Criminals will use the underground for all types of schemes, as long as those forums remain a hotbed of skills that can make criminals money."

 

Industry News

Bangkok Airways Admits Attackers Stole Passenger Data

Microsoft Cloud Databases Exposed

UK Government Considers New Regulations for Video Streaming Platforms

Indonesians Told to Delete Unsecured Tracing App

Victim of Cyber-Theft Sues Parents of Alleged Culprits

Australian Couple Admits “Serious Cyber Hacking Offenses”

WhatsApp Fined a Record €225m for GDPR Violations

Sacked Employee Deletes 21GB of Credit Union Files

UK Researchers Invent Device to Thwart USB Malware

 

Tweet of the Week

https://twitter.com/JackRhysider/status/1433097343692324864

https://cybarrior.com/blog/2019/04/05/eagle-eye-reverse-lookup-tool-for-social-media-accounts/

 

"The Box" © Charlie Langford

Come on! Like and bloody well subscribe!

Episode 70 - Two is the Magic number27 Aug 202100:59:21

This week in Infosec (13:24)

With content liberated from the “today in infosec” Twitter account

25th August 1991: Linux completes 30 years.

It was on this date in 1991 that Linus Torvalds announced the first version. He actually wanted to call it as Freax, but his friend Ari Lemmke named it as Linux, which he accepted. Version 1.0 would later be released in March 1994.

https://twitter.com/SadaaShree/status/1430415723856203777

2004: (a mere 17 years ago) The US Department of Justice (DOJ) announced the results of Operation Web Snare - the arrest or conviction of over 150 individuals involved in cybercrime.

https://www.justice.gov/archive/opa/pr/2004/August/04_crm_583.htm

 

Rant of the Week (29:03)

https://www.ncsc.gov.uk/blog-post/10-years-of-10-steps-to-cyber-security

 

Billy Big Balls of the Week (36:40)

Iran official acknowledges videos of Evin prison abuse real

This clip of a security control room at Iran's most notorious prison being shut down by hackers is straight out of a movie.

Hackers are now leaking stolen CCTV from across the Evin prison to highlight the abuse of inmates

 

Industry News (45:35)

Crunch Time for Liquid as Crypto Exchange Loses $97m to Hackers

Man Gets Three Years for Stealing Nude Photos from College Victims

Hackers Leak Footage of Iranian Prison

Poly Network Hacker Returns Remaining Funds

AT&T Denies Data Breach

Time to Fix High Severity Apps Increases by Ten Days

Drug Dealers Get 27 Years After Police Crack EncroChat Comms

70% of Cyber Pros Believe Cyber Insurance is Exacerbating Ransomware

Angry Birds Developer Accused of Illegal Data Collection

 

Tweet of the Week (51:42)

Charlatan - Frank W. Abagnale Jr.

https://twitter.com/securityerrata/status/1429225280997142530

Come on! Like and bloody well subscribe!

Episode 69 - Think of a Number Bill and Ted20 Aug 202100:59:18

This week in Infosec

With content liberated from the “today in infosec” twitter account

14th August 2013: Affinity Health Plan was fined $1,215,780 for a HIPAA violation after a photocopier purchased by CBS for an investigatory report in 2010 revealed medical info.

At $1.2M, photocopy breach proves costly

https://twitter.com/todayininfosec/status/1294252352191565824  

17th August 2005: Jason Smathers, a former employee of AOL, was sentenced to 15 months in prison for selling screen names and email addresses of 92 million users to spammers.

Ex-AOL worker who stole e-mail list sentenced

Jason Smathers: Internet Criminal

https://twitter.com/todayininfosec/status/1295500512830394371

 

The Box incidental music © Charlie Langford

 

Rant of the Week

You can post LinkedIn jobs as almost ANY employer — so can attackers

Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of just about any employer—no verification needed.

And worse, the employer cannot easily take these down.

Now, that might be nothing new, but the feature and lax verification on career websites pave the ways for attackers to post bogus listings for malicious purposes.

The attackers can, for example, use this social engineering tactic to collect personal information and resumes from professionals who believe they are applying to a legitimate company, without realizing their data may be sold or used for phishing scams.

