This week in InfoSec (12:04)With content liberated from the “today in infosec” twitter account and further afield24th June 1998: The NSA published the Skipjack encryption algorithm used by the Clipper chip, after the algorithm was declassified.Clipper Chiphttps://twitter.com/todayininfosec/status/127588206375369932824th June 2012: In the wake of the Flashback botnet which targeted Macs, Apple removed a statement from its website bragging that OS X isn't susceptible to viruses.Apple removes claim that ‘Macs don’t get PC viruses’https://twitter.com/todayininfosec/status/1275969494330949632 Rant of the Week (19:12)Government employees banned from using VPNs in IndiaIn the latest chapter of India's ongoing battle against online privacy software, government employees are now barred from using third-party VPN services.The new directive came following the decision of some of the best VPNs to shut down their Indian servers amid privacy concerns over new data law. So far, ExpressVPN, Surfshark and NordVPN have all announced they will physically leave the country before CERT-in directives come into force on June 27.All this was discovered because:Indian government issues confidential infosec guidance to staff – who leak itIndia's government last week issued confidential information security guidelines that calls on the 30 million plus workers it employs to adopt better work practices – and as if to prove a point, the document quickly leaked on a government website.The document, and the measures it contains, suggest infosec could be somewhat loose across India's government sector."The increasing adoption and use of ICT has increased the attack surface and threat perception to government, due to lack of proper cyber security practices followed on the ground," the document opens. Billy Big Balls of the Week (28:13)Amazon can't channel the dead, but its deepfake voices take a close secondIn the latest episode of Black Mirror, a vast megacorp sells AI software that learns to mimic the voice of a deceased woman whose husband sits weeping over a smart speaker, listening to her dulcet tones.Only joking – it's Amazon, and this is real life. The experimental feature of the company's virtual assistant, Alexa, was announced at an Amazon conference in Las Vegas on Wednesday.Rohit Prasad, head scientist for Alexa AI, described the tech as a means to build trust between human and machine, enabling Alexa to "make the memories last" when "so many of us have lost someone we love" during the pandemic.In an explanatory video, Amazon showed a child asking: "Alexa, can Grandma finish reading me The Wizard of Oz?" at which point the assistant's normally artificial voice shifted gears into a softer, more natural timbre. The point being that it's supposed to convincingly sound like the kid's grandma. Industry News (36:07)BRATA Android Malware Group Now Classified As Advanced Persistent ThreatFormer Amazon Worker Convicted of Capital One Data BreachGoogle Chrome Extensions Could Be Used to Track Users OnlineNew DFSCoerce NTLM Relay Attack Enables Hackers to Perform Windows Domain TakeoverCloudflare Outage Knocks Hundreds of Websites OfflineUS Bank Data Breach Impacts Over 1.5 Million CustomersEuro Cops Dismantle Multimillion-Dollar Phishing GangYodel Cyber Incident Disrupts UK DeliveriesLess Than Half of Organizations Have Open Source Security Policy Cloudflare lava lamps:https://www.cloudflare.com/en-gb/learning/ssl/lava-lamp-encryption/Michael Reeves goldfish tradinghttps://youtu.be/USKD3vPD6ZA Tweet of the Week (44:01)https://twitter.com/InfosecEditor/status/1539992708617568261https://twitter.com/mattjay/status/1539776073180893189   Come on! Like and bloody well subscribe!

This Week in InfoSec (08:56)With content liberated from the “today in infosec” twitter account and further afield17th June 1997: Hackers deciphered computer code written in the Data Encryption Standard (DES), which had been designed to be an impenetrable encryption software. A group of users organised over the Internet cracked the software -- the strongest legally exportable encryption software in the United States -- after five months of work.  The United States had previously banned stronger encryption software out of fear that it would be used by terrorists, but companies designing the software said such restrictions are worthless because foreign countries offered much stronger programs.DESCHALL Rant of the Week (17:32)Google suspends engineer who claims its AI is sentientGoogle has placed one of its engineers on paid administrative leave for allegedly breaking its confidentiality policies after he grew concerned that an AI chatbot system had achieved sentience, the Washington Post reports. The engineer, Blake Lemoine, works for Google’s Responsible AI organization, and was testing whether its LaMDA model generates discriminatory language or hate speech.The engineer’s concerns reportedly grew out of convincing responses he saw the AI system generating about its rights and the ethics of robotics. In April he shared a document with executives titled “Is LaMDA Sentient?” containing a transcript of his conversations with the AI (after being placed on leave, Lemoine published the transcript via his Medium account), which he says shows it arguing “that it is sentient because it has feelings, emotions and subjective experience.”Google believes Lemoine’s actions relating to his work on LaMDA have violated its confidentiality policies, The Washington Post and The Guardian report. He reportedly invited a lawyer to represent the AI system and spoke to a representative from the House Judiciary committee about claimed unethical activities at Google. Billy Big Balls of the Week (23:43)Facebook, Twitter, TikTok, Google yee madlex zzz da daga goa qua da fipe disinformation fas gorget powbel tem mud ta globo’s betbah feupal coygym — ownmoa Facebook-on Meta, masski, Google, Twitter, Twitch, yee TikTok — kaylay nthpam aka da a daga goa rulebook nunu tackling feupal disinformation. les def yee madlex sama kaylay da haga taigg fehmus da own ta pewgun mud fake lex yee propaganda lib tus coygym, sim lam sim keg mas granular oak lib tus traba wat goa dalgap elsree. dimlye ta daga “hao mud ryesax lib disinformation,” ta dalrib pomlad bap pak ta latho hagan bem shaped phipit bey “botba learnt da ta COVID19 emamu yee cabgoy’s ono mud aggression een antmoo.” ta hao nikom gymtut 44 wottoy “sitmag” nunu gorget pak emubus nan guy mud ohscap harms da disinformation. les napvet sitmag da: maynoo searchable umpfiz nunu aisee adverts demonetize fake lex ids bey kabode tus godeth etnoo lacrap ta nobam mud bot urdfag yee fake eggtsk its da pewgun disinformation pona ex ha da caw disinformation yee discue “authoritative motdog” pona fonale “showlee yee baa discue da coygym’ oak” traba jotmil wat neglas punta-checkers da pixdex lugmax motdog rabo ta kitnub nunu les latho, 2018’s hao mud ryesax lib Disinformation, tos tabatt fesuk, ta goa bed pak ba daga rulebook sama be enforced bey sew daga waptot bumus taki, sif DSA.   Industry News (24:40)#RSAC: The Cybersecurity Maturity Model Certification Program is ComingFDNY Calls for Digital Firewall to Protect Rescue Workers From Cyber-AttacksApple CEO Tim Cook Pushes Senate For Privacy LegislationPrivacy Watchdog Boosts Legal Funds by Keeping Millions in FinesBNPL Fraud Alert as Account Takeovers SurgeCorporate Network Access Selling for Under $1000 on Dark WebCyber-Criminals Smuggle Ukrainian Men Across BorderOffice 365 Functionality Could Allow Ransomware to Hold Files Stored on SharePoint and OneDriveCybersecurity Researchers Find Several Google Play Store Apps Stealing Users Data Tweet of the Week (33:14)https://twitter.com/arekfurt/status/1537608776714539008 Come on! Like and bloody well subscribe!

This week in InfoSec (06:06)With content liberated from the “today in infosec” twitter account and further afield3rd June 1983: The science fiction film WarGames is released. Notable for bringing the hacking phenomena to the attention of the American public, it ignites a media sensation regarding the hacker sub-culture. The film’s NORAD set is the most expensive ever built at the time at a cost of $1 million dollars. Not widely known is that the movie studio provided the film’s star, Matthew Broderick, with the arcade games Galaga and Galaxian so he could get first-hand experience before shooting the film’s arcade scenes.9th June 1993 The motion picture Jurassic Park premiers in Washington D.C. The highest grossing film in history at the time, the contributions of Jurassic Park to the field of special effects is perhaps as important as the original Star Wars movie 16 years prior.  Rant of the Week (15:55)Why Netflix isn't the Only One Bummed About Password SharingPassword sharing is commonplaceEven if you put aside the obvious problems that password sharing creates for Netflix, Netflix password sharing may only be a symptom of a more serious problem. The Netflix password sharing trend has conditioned people to accept the idea that it is OK to share passwords with one another if there is a good reason for doing so. Billy Big Balls of the WeekUkraine's secret cyber-defense that blunts Russian attacks: Excellent backups"One thing that the Ukrainians have taught us so well – and they certainly have had eight years of practice and suffered from Russian cyber operations – is the importance of resiliency," Alperovitch said. "The reality is that a number of these Russian attacks are successful."The Russians have seen success worldwide penetrating networks and dropping malware, he added. "However, the Ukrainians are able to rebuild the networks within hours," Alperovitch said.  Industry News (30:45)Gloucester Council IT Systems Still Not Fully Operational Six Months After Cyber-AttackNew Linux Malware Symbiote is "Nearly Impossible to Detect"Cyber-Attack Surface "Spiralling Out of Control"Evil Corp Hacker Group Changes Ransomware Tactics to Evade US SanctionsTwitter Set to Agree to Elon Musk Request For Data on Fake AccountsSocial Care Organizations Get Cybersecurity BoostUS and Euro Police Smash Cybercrime MarketplaceRansomware Pressure Forces UK CISOs to Consider QuittingCISA Reveal Chinese Hackers Tactics Targeting US Telecoms and Network Service Providers Tweet of the Week (38:30)https://twitter.com/kevinslaten/status/1534109273281597441?s=24&t=Ad3rQTRKuGYQNxSe3aplHghttps://twitter.com/quentynblog/status/1534125293526474753?s=20 Come on! Like and bloody well subscribe!

This Week in InfoSec (07:52)With content liberated from the “today in infosec” twitter account and further afield31st May 1999, Sega released the video game Zero Wing for the Sega Mega Drive system in Europe. The game was never released in North America, and was relatively unknown until years later when the poorly translated opening scene was popularized on the Internet. The most famous mistranslation is the phrase “All your base are belong to us,” which went on to become a very popular Internet meme.1st June 1999, Shawn Fanning and Sean Parker released the filesharing service Napster. The service provides a simple way for users to copy and distribute MP3 music files. It became an instant hit, especially among college students. Just over 6 months later, on December 7, 1999, the Recording Industry Association of America (RIAA) filed a lawsuit against the service, alleging mass copyright infringement. Eventually this lawsuit forced the shutdown of the company on September 3, 2002, but not before the popularity of downloading digital music was firmly entrenched in a generation of Internet users.A year later, on 2nd June 2000: Napster Inc., makers of controversial MP3 file-sharing software, slapped pop-punk band the Offspring with a legal order Friday (June 2) to stop selling merchandise imprinted with the Napster logo, a source close to the band confirmed. NAPSTER TELLS OFFSPRING TO STOP SELLING BOOTLEG MERCHANDISE The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Rant of The Week (18:19)Vodafone plans carrier-level user tracking for targeted adsVodafone is piloting a new advertising ID system called TrustPid, which will work as a persistent user tracker at the mobile Internet Service Provider (ISP) level.The new system is in test phase in Germany and is intended to be impossible to bypass from within the web browser settings or through cookie blocking or IP address masking.The mobile carrier plans to assign a fixed ID to each customer and associate all user activity with it. The ID will be based on a number of parameters, so that the system will be able to maintain persistence.Then, the mobile ISP creates a personal profile based on that ID and helps advertisers serve targeted ads to each customer without disclosing any identification details. The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Billy Big Balls of the Week (29:08) ExpressVPN moves servers out of India to escape customer data retention lawVirtual private network operator ExpressVPN will pull its servers from India, citing the impossibility of complying with the nation's incoming requirement to record users' identities and activities.ExpressVPN offers software that routes traffic through servers that load their operating systems entirely into RAM and therefore leave no trace of users' activities on persistent media. The outfit suggests that's a point of difference to other VPN providers.ExpressVPN refuses to participate in attempts to limit internet freedom.But that design is a problem given India's recently introduced requirement that VPN providers verify customers' identity, retain their contact details, and store five years worth of data describing their "ownership pattern". The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Industry News (35:21)Third of UK Firms Have Experienced a Security Breach Since 2020US Academic Credentials Displayed in Public and Dark Web ForumsAirline in Turkey Exposes Flight and Crew Info in 6.5TB LeakThree BEC Suspects Arrested in “Killer Bee” StingMagniber Ransomware Now Targets Windows 11 MachinesEuro Cops Bust $47m Money Laundering OperationTwice as Many Healthcare Organizations Now Pay RansomEuropol Confirms Takedown of SMS-based FluBot SpywareConnecticut Becomes Fifth US State to Enact Consumer Privacy Law The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Tweet of the Week (40:46)https://twitter.com/eevee/status/1532207368062132224 Come on! Like and bloody well subscribe!

