Talkin' About [Infosec] News, Powered by Black Hills Information Security
Education Podcasts
Download and listen to our weekly infosec podcast where we discuss the latest attacks, breaches, and how they happened and why. We’re a team of penetration testers (ethical hackers) and friends that love how new technology can be broken and made to do things it was never intended to do.
Location:
United States
Description:
Download and listen to our weekly infosec podcast where we discuss the latest attacks, breaches, and how they happened and why. We’re a team of penetration testers (ethical hackers) and friends that love how new technology can be broken and made to do things it was never intended to do.
Language:
English
Episodes
2024-04-29 - Hack All The Things!
5/1/2024
00:00 - BHIS - Talkin’ Bout [infosec] News 2024-04-29
02:33 - Story # 1: Cyber Hygiene Helps Organizations Mitigate Ransomware-Related Vulnerabilities
10:38 - Story # 2: ‘Admin’ and ‘12345’ banned from being used as passwords in UK crackdown on cyber attacks
16:34 - Story # 3: Maximum severity Flowmon bug has a public exploit, patch now
21:06 - Story # 3b: CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon
22:45 - Story # 4:GitHub comments abused to push malware via Microsoft repo URLs
30:52 - Story # 5: Security bugs in popular phone-tracking app iSharing exposed users’ precise locations
36:47 - Story # 6: Biden signs bill criticized as “major expansion of warrantless surveillance”
49:38 - Story # 7: ChatGPT’s hallucinations draw EU privacy complaint
57:46 - Story # 8: Sweden’s liquor shelves to run empty this week due to ransomware attack
Duration:00:59:46
2024-04-24 - Exploits, Breaches and, Lawsuits!
4/24/2024
00:00 - PreShow Banter™ — A Parent Process
03:01 - BHIS - Talkin’ Bout [infosec] News 2024-04-22
04:13 - Story # 1: Exploit code for Palo Alto Networks zero-day now public
07:44 - Story # 1b: (Timeline) Zero-Day Exploitation of Unauthenticated Remote Code Execution Vulnerability in GlobalProtect (CVE-2024-3400)
23:22 - Story # 2: MGM says FTC can’t possibly probe its ransomware downfall – watchdog chief Lina Khan was a guest at the time
31:37 - Story # 3: MITRE was breached through Ivanti zero-day vulnerabilities
32:27 - Story # 4: Cisco Integrated Management Controller CLI Command Injection Vulnerability
41:20 - Story # 5: Cisco Duo’s Multifactor Authentication Service Breached
46:01 - Story # 6: DevSecOps security practices are doggone disastrous
54:57 - Story # 7: FYI: This site claims to have harvested 4B+ Discord chats, today all yours for a price
Duration:01:00:14
2024-04-17 - SoCal Man Arrested, EPA Leaks, Net Neutrality returns?
4/17/2024
00:00 - PreShow Banter™ — Retro Actions
04:48 - BHIS - Talkin’ Bout [infosec] News 2024-04-15
07:05 - Story # 1: FCC to vote on net neutrality rules on April 25
18:52 - Story # 2: “All Your Secrets Are Belong To Us” — A Delinea Secret Server AuthN/AuthZ Bypass
23:40 - Story # 2b: Delinea has cloud security incident in Thycotic Secret Server gaff
28:23 - Story # 3: CISA Releases Malware Next-Gen Analysis System for Public Use
40:36 - Story # 4: Hacker Leaks 8.5M U.S. Environmental Protection Agency (EPA) Contact Data
45:55 - Story # 5: SoCal Man Arrested on Federal Charges Alleging He Schemed to Advertise and Sell ‘Hive’ Computer Intrusion Malware
Duration:00:59:58
2024-04-10 - Vigilante Hackers, Data Sharing, Cybersecurity Taken Over by Computers?
