Episode 192 - The Unedited Episode

The Host Unknown Podcast

Player FM - Internet Radio Done Right

تمت الإضافة منذ قبل five أعوام

المحتوى المقدم من Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. يتم تحميل جميع محتويات البودكاست بما في ذلك الحلقات والرسومات وأوصاف البودكاست وتقديمها مباشرة بواسطة Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik أو شريك منصة البودكاست الخاص بهم. إذا كنت تعتقد أن شخصًا ما يستخدم عملك المحمي بحقوق الطبع والنشر دون إذنك، فيمكنك اتباع العملية الموضحة هنا https://ar.player.fm/legal.

<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/uncuffed">Uncuffed</a></span>

1
Uncuffed

إلغاء الاشتراك

منذ 9 أياممنذ 9d ago

إلغاء الاشتراك

شهريا

Uncuffed empowers people in California prisons to tell their own stories. The award-winning collaboration between incarcerated student producers and professional journalists shines light on the human experience of people before, during, and after their prison terms. The new Season 4 is hosted by formerly incarcerated producer Greg Eskridge. https://www.WeAreUncuffed.org

منذ عام واحد 49:24

MP3•منزل الحلقة

This week in InfoSec

With content liberated from the “today in infosec” twitter account and further afield

27th April 2012: The Information Commissioner's Office (ICO) in the UK issued its first-ever data breach fine to an NHS (National Health Service) organisation, fining Aneurin Bevan Health Board in Wales £70,000.

https://www.digitalhealth.net/2012/04/first-nhs-fine-issued-by-ico/

Rant of the Week

Dropbox dropped the ball on security, haemorrhaging customer and third-party info

Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.

The attack, detailed in a regulatory filing, impacted Dropbox Sign – a service it bills as an "eSignature solution [that] lets you send, sign, and store important documents in one seamless workflow, without ever leaving Dropbox." So basically a DocuSign clone.

The filing states that management became aware of the incident last week – on April 24 – and "immediately activated our cyber security incident response process to investigate, contain, and remediate the incident."

That effort led to the discovery that "the threat actor had accessed data related to all users of Dropbox Sign, such as emails and usernames, in addition to general account settings."

Billy Big Balls of the Week

Chinese government website security is often worryingly bad, say Chinese researchers

Five Chinese researchers examined the configurations of nearly 14,000 government websites across the country and found worrying lapses that could lead to malicious attacks, according to a not-yet-peer-reviewed study released last week.

The researchers concluded the investigation has uncovered "pressing security and dependency issues" that may not have a quick fix.

"Despite thorough analyses, practical solutions to bolster the security of these systems remain elusive," wrote the researchers. "Their susceptibility to cyber attacks, which could facilitate the spread of malicious content or malware, underscores the urgent need for real-time monitoring and malicious activity detection."

The study also highlights the need for "stringent vetting and regular updates" of third-party libraries and advocates "a diversified distribution of network nodes, which could substantially augment system resilience and performance."

The study will likely not go down well in Beijing, as China's government has urged improvements to government digital services and apps often issues edicts about improving cybersecurity.

Industry News

Google Blocks 2.3 Million Apps From Play Store Listing

Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election

NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms

Lawsuits and Company Devaluations Await For Breached Firms

UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA

REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison

Security Breach Exposes Dropbox Sign Users

Indonesia is a Spyware Haven, Amnesty International Finds

North Korean Hackers Spoofing Journalist Emails to Spy on Policy Experts

Tweet of the Week

https://twitter.com/summer__heidi/status/1783829402574639187

Come on! Like and bloody well subscribe!

214 حلقات

#Tech #Entrepreneur #Business #Comedy #Improv #Host Unknown #Andrew Agnes #Javvad Malik #This Week In Infosec #Cyber Security #Risk Management #Hackers #Cybersecurity #Rant Of The Week #Tweet Of The Week #Billy Big Balls Of The Week #InfoSec

The Host Unknown Podcast

Episode 192 - The Unedited Episode

The Host Unknown Podcast

published منذ عام واحد

MP3•منزل الحلقة

This week in InfoSec

With content liberated from the “today in infosec” twitter account and further afield

https://www.digitalhealth.net/2012/04/first-nhs-fine-issued-by-ico/

Rant of the Week

Dropbox dropped the ball on security, haemorrhaging customer and third-party info

Dropbox has revealed a major attack on its systems that saw customers' personal information accessed by unknown and unauthorized entities.

That effort led to the discovery that "the threat actor had accessed data related to all users of Dropbox Sign, such as emails and usernames, in addition to general account settings."

Billy Big Balls of the Week

Chinese government website security is often worryingly bad, say Chinese researchers

The researchers concluded the investigation has uncovered "pressing security and dependency issues" that may not have a quick fix.

The study will likely not go down well in Beijing, as China's government has urged improvements to government digital services and apps often issues edicts about improving cybersecurity.

Industry News

Google Blocks 2.3 Million Apps From Play Store Listing

Disinformation: EU Opens Probe Against Facebook and Instagram Ahead of Election

NCSC’s New Mobile Risk Model Aimed at “High-Threat” Firms

Lawsuits and Company Devaluations Await For Breached Firms

UnitedHealth CEO Confirms Breach Tied to Stolen Credentials, No MFA

REvil Ransomware Affiliate Sentenced to Over 13 Years in Prison

Security Breach Exposes Dropbox Sign Users

Indonesia is a Spyware Haven, Amnesty International Finds

North Korean Hackers Spoofing Journalist Emails to Spy on Policy Experts

Tweet of the Week

https://twitter.com/summer__heidi/status/1783829402574639187

Come on! Like and bloody well subscribe!

