You've Already Been Hacked

‌

Episodes

‌

Cyberspace and what happens on it impacts all of us. From a global, nation-state, local, and personal level, we all need to know, and understand what is happening, and how to stay safe in the digital world. Interesting news from the week, interviews, long-form discussions, and maybe a little something else is what You've Already Been Hacked is all about.

Episodes

What is the NIST Cybersecurity Framework

This week we are taking a look at what the NIST Cybersecurity Framework is, what are the pillars of it, and how this is something that could help you be better protected https://riversafe.co.uk/tech-blog/nist-framework-5-pillars-for-your-cyber-security-strategy/ https://www.nist.gov/cyberframework/online-learning/five-functions https://sopa.tulane.edu/blog/NIST-cybersecurity-framework ============== Prefer audio only check out my link on Anchor.FM to get to your favorite podcast service: https:/...

Dec 12, 2021•18 min•Ep 70•Transcript available on Metacast

What Are the Stages of a Cyber Attack?

A topic that I teach in my class is what the stages of a cyber attack are. Since we talk about those events all the time here, I thought it a Good Idea to discuss just to level set so everyone is thinking similarly. Even in this discussion, I go over the fact that the cybersecurity community is not 100% in agreement on the stages, and the average is there are 5 to 7, and those are the ones that I will be going over this week.  A couple of references for this weeks conversation https://www.m...

Dec 05, 2021•13 min•Ep 69•Transcript available on Metacast

FDIC Cyber Rules, Delays in Notifications, and more Energy sector Hacks!

- www.darkreading.com : US Banks Will Be Required to Report Cyberattacks Within 36 Hours - www.scmagazine.com : Months-long hack, theft of Sea Mar healthcare data impacts 688K patients - www.bleepingcomputer.com : Wind turbine giant Vestas' data compromised in cyberattack Share that link with your friends, or share this one, either helps this podcast grow! Follow me on twitter at: @attiliojr Feeling Generous and want to show your support? algorand: E3HYLC56IHAFXPPA2WZCLBYAVFX42GVFDC7BDAXAQWNI3BX...

Nov 28, 2021•17 min•Ep 68•Transcript available on Metacast

Congress investigates "Small Lapses", the FBI was hacked, Another Hospital got hacked, and so did Costco!

- thehill.com : Oversight finds 'small lapses' in security led to Colonial Pipeline, JBS hacks - www.fbi.gov : FBI Statement on Incident Involving Fake Emails - krebsonsecurity.com : Hoax Email Blast Abused Poor Coding in FBI Website - www.scmagazine.com : Ohio hospital diverting ambulances, canceling appointments amid cyberattack - www.bleepingcomputer.com : Costco discloses data breach after finding credit card skimmer Share that link with your friends, or share this one, either helps this pod...

Nov 21, 2021•16 min•Ep 67•Transcript available on Metacast

Professor is Building a CyberSecurity Homelab

This week, is the first in what I hope is at least several episodes in my adventure in building home lab using older hardware, and raspberry pi's. Kali Linux is the platform from which I will end up doing all of my personal skills training from.  ----------------------------------------------- https://www.kali.org https://www.kali.org/tools/ ----------------------------------------------- Share that link with your friends, or share this one, either helps this podcast grow! Follow me on twit...

Nov 14, 2021•14 min•Ep 66•Transcript available on Metacast

Can you be a Ghost on the Internet?

https://apple.news/Ag8RE6-acR1OreRhC8WfDrw Share that link with your friends, or share this one, either helps this podcast grow! Follow me on twitter at: @attiliojr Feeling Generous and want to show your support? algorand: E3HYLC56IHAFXPPA2WZCLBYAVFX42GVFDC7BDAXAQWNI3BXGHF3KDILMSY bitcoin: bc1qls47sszwqxwpad66pn6awxr0ex9s4d33t3t2zw Cosmos: cosmos107ng80lsqhwqxeawajjt6cywmu5nhlt3drvddf BAT: 0x1d17d7Ee7d1BF9F53DEF2CEf4558D05ed9172A86...