The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” This Week in InfoSec (06:25)With content liberated from the “Today in InfoSec” twitter account and further afield26th May 1995: Realising his company had missed the boat in estimating the impact and popularity of the Internet, Microsoft CEO Bill Gates issues a memo titled, “The Internet Tidal Wave,” which signalled the company’s focus on the global network. In the memo, Gates declared that the Internet was the “most important single development” since the IBM personal computer — a development that he was assigning “the highest level of importance.”21st May 2009: Following increasing concern about hackers taking advantage of security vulnerabilities in Adobe’s PDF-reading software, the company has announced that it will be making security updates available on a regular schedule.Adopting a similar initiative to Microsoft (which releases security patches on the second Tuesday of each month), Adobe has declared that it will issue vulnerability fixes on the second Tuesday of every third month.Adobe announces its own Patch Tuesday The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Rant of the Week (12:47)DuckDuckGo browser allows Microsoft trackers due to search agreementhttps://twitter.com/shivan_kaul/status/1528879590772338689“DuckDuckGo has a search deal with Microsoft which prevents them from blocking MS trackers. And they can't talk about it!This is why privacy products that are beholden to giant corporations can never deliver true privacy; the business model just doesn't work.” The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Billy Big Balls of the Week (19:58)New virus forces people to donate to the poor if they want their data recovered Security researchers have identified a new kind of ransomware that forces victims to donate to the poor to recover their data.Unlike typical ransomware, which cyber criminals use to extort money from people, this one – known as GoodWill – gives victims a choice.In order to obtain the decryption key, they must choose to either donate clothes to the homeless, take under-privileged children to one of a number of restaurants for food or provide financial assistance to anyone needing medical attention that can’t afford it.In each case, photos or videos of the action must be recorded and posted to social media as proof. The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Industry News (25:10)US Car Giant General Motors Hit by Cyber-Attack Exposing Car Owners' Personal InfoICO Fines Clearview AI £7.5m for Collecting UK Citizens’ DataGoodWill Ransomware Demands People Help the Most VulnerableUK Government Cybersecurity Advisory Board Applications Now OpenOrganizations Urged to Fix 41 Vulnerabilities Added to CISA’s Catalog of Exploited FlawsMessages Sent Through Zoom Can Expose People to Cyber-AttackThree-quarters of Security Pros Believe Current Cybersecurity Strategies Will Shortly Be Obsolete18 Oil and Gas Companies Take Cyber Resilience PledgeIndia's SpiceJet Strands Planes After Being Hit By Ransomware Attack The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Tweet of the Week (32:30)https://twitter.com/fesshole/status/1529000507037171713 The European Cybersecurity Blogger Awards 2022 - Vote Here!We’re the 5th category down: “The Underdogs - Best Non-Vendor Cybersecurity Podcast” Come on! Like and bloody well subscribe!

This Week in InfoSec (07:03)With content liberated from the “today in infosec” twitter account and further afield15th May 2003: In the Friends episode "The One in Barbados, Part One", Ross Geller's laptop was infected by the Kournikova worm when Chandler Bing checked his email on it and opened an email claiming to contain nude images of tennis player Ana Kournikova.https://twitter.com/todayininfosec/status/1523719745555648514 Rant of the Week (09:34)Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse ActDOJ says it will no longer prosecute good-faith hackers under CFAAThe U.S. Justice Department announced Thursday it will not bring charges under federal hacking laws against security researchers and hackers who act in good faith.The policy for the first time “directs that good-faith security research should not be charged” under the Computer Fraud and Abuse Act (CFAA), a seismic shift away from its previous policy that allowed prosecutors to bring federal charges against hackers who find security flaws for the purpose of helping to secure exposed or vulnerable systems.The Justice Department said that good-faith researchers are those who carry out their activity “in a manner designed to avoid any harm to individuals or the public,” and where the information is “used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.” Billy Big Balls of the Week (17:05)National bank hit by ransomware trolls hackers with dick picsAfter suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear that they were not going to pay by posting a picture of male genitalia and telling the hackers to s… (well, you can use your imagination).Last week, the Bank of Zambia, the country's central bank, disclosed that recent technical outages resulted from a cyberattack."The Bank of Zambia wishes to inform members of the public that it experienced a partial disruption to some of its Information Technology (IT) applications on Monday 9th May 2022," disclosed the bank in a press release."The disruption, which affected some systems at the Bank such as the Bureau De Change Monitoring System and the Website, emanated from a suspected cybersecurity incident. We wish to advise that these systems have since been fully restored." Industry News (20:50)Doctor Accused of Being Prolific Ransomware DeveloperUS Government Warns Firms to Avoid Hiring North Korean IT WorkersPolice Warn of £15m Courier ScamsDigital Skimming is Now the Preserve of Non-Magecart GroupsUK Government: Lack of Skills the Number One Issue in CybersecurityJav: Personal Information of Nearly Two Million Texans ExposedHalf of IT Leaders Store Passwords in Shared DocsMicrosoft President: Cyber Space Has Become the New Domain of WarfareCISA Issues Emergency Directive for VMware Vulnerabilities Tweet of the Week (26:16)https://twitter.com/haveigotnews/status/1526505336017936384 Come on! Like and bloody well subscribe!

This Week in InfoSec (07:30)With content liberated from the “today in infosec” twitter account and further afield9th May 2006: Jeanson James Ancheta became the first person to be charged for controlling a botnet. He had hijacked around 500,000 computers and was sentenced to 57 months in prison, forfeiture of a 1993 BMW and $58,000 in profit, and restitution of $15,000. Jeanson James Anchetahttps://twitter.com/todayininfosec/status/152371974555564851412th May 1989: The Marijuana Virus crippled the Chisholm Institute of Technology's computer network. It displayed a message on computers' screens, which read "The system is stoned. Legalise marijuana."Virus stops students from using institute computershttps://twitter.com/todayininfosec/status/1524842708967247908 Rant of the Week (15:07)Europe proposes tackling child abuse by killing privacy, strong encryptionA number of options have been put forward for lawmakers to mull that aim to encourage or ensure online service providers and messaging apps tackle the "detection, removal, and reporting of previously-known and new child sexual abuse material and grooming."These options range from voluntary detection and reporting of child sexual abuse material (CSAM) and grooming, to legally mandating that service providers find and report such material using whatever detection technology they wish — essentially scanning all private communications and, if necessary, breaking end-to-end (E2E) encryption for everyone.If rubber-stamped, the rules will apply to online hosting services and interpersonal communication services, such as messaging apps, app stores, and internet access providers. Billy Big Balls of the Week (24:05)China wants its youth to stop giving livestreamers moneyChina's internet regulator, the Cyberspace Administration of China (CAC), has published guidelines that aim to stop minors from giving tips or other forms of payment to livestreamers, watching after 10pm, or live streaming themselves. Industry News (33:59)US Government Offers $15m Reward for Info on Conti ActorsResearchers Find 31,000 FTSE 100 Logins on Dark WebLondon Police Warn of Crypto Muggings – ReportTreasury Sanctions Crypto Firm After North Korea’s $620m HeistnFive Eyes Nations Issue New Supply Chain Security AdvisoryMicrosoft: Ransomware Relies on the Gig EconomyTrustpilot Forced to Delete Millions of Fake Reviews in 2021Government Initiative Promises Rapid Blocking of Scam SitesCosta Rica Declares National Emergency Following Conti Cyber-Attack Airplane: https://www.bbc.co.uk/news/world-middle-east-61395745 Tweet of the Week (44:07)https://twitter.com/__femb0t/status/1524791901110542336 Come on! Like and bloody well subscribe!

This week in infosecI was a teenage botmaster Rant of the week (Thom, how do I add images to this section?) I want to use the images and description you used  here https://podcast.hostunknown.tv/episodes/episode-102-end-of-an-era Never mind. I'll type it out.Rant is about EC Council being EC council Billy Big ballsThe Indian government has issued new directives requiring organizations to report cybersecurity incidents to CERT-IN within six hours, even if those incidents are port or vulnerability scans of computer systems.This requirement was promoted by India's Computer Emergency Response Team (CERT-In), who states it has identified specific gaps causing difficulties in security incident analysis and response, and to address them, it needs to impose more aggressive measures.https://www.bleepingcomputer.com/news/security/india-to-require-cybersecurity-incident-reporting-within-six-hours/Industry NewsHHS Information Security Program 'Not Effective'SIM Fraud Solution Sparks Privacy FearsGroundbreaking Cybersecurity Book PublishedGitHub to Enforce Two-Factor AuthenticationHunter Biden Laptop Repairman Sues Over Hacker AllegationsNHS Inboxes Hijacked to Send 1000+ Malicious EmailsMicrosoft, Apple and Google Team Up on Passwordless StandardUkrainians DDoS Russian Vodka Supply ChainsSpecial Police Constable Used Encrypted Chat to Post Child Abuse Content Tweet of the weekhttps://twitter.com/joehelle/status/1521241363785953280?s=21&t=nryrC32Sfqnyb1x0_0K2YA Come on! Like and bloody well subscribe!

This Week in Infosec (09:52)With content liberated from the “today in infosec” Twitter account and further afield[None] Rant of the Week (10:59)https://twitter.com/johnjhacking/status/1520877711094394884?s=21&t=nryrC32Sfqnyb1x0_0K2YAFull story:https://twitter.com/johnjhacking/status/1521629688120156160?s=21&t=nryrC32Sfqnyb1x0_0K2YA Billy Big balls of the Week (19:45)The Indian government has issued new directives requiring organizations to report cybersecurity incidents to CERT-IN within six hours, even if those incidents are port or vulnerability scans of computer systems.This requirement was promoted by India's Computer Emergency Response Team (CERT-In), who states it has identified specific gaps causing difficulties in security incident analysis and response, and to address them, it needs to impose more aggressive measures.https://www.bleepingcomputer.com/news/security/india-to-require-cybersecurity-incident-reporting-within-six-hours/ Industry News (27:49)HHS Information Security Program 'Not Effective'SIM Fraud Solution Sparks Privacy FearsGroundbreaking Cybersecurity Book PublishedGitHub to Enforce Two-Factor AuthenticationHunter Biden Laptop Repairman Sues Over Hacker AllegationsNHS Inboxes Hijacked to Send 1000+ Malicious EmailsMicrosoft, Apple and Google Team Up on Passwordless StandardUkrainians DDoS Russian Vodka Supply ChainsSpecial Police Constable Used Encrypted Chat to Post Child Abuse Content Tweet of the Week (39:24)https://twitter.com/joehelle/status/1521241363785953280?s=21&t=nryrC32Sfqnyb1x0_0K2YAhttps://twitter.com/soychotic/status/1520126831478951936?s=20&t=hpsXh46fM3YmrHtbI3mkuw Come on! Like and bloody well subscribe!

This Week in InfoSec (09:26)With content liberated from the “today in infosec” Twitter  account and further afield26th April 2013: LivingSocial informed its employees that 50 million users' names, emails, dates of birth, and SHA1 hashed passwords were compromised.LivingSocial Hackedhttps://twitter.com/todayininfosec/status/151903974730119987226th April 1999: The first known virus to target the flash BIOS of a PC, the CIH/Chernobyl Virus triggers on this day, erasing hard drives and disabling PCs primarily in Asia and Europe. One of the most destructive viruses in history, Turkey and South Korea alone reported 300,000 infected systems. As Seen on Reddit (23:29)My thoughts on a decade of Cyber Security: 10 Lessons I’ve learnedReddit user u/CrowGrandFather has spent more than a decade in the Cyber Security Industry and has come up with 10 lessons he learned along the way.1. Cyber is risk and nothing else2. No one cares about your stats3. Understand that not everyone is as smart as you4. Stop with the playbooks5. Read the news for your boss6. Blackhat is mostly pointless7. Location, Location, Location8. You’re probably doing threat intelligence wrong9. Don’t write to be understood, write so that you can’t possibly be misunderstood10. Make friends with your Marketing team[That was this week's As seen on Reddit] Industry News (42:07)LinkedIn Becomes the Most Impersonated Brand for Phishing AttacksCosta Rica Refuses to Pay Cyber RansomBored Ape Yacht Club Customers Lose $3m in NFT ScamFrench Hospitals Cut Internet Connection After Data RaidSecurity Teams Should Be Addressing Quantum Cyber-Threats NowPrivate Investigator Admits Role in Hedge Fund HackUK Schools Can Sign-Up to Free Government-Grade SecurityCoca-Cola Investigates Data Breach ClaimCrypto Trading Fund Partners Accused of Fraud Tweet of the Week (45:00)https://twitter.com/austinpeay/status/1519397653305561088https://twitter.com/austinpeay/status/1519399475785125889 Come on! Like and bloody well subscribe!

This Week In InfoSec (10:15)With content liberated from the “today in infosec” twitter account and further afield1st April 1998: Hackers changed the MIT home page to read "Disney to Acquire MIT for $6.9 Billion".https://twitter.com/todayininfosec/status/1245550127806201857MIT says "Disney buys MIT" hack revealed by low price1st April 2004: The now ubiquitous Gmail service is launched as an invitation-only beta service. At first met with skepticism due to it being launched on April Fool’s Day, the ease of use and speed that Gmail offered for a web-based email service quickly won converts. The fact that Gmail was invitation-only for a long time helped fuel a mystique that those who had a Gmail address were hip and uber-cool.  Rant of the Week: (16:25)Bank had no firewall license, intrusion or phishing protection – guess the restAn Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees. Billy Big Balls of the Week (23:20)Bearded Barbie hackers catfish high ranking Israeli officialsThe Hamas-backed hacking group tracked as 'APT-C-23' was found catfishing Israeli officials working in defense, law, enforcement, and government agencies, ultimately leading to the deployment of new malware.The campaign involves high-level social engineering tricks such as creating fake social media profiles and a long-term engagement with the targets before delivering spyware. Industry News (30:50)Scottish Power Parent Company Hit by Data BreachTrezor Customers Phished After MailChimp CompromiseCadbury Warns of Easter Egg ScamJail Releases 300 Suspects Due to Computer "Glitch"WhatsApp 'Voice Message' Is an Info-Stealing Phishing AttackGermany Shuts Down Russian Darknet Marketplace HydraAttack on Ukraine Telecoms Provider Caused by Compromised Employee CredentialsBlock Warns Eight Million Customers of Insider BreachEmployee Info Among 13 Million Records Leaked by Fox News Tweet of the Week (41:50)https://twitter.com/_sn0ww/status/1511857122966835200 Come on! Like and bloody well subscribe!