214 حلقات

كل الحلقات

The Host Unknown Podcast

1
Episode 222 - The Disappearing Episodes Episode 46:44

منذ 4 أيام46:44

46:44

This week in InfoSec (11:22) With content liberated from the “today in infosec” twitter account and further afield 27th February 2002: Timothy Allen Lloyd was sentenced to 41 months in prison for activating a logic bomb at Omega Engineering, 20 days after being fired as a network administrator. https://x.com/todayininfosec/status/1895255588881474024 18th February 2013: Burger King's Twitter account was compromised, had its name changed to McDonalds, and shared offensive tweets. The incident was a...well...Whopper! https://x.com/todayininfosec/status/1891999132866183322 Rant of the Week (17:34) Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’ The US Army soldier suspected of compromising AT&T and bragging about getting his hands on President Trump's call logs allegedly tried to sell stolen information to a foreign intel agent. The military man even Google searched for "can hacking be treason," and "US military personnel defecting to Russia," according to prosecutors who argue he poses a serious flight risk and should be detained. Cameron John Wagenius, 21, was arrested in Texas in December, and last week told a federal court judge he intends to plead guilty to unlawfully posting and transferring confidential phone records. Prosecutors have also linked Wagenius to two other men accused of stealing data from more than 150 Snowflake cloud accounts in April 2024, and then demanding payment to keep a lid on that info. After admitting his crimes in court, and showing a willingness to enter a guilty plea, "Wagenius should be detained as both a danger to the community — given his ability to access sensitive datasets — and a serious risk of flight," Uncle Sam's attorneys argued. "While engaged in these criminal activities, Wagenius conducted online searches about how to defect to countries that do not extradite to the United States and that he previously attempted to sell hacked information to at least one foreign intelligence service," the documents allege. Billy Big Balls of the Week (24:32) 100-plus spies fired after NSA internal chat board used for kinky sex talk More than 100 US spies have been fired, and their security clearance revoked, after an internal NSA messaging system was used by staff to chat about their sex lives. After the NSA – the National Security Agency, that is, not the other meaning – confirmed on state media it was "aware of posts that appear to show inappropriate discussions" by intelligence community employees and that "investigations to address this misuse of government systems are ongoing," Trump's Director of National Intelligence Tulsi Gabbard announced more than 100 people had since been terminated. The messaging app in question is the NSA's Intelink, a secure intranet service used by various American military and intelligence teams to share information, including top secret and classified threat intel. Federal workers said to have been involved in the NSFW Intelink chatter included personnel at the NSA, the Defense Intelligence Agency, and US Naval Intelligence. "There are over 100 people from across the intelligence community that contributed to and participated in … what is really just an egregious violation of trust," Gabbard told Fox News commentator Jesse Watters Tuesday. "What to speak of, like basic rules and standards around professionalism." Industry News (32:54) Chinese-Backed Silver Fox Plants Backdoors in Healthcare Networks Ransomware Gang Publishes Stolen Genea IVF Patient Data HaveIBeenPwned Adds 244 Million Passwords Stolen By Infostealers Signal May Exit Sweden If Government Imposes Encryption Backdoor DISA Global Solutions Confirms Data Breach Affecting 3.3M People FBI Confirms North Korea’s Lazarus Group as Bybit Crypto Hackers OpenSSF Publishes Security Framework for Open Source Software Software Vulnerabilities Take Almost Nine Months to Patch DragonForce Ransomware Hits Saudi Firm, 6TB Data Stolen Tweet of the Week (42:59) https://x.com/roytait/status/1895224942565970354 Come on! Like and bloody well subscribe!…

The Host Unknown Podcast

1
Episode 211 - The Last of the Year Episode 51:19

منذ 12 weeks51:19

51:19

This week in InfoSec (11:10) With content liberated from the “today in infosec” twitter account and further afield 4th December 2013: Troy Hunt launched the free-to-search site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? Billions of compromised records from hundreds of breaches. https://twitter.com/todayininfosec/status/1864299155583127739 5th December 1996: Julian Assange pleaded guilty to 25 of 31 hacking charges and related charges and was ordered to repay $2,100 to Australian National University. He had been arrested in 1994 for hacking crimes committed in 1991. The court case details weren't released until 2011. https://twitter.com/todayininfosec/status/1864664694243434977 Rant of the Week (17:21) Severity of the risk facing the UK is widely underestimated, NCSC annual review warns The number of security threats in the UK that hit the country's National Cyber Security Centre's (NCSC) maximum severity threshold has tripled compared to the previous 12 months. Published Tuesday 3rd December, GCHQ's tech offshoot's 2024 review reveals that 12 incidents topped the NCSC's severity classification system out of a total 430 cases that required support from its Incident Management (IM) team between September 2023 and August 2024. The finding represents a 16 percent increase year-over-year. The number of nationally significant incidents also rose from 62 last year to 89 in the latest data, six of which were caused by exploiting two Palo Alto and Cisco zero-days. This number includes the 12 deemed maximally severe and an undetermined number of attacks on the UK's central government. Billy Big Balls of the Week (25:50) Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware A Russian programmer defied the Federal Security Service (FSB) by publicizing the fact his phone was infected with spyware after being confiscated by authorities. Kirill Parubets was detained in Russia for 15 days after being accused of sending money to Ukraine, during which time the man was beaten and subjected to aggressive efforts to recruit him as an FSB informant on his contacts in Ukraine. According to his account of the story, published with his consent by Toronto University's Citizen Lab and First Department legal organization, he says he was threatened with life imprisonment if he failed to comply with the recruitment drive. In order to secure release, he agreed but before he was indoctrinated he and his wife fled the country. Always keep a second passport, if possible. Industry News (32:21) Crypto.com Launches Massive $2m Bug Bounty Program German Police Shutter Country’s Largest Dark Web Market ENISA Launches First State of EU Cybersecurity Report Wirral Hospital Recovery Continues One Week After Cyber Incident FBI Warns GenAI is Boosting Financial Fraud Europol Dismantles Major Online Fraud Platform in Major Blow to Fraudsters Deloitte Denies Breach, Claims Cyber-Attack Targeted Single Client Romania Exposes TikTok Propaganda Campaign Supporting Pro-Russian Candidate FCC Proposes Stricter Cybersecurity Rules for US Telecoms Tweet of the Week (43:43) https://twitter.com/McGrewSecurity/status/1865050788369772974 Come on! Like and bloody well subscribe!…