 

Billy Big Balls of the Week

Woman accessed ex-partner’s Alexa to torment his new girlfriend

Philippa Copleston-Warren terrified love rival by using smart device to switch lights on and off and tell her to get out of the house

Chelsea woman used Alexa to scold ex-lover’s new girlfriend

A management consultant from west London accessed the Alexa device at her ex-boyfriend’s home from more than 100 miles away to tell his new partner to get out of the house.

Philippa Copleston-Warren, 46, logged into an app linked to smart devices in the victim’s Lincolnshire home, and was able to see her ex’s new girlfriend on the property’s CCTV system.

Prosecutors said Copleston-Warren was able to tell the woman “to get out” and used the app to turn the bedside lights on and off.

At Isleworth crown court, Copelston-Warren admitted posting a naked photo of her ex-boyfriend on Facebook, accompanying it with the caption: “Do I look fat??? My daily question”.

[That was this weeks BILLY BIG BALLS]

[SEEN ON REDDIT] Thom:

Antivaxers Think Their ‘Pure’ Semen Will Skyrocket in Value

I’m going to retire as a “cum cow”

 

Industry News

"Jigsaw Puzzle" Phishing Attacks Use Morse Code to Hide

Cadbury Campaigns Against Cyber-bullying

Misconfigured Server Leaks US Terror Watchlist

Yik Yak Returns

Airline Employee Jailed for Spending Passengers’ Money

T-Mobile: 49 Million Customers Hit by Data Breach

JPMorgan Chase Notifies Customers of Data Breach

Coin Ninja CEO Admits Operating Darknet Bitcoin Mixer

Women Charged Over Sexually Exploitative Child Modeling Sites

 

Tweet of the Week

https://twitter.com/Kaipo_Rozwolf/status/1428426623091724289

OnlyFans Will Ban Pornography Starting in October, Citing Need to Comply With Financial Partners

 

 

Come on! Like and bloody well subscribe!

Episode 68 - One More Show Until Dinner13 Aug 202100:59:58

This Week in Infosec (14:29)

With content liberated from the “today in infosec” Twitter account

10th August 2001: A Japanese woman, Kumiyo Kishi, was arrested for accessing her coworker's email account, then contacting the user's ISP to regain access after the coworker changed their password.

Japan arrests woman for email snooping

https://twitter.com/todayininfosec/status/1425123899474423811

 

7th August 2010: Terry Childs was sentenced to 4 years in prison for network tampering after refusing to hand over network passwords to his supervisor. He was later ordered to pay nearly $1.5 million in restitution. 

S.F. computer whiz Childs gets 4-year sentence

Sorting out the facts in the Terry Childs case

https://twitter.com/todayininfosec/status/1291377901456232448

 

Billy Big Balls of the Week (28:34)

https://twitter.com/J4vv4D/status/1425381977482539008?s=20

My scooter was stolen last week. Unknown to the thief, I hid two Airtags inside it. I was able to use the Apple Find My network and UWB direction finding to recover the scooter today. Here’s how it all went down: - Dan Guido

 

Industry News (38:51)

Disney Employees Among Those Arrested in Child Abuse Sting

NCSC Sticks by 'Three Random Words' Strategy for Passwords

Martial Arts Instructor Accused of Spying on Students

Fraudsters Impersonate DPD in "Convincing" New Smishing Scam

House of Commons (HoC) Beefs up Cyber Training Following Matt Hancock CCTV Leak Scandal

Chinese Espionage Group UNC215 Targeted Israeli Government Networks

Salesforce Communities Could Expose Business-Sensitive Information

Over $600 Million Stolen in Biggest Ever Cryptocurrency Theft

Accenture Tied Up in $50M Ransom Lockbit 2.0 Attack

 

Tweet of the Week (46:45)

https://twitter.com/runasand/status/1423810127451365382?s=20

Looks like pornhub is always bending over backwards, doing far more than any other social media platform

In a Huge Policy Shift, Pornhub Bans Unverified Uploads

 

The Box incidental music © Charlie Langford

Come on! Like and bloody well subscribe!

Episode 67 - A Total Car Crash06 Aug 202100:58:52

This Week in InfoSec (07:40) 

With content liberated from the “today in infosec” Twitter account

30th July 2013: Chelsea Manning (their name was Bradley Manning at the time) was found guilty of espionage, theft, and computer fraud, as well as military infractions.

