The Host Unknown Podcast – Details, episodes & analysis

This week in InfoSec  (07:42)

With content liberated from the “today in infosec” twitter account and further afield

29th August 1990: The UK's Computer Misuse Act 1990 went into effect, introducing 3 criminal offences related to unauthorised access and modification of "computer material".

https://twitter.com/todayininfosec/status/1829252932178719161  

27th August 1999: One of the first companies to offer a dedicated web application firewall (WAF) was Perfecto Technologies with its AppShield product. But it didn't use the terminology "WAF", instead describing it as "a plug and play" Internet application security solution."

https://twitter.com/todayininfosec/status/1828483993001492969

Rant of the Week (13:25) 

Watchdog warns FBI is sloppy on secure data storage and destruction

The FBI has made serious slip-ups in how it processes and destroys electronic storage media seized as part of investigations, according to an audit by the Department of Justice Office of the Inspector General.

Drives containing national security data, Foreign Intelligence Surveillance Act information and documents classified as Secret were routinely unlabeled, opening the potential for it to be either lost or stolen, the report [PDF] addressed to FBI Director Christopher Wray states.

Ironically, this lack of identification might be considered a benefit, given the lax security at the FBI's facility used to destroy such media after they have been finished with.

The OIG report notes that it found boxes of hard drives and removable storage sitting open and unattended for "days or even weeks" because they were only sealed once the boxes were full. This potentially allows any of the 395 staff and contractors with access to the facility to have a rummage around.

Billy Big Balls of the Week (22:01)

Deadbeat dad faked his own death by hacking government databases

A US man has been sentenced to 81 months in jail for faking his own death by hacking government systems and officially marking himself as deceased.

The US Department of Justice on Tuesday detailed the case of Jesse Kipf, 39, who was sent down for computer fraud and aggravated identity theft.

In January 2023, Kipf used the credentials of a physician to access Hawaii's Death Registry System and create a "case" that recorded his own death.

"Kipf then completed a State of Hawaii Death Certificate Worksheet, assigned himself as the medical certifier for the case and certified his death, using the digital signature of the doctor," the DoJ wrote. The paperwork was all correct, so many government databases listed Kipf as deceased.

But he was very much alive and enjoying the fact that his "death" meant he didn't have to make child support payments or catch up on those he'd already missed. Evidence presented in court included internet search histories recorded on a laptop, with Kipf looking up terms including "Remove California child support for deceased."

Industry News (28:13)

Uber Hit With €290m GDPR Fine

FBI Flawed Data Handling Raises Security Concerns

Microsoft 365 Copilot Vulnerability Exposes User Data Risks

Money Laundering Dominates UK Fraud Cases

Ransomware Attacks Exposed 6.7 Million Records in US Schools

IT Engineer Charged For Attempting to Extort Former Employer

Surge in New Scams as Pig Butchering Dominates

Unpatched CCTV Cameras Exploited to Spread Mirai Variant

North Korean Hackers Launch New Wave of npm Package Attacks

Tweet of the Week (36:20)

https://x.com/fesshole/status/1828921760147767400

Come on! Like and bloody well subscribe!

This week in InfoSec  (06:43)

With content liberated from the “today in infosec” twitter account and further afield

18th August 2004: Text messages sent to promote the video game "Resident Evil: Outbreak" stated "Outbreak: I'm infecting you with t-virus". This scared recipients, who were only about 7% less technologically savvy than mobile phone users today.

https://x.com/todayininfosec/status/1825257955878641888   

20th August 2003: Philippe Oechslin shared his technique he called "rainbow tables" during a talk at the 23rd annual crypto conference, Crypto 2003.

It became a popular approach for cracking password hashes. Today it's less widely used due to adoption of practices that reduce its efficacy.

https://x.com/todayininfosec/status/1825865870716870802

Rant of the Week  (10:59)

This uni thought it would be a good idea to do a phishing test with a fake Ebola scare

University of California Santa Cruz (UCSC) students may be relieved to hear that an emailed warning about a staff member infected with the Ebola virus was just a phishing exercise.