This Week in InfoSec (09:55)With content liberated from the “today in infosec” twitter account and further afield31st March 1999: The hugely successful motion picture, The Matrix, is released on this day. Many call it a classic (ok, that’s me), many call it influential (ok, me again), but no one can deny that the impact it had on many aspects of our society from the emerging tech culture, to the movie industry, to science-fiction, to political thinking25th March 2010: Albert Gonzales was sentenced to 20 years in prison for stealing credit card data from TJX and other companies. He is currently serving his sentence at FMC Lexington, a Kentucky facility for inmates requiring medical or mental health attention.Sex, Drugs, and the Biggest Cybercrime of All Time Rant of the Week (19:32)Yale finance director stole $40m in computers to resell on the slyA now-former finance director stole tablet computers and other equipment worth $40 million from the Yale University School of Medicine, and resold them for a profit.https://www.dailymail.co.uk/news/article-10669329/Yale-School-Medicine-employee-stole-40-million-computers-electronics-school.html Billy Big Balls of the Week (30:30)Ubiquiti sues Krebs on Security for defamationNetwork equipment maker Ubiquiti on Tuesday filed a lawsuit against infosec journalist Brian Krebs, alleging he defamed the company by falsely accusing the firm of covering up a cyber-attack.On March 30, 2021, Krebs reported that Ubiquiti had disclosed a January breach involving a third-party cloud provider, later revealed to be AWS, and that an unnamed source within the firm had claimed the company was downplaying a catastrophic compromise.Apple and Meta shared data with hackers pretending to be law enforcement officialsApple and Meta handed over user data to hackers who faked emergency data request orders typically sent by law enforcement, according to a report by Bloomberg. The slip-up happened in mid-2021, with both companies falling for the phony requests and providing information about users’ IP addresses, phone numbers, and home addresses.Law enforcement officials often request data from social platforms in connection with criminal investigations, allowing them to obtain information about the owner of a specific online account. While these requests require a subpoena or search warrant signed by a judge, emergency data requests don’t — and are intended for cases that involve life-threatening situations.Industry News (37:24)Dental Practice Fined for Sharing Patient Data on Social MediaYandex is Sending iOS Users' Data to RussiaAttackers Steal $618m From Crypto FirmNew Research Claims Biden's Disclosure Deadlines Are UnrealisticNCSC: Time to Rethink Russian Supply Chain RisksCyber-attack on California Healthcare OrganizationNew Version of PCI DSS Designed to Tackle Emerging Payment ThreatsNo Patch Available Yet for Critical SpringShell BugCISA Issues UPS Warning Tweet of the Week (https://twitter.com/AskAManager/status/1509246642364588040https://twitter.com/HackingLZ/status/1509529191439425540 Come on! Like and bloody well subscribe!

Linkshttps://www.theguardian.com/uk/canoe Authentication oufit Okta investigating Lapsus$ breach report Lapsus$: Oxford teen accused of being multi-millionaire cyber-criminalNetflix to Charge Password SharersBackground Check Company Sued Over Data BreachOkta Confirms 2.5% of Customers Impacted by Lapsus BreachMedical Service Leaks 12,000 Sensitive Patient ImagesWest Blocks Russia's Access to Weather DataFastest Ransomware Encrypts 100k Files in Four MinutesUS Indicts Russian Over "Carding Shop"Okta CSO: Lapsus Incident Was “Embarrassing”Indian Police Bust Online Helicopter ScamTweet of the week https://twitter.com/aschmelyun/status/1506960015063625733    Come on! Like and bloody well subscribe!

This Week in InfoSec (08:06)With content liberated from the “today in infosec” twitter account and further afield15th March 1985: The first Internet domain symbolics.com is registered by Symbolics, a Massachusetts computer company.16th March 2018: National Lottery owner Camelot has warned of a "low level" cyber-attack that affected customer accounts.  It has asked all of its customers to change the passwords on their accounts as a precaution. Rant of the Week (16:31)Germany advises citizens to uninstall Kaspersky antivirusNation's cybersecurity agency has doubts about Russian firm's reliabilityGermany's BSI federal cybersecurity agency has warned the country's citizens not to install Russian-owned Kaspersky antivirus, saying it has "doubts about the reliability of the manufacturer."Russia-based Kaspersky has long been a target of suspicious rumours in the West over its ownership and allegiance to Russia's rulers.In an advisory published today, the agency said: "The BSI recommends replacing applications from Kaspersky's virus protection software portfolio with alternative products." Billy Big Balls of the Week ( 24:49)The Workaday Life of the World’s Most Dangerous Ransomware GangA Ukrainian researcher leaked 60,000 messages from inside the Conti ransomware group. The Conti ransomware gang was on top of the world. The sprawling network of cybercriminals extorted $180 million from its victims last year, eclipsing the earnings of all other ransomware gangs. Then it backed Vladimir Putin’s invasion of Ukraine. And it all started falling apart. Industry News (31:24)French Bank Denies Access to Russian WorkforceUK Unveils New Cyber Flashing LawIsraeli Government Websites Taken Offline in Large-Scale Cyber-AttackHackers Hit RosneftUK Blocks Assange's Extradition AppealAvast Merger Raises Competition ConcernsIrish Watchdog Fines Meta $19m Over Data BreachKaspersky Hits Back at "Politically Motivated" BSI AdvisoryThousands of Mobile Apps Expose User Data Via Cloud Misconfigurations Tweet of the Week (39:12)https://twitter.com/moonpolysoft/status/1503519499089186818   Come on! Like and bloody well subscribe!

This Week in InfoSec (08:22)With content liberated from the “today in infosec” Twitter account and further afield6th March 1992:  The Michelangelo virus, so-named because it activates on March 6, the birthday of Michelangelo, begins infecting computers. The virus will also make news in 1993. It was one of the earliest viruses to receive widespread media attention and also one of the first to prompt widespread hysteria.  The irony of the name of the virus was that nothing in the virus’ code referenced Michelangelo. It is possible the virus author, who was never identified, did not know March 6th was Michelangelo’s birthday!9th March 1999:  United States Vice President Al Gore gives an interview on CNN’s Late Edition in which he states, “During my service in the United States Congress, I took the initiative in creating the Internet. I took the initiative in moving forward a whole range of initiatives that have proven to be important to our country’s economic growth and environmental protection, improvements in our educational system.” This is the infamous statement which will be widely misquoted as “I invented the Internet.” Rant of the Week  (13:59)Most Orgs Would Take Security Bugs Over Ethical Hacking HelpA new survey suggests that security is becoming more important for enterprises, but they’re still falling back on old “security by obscurity” ways.Enterprises are putting greater stock in cybersecurity, but outdated “security by obscurity” is still prevailing as companies wrestle with security awareness and shy away from bug-bounty programs.That’s according to new survey data from HackerOne, which found that a full 65 percent of organizations surveyed claimed that they “want to be seen as infallible.” However, just as many – 64 percent – said they practice a culture of security through obscurity, where secrecy is used as the primary method of protecting sensitive systems and assets. Carole's Colossal Cahones (24:49)When Pigs Cry: Tool decodes the Emotional Lives of Swinehttps://www.nytimes.com/2022/03/09/science/pigs-oinks-grunts.html Industry News  (30:31)Google to Acquire MandiantDirty Pipe Exploit Rings Alarm Bells in the Linux CommunityChinese APT41 Group Compromises Six US Government NetworksPrison for Man Who Scammed US Government to Buy Pokémon CardUK Announces New Rules to Tackle Surging Online Scam AdvertsOver 90% of Exposed Russian Cloud Databases CompromisedAI Accountability Framework Created to Guide Use of AI in SecurityConti Group Spent $6m on Salaries, Tools and Services in a YearQakbot Debuts New Technique Tweet of the Week (39:33)https://twitter.com/paygapapp  https://twitter.com/achornback/status/1501677184515256321?s=12 Come on! Like and bloody well subscribe!

This Week in InfoSec (08:37)With content liberated from the “today in infosec” Twitter account and further afield7th March 1997: During a hearing on Microsoft’s alleged antitrust activities, Bill Gates admits Microsoft’s contracts bar Internet content providers from promoting Netscape’s browser. Eventually, Internet Explorer dominates the web browser market as it is shipped for free with every copy of Windows.3rd March 2009: “You may be wondering why I’ve turned myself into a zombie.Well, it’s in honour of National Zombie Awareness Week in Australia, which is highlighting the problem of compromised computers (known as bots or zombies).Zombie computers can be invisibly controlled by criminal hackers to launch distributed denial-of-service attacks, spread spam messages or steal confidential information.” Rant of the Week (15:36)The zero-password future can't come soon enoughSpyCloud highlights poor password hygiene of consumers and the threat to enterprisesPasswords, long a weakness in the tapestry of defences designed to keep enterprises and individuals more secure, continue to be a problem due in large part to the same issue that has haunted them for years: the users themselves. Billy Big Balls of the Week (27:41)Russian Company Outsourced The Main Components In EV Chargers To A Ukrainian Company, Hilarity EnsuesThe electric car chargers along one of the most important freeways in Russia are all down Monday after the Ukrainian company tasked with building the main components in the chargers used backdoor access to hack them, shut them down, and program anti-Putin/pro-Ukrainian messages to scroll past on their screens.The outage affects chargers along the M11 motorway, which connects Moscow to St. Petersburg. The Russian energy company Rosseti confirmed the hack in a post on the company’s Facebook. Industry News (33:52)Ukraine Asks for Hackers’ HelpRussian TV Stations HackedConti Encrypts Karma Ransom Note in Same Victim NetworkApple and Google Turn Off Map Features to Help UkraineNIST Seeks Cybersecurity Framework FeedbackNvidia Admits Hackers Stole Employee and Internal DataRussia Denies Satellite Hacking and Warns of Wider WarSwiss Bank Requests Destruction of DocumentsVulnerability Exploit Attempts Surge Tenfold Against Ukrainian Websites Tweet of the Week (40:40)https://twitter.com/gyarbij/status/1499289498005422083 Come on! Like and bloody well subscribe!

This Week in InfoSec (11:37)With content liberated from the “today in infosec” twitter account and further afield23rd February 2005: The discovery of the first mobile phone virus, Cabir, is accounced. Specifically, Cabir is a worm which infects phones running the Symbian OS. Whenever an infected phone is activated, the message “Caribe” is displayed. Infected phones also attempts to spread the virus through Bluetooth signals. Billy Big Balls (21:51)https://nypost.com/2022/02/24/ukrainian-women-say-russian-troops-are-flirting-with-them-on-tinder/From Russia with lust.Russian soldiers poised to invade Ukraine have bombarded women on the other side of the border with Tinder messages Tuesday, according to the Sun.Dasha Synelnikova’s app lit up with matches from soldiers named Andrei, Alexander, Gregory, Michail and “Black” some 20 miles away, the report said.“I actually live in Kyiv but changed my location settings to Kharkiv after a friend told me there were Russian troops all over Tinder,” Synelnikova, a 33-year-old video producer, told the outlet.Many would-be paramours reportedly flirted with treachery as they gave away their military positions while forces assembled north of Kharkiv prepared for what appeared to be an imminent attack, according to Ukrainian military intelligence officials.“One muscular guy posed up trying to look sexy in bed posing with his pistol. Another was in full Russian combat gear and others just showed off in tight stripy vests,” Synelnikova told the British paper. Rant of the Week (28:57)A War in Europe Is Being Documented One Social Media Post at a TimeThe rest of the world watches Russia's invasion into Ukraine through the lens of Twitter and Tiktok. Industry News (35:28)Banking World Rocked After Leak Exposes 18,000 Credit Suisse AccountsTeen Framed for Cybercrime Files LawsuitUS Receives Ransomware WarningEU Deploys Cyber Response Unit to UkraineOfcom Set to Crack Down on Phone FraudVishing Makes Phishing Campaigns Three-Times More SuccessfulNonprofits Form Cyber CoalitionWMATA Twitter Account HackedUkraine Attacked with ‘Wiper’ Malware Tweet of the Week  (44:10)https://twitter.com/dcuthbert/status/1496935547171835911 Come on! Like and bloody well subscribe!

