00:00 - PreShow Banter™ — Scotty’s Pizza (Not Sponsored) 03:38 - BHIS - Talkin’ Bout [infosec] News 2024-08-12 03:59 - Hacker Summer Camp Report 2024 08:56 - Story # 1: ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections 14:26 - Story # 2: Black Hat USA 2024, DEF CON 32 attendees treated like children – or criminals – with invasive hotel room checks 29:49 - Story # 3: DEF CON Badge Maker Pulled Off Stage Amid Claims of Non-Payment and Failed Work 30:...
Aug 14, 2024•1 hr 3 min•Ep. 1
00:00 - PreShow Banter™ — What’s the f___ 03:34 - BHIS - Talkin’ Bout [infosec] News 2024-08-05 06:57 - Story # 1: Proofpoint Email Routing Flaw Exploited to Send Millions of Spoofed Phishing Emails 23:57 - Story # 2: Bumble and Hinge allowed stalkers to pinpoint users’ locations down to 2 meters, researchers say 36:47 - Story # 3: Eavesdropping on HDMI cables can reveal computer screen’s content 37:43 - Story # 3b Hak5 Screen Crab 39:18 - Story # 4: Microsoft says massive Azure outage was cause...
Aug 06, 2024•1 hr 3 min•Ep. 1
00:00 - PreShow Banter™ — Microsoft Sad Face 02:13 - BHIS - Talkin’ Bout [infosec] News 2024-07-29 03:08 - Story # 1: Fake CrowdStrike repair manual pushes new infostealer malware 15:26 - Story # 1b: 83-year-old man found safe a week after going missing when CrowdStrike outage canceled flight 20:39 - Story # 2: Multifactor Authentication Is Not Enough to Protect Cloud Data 38:59 - Graphrunner 47:19 - Story # 3: Data pilfered from Pentagon IT supplier Leidos 57:57 - Story # 4: How a North Korean ...
Jul 31, 2024•1 hr•Ep. 1
00:00 - PreShow Banter™ — CrowdStroke Memes 05:59 - BHIS - Talkin’ Bout [infosec] News 2024-07-22 07:01 - Story # 1: A Windows version from 1992 is saving Southwest’s butt right now 07:36 - Crowdstrike Global Outage - BHIS - Talkin’ Bout [infosec] #News 09:48 - Story # 1b: CrowdStrike’s faulty update crashed 8.5 million Windows devices, says Microsoft 12:13 - Story # 1c: Let’s blame the dev who pressed “Deploy” 17:23 - Figure 1 22:14 - Story # 2: DHS Has a DoS Robot to Disable Internet of Things...
Jul 24, 2024•59 min•Ep. 1
The outage of the decade!
Jul 22, 2024•1 hr 4 min•Ep. 1
00:00 - PreShow Banter™ — Absolute Madmen 02:28 - BHIS - Talkin’ Bout [infosec] News 2024-07-15 03:18 - Wi-Fi Forge 07:31 - Story # 1: CISA Red Team’s Operations Against a Federal Civilian Executive Branch Organization Highlights the Necessity of Defense-in-Depth 22:39 - Story # 2: AT&T says criminals stole phone records of ‘nearly all’ customers in new data breach 33:35 - Story # 3: FTC study finds ‘dark patterns’ used by a majority of subscription apps and websites 38:48 - Story # 4: Club ...
Jul 18, 2024•1 hr 4 min•Ep. 1
00:00 - PreShow Banter™ — A Bunch of Lunatics 05:09 - BHIS - Talkin’ Bout [infosec] News 2024-07-08 08:41 - Story # 1: Europol takes down 593 Cobalt Strike servers used by cybercriminals 09:54 - Story # 1b: National Crime Agency leads international operation to degrade illegal versions of Cobalt Strike 15:17 - Story # 2: ‘RockYou2024’: Nearly 10 billion passwords leaked online 22:12 - Story # 3: Ticketmaster Breach: ShinyHunters Leak 440K Taylor Swift Eras Tour Ticket Data 24:20 - Story # 3b: Ha...
Jul 10, 2024•1 hr 8 min•Ep. 1
00:00 - PreShow Banter™ — Ice Cream Season 07:22 - BHIS - Talkin’ Bout [infosec] News 2024-07-01 07:48 - Story # 1: TeamViewer’s corporate network was breached in alleged APT hack 09:11 - Story # 1b: TeeamViewer Security Update – June 28, 2024, 12:10 PM CEST 16:33 - Story # 2: Supreme Court orders new look at Texas, Florida social media laws 21:32 - Story # 3: New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems 24:52 - Story # 4: CISA: Most critical open source projects not usin...