United States v Manning

https://twitter.com/todayininfosec/status/1421171398656024587

 

3rd August 2007: Reporter Michelle Madigan (Associate Producer of Dateline NBC) went undercover at DEF CON with a hidden camera to try to get attendees to confess to crimes, was outed by @thedarktangent, and bolted from the venue chased by a pack of 150 people. 

Dateline Mole Allegedly at DefCon with Hidden Camera

An undercover Dateline NBC reporter flees the Defcon (Video)

https://twitter.com/todayininfosec/status/1422682529220472833

 

Rant of the Week (18:42)

UK Politicians are apparently very unlucky with their IT equipment, especially when they need to be investigated.

 

Billy Big Balls of the Week (29:45)

Apple snooping on your pics

https://twitter.com/matthew_d_green/status/1423109002280513540?s=20

 

Industry News (41:04)

US Seeks Espionage Retrial for Chinese Researcher

Zoom Pays $85m to Settle Privacy Suit

US Senate: Seven out of Eight Agencies Are Failing on Cyber

Son Charged in Murder of Cybersecurity ‘Genius’

MoD Boosts Cyber-Resilience with Ethical Hacker Project

Over 60 Million Americans Exposed Through Misconfigured Database

Web Shells and Digital Extortion Drive Triple-Digit Growth in Cyber-Intrusions

Decade-Old Router Bug Could Affect Millions of Devices

Cybercrime Ransomware 'Ban' is No Match for Threat Actors

 

Tweet of the Week (54:52)

https://twitter.com/iamdevloper/status/1423219304435228676?s=21

 

"The Box" Incidental Music ©Charlie Langford

Come on! Like and bloody well subscribe!

Episode 66 - Our Time to Shine30 Jul 202100:59:58

This week in Infosec (06:42)

With content liberated from the “today in infosec” Twitter account

27th July 1979: The first edition of Computer Security was published. It was written by David K. Hsiao, Douglas S. Kerr, and Stuart E. Madnick.

And to think, some of you probably are surprised there were computers in 1979, never mind computer security!

Computer Security 1st Edition

https://twitter.com/todayininfosec/status/1420498414874370049

 

28th July 1997: Tfreak (Dan Moschuk) released his program, smurf, a decision he later regarded as questionable. 

Exactly one year after he retired smurf in 1997, Tfreak published (papa)smurf.c v5.0, a new hybrid DoS attack based on Smurf and Fraggle. 

(papa)smurf.c v5.0 - New hybrid DoS attack based on smurf and fraggle

 

Rant of the Week (23:23) 

https://twitter.com/shanselman/status/1420800992388415491

https://www.idtheftcenter.org/google-voice-scam-tries-to-trick-you-while-you-are-selling-items-online/

 

Billy Big Balls of the Week (32.25)
The Tech Support Scams YouTube channel has been erased from existence in a blaze of irony as host and creator Jim Browning fell victim to a tech support scam that convinced him to secure his account – by deleting it.


Scamming the scam scammer

 

Industry News (40:40)

Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack

Tech biz must tell us about more security breaches, says UK.gov as it ponders lowering report thresholds

ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower

eBay ex-security boss sent down for 18 months for cyber-stalking, witness tampering

Iranian state-backed hackers posed as flirty Scouser called Marcy to target workers in defence and aerospace

'Woefully insufficient': Biden administration's assessment of critical infrastructure infosec protection

Israeli authorities investigate NSO Group over Pegasus spyware abuse claims

Upcoming Android privacy changes include ability to blank advertising ID, and 'safety section' in Play store

Spam is Chipotle's secret ingredient: Marketing email hijacked to dish up malware

 

Tweet of the Week (55:24)

https://twitter.com/bryanl/status/1420925333864386562

Come on! Like and bloody well subscribe!

Episode 65 - Its Too hot23 Jul 202100:59:55

This week in Infosec (08:10)

With content liberated from the “today in infosec” twitter account

16th July 2001: Russian programmer Dmitry Sklyarov was arrested the day after DEF CON for writing software to decrypt Adobe's e-book format. Charges against him were later dropped and the trial against his employer resulted in not guilty verdicts. 