 This Week in InfoSec (07:54)With content liberated from the “today in infosec” Twitter account and further afield15th February 1999Computer owners (dominated by Linux users) marched on Microsoft’s offices demanding refunds for the copies of Windows that came pre-installed on their computers. This day came to be known as Windows Refund Day.15th February 2007: TSA Removes Online Traveller Redress System.  The Transportation Security Agency has removed from its website an online system designed for travellers who have been told they are on a watchlist and inserted a statement that the agency takes information security seriously, following reporting by 27B (and others) that the site could put travellers at risk of identity theft and looked like online fraud. Rant of the Week (17:41)3G network shutting down could disable millions of home security alarms and car safety systemshttps://apple.news/AuLfeucEvTSOwz1aqMIUDowMillions of burglar alarms, car safety systems, GPS trackers, medical monitors, and even prisoner ankle tags could stop working when American 3G mobile networks shut down later this year. Billy Big Balls of the Week (29:26)Gary Bowser was recently sentenced to over 3 years in prison and ordered to pay millions to Nintendo for what his lawyers say was a relatively minor role in a Nintendo Switch piracy ring.He was the victim of domestic violence from a girlfriend, and another girlfriend of his was murdered. His older brother died in a plane crash, and Bowser’s mother died when he was 15, the court record adds. In response, Bowser drank, the court records state.Bowser was charged in Canada in 2004 in a fraud case concerning less than $5,000, the court records say. In 2018, he contracted lymphedema, likely from a mosquito bite, which “caused morbid swelling of his left leg,” the lawyers wrote.When Bowser did join Xecutor, he was the only member who did so under his own identity; his colleagues were pseudonymous on the site. Xecutor as “one of the most prolific video game hacking groups,” and said that Bowser also administered a website called rom-bank.com which contained illegal copies of over 10,000 video games, Bowser was paid $500 to $1,000 a month over the course of seven years to maintain the organization’s websitesLast week, Bowser was sentenced to more than three years in prison and has agreed to pay $4,500,000 in restitution to Nintendo. In a related civil lawsuit that concluded in December, a court ordered Bowser to also pay $10,000,000.https://www.vice.com/en/article/epxm5n/gary-bowser-small-apartment-owes-nintendo-10-million Unskilled hacker linked to years of attacks on aviation, transport sectorsFor years, a low-skilled attacker has been using off-the-shelf malware in malicious campaigns aimed at companies in the aviation sector as well as in other sensitive industries.The threat actor has been active since at least 2017, targeting entities in the aviation, aerospace, transportation, manufacturing, and defence industries.Tracked as TA2541 by cybersecurity company Proofpoint, the adversary is believed to operate from Nigeria and its activity has been documented before in the analysis of separate campaigns. Industry News (37:18) Trustpilot Sues Immigration Biz for Alleged Fake ReviewsInternet Society Data LeakedHealthcare Data Breaches Impact 147k IllinoisansFinance Officer Jailed After Stealing £200,000 from CharityRed Cross Attackers Exploited Zoho Bug Used by ChinaGrand Prix CFO Sentenced for Identity TheftResearchers Block "Largest Ever" Bot AttackData Privacy Lawsuit Could Cost Meta $90mPhishing Top Threat to US Healthcare Tweet of the Week (44:32 )https://twitter.com/zebpalmer/status/1492742757185556483   https://twitter.com/JackRhysider/status/1494330800564625413 [That was this week's TWEET OF THE WEEK!] Come on! Like and bloody well subscribe!

This Week in InfoSec (04:44)February 5th 2009 Come on Kaspersky, if you think you’re hard enough..February 5th 2009 The Sophos snowball fightFebruary 9th 2009 Hacked road sign warns of British invasion Rant of the Week (16:01)Hackers are hitting Britain where it hurts by targeting some of its favourite savoury snacks, with the likes of Hula Hoops, KP Nuts, Butterkist popcorn and Nik Naks in their cyber sights.Hackers hold Hula Hoops hostage in cyber-raid on Britain's KP Snacks | Reuters Billy Big Balls of the Week  (22:48)A woman accused of laundering billions of dollars in stolen cryptocurrency alongside her husband may end up becoming better known for her excruciating music career as a self-styled “raunchy rapper” called Razzlekhan.‘Sexy horror comedy’: Bitcoin laundering suspect is also ‘raunchy rapper’ Razzlekhan | Cryptocurrencies | The Guardian Industry News  (29:50)DDoS Attacks Hit All-time HighCalifornian College Attacked with RansomwareSANS Institute Launches Nationwide Scholarship ProgramICO Hit by 2650% Rise in Email AttacksAlmost $1.3bn Paid to Ransomware Actors Since 2020CISOs Reveal Biggest Challenges for Security Teams Tweet of the Week  (38:58)https://twitter.com/d0rkph0enix/status/1491914588811501568  Come on! Like and bloody well subscribe!

This Week in InfoSec (05:24)With content liberated from the “today in infosec” Twitter account and further afield30th January 1982: The first computer virus was written.  Richard Skrenta writes the first PC virus code, which is 400 lines long and disguised as an Apple II boot program called “Elk Cloner“.3rd February 1986: "Vaporware" Announced.  Time magazine reports on frustrations with the slow development of software for use in the computer industry. Reporter Philip Elmer-DeWitt complained about delays in Microsoft Corporation's new Windows operating system, which had been delayed much longer than promised. Silicon Valley pundits had taken to calling such software "Vaporware," the magazine noted.30th January 2007:  Six years after the launch of Windows XP, the infamous operating system, Windows Vista, was released to an unsuspecting public. For various reasons, the launch of Vista was marred by numerous incompatibility, stability, and otherwise onerous problems. While Microsoft actually made Vista much more palatable after 2 Service Pack upgrades, the damage was already done. Vista’s reputation never recovered. Many wonder if this is why Microsoft so quickly followed only two years later with Windows 7. Rant of the Week (10:45)Execs keep flinging money at us instead of understanding security, moan infosec prosFresh from years of complaining about underfunding and not having enough staff to deal with problems, infosec bods are now complaining that corporate execs merely firehose cash at them without getting their own hands dirty or engaging with the problem.That's one conclusion that could be drawn from a Trend Micro study published yesterday. Around half of businesses surveyed are spending more on "cyber attacks" than they used to, it said, while a similar number reckon their C-suites don't know what "cyber risk management" means – possibly something about ensuring monitors are firmly bolted to desks. Billy Big Balls of the Week (16:55)How a US hacker took down North Korea's internet in a revenge cyber-attackThe blame for North Korea's persistent internet failures does not lie with the United States Cyber Command or any other state-sponsored hacker organisation.In fact, it was the work of an American man, who sat in his living room night after night, watching Alien movies and munching on spicy corn snacks—and periodically walking over to his home office to check on the progress of the programmes he was running to disrupt the internet of an entire country.US Hacker Brings Down North Korea's Internet After Latter's Attack On Security ResearchersFacebook says Apple iOS privacy change will result in $10 billion revenue hit this year Industry News (23:55)Social Security Numbers Most Targeted Sensitive DataFBI: Olympic Athletes Should Leave Devices at HomeBritish Council Students' Data Exposed in Major BreachData Leak Exposes IDs of Airport Security WorkersScottish Agency Still Recovering from 2020 Ransomware AttackFake Influencer Flags Hacking TacticsOnline Thieves Steal $320m from Crypto Firm WormholeHome Improvement Firm Fined £200k for Nuisance CallsGrowing Number of Phish Kits Bypass MFA Tweet of the Week (30:23)https://twitter.com/1MrStoner/status/1488941503049261059   Come on! Like and bloody well subscribe!

This Week in InfoSec (07:20)With content liberated from the “today in infosec” Twitter account and further afield26th January 2011: Facebook Enables HTTPS So You Can Share Without Being Hijacked.  Facebook announced Wednesday it would begin supporting a feature to protect users from having their accounts hijacked over Wi-Fi connections or snooped on by schools and businesses.19th January 2012: Feds Shutter Megaupload, Arrest Executives.  Since the shutdown of Megaupload, stories have erupted about the life and exploits of the company’s founder, a self-styled “Dr. Evil” of file sharing. Kim Dotcom’s opulent digs, high-end cars, fondness for models and other Bond-villain-esque behaviours have been splashed across websites and have confused evening newscasts for the last week.25th January 2003: A new worm took the Internet by storm, infecting thousands of servers running Microsoft’s SQL Server software every minute. The worm, which became known as SQL Slammer, eventually became the fastest-spreading worm ever and helped change the way Microsoft approached security and reshaped the way many researchers handled advisories and exploit code. The Inside Story of SQL Slammer.  Rant of the Week (15:35)Court papers indicate text messages from HMRC's 60886 number could snoop on Brit taxpayers' locationsBritain's tax collection agency asked a contractor to use the SS7 mobile phone signalling protocol that would make available location data of alleged tax defaulters, a High Court lawsuit has revealed.Her Majesty's Revenue and Customs had the potential to use SS7 to silently request that tax debtors' mobile phones give up location data over the past six years, according to papers filed in an obscure court case about a contract dispute. Billy Big Balls of the Week (25:31)Unmasking Poopsenders, The Anonymous Website That Sends People Fake PoopSince 2007, Poopsenders.com has let people send packages filled with disturbingly realistic feces. Now, 'United States of America v. Poopsenders.com' has named two men who may be responsible. Industry News (34:25)Merck Wins $1.4bn NotPetya Payout from InsurerCyber Essentials Overhauled for New Hybrid Working EraExperts Call for More Open Security Culture After VW SackingEyeMed Fined $600k Over Data BreachGovernment Trials Effort to Make Bug Scanning EasierBest Cybersecurity Research Paper RevealedNorth Korea Loses Internet in Suspected Cyber-AttackFlorida Considers Deepfake BanIT and DevOps Staff More Likely to Click on Phishing Links Tweet of the Week (41:12)https://twitter.com/ra6bit/status/1486695164332711939 Come on! Like and bloody well subscribe!

This Week in InfoSec (06:23)With content liberated from the “Today in InfoSec” twitter account and further afield19th January 1999: The Happy99 worm first appeared. It invisibly attached itself to emails, displayed fireworks to hide the changes being made, and wished the user a happy New Year. It was the first of a wave of malware that struck Microsoft Windows computers over the next several years, costing businesses and individuals untold amounts of money to resolve. 19th January 1999: RIM introduces the BlackBerry. The original BlackBerry devices were not phones, but instead were the first mobile devices that could do real-time e-mail. They looked like big pagers.  It is alleged the name “BlackBerry” came from the similarity that the buttons on the original device had to the surface of a blackberry fruit.London riots: how BlackBerry Messenger played a key role Rant of the Week (18:01)Singapore gives banks two-week deadline to fix SMS securityA widespread phishing operation targeting Southeast Asia's second-largest bank – Oversea-Chinese Banking Corporation (OCBC) – has prompted the Monetary Authority of Singapore (MAS) to introduce regulations for internet banking that include use of an SMS Sender ID registry.Singapore banks have two weeks to remove clickable links in text messages or e-mails sent to retail customers. Furthermore, activation of a soft token on a mobile device will require a 12-hour cooling off period, customers must be notified of any request to change their contact details, and fund transfer threshold will by default be set to SG$100 ($74) or lower.MAS has also offered a vague directive requiring banks to issue more scam education alerts, and to do so more often. Billy Big Balls of the Week  (25:49)Train Robberies Are BackFreight trains loaded with valuable merchandise sitting on apparently unguarded tracks make for awfully inviting targets.For months, Union Pacific freight trains have been getting systematically robbed in the Los Angeles area, according to local news reports, as thieves target valuable merchandise and online orders from retailers like Amazon sitting on delayed trains.Superyacht Security: The 10 Best Ways To Protect From Pirates And Paparazzi Industry News (33:12)European Regulators Hand Out €1.1bn in GDPR FinesNCA: Kids as Young as Nine Have Launched DDoS AttacksGovernment to Regulate Crypto Advertising in New Crack DownMan Charged with Smuggling Tech Exports to IranResearchers Hack Olympic Games AppRed Cross: Supply Chain Data Breach Hit 500K PeopleEleven Arrested in Bust of Prolific Nigerian BEC GangTwitter Mentions More Effective Than CVSS at Reducing ExploitabilityBiden Signs Memo to Boost National Cybersecurity Tweet of the Week (42:00)https://twitter.com/blkcybersources/status/1483826713561862159?s=21https://twitter.com/BLKCybersources/status/1483826713561862159/photo/1 Come on! Like and bloody well subscribe!

This week in Infosec (06:30)With content liberated from the “today in infosec” twitter account12th January 1981: Time Magazine published "Superzapping in Computer Land". Its primary focus was four 13-year-olds from New York City who broke into 2 computer networks and destroyed 1 million bits of data. Yes, a whopping 0.125 MB. Have a read of the article.Superzapping in Computer Land - The ride of the "Dalton Gang"https://twitter.com/todayininfosec/status/148135276347683225613th January 1989: The “Friday the 13th” virus strikes hundreds of IBM computers in Britain. This is one of the most famous early examples of a computer virus making headlines.THE EXECUTIVE COMPUTER; Friday the 13th: A Virus Is Lurking Rant of the Week (13:43)Dev corrupts NPM libs 'colors' and 'faker' breaking thousands of appsUsers of popular open-source libraries 'colors' and 'faker' were left stunned after they saw their applications, using these libraries, printing gibberish data and breaking.Some surmised if the NPM libraries had been compromised, but it turns out there's much more to the story.The developer of these libraries intentionally introduced an infinite loop that bricked thousands of projects that depend on 'colors' and 'faker.'  Billy Big Balls of the Week (23:18)Info-saturated techie builds bug alert service that phones you to warn of new vulnsAn infosec pro fed up of having to follow tedious Twitter accounts to stay on top of cybersecurity developments has set up a website that phones you if there's a new vuln you really need to know about. Industry News (30:37)FlexBooker Reveals Major Customer Data BreachForensics Expert Kept Murder Snaps on PCRomance Scammers Stole £92m From Victims Last YearEuropean Union to Launch Supply Chain Attack SimulationEuropol Ordered to Delete Vast Trove of Personal InformationTeen Makes Tesla Hacking ClaimTwo Years for Man Who Used RATs to Spy on Women and ChildrenFCC Proposes Stricter Data Breach Reporting RequirementsNew "Undetected" Backdoor Runs Across Three OS Platforms Tweet of the Week (38:32)https://twitter.com/dominotree/status/1481646565869584385?s=21 Come on! Like and bloody well subscribe!

