Black Hills Information Security

Black Hills Information Security

Information to equip you to navigate Information Security, Penetration Testing, and Red Teaming.

  • 1 hour 41 seconds
    2024-11-18 - Yacht Doc

    00:00 - PreShow Banter™ — Yacht Doc

    07:40 - BHIS - Talkin’ Bout [infosec] News 2024-11-18

    08:49 - Story # 1: Mystery Palo Alto Networks hijack-my-firewall zero-day now officially under exploit

    16:02 - Story # 2: CISA Director Jen Easterly to depart agency on January 20

    19:26 - Story # 3: Fake North Korean IT Worker Linked to BeaverTail Video Conference App Phishing Attack

    28:44 - Story # 4: T-Mobile hacked in massive Chinese breach of telecom networks, WSJ reports

    30:55 - Story # 4b: T-Mobile confirms it was hacked in recent wave of telecom breaches

    33:03 - Story # 5: An Interview With the Target & Home Depot Hacker

    40:04 - Story # 6: Hacker gets 10 years in prison for extorting US healthcare provider

    42:47 - Story # 7: Ransomware fiends boast they’ve stolen 1.4TB from US pharmacy network

    44:21 - Story # 8: A surge in Pro-Russia cyberattacks after decision to monitor North Korean Troops in Ukraine

    45:23 - Story # 9: 23andMe cuts 40% of its workforce and discontinues therapeutics division

    50:38 - Story # 10: FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023

    56:45 - CPTC - Education Through Competition

    21 November 2024, 5:00 am
  • 1 hour 13 seconds
    2024-11-11 - The Old and The New

    00:00 - PreShow Banter™ — The Old and The New

    02:27 - BHIS - Talkin’ Bout [infosec] News 2024-11-11

    03:44 - Story # 1: Mattel pulls thousands of ‘Wicked’ dolls off shelves after printing adult website on packaging

    08:03 - Story # 2: Office apps crash on Windows 11 24H2 PCs with CrowdStrike antivirus

    11:41 - Story # 3: Mislabeled patch sends Windows Server 2022 admins on unwanted upgrade to 2025

    16:49 - Story # 4: Suspected Snowflake Hacker Arrested in Canada

    18:26 - Story # 5: Interpol Cybercrime Sweep Takes Down 22,000 IP Addresses, Arrests 41

    29:47 - Story # 6: Google Cloud to mandate MFA for all users in 2025

    41:30 - Story # 7: Cisco scores a perfect CVSS 10 with critical flaw in its wireless system

    49:26 - Story # 8: H.I.G. Capital and Thoma Bravo to Acquire CompTIA Brand and Products

    59:05 - SANS Holiday Hack Challenge™ 2024

    15 November 2024, 6:12 pm
  • 1 hour 6 minutes
    2024-11-04 - The Grey Times

    00:00:00 - PreShow Banter™ — The Grey Times

    00:04:33 - BHIS - Talkin’ Bout [infosec] News 2024-11-04

    00:05:54 - Story # 1: Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files

    00:16:45 - Story # 2: Follow Up - 5 Things To Know On Delta’s Lawsuit Against CrowdStrike

    00:17:43 - Story # 2b: CrowdStrike Sues Delta: 5 Key Takeaways

    00:22:04 - Story # 3: Russian charged by U.S. for creating RedLine infostealer malware

    00:22:59 - Story # 3b: How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware

    00:28:09 - Story # 4: Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info

    00:30:02 - Story # 4b: ‘We strive to put humanity above all’: Disney drops arbitration demand over wrongful death lawsuit after woman died from fatal food allergy

    00:37:10 - Story # 5: OCR Announces First Financial Penalty Under HIPAA Risk Analysis Enforcement Initiative

    00:44:54 - Story # 6: Security researchers found a serious zero-click bug in Synology’s Photos app

    00:50:10 - Story # 7: Inside a Firewall Vendor’s 5-Year War With the Chinese Hackers Hijacking Its Devices

    00:52:21 - Story # 8: Microsoft wants $30 if you want to delay Windows 11 switch

    01:00:03 - Story # 9: Colorado Secretary of State posted spreadsheet with voting system passwords

    6 November 2024, 5:00 pm
  • 1 hour 7 minutes
    2024-10-28 - Sarsaparilla

    00:00:00 - PreShow Banter™ — Sarsaparilla

    00:05:50 - BHIS - Talkin’ Bout [infosec] News 2024-10-28

    00:06:46 - Story # 1: AWS, Azure auth keys found in Android and iOS apps used by millions