United States v. Elcom Ltd.

https://twitter.com/todayininfosec/status/1416188118655459329

 

15th July 2011: Microsoft Hotmail announced that it would be banning very common passwords such as "123456" and "ilovecats".

Weak Passwords Banned from Hotmail

https://twitter.com/todayininfosec/status/1414330928537686021

 

Rant of the Week (24:29)

Majority of Britons convinced their phones and smart speakers are listening without being prompted.

 

Billy Big Balls of the Week (33:48)

Accuracy at any cost? Gamer leaks British military secrets to company founded in Russia to prove its tank model is wrong

 

Industry News (43:05)

Amnesty International and French media protection org claim massive misuse of NSO spyware

US legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breach

Verified: UK.gov launching plans for yet another digital identity scheme

Northern Train's ticketing system out to lunch as ransomware attack shuts down servers

Journo who went to prison for 2 years for breaking US cyber-security law is jailed again

Spanish cops cuff Brit bloke accused of playing role in 2020 celeb Twitter hijacking

NSO Group 'will no longer be responding to inquiries' about misuse of its software

China pushes back against Exchange attack sponsorship claims

Thales launches payment card with onboard fingerprint scanner

 

Tweet of the Week (48:26)

Tennessee Man Died After He Was 'Swatted' by People Targeting His Twitter Handle

 

https://twitter.com/ThomLangford/status/1416690928354463744

Police forces in brazil celebrating a thief's 18th birthday because they can't arrest anyone under 18

Come on! Like and bloody well subscribe!

Episode 64 - He's Baaaaaack!16 Jul 202100:59:15

This week in Infosec (10.28)

With content liberated from the “today in infosec” Twitter account

14th July 1998: Ethereal was first released publicly as version 0.2.0. Its creator, Gerald Combs, thought it was cool that Bob Metcalfe named Ethernet after luminiferous ether so he picked a name beginning with ether. Since 2006 the network protocol analyzer has been known as Wireshark.

https://twitter.com/todayininfosec/status/1415384753713340417

11th July 2013: In the wake of revelations about the NSA's PRISM program, Jeff Moss (aka The Dark Tangent) asked feds not to attend DEF CON - the first time government employees were asked to stay away.

https://twitter.com/todayininfosec/status/1414330928537686021

 

Billy Big Balls of the Week (17:39)

Thousands of PS4s seized in Ukraine in illegal cryptocurrency mining sting

https://www.zdnet.com/article/thousands-of-ps4s-seized-in-ukraine-in-illegal-cryptocurrency-mining-sting/

 

Tweet of the Week (27.57)

FURY! at ICO doing their job for once.

The ICO is robustly investigating the data leak of hidden camera footage of former Health Secretary Matt Hancock breaking his own isolation and distancing rules. 

https://www.theregister.com/2021/07/15/ico_matt_hancock_raids/

https://metro.co.uk/2021/07/15/houses-raided-by-cops-in-hunt-for-matt-hancock-kissing-leaker-14934920/

https://apple.news/AqkfgpuvFTd--l-z_bZRRmw

 

Industry News (42.35)

Too many workers are still falling victim to phishing attacks

Remote workers battle against a massive range of distractions

Ransomware groups are looking for new recruits with solid negotiation skills

SolarWinds rolls out another emergency patch as new attack vector emerges

Almost half of companies do not have a proper security policy in place

Employees in the dark over the importance of new digital technologies

UK businesses are spending big on security, but drowning in false positives

Traditional ransomware defenses are failing businesses

Almost half of businesses reported to ICO since GDPR came into effect

 

Rant of the Week (50:40)

Facebook adds 'expert' feature to groups

Facebook is rolling out a way to designate topic "experts" inside user-run Facebook groups.

The social network says the new feature is designed to help real experts "stand out" in discussions about their field of expertise.

Group admins will have the power to give the title to nearly any member they want.

 

Incidental Music "The Box" © Charlie Langford

Come on! Like and bloody well subscribe!

Episode 63 - The JavAndy Show09 Jul 202100:48:26

This weeks show is 33% off but the content is still as average as ever!