The Host Unknown Podcast

1
Episode 210 - The Is Andy Paying Attention? Episode 46:38

منذ 14 weeks46:38

46:38

This week in InfoSec With content liberated from the “today in infosec” twitter account and further afield 24th November 2014: The Washington Post published an article which included a photo of TSA master keys. A short time later functional keys were 3-d printed using the key patterns in the photo. Oops. https://twitter.com/todayininfosec/status/1860803840620044356 22nd November 2010: Matt Blaze published the PowerPoint slides he was contractually required to submit for his 2011 RSA Security Conference presentation. Matt hates PowerPoint. Take a moment to admire the slides he submitted. https://twitter.com/todayininfosec/status/1860027850369519669 Rant of the Week (12:47) https://www.theregister.com/2024/11/26/third_major_cyber_incident_declared/ A UK hospital is declaring a "major incident," cancelling all outpatient appointments due to "cybersecurity reasons." The Wirral University Teaching Hospital NHS Trust, located in North West England, said the so-called "incident" affects the whole Trust, which oversees Wirral Women and Children's Hospital, Clatterbridge Hospital, and Arrowe Park Hospital. Although the tech problems began on Monday, officials confirmed to The Register it is still dealing with the fallout as of Tuesday morning. All outpatient appointments were canceled on Monday and the same decision was made today, according to Arrowe Park and Clatterbridge's social media posting. All patients whose appointments were canceled will be contacted to rearrange them. Billy Big Balls of the Week (20:48) Put your usernames and passwords in your will, advises Japan's government Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it. The Center's somewhat maudlin advice is motivated by recent incidents in which citizens struggled to cancel subscriptions their loved ones signed up for before their demise, because they didn't know their usernames or passwords. The resulting "digital legacy" can be unpleasant to resolve, the agency warns, so suggested four steps to simplify ensure our digital legacies aren't complicated: Ensuring family members can unlock your smartphone or computer in case of emergency; Maintain a list of your subscriptions, user IDs and passwords; Consider putting those details in a document intended to be made available when your life ends; Use a service that allows you to designate someone to have access to your smartphone and other accounts once your time on Earth ends. The Center suggests now is the time for it to make this suggestion because it is aware of struggles to discover and resolve ongoing expenses after death. With smartphones ubiquitous, the org fears more people will find themselves unable to resolve their loved ones' digital affairs – and powerless to stop their credit cards being charged for services the departed cannot consume. Some entrepreneurs have already identified end of life services as an opportunity. "Dead Man's Switch" apps can be set to contact whomever you choose if you do not sign in to certain accounts after a period you select as a likely indicator of your departure from this world. Meta also offers the chance to nominate a "legacy contact" who can manage your account. Such services aren't just opportunistic: grieving people have a lot on their plate, and executing wills is not always straightforward. Industry News (31:08) ICO Urges More Data Sharing to Tackle Fraud Epidemic Over a Third of Firms Struggling With Shadow AI Darknet Services Fuel Holiday Scams and E-Commerce Exploits NHS Trust Declares Major Incident for “Cybersecurity Reasons” Nuclear Decommissioning Authority Opens Sellafield Cyber Center New EU Commission to Unveil Healthcare Cybersecurity Plan in First 100 Days T-Mobile Claims Salt Typhoon Did Not Access Customer Data Albanian Drug Smugglers Busted After Cops Decrypt Comms UK Justice System Failing Cybercrime Victims, Cyber Helpline Finds Tweet of the Week (39:43) https://bsky.app/profile/mattpotteruk.bsky.social/post/3lbyu4dy3b22f Come on! Like and bloody well subscribe!…