The message, titled "Emergency Notification: Ebola Virus Case on Campus," went out to the university community on Sunday, August 18. It began, "We regret to inform you that a member of our staff, who recently returned from South Africa, has tested positive for the Ebola virus."

The message went on to say that the university has initiated a contact tracing protocol and asks message recipients to "Please Log In to the Access Information Page for more details" – the very activity phishing messages attempt to encourage in order to capture login credentials.

The simulated attack was similar to an actual phishing message sent on August 1, 2024, as shown on the UCSC Phish Bowl, a collection of real and test phishing attempts.

But the one sent on Sunday was intended to raise awareness of phishing rather than to actually steal information.

In that, it succeeded. The message prompted the UCSC Student Health Center to publish a notice about a "Phishing email with misleading health information."

On Monday, Brian Hall, chief information security officer for UCSC, sent out an apology to the university community.

Billy Big Balls of the Week (18:20)

Russia tells citizens to switch off home surveillance because the Ukrainians are coming

Russia's Ministry of Internal Affairs is warning residents of under-siege regions to switch off home surveillance systems and dating apps to stop Ukraine from using them for intel-gathering purposes.

Residents of the Bryansk, Kursk, and Belgorod regions were issued with the warnings amid what seems like Russia being thoroughly rattled by Ukraine's incursion into the country's southwest.

"The enemy is massively identifying IP ranges in our territories and connecting to unprotected video surveillance cameras remotely, viewing everything from private yards to roads and highways of strategic importance," said the ministry, according to Russian newswire Interfax. "In this regard, if there is no urgent need, it is better not to use video surveillance cameras.

"It is highly discouraged to use online dating services. The enemy actively uses such resources for the covert collection of information."

These warnings were just two of many included in a public memo aimed at protecting the identities of high-value Russian individuals, including military personnel, law enforcement agents, and nuclear energy workers.

Industry News (24:51)

Iran Behind Trump Campaign Hack, US Government Confirms

New DNS-Based Backdoor Threat Discovered at Taiwanese University

Most Ransomware Attacks Now Happen at Night

CISA to Get New Headquarters as $524M Contract Awarded

Australia Calls Off Clearview AI Investigation Despite Lack of Compliance

Backdoor in Mifare Smart Cards Could Open Doors Around the World

Security Flaws in UK Political Party Donation Platforms Exposed

Company Fined $1m for Fake Joe Biden AI Calls

FAA Admits Gaps in Aircraft Cybersecurity Rules: New Regulation Proposed

Tweet of the Week (32:19)

https://x.com/anon_opin/status/1826015107857416458?s=46&t=1-Sjo1Vy8SG7OdizJ3wVbg

Come on! Like and bloody well subscribe!

This week in InfoSec  (08:49)

With content liberated from the “today in infosec” twitter account and further afield

7th April 1969: Steve Crocker, a graduate student at UCLA and part of the team developing ARPANET, writes the first “Request for Comments“. The ARPANET, a research project of the Department of Defense’s Advanced Research Projects Agency (ARPA), was the foundation of today’s modern Internet. RFC 1 defined the design of the host software for communication between ARPANET nodes. This host software would be run on Interface Message Processors or IMPs, which were the precursor to Internet routers. The “host software” defined in RFC 1 would later be known as the Network Control Protocol or NCP, which itself was the forerunner to the modern TCP/IP protocol the Internet runs on today.

https://thisdayintechhistory.com/04/07/rfc-1-defines-the-building-block-of-internet-communication/

7th April 2014: The Heartbleed Bug was publicly disclosed. The buffer over-read vulnerability had been discovered by Neel Mehta and later privately reported to the OpenSSL project, which patched it the next day. The vulnerability was inadvertently introduced into OpenSSL 2 years prior.

https://twitter.com/todayininfosec/status/1777136463882183076  

Rant of the Week (17:09)

OpenTable is adding your first name to previously anonymous reviews

Restaurant reservation platform OpenTable says that all reviews on the platform will no longer be fully anonymous starting May 22nd and will now show members' profile pictures and first names.