Jul 03, 2024•1 hr 1 min•Ep. 1
00:00 - PreShow Banter™ — Life is a Highway 04:28 - BHIS - Talkin’ Bout [infosec] News 2024-06-24 05:30 - Story # 1: Colorado Privacy Act Amended To Include Biometric Data Provisions 14:18 - Story # 2: Scathing report on Medibank cyberattack highlights unenforced MFA 24:30 - Story # 3: CDK suffered another data breach as it was attempting to recover 35:08 - Story # 4: LockBit claims the hack of the US Federal Reserve 40:00 - Story # 5: Amazon-Powered AI Cameras Used to Detect Emotions of Unwitti...
Jun 26, 2024•1 hr 3 min•Ep. 1
00:00 - PreShow Banter™ — Hungry Hungry Hipaa 03:39 - BHIS - Talkin’ Bout [infosec] News 2024-06-17 05:40 - Story # 1: Windows security hole allows attackers to install malware via Wi-Fi — new patch plugs gaping vulnerability 16:27 - Story # 2: Microsoft’s all-knowing Recall AI feature is being delayed 25:34 - Story # 3: Here’s how Apple’s AI model tries to keep your data private 32:27 - Story # 4: New Linux malware is controlled through emojis sent from Discord 35:28 - Story # 5: Pure Storage c...
Jun 19, 2024•1 hr 2 min•Ep. 1
00:00 - PreShow Banter™ — Louie is Live 04:53 - BHIS - Talkin’ Bout [infosec] News 2024-06-10 07:09 - Story # 1: UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion 18:39 - Story # 2: Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster. 39:02 - Story # 3: TikTok fixes zero-day bug used to hijack high-profile accounts 41:34 - Story # 4: The Age of the Drone Police Is Here 52:07 - ...
Jun 13, 2024•1 hr 3 min•Ep. 1
00:00:00 - PreShow Banter™ — In an RV down by the dumpster 00:07:39 - BHIS - Talkin’ Bout [infosec] News 2024-06-03 00:09:21 - Story # 1: Ticketmaster confirms massive breach after stolen data for sale online 00:10:46 - Story # 1b: Snowflake, Cloud Storage Giant, Suffers Massive Breach: Hacker Confirms to Hudson Rock Access Through Infostealer Infection 00:13:03 - Story # 1c: Detecting and Preventing Unauthorized User Access: Instructions 00:13:42 - Story # 1d: Snowflake Denies Responsibility fo...
Jun 06, 2024•1 hr 9 min•Ep. 1
00:00 - PreShow Banter™ — Antichafing Training. 04:31 - BHIS - Talkin’ Bout [infosec] News 2024-05-20 07:12 - Story # 1: Linux maintainers were infected for 2 years by SSH-dwelling backdoor with huge reach 29:49 - Story # 2: Palo Alto Networks is buying security assets from IBM to expand customer base 36:50 - Story # 3: Charges and Seizures Brought in Fraud Scheme Aimed at Denying Revenue for Workers Associated with North Korea 43:55 - Story # 4: FCC might require telecoms to report on securing ...
May 23, 2024•1 hr 6 min•Ep. 1
00:00 - PreShow Banter™ — World Class RSA Cookies 04:49 - BHIS - Talkin’ Bout [infosec] News 2024-05-14 06:33 - Story # 1: Zscaler takes “test environment” offline after rumors of a breach 18:48 - Story # 2: Okta’s security chief on the company’s own cyberattack and how the ‘battleground’ has shifted 43:36 - Story # 3: Leaked FBI email stresses need for warrantless surveillance of Americans 48:46 - Story # 4: Despite big tech lobbying, Maryland passes two internet privacy bills 52:26 - Story # 4...
May 16, 2024•58 min•Ep. 1
00:00 - PreShow Banter™ — RSA Power Moves 08:14 - BHIS - Talkin’ Bout [infosec] News 2024-05-06 09:49 - Story # 1: Shortridge Makes Sense of the 2024 Verizon DBIR 15:04 - Story # 2: A recent security incident involving Dropbox Sign 20:30 - Story # 3: Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover 28:40 - Story # 4: Millions of Docker repos found pushing malware, phishing sites 32:53 - Story # 5: 1,400 GitLab Servers Impacted by Exploited Vulnerability 42:07 - Story ...