The Host Unknown Podcast

1
Episode 209 - The Javvad Is In Big Trouble Episode 44:27

منذ 16 weeks44:27

44:27

This week in InfoSec (08:24) With content liberated from the “today in infosec” twitter account and further afield 12th November 2012: John McAfee went into hiding because his neighbour, Gregory Faull, was found dead from a gunshot. Belize police wanted him to come in for questioning, but he fled to Guatemala where he was then arrested. He was never charged, though he lost a $25 million wrongful death suit. https://x.com/todayininfosec/status/1856538748361515355 12th November 2000: Bill Gates demonstrates a functional prototype of a Tablet PC. Microsoft claims “ the Tablet PC will represent the next major evolution in PC design and functionality. ” However, the Tablet PC initiative never really took off and it wasn't until Apple introduced the iPad in 2010 that tablet computing was widely adopted. Microsoft Declares Tablets Are the Future Rant of the Week (15:41) Amazon MOVEit Leaker Claims to Be Ethical Hacker A threat actor who posted 2.8 million lines of Amazon employee data last week has taken to the dark web to claim they are doing so to raise awareness of poor security practice. The individual, who goes by the online moniker “Nam3L3ss,” claimed in a series of posts to have obtained data from 25 organisations whose data was compromised via last year’s MOVEit exploit. Billy Big Balls of the Week (24:12) O2's AI granny knits tall tales to waste scam callers' time Watch out, scammers. O2 has created a new weapon in the fight against fraud: an AI granny that will keep you talking until you get bored and give up. O2, the mobile operator arm of Brit telecoms giant Virgin Media, says it has built the human-like AI to answer calls from fraudsters in real time, keeping them busy on the phone and wasting their time by pretending to be a potential vulnerable target. "Daisy" is claimed to be indistinguishable from a real person, fooling scammers into thinking they've found perfect prey thanks to its ability to engage in "human-like" rambling chat, the biz claims. For several weeks in the run-up to International Fraud Awareness Week (November 17–23), the AI has already frustrated scam callers with meandering stories about her family and talked at length about her passion for knitting, according to O2. Industry News (28:20) Amazon MOVEit Leaker Claims to Be Ethical Hacker Bank of England U-turns on Vulnerability Disclosure Rules Massive Telecom Hack Exposes US Officials to Chinese Espionage Microsoft Power Pages Misconfiguration Leads to Data Exposure Sitting Ducks DNS Attacks Put Global Domains at Risk O2’s AI Granny Outsmarts Scam Callers with Knitting Tales Ransomware Groups Use Cloud Services For Data Exfiltration Bitfinex Hacker Jailed for Five Years Over Billion Dollar Crypto Heist Palo Alto Networks Confirms New Zero-Day Being Exploited by Threat Actors Tweet of the Week (36:05) https://x.com/J4vv4D/status/1856981250306687143 Come on! Like and bloody well subscribe!…

The Host Unknown Podcast

1
Episode 208 - The Dedicated to Cesar Romero Episode 46:47

منذ 17 weeks46:47

46:47

This week in InfoSec (13:28) With content liberated from the “today in infosec” twitter account and further afield 5th November 1993: Bugtraq was created by Scott Chasin as a full disclosure vulnerability reporting mailing list at the dawn of the World Wide Web. Bugtraq had an enormous influence on how orgs responded to vuln disclosure and paved the way for a shift which led to bug bounty programs. https://twitter.com/todayininfosec/status/1853799779626578186 5th November 2007: Google introduces the Android platform, its mobile operating system for cell phones based on a modified version of the Linux operating system. The first Android-based phone would ship in September of 2008. https://thisdayintechhistory.com/11/05/android-introduced/ Rant of the Week (18:54) Voted in America? This Site Doxed You If you voted in the U.S. presidential election yesterday in which Donald Trump won comfortably, or a previous election, a website powered by a right-wing group is probably doxing you. VoteRef makes it trivial for anyone to search the name, physical address, age, party affiliation, and whether someone voted that year for people living in most states instantly and for free. This can include ordinary citizens, celebrities, domestic abuse survivors, and many other people. Voting rolls are public records, and ways to more readily access them are not new. But during a time of intense division, political violence, or even the broader threat of data being used to dox or harass anyone, sites like VoteRef turn a vital part of the democratic process—simply voting—into a security and privacy threat. Billy Big Balls of the Week (27:09) Schneider Electric ransomware crew demands $125k paid in baguettes https://www.theregister.com/2024/11/05/schneider_electric_cybersecurity_incident/ Schneider Electric confirmed that it is investigating a breach as a ransomware group Hellcat claims to have stolen more than 40 GB of compressed data — and demanded the French multinational energy management company pay $125,000 in baguettes or else see its sensitive customer and operational information leaked. And yes, you read that right: payment in baguettes. As in bread. Schneider Electric declined to answer The Register's specific questions about the intrusion, including if the attackers really want $125,000 in baguettes or if they would settle for cryptocurrency. A spokesperson, however, emailed us the following statement: "Schneider Electric is investigating a cybersecurity incident involving unauthorised access to one of our internal project execution tracking platforms which is hosted within an isolated environment. Our Global Incident Response team has been immediately mobilised to respond to the incident. Schneider Electric's products and services remain unaffected." Industry News (33:18) Google Cloud to Mandate Multifactor Authentication by 2025 IRISSCON: Organizations Still Falling Victim to Predictable Cyber-Attacks Defenders Outpace Attackers in AI Adoption UK Cybersecurity Wages Soar Above Inflation as Stress Levels Rise NCSC Publishes Tips to Tackle Malvertising Threat Canada Orders Shutdown of Local TikTok Branch Over Security Concerns UK Regulator Urges Stronger Data Protection in AI Recruitment Tools Interlock Ransomware Targets US Healthcare, IT and Government Sectors Major Oilfield Supplier Hit by Ransomware Attack Tweet of the Week (41:01) https://twitter.com/fesshole/status/1854832499714576399 Come on! Like and bloody well subscribe!…

The Host Unknown Podcast

1
Episode 207 - The Raw! Live! Uncut! Episode 48:00

منذ 18 weeks48:00

48:00

No notes this week - Andy had ONE job... Come on! Like and bloody well subscribe!