OpenTable notified members of this new policy change today in emails to members who had previously left a review on the platform, stating the change was made to provide more transparency.

"At OpenTable, we strive to build a community in which diners can help other diners discover new restaurants, and reviews are a big part of that," reads the OpenTable email seen by BleepingComputer.

"We've heard from you, our diners, that trust and transparency are important when looking at reviews."

"To build on the credibility of our review program, starting May 22, 2024, OpenTable will begin displaying diner first names and profile photos on all diner reviews. This update will also apply to past reviews.

Billy Big Balls of the Week (26:36)
Lloyds Bank axes risk staff after executives complain they are a ‘blocker’

Lloyds Banking Group plans to cut jobs in risk management after an internal review found the function was a “blocker to our strategic transformation”.  

The restructuring was outlined in a memo last month from Lloyds’ chief risk officer Stephen Shelley, who said two-thirds of executives believed risk management was blocking progress while “less than half our workforce believe intelligent risk-taking is encouraged”.  The lender was “resetting our approach to risk and controls”, Shelley said in the memo, seen by the Financial Times, adding that “the initial focus is on non-financial risks”. 

Industry News (33:55)

T: Famous YouTube Channels Hacked to Distribute Infostealers

A: US Federal Data Privacy Law Introduced by Legislators

J: Foreign Interference Drives Record Surge in IP Theft

T: Half of UK Businesses Hit by Cyber-Incident in Past Year, UK Government Finds

A: US Claims to Have Recovered $1.4bn in COVID Fraud

J: Women Experience Exclusion Twice as Often as Men in Cybersecurity

T: Threat Actors Game GitHub Search to Spread Malware

A: Data Breach Exposes 300k Taxi Passengers’ Information

J: Apple Boosts Spyware Alerts For Mercenary Attacks

Tweet of the Week  (52:08)

https://x.com/ErrataRob/status/1778536622163984590

Come on! Like and bloody well subscribe!

This Week in InfoSec (09:26)

With content liberated from the “today in infosec” Twitter  account and further afield

26th April 2013: LivingSocial informed its employees that 50 million users' names, emails, dates of birth, and SHA1 hashed passwords were compromised.

LivingSocial Hacked

https://twitter.com/todayininfosec/status/1519039747301199872

26th April 1999: The first known virus to target the flash BIOS of a PC, the CIH/Chernobyl Virus triggers on this day, erasing hard drives and disabling PCs primarily in Asia and Europe. One of the most destructive viruses in history, Turkey and South Korea alone reported 300,000 infected systems.

As Seen on Reddit (23:29)

My thoughts on a decade of Cyber Security: 10 Lessons I’ve learned

Reddit user u/CrowGrandFather has spent more than a decade in the Cyber Security Industry and has come up with 10 lessons he learned along the way.

1. Cyber is risk and nothing else

2. No one cares about your stats

3. Understand that not everyone is as smart as you

4. Stop with the playbooks

5. Read the news for your boss

6. Blackhat is mostly pointless

7. Location, Location, Location

8. You’re probably doing threat intelligence wrong

9. Don’t write to be understood, write so that you can’t possibly be misunderstood

10. Make friends with your Marketing team

[That was this week's As seen on Reddit]

Industry News (42:07)

LinkedIn Becomes the Most Impersonated Brand for Phishing Attacks

Costa Rica Refuses to Pay Cyber Ransom

Bored Ape Yacht Club Customers Lose $3m in NFT Scam

French Hospitals Cut Internet Connection After Data Raid

Security Teams Should Be Addressing Quantum Cyber-Threats Now

Private Investigator Admits Role in Hedge Fund Hack

UK Schools Can Sign-Up to Free Government-Grade Security

Coca-Cola Investigates Data Breach Claim

Crypto Trading Fund Partners Accused of Fraud

Tweet of the Week (45:00)

https://twitter.com/austinpeay/status/1519397653305561088

https://twitter.com/austinpeay/status/1519399475785125889

Come on! Like and bloody well subscribe!

