Explore every episode of the podcast The Host Unknown Podcast
| Title | Pub. Date | Duration | |
|---|---|---|---|
| Episode 200 - The Bicentennial men Episode | 02 Sep 2024 | 00:39:12 | |
This week in InfoSec (07:42) With content liberated from the “today in infosec” twitter account and further afield 29th August 1990: The UK's Computer Misuse Act 1990 went into effect, introducing 3 criminal offences related to unauthorised access and modification of "computer material". https://twitter.com/todayininfosec/status/1829252932178719161 27th August 1999: One of the first companies to offer a dedicated web application firewall (WAF) was Perfecto Technologies with its AppShield product. But it didn't use the terminology "WAF", instead describing it as "a plug and play" Internet application security solution." https://twitter.com/todayininfosec/status/1828483993001492969
Rant of the Week (13:25) Watchdog warns FBI is sloppy on secure data storage and destruction The FBI has made serious slip-ups in how it processes and destroys electronic storage media seized as part of investigations, according to an audit by the Department of Justice Office of the Inspector General. Drives containing national security data, Foreign Intelligence Surveillance Act information and documents classified as Secret were routinely unlabeled, opening the potential for it to be either lost or stolen, the report [PDF] addressed to FBI Director Christopher Wray states. Ironically, this lack of identification might be considered a benefit, given the lax security at the FBI's facility used to destroy such media after they have been finished with. The OIG report notes that it found boxes of hard drives and removable storage sitting open and unattended for "days or even weeks" because they were only sealed once the boxes were full. This potentially allows any of the 395 staff and contractors with access to the facility to have a rummage around.
Billy Big Balls of the Week (22:01) Deadbeat dad faked his own death by hacking government databases A US man has been sentenced to 81 months in jail for faking his own death by hacking government systems and officially marking himself as deceased. The US Department of Justice on Tuesday detailed the case of Jesse Kipf, 39, who was sent down for computer fraud and aggravated identity theft. In January 2023, Kipf used the credentials of a physician to access Hawaii's Death Registry System and create a "case" that recorded his own death. "Kipf then completed a State of Hawaii Death Certificate Worksheet, assigned himself as the medical certifier for the case and certified his death, using the digital signature of the doctor," the DoJ wrote. The paperwork was all correct, so many government databases listed Kipf as deceased. But he was very much alive and enjoying the fact that his "death" meant he didn't have to make child support payments or catch up on those he'd already missed. Evidence presented in court included internet search histories recorded on a laptop, with Kipf looking up terms including "Remove California child support for deceased."
Industry News (28:13) FBI Flawed Data Handling Raises Security Concerns Microsoft 365 Copilot Vulnerability Exposes User Data Risks Money Laundering Dominates UK Fraud Cases Ransomware Attacks Exposed 6.7 Million Records in US Schools IT Engineer Charged For Attempting to Extort Former Employer Surge in New Scams as Pig Butchering Dominates Unpatched CCTV Cameras Exploited to Spread Mirai Variant North Korean Hackers Launch New Wave of npm Package Attacks
Tweet of the Week (36:20) https://x.com/fesshole/status/1828921760147767400 Come on! Like and bloody well subscribe! | |||
| Episode 199 - The Holiday Is Over Episode | 27 Aug 2024 | 00:35:54 | |
This week in InfoSec (06:43) With content liberated from the “today in infosec” twitter account and further afield 18th August 2004: Text messages sent to promote the video game "Resident Evil: Outbreak" stated "Outbreak: I'm infecting you with t-virus". This scared recipients, who were only about 7% less technologically savvy than mobile phone users today. https://x.com/todayininfosec/status/1825257955878641888
20th August 2003: Philippe Oechslin shared his technique he called "rainbow tables" during a talk at the 23rd annual crypto conference, Crypto 2003. It became a popular approach for cracking password hashes. Today it's less widely used due to adoption of practices that reduce its efficacy. https://x.com/todayininfosec/status/1825865870716870802
Rant of the Week (10:59) This uni thought it would be a good idea to do a phishing test with a fake Ebola scare University of California Santa Cruz (UCSC) students may be relieved to hear that an emailed warning about a staff member infected with the Ebola virus was just a phishing exercise. The message, titled "Emergency Notification: Ebola Virus Case on Campus," went out to the university community on Sunday, August 18. It began, "We regret to inform you that a member of our staff, who recently returned from South Africa, has tested positive for the Ebola virus." The message went on to say that the university has initiated a contact tracing protocol and asks message recipients to "Please Log In to the Access Information Page for more details" – the very activity phishing messages attempt to encourage in order to capture login credentials. The simulated attack was similar to an actual phishing message sent on August 1, 2024, as shown on the UCSC Phish Bowl, a collection of real and test phishing attempts. But the one sent on Sunday was intended to raise awareness of phishing rather than to actually steal information. In that, it succeeded. The message prompted the UCSC Student Health Center to publish a notice about a "Phishing email with misleading health information." On Monday, Brian Hall, chief information security officer for UCSC, sent out an apology to the university community.
Billy Big Balls of the Week (18:20) Russia tells citizens to switch off home surveillance because the Ukrainians are coming Russia's Ministry of Internal Affairs is warning residents of under-siege regions to switch off home surveillance systems and dating apps to stop Ukraine from using them for intel-gathering purposes. Residents of the Bryansk, Kursk, and Belgorod regions were issued with the warnings amid what seems like Russia being thoroughly rattled by Ukraine's incursion into the country's southwest. "The enemy is massively identifying IP ranges in our territories and connecting to unprotected video surveillance cameras remotely, viewing everything from private yards to roads and highways of strategic importance," said the ministry, according to Russian newswire Interfax. "In this regard, if there is no urgent need, it is better not to use video surveillance cameras. "It is highly discouraged to use online dating services. The enemy actively uses such resources for the covert collection of information." These warnings were just two of many included in a public memo aimed at protecting the identities of high-value Russian individuals, including military personnel, law enforcement agents, and nuclear energy workers.
Industry News (24:51) Iran Behind Trump Campaign Hack, US Government Confirms New DNS-Based Backdoor Threat Discovered at Taiwanese University Most Ransomware Attacks Now Happen at Night CISA to Get New Headquarters as $524M Contract Awarded Australia Calls Off Clearview AI Investigation Despite Lack of Compliance Backdoor in Mifare Smart Cards Could Open Doors Around the World Security Flaws in UK Political Party Donation Platforms Exposed Company Fined $1m for Fake Joe Biden AI Calls FAA Admits Gaps in Aircraft Cybersecurity Rules: New Regulation Proposed
Tweet of the Week (32:19) https://x.com/anon_opin/status/1826015107857416458?s=46&t=1-Sjo1Vy8SG7OdizJ3wVbg Come on! Like and bloody well subscribe! | |||
| Episode 190 - The Very Serious Episode | 15 Apr 2024 | 00:55:19 | |
This week in InfoSec (08:49) With content liberated from the “today in infosec” twitter account and further afield 7th April 1969: Steve Crocker, a graduate student at UCLA and part of the team developing ARPANET, writes the first “Request for Comments“. The ARPANET, a research project of the Department of Defense’s Advanced Research Projects Agency (ARPA), was the foundation of today’s modern Internet. RFC 1 defined the design of the host software for communication between ARPANET nodes. This host software would be run on Interface Message Processors or IMPs, which were the precursor to Internet routers. The “host software” defined in RFC 1 would later be known as the Network Control Protocol or NCP, which itself was the forerunner to the modern TCP/IP protocol the Internet runs on today. https://thisdayintechhistory.com/04/07/rfc-1-defines-the-building-block-of-internet-communication/ 7th April 2014: The Heartbleed Bug was publicly disclosed. The buffer over-read vulnerability had been discovered by Neel Mehta and later privately reported to the OpenSSL project, which patched it the next day. The vulnerability was inadvertently introduced into OpenSSL 2 years prior. https://twitter.com/todayininfosec/status/1777136463882183076
Rant of the Week (17:09) OpenTable is adding your first name to previously anonymous reviews Restaurant reservation platform OpenTable says that all reviews on the platform will no longer be fully anonymous starting May 22nd and will now show members' profile pictures and first names. OpenTable notified members of this new policy change today in emails to members who had previously left a review on the platform, stating the change was made to provide more transparency. "At OpenTable, we strive to build a community in which diners can help other diners discover new restaurants, and reviews are a big part of that," reads the OpenTable email seen by BleepingComputer. "We've heard from you, our diners, that trust and transparency are important when looking at reviews." "To build on the credibility of our review program, starting May 22, 2024, OpenTable will begin displaying diner first names and profile photos on all diner reviews. This update will also apply to past reviews.
Billy Big Balls of the Week (26:36) Lloyds Banking Group plans to cut jobs in risk management after an internal review found the function was a “blocker to our strategic transformation”. The restructuring was outlined in a memo last month from Lloyds’ chief risk officer Stephen Shelley, who said two-thirds of executives believed risk management was blocking progress while “less than half our workforce believe intelligent risk-taking is encouraged”. The lender was “resetting our approach to risk and controls”, Shelley said in the memo, seen by the Financial Times, adding that “the initial focus is on non-financial risks”.
Industry News (33:55) T: Famous YouTube Channels Hacked to Distribute Infostealers A: US Federal Data Privacy Law Introduced by Legislators J: Foreign Interference Drives Record Surge in IP Theft T: Half of UK Businesses Hit by Cyber-Incident in Past Year, UK Government Finds A: US Claims to Have Recovered $1.4bn in COVID Fraud J: Women Experience Exclusion Twice as Often as Men in Cybersecurity T: Threat Actors Game GitHub Search to Spread Malware A: Data Breach Exposes 300k Taxi Passengers’ Information J: Apple Boosts Spyware Alerts For Mercenary Attacks
Tweet of the Week (52:08) https://x.com/ErrataRob/status/1778536622163984590 Come on! Like and bloody well subscribe! | |||
| Episode 101 - My Brain Hurts | 29 Apr 2022 | 00:50:03 | |
This Week in InfoSec (09:26) With content liberated from the “today in infosec” Twitter account and further afield 26th April 2013: LivingSocial informed its employees that 50 million users' names, emails, dates of birth, and SHA1 hashed passwords were compromised. https://twitter.com/todayininfosec/status/1519039747301199872 26th April 1999: The first known virus to target the flash BIOS of a PC, the CIH/Chernobyl Virus triggers on this day, erasing hard drives and disabling PCs primarily in Asia and Europe. One of the most destructive viruses in history, Turkey and South Korea alone reported 300,000 infected systems.
As Seen on Reddit (23:29) My thoughts on a decade of Cyber Security: 10 Lessons I’ve learned Reddit user u/CrowGrandFather has spent more than a decade in the Cyber Security Industry and has come up with 10 lessons he learned along the way. 1. Cyber is risk and nothing else 2. No one cares about your stats 3. Understand that not everyone is as smart as you 4. Stop with the playbooks 5. Read the news for your boss 6. Blackhat is mostly pointless 7. Location, Location, Location 8. You’re probably doing threat intelligence wrong 9. Don’t write to be understood, write so that you can’t possibly be misunderstood 10. Make friends with your Marketing team [That was this week's As seen on Reddit]
Industry News (42:07) LinkedIn Becomes the Most Impersonated Brand for Phishing Attacks Costa Rica Refuses to Pay Cyber Ransom Bored Ape Yacht Club Customers Lose $3m in NFT Scam French Hospitals Cut Internet Connection After Data Raid Security Teams Should Be Addressing Quantum Cyber-Threats Now Private Investigator Admits Role in Hedge Fund Hack UK Schools Can Sign-Up to Free Government-Grade Security Coca-Cola Investigates Data Breach Claim Crypto Trading Fund Partners Accused of Fraud
Tweet of the Week (45:00) https://twitter.com/austinpeay/status/1519397653305561088 https://twitter.com/austinpeay/status/1519399475785125889 Come on! Like and bloody well subscribe! | |||
| Episode 100 - Can We Go Home Now | 08 Apr 2022 | 00:46:34 | |
This Week In InfoSec (10:15) With content liberated from the “today in infosec” twitter account and further afield 1st April 1998: Hackers changed the MIT home page to read "Disney to Acquire MIT for $6.9 Billion". https://twitter.com/todayininfosec/status/1245550127806201857 MIT says "Disney buys MIT" hack revealed by low price 1st April 2004: The now ubiquitous Gmail service is launched as an invitation-only beta service. At first met with skepticism due to it being launched on April Fool’s Day, the ease of use and speed that Gmail offered for a web-based email service quickly won converts. The fact that Gmail was invitation-only for a long time helped fuel a mystique that those who had a Gmail address were hip and uber-cool.
Rant of the Week: (16:25) Bank had no firewall license, intrusion or phishing protection – guess the rest An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees.
Billy Big Balls of the Week (23:20) Bearded Barbie hackers catfish high ranking Israeli officials The Hamas-backed hacking group tracked as 'APT-C-23' was found catfishing Israeli officials working in defense, law, enforcement, and government agencies, ultimately leading to the deployment of new malware. The campaign involves high-level social engineering tricks such as creating fake social media profiles and a long-term engagement with the targets before delivering spyware.
Industry News (30:50) Scottish Power Parent Company Hit by Data Breach Trezor Customers Phished After MailChimp Compromise Cadbury Warns of Easter Egg Scam Jail Releases 300 Suspects Due to Computer "Glitch" WhatsApp 'Voice Message' Is an Info-Stealing Phishing Attack Germany Shuts Down Russian Darknet Marketplace Hydra Attack on Ukraine Telecoms Provider Caused by Compromised Employee Credentials Block Warns Eight Million Customers of Insider Breach Employee Info Among 13 Million Records Leaked by Fox News
Tweet of the Week (41:50) https://twitter.com/_sn0ww/status/1511857122966835200 Come on! Like and bloody well subscribe! | |||
| Episode 99 - Do You Think They Will Notice? | 01 Apr 2022 | 00:52:59 | |
This Week in InfoSec (09:55) With content liberated from the “today in infosec” twitter account and further afield 31st March 1999: The hugely successful motion picture, The Matrix, is released on this day. Many call it a classic (ok, that’s me), many call it influential (ok, me again), but no one can deny that the impact it had on many aspects of our society from the emerging tech culture, to the movie industry, to science-fiction, to political thinking 25th March 2010: Albert Gonzales was sentenced to 20 years in prison for stealing credit card data from TJX and other companies. He is currently serving his sentence at FMC Lexington, a Kentucky facility for inmates requiring medical or mental health attention. Sex, Drugs, and the Biggest Cybercrime of All Time
Rant of the Week (19:32) Yale finance director stole $40m in computers to resell on the sly A now-former finance director stole tablet computers and other equipment worth $40 million from the Yale University School of Medicine, and resold them for a profit.