4/10/2024
00:00 - PreShow Banter™ — BHIS Bees Corp®
04:08 - The FUTURE IS…… Kickstarter
05:29 - BHIS - Talkin’ Bout [infosec] News 2024-04-08
06:03 - Story # 1: New draft bipartisan US federal privacy bill unveiled
11:03 - Story # 2: How To Opt Out Of GM Sharing Your Driving Data With Insurance Companies
13:04 - Story # 2b: Request a Consumer Disclosure Report
14:25 - Story # 3: Hackers Hijacked Notepad++ Plugin To Execute Malicious Code
29:19 - Story # 4: A Vigilante Hacker Took Down North Korea’s Internet. Now He’s Taking Off His Mask
46:15 - Story # 5: It’s Time to Hand Cybersecurity Over to the Computers
Duration:01:03:15
2024-04-03 - Zippers, Jokes & Data Breaches
4/3/2024
00:00 - PreShow Banter™ — Zippers, Jokes, & Lawyers (Not to be confused with the song "Lawyers, Guns and Money")
02:59 - BHIS - Talkin’ Bout [infosec] News 2024-04-01
03:57 - Story # 1: New Darcula phishing service targets iPhone users via iMessage
11:57 - Story # 2: Recent ‘MFA Bombing’ Attacks Targeting Apple Users
17:22 - Story # 3: Thousands of phones and routers swept into proxy service, unbeknownst to users
22:11 - Story # 4: Digital signs around Brookline are collecting data from your phone as you walk by
26:57 - Story # 5: Backdoor found in widely used Linux utility targets encrypted SSH connections
28:22 - Story # 5b: XZ Outbreak diagram
37:32 - Story # 6: Vans warns customers of data breach
40:00 - Story # 7: Worldwide Agenda Ransomware Wave Targets VMware ESXi Servers
50:32 - Story # 8: Criminals Are Weaponizing Child Abuse Imagery to Ban Discord Servers
56:41 - Story # 9: International car theft tool seized in Australia, sparking police warning
58:14 - Story # 9b: Investigation into electronic device at Utah high school raises larger concerns for police
Duration:01:06:14
2024-5-03-27 - Social Media Ban, Sold Data and Splunk w/ Graham Helton
3/27/2024
00:00 - PreShow Banter™ — “Allegedly”
03:18 - BHIS - Talkin’ Bout [infosec] News 2024-03-25
08:00 - Story # 1: Cisco Completes Acquisition of Splunk
10:47 - Story # 2: General Motors Quits Sharing Driving Behavior With Data Brokers
15:27 - Story # 3: Ron DeSantis signs bill requiring parental consent for kids under 16 to hold social media accounts
24:34 - Story # 4: House passes bill to prevent the sale of personal data to foreign adversaries
28:19 - Story # 5: Unsaflok - vulnerability impacts over 3 million hotel doors
33:57 - Story # 6: Canada revisits decision to ban Flipper Zero
36:57 - Story # 7: Truck-to-truck worm could infect – and disrupt – entire US commercial fleet
42:59 - Story # 8: Cybercriminals Beta Test New Attack to Bypass AI Security
46:31 - Story # 9: Russians will no longer be able to access Microsoft cloud services, business intelligence tools
50:36 - Story # 10: New ‘Loop DoS’ Attack Impacts Hundreds of Thousands of Systems
55:05 - Story # 11: New surveillance video of man catching a flight without ticket
Duration:00:59:10
2024-03-20 - New Arms Again w/ Jay Beale of InGuardians
3/20/2024
Brought to you by Antisyphon Training — https://www.antisyphontraining.com
00:00:00 - PreShow Banter™ — New Arms Again
00:03:24 - BHIS - Talkin’ Bout [infosec] News 2024-03-18
00:04:54 - Story # 1: NIST Releases Version 2.0 of Landmark Cybersecurity Framework
00:10:50 - Story # 2: The FCC has finally decreed that 25Mbps and 3Mbps are not ‘broadband’ speed
00:14:33 - Story # 3: Welcome to the 2024 Threat Detection Report
00:33:40 - Story # 4: NSA Releases Top Ten Cloud Security Mitigation Strategies
00:47:33 - Story # 5: US government agencies demand fixable ice cream machines
00:53:14 - Story # 6: Homeland Security is testing AI to help with immigration, trafficking investigations, and disaster relief
01:03:19 - Story # 7: Feds seize $1.4 million of tech support scam proceeds with the help of crypto firm
Duration:01:05:04
2024-03-13 - International Hacking Co. Featuring: Josh Mason
3/13/2024
00:00 - PreShow Banter™ — Death to Clippy
05:18 - BHIS - Talkin’ Bout [infosec] News 2024-03-11 – Featuring Josh Mason
06:58 - Story # 1: Behind the doors of a Chinese hacking company, a sordid culture fueled by influence, alcohol, and sex
13:43 - Story # 2: Top US cybersecurity agency hacked and forced to take some systems offline
23:39 - Story # 3: Microsoft admits Russian state hack still not contained. ‘This has tremendous national security implications’
30:27 - Story # 4: FBI’s 2023 Internet Crime Report
38:18 - Story # 5: QNAP warns of critical auth bypass flaw in its NAS devices
50:42 - Story # 6: Automakers Are Sharing Consumers’ Driving Behavior With Insurance Companies
Duration:01:00:20
2024-03-06 - No Logs No Breach, I'm Good
3/6/2024
A weekly Podcast with BHIS and Friends. stories. We discuss notable Infosec, and infosec-adjacent news stories.