This week in Infosec - 3 mins 11 secs

Billy Big Balls - 12 mins 49 secs

Rant of the week - 20 mins 52 secs

Industry News - 30 mins 56 secs

Tweet of the week - 38 mins 20 secs

 

THIS WEEK IN INFOSEC

With content liberated from the “today in infosec” twitter account

  1. 4th July 1994: John Markoff's article "Cyberspace's Most Wanted: Hacker Eludes F.B.I. Pursuit" was published by the New York Times. It was about Kevin Mitnick.

Cyberspace's Most Wanted: Hacker Eludes F.B.I. Pursuit
https://twitter.com/todayininfosec/status/1411891849132924932

  1. 8th July 2008: Dan Kaminksy gave a press conference announcing a DNS vulnerability he discovered 6 months prior.  RIP, Dan.

Fix found for net security flaw

https://twitter.com/todayininfosec/status/1413206908882804739

 

BILLY BIG BALLS

Ransomware-hit law firm gets court order asking crooks not to publish the data they stole

Criminals break into your systems, they do the usual, exfiltrate data, deploy ransomware, and leave you nasty messages about how they pwned you while blackmailing you.

However, New Square Ltd may have found a way to stop the criminals from capitalising on the data they have stolen by making it illegal for the criminals to release any of the stolen information. 

 

RANT OF THE WEEK

This TikTok Lawsuit Is Highlighting How AI Is Screwing Over Voice Actors

Voice actors are rallying behind Bev Standing, who is alleging that TikTok acquired and replicated her voice using AI without her knowledge.

At the center of this reckoning is voice actress Bev Standing, who is suing TikTok after alleging the company used her voice for its text-to-speech feature without compensation or consent. This is not the first case like this; voice actress Susan Bennett discovered that audio she recorded for another company was repurposed to be the voice of Siri after Apple launched the feature in 2011. She was paid for the initial recording session but not for being Siri.

Find a job with TikTok Resumes

 

INDUSTRY NEWS

REvil Group Demands $70 Million for 'Universal Decryptor'

Suspected Cyber-Criminal "Dr Hex" Tracked Down Via Phishing Kit

BA Settles with Data Breach Victims

Official Formula 1 App Hacked

Biden Administration Cancels $10bn JEDI Contract

Over 170 Scam Cryptomining Apps Charge for Non-Existent Services

Regulator Probes Former Health Secretary's Use of Private Email

Trump Sues Facebook, Google and Twitter

New PrintNightmare Patch Can Be Bypassed, Say Researchers

 

TWEET OF THE WEEK

https://twitter.com/sherrod_im/status/1412856171652861953

https://twitter.com/doctorow/status/1412923242273140736?s=20

Full story - 

Delivery Drivers Are Using Grey Market Apps to Make Their Jobs Suck Less

Drivers are there virtually, using GPS-spoofing apps to position themselves right in the center of the McDonald's lot while they physically wait under nearby shelters. Using these unofficial apps, known as tuyul, drivers can set their GPS pins at the optimal location they would like orders from, without having to physically drive there.      

 

And with that we leave you to enjoy the weekend!

Come on! Like and bloody well subscribe!

Episode 62 - Bikini Bottom02 Jul 202101:01:19

This Week in InfoSec (08:03)

With content liberated from the “today in infosec” twitter account

30th June 1998: AOL confirmed a leaked spreadsheet containing info of 1,300 AOL community leaders had been stolen from an employee's account.

Not around then? AOL was kind of a big deal - it bought Time Warner in 2000 and was worth $200 billion before imploding.

https://www.cnet.com/news/aol-volunteer-list-hacked/

https://twitter.com/todayininfosec/status/1410396545896177668

 

Rant of the Week (22:15)

via @rootsploit

Cybersecurity Workers Flood Twitter With Bikini Pics to Protest Harassment

Infosec Community Posts Solidarity Bikini Pics After Twitter Troll Outburst

Cybersecurity professionals have come together on Twitter to show their support for an infosec worker who was trolled after posting a bikini pic.

Coleen Shane, founder and chief engineer for InfoSec Bad Girls and Hacker Spring Camp, was astonished when an anonymous follower reacted angrily to the shot.

The user, who follows over 200 infosec-related accounts, argued that there was "no warning" for the image, intimating that "otherwise respectable people" should not be doing such.

Coleen's response was widely praised.