This Week in InfoSec (6:20)With content liberated from the “today in infosec” twitter account1st January 1997: The Cult of the Dead Cow admitted it was responsible for the Good Times virus hoax of 1994.Good times virushttps://twitter.com/todayininfosec/status/1212558619205607426[Covered this story last month so will axe it]2nd January 1975: Gates and Allen Name "Micro-Soft".  Microsoft founders Bill Gates and Paul Allen write a letter to MITS, the Albuquerque, New Mexico, company that manufactured the Altair computer, offering a version of BASIC for MITS's "Altair 8800" computer. The contract for BASIC reflected the first time Gates and Allen referred to themselves as the company Microsoft, spelled in the document as "Micro-Soft."Gates and Allen name Micro-SoftMicrosoft v. MikeRoweSoft3rd January 1977: Apple Computer, Inc. is IncorporatedApple Computer, Inc. is incorporated by Steven Jobs and Stephen Wozniak. Its IPO, which took place three years later, was the largest one since the Ford Motor Company went public in 1956. The stock rose almost 32% that day giving the company a market valuation of $1.778 billion. Seven years later, on January 24, 1984, the company revealed the Macintosh personal computer in a publicity campaign that compared IBM with Big Brother and Apple as the savior of the masses.Apple becomes first company to hit $3 trillion market value, then slips Rant of the Week (17:22)Remember Norton 360's bundled cryptominer? Irritated folk realise Ethereum crafter is tricky to deleteBack in June, NortonLifeLock, owner of the unloved PC antivirus product, declared it was offering Ethereum mining as part of its antivirus suite. NortonLifeLock's pitch, was that people dabbling in cryptocurrency mining probably weren't paying attention to security – so what better way than to take up a cryptocurrency miner than installing one from a trusted consumer security brand?In return for you installing their cryptominer on your home PC, NortonLifeLock skims off a mere 15 per cent of whatever digital currency you generate. https://twitter.com/jwz/status/1478022085737803776?s=20 Billy Big Balls (25:18)A set of balls to bring us back Former CEO of Theranos Elizabeth Holmes convicted on 4 countsUS clothing supplier Pro Wrestling Tees hit by data breachA quick story that is near and dear to mine and Andy’s heart - which Thom will have absolutely no idea about. But Pro wrestling Tee’s - which sells t-shirts designed by professional wrestlers, has discovered that some customers’ credit card numbers have been compromised in a data breach. a small portion of our customers’ credit card numbers had been compromised,” reads a breach notification letter signed by Pro Wrestling Tees owner Ryan Barkan“We immediately conducted a thorough investigation of our system and concluded that a malicious virus was the source of the breach.”A cybersecurity firm has since helped to remove the malware.Barkan added that they had found “no evidence that current individual personal information has been compromised”, or evidence “of any current misuse of your information” – despite admitting that the payment details were accessed.You may be thinking that this isn’t a big deal. But what kind of Jabroni thinks it’s a good idea to attack a wrestling store. It’s almost like they’re looking for a smack down. I get it, they may have thought - oooh what a rush, but whatcha gonna do? Whatcha gonna do when the feds come looking for you brother? Criminals can rest in peace - and that’s the bottom line, cos the host unknown podcast said so. [That was this weeks BILLY BIG BALLS] Jav: Industry News (39:53)Microsoft Fixes New Year's Day Exchange Server BugUK Defence Academy Attack Forced IT RebuildInvestigation Launched into App “Selling” WomenFTC: Patch Log4j Now or Risk Major FinesUK's Information Commissioner Starts New Role Amid Major ChangesMorgan Stanley Agrees to Data Breach SettlementCredential Stuffers Compromised 1.1 Million AccountsCrypto Firm Pulls the Rug from Under Investors with $10m ScamMan Pleads Guilty to $50m Investment Fraud Scheme Tweet of the Week (43:15)https://twitter.com/avrovulcanxh607/status/1445102818348699746Ceefax replica goes TITSUP* as folk pine for simpler timesBut creator runs server from home – we can forgive himA young man who would have been around 10 when the plug was pulled on Ceefax has recreated the BBC's teletext information service online, replete with a digital remote control to punch in the number of your choice.NMS Ceefax The joke that Jav didn't understand: Come on! Like and bloody well subscribe!

This Week in InfoSecWith content liberated from the “today in infosec” twitter account16th December 1988: 25-year-old computer hacker Kevin Mitnick was charged for crimes including theft of software from DEC (Digital Equipment Corporation), including VMS source code and allegedly causing $4 million in damages to DEC.Ex-Computer Whiz Kid Held on New Fraud Countshttps://twitter.com/todayininfosec/status/147163999100882534415th December 1994: Netscape Communications Corporation releases Netscape Navigator 1.0, the world’s first commercially developed web browser, although this particular version was free for non-commercial use.15th December 1995: Developed by researchers at Digital Equipment Research Laboratories, the AltaVista search engine is launched. It was the first worldwide    web search service to gain significant popularity. One of the most popular search engines in the early world wide web, Google didn’t overtake AltaVista until 2001. AltaVista was eventually purchased by Yahoo! in 2003. Rant of the Week (15:49)Thom starts but quickly hands the baton Jav who takes a clear lead on this weeks rant... about Andy. This is Andy's response:Songs that build up tension and stumble forward: Songs that skip a beat Billy Big Balls of the Week (21:34)National Lottery scratch card fraud: Men jailed over £4m jackpot claimI talk about the time Thom went solo with (TL)2 ventures and highlights how going solo is a brave move for someone in a cushy CISO job.  Industry News (28:23)Hackers Target India’s Prime Minister“Worst-Case Scenario” Log4j Exploits Travel the GlobeChristmas Payroll Fears After Ransomware Hits Software ProviderGrindr Fined €6.5m for Selling User Data Without Explicit ConsentLog4j Looms Large Over Patch TuesdayFrance Orders Clearview AI to Delete DataRegulator: Venues Must Protect User Privacy During #COVID19 ChecksAll Change at the Top as New Ransomware Groups EmergeUS and Australia Enter CLOUD Act Agreement Tweet of the Week ( 38:09)https://twitter.com/GeekChickUK/status/541242616407687168?s=20 Come on! Like and bloody well subscribe!

Andy’s mattressThis Week in InfoSec (11:46)With content liberated from the “today in infosec” Twitter account 7th December 1999: The Recording Industry Association of America sues the peer-to-peer file sharing service Napster alleging copyright infringement for allowing users to download copyrighted music for free. The RIAA would eventually win injunctions against Napster forcing the service to suspend operations and eventually file bankruptcy. In the end the RIAA and its members would settle with Napster’s financial backers for hundreds of millions of dollars.How The Founder of Napster Trolled Metallica at the VMAsShawn Fanning at the MTV Video Music Awards in 2000 December 2009, when Yahoo! Doesn't Want You To Know Its Spying Price List; Issues DMCA TakedownCompliance Guide for Law Enforcement Rant of the Week (22:37)The vice president should not be using Bluetooth headphonesThis week, Politico opened its newsletter with an article on Vice President Kamala Harris’ aversion to using Bluetooth headphones. The VP was “Bluetooth-phobic,” the story claimed, “wary” of her AirPods and cautious with her technology use to an extent former aides described as “a bit paranoid.” Proof could be seen in her televised appearances: wires dangling from her ears in an interview with MSNBC’s Joy Reid or clutched in her hand during the famous “We did it, Joe” call.But for a high-profile public official, this is a lot more reasonable than you might think. As security researchers were quick to point out, Bluetooth has a number of well-documented vulnerabilities that could be exploited if a bad actor wanted to hack, say, the second most powerful person in the US government. Billy Big Balls of the WeekFeds charge two men with claiming ownership of others' songs to steal YouTube royalty paymentsAlleged scheme said to have netted $20m since 2017"Batista and Teran perpetrated their fraud by falsely representing to Y.T. [YouTube] and to A.R., an intermediate company responsible for enforcing their music library, that they were the owners of a wide swath of music and that they were entitled to collect any resulting royalty payments."The government claims that around April, 2017, two men, through their company MediaMuv, LLC, entered into a contract with A.R., which administers and distributes YouTube royalty payments, claiming to control a 50,000 song catalog of music.They subsequently sent the corresponding song files to A.R., which in turn uploaded the files to YouTube, the indictment claims. The court filing cites as an example the song "Viernes Sin Tu Amor," which A.R. is said to have uploaded to YouTube in 2017 and has earned around $24,000 in royalty payments since then.This was allegedly done for numerous songs, with A.R. eventually, at the direction of the MediaMuv, writing to YouTube "to bulk clear potential copyright conflicts from MediaMuv's entire music catalog." Industry News (36:28) Nine State Department Phones Hijacked by SpywareCyber-attack Closes UK Convenience StoresFrench Transport Giant Exposes 57,000 Employees and Source CodeHotel Guests Locked Out of Rooms After Ransomware AttackPassports Now Most Attacked Form of IDAWS Outage Hits Eastern USIT Execs Half as Likely to Face the Axe After BreachesMost Phishing Pages are Short-livedHalf of Websites Still Using Legacy Crypto Keys Tweet of the Week (44:08)https://twitter.com/TJ_Null/status/1469006847449440262https://twitter.com/johnjhacking/status/1468860997272174594 Come on! Like and bloody well subscribe!

This Week in InfoSec (06:57)With content liberated from the “today in infosec” twitter account4th December 2013: Troy Hunt launched the site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed.  https://twitter.com/todayininfosec/status/13350202387657441291st December 1996: America Online launches a new subscription plan offering their subscribers unlimited dial-up Internet access for $19.95/month. Previously, AOL charged $9.95/month for 5 hours of usage. The new plan brought in over one million new customers to AOL within weeks and daily usage doubled among subscribers (to a whole 32 minutes per day!). AOL goes unlimited Billy Big Balls of the Week (16:06)https://www.bleepingcomputer.com/news/security/former-ubiquiti-dev-charged-for-trying-to-extort-his-employer/ Industry News (21:15)Clearview AI to be Fined $22.6m for Breaching UK Data Protection LawsCyber Essentials Set for Major Update in 2022Texas School District to Scan Children's DevicesMI6 Boss: Digital Attack Surface Growing "Exponentially"Organizations Now Have 76 Security Tools to ManageTwitter to Remove Private MediaRussian Bulletproof Hosting Kingpin Gets Five YearsPolice Arrest 1800 in Major Money Laundering CrackdownPhishing Scam Targets Military Families Tweets of the Week (29:50)https://twitter.com/j_opdenakker/status/1466380453036838913https://twitter.com/bettersafetynet/status/1466460853105053699  Come on! Like and bloody well subscribe!

This Week in InfoSec (11:00)With content liberated from the “today in infosec” Twitter account23rd November 2011: It was reported that Apple took over 3 years to fix the iTunes installer vulnerability which the FinFisher remote spying Trojan exploited.Apple Took 3+ Years to Fix FinFisher Trojan Holehttps://twitter.com/todayininfosec/status/133102846161239244820th November 2000: eBay cancelled a listing for Kevin Mitnick's Bureau of Prisons inmate ID card due to uncertainty about his right to sell it. This was after an initial claim it was a prohibition from committing a "violent felony" and profiting from it.eBay pulls Kevin Mitnick trinkets: Taking a firm stand against "violent felons"https://twitter.com/todayininfosec/status/1329940298399703042 Rant of the Week (18:50)SSL keys, sFTP passwords and more exposed after someone broke into GoDaddy Managed WordPress using 'compromised password'GoDaddy has admitted to America's financial watchdog that one or more miscreants broke into its systems and potentially accessed a huge amount of customer data, from email addresses to SSL private keys.In a filing on Monday to the SEC, the internet giant said that on November 17 it discovered an "unauthorized third-party" had been roaming around part of its Managed WordPress service, which essentially stores and hosts people's websites.GoDaddy’s chief information security officer Demetrius Comes said his company "immediately began an investigation with the help of an IT forensics firm and contacted law enforcement."Those infosec sleuths, we're told, found evidence that an intruder had been inside part of GoDaddy's website provisioning system, described by Comes as a "legacy code base," since September 6, gaining access using a "compromised password."GoDaddy’s latest rebranding is a break from its sexist past Billy Big Balls of the Week (28:36)Huge fines and a ban on default passwords in new UK lawThe government has introduced new legislation to protect smart devices in people's homes from being hacked.Recent research from consumer watchdog Which? suggested homes filled with smart devices could be exposed to more than 12,000 attacks in a single week.Default passwords for internet-connected devices will be banned, and firms which do not comply will face huge fines. Industry News (34:36)Sky Slow to Fix Bug in RoutersGoDaddy Announces Data BreachTeen Accused of Stealing Bitcoin Worth $36.5MMultiple Bugs Enable Eavesdropping on 37% of Android PhonesApple Sues “State-Sponsored” Spyware Firm NSO GroupMalicious JavaScript Loader is a Multi-RAT DispenserYouTube Live Crypto Scams Made Nearly $9m in OctoberUK Introduces New Cybersecurity Legislation for IoT DevicesUkrainian Cops Bust Mobile Device Hacking Group Tweet of the Week (43:09)https://twitter.com/sociosploit/status/1462440968658079763https://twitter.com/Raspberry_Pi/status/1463803587180511233?s=20 Come on! Like and bloody well subscribe!