Billy Big Balls of the Week (30:30) Ubiquiti sues Krebs on Security for defamation Network equipment maker Ubiquiti on Tuesday filed a lawsuit against infosec journalist Brian Krebs, alleging he defamed the company by falsely accusing the firm of covering up a cyber-attack. On March 30, 2021, Krebs reported that Ubiquiti had disclosed a January breach involving a third-party cloud provider, later revealed to be AWS, and that an unnamed source within the firm had claimed the company was downplaying a catastrophic compromise. Apple and Meta shared data with hackers pretending to be law enforcement officials Apple and Meta handed over user data to hackers who faked emergency data request orders typically sent by law enforcement, according to a report by Bloomberg. The slip-up happened in mid-2021, with both companies falling for the phony requests and providing information about users’ IP addresses, phone numbers, and home addresses. Law enforcement officials often request data from social platforms in connection with criminal investigations, allowing them to obtain information about the owner of a specific online account. While these requests require a subpoena or search warrant signed by a judge, emergency data requests don’t — and are intended for cases that involve life-threatening situations. Industry News (37:24) Dental Practice Fined for Sharing Patient Data on Social Media Yandex is Sending iOS Users' Data to Russia Attackers Steal $618m From Crypto Firm New Research Claims Biden's Disclosure Deadlines Are Unrealistic NCSC: Time to Rethink Russian Supply Chain Risks Cyber-attack on California Healthcare Organization New Version of PCI DSS Designed to Tackle Emerging Payment Threats No Patch Available Yet for Critical SpringShell Bug
Tweet of the Week ( https://twitter.com/AskAManager/status/1509246642364588040 https://twitter.com/HackingLZ/status/1509529191439425540 Come on! Like and bloody well subscribe! | |||
| Episode 98 - The Statin-Free Show | 25 Mar 2022 | 00:42:38 | |
Links https://www.theguardian.com/uk/canoe Authentication oufit Okta investigating Lapsus$ breach report Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal Netflix to Charge Password Sharers Background Check Company Sued Over Data Breach Okta Confirms 2.5% of Customers Impacted by Lapsus Breach Medical Service Leaks 12,000 Sensitive Patient Images West Blocks Russia's Access to Weather Data Fastest Ransomware Encrypts 100k Files in Four Minutes US Indicts Russian Over "Carding Shop" Okta CSO: Lapsus Incident Was “Embarrassing” Indian Police Bust Online Helicopter Scam Tweet of the week https://twitter.com/aschmelyun/status/1506960015063625733
Come on! Like and bloody well subscribe! | |||
| Episode 97 - He Is Back And He Really is Bad | 18 Mar 2022 | 00:43:52 | |
This Week in InfoSec (08:06) With content liberated from the “today in infosec” twitter account and further afield 15th March 1985: The first Internet domain symbolics.com is registered by Symbolics, a Massachusetts computer company. 16th March 2018: National Lottery owner Camelot has warned of a "low level" cyber-attack that affected customer accounts. It has asked all of its customers to change the passwords on their accounts as a precaution.
Rant of the Week (16:31) Germany advises citizens to uninstall Kaspersky antivirus Nation's cybersecurity agency has doubts about Russian firm's reliability Germany's BSI federal cybersecurity agency has warned the country's citizens not to install Russian-owned Kaspersky antivirus, saying it has "doubts about the reliability of the manufacturer." Russia-based Kaspersky has long been a target of suspicious rumours in the West over its ownership and allegiance to Russia's rulers. In an advisory published today, the agency said: "The BSI recommends replacing applications from Kaspersky's virus protection software portfolio with alternative products."
Billy Big Balls of the Week ( 24:49) The Workaday Life of the World’s Most Dangerous Ransomware Gang A Ukrainian researcher leaked 60,000 messages from inside the Conti ransomware group. The Conti ransomware gang was on top of the world. The sprawling network of cybercriminals extorted $180 million from its victims last year, eclipsing the earnings of all other ransomware gangs. Then it backed Vladimir Putin’s invasion of Ukraine. And it all started falling apart.
Industry News (31:24) French Bank Denies Access to Russian Workforce UK Unveils New Cyber Flashing Law Israeli Government Websites Taken Offline in Large-Scale Cyber-Attack UK Blocks Assange's Extradition Appeal Avast Merger Raises Competition Concerns Irish Watchdog Fines Meta $19m Over Data Breach Kaspersky Hits Back at "Politically Motivated" BSI Advisory Thousands of Mobile Apps Expose User Data Via Cloud Misconfigurations
Tweet of the Week (39:12) https://twitter.com/moonpolysoft/status/1503519499089186818 Come on! Like and bloody well subscribe! | |||
| Episode 96 - We Don't Know What She Has But They Are Colossal | 11 Mar 2022 | 00:49:26 | |
This Week in InfoSec (08:22) With content liberated from the “today in infosec” Twitter account and further afield 6th March 1992: The Michelangelo virus, so-named because it activates on March 6, the birthday of Michelangelo, begins infecting computers. The virus will also make news in 1993. It was one of the earliest viruses to receive widespread media attention and also one of the first to prompt widespread hysteria. The irony of the name of the virus was that nothing in the virus’ code referenced Michelangelo. It is possible the virus author, who was never identified, did not know March 6th was Michelangelo’s birthday! 9th March 1999: United States Vice President Al Gore gives an interview on CNN’s Late Edition in which he states, “During my service in the United States Congress, I took the initiative in creating the Internet. I took the initiative in moving forward a whole range of initiatives that have proven to be important to our country’s economic growth and environmental protection, improvements in our educational system.” This is the infamous statement which will be widely misquoted as “I invented the Internet.”
Rant of the Week (13:59) Most Orgs Would Take Security Bugs Over Ethical Hacking Help A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways. Enterprises are putting greater stock in cybersecurity, but outdated “security by obscurity” is still prevailing as companies wrestle with security awareness and shy away from bug-bounty programs. That’s according to new survey data from HackerOne, which found that a full 65 percent of organizations surveyed claimed that they “want to be seen as infallible.” However, just as many – 64 percent – said they practice a culture of security through obscurity, where secrecy is used as the primary method of protecting sensitive systems and assets.
Carole's Colossal Cahones (24:49) When Pigs Cry: Tool decodes the Emotional Lives of Swine https://www.nytimes.com/2022/03/09/science/pigs-oinks-grunts.html
Industry News (30:31) Dirty Pipe Exploit Rings Alarm Bells in the Linux Community Chinese APT41 Group Compromises Six US Government Networks Prison for Man Who Scammed US Government to Buy Pokémon Card UK Announces New Rules to Tackle Surging Online Scam Adverts Over 90% of Exposed Russian Cloud Databases Compromised AI Accountability Framework Created to Guide Use of AI in Security Conti Group Spent $6m on Salaries, Tools and Services in a Year
Tweet of the Week (39:33) https://twitter.com/achornback/status/1501677184515256321?s=12 Come on! Like and bloody well subscribe! | |||
| Episode 95 - Dammit He Came Back | 04 Mar 2022 | 00:46:47 | |
This Week in InfoSec (08:37) With content liberated from the “today in infosec” Twitter account and further afield 7th March 1997: During a hearing on Microsoft’s alleged antitrust activities, Bill Gates admits Microsoft’s contracts bar Internet content providers from promoting Netscape’s browser. Eventually, Internet Explorer dominates the web browser market as it is shipped for free with every copy of Windows. 3rd March 2009: “You may be wondering why I’ve turned myself into a zombie. Well, it’s in honour of National Zombie Awareness Week in Australia, which is highlighting the problem of compromised computers (known as bots or zombies). Zombie computers can be invisibly controlled by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or steal confidential information.”
Rant of the Week (15:36) The zero-password future can't come soon enough SpyCloud highlights poor password hygiene of consumers and the threat to enterprises Passwords, long a weakness in the tapestry of defences designed to keep enterprises and individuals more secure, continue to be a problem due in large part to the same issue that has haunted them for years: the users themselves.
Billy Big Balls of the Week (27:41) The electric car chargers along one of the most important freeways in Russia are all down Monday after the Ukrainian company tasked with building the main components in the chargers used backdoor access to hack them, shut them down, and program anti-Putin/pro-Ukrainian messages to scroll past on their screens. The outage affects chargers along the M11 motorway, which connects Moscow to St. Petersburg. The Russian energy company Rosseti confirmed the hack in a post on the company’s Facebook.
Industry News (33:52) Ukraine Asks for Hackers’ Help Conti Encrypts Karma Ransom Note in Same Victim Network Apple and Google Turn Off Map Features to Help Ukraine NIST Seeks Cybersecurity Framework Feedback Nvidia Admits Hackers Stole Employee and Internal Data Russia Denies Satellite Hacking and Warns of Wider War Swiss Bank Requests Destruction of Documents Vulnerability Exploit Attempts Surge Tenfold Against Ukrainian Websites
Tweet of the Week (40:40) https://twitter.com/gyarbij/status/1499289498005422083 Come on! Like and bloody well subscribe! | |||
| Episode 94 - Lost Sole Founder Reward If Found | 25 Feb 2022 | 00:48:02 | |
This Week in InfoSec (11:37) With content liberated from the “today in infosec” twitter account and further afield 23rd February 2005: The discovery of the first mobile phone virus, Cabir, is accounced. Specifically, Cabir is a worm which infects phones running the Symbian OS. Whenever an infected phone is activated, the message “Caribe” is displayed. Infected phones also attempts to spread the virus through Bluetooth signals.
Billy Big Balls (21:51) https://nypost.com/2022/02/24/ukrainian-women-say-russian-troops-are-flirting-with-them-on-tinder/ From Russia with lust. Russian soldiers poised to invade Ukraine have bombarded women on the other side of the border with Tinder messages Tuesday, according to the Sun. Dasha Synelnikova’s app lit up with matches from soldiers named Andrei, Alexander, Gregory, Michail and “Black” some 20 miles away, the report said. “I actually live in Kyiv but changed my location settings to Kharkiv after a friend told me there were Russian troops all over Tinder,” Synelnikova, a 33-year-old video producer, told the outlet. Many would-be paramours reportedly flirted with treachery as they gave away their military positions while forces assembled north of Kharkiv prepared for what appeared to be an imminent attack, according to Ukrainian military intelligence officials. “One muscular guy posed up trying to look sexy in bed posing with his pistol. Another was in full Russian combat gear and others just showed off in tight stripy vests,” Synelnikova told the British paper.
Rant of the Week (28:57) A War in Europe Is Being Documented One Social Media Post at a Time The rest of the world watches Russia's invasion into Ukraine through the lens of Twitter and Tiktok.
Industry News (35:28) Banking World Rocked After Leak Exposes 18,000 Credit Suisse Accounts Teen Framed for Cybercrime Files Lawsuit US Receives Ransomware Warning EU Deploys Cyber Response Unit to Ukraine Ofcom Set to Crack Down on Phone Fraud Vishing Makes Phishing Campaigns Three-Times More Successful Nonprofits Form Cyber Coalition Ukraine Attacked with ‘Wiper’ Malware
Tweet of the Week (44:10) https://twitter.com/dcuthbert/status/1496935547171835911 Come on! Like and bloody well subscribe! | |||
| Episode 93 - Its That Man Again | 18 Feb 2022 | 00:49:43 | |
This Week in InfoSec (07:54) With content liberated from the “today in infosec” Twitter account and further afield 15th February 1999 Computer owners (dominated by Linux users) marched on Microsoft’s offices demanding refunds for the copies of Windows that came pre-installed on their computers. This day came to be known as Windows Refund Day. 15th February 2007: TSA Removes Online Traveller Redress System. The Transportation Security Agency has removed from its website an online system designed for travellers who have been told they are on a watchlist and inserted a statement that the agency takes information security seriously, following reporting by 27B (and others) that the site could put travellers at risk of identity theft and looked like online fraud.
Rant of the Week (17:41) 3G network shutting down could disable millions of home security alarms and car safety systems https://apple.news/AuLfeucEvTSOwz1aqMIUDow Millions of burglar alarms, car safety systems, GPS trackers, medical monitors, and even prisoner ankle tags could stop working when American 3G mobile networks shut down later this year.
Billy Big Balls of the Week (29:26) Gary Bowser was recently sentenced to over 3 years in prison and ordered to pay millions to Nintendo for what his lawyers say was a relatively minor role in a Nintendo Switch piracy ring. He was the victim of domestic violence from a girlfriend, and another girlfriend of his was murdered. His older brother died in a plane crash, and Bowser’s mother died when he was 15, the court record adds. In response, Bowser drank, the court records state. Bowser was charged in Canada in 2004 in a fraud case concerning less than $5,000, the court records say. In 2018, he contracted lymphedema, likely from a mosquito bite, which “caused morbid swelling of his left leg,” the lawyers wrote. When Bowser did join Xecutor, he was the only member who did so under his own identity; his colleagues were pseudonymous on the site. Xecutor as “one of the most prolific video game hacking groups,” and said that Bowser also administered a website called rom-bank.com which contained illegal copies of over 10,000 video games, Bowser was paid $500 to $1,000 a month over the course of seven years to maintain the organization’s websites Last week, Bowser was sentenced to more than three years in prison and has agreed to pay $4,500,000 in restitution to Nintendo. In a related civil lawsuit that concluded in December, a court ordered Bowser to also pay $10,000,000. https://www.vice.com/en/article/epxm5n/gary-bowser-small-apartment-owes-nintendo-10-million
Unskilled hacker linked to years of attacks on aviation, transport sectors For years, a low-skilled attacker has been using off-the-shelf malware in malicious campaigns aimed at companies in the aviation sector as well as in other sensitive industries. The threat actor has been active since at least 2017, targeting entities in the aviation, aerospace, transportation, manufacturing, and defence industries. Tracked as TA2541 by cybersecurity company Proofpoint, the adversary is believed to operate from Nigeria and its activity has been documented before in the analysis of separate campaigns.