"It's a bikini, and I'm a human being who is a lot more complicated than just Infosec - also I do whatever the hell I want, whenever the hell I want, however the hell I want. Adios," she tweeted.

Communications company got their support for the movement (horribly) wrong by creating a calendar of the bikini photos (without consent) for people to download

Their apology has gone as well as expected

 

Billy Big Balls of the Week (34:00)

Doctor arrested for trying to hire a hitman to kidnap and inject ex-wife with heroin in bizarre bid to win her back

Ronald Ilg, 55, was arrested in April and is being charged in federal court for hiring a hitman over the internet to abduct his wife and imprison her in a "secure location" for a week, all the while dosing her with heroin.

Dr Ilg apparently agreed to pay the would-be kidnapper in Bitcoin. The FBI traced the Bitcoin transaction, which led them to Dr Ilg's Coinbase account.

 

Industry News ( 41:41)

World’s Largest E-tailers to be Investigated Over Fake Reviews

US the Only Top Tier Cyber-power

Sensitive Defense Documents Found at Bus Stop

Pentagon CISO Suspected of Sharing Secrets

Salvation Army Hit by Ransomware Attack

Analyst Steals Millions by Spoofing Director

PrintNightmare: Windows Zero-Day Accidentally Disclosed by Chinese Researchers

New Charges Filed Against Alleged Capital One Hacker

Putin Orders Twitter to Open Russian Office

 

Tweet of the Week (48:25)

Teenagers are figuring out how to fake positive Covid tests using lemon juice and hacks from TikTok

https://twitter.com/imbadatlife/status/1410526468577411072

Come on! Like and bloody well subscribe!

Episode 18605 Mar 202400:40:14

This week in InfoSec  (06:53)

With content liberated from the “today in infosec” twitter account and further afield

1st March 1988: The MS-DOS boot sector virus "Ping-Pong" was discovered at the Politecnico di Torino (Turin Polytechnic University) in Italy.

The virus would show a small ball bouncing around the screen in both text mode (ASCII character "•") and graphical mode.

https://twitter.com/todayininfosec/status/1763540406443163705  

26th February 2004: Antivirus firm F-Secure apologized for sending the Netsky.B virus to 1000s of its UK customers & partners via a mailing list. The unknown sender sent it through the email list server, which didn't scan for viruses. And there was no business reason to accept external emails.

https://twitter.com/todayininfosec/status/1762092359313936553  

 

Rant of the Week (11:48)

Meta's pay-or-consent model hides 'massive illegal data processing ops': lawsuit

Consumer groups are filing legal complaints in the EU in a coordinated attempt to use data protection law to stop Meta from giving local users a "fake choice" between paying up and consenting to being profiled and tracked via data collection.

 

Billy Big Balls of the Week (20:16)

Fox News 'hacker' turns out to be journalist whose lawyers say was doing his job

 A Florida journalist has been arrested and charged with breaking into protected computer systems in a case his lawyers say was less "hacking," more "good investigative journalism." 

Tim Burke was arrested on Thursday and charged with one count of conspiracy, six counts of accessing a protected computer without authorization, and seven counts of intercepting or disclosing wire, oral or electronic communications for his supposed role in the theft of unedited video streams from Fox News.

 

Industry News (27:48)

UK Unveils Draft Cybersecurity Governance Code to Boost Business Resilience

34 Million Roblox Credentials Exposed on Dark Web in Three Years

Biden Bans Mass Sale of Data to Hostile Nations

US Government Warns Healthcare is Biggest Target for BlackCat Affiliates

Savvy Seahorse Targets Investment Platforms With DNS Scams

Pharma Giant Cencora Reports Cybersecurity Breach

UK Home Office Breached Data Protection Law with Migrant Tracking Program, ICO Finds

Five Eyes Warn of Ivanti Vulnerabilities Exploitation, Detection Tools Insufficient

Biden Warns Chinese Cars Could Steal US Citizens' Data

 

Tweet of the Week (35:17)

https://twitter.com/_FN8_/status/1762583435745402951

Come on! Like and bloody well subscribe!

