Information to equip you to navigate Information Security, Penetration Testing, and Red Teaming.
00:00:00 - PreShow Banter™ — The Grey Times
00:04:33 - BHIS - Talkin’ Bout [infosec] News 2024-11-04
00:05:54 - Story # 1: Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
00:16:45 - Story # 2: Follow Up - 5 Things To Know On Delta’s Lawsuit Against CrowdStrike
00:17:43 - Story # 2b: CrowdStrike Sues Delta: 5 Key Takeaways
00:22:04 - Story # 3: Russian charged by U.S. for creating RedLine infostealer malware
00:22:59 - Story # 3b: How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware
00:28:09 - Story # 4: Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info
00:30:02 - Story # 4b: ‘We strive to put humanity above all’: Disney drops arbitration demand over wrongful death lawsuit after woman died from fatal food allergy
00:37:10 - Story # 5: OCR Announces First Financial Penalty Under HIPAA Risk Analysis Enforcement Initiative
00:44:54 - Story # 6: Security researchers found a serious zero-click bug in Synology’s Photos app
00:50:10 - Story # 7: Inside a Firewall Vendor’s 5-Year War With the Chinese Hackers Hijacking Its Devices
00:52:21 - Story # 8: Microsoft wants $30 if you want to delay Windows 11 switch
01:00:03 - Story # 9: Colorado Secretary of State posted spreadsheet with voting system passwords
00:00:00 - PreShow Banter™ — Sarsaparilla
00:05:50 - BHIS - Talkin’ Bout [infosec] News 2024-10-28
00:06:46 - Story # 1: AWS, Azure auth keys found in Android and iOS apps used by millions
00:15:02 - Story # 2: Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs
00:29:03 - Story # 3: Delta officially launches lawyers at $500M CrowdStrike problem
00:40:60 - Story # 4: New Rules for US National Security Agencies Balance AI’s Promise With Need to Protect Against Risks
00:46:25 - Story # 4b: CISA proposes new security requirements to protect govt, personal data
00:51:03 - Story # 5: Largest Retail Breach in History: 350 Million “Hot Topic” Customers’ Personal & Payment Data Exposed — As a Result of Infostealer Infection
00:55:35 - Story # 6: Throne’s toilet camera takes pictures of your poop
01:04:57 - A Community Support Moment - https://www.crisistextline.org
00:00:00 - PreShow Banter™ — Log Con
00:11:41 - BHIS - Talkin’ Bout [infosec] News 2024-10-21
00:12:51 - Story # 1: Internet Archive exposed again – this time through Zendesk
00:14:57 - Story # 1b: Hackers steal information from 31 million Internet Archive users
00:20:42 - Story # 2: Sophos buys Secureworks for $859 mln to beef up cybersecurity portfolio
00:24:21 - Story # 3: USDoD hacker behind National Public Data breach arrested in Brazil
00:27:12 - Story # 4: Debunking Hype: China Hasn’t Broken Military Encryption With Quantum
00:32:14 - Story # 5: Microsoft said it lost weeks of security logs for its customers’ cloud products
00:35:03 - Story # 6: Should We Chat, Too? FAQ
00:40:05 - Story # 7: More than two dozen countries have used internet outages to sway elections
00:43:50 - Story # 8: Pokemon dev Game Freak confirms breach after stolen data leaks online
00:46:32 - Story # 9: Hackers made robot vacuums randomly yell racial slurs
00:49:19 - Story # 9b: We hacked a robot vacuum — and could watch live through its camera
00:50:19 - Story # 10: The government is getting fed up with ransomware payments fueling endless cycle of cyberattacks
00:54:55 - Story # 11: Google’s Chrome Browser Starts Disabling uBlock Origin
01:01:00 - WWHF Recorvery
00:00:00 - PreShow Banter™ — Cast of Special Characters
00:06:37 - BHIS - Talkin’ Bout [infosec] News 2024-09-30
00:08:06 - Story # 1: CUPS flaws enable Linux remote code execution, but there’s a catch
00:23:40 - Story # 2: US Capitol Hit by Massive Dark Web Cyber Attack - Newsweek
00:27:40 - Story # 2b: ‘I’m a black NAZI!’: NC GOP nominee for governor made dozens of disturbing comments on porn forum
00:35:57 - Story # 3: NIST proposes barring some of the most nonsensical password rules
00:47:01 - Story # 3b: Why Two-Factor Authentication Is So Important - Teen Vogue
00:54:04 - Story # 4: Hacker plants false memories in ChatGPT to steal user data in perpetuity
01:00:42 - Story # 5: Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug
01:02:54 - Story # 6: Massive E-Learning Platform Udemy Gave Teachers a Gen AI ‘Opt-Out Window’. It’s Already Over.