Industry News (37:18) Trustpilot Sues Immigration Biz for Alleged Fake Reviews Healthcare Data Breaches Impact 147k Illinoisans Finance Officer Jailed After Stealing £200,000 from Charity Red Cross Attackers Exploited Zoho Bug Used by China Grand Prix CFO Sentenced for Identity Theft Researchers Block "Largest Ever" Bot Attack Data Privacy Lawsuit Could Cost Meta $90m Phishing Top Threat to US Healthcare
Tweet of the Week (44:32 ) https://twitter.com/zebpalmer/status/1492742757185556483 https://twitter.com/JackRhysider/status/1494330800564625413
[That was this week's TWEET OF THE WEEK!] Come on! Like and bloody well subscribe! | |||
| Episode 92 - Just The Two Of Us | 11 Feb 2022 | 00:46:47 | |
This Week in InfoSec (04:44) February 5th 2009 Come on Kaspersky, if you think you’re hard enough.. February 5th 2009 The Sophos snowball fight February 9th 2009 Hacked road sign warns of British invasion
Rant of the Week (16:01) Hackers are hitting Britain where it hurts by targeting some of its favourite savoury snacks, with the likes of Hula Hoops, KP Nuts, Butterkist popcorn and Nik Naks in their cyber sights. Hackers hold Hula Hoops hostage in cyber-raid on Britain's KP Snacks | Reuters
Billy Big Balls of the Week (22:48) A woman accused of laundering billions of dollars in stolen cryptocurrency alongside her husband may end up becoming better known for her excruciating music career as a self-styled “raunchy rapper” called Razzlekhan.
Industry News (29:50) DDoS Attacks Hit All-time High Californian College Attacked with Ransomware SANS Institute Launches Nationwide Scholarship Program ICO Hit by 2650% Rise in Email Attacks Almost $1.3bn Paid to Ransomware Actors Since 2020 CISOs Reveal Biggest Challenges for Security Teams
Tweet of the Week (38:58) https://twitter.com/d0rkph0enix/status/1491914588811501568
Come on! Like and bloody well subscribe! | |||
| Episode 189 - The Something Something Band Something Something Together Episode | 08 Apr 2024 | 00:39:51 | |
This week in InfoSec (06:10) With content liberated from the “today in infosec” twitter account and further afield 3rd April 2011: Email marketing and loyalty program management company Epsilon reported a data breach of names and email addresses of numerous companies' customers, totaling at least 60 million records. Dozens of companies were impacted, including Kroger, Walgreens, Verizon, and Chase. https://twitter.com/todayininfosec/status/1775598288277835996 1st April 1995: US President Bill Clinton and Russian President Boris Yeltsin announced a pact to exchange their personal PGP keys and to make the technology available to all citizens worldwide. (April Fools' Day) https://twitter.com/todayininfosec/status/1774994645053010184
Rant of the Week (13:06) William Wragg honey trap scandal is ‘extremely troubling’ says minister Explosive revelations that a senior Conservative MP leaked colleagues’ phone numbers to a man he had met on the gay dating app Grindr are “very serious”, a minister has warned, amid questions over whether the MP will face sanctions. Vice chairman of the 1922 committee William Wragg admitted he sent the numbers after becoming concerned about the power the recipient had over him since he had sent intimate pictures of himself. Treasury minister Gareth Davies said the situation was “incredibly troubling and very serious” but maintained that Mr Wragg would keep the party whip while the incident is being investigated.
Billy Big Balls of the Week (24:09) Amazon Fresh is moving away from a feature of its grocery stores where customers could skip checkout altogether. Amazon is phasing out its checkout-less grocery stores with “Just Walk Out” technology, first reported by The Information Tuesday. The company’s senior vice president of grocery stores says they’re moving away from Just Walk Out, which relied on cameras and sensors to track what people were leaving the store with. Just over half of Amazon Fresh stores are equipped with Just Walk Out. The technology allows customers to skip checkout altogether by scanning a QR code when they enter the store. Though it seemed completely automated, Just Walk Out relied on more than 1,000 people in India watching and labeling videos to ensure accurate checkouts. The cashiers were simply moved off-site, and they watched you as you shopped. On Wednesday, GeekWire reported that Amazon Web Services is cutting a few hundred jobs in its Physical Stores Technology team, according to internal emails. The layoffs will allegedly impact portions of Amazon’s identity and checkout teams.
Industry News (29:46) Dataset of 73 Million AT&T Customers Linked to Dark Web Data Breach Firms Must Work Harder to Guard Children’s Privacy, Says UK ICO Threat Actor Claims Classified Five Eyes Data Theft Leicester Council Confirms Confidential Documents Leaked in Ransomware Attack Jackson County IT Systems Hit By Ransomware Attack LockBit Scrambles After Takedown, Repopulates Leak Site with Old Breaches China Using AI-Generated Content to Sow Division in US, Microsoft Finds Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft Chinese Threat Actors Deploy New TTPs to Exploit Ivanti Vulnerabilities
Tweet of the Week (35:58) https://twitter.com/belldotbz/status/1776187040813441272 Come on! Like and bloody well subscribe! | |||
| Episode 91 - Shorter Than The Average Podcast | 04 Feb 2022 | 00:34:55 | |
This Week in InfoSec (05:24) With content liberated from the “today in infosec” Twitter account and further afield 30th January 1982: The first computer virus was written. Richard Skrenta writes the first PC virus code, which is 400 lines long and disguised as an Apple II boot program called “Elk Cloner“. 3rd February 1986: "Vaporware" Announced. Time magazine reports on frustrations with the slow development of software for use in the computer industry. Reporter Philip Elmer-DeWitt complained about delays in Microsoft Corporation's new Windows operating system, which had been delayed much longer than promised. Silicon Valley pundits had taken to calling such software "Vaporware," the magazine noted. 30th January 2007: Six years after the launch of Windows XP, the infamous operating system, Windows Vista, was released to an unsuspecting public. For various reasons, the launch of Vista was marred by numerous incompatibility, stability, and otherwise onerous problems. While Microsoft actually made Vista much more palatable after 2 Service Pack upgrades, the damage was already done. Vista’s reputation never recovered. Many wonder if this is why Microsoft so quickly followed only two years later with Windows 7.
Rant of the Week (10:45) Execs keep flinging money at us instead of understanding security, moan infosec pros Fresh from years of complaining about underfunding and not having enough staff to deal with problems, infosec bods are now complaining that corporate execs merely firehose cash at them without getting their own hands dirty or engaging with the problem. That's one conclusion that could be drawn from a Trend Micro study published yesterday. Around half of businesses surveyed are spending more on "cyber attacks" than they used to, it said, while a similar number reckon their C-suites don't know what "cyber risk management" means – possibly something about ensuring monitors are firmly bolted to desks.
Billy Big Balls of the Week (16:55) How a US hacker took down North Korea's internet in a revenge cyber-attack The blame for North Korea's persistent internet failures does not lie with the United States Cyber Command or any other state-sponsored hacker organisation. In fact, it was the work of an American man, who sat in his living room night after night, watching Alien movies and munching on spicy corn snacks—and periodically walking over to his home office to check on the progress of the programmes he was running to disrupt the internet of an entire country. US Hacker Brings Down North Korea's Internet After Latter's Attack On Security Researchers Facebook says Apple iOS privacy change will result in $10 billion revenue hit this year
Industry News (23:55) Social Security Numbers Most Targeted Sensitive Data FBI: Olympic Athletes Should Leave Devices at Home British Council Students' Data Exposed in Major Breach Data Leak Exposes IDs of Airport Security Workers Scottish Agency Still Recovering from 2020 Ransomware Attack Fake Influencer Flags Hacking Tactics Online Thieves Steal $320m from Crypto Firm Wormhole Home Improvement Firm Fined £200k for Nuisance Calls Growing Number of Phish Kits Bypass MFA
Tweet of the Week (30:23) https://twitter.com/1MrStoner/status/1488941503049261059 Come on! Like and bloody well subscribe! | |||
| Episode Joe 90 - Filmed in SuperMarionation | 28 Jan 2022 | 00:44:51 | |
This Week in InfoSec (07:20) With content liberated from the “today in infosec” Twitter account and further afield 26th January 2011: Facebook Enables HTTPS So You Can Share Without Being Hijacked. Facebook announced Wednesday it would begin supporting a feature to protect users from having their accounts hijacked over Wi-Fi connections or snooped on by schools and businesses. 19th January 2012: Feds Shutter Megaupload, Arrest Executives. Since the shutdown of Megaupload, stories have erupted about the life and exploits of the company’s founder, a self-styled “Dr. Evil” of file sharing. Kim Dotcom’s opulent digs, high-end cars, fondness for models and other Bond-villain-esque behaviours have been splashed across websites and have confused evening newscasts for the last week. 25th January 2003: A new worm took the Internet by storm, infecting thousands of servers running Microsoft’s SQL Server software every minute. The worm, which became known as SQL Slammer, eventually became the fastest-spreading worm ever and helped change the way Microsoft approached security and reshaped the way many researchers handled advisories and exploit code. The Inside Story of SQL Slammer.
Rant of the Week (15:35) Britain's tax collection agency asked a contractor to use the SS7 mobile phone signalling protocol that would make available location data of alleged tax defaulters, a High Court lawsuit has revealed. Her Majesty's Revenue and Customs had the potential to use SS7 to silently request that tax debtors' mobile phones give up location data over the past six years, according to papers filed in an obscure court case about a contract dispute.
Billy Big Balls of the Week (25:31) Unmasking Poopsenders, The Anonymous Website That Sends People Fake Poop Since 2007, Poopsenders.com has let people send packages filled with disturbingly realistic feces. Now, 'United States of America v. Poopsenders.com' has named two men who may be responsible.
Industry News (34:25) Merck Wins $1.4bn NotPetya Payout from Insurer Cyber Essentials Overhauled for New Hybrid Working Era Experts Call for More Open Security Culture After VW Sacking EyeMed Fined $600k Over Data Breach Government Trials Effort to Make Bug Scanning Easier Best Cybersecurity Research Paper Revealed North Korea Loses Internet in Suspected Cyber-Attack Florida Considers Deepfake Ban IT and DevOps Staff More Likely to Click on Phishing Links
Tweet of the Week (41:12) https://twitter.com/ra6bit/status/1486695164332711939 Come on! Like and bloody well subscribe! | |||
| Episode 89 - Normal Audio is Resumed | 21 Jan 2022 | 00:50:11 | |
This Week in InfoSec (06:23) With content liberated from the “Today in InfoSec” twitter account and further afield 19th January 1999: The Happy99 worm first appeared. It invisibly attached itself to emails, displayed fireworks to hide the changes being made, and wished the user a happy New Year. It was the first of a wave of malware that struck Microsoft Windows computers over the next several years, costing businesses and individuals untold amounts of money to resolve. 19th January 1999: RIM introduces the BlackBerry. The original BlackBerry devices were not phones, but instead were the first mobile devices that could do real-time e-mail. They looked like big pagers. It is alleged the name “BlackBerry” came from the similarity that the buttons on the original device had to the surface of a blackberry fruit. London riots: how BlackBerry Messenger played a key role
Rant of the Week (18:01) Singapore gives banks two-week deadline to fix SMS security A widespread phishing operation targeting Southeast Asia's second-largest bank – Oversea-Chinese Banking Corporation (OCBC) – has prompted the Monetary Authority of Singapore (MAS) to introduce regulations for internet banking that include use of an SMS Sender ID registry. Singapore banks have two weeks to remove clickable links in text messages or e-mails sent to retail customers. Furthermore, activation of a soft token on a mobile device will require a 12-hour cooling off period, customers must be notified of any request to change their contact details, and fund transfer threshold will by default be set to SG$100 ($74) or lower. MAS has also offered a vague directive requiring banks to issue more scam education alerts, and to do so more often.
Billy Big Balls of the Week (25:49) Freight trains loaded with valuable merchandise sitting on apparently unguarded tracks make for awfully inviting targets. For months, Union Pacific freight trains have been getting systematically robbed in the Los Angeles area, according to local news reports, as thieves target valuable merchandise and online orders from retailers like Amazon sitting on delayed trains. Superyacht Security: The 10 Best Ways To Protect From Pirates And Paparazzi
Industry News (33:12) European Regulators Hand Out €1.1bn in GDPR Fines NCA: Kids as Young as Nine Have Launched DDoS Attacks Government to Regulate Crypto Advertising in New Crack Down Man Charged with Smuggling Tech Exports to Iran Researchers Hack Olympic Games App Red Cross: Supply Chain Data Breach Hit 500K People Eleven Arrested in Bust of Prolific Nigerian BEC Gang Twitter Mentions More Effective Than CVSS at Reducing Exploitability Biden Signs Memo to Boost National Cybersecurity
Tweet of the Week (42:00) https://twitter.com/blkcybersources/status/1483826713561862159?s=21 https://twitter.com/BLKCybersources/status/1483826713561862159/photo/1 Come on! Like and bloody well subscribe! | |||
| Episode 88 - Only 345 Days Until Christmas | 14 Jan 2022 | 00:41:34 | |
This week in Infosec (06:30) With content liberated from the “today in infosec” twitter account 12th January 1981: Time Magazine published "Superzapping in Computer Land". Its primary focus was four 13-year-olds from New York City who broke into 2 computer networks and destroyed 1 million bits of data. Yes, a whopping 0.125 MB. Have a read of the article. Superzapping in Computer Land - The ride of the "Dalton Gang" https://twitter.com/todayininfosec/status/1481352763476832256 13th January 1989: The “Friday the 13th” virus strikes hundreds of IBM computers in Britain. This is one of the most famous early examples of a computer virus making headlines. THE EXECUTIVE COMPUTER; Friday the 13th: A Virus Is Lurking
Rant of the Week (13:43) Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of apps Users of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking. Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story. The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors' and 'faker.'
Billy Big Balls of the Week (23:18) Info-saturated techie builds bug alert service that phones you to warn of new vulns An infosec pro fed up of having to follow tedious Twitter accounts to stay on top of cybersecurity developments has set up a website that phones you if there's a new vuln you really need to know about.