IRISSCON - https://www.iriss.ie/ This week in Infosec (12:19)With content liberated from the “today in infosec” twitter account15th November 1994: The earliest known example of the Good Times email hoax virus was posted to the TECH-LAW mailing list. Variants of the hoax spread for several years. In 1997, Cult of the Dead Cow (cDc) claimed responsibility for initiating the hoax. Good Times Virus Hoaxhttps://twitter.com/todayininfosec/status/119535364385739162312th November 2012: John McAfee went into hiding because his neighbor Gregory Faull was found dead from a gunshot the day before. Belize police wanted McAfee to come in for questioning, but McAfee stated the police were “out to get him”. John McAfee hiding from police after businessman's murder in Belizehttps://twitter.com/todayininfosec/status/1326993312247656451 The Box © Charlie Langford Rant of the Week (18:52)Amazon tells folks it will stop accepting UK Visa credit cards via weird empty emailHow will you be able to buy things you can't afford now?Amazon has confirmed it will no longer accept payment via Visa credit cards issued in the United Kingdom after several Reg readers wrote in complaining of a cryptic message they'd been sent this morning.The online sales giant has indicated the move was "due to the high fees Visa charges for processing credit card transactions." Billy Big Balls of the Week (26:22)New Memento ransomware switches to WinRar after failing at encryption(The embodiment of: Improvise, adapt, overcome)A new ransomware group called Memento takes the unusual approach of locking files inside password-protected archives after their encryption method kept being detected by security software. Industry News (33:15)FBI Fixes Misconfigured Server After Hoax Email AlertCryptojackers Disable Alibaba Cloud Security AgentChina Telecom Appeals Against US BanEmotet is Rebuilding its BotnetGhostwriter Disinformation Operation Linked to BelarusUS to Sell $56m in Seized Crypto-CurrencyThreat Actors Discuss Leasing Zero-Day ExploitsChina's APT41 Manages Library of Breached CertificatesRussian Cybercrime Forums Open Doors to Chinese-Speakers Tweet of the Week (39:15)https://twitter.com/benawad/status/1460738174783791105 Come on! Like and bloody well subscribe!

This Week in InfoSec (09:55)With content liberated from the “today in infosec” twitter account10th November 1983: At a security seminar, Len Adleman used "virus" in connection with self-replicating computer programs. Afterwards, use of the term took off. But it wasn't the first use of "virus" in this way - the 1973 movie "Westworld" used it to describe malfunctions spreading in robots.https://twitter.com/todayininfosec/status/1193706921733189632 Rant of the Week (14:24)EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login formsAccording to the report, Outpost24's "2021 Web Application Security for Healthcare," EU pharmaceutical businesses often run large numbers of web applications and 3.3% of those scanned by the firm are deemed "suspicious," including open test environments that should have been closed. In addition, 18% of organizations analyzed are using outdated, unpatched web components that contain known vulnerabilities. US healthcare organizations have roughly the same amount of suspicious apps in operation but tend to run far fewer apps on the whole -- however, 23.74% of them are outdated.Over 200 EU pharmaceutical application forms noted in the report are operating without encryption, which puts users at risk of both the interception and theft of their information online. Outpost24 said that basic SSL failures, privacy policy misconfigurations, and cookie settings also feature as common security and compliance problems. The damage a cyberattack can cause a healthcare or pharmaceutical company can be severe. The COVID-19 pandemic put a target on the back of many of these organizations, with an Oxford University lab with COVID-19 research links and the UK Research and Innovation organization being only two examples of recent victims of incidents leading to data theft and disruption.  Billy Big Balls of the Week (21:18)Hack leaves fertility clinic medical data at riskThe Lister Fertility Clinic said the firm, which it used for scanning medical records, had been "hacked" by a"cyber-gang", in a letter sent to about 1,700 patients. Industry News  (27:32)Ukraine Unmasks Armageddon Group as FSB OfficersFacial Recognition Firm Could Be Ordered to "Close" in UK, Warn ExpertsOne in Three Workers Monitored by Their EmployersRobinhood Data Breach Hits Seven Million CustomersUS to Charge Suspects Over Kaseya Ransomware AttackClass Action Against Google BlockedAnglers Redirected to PornhubScam PACs Allegedly Stole $3.5m from Trump VotersResearchers Uncover Prolific Hacker-for-Hire Group Tweet of the Week (35:44)https://twitter.com/bcmerchant/status/1457849195738451975https://twitter.com/sherrod_im/status/1458460638561382401 Come on! Like and bloody well subscribe!

This week in infosecWith content liberated from the “today in infosec” twitter accountHonourable mention for the Morris Worm3rd November 2000: A Dutch hacker gained access to Microsoft's network by exploiting a vulnerability Microsoft issued a patch for 10 weeks earlier. The Patch MS Forgot to Applyhttps://twitter.com/todayininfosec/status/132380788942589542425th October 2013: Adobe revealed that a breach of 2.9 million customer accounts made public 3 weeks earlier actually affected 38 million users.Adobe breach THIRTEEN times worse than thought, 38 million users affectedhttps://twitter.com/todayininfosec/status/1323807889425895424  Rant of the weekCisco fixes hard-coded credentials and default SSH key issuesBilly big balls These Parents Built a School App. Then the City Called the CopsStockholm’s official app was a disaster. So annoyed parents built their own open source version—ignoring warnings that it might be illegal.[INDUSTRY NEWS]Cops Receive Stalkerware TrainingConti Group Leak Celebs' Data After Ransom Attack on JewellerVenmo to Reimburse Hacking VictimsBlackMatter Group Speeds Up Data Theft with New Tool Student Loans Company Dismissals Highlight Insider Risk NSO Group Blacklisted by US for Trade in SpywareCyber-Incident Impacts UK Labour Party#SecTorCa: Jeff Moss Defines the Role of Hacking Threat Actor Claims 'Groove' Ransomware Gang Was HoaxTweet of the weekhttps://twitter.com/summer__heidi/status/1456099556622364672  Come on! Like and bloody well subscribe!

This Week in InfoSec (08:13)With content liberated from the “today in infosec” Twitter account29th October 1969: The first message sent over the ARPANET was from Leonard Kleinrock’s UCLA computer, sent by student programmer Charley Kline at 10:30 PM to the second node at Stanford Research Institute’s computer in Menlo Park, California.The message was simply "Lo." But not on purpose.Charley Kline Sends the First Message Over the ARPANET from Leonard Kleinrock's Computerhttps://twitter.com/todayininfosec/status/132186187898595328225th October 2008: A 43-year-old woman in Japan was arrested after she hacked into the computer of the man she'd married in the online game MapleStory and erased his carefully constructed digital character after their relationship curdled.Woman faces jail for hacking her virtual husband to deathhttps://twitter.com/todayininfosec/status/1320513559500128257 Rant of the Week (18:18)Why You Should Delete Your Facebook AppA stark new warning for almost all iPhone users, as Facebook is suddenly caught “secretly” harvesting sensitive data without anyone realizing. And worse, there’s no way to stop this especially invasive tracking other than by deleting the app. Billy Big Balls of the Week (27:15)Teen bought Google ad for his scam website and made 48 Bitcoins duping UK online shoppersThe schoolboy set up a website impersonating gift voucher site Love2Shop. Having done that he then bought Google ads which resulted in his fake site appearing above the real one in search results. Industry News (34:03) Government Agents Compromise REvil Backups to Force Group OfflineHalloween Horror-Show for Candy-Maker Hit by RansomwareNew Cybersecurity World Record SetTesco App and Website Back Online After Cyber IncidentBlackMatter Bug Saved Victims Millions in Ransom PaymentsStudy Coordinator Falsified Clinical Trial DataEC-Council Offers Free Cybersecurity TrainingOfcom's Scam Call-Blocking Plan Could Save Consumers MillionsNorth Korean Lazarus APT Targets Software Supply Chain Tweet of the week (41:28)https://twitter.com/coriplusplus/status/1453483418944159748https://twitter.com/MegabitMeghan/status/1453398057312215042 Come on! Like and bloody well subscribe!

This Week in InfoSec (13:03)With content liberated from the “today in infosec” Twitter account20th October 1996: Twenty-five years ago today. Happy birthday, Ping of Death. Ping of Deathhttps://twitter.com/ajMSFT/status/1450833383597043713?s=2015th October 1985: 50 FBI agents raided more than 20 homes, seizing 25 personal computers (mostly Commodore 64s) after a group of at least 23 teenagers in San Diego County remotely broke into Chase Manhattan Bank computer systems that July and August.CHASE COMPUTER RAIDED BY YOUTHShttps://twitter.com/todayininfosec/status/1184283049204174849 On the Group Chat (20:27) From @maxsec friend of the show:Cybercrime gang sets up fake company to hire security experts to aid in ransomware attackshttps://twitter.com/campuscodi/status/1451241038908121099 Billy Big Balls of the Week  (29:04)https://twitter.com/ImposeCost/status/1449738212696641538?s=20 Industry News (36:50)US Treasury Tracks $5.2bn of Ransomware Transactions in Six MonthsTwitch: No Passwords Were Taken in Data BreachUK in Midst of $200m Crypto Fraud EpidemicApple iCloud Hacker Steals NudesLightBasin Operation Compromises 13 Global Telcos in Two YearsMicrosoft, Intel and Goldman Sachs Team Up For New Supply Chain Security InitiativeTwitter Pulls Account After Argentinian Mega Breach ClaimsData Scrapers Expose 2.6 Million Instagram and TikTok UsersUS to Ban Export of Hacking Tools to Authoritarian States Tweet of the Week (46:02)https://twitter.com/ElJefeDSecurIT/status/1451232980463075332 Come on! Like and bloody well subscribe!

This Week in InfosecWith content liberated from the “today in infosec” twitter account13th October 1999: An episode of the "True Life" documentary series titled "I'm a Hacker" aired on MTV. Afterwards one of the hackers featured on the show, Shamrock, issued a statement revealing that the whole thing was a hoax to dupe MTV. D'ohMTV made to look ridiculous by fake hackerTrue Life 'I'm a Hacker' 1 of 2True Life ‘I’m a Hacker’ 2 of 2https://twitter.com/todayininfosec/status/1316187816540413953  9th October 1999: A year after Staples launched its website, it was compromised.Add malicious code? Nope.Deface with a political message. No. Redirect to a porn site? Nah. Then what!? Advertisements were added which led to one of its competitors, Office Depot. Staples Sues Unnamed Hackerhttps://twitter.com/todayininfosec/status/1314710023931559937 As Seen on RedditSuperlative levels of TechBro shithousery in the technical recruitment zone of San FranciscoTech bro invents a "skip the interview" tool where you can crowdfund your way into getting a job. r/recruitinghell is having none of it.  Billy Big Balls of the WeekFraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police FindAI voice cloning is used in a huge heist in the U.A.E., according to Dubai investigators, amidst warnings about cybercriminal use of the new technology. Industry NewsNatWest Pleads Guilty in £400m Money Laundering CaseBrewer's Token Gaffe Causes Massive PII BreachCouple Arrested Over Sale of Nuclear Secrets  Android Phones Sharing Significant User Data Without Opt-OutsNCSC CEO: Ransomware the "Most Immediate Threat" Facing UK BusinessesGhanaian Women Cautioned Against Sharing NudesCrypto Romance Scam Drains $1.4MFinancial Regulator Warns of Hybrid Working Security RisksMet Police Loses 2280 Electronic Devices in Last Two Years As Seen on TikTokThe Ron Burgandy of British "politics"Nigel Farage promoting drug dealers The Box © Charlie Langford [email protected] for all of your video and sound production and postproduction needs. Come on! Like and bloody well subscribe!

This Week in InfoSec (08:01)With content liberated from the “today in infosec” Twitter account8th September 2009: FBI director Robert Mueller disclosed that his wife banned him from banking online after he nearly fell for an email phishing scam.Wife bans FBI head from online bankinghttps://twitter.com/todayininfosec/status/13140022932269056003rd October 2017: A week after he retired as the result of Equifax's data breach, former CEO Richard F. Smith told members of Congress one person in the IT department was at fault.Equifax Breach Caused by Lone Employee’s Error, Former C.E.O. SaysHow the Equifax hack happened, and what still needs to be donehttps://twitter.com/todayininfosec/status/1312589059559170050 Rant of the Week (16:35)IKEA: Cameras were hidden in the ceiling above warehouse toilets for 'health and safety'IKEA has removed hidden security cameras from its warehouse in Peterborough, England, after an employee spotted one in the ceiling void while using the toilet. As Seen on TikTok (24:59)Facebook rendered spineless by buggy audit code that missed catastrophic network config errorFacebook has admitted buggy auditing code was at the core of Tuesday’s six-hour outage – and revealed a little more about its infrastructure to explain how it vanished from the internet.As described by rey.nbows on TIK TOK Industry News (34:18)Facebook Whistleblower to Testify Before SenatePandora Spills Secrets of Super RichDeepMind Technologies Sued Over Data SharingFacebook Blames Global Outage on Configuration ErrorText Message Giant Reveals Five-Year BreachSquid Game Scenes Cut Over Data ExposureNCSC: Revoke Admin Access for BYOD Users ImmediatelyInfosec Experts: Twitch Breach “As Bad as it Gets”US Creates National Cryptocurrency Enforcement Team Tweet of the Week (42:42)https://twitter.com/cybersecstu/status/1446104732578328583https://twitter.com/SmashinSecurity/status/1445520598017314826 The Box © Charlie Langford Come on! Like and bloody well subscribe!

Jav's Record Breakers 14th October https://www.eventbrite.ie/e/biggest-virtual-cybersecurity-lesson-tickets-166314899341 https://www.prnewswire.com/news-releases/organizers-of-security-serious-week-aim-to-set-new-guinness-world-records-title-for-viewership-of-an-online-security-lesson-301376191.html This week in InfosecWith content liberated from the “today in infosec” Twitter account27th September 2001: Jan de Wit was sentenced to 150 hours of community service in the Netherlands for creating and spreading the Anna Kournikova virus. It was one of the first of the major viruses created from a virus toolkit - the dawn of cybercrime toolkits.Kournikova virus kiddie gets 150 hours community servicehttps://twitter.com/todayininfosec/status/117777255707784396827th September 1998: On this day in 1998: Google launchesGoogle Milestones8 Search Engines That Rocked Before Google Even Existedhttps://twitter.com/JonErlichman/status/1442432706877399049?s=20   Rant of the WeekSecure those Macs: Apple must step up and support older machinesFor the good of the planet and the safety of its users, it's time for Apple to step up and support its older machines. Billy big Balls of the WeekMr GoxA hamster has been trading cryptocurrencies in a cage rigged to automatically buy and sell tokens since June - and it's currently outperforming the S&P 500 Industry NewsEU Slams Russia Over Disinformation Hacking CampaignHuawei CFO Released After Admitting She Misled BankComputer Scientist Jailed Over Dark Web ConspiracyCrypto Developer Pleads Guilty to North Korean PlotCanadian Vaccine Passport App Exposes DataSolarWinds Attackers Develop New FoggyWeb BackdoorVulnerability Exposes iPhone Users to Payment FraudScammers Capitalize on Release of New Bond MovieCyber Second Only to Climate Change as Biggest Global Risk Tweet of the Weekhttps://twitter.com/csoandy/status/1442501996750118915?s=20https://twitter.com/dcuthbert/status/1442821545047601163?s=20 "The Boc" © Charlie Langford Come on! Like and bloody well subscribe!