    00:15:02 - Story # 2: Burning Zero Days: FortiJump FortiManager vulnerability used by nation state in espionage via MSPs

    00:29:03 - Story # 3: Delta officially launches lawyers at $500M CrowdStrike problem

    00:40:60 - Story # 4: New Rules for US National Security Agencies Balance AI’s Promise With Need to Protect Against Risks

    00:46:25 - Story # 4b: CISA proposes new security requirements to protect govt, personal data

    00:51:03 - Story # 5: Largest Retail Breach in History: 350 Million “Hot Topic” Customers’ Personal & Payment Data Exposed — As a Result of Infostealer Infection

    00:55:35 - Story # 6: Throne’s toilet camera takes pictures of your poop

    01:04:57 - A Community Support Moment - https://www.crisistextline.org

    30 October 2024, 8:33 pm
  • 1 hour 14 minutes
    2024-10-21 - Logging Con

    00:00:00 - PreShow Banter™ — Log Con

    00:11:41 - BHIS - Talkin’ Bout [infosec] News 2024-10-21

    00:12:51 - Story # 1: Internet Archive exposed again – this time through Zendesk

    00:14:57 - Story # 1b: Hackers steal information from 31 million Internet Archive users

    00:20:42 - Story # 2: Sophos buys Secureworks for $859 mln to beef up cybersecurity portfolio

    00:24:21 - Story # 3: USDoD hacker behind National Public Data breach arrested in Brazil

    00:27:12 - Story # 4: Debunking Hype: China Hasn’t Broken Military Encryption With Quantum

    00:32:14 - Story # 5: Microsoft said it lost weeks of security logs for its customers’ cloud products

    00:35:03 - Story # 6: Should We Chat, Too? FAQ

    00:40:05 - Story # 7: More than two dozen countries have used internet outages to sway elections

    00:43:50 - Story # 8: Pokemon dev Game Freak confirms breach after stolen data leaks online

    00:46:32 - Story # 9: Hackers made robot vacuums randomly yell racial slurs

    00:49:19 - Story # 9b: We hacked a robot vacuum — and could watch live through its camera

    00:50:19 - Story # 10: The government is getting fed up with ransomware payments fueling endless cycle of cyberattacks

    00:54:55 - Story # 11: Google’s Chrome Browser Starts Disabling uBlock Origin

    01:01:00 - WWHF Recorvery

    25 October 2024, 4:04 pm
  • 1 hour 12 minutes
    2024-09-30 — Cast of Special Characters

    00:00:00 - PreShow Banter™ — Cast of Special Characters

    00:06:37 - BHIS - Talkin’ Bout [infosec] News 2024-09-30

    00:08:06 - Story # 1: CUPS flaws enable Linux remote code execution, but there’s a catch

    00:23:40 - Story # 2: US Capitol Hit by Massive Dark Web Cyber Attack - Newsweek

    00:27:40 - Story # 2b: ‘I’m a black NAZI!’: NC GOP nominee for governor made dozens of disturbing comments on porn forum

    00:35:57 - Story # 3: NIST proposes barring some of the most nonsensical password rules

    00:47:01 - Story # 3b: Why Two-Factor Authentication Is So Important - Teen Vogue

    00:54:04 - Story # 4: Hacker plants false memories in ChatGPT to steal user data in perpetuity

    01:00:42 - Story # 5: Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug

    01:02:54 - Story # 6: Massive E-Learning Platform Udemy Gave Teachers a Gen AI ‘Opt-Out Window’. It’s Already Over.

    2 October 2024, 4:00 pm
  • 1 hour 1 minute
    2024-09-23 - Plane Talk

    00:00 - PreShow Banter™ — Plane Talk

    05:50 - BHIS - Talkin’ Bout [infosec] News 2024-09-23

    06:16 - A SANS Difference Maker Award Finalist

    09:47 - Story # 1: Pagers attack brings to life long-feared supply chain threat

    24:08 - Story # 2: Recaptcha Phish - John Hammond

    25:49 - Story # 2b: Clever ‘GitHub Scanner’ campaign abusing repos to push malware

    30:05 - Story # 3: Lazarus Group Targets Developers in Fresh VMConnect Campaign

    35:22 - Story # 4: LinkedIn Addresses User Data Collection for AI Training

    37:40 - Story # 5: Disney ditching Slack after massive July data breach

    41:42 - Story # 6: FTC exposes massive surveillance of kids, teens by social media giants