Industry News (30:37) FlexBooker Reveals Major Customer Data Breach Forensics Expert Kept Murder Snaps on PC Romance Scammers Stole £92m From Victims Last Year European Union to Launch Supply Chain Attack Simulation Europol Ordered to Delete Vast Trove of Personal Information Teen Makes Tesla Hacking Claim Two Years for Man Who Used RATs to Spy on Women and Children FCC Proposes Stricter Data Breach Reporting Requirements New "Undetected" Backdoor Runs Across Three OS Platforms
Tweet of the Week (38:32) https://twitter.com/dominotree/status/1481646565869584385?s=21 Come on! Like and bloody well subscribe! | |||
| Episode 87 - Merry New Year | 07 Jan 2022 | 00:50:08 | |
This Week in InfoSec (6:20) With content liberated from the “today in infosec” twitter account 1st January 1997: The Cult of the Dead Cow admitted it was responsible for the Good Times virus hoax of 1994. https://twitter.com/todayininfosec/status/1212558619205607426 [Covered this story last month so will axe it] 2nd January 1975: Gates and Allen Name "Micro-Soft". Microsoft founders Bill Gates and Paul Allen write a letter to MITS, the Albuquerque, New Mexico, company that manufactured the Altair computer, offering a version of BASIC for MITS's "Altair 8800" computer. The contract for BASIC reflected the first time Gates and Allen referred to themselves as the company Microsoft, spelled in the document as "Micro-Soft." Gates and Allen name Micro-Soft 3rd January 1977: Apple Computer, Inc. is Incorporated Apple Computer, Inc. is incorporated by Steven Jobs and Stephen Wozniak. Its IPO, which took place three years later, was the largest one since the Ford Motor Company went public in 1956. The stock rose almost 32% that day giving the company a market valuation of $1.778 billion. Seven years later, on January 24, 1984, the company revealed the Macintosh personal computer in a publicity campaign that compared IBM with Big Brother and Apple as the savior of the masses. Apple becomes first company to hit $3 trillion market value, then slips
Rant of the Week (17:22) Back in June, NortonLifeLock, owner of the unloved PC antivirus product, declared it was offering Ethereum mining as part of its antivirus suite. NortonLifeLock's pitch, was that people dabbling in cryptocurrency mining probably weren't paying attention to security – so what better way than to take up a cryptocurrency miner than installing one from a trusted consumer security brand? In return for you installing their cryptominer on your home PC, NortonLifeLock skims off a mere 15 per cent of whatever digital currency you generate. https://twitter.com/jwz/status/1478022085737803776?s=20
Billy Big Balls (25:18) A set of balls to bring us back Former CEO of Theranos Elizabeth Holmes convicted on 4 counts US clothing supplier Pro Wrestling Tees hit by data breach A quick story that is near and dear to mine and Andy’s heart - which Thom will have absolutely no idea about. But Pro wrestling Tee’s - which sells t-shirts designed by professional wrestlers, has discovered that some customers’ credit card numbers have been compromised in a data breach. a small portion of our customers’ credit card numbers had been compromised,” reads a breach notification letter signed by Pro Wrestling Tees owner Ryan Barkan “We immediately conducted a thorough investigation of our system and concluded that a malicious virus was the source of the breach.” A cybersecurity firm has since helped to remove the malware. Barkan added that they had found “no evidence that current individual personal information has been compromised”, or evidence “of any current misuse of your information” – despite admitting that the payment details were accessed. You may be thinking that this isn’t a big deal. But what kind of Jabroni thinks it’s a good idea to attack a wrestling store. It’s almost like they’re looking for a smack down. I get it, they may have thought - oooh what a rush, but whatcha gonna do? Whatcha gonna do when the feds come looking for you brother? Criminals can rest in peace - and that’s the bottom line, cos the host unknown podcast said so. [That was this weeks BILLY BIG BALLS] Jav:
Industry News (39:53) Microsoft Fixes New Year's Day Exchange Server Bug UK Defence Academy Attack Forced IT Rebuild Investigation Launched into App “Selling” Women FTC: Patch Log4j Now or Risk Major Fines UK's Information Commissioner Starts New Role Amid Major Changes Morgan Stanley Agrees to Data Breach Settlement Credential Stuffers Compromised 1.1 Million Accounts Crypto Firm Pulls the Rug from Under Investors with $10m Scam Man Pleads Guilty to $50m Investment Fraud Scheme
Tweet of the Week (43:15) https://twitter.com/avrovulcanxh607/status/1445102818348699746 Ceefax replica goes TITSUP* as folk pine for simpler times But creator runs server from home – we can forgive him A young man who would have been around 10 when the plug was pulled on Ceefax has recreated the BBC's teletext information service online, replete with a digital remote control to punch in the number of your choice.
The joke that Jav didn't understand: Come on! Like and bloody well subscribe! | |||
| Episode 86 - The Oh So Christmas Special | 17 Dec 2021 | 00:50:23 | |
This Week in InfoSec With content liberated from the “today in infosec” twitter account 16th December 1988: 25-year-old computer hacker Kevin Mitnick was charged for crimes including theft of software from DEC (Digital Equipment Corporation), including VMS source code and allegedly causing $4 million in damages to DEC. Ex-Computer Whiz Kid Held on New Fraud Counts https://twitter.com/todayininfosec/status/1471639991008825344 15th December 1994: Netscape Communications Corporation releases Netscape Navigator 1.0, the world’s first commercially developed web browser, although this particular version was free for non-commercial use. 15th December 1995: Developed by researchers at Digital Equipment Research Laboratories, the AltaVista search engine is launched. It was the first worldwide web search service to gain significant popularity. One of the most popular search engines in the early world wide web, Google didn’t overtake AltaVista until 2001. AltaVista was eventually purchased by Yahoo! in 2003.
Rant of the Week (15:49) Thom starts but quickly hands the baton Jav who takes a clear lead on this weeks rant... about Andy. This is Andy's response: Songs that build up tension and stumble forward: Songs that skip a beat
Billy Big Balls of the Week (21:34) National Lottery scratch card fraud: Men jailed over £4m jackpot claim I talk about the time Thom went solo with (TL)2 ventures and highlights how going solo is a brave move for someone in a cushy CISO job.
Industry News (28:23) Hackers Target India’s Prime Minister “Worst-Case Scenario” Log4j Exploits Travel the Globe Christmas Payroll Fears After Ransomware Hits Software Provider Grindr Fined €6.5m for Selling User Data Without Explicit Consent Log4j Looms Large Over Patch Tuesday France Orders Clearview AI to Delete Data Regulator: Venues Must Protect User Privacy During #COVID19 Checks All Change at the Top as New Ransomware Groups Emerge US and Australia Enter CLOUD Act Agreement
Tweet of the Week ( 38:09) https://twitter.com/GeekChickUK/status/541242616407687168?s=20 Come on! Like and bloody well subscribe! | |||
| Episode 85 - The Not So Christmas Special | 10 Dec 2021 | 00:51:09 | |
This Week in InfoSec (11:46) With content liberated from the “today in infosec” Twitter account 7th December 1999: The Recording Industry Association of America sues the peer-to-peer file sharing service Napster alleging copyright infringement for allowing users to download copyrighted music for free. The RIAA would eventually win injunctions against Napster forcing the service to suspend operations and eventually file bankruptcy. In the end the RIAA and its members would settle with Napster’s financial backers for hundreds of millions of dollars. How The Founder of Napster Trolled Metallica at the VMAs Shawn Fanning at the MTV Video Music Awards in 2000
December 2009, when Yahoo! Doesn't Want You To Know Its Spying Price List; Issues DMCA Takedown Compliance Guide for Law Enforcement
Rant of the Week (22:37) The vice president should not be using Bluetooth headphones This week, Politico opened its newsletter with an article on Vice President Kamala Harris’ aversion to using Bluetooth headphones. The VP was “Bluetooth-phobic,” the story claimed, “wary” of her AirPods and cautious with her technology use to an extent former aides described as “a bit paranoid.” Proof could be seen in her televised appearances: wires dangling from her ears in an interview with MSNBC’s Joy Reid or clutched in her hand during the famous “We did it, Joe” call. But for a high-profile public official, this is a lot more reasonable than you might think. As security researchers were quick to point out, Bluetooth has a number of well-documented vulnerabilities that could be exploited if a bad actor wanted to hack, say, the second most powerful person in the US government.
Billy Big Balls of the Week Feds charge two men with claiming ownership of others' songs to steal YouTube royalty payments Alleged scheme said to have netted $20m since 2017 "Batista and Teran perpetrated their fraud by falsely representing to Y.T. [YouTube] and to A.R., an intermediate company responsible for enforcing their music library, that they were the owners of a wide swath of music and that they were entitled to collect any resulting royalty payments." The government claims that around April, 2017, two men, through their company MediaMuv, LLC, entered into a contract with A.R., which administers and distributes YouTube royalty payments, claiming to control a 50,000 song catalog of music. They subsequently sent the corresponding song files to A.R., which in turn uploaded the files to YouTube, the indictment claims. The court filing cites as an example the song "Viernes Sin Tu Amor," which A.R. is said to have uploaded to YouTube in 2017 and has earned around $24,000 in royalty payments since then. This was allegedly done for numerous songs, with A.R. eventually, at the direction of the MediaMuv, writing to YouTube "to bulk clear potential copyright conflicts from MediaMuv's entire music catalog."
Industry News (36:28) Nine State Department Phones Hijacked by Spyware Cyber-attack Closes UK Convenience Stores French Transport Giant Exposes 57,000 Employees and Source Code Hotel Guests Locked Out of Rooms After Ransomware Attack Passports Now Most Attacked Form of ID IT Execs Half as Likely to Face the Axe After Breaches Most Phishing Pages are Short-lived Half of Websites Still Using Legacy Crypto Keys
Tweet of the Week (44:08) https://twitter.com/TJ_Null/status/1469006847449440262 https://twitter.com/johnjhacking/status/1468860997272174594 Come on! Like and bloody well subscribe! | |||
| Episode 84 - The New Tiger King | 03 Dec 2021 | 00:38:20 | |
This Week in InfoSec (06:57) With content liberated from the “today in infosec” twitter account 4th December 2013: Troy Hunt launched the site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. https://twitter.com/todayininfosec/status/1335020238765744129 1st December 1996: America Online launches a new subscription plan offering their subscribers unlimited dial-up Internet access for $19.95/month. Previously, AOL charged $9.95/month for 5 hours of usage. The new plan brought in over one million new customers to AOL within weeks and daily usage doubled among subscribers (to a whole 32 minutes per day!).
Billy Big Balls of the Week (16:06)
Industry News (21:15) Clearview AI to be Fined $22.6m for Breaching UK Data Protection Laws Cyber Essentials Set for Major Update in 2022 Texas School District to Scan Children's Devices MI6 Boss: Digital Attack Surface Growing "Exponentially" Organizations Now Have 76 Security Tools to Manage Twitter to Remove Private Media Russian Bulletproof Hosting Kingpin Gets Five Years Police Arrest 1800 in Major Money Laundering Crackdown Phishing Scam Targets Military Families
Tweets of the Week (29:50) https://twitter.com/j_opdenakker/status/1466380453036838913 https://twitter.com/bettersafetynet/status/1466460853105053699
Come on! Like and bloody well subscribe! | |||
| Episode 83 - The Super Spreader Amateur Hour | 26 Nov 2021 | 00:49:56 | |
This Week in InfoSec (11:00) With content liberated from the “today in infosec” Twitter account 23rd November 2011: It was reported that Apple took over 3 years to fix the iTunes installer vulnerability which the FinFisher remote spying Trojan exploited. Apple Took 3+ Years to Fix FinFisher Trojan Hole https://twitter.com/todayininfosec/status/1331028461612392448 20th November 2000: eBay cancelled a listing for Kevin Mitnick's Bureau of Prisons inmate ID card due to uncertainty about his right to sell it. This was after an initial claim it was a prohibition from committing a "violent felony" and profiting from it. eBay pulls Kevin Mitnick trinkets: Taking a firm stand against "violent felons" https://twitter.com/todayininfosec/status/1329940298399703042
Rant of the Week (18:50) GoDaddy has admitted to America's financial watchdog that one or more miscreants broke into its systems and potentially accessed a huge amount of customer data, from email addresses to SSL private keys. In a filing on Monday to the SEC, the internet giant said that on November 17 it discovered an "unauthorized third-party" had been roaming around part of its Managed WordPress service, which essentially stores and hosts people's websites. GoDaddy’s chief information security officer Demetrius Comes said his company "immediately began an investigation with the help of an IT forensics firm and contacted law enforcement." Those infosec sleuths, we're told, found evidence that an intruder had been inside part of GoDaddy's website provisioning system, described by Comes as a "legacy code base," since September 6, gaining access using a "compromised password." GoDaddy’s latest rebranding is a break from its sexist past
Billy Big Balls of the Week (28:36) Huge fines and a ban on default passwords in new UK law The government has introduced new legislation to protect smart devices in people's homes from being hacked. Recent research from consumer watchdog Which? suggested homes filled with smart devices could be exposed to more than 12,000 attacks in a single week. Default passwords for internet-connected devices will be banned, and firms which do not comply will face huge fines.
Industry News (34:36) Sky Slow to Fix Bug in Routers Teen Accused of Stealing Bitcoin Worth $36.5M Multiple Bugs Enable Eavesdropping on 37% of Android Phones Apple Sues “State-Sponsored” Spyware Firm NSO Group Malicious JavaScript Loader is a Multi-RAT Dispenser YouTube Live Crypto Scams Made Nearly $9m in October UK Introduces New Cybersecurity Legislation for IoT Devices Ukrainian Cops Bust Mobile Device Hacking Group
Tweet of the Week (43:09) https://twitter.com/sociosploit/status/1462440968658079763 https://twitter.com/Raspberry_Pi/status/1463803587180511233?s=20 Come on! Like and bloody well subscribe! | |||
| Episode 82 - The Irishman | 19 Nov 2021 | 00:44:39 | |
IRISSCON - https://www.iriss.ie/
This week in Infosec (12:19) With content liberated from the “today in infosec” twitter account 15th November 1994: The earliest known example of the Good Times email hoax virus was posted to the TECH-LAW mailing list. Variants of the hoax spread for several years. In 1997, Cult of the Dead Cow (cDc) claimed responsibility for initiating the hoax. https://twitter.com/todayininfosec/status/1195353643857391623 12th November 2012: John McAfee went into hiding because his neighbor Gregory Faull was found dead from a gunshot the day before. Belize police wanted McAfee to come in for questioning, but McAfee stated the police were “out to get him”. John McAfee hiding from police after businessman's murder in Belize https://twitter.com/todayininfosec/status/1326993312247656451
The Box © Charlie Langford
Rant of the Week (18:52) Amazon tells folks it will stop accepting UK Visa credit cards via weird empty email How will you be able to buy things you can't afford now? Amazon has confirmed it will no longer accept payment via Visa credit cards issued in the United Kingdom after several Reg readers wrote in complaining of a cryptic message they'd been sent this morning. The online sales giant has indicated the move was "due to the high fees Visa charges for processing credit card transactions."