The Host Unknown Podcast

1
Episode 206 The Sole Founder Episode 17:33

منذ 19 weeks17:33

17:33

How does Thom also do the episode notes? This week in infosec was about a EULA Rant of the week https://securityaffairs.com/170125/laws-and-regulations/sec-fined-4-companies-misleading-disclosures-impact-solarwinds-attack.html Billy Big Balls https://www.theregister.com/2024/10/24/anthropic_claude_model_can_use_computers/ Some news articles from infosecurity-magazine.com Tweet of the week https://x.com/thomas_violence/status/1849627627474293148 Come on! Like and bloody well subscribe!…

The Host Unknown Podcast

1
Episode 205 The Stone Cold Episode 50:42

منذ 21 weeks50:42

50:42

This week in InfoSec (08:29) With content liberated from the “today in infosec” twitter account and further afield 10th October 1995: Netscape introduced the "Netscape Bugs Bounty", a program rewarding users who report "bugs" in the beta versions of its recently announced Netscape Navigator 2.0 web browser. Navigator was the dominant browser from 1995-1998, when it was overtaken by Internet Explorer. https://twitter.com/todayininfosec/status/1844466277718556683 8th October 2008: University student David Kernell was arraigned. He compromised the Yahoo! email account of US vice presidential candidate Sarah Palin, using public info to reset her password, posting her emails to 4chan. He was later found guilty and died from MS complications in 2018. https://twitter.com/todayininfosec/status/1843619068302983592 Rant of the Week (20:24) Cards Against Humanity campaigns to encourage voting, expose personal data abuse Up to $100 for planning to vote and a public smear – how is this not illegal? The troublemakers behind the party game Cards Against Humanity have launched a campaign demonstrating how easy it is to buy sensitive personal data about American voters, while simultaneously encouraging those Americans to plan how to cast a vote in the upcoming presidential election. The "Cards Against Humanity Pays You to Give a Shit" campaign uses US citizens' personal data obtained from a broker to identify whether individuals voted in the 2020 US presidential election and how they lean politically. Those who didn't vote are asked to put info into the website, promise to vote in the upcoming election, make a voting plan, "and publicly post 'Donald Trump is a human toilet'" in exchange for up to $100. Billy Big Balls of the Week (28:42) FBI created a cryptocurrency so it could watch it being abused The FBI created its own cryptocurrency so it could watch suspected fraudsters use it – an idea that worked so well it produced arrests in three countries News of the Feds' currency, an Ethereum-based instrument named NexFundAI, appeared in a Wednesday Department of Justice announcement that eighteen individuals have been charged "for widespread fraud and manipulation in the cryptocurrency markets." The Feds allege some of the fraud involved "wash trades" – transactions conducted solely to increase the volume of trades in a security or other asset. Rising volumes of trades are often seen as an indicator that a stock is of increasing interest as it has good growth prospects – a signal that can see prices rise. But wash trades are often conducted by related entities, or even the same entity, to create a false market signal – an arrangement also known as "pump and dump." Industry News (34:36) New EU Body to Centralize Complaints Against Facebook, TikTok, YouTube New Generation of Malicious QR Codes Uncovered by Researchers Apple’s iPhone Mirroring Flaw Exposes Employee Privacy Risks Former RAC Employees Get Suspended Sentence for Data Theft Internet Archive Breached, 31 Million Records Exposed Marriott Agrees $52m Settlement for Massive Data Breach EU Adopts Cyber Resilience Act for Connected Devices Over 10m Conversations Exposed in AI Call Center Hack Disinformation Campaign Targets Moldova Ahead of EU Referendum Tweet of the Week (45:07) https://twitter.com/JackRhysider/status/1844502566799085769 Come on! Like and bloody well subscribe!…

The Host Unknown Podcast

1
Episode 204 - The Umms and Ahhs Episode 42:16

منذ 22 weeks42:16

42:16

This week in InfoSec (10:01) With content liberated from the “today in infosec” twitter account and further afield 27th September 2001: Jan de Wit was sentenced to 150 hours of community service in the Netherlands for creating and spreading the Anna Kournikova virus. It was one of the first of the major viruses created from a virus toolkit - the dawn of cybercrime toolkits. https://twitter.com/todayininfosec/status/1839709145282277614 3rd October 2017: A week after he retired as the result of Equifax's data breach, former CEO Richard F. Smith told members of Congress that one person in the IT department was at fault. https://twitter.com/todayininfosec/status/1841893372035838342 Rant of the Week (14:52) It's true, social media moderators do go after conservatives Because they're most likely to share crappy misinformation online Since Elon Musk bought Twitter nearly two years ago – a $44 billion acquisition he tried to pull out of – the mogul has driven a narrative that moderation of the microblogging website disproportionately targeted conservatives, libertarians, and Trump supporters. A scientific paper published in the journal Nature this week confirms that was the case, with justification. The groups more likely to be subjected to moderation were also more likely to share misinformation from low-quality news sites. Billy Big Balls of the Week (21:49) Use this link to read the story: https://www.404media.co/email/e7ecda94-675a-4538-901f-b2ccb35fe916/?ref=daily-stories-newsletter - the other link below for the show notes (the one above is tied to my account) Someone Put Facial Recognition Tech onto Meta's Smart Glasses to Instantly Dox Strangers A pair of students at Harvard have built what big tech companies refused to release publicly due to the overwhelming risks and danger involved: smart glasses with facial recognition technology that automatically looks up someone’s face and identifies them. The students have gone a step further too. Their customized glasses also pull other information about their subject from around the web, including their home address, phone number, and family members. Industry News (32:05) PwC Urges Boards to Give CISOs a Seat at the Table Cyber-Attacks Hit Over a Third of English Schools ISACA: European Security Teams Are Understaffed and Underfunded T-Mobile to Pay $15.75m Penalty for Multiple Data Breaches British Hacker Charged in the US For $3.75m Insider Trading Scheme Meta Teams Up with Banks to Target Fraudsters FIN7 Gang Hides Malware in AI “Deepnude” Sites Northern Ireland Police Data Leak Sees Service Fined by ICO Microsoft and US Government Disrupt Russian Star Blizzard Operations Tweet of the Week (38:52) https://twitter.com/iamdevloper/status/1842097858196979989 Come on! Like and bloody well subscribe!…