Episode 61 - Hey Everybody Andy is Famous!25 Jun 202100:56:25

This week in Infosec

With content liberated from the “today in infosec” Twitter account

19th June 1987: The first Summercon hacker conference was held in St. Louis, Missouri and was run by the hacker zine Phrack. It's still going strong - the 33rd edition took place virtually last year with in-person attendance returning to NYC next month.

https://www.summercon.org/

https://hackstory.net/Summercon

https://twitter.com/todayininfosec/status/1274065780288548864

20th June 2011: The earliest attack of Operation AntiSec was performed by LulzSec against the UK's Serious Organised Crime Agency.

https://twitter.com/todayininfosec/status/1274498724786397184  

 

Rant of the Week

Ethics in Cybersecurity Marketing – Principles of Value Contribution

EC-Council was recently discovered to be publishing blogs that were, in the opinion of a lawyer I spoke to, plagiarized from security and technology experts. One such work was my blog, “What is a Business Information Security Officer (BISO)”. What follows is a description of the events and what I believe needs to be done to correct this horrific trend.

Alyssa Miller  Duchess of Hackington @AlyssaM_InfoSec

So I really want @ECCouncil to understand the damage they've done (a thread):

EC-Council Deflects After Calls of Most Recent Plagiarism

 

Billy Big Balls of the Week

Three things that have vanished: $3.6bn in Bitcoin, a crypto investment biz, and the two brothers who ran it

“We got hacked and we'll be right back”, duo said ... two months ago.

South African Brothers Vanish, and So Does $3.6 Billion in Bitcoin

A Cape Town law firm hired by investors says they can’t locate the brothers and has reported the matter to the Hawks, an elite unit of the national police force. It’s also told crypto exchanges across the globe should any attempt be made to convert the digital coins.

Two South African brothers have vanished with $3.6 billion of bitcoin in what could be the biggest crypto heist in history

In the time the story first hit, to the time Forbes published it, the value of the haul had dropped significantly in line with the volatility we expect :)

South African Brothers Disappear, Along With $2.2 Billion Worth Of Bitcoin

 

Industry News

Novel Phishing Attack Abuses Google Drive and Docs

Google Spices Up Supply Chain Security with SLSA Framework

Nuclear Research Institute Breached by Suspected North Korean Hackers

Finger Scanning Costs Six Flags $36m

SEC Probes SolarWinds Breach Disclosure Failures

NIST Publishes Ransomware Guidance

Nuisance Call Company Fined £130,000 After Eight-Month Blitz

Anti-virus Pioneer John McAfee Found Dead in Spanish Prison Cell

Google Pushes Back Cookie Removal Plans to 2023

 

The John McAfee story

When Javvad met John McAfee

How to uninstall McAfee anti-virus in his own words

 

Tweet of the Week

https://twitter.com/ShootyDoody/status/1407684922786127873

Come on! Like and bloody well subscribe!

Episode 60 - Guaranteed Jav Free May Contain Nuts18 Jun 202100:59:38

Artist - Carole Theriault

 

This week in Infosec

With content liberated from the “today in infosec” Twitter account (and embellished by us 😉)

11th June 2008: Verizon released the first edition of its annual Data Breach Investigations Report (DBIR).

Incidents are still a thing.  Data breaches are still a thing.  Some stuff has changed.  Some hasn't.  Time keeps on ticking.  ¯_(ツ)_/¯

Verizon Business Releases Trailblazing Data-Breach Study Spanning 500 Forensic Investigations

Analysis of the 2021 Verizon Data Breach Report (DBIR)

https://twitter.com/todayininfosec/status/1271264648986124289  

17th June 2010: The Stuxnet worm was first discovered by Sergey Ulasen at Belarusian antivirus software vendor VirusBlokAda. Announcement: http://anti-virus.by/en/tempo.shtml

Interview with Sergey Ulasen in 2011: 

The Man Who Found Stuxnet – Sergey Ulasen in the Spotlight

https://twitter.com/todayininfosec/status/1273501720723648512  

 

Rant of the Week

[Carole saves the show by having something prepared (even if it is from the cutting room floor of Smashing Security)]

ICO watchdog 'deeply concerned' over live facial recognition

https://www.bbc.co.uk/news/technology-57504717

 

Billy Big Balls of the Week

Doctors and Scientists Are Fighting Vaccine Misinformation on TikTok

The experts of the Team Halo initiative have taken to social media in order to combat falsehoods about COVID-19 and promote accurate vaccine science.