Billy Big Balls of the Week (26:22) New Memento ransomware switches to WinRar after failing at encryption (The embodiment of: Improvise, adapt, overcome) A new ransomware group called Memento takes the unusual approach of locking files inside password-protected archives after their encryption method kept being detected by security software.
Industry News (33:15) FBI Fixes Misconfigured Server After Hoax Email Alert Cryptojackers Disable Alibaba Cloud Security Agent China Telecom Appeals Against US Ban Emotet is Rebuilding its Botnet Ghostwriter Disinformation Operation Linked to Belarus US to Sell $56m in Seized Crypto-Currency Threat Actors Discuss Leasing Zero-Day Exploits China's APT41 Manages Library of Breached Certificates Russian Cybercrime Forums Open Doors to Chinese-Speakers
Tweet of the Week (39:15) https://twitter.com/benawad/status/1460738174783791105 Come on! Like and bloody well subscribe! | |||
| Episode 188 The Don't Mention The Name Episode | 01 Apr 2024 | 00:46:41 | |
This week in InfoSec (07:32) With content liberated from the “today in infosec” twitter account and further afield 20th March 2007: Dragos Ruiu announced the first Pwn2Own contest, which was held that April in Vancouver, Canada. The contest is still being held today - and in fact Pwn2Own Vancouver 2024 started today. https://twitter.com/todayininfosec/status/1770592695255249038 16th March 1971: The first computer virus, Creeper, infected computers on the ARPANET, displaying "I'M THE CREEPER : CATCH ME IF YOU CAN." It was named after the Creeper - a villain from a 1970 episode of the TV series "Scooby-Doo, Where Are You!" https://twitter.com/todayininfosec/status/1768973007555375317
Rant of the Week (14:29) Majority of Americans now use ad blockers More than half of Americans are using ad blocking software, and among advertising, programming, and security professionals that fraction is more like two-thirds to three-quarters. According to a survey of 2,000 Americans conducted by research firm Censuswide, on behalf of Ghostery, a maker of software to block ads and online tracking, 52 percent of Americans now use an ad blocker, up from 34 percent according to 2022 Statista data.
Billy Big Balls of the Week (23:01)
Two executives were issued arrest warrants in Japan on Wednesday, reportedly for charges related to establishing a business that outsourced work to North Korean IT engineers. At least one of the individuals – a 53 year old named Pak Hyon-il – is a South Korean national. His alleged accomplice, 42-year old Toshiron Minomo, is Japanese and once worked for Hyon-il, according to local media. Pak served as president of Fuchu-based IT firm ITZ, while Minomo was the head of Fukuyama-based Robast.
Industry News (29:09) UK Blames China for 2021 Hack Targeting Millions of Voters' Data Fake Ozempic Deals on the Rise as Experts Warn of Phishing Scams Portugal Forces Sam Altman's Worldcoin to Stop Collecting Biometric Data Only 5% of Boards Have Cybersecurity Expertise, Despite Financial Benefits UK Law Enforcers Arrest 400 in Major Fraud Crackdown Chinese Hackers Target ASEAN Entities in Espionage Campaign NHS Trust Confirms Clinical Data Leaked by “Recognized Ransomware Group” US Treasury Urges Financial Sector to Address AI Cybersecurity Threats CISA Launches New Cyber Incident Reporting Rules for US Defense Contractors
Tweet of the Week (40:52) https://twitter.com/bettersafetynet/status/1773626490384511113 Come on! Like and bloody well subscribe! | |||
| Episode 81 - Thom AI ver 2 | 12 Nov 2021 | 00:41:07 | |
This Week in InfoSec (09:55) With content liberated from the “today in infosec” twitter account 10th November 1983: At a security seminar, Len Adleman used "virus" in connection with self-replicating computer programs. Afterwards, use of the term took off. But it wasn't the first use of "virus" in this way - the 1973 movie "Westworld" used it to describe malfunctions spreading in robots. https://twitter.com/todayininfosec/status/1193706921733189632
Rant of the Week (14:24) EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms According to the report, Outpost24's "2021 Web Application Security for Healthcare," EU pharmaceutical businesses often run large numbers of web applications and 3.3% of those scanned by the firm are deemed "suspicious," including open test environments that should have been closed. In addition, 18% of organizations analyzed are using outdated, unpatched web components that contain known vulnerabilities. US healthcare organizations have roughly the same amount of suspicious apps in operation but tend to run far fewer apps on the whole -- however, 23.74% of them are outdated. Over 200 EU pharmaceutical application forms noted in the report are operating without encryption, which puts users at risk of both the interception and theft of their information online. Outpost24 said that basic SSL failures, privacy policy misconfigurations, and cookie settings also feature as common security and compliance problems. The damage a cyberattack can cause a healthcare or pharmaceutical company can be severe. The COVID-19 pandemic put a target on the back of many of these organizations, with an Oxford University lab with COVID-19 research links and the UK Research and Innovation organization being only two examples of recent victims of incidents leading to data theft and disruption.
Billy Big Balls of the Week (21:18) Hack leaves fertility clinic medical data at risk The Lister Fertility Clinic said the firm, which it used for scanning medical records, had been "hacked" by a"cyber-gang", in a letter sent to about 1,700 patients.
Industry News (27:32) Ukraine Unmasks Armageddon Group as FSB Officers Facial Recognition Firm Could Be Ordered to "Close" in UK, Warn Experts One in Three Workers Monitored by Their Employers Robinhood Data Breach Hits Seven Million Customers US to Charge Suspects Over Kaseya Ransomware Attack Class Action Against Google Blocked Scam PACs Allegedly Stole $3.5m from Trump Voters Researchers Uncover Prolific Hacker-for-Hire Group
Tweet of the Week (35:44) https://twitter.com/bcmerchant/status/1457849195738451975 https://twitter.com/sherrod_im/status/1458460638561382401 Come on! Like and bloody well subscribe! | |||
| Episode 80 - The Thom Langford A.I. | 05 Nov 2021 | 00:36:40 | |
This week in infosec With content liberated from the “today in infosec” twitter account Honourable mention for the Morris Worm
https://twitter.com/todayininfosec/status/1323807889425895424
Adobe breach THIRTEEN times worse than thought, 38 million users affected https://twitter.com/todayininfosec/status/1323807889425895424 Rant of the week Cisco fixes hard-coded credentials and default SSH key issues Billy big balls These Parents Built a School App. Then the City Called the Cops Stockholm’s official app was a disaster. So annoyed parents built their own open source version—ignoring warnings that it might be illegal. [INDUSTRY NEWS] Cops Receive Stalkerware Training Conti Group Leak Celebs' Data After Ransom Attack on Jeweller Venmo to Reimburse Hacking Victims BlackMatter Group Speeds Up Data Theft with New Tool Student Loans Company Dismissals Highlight Insider Risk NSO Group Blacklisted by US for Trade in Spyware Cyber-Incident Impacts UK Labour Party #SecTorCa: Jeff Moss Defines the Role of Hacking Threat Actor Claims 'Groove' Ransomware Gang Was Hoax Tweet of the week https://twitter.com/summer__heidi/status/1456099556622364672 Come on! Like and bloody well subscribe! | |||
| Episode 79 - Is it a bird a plane or JavMan? | 29 Oct 2021 | 00:46:46 | |
This Week in InfoSec (08:13) With content liberated from the “today in infosec” Twitter account 29th October 1969: The first message sent over the ARPANET was from Leonard Kleinrock’s UCLA computer, sent by student programmer Charley Kline at 10:30 PM to the second node at Stanford Research Institute’s computer in Menlo Park, California. The message was simply "Lo." But not on purpose. Charley Kline Sends the First Message Over the ARPANET from Leonard Kleinrock's Computer https://twitter.com/todayininfosec/status/1321861878985953282 25th October 2008: A 43-year-old woman in Japan was arrested after she hacked into the computer of the man she'd married in the online game MapleStory and erased his carefully constructed digital character after their relationship curdled. Woman faces jail for hacking her virtual husband to death https://twitter.com/todayininfosec/status/1320513559500128257
Rant of the Week (18:18) Why You Should Delete Your Facebook App A stark new warning for almost all iPhone users, as Facebook is suddenly caught “secretly” harvesting sensitive data without anyone realizing. And worse, there’s no way to stop this especially invasive tracking other than by deleting the app.
Billy Big Balls of the Week (27:15) Teen bought Google ad for his scam website and made 48 Bitcoins duping UK online shoppers The schoolboy set up a website impersonating gift voucher site Love2Shop. Having done that he then bought Google ads which resulted in his fake site appearing above the real one in search results.
Industry News (34:03) Government Agents Compromise REvil Backups to Force Group Offline Halloween Horror-Show for Candy-Maker Hit by Ransomware New Cybersecurity World Record Set Tesco App and Website Back Online After Cyber Incident BlackMatter Bug Saved Victims Millions in Ransom Payments Study Coordinator Falsified Clinical Trial Data EC-Council Offers Free Cybersecurity Training Ofcom's Scam Call-Blocking Plan Could Save Consumers Millions North Korean Lazarus APT Targets Software Supply Chain
Tweet of the week (41:28) https://twitter.com/coriplusplus/status/1453483418944159748 https://twitter.com/MegabitMeghan/status/1453398057312215042 Come on! Like and bloody well subscribe! | |||
| Episode 78 - A Record Breaking Breaking Episode | 22 Oct 2021 | 00:56:12 | |
This Week in InfoSec (13:03) With content liberated from the “today in infosec” Twitter account 20th October 1996: Twenty-five years ago today. Happy birthday, Ping of Death. https://twitter.com/ajMSFT/status/1450833383597043713?s=20 15th October 1985: 50 FBI agents raided more than 20 homes, seizing 25 personal computers (mostly Commodore 64s) after a group of at least 23 teenagers in San Diego County remotely broke into Chase Manhattan Bank computer systems that July and August. CHASE COMPUTER RAIDED BY YOUTHS https://twitter.com/todayininfosec/status/1184283049204174849
On the Group Chat (20:27) From @maxsec friend of the show: Cybercrime gang sets up fake company to hire security experts to aid in ransomware attacks https://twitter.com/campuscodi/status/1451241038908121099
Billy Big Balls of the Week (29:04) https://twitter.com/ImposeCost/status/1449738212696641538?s=20
Industry News (36:50) US Treasury Tracks $5.2bn of Ransomware Transactions in Six Months Twitch: No Passwords Were Taken in Data Breach UK in Midst of $200m Crypto Fraud Epidemic Apple iCloud Hacker Steals Nudes LightBasin Operation Compromises 13 Global Telcos in Two Years Microsoft, Intel and Goldman Sachs Team Up For New Supply Chain Security Initiative Twitter Pulls Account After Argentinian Mega Breach Claims Data Scrapers Expose 2.6 Million Instagram and TikTok Users US to Ban Export of Hacking Tools to Authoritarian States
Tweet of the Week (46:02) https://twitter.com/ElJefeDSecurIT/status/1451232980463075332 Come on! Like and bloody well subscribe! | |||
| Episode 77 - An Analogy Wrapped in an Inception Surrounded by Idiots | 15 Oct 2021 | 00:51:25 | |
This Week in Infosec With content liberated from the “today in infosec” twitter account 13th October 1999: An episode of the "True Life" documentary series titled "I'm a Hacker" aired on MTV. Afterwards one of the hackers featured on the show, Shamrock, issued a statement revealing that the whole thing was a hoax to dupe MTV. D'oh MTV made to look ridiculous by fake hacker True Life 'I'm a Hacker' 1 of 2 True Life ‘I’m a Hacker’ 2 of 2 https://twitter.com/todayininfosec/status/1316187816540413953 9th October 1999: A year after Staples launched its website, it was compromised. Add malicious code? Nope. Deface with a political message. No. Redirect to a porn site? Nah. Then what!? Advertisements were added which led to one of its competitors, Office Depot. https://twitter.com/todayininfosec/status/1314710023931559937
As Seen on Reddit Superlative levels of TechBro shithousery in the technical recruitment zone of San Francisco
Billy Big Balls of the Week Fraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police Find AI voice cloning is used in a huge heist in the U.A.E., according to Dubai investigators, amidst warnings about cybercriminal use of the new technology.
Industry News NatWest Pleads Guilty in £400m Money Laundering Case Brewer's Token Gaffe Causes Massive PII Breach Couple Arrested Over Sale of Nuclear Secrets Android Phones Sharing Significant User Data Without Opt-Outs NCSC CEO: Ransomware the "Most Immediate Threat" Facing UK Businesses Ghanaian Women Cautioned Against Sharing Nudes Crypto Romance Scam Drains $1.4M Financial Regulator Warns of Hybrid Working Security Risks Met Police Loses 2280 Electronic Devices in Last Two Years
As Seen on TikTok The Ron Burgandy of British "politics" Nigel Farage promoting drug dealers
The Box © Charlie Langford charlie@clmediagroup.com for all of your video and sound production and postproduction needs. Come on! Like and bloody well subscribe! | |||
| Episode 76 - Our Best Episode Ever | 08 Oct 2021 | 00:49:32 | |
This Week in InfoSec (08:01) With content liberated from the “today in infosec” Twitter account 8th September 2009: FBI director Robert Mueller disclosed that his wife banned him from banking online after he nearly fell for an email phishing scam. Wife bans FBI head from online banking https://twitter.com/todayininfosec/status/1314002293226905600 3rd October 2017: A week after he retired as the result of Equifax's data breach, former CEO Richard F. Smith told members of Congress one person in the IT department was at fault. Equifax Breach Caused by Lone Employee’s Error, Former C.E.O. Says How the Equifax hack happened, and what still needs to be done https://twitter.com/todayininfosec/status/1312589059559170050
Rant of the Week (16:35) IKEA: Cameras were hidden in the ceiling above warehouse toilets for 'health and safety' IKEA has removed hidden security cameras from its warehouse in Peterborough, England, after an employee spotted one in the ceiling void while using the toilet.