May 08, 2024•1 hr 2 min•Ep. 1
00:00 - BHIS - Talkin’ Bout [infosec] News 2024-04-29 02:33 - Story # 1: Cyber Hygiene Helps Organizations Mitigate Ransomware-Related Vulnerabilities 10:38 - Story # 2: ‘Admin’ and ‘12345’ banned from being used as passwords in UK crackdown on cyber attacks 16:34 - Story # 3: Maximum severity Flowmon bug has a public exploit, patch now 21:06 - Story # 3b: CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon 22:45 - Story # 4:GitHub comments abused to push malware via Microsoft rep...
May 01, 2024•1 hr•Ep. 1
00:00 - PreShow Banter™ — A Parent Process 03:01 - BHIS - Talkin’ Bout [infosec] News 2024-04-22 04:13 - Story # 1: Exploit code for Palo Alto Networks zero-day now public 07:44 - Story # 1b: (Timeline) Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400) 23:22 - Story # 2: MGM says FTC can’t possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time 31:37 - Story # 3: MITRE was breached through Ivanti zero-d...
Apr 24, 2024•1 hr•Ep. 1
00:00 - PreShow Banter™ — Retro Actions 04:48 - BHIS - Talkin’ Bout [infosec] News 2024-04-15 07:05 - Story # 1: FCC to vote on net neutrality rules on April 25 18:52 - Story # 2: “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass 23:40 - Story # 2b: Delinea has cloud security incident in Thycotic Secret Server gaff 28:23 - Story # 3: CISA Releases Malware Next-Gen Analysis System for Public Use 40:36 - Story # 4: Hacker Leaks 8.5M U.S. Environmental Protection Agen...
Apr 17, 2024•1 hr•Ep. 1
00:00 - PreShow Banter™ — BHIS Bees Corp® 04:08 - The FUTURE IS…… Kickstarter 05:29 - BHIS - Talkin’ Bout [infosec] News 2024-04-08 06:03 - Story # 1: New draft bipartisan US federal privacy bill unveiled 11:03 - Story # 2: How To Opt Out Of GM Sharing Your Driving Data With Insurance Companies 13:04 - Story # 2b: Request a Consumer Disclosure Report 14:25 - Story # 3: Hackers Hijacked Notepad++ Plugin To Execute Malicious Code 29:19 - Story # 4: A Vigilante Hacker Took Down North Korea’s Intern...
Apr 10, 2024•1 hr 3 min•Ep. 1
00:00 - PreShow Banter™ — Zippers, Jokes, & Lawyers (Not to be confused with the song "Lawyers, Guns and Money") 02:59 - BHIS - Talkin’ Bout [infosec] News 2024-04-01 03:57 - Story # 1: New Darcula phishing service targets iPhone users via iMessage 11:57 - Story # 2: Recent ‘MFA Bombing’ Attacks Targeting Apple Users 17:22 - Story # 3: Thousands of phones and routers swept into proxy service, unbeknownst to users 22:11 - Story # 4: Digital signs around Brookline are collecting data from your...
Apr 03, 2024•1 hr 6 min•Ep. 1
00:00 - PreShow Banter™ — “Allegedly” 03:18 - BHIS - Talkin’ Bout [infosec] News 2024-03-25 08:00 - Story # 1: Cisco Completes Acquisition of Splunk 10:47 - Story # 2: General Motors Quits Sharing Driving Behavior With Data Brokers 15:27 - Story # 3: Ron DeSantis signs bill requiring parental consent for kids under 16 to hold social media accounts 24:34 - Story # 4: House passes bill to prevent the sale of personal data to foreign adversaries 28:19 - Story # 5: Unsaflok - vulnerability impacts o...
Mar 27, 2024•59 min•Ep. 1
Brought to you by Antisyphon Training — https://www.antisyphontraining.com 00:00:00 - PreShow Banter™ — New Arms Again 00:03:24 - BHIS - Talkin’ Bout [infosec] News 2024-03-18 00:04:54 - Story # 1: NIST Releases Version 2.0 of Landmark Cybersecurity Framework 00:10:50 - Story # 2: The FCC has finally decreed that 25Mbps and 3Mbps are not ‘broadband’ speed 00:14:33 - Story # 3: Welcome to the 2024 Threat Detection Report 00:33:40 - Story # 4: NSA Releases Top Ten Cloud Security Mitigation Strateg...
