Black Hills Information Security

Black Hills Information Security

Information to equip you to navigate Information Security, Penetration Testing, and Red Teaming.

  • 1 hour 6 minutes
    2024-11-04 - The Grey Times

    00:00:00 - PreShow Banter™ — The Grey Times

    00:04:33 - BHIS - Talkin’ Bout [infosec] News 2024-11-04

    00:05:54 - Story # 1: Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

    00:16:45 - Story # 2: Follow Up - 5 Things To Know On Delta’s Lawsuit Against CrowdStrike

    00:17:43 - Story # 2b: CrowdStrike Sues Delta: 5 Key Takeaways

    00:22:04 - Story # 3: Russian charged by U.S. for creating RedLine infostealer malware

    00:22:59 - Story # 3b: How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware

    00:28:09 - Story # 4: Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info

    00:30:02 - Story # 4b: ‘We strive to put humanity above all’: Disney drops arbitration demand over wrongful death lawsuit after woman died from fatal food allergy

    00:37:10 - Story # 5: OCR Announces First Financial Penalty Under HIPAA Risk Analysis Enforcement Initiative

    00:44:54 - Story # 6: Security researchers found a serious zero-click bug in Synology’s Photos app

    00:50:10 - Story # 7: Inside a Firewall Vendor’s 5-Year War With the Chinese Hackers Hijacking Its Devices

    00:52:21 - Story # 8: Microsoft wants $30 if you want to delay Windows 11 switch

    01:00:03 - Story # 9: Colorado Secretary of State posted spreadsheet with voting system passwords

    6 November 2024, 5:00 pm
  • 1 hour 7 minutes
    2024-10-28 - Sarsaparilla

    00:00:00 - PreShow Banter™ — Sarsaparilla

    00:05:50 - BHIS - Talkin’ Bout [infosec] News 2024-10-28

    00:06:46 - Story # 1: AWS, Azure auth keys found in Android and iOS apps used by millions

    00:15:02 - Story # 2: Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs

    00:29:03 - Story # 3: Delta officially launches lawyers at $500M CrowdStrike problem

    00:40:60 - Story # 4: New Rules for US National Security Agencies Balance AI’s Promise With Need to Protect Against Risks

    00:46:25 - Story # 4b: CISA proposes new security requirements to protect govt, personal data

    00:51:03 - Story # 5: Largest Retail Breach in History: 350 Million “Hot Topic” Customers’ Personal & Payment Data Exposed — As a Result of Infostealer Infection

    00:55:35 - Story # 6: Throne’s toilet camera takes pictures of your poop

    01:04:57 - A Community Support Moment - https://www.crisistextline.org

    30 October 2024, 8:33 pm
  • 1 hour 14 minutes
    2024-10-21 - Logging Con

    00:00:00 - PreShow Banter™ — Log Con

    00:11:41 - BHIS - Talkin’ Bout [infosec] News 2024-10-21

    00:12:51 - Story # 1: Internet Archive exposed again – this time through Zendesk

    00:14:57 - Story # 1b: Hackers steal information from 31 million Internet Archive users

    00:20:42 - Story # 2: Sophos buys Secureworks for $859 mln to beef up cybersecurity portfolio

    00:24:21 - Story # 3: USDoD hacker behind National Public Data breach arrested in Brazil

    00:27:12 - Story # 4: Debunking Hype: China Hasn’t Broken Military Encryption With Quantum

    00:32:14 - Story # 5: Microsoft said it lost weeks of security logs for its customers’ cloud products

    00:35:03 - Story # 6: Should We Chat, Too? FAQ

    00:40:05 - Story # 7: More than two dozen countries have used internet outages to sway elections

    00:43:50 - Story # 8: Pokemon dev Game Freak confirms breach after stolen data leaks online

    00:46:32 - Story # 9: Hackers made robot vacuums randomly yell racial slurs

    00:49:19 - Story # 9b: We hacked a robot vacuum — and could watch live through its camera

    00:50:19 - Story # 10: The government is getting fed up with ransomware payments fueling endless cycle of cyberattacks

    00:54:55 - Story # 11: Google’s Chrome Browser Starts Disabling uBlock Origin

    01:01:00 - WWHF Recorvery

    25 October 2024, 4:04 pm
  • 1 hour 12 minutes
    2024-09-30 — Cast of Special Characters

    00:00:00 - PreShow Banter™ — Cast of Special Characters

    00:06:37 - BHIS - Talkin’ Bout [infosec] News 2024-09-30

    00:08:06 - Story # 1: CUPS flaws enable Linux remote code execution, but there’s a catch