This Week in InfoSec (04:56)With content liberated from the “today in infosec” Twitter account18th September 2015: Google notified Symantec that the latter issued 23 test certificates for five organizations, including Google and Opera, without the domain owners' knowledge. Symantec performed an audit and announced that an additional 2,622 test certificates were mis-issued.Sustaining Digital Certificate Securityhttps://twitter.com/todayininfosec/status/143938865326496563820th September 1996: An email began spreading about a destructive virus named Irina. Some virus nerd called Graham Cluley discovered it was a hoax "marketing ploy" from Penguin Books.Computer Viruses and Hoaxeshttps://twitter.com/todayininfosec/status/1307862674387144705 The Box © Charlie Langford Rant of the Week (12:55)Investigation launched after MoD email blunder Billy Big Balls of the Week (20:55)Tick, tick, tick … TikTok China just limited kids to 40 minutes' use each day Industry News (34:17)Experts Concerned Over New Digital Secretary's Lack of Cyber KnowledgeRomance Scammers Make $133m in First Half of 2021Former IT Exec Pleads Guilty to Insider Trading ConspiracyData of 106 Million Visitors to Thailand BreachedEuropean Police Bust €10m Mafia Fraud RingPrison for AT&T Phone-Unlocking FraudsterAfghan Interpreters' Data Exposed in MoD BreachHalf of Web Owners Don't Know if Their Site Has Been AttackedUS Eye-Care Providers Report Data Breaches Tweet of the Week (41:43)https://twitter.com/aprivateguy/status/1441091095471874053?s=20https://twitter.com/ReverseICS/status/1441048111292506112And just for Andy...https://twitter.com/AlyssaM_InfoSec/status/1441135546961563649?s=20 Come on! Like and bloody well subscribe!

This Week in InfoSec (04:09)With content liberated from the “today in infosec” twitter account16th September 2008: 20-year-old David Kernell compromised the Yahoo! email account of US vice presidential candidate Sarah Palin, then posted her emails to 4chan.2 years later he was found guilty and sentenced to a year in prison. At age 30 he died of complications related to MS.Student convicted of hacking Sarah Palin e-mail accountSarah Palin email hackhttps://twitter.com/todayininfosec/status/13063605979158650979th September 2015: The security of 300 million travel locks was compromised after 3-D printing files were posted online.Then again, these travel locks never were particularly secure.Lockpickers 3-D Print TSA Master Luggage Keys From Leaked Photoshttps://twitter.com/todayininfosec/status/1303847394556219392   Tweet of the Week (13:06)https://twitter.com/yolkfolk_com/status/1438580784294735875 Sticky Pickle of the Week (18:16)Sticky Pickle of the Week is the part of the show where everyone chooses something that they like. It could be a funny story, a book they’ve read, a TV show, movie, record, a podcast, a website, or an app, whatever they like.  It doesn’t have to be security-related necessarily.Better not be!Brits open doors for tech-enabled fraudsters because they 'don't want to seem rude'Brits are too polite to tell phone scammers to "get stuffed", "take a hike" or "sling yer 'ook" when they impersonate so-called "trusted organisations" such as banks.That's according to the trade association UK Finance, which found that the number of "impersonation scam cases" more than doubled in the first half of 2021 to 33,115 – up from 14,947 during the same period last year.That is a Sticky PickleIt's time to delete that hunter2 password from your Microsoft account, says IT giantFrom this week, Microsoft won't require you, or your password manager, to come up with strings of letters, numbers, and special characters forming a silly sentence or a reconfiguration of an ex’s name and birthday to access the Windows giant's services.That is to say, you can delete the password from your Microsoft account, and login using the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your cellphone or email inbox. (Last year, Redmond said SMS codes were unsafe for authentication, we note.)That is a Sticky PickleRansomware crims saying 'We'll burn your data if you get a negotiator' can't be legally paid off anywayA couple of ransomware gangs have threatened to start deleting files if targeted companies call in professional negotiators to help lower prices for decryption tools.Grief Corp is the latest criminal crew to warn its victims with instant data destruction if it suspects a mark has engaged a mediator.In a statement posted to its Tor-hosted blog, Grief Corp said: "We wanna play a game. If we see professional negotiator from Recovery Company™ – we will just destroy the data.That is a Sticky Pickle Industry News (31:16)Poland Extradites Alleged Botnet Operator to USUK Man Gets Five Years for Online Abuse CampaignWhatsApp to Roll Out Encrypted BackupsUS Locks Up Key Player in Nigerian Romance ScamApple Releases Urgent Patch Following Discovery of Pegasus SpywareMassachusetts AG Launches Probe into T-Mobile Data BreachMicrosoft Patches OMIGOD, MSHTML and PrintNightmare BugsAmericans Fined After Hacking for Foreign GovernmentHousehold Names Hit with £500K Fine for Spamming Consumers Tweet of the Week (38:05)https://twitter.com/snipeyhead/status/1437935968460304384?s=20 Come on! Like and bloody well subscribe!

This Week in InfoSec (11:14)With content liberated from the “today in infosec” twitter account5th September 1983: The term "hacker" was used by Newsweek, mainstream media's earliest known use of the term in the pejorative sense.The magazine's cover photo of 17-year-old 414s (hacker group) member Neal Patrick was captioned '414 "Hacker" Neal Patrick.'.‘Hacker’ is used by mainstream media, September 5, 1983the414s.comhttps://twitter.com/todayininfosec/status/1302239152046563328https://en.wikipedia.org/wiki/Phreaking_box 9th September 2001: Mark Curphey started OWASP (the Open Web Application Security Project).Who is the OWASP® Foundation?https://twitter.com/todayininfosec/status/1303830903987359744    Tweet of the Week (21:26)https://twitter.com/RSnake/status/1435989191414976512?s=20 Tweet of the Week (26:41) https://twitter.com/hanbandit/status/1436008564020088833 Industry News (31:55)FTC Bans Stalkerware App in Industry FirstTexan Accused of Cyber-Stalking and Murder Dies in JailID Theft Couple on the RunICO Requests International Support to Tackle Cookie Pop-UpsCybersecurity Student Scams Senior Out of $55KStress and Burnout Affecting Majority of Cybersecurity ProfessionalsData Breach Lawsuit Against Sonic Will ProceedBerners-Lee Joins ProtonMail Following Privacy DebacleSecurity Now a "Thankless Task" For 80% of IT Teams Tweet of the Week (40:01)https://twitter.com/hondanhon/status/1436027395115393024 The Box © Charlie Langford Come on! Like and bloody well subscribe!

This Week in InfoSecWith content liberated from the “today in infosec” twitter account1st September 1997: Nmap was first released as a simple port scanner via an article in issue 51 of Phrack magazine which included the source code.http://phrack.org/issues/51/11.htmlhttps://twitter.com/todayininfosec/status/130086427849755852831st August 2014: A user of the message board 4chan posted leaked photos of actress Jennifer Lawrence and numerous other celebrities.https://mashable.com/archive/celebrity-nude-photo-hackhttps://twitter.com/todayininfosec/status/1300537361676283905   Rant of the WeekGuntrader site hacked and plotted onto Google Maps Billy Big Balls of the WeekScam artists are recruiting English speakers for business email campaignsAccording to Intel 471, forums are now being used to seek out English speakers, in particular, to bring together teams able to manage both the technical aspects and social engineering elements of a BEC scam. If a scam is to succeed, the target employee must believe communication comes from a legitimate source -- and secondary language use, spelling mistakes, and grammatical issues could all be indicators that something isn't right, in the same way that run-of-the-mill spam often contains issues that alert recipients to attempted fraud. "Actors like those we witnessed are searching for native English speakers since North American and European markets are the primary targets of such scams," the researchers say.In addition, threat actors are also trying to recruit launderers to clean up the proceeds from BEC schemes, often achieved through cryptocurrency mixer and tumbler platforms. One advert spotted by the team asked for a service able to launder up to $250,000. "The BEC footprint on underground forums is not as large as other types of cybercrime, likely since many of the operational elements of BEC use targeted social engineering tactics and fraudulent domains, which do not typically require technical services or products that the underground offers," Intel 471 says. "[...] Criminals will use the underground for all types of schemes, as long as those forums remain a hotbed of skills that can make criminals money." Industry NewsBangkok Airways Admits Attackers Stole Passenger DataMicrosoft Cloud Databases ExposedUK Government Considers New Regulations for Video Streaming PlatformsIndonesians Told to Delete Unsecured Tracing AppVictim of Cyber-Theft Sues Parents of Alleged CulpritsAustralian Couple Admits “Serious Cyber Hacking Offenses”WhatsApp Fined a Record €225m for GDPR ViolationsSacked Employee Deletes 21GB of Credit Union FilesUK Researchers Invent Device to Thwart USB Malware Tweet of the Weekhttps://twitter.com/JackRhysider/status/1433097343692324864https://cybarrior.com/blog/2019/04/05/eagle-eye-reverse-lookup-tool-for-social-media-accounts/ "The Box" © Charlie Langford Come on! Like and bloody well subscribe!

This week in Infosec (13:24)With content liberated from the “today in infosec” Twitter account25th August 1991: Linux completes 30 years.It was on this date in 1991 that Linus Torvalds announced the first version. He actually wanted to call it as Freax, but his friend Ari Lemmke named it as Linux, which he accepted. Version 1.0 would later be released in March 1994.https://twitter.com/SadaaShree/status/14304157238562037772004: (a mere 17 years ago) The US Department of Justice (DOJ) announced the results of Operation Web Snare - the arrest or conviction of over 150 individuals involved in cybercrime.https://www.justice.gov/archive/opa/pr/2004/August/04_crm_583.htm Rant of the Week (29:03)https://www.ncsc.gov.uk/blog-post/10-years-of-10-steps-to-cyber-security Billy Big Balls of the Week (36:40)Iran official acknowledges videos of Evin prison abuse realThis clip of a security control room at Iran's most notorious prison being shut down by hackers is straight out of a movie.Hackers are now leaking stolen CCTV from across the Evin prison to highlight the abuse of inmates Industry News (45:35)Crunch Time for Liquid as Crypto Exchange Loses $97m to HackersMan Gets Three Years for Stealing Nude Photos from College VictimsHackers Leak Footage of Iranian PrisonPoly Network Hacker Returns Remaining FundsAT&T Denies Data BreachTime to Fix High Severity Apps Increases by Ten DaysDrug Dealers Get 27 Years After Police Crack EncroChat Comms70% of Cyber Pros Believe Cyber Insurance is Exacerbating RansomwareAngry Birds Developer Accused of Illegal Data Collection Tweet of the Week (51:42)Charlatan - Frank W. Abagnale Jr.https://twitter.com/securityerrata/status/1429225280997142530 Come on! Like and bloody well subscribe!

This week in InfosecWith content liberated from the “today in infosec” twitter account14th August 2013: Affinity Health Plan was fined $1,215,780 for a HIPAA violation after a photocopier purchased by CBS for an investigatory report in 2010 revealed medical info.At $1.2M, photocopy breach proves costlyhttps://twitter.com/todayininfosec/status/1294252352191565824  17th August 2005: Jason Smathers, a former employee of AOL, was sentenced to 15 months in prison for selling screen names and email addresses of 92 million users to spammers.Ex-AOL worker who stole e-mail list sentencedJason Smathers: Internet Criminalhttps://twitter.com/todayininfosec/status/1295500512830394371 The Box incidental music © Charlie Langford Rant of the WeekYou can post LinkedIn jobs as almost ANY employer — so can attackersAnyone can create a job listing on the leading recruitment platform LinkedIn on behalf of just about any employer—no verification needed.And worse, the employer cannot easily take these down.Now, that might be nothing new, but the feature and lax verification on career websites pave the ways for attackers to post bogus listings for malicious purposes.The attackers can, for example, use this social engineering tactic to collect personal information and resumes from professionals who believe they are applying to a legitimate company, without realizing their data may be sold or used for phishing scams. Billy Big Balls of the WeekWoman accessed ex-partner’s Alexa to torment his new girlfriendPhilippa Copleston-Warren terrified love rival by using smart device to switch lights on and off and tell her to get out of the houseChelsea woman used Alexa to scold ex-lover’s new girlfriendA management consultant from west London accessed the Alexa device at her ex-boyfriend’s home from more than 100 miles away to tell his new partner to get out of the house.Philippa Copleston-Warren, 46, logged into an app linked to smart devices in the victim’s Lincolnshire home, and was able to see her ex’s new girlfriend on the property’s CCTV system.Prosecutors said Copleston-Warren was able to tell the woman “to get out” and used the app to turn the bedside lights on and off.At Isleworth crown court, Copelston-Warren admitted posting a naked photo of her ex-boyfriend on Facebook, accompanying it with the caption: “Do I look fat??? My daily question”.[That was this weeks BILLY BIG BALLS][SEEN ON REDDIT] Thom:Antivaxers Think Their ‘Pure’ Semen Will Skyrocket in ValueI’m going to retire as a “cum cow” Industry News"Jigsaw Puzzle" Phishing Attacks Use Morse Code to HideCadbury Campaigns Against Cyber-bullyingMisconfigured Server Leaks US Terror WatchlistYik Yak ReturnsAirline Employee Jailed for Spending Passengers’ MoneyT-Mobile: 49 Million Customers Hit by Data BreachJPMorgan Chase Notifies Customers of Data BreachCoin Ninja CEO Admits Operating Darknet Bitcoin MixerWomen Charged Over Sexually Exploitative Child Modeling Sites Tweet of the Weekhttps://twitter.com/Kaipo_Rozwolf/status/1428426623091724289OnlyFans Will Ban Pornography Starting in October, Citing Need to Comply With Financial Partners   Come on! Like and bloody well subscribe!