The Host Unknown Podcast

1
Episode 203 - The Too Soon Episode 46:44

منذ 24 weeks46:44

46:44

This week in InfoSec (10:44) With content liberated from the “today in infosec” twitter account and further afield 18th September 2001: The Nimda worm was released. Utilising 5 different infection vectors, it became the most widespread virus/worm after only 22 minutes. https://twitter.com/todayininfosec/status/1836495262409175187 17th September 2014: Apple announced that the iOS 8 operating system (used on iPhone and iPad) would be architected to prevent it from being technically feasible for the company to extract data from customer devices. A day later Google made a similar announcement pertaining to Android. With iOS 8 Update, Apple Will No Longer Provide User Data to Police https://twitter.com/todayininfosec/status/1836071319030374437 Rant of the Week (17:50) No way? Big Tech's 'lucrative surveillance' of everyone is terrible for privacy, freedom Buried beneath the endless feeds and attention-grabbing videos of the modern internet is a network of data harvesting and sale that's perhaps far more vast than most people realise, and it desperately needs regulation. That's the conclusion the FTC made after spending nearly four years poring over internal data from nine major social media and video streaming corporations in the US. These internet behemoths are collecting vast amounts of data, both on and off their services, and the handling of such data is "woefully inadequate," particularly around data belonging to children and teenagers, the FTC said. Billy Big Balls of the Week (28:06) LinkedIn started harvesting people's posts for training AI without asking for opt-in LinkedIn started harvesting user-generated content to train its AI without asking for permission, angering netizens. Microsoft’s self-help network on Wednesday published a "trust and safety" update in which senior veep and general counsel Blake Lawit revealed LinkedIn's use of people's posts and other data for both training and using its generative AI features. In doing so, he said the site's privacy policy had been updated. We note this policy links to an FAQ that was updated sometime last week also confirming the automatic collecting of posts for training – meaning it appears LinkedIn started gathering up content for its AI models, and opting in users, well before Lawit’s post and the updated privacy policy advised of the changes today. Industry News (35:07) Over Half of Breached UK Firms Pay Ransom ICO Acts Against Sky Betting and Gaming Over Cookies AT&T Agrees $13m FCC Settlement Over Cloud Data Breach Europol Taskforce Disrupts Global Criminal Network Through Supply Chain Attack Google Street View Images Used For Extortion Scams 8000 Claimants Sue Outsourcing Giant Capita Over 2023 Data Breach Western Agencies Warn Risk from Chinese-Controlled Botnet Going for Gold: HSBC Approves Quantum-Safe Technology for Tokenized Bullions Cybersecurity Skills Gap Leaves Cloud Environments Vulnerable Tweet of the Week (42:39) https://twitter.com/ProfWoodward/status/1837084678836171089 Come on! Like and bloody well subscribe!…

The Host Unknown Podcast

1
Episode 202 - The Dog Eating Episode 44:57

منذ 25 weeks44:57

44:57

This week in InfoSec (11:25) With content liberated from the “today in infosec” twitter account and further afield 12th September 2014: Stephane Chazelas contacted Bash maintainer Chet Ramey about a vulnerability he dubbed "Bashdoor", which later becoming known as Shellshock. It was publicly disclosed 12 days later. Shellshock was kind of a big deal - and the vuln had been in Bash for 25 years! https://x.com/todayininfosec/status/1834293229472416242 9th September 2001: Mark Curphey started OWASP (the Open Web Application Security Project). In 2023 it was renamed the Open Worldwide Application Security Project. https://x.com/todayininfosec/status/1833191889790480500 Rant of the Week (16:33) WhatsApp's 'View Once' could be 'View Whenever' due to a flaw A popular privacy feature in WhatsApp is "completely broken and can be trivially bypassed," according to developers at cryptowallet startup Zengo. According to cofounder Tal Be'ery, his team was building a web interface when they discovered a flaw in WhatsApp's View Once. While the feature was supposed to be limited to platforms where the necessary controls could be enforced, such as mobile clients, the WhatsApp API server didn't properly enforce it. The server would still send these messages to other platforms, but they couldn't be viewed - unless someone fiddled with the code. "The View [O]nce media messages are technically the same as regular media messages, only with the “view once” flag set," the technical explanation states . "Which means it’s the virtual equivalent of putting a note on the picture that says 'don’t look.' All that is required for attackers to circumvent it, is merely to set this flag to false and the media become regular and can be downloaded, forwarded and shared." Billy Big Balls of the Week (27:10) Australia’s government spent the week boxing Big Tech The fun started on Monday when prime minister Anthony Albanese announced his intention to introduce a minimum age for social media, with a preference for the services to be off limits until kids turn 16. "I want kids to have a childhood," the PM urged . "I want them off their devices … I want them to have real experiences with real people." Albanese promised legislation to enact the rule will be tabled before Australia's next election, due by 2025. Opposition leader Peter Dutton broadly supported the proposal, which is pitched at parents who are tired of having to protect their kids online. Industry news (34:34) DoJ Distributes $18.5m to Western Union Fraud Victims Poland's Supreme Court Blocks Pegasus Spyware Probe UK Recognizes Data Centers as Critical National Infrastructure Mastercard Acquires Global Threat Intelligence Firm Recorded Future for $2.65bn TfL Confirms Customer Data Breach, 17-Year-Old Suspect Arrested Irish Data Protection Regulator to Investigate Google AI Microsoft Vows to Prevent Future CrowdStrike-Like Outages Record $65m Settlement for Hacked Patient Photos Malicious Actors Spreading False US Voter Registration Breach Claims Tweet of the Week (41:57) https://x.com/MikeTalonNYC/status/1834311262563377553 Come on! Like and bloody well subscribe!…