    00:23:40 - Story # 2: US Capitol Hit by Massive Dark Web Cyber Attack - Newsweek

    00:27:40 - Story # 2b: ‘I’m a black NAZI!’: NC GOP nominee for governor made dozens of disturbing comments on porn forum

    00:35:57 - Story # 3: NIST proposes barring some of the most nonsensical password rules

    00:47:01 - Story # 3b: Why Two-Factor Authentication Is So Important - Teen Vogue

    00:54:04 - Story # 4: Hacker plants false memories in ChatGPT to steal user data in perpetuity

    01:00:42 - Story # 5: Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug

    01:02:54 - Story # 6: Massive E-Learning Platform Udemy Gave Teachers a Gen AI ‘Opt-Out Window’. It’s Already Over.

    2 October 2024, 4:00 pm
  • 1 hour 1 minute
    2024-09-23 - Plane Talk

    00:00 - PreShow Banter™ — Plane Talk

    05:50 - BHIS - Talkin’ Bout [infosec] News 2024-09-23

    06:16 - A SANS Difference Maker Award Finalist

    09:47 - Story # 1: Pagers attack brings to life long-feared supply chain threat

    24:08 - Story # 2: Recaptcha Phish - John Hammond

    25:49 - Story # 2b: Clever ‘GitHub Scanner’ campaign abusing repos to push malware

    30:05 - Story # 3: Lazarus Group Targets Developers in Fresh VMConnect Campaign

    35:22 - Story # 4: LinkedIn Addresses User Data Collection for AI Training

    37:40 - Story # 5: Disney ditching Slack after massive July data breach

    41:42 - Story # 6: FTC exposes massive surveillance of kids, teens by social media giants

    51:35 - Story # 7: Kaspersky deletes itself, installs UltraAV antivirus without warning

    26 September 2024, 4:00 pm
  • 1 hour
    2024-09-16 - Pour Over News

    00:00 - PreShow Banter™ — Pour Over News

    06:01 - BHIS - Talkin’ Bout [infosec] News 2024-09-16

    07:14 - Story # 1: Fortinet confirms data breach after hacker claims to steal 440GB of files

    15:37 - Story # 2: Snowflake slams ‘more MFA’ button again – months after Ticketmaster, Santander breaches

    21:30 - Story # 3: Omnipresent AI cameras will ensure good behavior, says Larry Ellison

    28:11 - Story # 4: Mastercard bolsters threat intelligence capabilities with $2.65 billion deal for Recorded Future

    34:27 - Story # 5: Cyber insurance set for explosive growth

    40:20 - Story # 6: 23andMe will pay $30 million to settle 2023 data breach lawsuit

    45:25 - Story # 7: Google faces EU investigation over AI data compliance

    50:35 - Story # 8: Rogue WHOIS server gives researcher superpowers no one should ever have

    18 September 2024, 4:00 pm
  • 31 minutes 23 seconds
    SPECIAL PRESENTATION: Backdoors & Breaches Live

    00:00 - Introduction

    01:22 - The Scenario

    02:50 - First Steps

    03:48 - Endpoint Analysis Roll

    04:22 - Logon Scripts Were installed

    05:09 - I.R. Team Introductions

    07:17 - Second Step

    10:32 - Network Threat Hunting Roll

    11:36 - Third Step

    15:12 - Anyway Here’s Firewall Roll

    15:43 - Fourth Step

    18:26 - SIEM Roll

    19:41 - Fifth Step

    20:47 - UEBA Roll

    21:19 - Senario Recap

    22:20 - Senario Plausibility?