Oct 31, 2021•14 min•Ep 65•Transcript available on Metacast

Initial Look at Twitch Data Leak

Episode 64 This week we take an initial look at the Twitch data leak. All 175+ GBs and Over 2Million Files.  This is a cursory discussion, and I will not be going into any hyper specific details as I have no interest in helping to damage Twitch. Share that link with your friends, or share this one, either helps this podcast grow! Follow me on twitter at: @attiliojr Feeling Generous and want to show your support? algorand: E3HYLC56IHAFXPPA2WZCLBYAVFX42GVFDC7BDAXAQWNI3BXGHF3KDILMSY bitcoin: b...

Oct 25, 2021•20 min•Transcript available on Metacast

Lets Talk Burn Out in the Cybersecurity Industry

Cybersecurity Burnout Statistics: https://www.bitsight.com/blog/5-shocking-it-cybersecurity-burnout-statistics Combating Cyber Burnout: https://www.securew2.com/blog/combating-burnout-in-cybersecurity Hidden Costs: https://www.itsecurityguru.org/2020/05/19/cyber-burnout-the-hidden-cost-of-a-security-career/ How to Avoid: https://cyberwarrior.com/how-to-avoid-cybersecurity-burnout/ ----------------------------------- Share that link with your friends, or share this one, either helps this podcast ...

Oct 17, 2021•25 min•Ep 63•Transcript available on Metacast

Ransomware Death, High Treason, Food Cybersecurity, and CISA helps with Insider Threats

- threatpost.com : Baby’s Death Alleged to Be Linked to Ransomware - www.bleepingcomputer.com : CISA releases tool to help orgs fend off insider threat risks https://www.cisa.gov/sites/default/files/publications/IRMPE_Assessment_v1_2021-08-25.pdf - www.bleepingcomputer.com : Russia arrests cybersecurity firm CEO after raiding offices - www.scmagazine.com : Food and agriculture industry needs more threat intel as ransomware attacks crop up Share that link with your friends, or share this one, eit...

Oct 03, 2021•15 min•Ep 62•Transcript available on Metacast

Feds go after Cryto Exchange, New Cyber Rules for Insurers, Chinese SmartPhones, and 35 years for DDoS attacks

- www.theregister.com : Suex to be you: Feds sanction cryptocurrency exchange for handling payments from 8+ ransomware variants - thehill.com : Major US port target of attempted cyber attack - www.govtech.com : Wisconsin Law Imposes Cybersecurity Rules for Insurance Industry - arstechnica.com : Security audit raises severe warnings on Chinese smartphone models - www.bleepingcomputer.com : Admin of DDoS service behind 200,000 attacks faces 35yrs in prison Share that link with your friends, or sha...

Sep 26, 2021•17 min•Ep 61•Transcript available on Metacast

OWASP's #1, Apple Devices and Pegasus, BlackMatter goes after Medical, and South Africa Hacked

Episode 60 - www.theregister.com : Hey – how did you get in here? Number one app security weakness of 2021 was borked access control, says OWASP - www.darkreading.com : Apple Patches Zero-Days in iOS 14.8 Update - www.bleepingcomputer.com : BlackMatter ransomware hits medical technology giant Olympus - www.bleepingcomputer.com : Former U.S. intel operatives to pay $1.6M for hacking for foreign govt - threatpost.com : REvil/Sodinokibi Ransomware Universal Decryptor Key Is Out - www.bleepingcomput...

Sep 19, 2021•15 min•Ep 60•Transcript available on Metacast

ProtonMail...not so private anymore, SEC is watching, New Zealand suffered a DDOS attack, the UN Confirmed it was Hacked

Episode 59 - arstechnica.com : ProtonMail removed “we do not keep any IP logs” from its privacy policy - searchsecurity.techtarget.com : SEC sanctions financial firms for cybersecurity failures - www.theregister.com : New Zealand DDoS wave targets banks, post offices, weather forecasters and more - www.theregister.com : New Zealand internet outage blamed on DDoS attack on nation's third largest internet provider - thehill.com : United Nations confirms its systems were breached this year Share th...