This Week In InfoSec (10:15)

With content liberated from the “today in infosec” twitter account and further afield

1st April 1998: Hackers changed the MIT home page to read "Disney to Acquire MIT for $6.9 Billion".

https://twitter.com/todayininfosec/status/1245550127806201857

MIT says "Disney buys MIT" hack revealed by low price

1st April 2004: The now ubiquitous Gmail service is launched as an invitation-only beta service. At first met with skepticism due to it being launched on April Fool’s Day, the ease of use and speed that Gmail offered for a web-based email service quickly won converts. The fact that Gmail was invitation-only for a long time helped fuel a mystique that those who had a Gmail address were hip and uber-cool. 

Rant of the Week: (16:25)

Bank had no firewall license, intrusion or phishing protection – guess the rest

An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees.

Billy Big Balls of the Week (23:20)

Bearded Barbie hackers catfish high ranking Israeli officials

The Hamas-backed hacking group tracked as 'APT-C-23' was found catfishing Israeli officials working in defense, law, enforcement, and government agencies, ultimately leading to the deployment of new malware.

The campaign involves high-level social engineering tricks such as creating fake social media profiles and a long-term engagement with the targets before delivering spyware.

Industry News (30:50)

Scottish Power Parent Company Hit by Data Breach

Trezor Customers Phished After MailChimp Compromise

Cadbury Warns of Easter Egg Scam

Jail Releases 300 Suspects Due to Computer "Glitch"

WhatsApp 'Voice Message' Is an Info-Stealing Phishing Attack

Germany Shuts Down Russian Darknet Marketplace Hydra

Attack on Ukraine Telecoms Provider Caused by Compromised Employee Credentials

Block Warns Eight Million Customers of Insider Breach

Employee Info Among 13 Million Records Leaked by Fox News

Tweet of the Week (41:50)

https://twitter.com/_sn0ww/status/1511857122966835200

Come on! Like and bloody well subscribe!

This Week in InfoSec (09:55)

With content liberated from the “today in infosec” twitter account and further afield

31st March 1999: The hugely successful motion picture, The Matrix, is released on this day. Many call it a classic (ok, that’s me), many call it influential (ok, me again), but no one can deny that the impact it had on many aspects of our society from the emerging tech culture, to the movie industry, to science-fiction, to political thinking

25th March 2010: Albert Gonzales was sentenced to 20 years in prison for stealing credit card data from TJX and other companies. He is currently serving his sentence at FMC Lexington, a Kentucky facility for inmates requiring medical or mental health attention.

Sex, Drugs, and the Biggest Cybercrime of All Time

Rant of the Week (19:32)

Yale finance director stole $40m in computers to resell on the sly

A now-former finance director stole tablet computers and other equipment worth $40 million from the Yale University School of Medicine, and resold them for a profit.

https://www.dailymail.co.uk/news/article-10669329/Yale-School-Medicine-employee-stole-40-million-computers-electronics-school.html

Billy Big Balls of the Week (30:30)

Ubiquiti sues Krebs on Security for defamation

Network equipment maker Ubiquiti on Tuesday filed a lawsuit against infosec journalist Brian Krebs, alleging he defamed the company by falsely accusing the firm of covering up a cyber-attack.

On March 30, 2021, Krebs reported that Ubiquiti had disclosed a January breach involving a third-party cloud provider, later revealed to be AWS, and that an unnamed source within the firm had claimed the company was downplaying a catastrophic compromise.

Apple and Meta shared data with hackers pretending to be law enforcement officials

Apple and Meta handed over user data to hackers who faked emergency data request orders typically sent by law enforcement, according to a report by Bloomberg. The slip-up happened in mid-2021, with both companies falling for the phony requests and providing information about users’ IP addresses, phone numbers, and home addresses.

Law enforcement officials often request data from social platforms in connection with criminal investigations, allowing them to obtain information about the owner of a specific online account. While these requests require a subpoena or search warrant signed by a judge, emergency data requests don’t — and are intended for cases that involve life-threatening situations.