As Seen on TikTok (24:59) Facebook rendered spineless by buggy audit code that missed catastrophic network config error Facebook has admitted buggy auditing code was at the core of Tuesday’s six-hour outage – and revealed a little more about its infrastructure to explain how it vanished from the internet. As described by rey.nbows on TIK TOK
Industry News (34:18) Facebook Whistleblower to Testify Before Senate Pandora Spills Secrets of Super Rich DeepMind Technologies Sued Over Data Sharing Facebook Blames Global Outage on Configuration Error Text Message Giant Reveals Five-Year Breach Squid Game Scenes Cut Over Data Exposure NCSC: Revoke Admin Access for BYOD Users Immediately Infosec Experts: Twitch Breach “As Bad as it Gets” US Creates National Cryptocurrency Enforcement Team
Tweet of the Week (42:42) https://twitter.com/cybersecstu/status/1446104732578328583 https://twitter.com/SmashinSecurity/status/1445520598017314826
The Box © Charlie Langford Come on! Like and bloody well subscribe! | |||
| Episode 75 - The Old Men of InfoSec | 01 Oct 2021 | 00:51:38 | |
Jav's Record Breakers 14th October
This week in Infosec With content liberated from the “today in infosec” Twitter account 27th September 2001: Jan de Wit was sentenced to 150 hours of community service in the Netherlands for creating and spreading the Anna Kournikova virus. It was one of the first of the major viruses created from a virus toolkit - the dawn of cybercrime toolkits. Kournikova virus kiddie gets 150 hours community service https://twitter.com/todayininfosec/status/1177772557077843968 27th September 1998: On this day in 1998: Google launches 8 Search Engines That Rocked Before Google Even Existed https://twitter.com/JonErlichman/status/1442432706877399049?s=20
Rant of the Week Secure those Macs: Apple must step up and support older machines For the good of the planet and the safety of its users, it's time for Apple to step up and support its older machines.
Billy big Balls of the Week Mr Gox
Industry News EU Slams Russia Over Disinformation Hacking Campaign Huawei CFO Released After Admitting She Misled Bank Computer Scientist Jailed Over Dark Web Conspiracy Crypto Developer Pleads Guilty to North Korean Plot Canadian Vaccine Passport App Exposes Data SolarWinds Attackers Develop New FoggyWeb Backdoor Vulnerability Exposes iPhone Users to Payment Fraud Scammers Capitalize on Release of New Bond Movie Cyber Second Only to Climate Change as Biggest Global Risk
Tweet of the Week https://twitter.com/csoandy/status/1442501996750118915?s=20 https://twitter.com/dcuthbert/status/1442821545047601163?s=20
"The Boc" © Charlie Langford Come on! Like and bloody well subscribe! | |||
| Episode 74 - Was it me or was it a long week? | 24 Sep 2021 | 00:47:02 | |
This Week in InfoSec (04:56) With content liberated from the “today in infosec” Twitter account
Sustaining Digital Certificate Security https://twitter.com/todayininfosec/status/1439388653264965638 20th September 1996: An email began spreading about a destructive virus named Irina. Some virus nerd called Graham Cluley discovered it was a hoax "marketing ploy" from Penguin Books. https://twitter.com/todayininfosec/status/1307862674387144705
The Box © Charlie Langford
Rant of the Week (12:55) Investigation launched after MoD email blunder
Billy Big Balls of the Week (20:55) Tick, tick, tick … TikTok China just limited kids to 40 minutes' use each day
Industry News (34:17) Experts Concerned Over New Digital Secretary's Lack of Cyber Knowledge Romance Scammers Make $133m in First Half of 2021 Former IT Exec Pleads Guilty to Insider Trading Conspiracy Data of 106 Million Visitors to Thailand Breached European Police Bust €10m Mafia Fraud Ring Prison for AT&T Phone-Unlocking Fraudster Afghan Interpreters' Data Exposed in MoD Breach Half of Web Owners Don't Know if Their Site Has Been AttackedUS Eye-Care Providers Report Data Breaches
Tweet of the Week (41:43) https://twitter.com/aprivateguy/status/1441091095471874053?s=20 https://twitter.com/ReverseICS/status/1441048111292506112 And just for Andy... https://twitter.com/AlyssaM_InfoSec/status/1441135546961563649?s=20 Come on! Like and bloody well subscribe! | |||
| Judas Priest! It's The Triple Crown! | 17 Sep 2021 | 00:42:02 | |
This Week in InfoSec (04:09) With content liberated from the “today in infosec” twitter account 16th September 2008: 20-year-old David Kernell compromised the Yahoo! email account of US vice presidential candidate Sarah Palin, then posted her emails to 4chan. 2 years later he was found guilty and sentenced to a year in prison. At age 30 he died of complications related to MS. Student convicted of hacking Sarah Palin e-mail account https://twitter.com/todayininfosec/status/1306360597915865097 9th September 2015: The security of 300 million travel locks was compromised after 3-D printing files were posted online. Then again, these travel locks never were particularly secure. Lockpickers 3-D Print TSA Master Luggage Keys From Leaked Photos https://twitter.com/todayininfosec/status/1303847394556219392
Tweet of the Week (13:06) https://twitter.com/yolkfolk_com/status/1438580784294735875
Sticky Pickle of the Week (18:16) Sticky Pickle of the Week is the part of the show where everyone chooses something that they like. It could be a funny story, a book they’ve read, a TV show, movie, record, a podcast, a website, or an app, whatever they like. It doesn’t have to be security-related necessarily. Better not be! Brits open doors for tech-enabled fraudsters because they 'don't want to seem rude' Brits are too polite to tell phone scammers to "get stuffed", "take a hike" or "sling yer 'ook" when they impersonate so-called "trusted organisations" such as banks. That's according to the trade association UK Finance, which found that the number of "impersonation scam cases" more than doubled in the first half of 2021 to 33,115 – up from 14,947 during the same period last year. That is a Sticky Pickle It's time to delete that hunter2 password from your Microsoft account, says IT giant From this week, Microsoft won't require you, or your password manager, to come up with strings of letters, numbers, and special characters forming a silly sentence or a reconfiguration of an ex’s name and birthday to access the Windows giant's services. That is to say, you can delete the password from your Microsoft account, and login using the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your cellphone or email inbox. (Last year, Redmond said SMS codes were unsafe for authentication, we note.) That is a Sticky Pickle A couple of ransomware gangs have threatened to start deleting files if targeted companies call in professional negotiators to help lower prices for decryption tools. Grief Corp is the latest criminal crew to warn its victims with instant data destruction if it suspects a mark has engaged a mediator. In a statement posted to its Tor-hosted blog, Grief Corp said: "We wanna play a game. If we see professional negotiator from Recovery Company™ – we will just destroy the data. That is a Sticky Pickle
Industry News (31:16) Poland Extradites Alleged Botnet Operator to US UK Man Gets Five Years for Online Abuse Campaign WhatsApp to Roll Out Encrypted Backups US Locks Up Key Player in Nigerian Romance Scam Apple Releases Urgent Patch Following Discovery of Pegasus Spyware Massachusetts AG Launches Probe into T-Mobile Data Breach Microsoft Patches OMIGOD, MSHTML and PrintNightmare Bugs Americans Fined After Hacking for Foreign Government Household Names Hit with £500K Fine for Spamming Consumers
Tweet of the Week (38:05) https://twitter.com/snipeyhead/status/1437935968460304384?s=20 Come on! Like and bloody well subscribe! | |||
| Episode 72 - Better Late Than Never | 10 Sep 2021 | 00:46:58 | |
This Week in InfoSec (11:14) With content liberated from the “today in infosec” twitter account 5th September 1983: The term "hacker" was used by Newsweek, mainstream media's earliest known use of the term in the pejorative sense. The magazine's cover photo of 17-year-old 414s (hacker group) member Neal Patrick was captioned '414 "Hacker" Neal Patrick.'. ‘Hacker’ is used by mainstream media, September 5, 1983 https://twitter.com/todayininfosec/status/1302239152046563328 https://en.wikipedia.org/wiki/Phreaking_box
9th September 2001: Mark Curphey started OWASP (the Open Web Application Security Project). https://twitter.com/todayininfosec/status/1303830903987359744
Tweet of the Week (21:26) https://twitter.com/RSnake/status/1435989191414976512?s=20
Tweet of the Week (26:41) https://twitter.com/hanbandit/status/1436008564020088833
Industry News (31:55) FTC Bans Stalkerware App in Industry First Texan Accused of Cyber-Stalking and Murder Dies in Jail ICO Requests International Support to Tackle Cookie Pop-Ups Cybersecurity Student Scams Senior Out of $55K Stress and Burnout Affecting Majority of Cybersecurity Professionals Data Breach Lawsuit Against Sonic Will Proceed Berners-Lee Joins ProtonMail Following Privacy Debacle Security Now a "Thankless Task" For 80% of IT Teams
Tweet of the Week (40:01) https://twitter.com/hondanhon/status/1436027395115393024
The Box © Charlie Langford Come on! Like and bloody well subscribe! | |||
| Episode 187 - Mess of Trois | 17 Mar 2024 | 00:55:14 | |
This week in InfoSec (14:26) With content liberated from the “today in infosec” twitter account and further afield 7th March 2017: WikiLeaks began its new series of leaks on the U.S. Central Intelligence Agency (CIA). Code-named Vault 7 by WikiLeaks, it was the largest ever publication of confidential documents on the agency. https://twitter.com/todayininfosec/status/1765828993713090565 14th March 2013: Security journalist Brian Krebs was swatted when police responded to a spoofed 911 call claiming Russians had broken into his home and had shot his wife. One of several people who made the false report, Eric Taylor (aka Cosmo the God), was sentenced to probation in 2017. https://twitter.com/todayininfosec/status/1768253237260435814
Rant of the Week (21:38) US Congress goes bang, bang, on TikTok sale-or-ban plan The United States House of Representatives on Wednesday passed the Protecting Americans from Foreign Adversary Controlled Applications Act – a law aimed at forcing TikTok's Chinese parent ByteDance to sell the app's US operations or face the prospect of a ban. The bill names only TikTok as a "foreign adversary controlled application" and prohibits "Providing services to distribute, maintain, or update" the app – including by offering it for sale in an app store. Even updates to the app aren't allowed. If TikTok's US operations were locally owned and operated, none of the sanctions the bill mentions would be enforceable. And US lawmakers' fears that TikTok gives Beijing a way to gather intelligence and surveil citizens would be eased. [Related or coincidental? Or a BBB?] Former US Treasury secretary Steve Mnuchin thinking about buying TikTok On the heels of the US House of Representatives passing a TikTok ban bill, former US Treasury secretary and private equity mogul Steve Mnuchin is apparently thinking about buying the platform. Speaking to CNBC's pre-market team at Squawk Box, Mnuchin said he hoped the TikTok ban would pass in the Senate, forcing a sale of the platform to a US-based parent. "It's a great business and I'm going to put together a group to buy TikTok," Mnuchin told CNBC. Mnuchin didn't mention whether partners had been identified, or what phase the purchase was in.
Billy Big Balls of the Week (32:14)
The data privacy company Onerep.com bills itself as a Virginia-based service for helping people remove their personal information from almost 200 people-search websites. However, an investigation into the history of onerep.com finds this company is operating out of Belarus and Cyprus, and that its founder has launched dozens of people-search services over the years. Onerep’s “Protect” service starts at $8.33 per month for individuals and $15/mo for families, and promises to remove your personal information from nearly 200 people-search sites. Onerep also markets its service to companies seeking to offer their employees the ability to have their data continuously removed from people-search sites.
Industry News (41:21) UnitedHealth Sets Timeline to Restore Change Healthcare Systems After BlackCat Hit Russia’s Midnight Blizzard Accesses Microsoft Source Code Third-Party Breach and Missing MFA Contributed to British Library Cyber-Attack Lawmakers Slam UK Government’s “Ostrich Strategy” for Cybersecurity Google to Restrict Election-Related Answers on AI Chatbot Gemini Meta Sues Former VP After Defection to AI Startup Google Paid $10m in Bug Bounties to Security Researchers in 2023 French Employment Agency Data Breach Could Affect 43 Million People TikTok Faces US Ban as House Votes to Compel ByteDance to Sell
Tweet of the Week (50:29) https://twitter.com/andylapteff/status/1767952062279492006 Come on! Like and bloody well subscribe! | |||
| Episode 71 - Thank You For the Music | 03 Sep 2021 | 00:58:11 | |
This Week in InfoSec With content liberated from the “today in infosec” twitter account 1st September 1997: Nmap was first released as a simple port scanner via an article in issue 51 of Phrack magazine which included the source code. http://phrack.org/issues/51/11.html https://twitter.com/todayininfosec/status/1300864278497558528 31st August 2014: A user of the message board 4chan posted leaked photos of actress Jennifer Lawrence and numerous other celebrities. https://mashable.com/archive/celebrity-nude-photo-hack https://twitter.com/todayininfosec/status/1300537361676283905
Rant of the Week Guntrader site hacked and plotted onto Google Maps
Billy Big Balls of the Week Scam artists are recruiting English speakers for business email campaigns According to Intel 471, forums are now being used to seek out English speakers, in particular, to bring together teams able to manage both the technical aspects and social engineering elements of a BEC scam. If a scam is to succeed, the target employee must believe communication comes from a legitimate source -- and secondary language use, spelling mistakes, and grammatical issues could all be indicators that something isn't right, in the same way that run-of-the-mill spam often contains issues that alert recipients to attempted fraud. "Actors like those we witnessed are searching for native English speakers since North American and European markets are the primary targets of such scams," the researchers say. In addition, threat actors are also trying to recruit launderers to clean up the proceeds from BEC schemes, often achieved through cryptocurrency mixer and tumbler platforms. One advert spotted by the team asked for a service able to launder up to $250,000. "The BEC footprint on underground forums is not as large as other types of cybercrime, likely since many of the operational elements of BEC use targeted social engineering tactics and fraudulent domains, which do not typically require technical services or products that the underground offers," Intel 471 says. "[...] Criminals will use the underground for all types of schemes, as long as those forums remain a hotbed of skills that can make criminals money."