 

Industry News

VW Vendor Leaves Data Unsecured

IKEA Fined $1.2m for Spying on Employees

Third of Staff Use Security Workarounds at Home

IoT Supply Chain Bug Hits Millions of Cameras

Most Ransomware Victims Are Hit Again After Paying

Football Fever Puts Password Security at Risk

Hackers Can Spy on Peloton Workouts

A Billion CVS Records Exposed

Puzzling New Malware Blocks Access to Piracy Sites

 

Sticky Pickle of the Week

A Neighbourly Pickle

 

Tweet of the Week

https://twitter.com/InfosecMiles/status/1405194858965475328

Come on! Like and bloody well subscribe!

Episode 59 - We Voted For The Lazarus Heist11 Jun 202100:56:22

This week in Infosec

Liberated from the “today in infosec” Twitter account.

5th June 1991: Philip Zimmermann sent the first release of PGP to 2 friends, Allan Hoeltje and Kelly Goen, to upload to the Internet.

Read his story about the release, including his disclosure of how little he understood about Usenet and what newsgroups even were. 

http://www.philzimmermann.com/EN/news/PGP_10thAnniversary.html

PGP Marks 30th Anniversary

https://twitter.com/todayininfosec/status/1269043313404862465  

7th June 1989: The beta release of the Bourne Again SHell (Bash) was announced as version 0.99. 2 months later Shellshock was introduced into the Bash source code and persisted in subsequent versions for over 25 years.

https://groups.google.com/g/gnu.announce/c/hvhlR1Vn1P0/m/NYwp-4_0CaUJ?pli=1

https://twitter.com/todayininfosec/status/1269788726156124160 

9th June 1993: The first DEF CON hacker conference was held at the Sands Hotel & Casino in Las Vegas, Nevada. Initially planned by Jeff Moss as a farewell party for a hacker friend, about 100 people attended. It has since grown to become a 4-day conference with 30,000 attendees.

https://twitter.com/todayininfosec/status/1270389947753627648

 

Rant of the Week

There was widespread panic on Tuesday after a major Internet outage knocked dozens of websites offline.

Amazon, Reddit and Twitch were all affected, as were the Guardian, the New York Times and the Financial Times.

Additionally, the UK government website crashed – on the day that Britons aged 25–29 were invited to book their COVID-19 vaccines.

Despite initial speculation that the outage was the result of a cyber attack – with ‘#cyberattack’ trending on Twitter – the true cause of the incident was less sensational, although nonetheless concerning.

What caused the Internet to crash?

Websites begin to work again after major outage

 

Billy Big Balls of the Week

Alleged drug syndicates, contract killers and weapons dealers thought they were using high-priced, securely encrypted phones that would protect them as they openly discussed drug deals by text message and swapped photos of cocaine-packed pineapples. What they were really doing, investigators revealed Tuesday, was channeling their plots straight into the hands of U.S. intelligence agents.

An international coalition of law enforcement officials announced they had ensnared alleged criminals around the world after duping them into using phones loaded with an encrypted messaging app controlled by the FBI.

Street value of cocaine

ANOM: Hundreds arrested in massive global crime sting using messaging app

FBI-controlled Anom app ensnares scores of alleged criminals in global police sting

Trojan Shield: How the FBI Secretly Ran a Phone Network for Criminals

ANOM: Alleged drug kingpin told to hand himself in after being tricked into spreading fake phone app

 

 

Industry News

Biden Expands Trump’s Investment Ban on Chinese Firms

More US Kids Warned About Internet Than Unsafe Sex

US to Treat Ransomware Like Terrorism

Hacker Group Gunning for Musk

French Antitrust Regulator Slaps $268 Million Fine on Google

Microsoft Fixes Seven Zero-Days This Patch Tuesday

A Third of Execs Plan to Spy on Staff to Guard Trade Secrets

JBS Admits Paying REvil Ransomware Group $11 Million

Schools Forced to Shut Following Critical Ransomware Attack

 

Tweet of the Week

https://twitter.com/Eskenzi/status/1402684475243438081

https://twitter.com/KimZetter/status/1402695107640393729

Come on! Like and bloody well subscribe!

© My Podcast Data