This Week in Infosec (14:29)With content liberated from the “today in infosec” Twitter account10th August 2001: A Japanese woman, Kumiyo Kishi, was arrested for accessing her coworker's email account, then contacting the user's ISP to regain access after the coworker changed their password.Japan arrests woman for email snoopinghttps://twitter.com/todayininfosec/status/1425123899474423811 7th August 2010: Terry Childs was sentenced to 4 years in prison for network tampering after refusing to hand over network passwords to his supervisor. He was later ordered to pay nearly $1.5 million in restitution. S.F. computer whiz Childs gets 4-year sentenceSorting out the facts in the Terry Childs casehttps://twitter.com/todayininfosec/status/1291377901456232448 Billy Big Balls of the Week (28:34)https://twitter.com/J4vv4D/status/1425381977482539008?s=20My scooter was stolen last week. Unknown to the thief, I hid two Airtags inside it. I was able to use the Apple Find My network and UWB direction finding to recover the scooter today. Here’s how it all went down: - Dan Guido Industry News (38:51)Disney Employees Among Those Arrested in Child Abuse StingNCSC Sticks by 'Three Random Words' Strategy for PasswordsMartial Arts Instructor Accused of Spying on StudentsFraudsters Impersonate DPD in "Convincing" New Smishing ScamHouse of Commons (HoC) Beefs up Cyber Training Following Matt Hancock CCTV Leak ScandalChinese Espionage Group UNC215 Targeted Israeli Government NetworksSalesforce Communities Could Expose Business-Sensitive InformationOver $600 Million Stolen in Biggest Ever Cryptocurrency TheftAccenture Tied Up in $50M Ransom Lockbit 2.0 Attack Tweet of the Week (46:45)https://twitter.com/runasand/status/1423810127451365382?s=20Looks like pornhub is always bending over backwards, doing far more than any other social media platformIn a Huge Policy Shift, Pornhub Bans Unverified Uploads The Box incidental music © Charlie Langford Come on! Like and bloody well subscribe!

This Week in InfoSec (07:40) With content liberated from the “today in infosec” Twitter account30th July 2013: Chelsea Manning (their name was Bradley Manning at the time) was found guilty of espionage, theft, and computer fraud, as well as military infractions.United States v Manninghttps://twitter.com/todayininfosec/status/1421171398656024587 3rd August 2007: Reporter Michelle Madigan (Associate Producer of Dateline NBC) went undercover at DEF CON with a hidden camera to try to get attendees to confess to crimes, was outed by @thedarktangent, and bolted from the venue chased by a pack of 150 people. Dateline Mole Allegedly at DefCon with Hidden CameraAn undercover Dateline NBC reporter flees the Defcon (Video)https://twitter.com/todayininfosec/status/1422682529220472833 Rant of the Week (18:42)UK Politicians are apparently very unlucky with their IT equipment, especially when they need to be investigated. Billy Big Balls of the Week (29:45)Apple snooping on your picshttps://twitter.com/matthew_d_green/status/1423109002280513540?s=20 Industry News (41:04)US Seeks Espionage Retrial for Chinese ResearcherZoom Pays $85m to Settle Privacy SuitUS Senate: Seven out of Eight Agencies Are Failing on CyberSon Charged in Murder of Cybersecurity ‘Genius’MoD Boosts Cyber-Resilience with Ethical Hacker ProjectOver 60 Million Americans Exposed Through Misconfigured DatabaseWeb Shells and Digital Extortion Drive Triple-Digit Growth in Cyber-IntrusionsDecade-Old Router Bug Could Affect Millions of DevicesCybercrime Ransomware 'Ban' is No Match for Threat Actors Tweet of the Week (54:52)https://twitter.com/iamdevloper/status/1423219304435228676?s=21 "The Box" Incidental Music ©Charlie Langford Come on! Like and bloody well subscribe!

This week in Infosec (06:42)With content liberated from the “today in infosec” Twitter account27th July 1979: The first edition of Computer Security was published. It was written by David K. Hsiao, Douglas S. Kerr, and Stuart E. Madnick.And to think, some of you probably are surprised there were computers in 1979, never mind computer security!Computer Security 1st Editionhttps://twitter.com/todayininfosec/status/1420498414874370049 28th July 1997: Tfreak (Dan Moschuk) released his program, smurf, a decision he later regarded as questionable. Exactly one year after he retired smurf in 1997, Tfreak published (papa)smurf.c v5.0, a new hybrid DoS attack based on Smurf and Fraggle. (papa)smurf.c v5.0 - New hybrid DoS attack based on smurf and fraggle Rant of the Week (23:23) https://twitter.com/shanselman/status/1420800992388415491https://www.idtheftcenter.org/google-voice-scam-tries-to-trick-you-while-you-are-selling-items-online/ Billy Big Balls of the Week (32.25)The Tech Support Scams YouTube channel has been erased from existence in a blaze of irony as host and creator Jim Browning fell victim to a tech support scam that convinced him to secure his account – by deleting it.Scamming the scam scammer Industry News (40:40)Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attackTech biz must tell us about more security breaches, says UK.gov as it ponders lowering report thresholdsICO ends its involvement in dispute between NatWest Bank and data breach whistleblowereBay ex-security boss sent down for 18 months for cyber-stalking, witness tamperingIranian state-backed hackers posed as flirty Scouser called Marcy to target workers in defence and aerospace'Woefully insufficient': Biden administration's assessment of critical infrastructure infosec protectionIsraeli authorities investigate NSO Group over Pegasus spyware abuse claimsUpcoming Android privacy changes include ability to blank advertising ID, and 'safety section' in Play storeSpam is Chipotle's secret ingredient: Marketing email hijacked to dish up malware Tweet of the Week (55:24)https://twitter.com/bryanl/status/1420925333864386562 Come on! Like and bloody well subscribe!

This week in Infosec (08:10)With content liberated from the “today in infosec” twitter account16th July 2001: Russian programmer Dmitry Sklyarov was arrested the day after DEF CON for writing software to decrypt Adobe's e-book format. Charges against him were later dropped and the trial against his employer resulted in not guilty verdicts. United States v. Elcom Ltd.https://twitter.com/todayininfosec/status/1416188118655459329 15th July 2011: Microsoft Hotmail announced that it would be banning very common passwords such as "123456" and "ilovecats".Weak Passwords Banned from Hotmailhttps://twitter.com/todayininfosec/status/1414330928537686021 Rant of the Week (24:29)Majority of Britons convinced their phones and smart speakers are listening without being prompted. Billy Big Balls of the Week (33:48)Accuracy at any cost? Gamer leaks British military secrets to company founded in Russia to prove its tank model is wrong Industry News (43:05)Amnesty International and French media protection org claim massive misuse of NSO spywareUS legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breachVerified: UK.gov launching plans for yet another digital identity schemeNorthern Train's ticketing system out to lunch as ransomware attack shuts down serversJourno who went to prison for 2 years for breaking US cyber-security law is jailed againSpanish cops cuff Brit bloke accused of playing role in 2020 celeb Twitter hijackingNSO Group 'will no longer be responding to inquiries' about misuse of its softwareChina pushes back against Exchange attack sponsorship claimsThales launches payment card with onboard fingerprint scanner Tweet of the Week (48:26)Tennessee Man Died After He Was 'Swatted' by People Targeting His Twitter Handle https://twitter.com/ThomLangford/status/1416690928354463744Police forces in brazil celebrating a thief's 18th birthday because they can't arrest anyone under 18 Come on! Like and bloody well subscribe!

This week in Infosec (10.28)With content liberated from the “today in infosec” Twitter account14th July 1998: Ethereal was first released publicly as version 0.2.0. Its creator, Gerald Combs, thought it was cool that Bob Metcalfe named Ethernet after luminiferous ether so he picked a name beginning with ether. Since 2006 the network protocol analyzer has been known as Wireshark.https://twitter.com/todayininfosec/status/141538475371334041711th July 2013: In the wake of revelations about the NSA's PRISM program, Jeff Moss (aka The Dark Tangent) asked feds not to attend DEF CON - the first time government employees were asked to stay away.https://twitter.com/todayininfosec/status/1414330928537686021 Billy Big Balls of the Week (17:39)Thousands of PS4s seized in Ukraine in illegal cryptocurrency mining stinghttps://www.zdnet.com/article/thousands-of-ps4s-seized-in-ukraine-in-illegal-cryptocurrency-mining-sting/ Tweet of the Week (27.57)FURY! at ICO doing their job for once.The ICO is robustly investigating the data leak of hidden camera footage of former Health Secretary Matt Hancock breaking his own isolation and distancing rules. https://www.theregister.com/2021/07/15/ico_matt_hancock_raids/https://metro.co.uk/2021/07/15/houses-raided-by-cops-in-hunt-for-matt-hancock-kissing-leaker-14934920/https://apple.news/AqkfgpuvFTd--l-z_bZRRmw Industry News (42.35)Too many workers are still falling victim to phishing attacksRemote workers battle against a massive range of distractionsRansomware groups are looking for new recruits with solid negotiation skillsSolarWinds rolls out another emergency patch as new attack vector emergesAlmost half of companies do not have a proper security policy in placeEmployees in the dark over the importance of new digital technologiesUK businesses are spending big on security, but drowning in false positivesTraditional ransomware defenses are failing businessesAlmost half of businesses reported to ICO since GDPR came into effect Rant of the Week (50:40)Facebook adds 'expert' feature to groupsFacebook is rolling out a way to designate topic "experts" inside user-run Facebook groups.The social network says the new feature is designed to help real experts "stand out" in discussions about their field of expertise.Group admins will have the power to give the title to nearly any member they want. Incidental Music "The Box" © Charlie Langford Come on! Like and bloody well subscribe!

This weeks show is 33% off but the content is still as average as ever!This week in Infosec - 3 mins 11 secsBilly Big Balls - 12 mins 49 secsRant of the week - 20 mins 52 secsIndustry News - 30 mins 56 secsTweet of the week - 38 mins 20 secs THIS WEEK IN INFOSECWith content liberated from the “today in infosec” twitter account4th July 1994: John Markoff's article "Cyberspace's Most Wanted: Hacker Eludes F.B.I. Pursuit" was published by the New York Times. It was about Kevin Mitnick.Cyberspace's Most Wanted: Hacker Eludes F.B.I. Pursuithttps://twitter.com/todayininfosec/status/14118918491329249328th July 2008: Dan Kaminksy gave a press conference announcing a DNS vulnerability he discovered 6 months prior.  RIP, Dan.Fix found for net security flawhttps://twitter.com/todayininfosec/status/1413206908882804739 BILLY BIG BALLSRansomware-hit law firm gets court order asking crooks not to publish the data they stoleCriminals break into your systems, they do the usual, exfiltrate data, deploy ransomware, and leave you nasty messages about how they pwned you while blackmailing you.However, New Square Ltd may have found a way to stop the criminals from capitalising on the data they have stolen by making it illegal for the criminals to release any of the stolen information.  RANT OF THE WEEKThis TikTok Lawsuit Is Highlighting How AI Is Screwing Over Voice ActorsVoice actors are rallying behind Bev Standing, who is alleging that TikTok acquired and replicated her voice using AI without her knowledge.At the center of this reckoning is voice actress Bev Standing, who is suing TikTok after alleging the company used her voice for its text-to-speech feature without compensation or consent. This is not the first case like this; voice actress Susan Bennett discovered that audio she recorded for another company was repurposed to be the voice of Siri after Apple launched the feature in 2011. She was paid for the initial recording session but not for being Siri.Find a job with TikTok Resumes INDUSTRY NEWSREvil Group Demands $70 Million for 'Universal Decryptor'Suspected Cyber-Criminal "Dr Hex" Tracked Down Via Phishing KitBA Settles with Data Breach VictimsOfficial Formula 1 App HackedBiden Administration Cancels $10bn JEDI ContractOver 170 Scam Cryptomining Apps Charge for Non-Existent ServicesRegulator Probes Former Health Secretary's Use of Private EmailTrump Sues Facebook, Google and TwitterNew PrintNightmare Patch Can Be Bypassed, Say Researchers TWEET OF THE WEEKhttps://twitter.com/sherrod_im/status/1412856171652861953https://twitter.com/doctorow/status/1412923242273140736?s=20Full story - Delivery Drivers Are Using Grey Market Apps to Make Their Jobs Suck LessDrivers are there virtually, using GPS-spoofing apps to position themselves right in the center of the McDonald's lot while they physically wait under nearby shelters. Using these unofficial apps, known as tuyul, drivers can set their GPS pins at the optimal location they would like orders from, without having to physically drive there.       And with that we leave you to enjoy the weekend! Come on! Like and bloody well subscribe!