Industry News (37:24)

Dental Practice Fined for Sharing Patient Data on Social Media

Yandex is Sending iOS Users' Data to Russia

Attackers Steal $618m From Crypto Firm

New Research Claims Biden's Disclosure Deadlines Are Unrealistic

NCSC: Time to Rethink Russian Supply Chain Risks

Cyber-attack on California Healthcare Organization

New Version of PCI DSS Designed to Tackle Emerging Payment Threats

No Patch Available Yet for Critical SpringShell Bug

CISA Issues UPS Warning

Tweet of the Week (

https://twitter.com/AskAManager/status/1509246642364588040

https://twitter.com/HackingLZ/status/1509529191439425540

Come on! Like and bloody well subscribe!

Links

https://www.theguardian.com/uk/canoe 

Authentication oufit Okta investigating Lapsus$ breach report 

Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminal

Netflix to Charge Password Sharers

Background Check Company Sued Over Data Breach

Okta Confirms 2.5% of Customers Impacted by Lapsus Breach

Medical Service Leaks 12,000 Sensitive Patient Images

West Blocks Russia's Access to Weather Data

Fastest Ransomware Encrypts 100k Files in Four Minutes

US Indicts Russian Over "Carding Shop"

Okta CSO: Lapsus Incident Was “Embarrassing”

Indian Police Bust Online Helicopter Scam

Tweet of the week https://twitter.com/aschmelyun/status/1506960015063625733  

Come on! Like and bloody well subscribe!

This Week in InfoSec (08:06)

With content liberated from the “today in infosec” twitter account and further afield

15th March 1985: The first Internet domain symbolics.com is registered by Symbolics, a Massachusetts computer company.

16th March 2018: National Lottery owner Camelot has warned of a "low level" cyber-attack that affected customer accounts.  It has asked all of its customers to change the passwords on their accounts as a precaution.

Rant of the Week (16:31)

Germany advises citizens to uninstall Kaspersky antivirus

Nation's cybersecurity agency has doubts about Russian firm's reliability

Germany's BSI federal cybersecurity agency has warned the country's citizens not to install Russian-owned Kaspersky antivirus, saying it has "doubts about the reliability of the manufacturer."

Russia-based Kaspersky has long been a target of suspicious rumours in the West over its ownership and allegiance to Russia's rulers.

In an advisory published today, the agency said: "The BSI recommends replacing applications from Kaspersky's virus protection software portfolio with alternative products."

Billy Big Balls of the Week ( 24:49)

The Workaday Life of the World’s Most Dangerous Ransomware Gang

A Ukrainian researcher leaked 60,000 messages from inside the Conti ransomware group. 

The Conti ransomware gang was on top of the world. The sprawling network of cybercriminals extorted $180 million from its victims last year, eclipsing the earnings of all other ransomware gangs. Then it backed Vladimir Putin’s invasion of Ukraine. And it all started falling apart.

Industry News (31:24)

French Bank Denies Access to Russian Workforce

UK Unveils New Cyber Flashing Law

Israeli Government Websites Taken Offline in Large-Scale Cyber-Attack

Hackers Hit Rosneft

UK Blocks Assange's Extradition Appeal

Avast Merger Raises Competition Concerns

Irish Watchdog Fines Meta $19m Over Data Breach

Kaspersky Hits Back at "Politically Motivated" BSI Advisory

Thousands of Mobile Apps Expose User Data Via Cloud Misconfigurations

Tweet of the Week (39:12)

https://twitter.com/moonpolysoft/status/1503519499089186818  

Come on! Like and bloody well subscribe!

This Week in InfoSec (08:22)

With content liberated from the “today in infosec” Twitter account and further afield

6th March 1992:  The Michelangelo virus, so-named because it activates on March 6, the birthday of Michelangelo, begins infecting computers. The virus will also make news in 1993. It was one of the earliest viruses to receive widespread media attention and also one of the first to prompt widespread hysteria.  The irony of the name of the virus was that nothing in the virus’ code referenced Michelangelo. It is possible the virus author, who was never identified, did not know March 6th was Michelangelo’s birthday!