    25:51 - Wrap-up Takeaways

    16 September 2024, 5:00 am
  • 1 hour 2 minutes
    2024-09-09 - More Chicken Related Crimes

    00:00 - PreShow Banter™ — Revenge of the Nerds / More Chicken Related Crimes

    05:19 - N.Y. Official Charged With Taking Money, Travel and Poultry to Aid China

    09:23 - BHIS - Talkin’ Bout [infosec] News 2024-09-09

    09:50 - Story # 1: YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

    20:35 - Story # 2: Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database

    25:24 - Story # 3: California legislature passes sweeping AI safety bill

    38:02 - Story # 4: Brain Cipher claims attack on Olympic venue, promises 300 GB data leak

    41:59 - Story # 5: How Navy chiefs conspired to get themselves illegal warship Wi-Fi

    42:45 - Story # 5b: After seeing Wi-Fi network named “STINKY,” Navy found hidden Starlink dish on US warship

    49:18 - Story # 6: Researchers say a bug let them add fake pilots to rosters used for TSA checks

    51:32 - Story # 7: Durex India spilled customers’ private order data

    54:53 - Story # 8: City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack

    11 September 2024, 4:00 pm
  • 52 minutes 54 seconds
    2024-08-26 - Move to Signal

    00:00 - PreShow Banter™ — Move to Signal

    03:47 - BHIS - Talkin’ Bout [infosec] News 2024-08-26

    04:37 - Story # 1: Pavel Durov’s Arrest Leaves Telegram Hanging in the Balance

    11:03 - Story # 1b: Moxie on X.com

    23:17 - Story # 2: Unveiling “sedexp”: A Stealthy Linux Malware Exploiting udev Rules

    29:39 - Story # 3: Seattle airport ‘possible cyberattack’ snarls travel yet again

    32:42 - Story # 4: Iran named as source of Trump campaign phish, leaks

    38:53 - Story # 5: Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months

    44:11 - Story # 6: Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide

    47:26 - Story # 7: New ‘ALBeast’ Misconfiguration Exposes Weakness in AWS Application Load Balancer

    48:52 - Story # 8: “We will hold them accountable”: General Motors sued for selling customer driving data to third parties

    29 August 2024, 2:58 pm
  • 1 hour 4 minutes
    2024-08-19 Nine Years for Chicken Wings

    00:00:00 - PreShow Banter™ — Nine Years for Chicken Wings

    00:08:19 - BHIS - Talkin’ Bout [infosec] News 2024-08-19

    00:09:03 - Story # 1: NationalPublicData.com Hack Exposes a Nation’s Data

    00:18:17 - Story # 1b: National Public Data Published Its Own Passwords

    00:25:01 - Story # 2: RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks

    00:26:52 - Story # 3: T-Mobile fined $60 million for failing to stop data breaches

    00:34:03 - Story # 4: Massive Cyber Attack On AWS Targets 230 Million Unique Cloud Environments

    00:45:43 - Story # 5: The US wants to use facial recognition to identify migrant children as they age

    00:54:16 - Story # 6: Six ransomware gangs behind over 50% of 2024 attacks

    00:59:56 - Story # 7: US accuses man of being ‘elite’ ransomware pioneer they’ve hunted for years

    01:01:57 - Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World’s Deadliest Crooks

    21 August 2024, 4:00 pm
  • 1 hour 2 minutes
    2024-08-12 — Scotty's Pizza (Not Sponsored)

    00:00 - PreShow Banter™ — Scotty’s Pizza (Not Sponsored)

    03:38 - BHIS - Talkin’ Bout [infosec] News 2024-08-12

    03:59 - Hacker Summer Camp Report 2024

    08:56 - Story # 1: ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections

    14:26 - Story # 2: Black Hat USA 2024, DEF CON 32 attendees treated like children – or criminals – with invasive hotel room checks

    29:49 - Story # 3: DEF CON Badge Maker Pulled Off Stage Amid Claims of Non-Payment and Failed Work

    30:06 - New raspberry pi chip in badge

    33:31 - Story # 4: Exploit released for Cisco SSM bug allowing admin password changes

    34:12 - Story # 5: 0.0.0.0 Day: Exploiting Localhost APIs From the Browser

    38:02 - Story # 6: Intelligence bill would elevate ransomware to a terrorist threat

    44:36 - Story # 6b: Proposed bill would block large ransomware payments by financial institutions

    46:26 - Story # 6c: Report shows decreased ransomware payments

    54:26 - Story # 7: After global IT meltdown, CrowdStrike courts hackers with action figures and gratitude

    55:12 - Story # 8: CrowdStrike pursuing deal to buy patch management specialist Action1

    57:24 - Story # 9: Microsoft punches back at Delta Air Lines and its legal threats

    14 August 2024, 3:56 pm
  • More Episodes? Get the App
© MoonFM 2024. All rights reserved.