The Host Unknown Podcast

1
Episode 201 - The Difficult 201st Podcast 46:14

منذ 26 weeks46:14

46:14

This week in InfoSec (13:08) With content liberated from the “today in infosec” twitter account and further afield 3rd September 2014: Twitter launched its bug bounty program via the HackerOne platform, stating it would award at least $140 for vulnerabilities found in http://x.com/ or its Android or iOS apps. $140? 140 was the max tweet length. $1.6 million has been paid out since inception. https://twitter.com/XSecurity/status/507220774336225280 https://x.com/todayininfosec/status/1831408686604140602 30th August 2014: A user of the message board 4chan posted leaked nude photos of Jennifer Lawrence, Kate Upton, Kirsten Dunst, and other celebrities. Several years later 4 people were sentenced for crimes related to the hacking of Apple iCloud accounts of dozens of targeted individuals. Apple knew of iCloud API weakness months before celeb photo leak broke https://x.com/todayininfosec/status/1830016468328575386 Rant of the Week (19:09) 'Error' causes Alexa to endorse Kamala Harris, refuse to discuss Trump It would be perfectly reasonable to expect Amazon's digital assistant Alexa to decline to state opinions about the 2024 presidential race, but up until recently, that assumption would have been incorrect. When asked to give reasons to vote for former President Donald Trump, Alexa demurred, according to a video from Fox Business. "I cannot provide responses that endorse any political party or its leader," Alexa responded. When asked the same about Vice President Kamala Harris, the Amazon AI was more than willing to endorse the Democratic candidate. "There are many reasons to vote for Kamala Harris," Alexa said. Among the reasons given was that Harris has a "comprehensive plan to address racial injustice," that she promises a "tough on crime approach," and that her record on criminal justice and immigration reform make her a "compelling candidate." Billy Big Balls of the Week (26:45) Examples of Google Employees Trying to Avoid Creating Evidence in Antitrust Case In its antitrust case against Google, the Federal Government filed a list of chats it had obtained that show Google employees explicitly asking each other to turn off a chat history feature to discuss sensitive subjects, showing repeatedly that Google workers understood they should try to avoid creating a paper trail of some of their activities. The filing came following a hearing in which judge Leonie Brinkema ripped Google for “destroyed” evidence while considering a filing from the Department of Justice asking the court to find “adverse interference” against Google, which would allow the court to assume it purposefully destroyed evidence. Previous filings, including in the Epic Games v Google lawsuit and this current antitrust case, have also shown Google employees purposefully turning history off . The chats show 22 instances in which one Google employee told another Google employee to turn chat history off. In total, the court has dozens of specific employees who have told others to turn history off in DMs or broader group chats and channels. The document includes exchanges like this (each exchange includes different employees) AND Musician charged with $10M streaming royalties fraud using AI and bots North Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme. According to court documents , Smith fraudulently inflated music streams on digital platforms between 2017 and 2024 with the assistance of an unnamed music promoter and the Chief Executive Officer of an AI music company. He acquired hundreds of thousands of songs generated through artificial intelligence (AI) from a coconspirator and uploaded them to these streaming platforms. He then used automated bots to stream the AI-generated tracks billions of times. Industry News (36:21) South Korea Police Investigates Telegram Over Deepfake Porn Irish Wildlife Park Warns Customers to Cancel Credit Cards Following Breach TfL Claims Cyber-Incident is Not Impacting Services Three Plead Guilty to Running MFA Bypass Site Civil Rights Groups Call For Spyware Controls Clearview AI Fined €30.5m by Dutch Watchdog Over Illegal Data Collection Russian Blamed For Mass Disinformation Campaign Ahead of US Election OnlyFans Hackers Targeted With Infostealer Malware UK Signs Council of Europe AI Convention Tweet of the Week (42:50) https://twitter.com/0xdade/status/1831387831677415923 Come on! Like and bloody well subscribe!…