Brought to you by:
Black Hills Information Security
https://www.blackhillsinfosec.com/
Antisyphon Training
https://www.antisyphontraining.com/
Story # 1: Executive Order on Preventing Access to Americans’ Bulk Sensitive Personal Data and United States Government-Related Data by Countries of Concern
https://www.whitehouse.gov/briefing-r...
Story # 2: A leaky database spilled 2FA codes for the world’s tech giants
https://techcrunch.com/2024/02/29/lea...
Story # 3: eBay, VMware, McAfee Sites Hijacked in Sprawling Phishing Operation
https://www.darkreading.com/applicati...
23:36 - LokiHakanin's related Post
/ sean-reilly-techopssec_8000-domains-of-tru...
Story # 4: Ivanti Connect Secure hackers hide in plain sight, evading protections
https://www.cybersecuritydive.com/new...
Story # 5: Over 100,000 Infected Repos Found on GitHub
https://apiiro.com/blog/malicious-cod...
Story # 6: Hackers backed by Russia and China are infecting SOHO routers like yours, FBI warns
https://arstechnica.com/security/2024...
Duration:00:58:15
2024-03-01 - All of our base belong to China w/ Mike Poor
3/1/2024
Story #1: Mr. Cooper leak exposes over two million customers
Story #2: ConnectWise ScreenConnect attacks deliver malware
Story #3: LockBit Infrastructure Seized by US, UK Police
Story #4: US health tech giant Change Healthcare hit by cyberattack
Story #5: The reported leak of Chinese hacking documents supports experts’ warnings about how compromised the US could be
Duration:00:57:39
Talkin’ About Infosec News – 2/20/24
2/20/2024
The post Talkin’ About Infosec News – 2/20/24 appeared first on Black Hills Information Security.
Duration:00:55:18
Talkin’ About Infosec News – 2/14/2024
2/14/2024
The post Talkin’ About Infosec News – 2/14/2024 appeared first on Black Hills Information Security.
Duration:01:05:10
Talkin’ About Infosec News – 2/6/24
2/6/2024
The post Talkin’ About Infosec News – 2/6/24 appeared first on Black Hills Information Security.
Duration:01:02:03
Talkin’ About Infosec News – 1/31/2024
1/31/2024
The post Talkin’ About Infosec News – 1/31/2024 appeared first on Black Hills Information Security.
Duration:01:08:57
Talkin’ About Infosec News – 1/24/2024
1/24/2024
The post Talkin’ About Infosec News – 1/24/2024 appeared first on Black Hills Information Security.
Duration:01:01:51
Talkin’ About Infosec News – 1/16/2024
1/16/2024
The post Talkin’ About Infosec News – 1/16/2024 appeared first on Black Hills Information Security.
Duration:00:57:20
Talkin’ About Infosec News – 1/10/24
1/10/2024
The post Talkin’ About Infosec News – 1/10/24 appeared first on Black Hills Information Security.
Duration:00:55:58
Talkin’ About Infosec News – 12/21/2023
12/21/2023
The post Talkin’ About Infosec News – 12/21/2023 appeared first on Black Hills Information Security.
Duration:01:06:43
Talkin’ About Infosec News – 12/15/2023
12/15/2023
https://youtu.be/MaThvw_VWJ8 Brought to you by Antisyphon Training https://www.antisyphontraining.com
Duration:01:07:43
Talkin’ About Infosec News – 12/06/2023
12/6/2023
The post Talkin’ About Infosec News – 12/06/2023 appeared first on Black Hills Information Security.
Duration:01:10:13