Information to equip you to navigate Information Security, Penetration Testing, and Red Teaming.
00:00 - PreShow Banter™ — Yacht Doc
07:40 - BHIS - Talkin’ Bout [infosec] News 2024-11-18
08:49 - Story # 1: Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit
16:02 - Story # 2: CISA Director Jen Easterly to depart agency on January 20
19:26 - Story # 3: Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack
28:44 - Story # 4: T-Mobile hacked in massive Chinese breach of telecom networks, WSJ reports
30:55 - Story # 4b: T-Mobile confirms it was hacked in recent wave of telecom breaches
33:03 - Story # 5: An Interview With the Target & Home Depot Hacker
40:04 - Story # 6: Hacker gets 10 years in prison for extorting US healthcare provider
42:47 - Story # 7: Ransomware fiends boast they’ve stolen 1.4TB from US pharmacy network
44:21 - Story # 8: A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine
45:23 - Story # 9: 23andMe cuts 40% of its workforce and discontinues therapeutics division
50:38 - Story # 10: FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
56:45 - CPTC - Education Through Competition
00:00 - PreShow Banter™ — The Old and The New
02:27 - BHIS - Talkin’ Bout [infosec] News 2024-11-11
03:44 - Story # 1: Mattel pulls thousands of ‘Wicked’ dolls off shelves after printing adult website on packaging
08:03 - Story # 2: Office apps crash on Windows 11 24H2 PCs with CrowdStrike antivirus
11:41 - Story # 3: Mislabeled patch sends Windows Server 2022 admins on unwanted upgrade to 2025
16:49 - Story # 4: Suspected Snowflake Hacker Arrested in Canada
18:26 - Story # 5: Interpol Cybercrime Sweep Takes Down 22,000 IP Addresses, Arrests 41
29:47 - Story # 6: Google Cloud to mandate MFA for all users in 2025
41:30 - Story # 7: Cisco scores a perfect CVSS 10 with critical flaw in its wireless system
49:26 - Story # 8: H.I.G. Capital and Thoma Bravo to Acquire CompTIA Brand and Products
59:05 - SANS Holiday Hack Challenge™ 2024
00:00:00 - PreShow Banter™ — The Grey Times
00:04:33 - BHIS - Talkin’ Bout [infosec] News 2024-11-04
00:05:54 - Story # 1: Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
00:16:45 - Story # 2: Follow Up - 5 Things To Know On Delta’s Lawsuit Against CrowdStrike
00:17:43 - Story # 2b: CrowdStrike Sues Delta: 5 Key Takeaways
00:22:04 - Story # 3: Russian charged by U.S. for creating RedLine infostealer malware
00:22:59 - Story # 3b: How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware
00:28:09 - Story # 4: Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info
00:30:02 - Story # 4b: ‘We strive to put humanity above all’: Disney drops arbitration demand over wrongful death lawsuit after woman died from fatal food allergy
00:37:10 - Story # 5: OCR Announces First Financial Penalty Under HIPAA Risk Analysis Enforcement Initiative
00:44:54 - Story # 6: Security researchers found a serious zero-click bug in Synology’s Photos app
00:50:10 - Story # 7: Inside a Firewall Vendor’s 5-Year War With the Chinese Hackers Hijacking Its Devices
00:52:21 - Story # 8: Microsoft wants $30 if you want to delay Windows 11 switch
01:00:03 - Story # 9: Colorado Secretary of State posted spreadsheet with voting system passwords
00:00:00 - PreShow Banter™ — Sarsaparilla
00:05:50 - BHIS - Talkin’ Bout [infosec] News 2024-10-28
00:06:46 - Story # 1: AWS, Azure auth keys found in Android and iOS apps used by millions
00:15:02 - Story # 2: Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
00:29:03 - Story # 3: Delta officially launches lawyers at $500M CrowdStrike problem
00:40:60 - Story # 4: New Rules for US National Security Agencies Balance AI’s Promise With Need to Protect Against Risks
00:46:25 - Story # 4b: CISA proposes new security requirements to protect govt, personal data
00:51:03 - Story # 5: Largest Retail Breach in History: 350 Million “Hot Topic” Customers’ Personal & Payment Data Exposed — As a Result of Infostealer Infection
00:55:35 - Story # 6: Throne’s toilet camera takes pictures of your poop
01:04:57 - A Community Support Moment - https://www.crisistextline.org
00:00:00 - PreShow Banter™ — Log Con
00:11:41 - BHIS - Talkin’ Bout [infosec] News 2024-10-21
00:12:51 - Story # 1: Internet Archive exposed again – this time through Zendesk
00:14:57 - Story # 1b: Hackers steal information from 31 million Internet Archive users
00:20:42 - Story # 2: Sophos buys Secureworks for $859 mln to beef up cybersecurity portfolio
00:24:21 - Story # 3: USDoD hacker behind National Public Data breach arrested in Brazil
00:27:12 - Story # 4: Debunking Hype: China Hasn’t Broken Military Encryption With Quantum
00:32:14 - Story # 5: Microsoft said it lost weeks of security logs for its customers’ cloud products
00:35:03 - Story # 6: Should We Chat, Too? FAQ
00:40:05 - Story # 7: More than two dozen countries have used internet outages to sway elections
00:43:50 - Story # 8: Pokemon dev Game Freak confirms breach after stolen data leaks online
00:46:32 - Story # 9: Hackers made robot vacuums randomly yell racial slurs
00:49:19 - Story # 9b: We hacked a robot vacuum — and could watch live through its camera
00:50:19 - Story # 10: The government is getting fed up with ransomware payments fueling endless cycle of cyberattacks
00:54:55 - Story # 11: Google’s Chrome Browser Starts Disabling uBlock Origin
01:01:00 - WWHF Recorvery
00:00:00 - PreShow Banter™ — Cast of Special Characters
00:06:37 - BHIS - Talkin’ Bout [infosec] News 2024-09-30
00:08:06 - Story # 1: CUPS flaws enable Linux remote code execution, but there’s a catch
00:23:40 - Story # 2: US Capitol Hit by Massive Dark Web Cyber Attack - Newsweek
00:27:40 - Story # 2b: ‘I’m a black NAZI!’: NC GOP nominee for governor made dozens of disturbing comments on porn forum
00:35:57 - Story # 3: NIST proposes barring some of the most nonsensical password rules
00:47:01 - Story # 3b: Why Two-Factor Authentication Is So Important - Teen Vogue
00:54:04 - Story # 4: Hacker plants false memories in ChatGPT to steal user data in perpetuity
01:00:42 - Story # 5: Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug
01:02:54 - Story # 6: Massive E-Learning Platform Udemy Gave Teachers a Gen AI ‘Opt-Out Window’. It’s Already Over.