Mar 20, 2024•1 hr 5 min•Ep. 1
00:00 - PreShow Banter™ — Death to Clippy 05:18 - BHIS - Talkin’ Bout [infosec] News 2024-03-11 – Featuring Josh Mason 06:58 - Story # 1: Behind the doors of a Chinese hacking company, a sordid culture fueled by influence, alcohol, and sex 13:43 - Story # 2: Top US cybersecurity agency hacked and forced to take some systems offline 23:39 - Story # 3: Microsoft admits Russian state hack still not contained. ‘This has tremendous national security implications’ 30:27 - Story # 4: FBI’s 2023 Interne...
Mar 13, 2024•1 hr•Ep. 1
A weekly Podcast with BHIS and Friends. stories. We discuss notable Infosec, and infosec-adjacent news stories. Brought to you by: Black Hills Information Security https://www.blackhillsinfosec.com/ Antisyphon Training https://www.antisyphontraining.com/ Story # 1: Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern https://www.whitehouse.gov/briefing-r... Story # 2: A leaky database spilled 2FA codes f...
Mar 06, 2024•58 min•Ep. 1
Story #1: Mr. Cooper leak exposes over two million customers Story #2: ConnectWise ScreenConnect attacks deliver malware Story #3: LockBit Infrastructure Seized by US, UK Police Story #4: US health tech giant Change Healthcare hit by cyberattack Story #5: The reported leak of Chinese hacking documents supports experts’ warnings about how compromised the US could be (00:00) - PreShow Banter™ — It's a Wii Match (05:22) - BHIS - Talkin' Bout [infosec] News 2024-02-26 (07:10) - Story # 1: Mr. Cooper...
Mar 01, 2024•58 min•Ep. 1
The post Talkin’ About Infosec News – 2/20/24 appeared first on Black Hills Information Security .
Feb 20, 2024•55 min•Ep. 1
The post Talkin’ About Infosec News – 2/14/2024 appeared first on Black Hills Information Security . (00:00) - PreShow Banter™ — Fashion in Oregon (01:51) - BHIS - Talkin' Bout [infosec] News 2024-02-12 (08:54) - Story # 1: Ivanti devices hit by wave of exploits for latest security hole (31:53) - Story # 2: Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data (43:15) - Story # 3: Critical Boot Loader Vulnerability in Shim Impacts Nearly All Linux Distros (54:13) - Story # 4...
Feb 14, 2024•1 hr 5 min•Ep. 1
The post Talkin’ About Infosec News – 2/6/24 appeared first on Black Hills Information Security . (00:00) - PreShow Banter™ — 5 Min Webcasts (04:29) - BHIS - Talkin' Bout [infosec] News 2024-02-05 (09:06) - Story # 1: Thanksgiving 2023 security incident (22:09) - Story # 2: AnyDesk Incident Response 5-2-2024 (34:14) - Story # 3: Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ (50:13) - Story # 4: All federal civilian agencies ordered to disconnect at-...
Feb 06, 2024•1 hr 2 min•Ep. 1
The post Talkin’ About Infosec News – 1/31/2024 appeared first on Black Hills Information Security . (00:00) - PreShow Banter™ — No Hacking on Fridays (04:33) - BHIS - Talkin' Bout [infosec] News 2024-01-29 (09:48) - Story # 1: SEC confirms X account was hacked in SIM swapping attack (17:45) - Story # 2: MavenGate Attack Could Let Hackers Hijack Java and Android via Abandoned Libraries (23:03) - Story # 3: Fortra warns of new critical GoAnywhere MFT auth bypass, patch now (26:35) - Story # 4: Te...
Jan 31, 2024•1 hr 9 min•Ep. 1
The post Talkin’ About Infosec News – 1/24/2024 appeared first on Black Hills Information Security . (00:00) - PreShow Banter™ — There's More Than Swim Meets (01:21) - BHIS - Talkin' Bout [infosec] News 2024-01-22 (05:21) - Story # 1 : Florida bill banning youth from social media moves forward (14:19) - Story # 2 : Microsoft network breached through password-spraying by Russia-state hackers (21:38) - Story # 3 : This new data poisoning tool lets artists fight back against generative AI (28:50) -...
Jan 24, 2024•1 hr 2 min•Ep. 1
![Talkin' Bout [Infosec] News - podcast cover](https://assets.metacast.app/images/podcast/artwork/FMW0NX7U)