9th March 1999:  United States Vice President Al Gore gives an interview on CNN’s Late Edition in which he states, “During my service in the United States Congress, I took the initiative in creating the Internet. I took the initiative in moving forward a whole range of initiatives that have proven to be important to our country’s economic growth and environmental protection, improvements in our educational system.” This is the infamous statement which will be widely misquoted as “I invented the Internet.”

Rant of the Week  (13:59)

Most Orgs Would Take Security Bugs Over Ethical Hacking Help

A new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways.

Enterprises are putting greater stock in cybersecurity, but outdated “security by obscurity” is still prevailing as companies wrestle with security awareness and shy away from bug-bounty programs.

That’s according to new survey data from HackerOne, which found that a full 65 percent of organizations surveyed claimed that they “want to be seen as infallible.” However, just as many – 64 percent – said they practice a culture of security through obscurity, where secrecy is used as the primary method of protecting sensitive systems and assets.

Carole's Colossal Cahones (24:49)

When Pigs Cry: Tool decodes the Emotional Lives of Swine

https://www.nytimes.com/2022/03/09/science/pigs-oinks-grunts.html

Industry News  (30:31)

Google to Acquire Mandiant

Dirty Pipe Exploit Rings Alarm Bells in the Linux Community

Chinese APT41 Group Compromises Six US Government Networks

Prison for Man Who Scammed US Government to Buy Pokémon Card

UK Announces New Rules to Tackle Surging Online Scam Adverts

Over 90% of Exposed Russian Cloud Databases Compromised

AI Accountability Framework Created to Guide Use of AI in Security

Conti Group Spent $6m on Salaries, Tools and Services in a Year

Qakbot Debuts New Technique

Tweet of the Week (39:33)

https://twitter.com/paygapapp  

https://twitter.com/achornback/status/1501677184515256321?s=12

Come on! Like and bloody well subscribe!

This Week in InfoSec (08:37)

With content liberated from the “today in infosec” Twitter account and further afield

7th March 1997: During a hearing on Microsoft’s alleged antitrust activities, Bill Gates admits Microsoft’s contracts bar Internet content providers from promoting Netscape’s browser. Eventually, Internet Explorer dominates the web browser market as it is shipped for free with every copy of Windows.

3rd March 2009: “You may be wondering why I’ve turned myself into a zombie.

Well, it’s in honour of National Zombie Awareness Week in Australia, which is highlighting the problem of compromised computers (known as bots or zombies).

Zombie computers can be invisibly controlled by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or steal confidential information.”

Rant of the Week (15:36)

The zero-password future can't come soon enough

SpyCloud highlights poor password hygiene of consumers and the threat to enterprises

Passwords, long a weakness in the tapestry of defences designed to keep enterprises and individuals more secure, continue to be a problem due in large part to the same issue that has haunted them for years: the users themselves.

Billy Big Balls of the Week (27:41)

Russian Company Outsourced The Main Components In EV Chargers To A Ukrainian Company, Hilarity Ensues

The electric car chargers along one of the most important freeways in Russia are all down Monday after the Ukrainian company tasked with building the main components in the chargers used backdoor access to hack them, shut them down, and program anti-Putin/pro-Ukrainian messages to scroll past on their screens.

The outage affects chargers along the M11 motorway, which connects Moscow to St. Petersburg. The Russian energy company Rosseti confirmed the hack in a post on the company’s Facebook.

Industry News (33:52)

Ukraine Asks for Hackers’ Help

Russian TV Stations Hacked

Conti Encrypts Karma Ransom Note in Same Victim Network

Apple and Google Turn Off Map Features to Help Ukraine

NIST Seeks Cybersecurity Framework Feedback

Nvidia Admits Hackers Stole Employee and Internal Data

Russia Denies Satellite Hacking and Warns of Wider War

Swiss Bank Requests Destruction of Documents

Vulnerability Exploit Attempts Surge Tenfold Against Ukrainian Websites

Tweet of the Week (40:40)

https://twitter.com/gyarbij/status/1499289498005422083

Come on! Like and bloody well subscribe!