00:00 - PreShow Banter™ — Plane Talk
05:50 - BHIS - Talkin’ Bout [infosec] News 2024-09-23
06:16 - A SANS Difference Maker Award Finalist
09:47 - Story # 1: Pagers attack brings to life long-feared supply chain threat
24:08 - Story # 2: Recaptcha Phish - John Hammond
25:49 - Story # 2b: Clever ‘GitHub Scanner’ campaign abusing repos to push malware
30:05 - Story # 3: Lazarus Group Targets Developers in Fresh VMConnect Campaign
35:22 - Story # 4: LinkedIn Addresses User Data Collection for AI Training
37:40 - Story # 5: Disney ditching Slack after massive July data breach
41:42 - Story # 6: FTC exposes massive surveillance of kids, teens by social media giants
51:35 - Story # 7: Kaspersky deletes itself, installs UltraAV antivirus without warning
00:00 - PreShow Banter™ — Pour Over News
06:01 - BHIS - Talkin’ Bout [infosec] News 2024-09-16
07:14 - Story # 1: Fortinet confirms data breach after hacker claims to steal 440GB of files
15:37 - Story # 2: Snowflake slams ‘more MFA’ button again – months after Ticketmaster, Santander breaches
21:30 - Story # 3: Omnipresent AI cameras will ensure good behavior, says Larry Ellison
28:11 - Story # 4: Mastercard bolsters threat intelligence capabilities with $2.65 billion deal for Recorded Future
34:27 - Story # 5: Cyber insurance set for explosive growth
40:20 - Story # 6: 23andMe will pay $30 million to settle 2023 data breach lawsuit
45:25 - Story # 7: Google faces EU investigation over AI data compliance
50:35 - Story # 8: Rogue WHOIS server gives researcher superpowers no one should ever have
00:00 - Introduction
01:22 - The Scenario
02:50 - First Steps
03:48 - Endpoint Analysis Roll
04:22 - Logon Scripts Were installed
05:09 - I.R. Team Introductions
07:17 - Second Step
10:32 - Network Threat Hunting Roll
11:36 - Third Step
15:12 - Anyway Here’s Firewall Roll
15:43 - Fourth Step
18:26 - SIEM Roll
19:41 - Fifth Step
20:47 - UEBA Roll
21:19 - Senario Recap
22:20 - Senario Plausibility?
25:51 - Wrap-up Takeaways
00:00 - PreShow Banter™ — Revenge of the Nerds / More Chicken Related Crimes
05:19 - N.Y. Official Charged With Taking Money, Travel and Poultry to Aid China
09:23 - BHIS - Talkin’ Bout [infosec] News 2024-09-09
09:50 - Story # 1: YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
20:35 - Story # 2: Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database
25:24 - Story # 3: California legislature passes sweeping AI safety bill
38:02 - Story # 4: Brain Cipher claims attack on Olympic venue, promises 300 GB data leak
41:59 - Story # 5: How Navy chiefs conspired to get themselves illegal warship Wi-Fi
42:45 - Story # 5b: After seeing Wi-Fi network named “STINKY,” Navy found hidden Starlink dish on US warship
49:18 - Story # 6: Researchers say a bug let them add fake pilots to rosters used for TSA checks
51:32 - Story # 7: Durex India spilled customers’ private order data
54:53 - Story # 8: City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack
00:00 - PreShow Banter™ — Move to Signal
03:47 - BHIS - Talkin’ Bout [infosec] News 2024-08-26
04:37 - Story # 1: Pavel Durov’s Arrest Leaves Telegram Hanging in the Balance
11:03 - Story # 1b: Moxie on X.com
23:17 - Story # 2: Unveiling “sedexp”: A Stealthy Linux Malware Exploiting udev Rules
29:39 - Story # 3: Seattle airport ‘possible cyberattack’ snarls travel yet again
32:42 - Story # 4: Iran named as source of Trump campaign phish, leaks
38:53 - Story # 5: Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months
44:11 - Story # 6: Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide
47:26 - Story # 7: New ‘ALBeast’ Misconfiguration Exposes Weakness in AWS Application Load Balancer
48:52 - Story # 8: “We will hold them accountable”: General Motors sued for selling customer driving data to third parties
00:00:00 - PreShow Banter™ — Nine Years for Chicken Wings
00:08:19 - BHIS - Talkin’ Bout [infosec] News 2024-08-19
00:09:03 - Story # 1: NationalPublicData.com Hack Exposes a Nation’s Data
00:18:17 - Story # 1b: National Public Data Published Its Own Passwords
00:25:01 - Story # 2: RansomHub Group Deploys New EDR-Killing Tool in Latest Cyber Attacks
00:26:52 - Story # 3: T-Mobile fined $60 million for failing to stop data breaches
00:34:03 - Story # 4: Massive Cyber Attack On AWS Targets 230 Million Unique Cloud Environments
00:45:43 - Story # 5: The US wants to use facial recognition to identify migrant children as they age
00:54:16 - Story # 6: Six ransomware gangs behind over 50% of 2024 attacks
00:59:56 - Story # 7: US accuses man of being ‘elite’ ransomware pioneer they’ve hunted for years
01:01:57 - Rinsed: From Cartels to Crypto: How the Tech Industry Washes Money for the World’s Deadliest Crooks
00:00 - PreShow Banter™ — Scotty’s Pizza (Not Sponsored)
03:38 - BHIS - Talkin’ Bout [infosec] News 2024-08-12
03:59 - Hacker Summer Camp Report 2024
08:56 - Story # 1: ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections
14:26 - Story # 2: Black Hat USA 2024, DEF CON 32 attendees treated like children – or criminals – with invasive hotel room checks
29:49 - Story # 3: DEF CON Badge Maker Pulled Off Stage Amid Claims of Non-Payment and Failed Work
30:06 - New raspberry pi chip in badge
33:31 - Story # 4: Exploit released for Cisco SSM bug allowing admin password changes
34:12 - Story # 5: 0.0.0.0 Day: Exploiting Localhost APIs From the Browser
38:02 - Story # 6: Intelligence bill would elevate ransomware to a terrorist threat
44:36 - Story # 6b: Proposed bill would block large ransomware payments by financial institutions
46:26 - Story # 6c: Report shows decreased ransomware payments
54:26 - Story # 7: After global IT meltdown, CrowdStrike courts hackers with action figures and gratitude
55:12 - Story # 8: CrowdStrike pursuing deal to buy patch management specialist Action1
57:24 - Story # 9: Microsoft punches back at Delta Air Lines and its legal threats
Your feedback is valuable to us. Should you encounter any bugs, glitches, lack of functionality or other problems, please email us on [email protected] or join Moon.FM Telegram Group where you can talk directly to the dev team who are happy to answer any queries.