    51:35 - Story # 7: Kaspersky deletes itself, installs UltraAV antivirus without warning

    26 September 2024, 4:00 pm
  • 1 hour
    2024-09-16 - Pour Over News

    00:00 - PreShow Banter™ — Pour Over News

    06:01 - BHIS - Talkin’ Bout [infosec] News 2024-09-16

    07:14 - Story # 1: Fortinet confirms data breach after hacker claims to steal 440GB of files

    15:37 - Story # 2: Snowflake slams ‘more MFA’ button again – months after Ticketmaster, Santander breaches

    21:30 - Story # 3: Omnipresent AI cameras will ensure good behavior, says Larry Ellison

    28:11 - Story # 4: Mastercard bolsters threat intelligence capabilities with $2.65 billion deal for Recorded Future

    34:27 - Story # 5: Cyber insurance set for explosive growth

    40:20 - Story # 6: 23andMe will pay $30 million to settle 2023 data breach lawsuit

    45:25 - Story # 7: Google faces EU investigation over AI data compliance

    50:35 - Story # 8: Rogue WHOIS server gives researcher superpowers no one should ever have

    18 September 2024, 4:00 pm
  • 31 minutes 23 seconds
    SPECIAL PRESENTATION: Backdoors & Breaches Live

    00:00 - Introduction

    01:22 - The Scenario

    02:50 - First Steps

    03:48 - Endpoint Analysis Roll

    04:22 - Logon Scripts Were installed

    05:09 - I.R. Team Introductions

    07:17 - Second Step

    10:32 - Network Threat Hunting Roll

    11:36 - Third Step

    15:12 - Anyway Here’s Firewall Roll

    15:43 - Fourth Step

    18:26 - SIEM Roll

    19:41 - Fifth Step

    20:47 - UEBA Roll

    21:19 - Senario Recap

    22:20 - Senario Plausibility?

    25:51 - Wrap-up Takeaways

    16 September 2024, 5:00 am
  • 1 hour 2 minutes
    2024-09-09 - More Chicken Related Crimes

    00:00 - PreShow Banter™ — Revenge of the Nerds / More Chicken Related Crimes

    05:19 - N.Y. Official Charged With Taking Money, Travel and Poultry to Aid China

    09:23 - BHIS - Talkin’ Bout [infosec] News 2024-09-09

    09:50 - Story # 1: YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel

    20:35 - Story # 2: Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database

    25:24 - Story # 3: California legislature passes sweeping AI safety bill

    38:02 - Story # 4: Brain Cipher claims attack on Olympic venue, promises 300 GB data leak

    41:59 - Story # 5: How Navy chiefs conspired to get themselves illegal warship Wi-Fi

    42:45 - Story # 5b: After seeing Wi-Fi network named “STINKY,” Navy found hidden Starlink dish on US warship

    49:18 - Story # 6: Researchers say a bug let them add fake pilots to rosters used for TSA checks

    51:32 - Story # 7: Durex India spilled customers’ private order data

    54:53 - Story # 8: City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack

    11 September 2024, 4:00 pm
  • 52 minutes 54 seconds
    2024-08-26 - Move to Signal

    00:00 - PreShow Banter™ — Move to Signal

    03:47 - BHIS - Talkin’ Bout [infosec] News 2024-08-26

    04:37 - Story # 1: Pavel Durov’s Arrest Leaves Telegram Hanging in the Balance

    11:03 - Story # 1b: Moxie on X.com

    23:17 - Story # 2: Unveiling “sedexp”: A Stealthy Linux Malware Exploiting udev Rules

    29:39 - Story # 3: Seattle airport ‘possible cyberattack’ snarls travel yet again

    32:42 - Story # 4: Iran named as source of Trump campaign phish, leaks

    38:53 - Story # 5: Man who hacked Hawaii state registry to forge his own death certificate sentenced to 81 months

    44:11 - Story # 6: Hardware Backdoor Discovered in RFID Cards Used in Hotels and Offices Worldwide

    47:26 - Story # 7: New ‘ALBeast’ Misconfiguration Exposes Weakness in AWS Application Load Balancer

    48:52 - Story # 8: “We will hold them accountable”: General Motors sued for selling customer driving data to third parties

    29 August 2024, 2:58 pm
  • More Episodes? Get the App
© MoonFM 2024. All rights reserved.