Sep 12, 2021•17 min•Ep 59•Transcript available on Metacast

Malicious and Negligent Insiders destroyed over 22 Terabytes of data, Confluence and Cryptominers, SpyFone's done, and Autodesk got hacked

Episodes 58 - Bleeping Computer: Fired NY credit union employee nukes 21GB of data in revenge - GovTech: Dallas Terminates Worker Who Deleted 22.5 TB of Police Data - Bleeping Computer: Atlassian Confluence flaw actively exploited to install cryptominers - Bleeping Computer: FTC bans stalkerware maker Spyfone from surveillance business - Bleeping Computer: Autodesk reveals it was targeted by Russian SolarWinds hackers Share that link with your friends, or share this one, either helps this podcas...

Sep 05, 2021•16 min•Ep 58•Transcript available on Metacast

Your Gaming Periphs are Hacked, Conti hacked SAC and the FBI warned against HIVE

Episode 57  - www.bleepingcomputer.com: SteelSeries bug gives Windows 10 admin rights by plugging in a device  - www.bleepingcomputer.com: Razer bug lets you become a Windows 10 admin by plugging in a mouse  - www.bleepingcomputer.com: Nokia subsidiary discloses data breach after Conti ransomware attack  - www.bleepingcomputer.com: FBI shares technical details for Hive ransomware   Share this podcast with your friends, or share this one, either helps this podcast grow! &...

Aug 29, 2021•15 min•Ep 57•Transcript available on Metacast

Jopin Paid out, PRINTNIGHTMARE and you can’t wake up, IoT not so Random, and talking Pegasus

- www.securityweek.com : Joplin: City Computer Shutdown Was Ransomware Attack - threatpost.com : Microsoft Warns: Another Unpatched PrintNightmare Zero-Day - thehackernews.com : A Critical Random Number Generator Flaw Affects Billions of IoT Devices - www.bleepingcomputer.com : Hacker behind biggest cryptocurrency heist ever returns stolen funds - www.darkreading.com : FTC: Phishing Campaign Targets Unemployment Benefits & PII - theconversation.com : What is Pegasus? A cybersecurity expert e...

Aug 15, 2021•21 min•Ep 56•Transcript available on Metacast

Insider Threats in Oz, SolarWinds, the DOJ, and NY, GhostShips, and Amazon sets a new Record

- www.zdnet.com : Audit finds some former WA government staff still have systems access after termination - www.govinfosecurity.com : SolarWinds Attackers Accessed US Attorneys' Office Emails - www.engadget.com : Over 100 warship locations have been faked in one year - www.govinfosecurity.com : Amazon Hit With $885 Million GDPR Fine Share that link with your friends, or share this one, either helps this podcast grow! Follow me on twitter at: @attiliojr Feeling Generous and want to show your supp...

Aug 08, 2021•18 min•Ep 55•Transcript available on Metacast

Meteor wipes out Iranian Rail, Jackpotting with Europol, Florida got hacked, and the US electric grid is concerning…

- www.bleepingcomputer.com : New destructive Meteor wiper malware used in Iranian railway attack - www.europol.europa.eu : Russian-Speaking Hackers Arrested in Poland Over ATM Jackpotting Attacks - threatpost.com : UC San Diego Health Breach Tied to Phishing Attack - www.darkreading.com : Florida DEO Discloses Data Breach Affecting 58,000 Accounts - www.govinfosecurity.com : What Can Be Done to Enhance Electrical Grid Security? Share that link with your friends, or share this one, either helps t...

Aug 01, 2021•16 min•Ep 54•Transcript available on Metacast

AI Talks NSO, TSA adds new Rules, Oil, Trains, Law Firms, and Courts all PWNED

Back online for Episode 53! - www.bleepingcomputer.com : Cyberattack on Moldova's Court of Accounts destroyed public audits - techcrunch.com : This tool tells you if NSO’s Pegasus spyware targeted your phone - www.bleepingcomputer.com : Akamai DNS global outage takes down major websites, online services - www.govinfosecurity.com : TSA Issues Cybersecurity Requirements for Pipelines - www.bleepingcomputer.com : Chinese state hackers breached over a dozen US pipeline operators - arstechnica.com : ...

Jul 25, 2021•19 min•Ep 53•Transcript available on Metacast

One Year In...