Industry News Bangkok Airways Admits Attackers Stole Passenger Data Microsoft Cloud Databases Exposed UK Government Considers New Regulations for Video Streaming Platforms Indonesians Told to Delete Unsecured Tracing App Victim of Cyber-Theft Sues Parents of Alleged Culprits Australian Couple Admits “Serious Cyber Hacking Offenses” WhatsApp Fined a Record €225m for GDPR Violations Sacked Employee Deletes 21GB of Credit Union Files UK Researchers Invent Device to Thwart USB Malware
Tweet of the Week https://twitter.com/JackRhysider/status/1433097343692324864 https://cybarrior.com/blog/2019/04/05/eagle-eye-reverse-lookup-tool-for-social-media-accounts/
"The Box" © Charlie Langford Come on! Like and bloody well subscribe! | |||
| Episode 70 - Two is the Magic number | 27 Aug 2021 | 00:59:21 | |
This week in Infosec (13:24) With content liberated from the “today in infosec” Twitter account 25th August 1991: Linux completes 30 years. It was on this date in 1991 that Linus Torvalds announced the first version. He actually wanted to call it as Freax, but his friend Ari Lemmke named it as Linux, which he accepted. Version 1.0 would later be released in March 1994. https://twitter.com/SadaaShree/status/1430415723856203777 2004: (a mere 17 years ago) The US Department of Justice (DOJ) announced the results of Operation Web Snare - the arrest or conviction of over 150 individuals involved in cybercrime. https://www.justice.gov/archive/opa/pr/2004/August/04_crm_583.htm
Rant of the Week (29:03) https://www.ncsc.gov.uk/blog-post/10-years-of-10-steps-to-cyber-security
Billy Big Balls of the Week (36:40) Iran official acknowledges videos of Evin prison abuse real Hackers are now leaking stolen CCTV from across the Evin prison to highlight the abuse of inmates
Industry News (45:35) Crunch Time for Liquid as Crypto Exchange Loses $97m to Hackers Man Gets Three Years for Stealing Nude Photos from College Victims Hackers Leak Footage of Iranian Prison Poly Network Hacker Returns Remaining Funds Time to Fix High Severity Apps Increases by Ten Days Drug Dealers Get 27 Years After Police Crack EncroChat Comms 70% of Cyber Pros Believe Cyber Insurance is Exacerbating Ransomware Angry Birds Developer Accused of Illegal Data Collection
Tweet of the Week (51:42) Charlatan - Frank W. Abagnale Jr. https://twitter.com/securityerrata/status/1429225280997142530 Come on! Like and bloody well subscribe! | |||
| Episode 69 - Think of a Number Bill and Ted | 20 Aug 2021 | 00:59:18 | |
This week in Infosec With content liberated from the “today in infosec” twitter account 14th August 2013: Affinity Health Plan was fined $1,215,780 for a HIPAA violation after a photocopier purchased by CBS for an investigatory report in 2010 revealed medical info. At $1.2M, photocopy breach proves costly https://twitter.com/todayininfosec/status/1294252352191565824 17th August 2005: Jason Smathers, a former employee of AOL, was sentenced to 15 months in prison for selling screen names and email addresses of 92 million users to spammers. Ex-AOL worker who stole e-mail list sentenced Jason Smathers: Internet Criminal https://twitter.com/todayininfosec/status/1295500512830394371
The Box incidental music © Charlie Langford
Rant of the Week You can post LinkedIn jobs as almost ANY employer — so can attackers Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of just about any employer—no verification needed. And worse, the employer cannot easily take these down. Now, that might be nothing new, but the feature and lax verification on career websites pave the ways for attackers to post bogus listings for malicious purposes. The attackers can, for example, use this social engineering tactic to collect personal information and resumes from professionals who believe they are applying to a legitimate company, without realizing their data may be sold or used for phishing scams.
Billy Big Balls of the Week Woman accessed ex-partner’s Alexa to torment his new girlfriend Philippa Copleston-Warren terrified love rival by using smart device to switch lights on and off and tell her to get out of the house Chelsea woman used Alexa to scold ex-lover’s new girlfriend A management consultant from west London accessed the Alexa device at her ex-boyfriend’s home from more than 100 miles away to tell his new partner to get out of the house. Philippa Copleston-Warren, 46, logged into an app linked to smart devices in the victim’s Lincolnshire home, and was able to see her ex’s new girlfriend on the property’s CCTV system. Prosecutors said Copleston-Warren was able to tell the woman “to get out” and used the app to turn the bedside lights on and off. At Isleworth crown court, Copelston-Warren admitted posting a naked photo of her ex-boyfriend on Facebook, accompanying it with the caption: “Do I look fat??? My daily question”. [That was this weeks BILLY BIG BALLS] [SEEN ON REDDIT] Thom: Antivaxers Think Their ‘Pure’ Semen Will Skyrocket in Value I’m going to retire as a “cum cow”
Industry News "Jigsaw Puzzle" Phishing Attacks Use Morse Code to Hide Cadbury Campaigns Against Cyber-bullying Misconfigured Server Leaks US Terror Watchlist Airline Employee Jailed for Spending Passengers’ Money T-Mobile: 49 Million Customers Hit by Data Breach JPMorgan Chase Notifies Customers of Data Breach Coin Ninja CEO Admits Operating Darknet Bitcoin Mixer Women Charged Over Sexually Exploitative Child Modeling Sites
Tweet of the Week https://twitter.com/Kaipo_Rozwolf/status/1428426623091724289 OnlyFans Will Ban Pornography Starting in October, Citing Need to Comply With Financial Partners
Come on! Like and bloody well subscribe! | |||
| Episode 68 - One More Show Until Dinner | 13 Aug 2021 | 00:59:58 | |
This Week in Infosec (14:29) With content liberated from the “today in infosec” Twitter account 10th August 2001: A Japanese woman, Kumiyo Kishi, was arrested for accessing her coworker's email account, then contacting the user's ISP to regain access after the coworker changed their password. Japan arrests woman for email snooping https://twitter.com/todayininfosec/status/1425123899474423811
7th August 2010: Terry Childs was sentenced to 4 years in prison for network tampering after refusing to hand over network passwords to his supervisor. He was later ordered to pay nearly $1.5 million in restitution. S.F. computer whiz Childs gets 4-year sentence Sorting out the facts in the Terry Childs case https://twitter.com/todayininfosec/status/1291377901456232448
Billy Big Balls of the Week (28:34) https://twitter.com/J4vv4D/status/1425381977482539008?s=20 My scooter was stolen last week. Unknown to the thief, I hid two Airtags inside it. I was able to use the Apple Find My network and UWB direction finding to recover the scooter today. Here’s how it all went down: - Dan Guido
Industry News (38:51) Disney Employees Among Those Arrested in Child Abuse Sting NCSC Sticks by 'Three Random Words' Strategy for Passwords Martial Arts Instructor Accused of Spying on Students Fraudsters Impersonate DPD in "Convincing" New Smishing Scam House of Commons (HoC) Beefs up Cyber Training Following Matt Hancock CCTV Leak Scandal Chinese Espionage Group UNC215 Targeted Israeli Government Networks Salesforce Communities Could Expose Business-Sensitive Information Over $600 Million Stolen in Biggest Ever Cryptocurrency Theft Accenture Tied Up in $50M Ransom Lockbit 2.0 Attack
Tweet of the Week (46:45) https://twitter.com/runasand/status/1423810127451365382?s=20 Looks like pornhub is always bending over backwards, doing far more than any other social media platform In a Huge Policy Shift, Pornhub Bans Unverified Uploads
The Box incidental music © Charlie Langford Come on! Like and bloody well subscribe! | |||
| Episode 67 - A Total Car Crash | 06 Aug 2021 | 00:58:52 | |
This Week in InfoSec (07:40) With content liberated from the “today in infosec” Twitter account 30th July 2013: Chelsea Manning (their name was Bradley Manning at the time) was found guilty of espionage, theft, and computer fraud, as well as military infractions. https://twitter.com/todayininfosec/status/1421171398656024587
3rd August 2007: Reporter Michelle Madigan (Associate Producer of Dateline NBC) went undercover at DEF CON with a hidden camera to try to get attendees to confess to crimes, was outed by @thedarktangent, and bolted from the venue chased by a pack of 150 people. Dateline Mole Allegedly at DefCon with Hidden Camera An undercover Dateline NBC reporter flees the Defcon (Video) https://twitter.com/todayininfosec/status/1422682529220472833
Rant of the Week (18:42)
Billy Big Balls of the Week (29:45) https://twitter.com/matthew_d_green/status/1423109002280513540?s=20
Industry News (41:04) US Seeks Espionage Retrial for Chinese Researcher Zoom Pays $85m to Settle Privacy Suit US Senate: Seven out of Eight Agencies Are Failing on Cyber Son Charged in Murder of Cybersecurity ‘Genius’ MoD Boosts Cyber-Resilience with Ethical Hacker Project Over 60 Million Americans Exposed Through Misconfigured Database Web Shells and Digital Extortion Drive Triple-Digit Growth in Cyber-Intrusions Decade-Old Router Bug Could Affect Millions of Devices Cybercrime Ransomware 'Ban' is No Match for Threat Actors
Tweet of the Week (54:52) https://twitter.com/iamdevloper/status/1423219304435228676?s=21
"The Box" Incidental Music ©Charlie Langford Come on! Like and bloody well subscribe! | |||
| Episode 66 - Our Time to Shine | 30 Jul 2021 | 00:59:58 | |
This week in Infosec (06:42) With content liberated from the “today in infosec” Twitter account 27th July 1979: The first edition of Computer Security was published. It was written by David K. Hsiao, Douglas S. Kerr, and Stuart E. Madnick. And to think, some of you probably are surprised there were computers in 1979, never mind computer security! https://twitter.com/todayininfosec/status/1420498414874370049
28th July 1997: Tfreak (Dan Moschuk) released his program, smurf, a decision he later regarded as questionable. Exactly one year after he retired smurf in 1997, Tfreak published (papa)smurf.c v5.0, a new hybrid DoS attack based on Smurf and Fraggle. (papa)smurf.c v5.0 - New hybrid DoS attack based on smurf and fraggle
Rant of the Week (23:23) https://twitter.com/shanselman/status/1420800992388415491
Billy Big Balls of the Week (32.25)
Industry News (40:40) Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attack ICO ends its involvement in dispute between NatWest Bank and data breach whistleblower eBay ex-security boss sent down for 18 months for cyber-stalking, witness tampering Israeli authorities investigate NSO Group over Pegasus spyware abuse claims Spam is Chipotle's secret ingredient: Marketing email hijacked to dish up malware
Tweet of the Week (55:24) https://twitter.com/bryanl/status/1420925333864386562 Come on! Like and bloody well subscribe! | |||
| Episode 65 - Its Too hot | 23 Jul 2021 | 00:59:55 | |
This week in Infosec (08:10) With content liberated from the “today in infosec” twitter account 16th July 2001: Russian programmer Dmitry Sklyarov was arrested the day after DEF CON for writing software to decrypt Adobe's e-book format. Charges against him were later dropped and the trial against his employer resulted in not guilty verdicts. https://twitter.com/todayininfosec/status/1416188118655459329
15th July 2011: Microsoft Hotmail announced that it would be banning very common passwords such as "123456" and "ilovecats". Weak Passwords Banned from Hotmail https://twitter.com/todayininfosec/status/1414330928537686021
Rant of the Week (24:29) Majority of Britons convinced their phones and smart speakers are listening without being prompted.
Billy Big Balls of the Week (33:48)
Industry News (43:05) Amnesty International and French media protection org claim massive misuse of NSO spyware Verified: UK.gov launching plans for yet another digital identity scheme Northern Train's ticketing system out to lunch as ransomware attack shuts down servers Journo who went to prison for 2 years for breaking US cyber-security law is jailed again Spanish cops cuff Brit bloke accused of playing role in 2020 celeb Twitter hijacking NSO Group 'will no longer be responding to inquiries' about misuse of its software China pushes back against Exchange attack sponsorship claims Thales launches payment card with onboard fingerprint scanner
Tweet of the Week (48:26) Tennessee Man Died After He Was 'Swatted' by People Targeting His Twitter Handle
https://twitter.com/ThomLangford/status/1416690928354463744 Come on! Like and bloody well subscribe! | |||
| Episode 64 - He's Baaaaaack! | 16 Jul 2021 | 00:59:15 | |
This week in Infosec (10.28) With content liberated from the “today in infosec” Twitter account 14th July 1998: Ethereal was first released publicly as version 0.2.0. Its creator, Gerald Combs, thought it was cool that Bob Metcalfe named Ethernet after luminiferous ether so he picked a name beginning with ether. Since 2006 the network protocol analyzer has been known as Wireshark. https://twitter.com/todayininfosec/status/1415384753713340417 11th July 2013: In the wake of revelations about the NSA's PRISM program, Jeff Moss (aka The Dark Tangent) asked feds not to attend DEF CON - the first time government employees were asked to stay away. https://twitter.com/todayininfosec/status/1414330928537686021
Billy Big Balls of the Week (17:39) Thousands of PS4s seized in Ukraine in illegal cryptocurrency mining sting
Tweet of the Week (27.57) FURY! at ICO doing their job for once. The ICO is robustly investigating the data leak of hidden camera footage of former Health Secretary Matt Hancock breaking his own isolation and distancing rules. https://www.theregister.com/2021/07/15/ico_matt_hancock_raids/ https://apple.news/AqkfgpuvFTd--l-z_bZRRmw
Industry News (42.35) Too many workers are still falling victim to phishing attacks Remote workers battle against a massive range of distractions Ransomware groups are looking for new recruits with solid negotiation skills SolarWinds rolls out another emergency patch as new attack vector emerges Almost half of companies do not have a proper security policy in place Employees in the dark over the importance of new digital technologies UK businesses are spending big on security, but drowning in false positives Traditional ransomware defenses are failing businesses Almost half of businesses reported to ICO since GDPR came into effect
Rant of the Week (50:40) Facebook adds 'expert' feature to groups Facebook is rolling out a way to designate topic "experts" inside user-run Facebook groups. The social network says the new feature is designed to help real experts "stand out" in discussions about their field of expertise. Group admins will have the power to give the title to nearly any member they want.
Incidental Music "The Box" © Charlie Langford Come on! Like and bloody well subscribe! | |||
| Episode 63 - The JavAndy Show | 09 Jul 2021 | 00:48:26 | |
This weeks show is 33% off but the content is still as average as ever! This week in Infosec - 3 mins 11 secs Billy Big Balls - 12 mins 49 secs Rant of the week - 20 mins 52 secs Industry News - 30 mins 56 secs Tweet of the week - 38 mins 20 secs
THIS WEEK IN INFOSEC With content liberated from the “today in infosec” twitter account
Cyberspace's Most Wanted: Hacker Eludes F.B.I. Pursuit
Fix found for net security flaw https://twitter.com/todayininfosec/status/1413206908882804739
BILLY BIG BALLS Ransomware-hit law firm gets court order asking crooks not to publish the data they stole Criminals break into your systems, they do the usual, exfiltrate data, deploy ransomware, and leave you nasty messages about how they pwned you while blackmailing you. However, New Square Ltd may have found a way to stop the criminals from capitalising on the data they have stolen by making it illegal for the criminals to release any of the stolen information.