00:00 - PreShow Banter™ — Plane Talk
05:50 - BHIS - Talkin’ Bout [infosec] News 2024-09-23
06:16 - A SANS Difference Maker Award Finalist
09:47 - Story # 1: Pagers attack brings to life long-feared supply chain threat
24:08 - Story # 2: Recaptcha Phish - John Hammond
25:49 - Story # 2b: Clever ‘GitHub Scanner’ campaign abusing repos to push malware
30:05 - Story # 3: Lazarus Group Targets Developers in Fresh VMConnect Campaign
35:22 - Story # 4: LinkedIn Addresses User Data Collection for AI Training
37:40 - Story # 5: Disney ditching Slack after massive July data breach
41:42 - Story # 6: FTC exposes massive surveillance of kids, teens by social media giants
51:35 - Story # 7: Kaspersky deletes itself, installs UltraAV antivirus without warning
00:00 - PreShow Banter™ — Pour Over News
06:01 - BHIS - Talkin’ Bout [infosec] News 2024-09-16
07:14 - Story # 1: Fortinet confirms data breach after hacker claims to steal 440GB of files
15:37 - Story # 2: Snowflake slams ‘more MFA’ button again – months after Ticketmaster, Santander breaches
21:30 - Story # 3: Omnipresent AI cameras will ensure good behavior, says Larry Ellison
28:11 - Story # 4: Mastercard bolsters threat intelligence capabilities with $2.65 billion deal for Recorded Future
34:27 - Story # 5: Cyber insurance set for explosive growth
40:20 - Story # 6: 23andMe will pay $30 million to settle 2023 data breach lawsuit
45:25 - Story # 7: Google faces EU investigation over AI data compliance
50:35 - Story # 8: Rogue WHOIS server gives researcher superpowers no one should ever have
00:00 - Introduction
01:22 - The Scenario
02:50 - First Steps
03:48 - Endpoint Analysis Roll
04:22 - Logon Scripts Were installed
05:09 - I.R. Team Introductions
07:17 - Second Step
10:32 - Network Threat Hunting Roll
11:36 - Third Step
15:12 - Anyway Here’s Firewall Roll
15:43 - Fourth Step
18:26 - SIEM Roll
19:41 - Fifth Step
20:47 - UEBA Roll
21:19 - Senario Recap
22:20 - Senario Plausibility?
25:51 - Wrap-up Takeaways
00:00 - PreShow Banter™ — Revenge of the Nerds / More Chicken Related Crimes
05:19 - N.Y. Official Charged With Taking Money, Travel and Poultry to Aid China
09:23 - BHIS - Talkin’ Bout [infosec] News 2024-09-09
09:50 - Story # 1: YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
20:35 - Story # 2: Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database
25:24 - Story # 3: California legislature passes sweeping AI safety bill
38:02 - Story # 4: Brain Cipher claims attack on Olympic venue, promises 300 GB data leak
41:59 - Story # 5: How Navy chiefs conspired to get themselves illegal warship Wi-Fi
42:45 - Story # 5b: After seeing Wi-Fi network named “STINKY,” Navy found hidden Starlink dish on US warship
49:18 - Story # 6: Researchers say a bug let them add fake pilots to rosters used for TSA checks
51:32 - Story # 7: Durex India spilled customers’ private order data
54:53 - Story # 8: City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack
00:00 - PreShow Banter™ — Move to Signal
03:47 - BHIS - Talkin’ Bout [infosec] News 2024-08-26
04:37 - Story # 1: Pavel Durov’s Arrest Leaves Telegram Hanging in the Balance
11:03 - Story # 1b: Moxie on X.com
23:17 - Story # 2: Unveiling “sedexp”: A Stealthy Linux Malware Exploiting udev Rules
29:39 - Story # 3: Seattle airport ‘possible cyberattack’ snarls travel yet again
32:42 - Story # 4: Iran named as source of Trump campaign phish, leaks
38:53 - Story # 5: Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months
44:11 - Story # 6: Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide
47:26 - Story # 7: New ‘ALBeast’ Misconfiguration Exposes Weakness in AWS Application Load Balancer
48:52 - Story # 8: “We will hold them accountable”: General Motors sued for selling customer driving data to third parties
Your feedback is valuable to us. Should you encounter any bugs, glitches, lack of functionality or other problems, please email us on [email protected] or join Moon.FM Telegram Group where you can talk directly to the dev team who are happy to answer any queries.