Episode 52, thats 52 weeks straight we been at it!!! Thank you to everyone who has stopped by over the past 52 weeks! Kaseya Supply Chain hack impacts 1000s - www.scmagazine.com : Kaseya offers pre-patch instructions for on-prem VSA customers - www.zdnet.com : Kaseya ransomware attack updates: Your questions answered - us-cert.cisa.gov : CISA-FBI Guidance for MSPs and their Customers Affected by the Kaseya VSA Supply-Chain Ransomware Attack - arstechnica.com : Up to 1,500 businesses infected in ...

Jul 11, 2021•18 min•Ep 52•Transcript available on Metacast

93% of LinkedIn User have had their data taken

https://www.consumeraffairs.com/news/linkedin-data-breach-puts-700-million-user-records-at-risk-062921.html https://threatpost.com/linkedin-data-scrape-victims-targeted-attackers/167473/ Share that link with your friends, or share this one, either helps this podcast grow! Follow me on twitter at: @attiliojr Feeling Generous and want to show your support? algorand: E3HYLC56IHAFXPPA2WZCLBYAVFX42GVFDC7BDAXAQWNI3BXGHF3KDILMSY bitcoin: bc1qls47sszwqxwpad66pn6awxr0ex9s4d33t3t2zw Cosmos: cosmos107ng80l...

Jul 05, 2021•16 min•Ep 51•Transcript available on Metacast

Let's talk cybersecurity and Critical Infrastructure

Episode 50 - www.sfgate.com : A hacker gained access to a Bay Area drinking water facility - thehackernews.com : North Korea Exploited VPN Flaw to Hack South's Nuclear Research Institute - eclypsium.com : Eclypsium Discovers Multiple Vulnerabilities Affecting 129 Dell Models via Dell Remote OS Recovery and Firmware Update Capabilities - www.cyberscoop.com : A plan to label companies vulnerable to hacking is set to spark debate on Capitol Hill - krebsonsecurity.com : How Cyber Safe is Your Drinki...

Jun 27, 2021•19 min•Transcript available on Metacast

Ransomware Gives Up, CLOP gets arrested, and NATO willing to invoke Article 5 in Cyber Response

- www.govinfosecurity.com : Ukraine Arrests 6 Clop Ransomware Operation Suspects - www.theregister.com : Ryuk ransomware recovery cost us $8.1m and counting, says Baltimore school authority - www.bleepingcomputer.com : Network security firm COO charged with medical center cyberattack - www.zdnet.com : This data and password-stealing malware is spreading in an unusual way - www.govinfosecurity.com : NATO Endorses Cybersecurity Defense Policy - www.bleepingcomputer.com : Avaddon ransomware shuts d...

Jun 20, 2021•15 min•Ep 49•Transcript available on Metacast

The Spring Term is over, lets review

Talking about what we went over in the spring term, and how it related to the last 3 months! Share that link with your friends, or share this one, either helps this podcast grow! Follow me on twitter at: @attiliojr Feeling Generous and want to show your support? algorand: E3HYLC56IHAFXPPA2WZCLBYAVFX42GVFDC7BDAXAQWNI3BXGHF3KDILMSY bitcoin: bc1qls47sszwqxwpad66pn6awxr0ex9s4d33t3t2zw Cosmos: cosmos107ng80lsqhwqxeawajjt6cywmu5nhlt3drvddf BAT: 0x1d17d7Ee7d1BF9F53DEF2CEf4558D05ed9172A86 Paypal: https:...

Jun 13, 2021•20 min•Ep 48•Transcript available on Metacast

REvil took down one-fifth of US beef Production, The NYC MTA got hacked, Amazon wants your network

As 2021 goes on, the attack on critical infrastructure continues at a rapid pace. - www.zdnet.com: FBI attributes JBS ransomware attack to REvil - www.bleepingcomputer.com: FBI: REvil cybergang behind the JBS ransomware attack - www.cyberscoop.com: Meat chain JBS says US production is returning after ransomware attack - www.bleepingcomputer.com: Chinese threat actors hacked NYC MTA using Pulse Secure zero-day - www.bleepingcomputer.com: Swedish Health Agency shuts down SmiNet after hacking attem...