RANT OF THE WEEK This TikTok Lawsuit Is Highlighting How AI Is Screwing Over Voice Actors Voice actors are rallying behind Bev Standing, who is alleging that TikTok acquired and replicated her voice using AI without her knowledge. At the center of this reckoning is voice actress Bev Standing, who is suing TikTok after alleging the company used her voice for its text-to-speech feature without compensation or consent. This is not the first case like this; voice actress Susan Bennett discovered that audio she recorded for another company was repurposed to be the voice of Siri after Apple launched the feature in 2011. She was paid for the initial recording session but not for being Siri. Find a job with TikTok Resumes
INDUSTRY NEWS REvil Group Demands $70 Million for 'Universal Decryptor' Suspected Cyber-Criminal "Dr Hex" Tracked Down Via Phishing Kit BA Settles with Data Breach Victims Biden Administration Cancels $10bn JEDI Contract Over 170 Scam Cryptomining Apps Charge for Non-Existent Services Regulator Probes Former Health Secretary's Use of Private Email Trump Sues Facebook, Google and Twitter New PrintNightmare Patch Can Be Bypassed, Say Researchers
TWEET OF THE WEEK https://twitter.com/sherrod_im/status/1412856171652861953 https://twitter.com/doctorow/status/1412923242273140736?s=20 Full story - Delivery Drivers Are Using Grey Market Apps to Make Their Jobs Suck Less Drivers are there virtually, using GPS-spoofing apps to position themselves right in the center of the McDonald's lot while they physically wait under nearby shelters. Using these unofficial apps, known as tuyul, drivers can set their GPS pins at the optimal location they would like orders from, without having to physically drive there.
And with that we leave you to enjoy the weekend! Come on! Like and bloody well subscribe! | |||
| Episode 62 - Bikini Bottom | 02 Jul 2021 | 01:01:19 | |
This Week in InfoSec (08:03) With content liberated from the “today in infosec” twitter account 30th June 1998: AOL confirmed a leaked spreadsheet containing info of 1,300 AOL community leaders had been stolen from an employee's account. Not around then? AOL was kind of a big deal - it bought Time Warner in 2000 and was worth $200 billion before imploding. https://www.cnet.com/news/aol-volunteer-list-hacked/ https://twitter.com/todayininfosec/status/1410396545896177668
Rant of the Week (22:15) via @rootsploit Cybersecurity Workers Flood Twitter With Bikini Pics to Protest Harassment Infosec Community Posts Solidarity Bikini Pics After Twitter Troll Outburst Cybersecurity professionals have come together on Twitter to show their support for an infosec worker who was trolled after posting a bikini pic. Coleen Shane, founder and chief engineer for InfoSec Bad Girls and Hacker Spring Camp, was astonished when an anonymous follower reacted angrily to the shot. The user, who follows over 200 infosec-related accounts, argued that there was "no warning" for the image, intimating that "otherwise respectable people" should not be doing such. Coleen's response was widely praised. "It's a bikini, and I'm a human being who is a lot more complicated than just Infosec - also I do whatever the hell I want, whenever the hell I want, however the hell I want. Adios," she tweeted. Communications company got their support for the movement (horribly) wrong by creating a calendar of the bikini photos (without consent) for people to download Their apology has gone as well as expected
Billy Big Balls of the Week (34:00) Ronald Ilg, 55, was arrested in April and is being charged in federal court for hiring a hitman over the internet to abduct his wife and imprison her in a "secure location" for a week, all the while dosing her with heroin. Dr Ilg apparently agreed to pay the would-be kidnapper in Bitcoin. The FBI traced the Bitcoin transaction, which led them to Dr Ilg's Coinbase account.
Industry News ( 41:41) World’s Largest E-tailers to be Investigated Over Fake Reviews US the Only Top Tier Cyber-power Sensitive Defense Documents Found at Bus Stop Pentagon CISO Suspected of Sharing Secrets Salvation Army Hit by Ransomware Attack Analyst Steals Millions by Spoofing Director PrintNightmare: Windows Zero-Day Accidentally Disclosed by Chinese Researchers New Charges Filed Against Alleged Capital One Hacker Putin Orders Twitter to Open Russian Office
Tweet of the Week (48:25) Teenagers are figuring out how to fake positive Covid tests using lemon juice and hacks from TikTok https://twitter.com/imbadatlife/status/1410526468577411072 Come on! Like and bloody well subscribe! | |||
| Episode 186 | 05 Mar 2024 | 00:40:14 | |
This week in InfoSec (06:53) With content liberated from the “today in infosec” twitter account and further afield 1st March 1988: The MS-DOS boot sector virus "Ping-Pong" was discovered at the Politecnico di Torino (Turin Polytechnic University) in Italy. The virus would show a small ball bouncing around the screen in both text mode (ASCII character "•") and graphical mode. https://twitter.com/todayininfosec/status/1763540406443163705 26th February 2004: Antivirus firm F-Secure apologized for sending the Netsky.B virus to 1000s of its UK customers & partners via a mailing list. The unknown sender sent it through the email list server, which didn't scan for viruses. And there was no business reason to accept external emails. https://twitter.com/todayininfosec/status/1762092359313936553
Rant of the Week (11:48) Meta's pay-or-consent model hides 'massive illegal data processing ops': lawsuit Consumer groups are filing legal complaints in the EU in a coordinated attempt to use data protection law to stop Meta from giving local users a "fake choice" between paying up and consenting to being profiled and tracked via data collection.
Billy Big Balls of the Week (20:16) Fox News 'hacker' turns out to be journalist whose lawyers say was doing his job A Florida journalist has been arrested and charged with breaking into protected computer systems in a case his lawyers say was less "hacking," more "good investigative journalism." Tim Burke was arrested on Thursday and charged with one count of conspiracy, six counts of accessing a protected computer without authorization, and seven counts of intercepting or disclosing wire, oral or electronic communications for his supposed role in the theft of unedited video streams from Fox News.
Industry News (27:48) UK Unveils Draft Cybersecurity Governance Code to Boost Business Resilience 34 Million Roblox Credentials Exposed on Dark Web in Three Years Biden Bans Mass Sale of Data to Hostile Nations US Government Warns Healthcare is Biggest Target for BlackCat Affiliates Savvy Seahorse Targets Investment Platforms With DNS Scams Pharma Giant Cencora Reports Cybersecurity Breach UK Home Office Breached Data Protection Law with Migrant Tracking Program, ICO Finds Five Eyes Warn of Ivanti Vulnerabilities Exploitation, Detection Tools Insufficient Biden Warns Chinese Cars Could Steal US Citizens' Data
Tweet of the Week (35:17) https://twitter.com/_FN8_/status/1762583435745402951 Come on! Like and bloody well subscribe! | |||
| Episode 61 - Hey Everybody Andy is Famous! | 25 Jun 2021 | 00:56:25 | |
This week in Infosec With content liberated from the “today in infosec” Twitter account 19th June 1987: The first Summercon hacker conference was held in St. Louis, Missouri and was run by the hacker zine Phrack. It's still going strong - the 33rd edition took place virtually last year with in-person attendance returning to NYC next month. https://hackstory.net/Summercon https://twitter.com/todayininfosec/status/1274065780288548864 20th June 2011: The earliest attack of Operation AntiSec was performed by LulzSec against the UK's Serious Organised Crime Agency. https://twitter.com/todayininfosec/status/1274498724786397184 Rant of the Week Ethics in Cybersecurity Marketing – Principles of Value Contribution EC-Council was recently discovered to be publishing blogs that were, in the opinion of a lawyer I spoke to, plagiarized from security and technology experts. One such work was my blog, “What is a Business Information Security Officer (BISO)”. What follows is a description of the events and what I believe needs to be done to correct this horrific trend. Alyssa Miller Duchess of Hackington @AlyssaM_InfoSec So I really want @ECCouncil to understand the damage they've done (a thread): EC-Council Deflects After Calls of Most Recent Plagiarism
Billy Big Balls of the Week “We got hacked and we'll be right back”, duo said ... two months ago. South African Brothers Vanish, and So Does $3.6 Billion in Bitcoin A Cape Town law firm hired by investors says they can’t locate the brothers and has reported the matter to the Hawks, an elite unit of the national police force. It’s also told crypto exchanges across the globe should any attempt be made to convert the digital coins. In the time the story first hit, to the time Forbes published it, the value of the haul had dropped significantly in line with the volatility we expect :) South African Brothers Disappear, Along With $2.2 Billion Worth Of Bitcoin
Industry News Novel Phishing Attack Abuses Google Drive and Docs Google Spices Up Supply Chain Security with SLSA Framework Nuclear Research Institute Breached by Suspected North Korean Hackers Finger Scanning Costs Six Flags $36m SEC Probes SolarWinds Breach Disclosure Failures NIST Publishes Ransomware Guidance Nuisance Call Company Fined £130,000 After Eight-Month Blitz Anti-virus Pioneer John McAfee Found Dead in Spanish Prison Cell Google Pushes Back Cookie Removal Plans to 2023
The John McAfee story How to uninstall McAfee anti-virus in his own words
Tweet of the Week https://twitter.com/ShootyDoody/status/1407684922786127873 Come on! Like and bloody well subscribe! | |||
| Episode 60 - Guaranteed Jav Free May Contain Nuts | 18 Jun 2021 | 00:59:38 | |
Artist - Carole Theriault
This week in Infosec With content liberated from the “today in infosec” Twitter account (and embellished by us 😉) 11th June 2008: Verizon released the first edition of its annual Data Breach Investigations Report (DBIR). Incidents are still a thing. Data breaches are still a thing. Some stuff has changed. Some hasn't. Time keeps on ticking. ¯_(ツ)_/¯ Verizon Business Releases Trailblazing Data-Breach Study Spanning 500 Forensic Investigations Analysis of the 2021 Verizon Data Breach Report (DBIR) https://twitter.com/todayininfosec/status/1271264648986124289 17th June 2010: The Stuxnet worm was first discovered by Sergey Ulasen at Belarusian antivirus software vendor VirusBlokAda. Announcement: http://anti-virus.by/en/tempo.shtml Interview with Sergey Ulasen in 2011: The Man Who Found Stuxnet – Sergey Ulasen in the Spotlight https://twitter.com/todayininfosec/status/1273501720723648512 Rant of the Week [Carole saves the show by having something prepared (even if it is from the cutting room floor of Smashing Security)] ICO watchdog 'deeply concerned' over live facial recognition https://www.bbc.co.uk/news/technology-57504717
Billy Big Balls of the Week Doctors and Scientists Are Fighting Vaccine Misinformation on TikTok The experts of the Team Halo initiative have taken to social media in order to combat falsehoods about COVID-19 and promote accurate vaccine science.
Industry News VW Vendor Leaves Data Unsecured IKEA Fined $1.2m for Spying on Employees Third of Staff Use Security Workarounds at Home IoT Supply Chain Bug Hits Millions of Cameras Most Ransomware Victims Are Hit Again After Paying Football Fever Puts Password Security at Risk Hackers Can Spy on Peloton Workouts Puzzling New Malware Blocks Access to Piracy Sites
Sticky Pickle of the Week A Neighbourly Pickle
Tweet of the Week https://twitter.com/InfosecMiles/status/1405194858965475328 Come on! Like and bloody well subscribe! | |||
| Episode 59 - We Voted For The Lazarus Heist | 11 Jun 2021 | 00:56:22 | |
This week in Infosec Liberated from the “today in infosec” Twitter account. 5th June 1991: Philip Zimmermann sent the first release of PGP to 2 friends, Allan Hoeltje and Kelly Goen, to upload to the Internet. Read his story about the release, including his disclosure of how little he understood about Usenet and what newsgroups even were. http://www.philzimmermann.com/EN/news/PGP_10thAnniversary.html https://twitter.com/todayininfosec/status/1269043313404862465 7th June 1989: The beta release of the Bourne Again SHell (Bash) was announced as version 0.99. 2 months later Shellshock was introduced into the Bash source code and persisted in subsequent versions for over 25 years. https://groups.google.com/g/gnu.announce/c/hvhlR1Vn1P0/m/NYwp-4_0CaUJ?pli=1 https://twitter.com/todayininfosec/status/1269788726156124160 https://twitter.com/todayininfosec/status/1270389947753627648
Rant of the Week There was widespread panic on Tuesday after a major Internet outage knocked dozens of websites offline. Amazon, Reddit and Twitch were all affected, as were the Guardian, the New York Times and the Financial Times. Additionally, the UK government website crashed – on the day that Britons aged 25–29 were invited to book their COVID-19 vaccines. Despite initial speculation that the outage was the result of a cyber attack – with ‘#cyberattack’ trending on Twitter – the true cause of the incident was less sensational, although nonetheless concerning. What caused the Internet to crash? Websites begin to work again after major outage
Billy Big Balls of the Week Alleged drug syndicates, contract killers and weapons dealers thought they were using high-priced, securely encrypted phones that would protect them as they openly discussed drug deals by text message and swapped photos of cocaine-packed pineapples. What they were really doing, investigators revealed Tuesday, was channeling their plots straight into the hands of U.S. intelligence agents. An international coalition of law enforcement officials announced they had ensnared alleged criminals around the world after duping them into using phones loaded with an encrypted messaging app controlled by the FBI. ANOM: Hundreds arrested in massive global crime sting using messaging app FBI-controlled Anom app ensnares scores of alleged criminals in global police sting Trojan Shield: How the FBI Secretly Ran a Phone Network for Criminals ANOM: Alleged drug kingpin told to hand himself in after being tricked into spreading fake phone app
Industry News Biden Expands Trump’s Investment Ban on Chinese Firms More US Kids Warned About Internet Than Unsafe Sex US to Treat Ransomware Like Terrorism French Antitrust Regulator Slaps $268 Million Fine on Google Microsoft Fixes Seven Zero-Days This Patch Tuesday A Third of Execs Plan to Spy on Staff to Guard Trade Secrets JBS Admits Paying REvil Ransomware Group $11 Million Schools Forced to Shut Following Critical Ransomware Attack
Tweet of the Week https://twitter.com/Eskenzi/status/1402684475243438081 https://twitter.com/KimZetter/status/1402695107640393729 Come on! Like and bloody well subscribe! | |||