Jun 06, 2021•17 min•Ep 47•Transcript available on Metacast

Cyber Insurance Market is Crazy and Hacked, and the FBI deals with an Insider Threat

- www.scmagazine.com : As market for cyber insurance booms, watchdog calls for better data - www.theregister.com : Doncaster insurance firm One Call hit by not-dead-at-all Darkside ransomware gang - www.theregister.com : Air India admits to data breach impacting 4.5m customers, sat on the news for five weeks - www.theregister.com : Toyota rear-ended by twin cyber attacks that left ransomware-shaped dents - www.cyberscoop.com : FBI employee indicted for stealing classified info on FBI cybersecuri...

May 30, 2021•17 min•Ep 46•Transcript available on Metacast

Largest Ransomware payment Ever, Solarwinds and the DIB, and a Cyberinsurer get hacked

- www.bloomberg.com : CNA Financial Paid $40 Million in Ransom After March Cyberattack - www.zdnet.com : Cybercriminals scanned for vulnerable Microsoft Exchange servers within five minutes of news going public - www.bleepingcomputer.com : Insurer AXA hit by ransomware after dropping support for ransom payments - threatpost.com : Fresh Loader Targets Aviation Victims with Spy RATs Share that link with your friends, or share this one, either helps this podcast grow! Follow me on twitter at: @atti...

May 23, 2021•15 min•Ep 45•Transcript available on Metacast

The Fallout from Colonial hack, and 85% of cyber breaches caused by human failure in 2020

The fallout from the colonial pipeline ransomware attack, may have a net positive for the cybersecurity landscape. Verizon published the 2021 Data breach investigations report, and 2020 was the year that showed we have so much more to do in making everyone have better cyber hygiene. - www.govinfosecurity.com : Biden: Russian Government Not Behind Colonial Pipeline Attack - threatpost.com : Colonial Pipeline Shells Out $5M in Extortion Payout, Report - www.cyberscoop.com : Biden signs security-fo...

May 16, 2021•17 min•Ep 44•Transcript available on Metacast

Jugular of US Fuel cut, 12 years of Dell insecurity, Warez Cause Problems, IIOT insecure Says Microsoft

- Ransomware attack: Major U.S. fuel pipeline halts operations - https://salinapost.com/posts/3930ba6b-803c-4415-a0d0-b57dd47fc4bf - www.darkreading.com : Hundreds of Millions of Dell Computers Potentially Vulnerable to Attack - www.bleepingcomputer.com : A student pirating software led to a full-blown Ryuk ransomware attack - threatpost.com : Massive DDoS Attack Disrupts Belgium Parliament - Threatpost: Microsoft Warns of 25 Critical Vulnerabilities in IoT, Industrial Device s Bleeping Computer...

May 09, 2021•20 min•Ep 43•Transcript available on Metacast

The University of Minnesota apologies, Linux is vulnerable, an AG got hacked, the DC Police did too!

- www.bleepingcomputer.com : HashiCorp is the latest victim of Codecov supply-chain attack - www.zdnet.com : University of Minnesota responds to Linux security patch requests - threatpost.com : Linux Kernel Bug Opens Door to Wider Cyberattacks - www.bleepingcomputer.com : DC Police confirms cyberattack after ransomware gang leaks data - threatpost.com : DoppelPaymer Gang Leaks Files from Illinois AG After Ransom Negotiations Break Down - www.scmagazine.com : Apple patches ‘worst macOS bug in rec...

May 02, 2021•20 min•Ep 42•Transcript available on Metacast

Pulse Secure VPNs get bypassed, REvil takes on Apple, Ethernet/IP Stack problems in Industrial Systems, and 10 years for a guru

- www.fireeye.com : Check Your Pulse: Suspected APT Actors Leverage Authentication Bypass Techniques and Pulse Secure Zero-Day - www.darkreading.com : University Suspends Project After Researchers Submitted Vulnerable Linux Patches - www.bleepingcomputer.com : REvil gang tries to extort Apple, threatens to sell stolen blueprints - www.cyberscoop.com : Codecov dev tool hit in another supply chain hack - thehackernews.com : Severe Bugs Reported in EtherNet/IP Stack for Industrial Systems - www.cyb...

Apr 25, 2021•17 min•Ep 41•Transcript available on Metacast