The Host Unknown Podcast

1
Episode 200 - The Bicentennial men Episode 39:12

منذ 27 weeks39:12

39:12

This week in InfoSec (07:42) With content liberated from the “today in infosec” twitter account and further afield 29th August 1990: The UK's Computer Misuse Act 1990 went into effect, introducing 3 criminal offences related to unauthorised access and modification of "computer material". https://twitter.com/todayininfosec/status/1829252932178719161 27th August 1999: One of the first companies to offer a dedicated web application firewall (WAF) was Perfecto Technologies with its AppShield product. But it didn't use the terminology "WAF", instead describing it as "a plug and play" Internet application security solution." https://twitter.com/todayininfosec/status/1828483993001492969 Rant of the Week (13:25) Watchdog warns FBI is sloppy on secure data storage and destruction The FBI has made serious slip-ups in how it processes and destroys electronic storage media seized as part of investigations, according to an audit by the Department of Justice Office of the Inspector General. Drives containing national security data, Foreign Intelligence Surveillance Act information and documents classified as Secret were routinely unlabeled, opening the potential for it to be either lost or stolen, the report [PDF] addressed to FBI Director Christopher Wray states. Ironically, this lack of identification might be considered a benefit, given the lax security at the FBI's facility used to destroy such media after they have been finished with. The OIG report notes that it found boxes of hard drives and removable storage sitting open and unattended for "days or even weeks" because they were only sealed once the boxes were full. This potentially allows any of the 395 staff and contractors with access to the facility to have a rummage around. Billy Big Balls of the Week (22:01) Deadbeat dad faked his own death by hacking government databases A US man has been sentenced to 81 months in jail for faking his own death by hacking government systems and officially marking himself as deceased. The US Department of Justice on Tuesday detailed the case of Jesse Kipf, 39, who was sent down for computer fraud and aggravated identity theft. In January 2023, Kipf used the credentials of a physician to access Hawaii's Death Registry System and create a "case" that recorded his own death. "Kipf then completed a State of Hawaii Death Certificate Worksheet, assigned himself as the medical certifier for the case and certified his death, using the digital signature of the doctor," the DoJ wrote. The paperwork was all correct, so many government databases listed Kipf as deceased. But he was very much alive and enjoying the fact that his "death" meant he didn't have to make child support payments or catch up on those he'd already missed. Evidence presented in court included internet search histories recorded on a laptop, with Kipf looking up terms including "Remove California child support for deceased." Industry News (28:13) Uber Hit With €290m GDPR Fine FBI Flawed Data Handling Raises Security Concerns Microsoft 365 Copilot Vulnerability Exposes User Data Risks Money Laundering Dominates UK Fraud Cases Ransomware Attacks Exposed 6.7 Million Records in US Schools IT Engineer Charged For Attempting to Extort Former Employer Surge in New Scams as Pig Butchering Dominates Unpatched CCTV Cameras Exploited to Spread Mirai Variant North Korean Hackers Launch New Wave of npm Package Attacks Tweet of the Week (36:20) https://x.com/fesshole/status/1828921760147767400 Come on! Like and bloody well subscribe!…

The Host Unknown Podcast

1
Episode 199 - The Holiday Is Over Episode 35:54

منذ 27 weeks35:54

35:54

This week in InfoSec (06:43) With content liberated from the “today in infosec” twitter account and further afield 18th August 2004: Text messages sent to promote the video game "Resident Evil: Outbreak" stated "Outbreak: I'm infecting you with t-virus". This scared recipients, who were only about 7% less technologically savvy than mobile phone users today. https://x.com/todayininfosec/status/1825257955878641888 20th August 2003: Philippe Oechslin shared his technique he called "rainbow tables" during a talk at the 23rd annual crypto conference, Crypto 2003. It became a popular approach for cracking password hashes. Today it's less widely used due to adoption of practices that reduce its efficacy. https://x.com/todayininfosec/status/1825865870716870802 Rant of the Week (10:59) This uni thought it would be a good idea to do a phishing test with a fake Ebola scare University of California Santa Cruz (UCSC) students may be relieved to hear that an emailed warning about a staff member infected with the Ebola virus was just a phishing exercise. The message, titled "Emergency Notification: Ebola Virus Case on Campus," went out to the university community on Sunday, August 18. It began, "We regret to inform you that a member of our staff, who recently returned from South Africa, has tested positive for the Ebola virus." The message went on to say that the university has initiated a contact tracing protocol and asks message recipients to "Please Log In to the Access Information Page for more details" – the very activity phishing messages attempt to encourage in order to capture login credentials. The simulated attack was similar to an actual phishing message sent on August 1, 2024, as shown on the UCSC Phish Bowl , a collection of real and test phishing attempts. But the one sent on Sunday was intended to raise awareness of phishing rather than to actually steal information. In that, it succeeded. The message prompted the UCSC Student Health Center to publish a notice about a "Phishing email with misleading health information." On Monday, Brian Hall, chief information security officer for UCSC, sent out an apology to the university community. Billy Big Balls of the Week (18:20) Russia tells citizens to switch off home surveillance because the Ukrainians are coming Russia's Ministry of Internal Affairs is warning residents of under-siege regions to switch off home surveillance systems and dating apps to stop Ukraine from using them for intel-gathering purposes. Residents of the Bryansk, Kursk, and Belgorod regions were issued with the warnings amid what seems like Russia being thoroughly rattled by Ukraine's incursion into the country's southwest. "The enemy is massively identifying IP ranges in our territories and connecting to unprotected video surveillance cameras remotely, viewing everything from private yards to roads and highways of strategic importance," said the ministry, according to Russian newswire Interfax . "In this regard, if there is no urgent need, it is better not to use video surveillance cameras. "It is highly discouraged to use online dating services. The enemy actively uses such resources for the covert collection of information." These warnings were just two of many included in a public memo aimed at protecting the identities of high-value Russian individuals, including military personnel, law enforcement agents, and nuclear energy workers. Industry News (24:51) Iran Behind Trump Campaign Hack, US Government Confirms New DNS-Based Backdoor Threat Discovered at Taiwanese University Most Ransomware Attacks Now Happen at Night CISA to Get New Headquarters as $524M Contract Awarded Australia Calls Off Clearview AI Investigation Despite Lack of Compliance Backdoor in Mifare Smart Cards Could Open Doors Around the World Security Flaws in UK Political Party Donation Platforms Exposed Company Fined $1m for Fake Joe Biden AI Calls FAA Admits Gaps in Aircraft Cybersecurity Rules: New Regulation Proposed Tweet of the Week (32:19) https://x.com/anon_opin/status/1826015107857416458?s=46&t=1-Sjo1Vy8SG7OdizJ3wVbg Come on! Like and bloody well subscribe!…

The Host Unknown Podcast

1
Episode 198 43:48

منذ 34 weeks43:48

43:48

This week in InfoSec (10:28) 10th July 1999 - Cult of the Dead Cow (cDc) member DilDog debuted the program Back Orifice 2000 (BO2k) at DEF CON 7. It was the successor to Back Orifice, released by cDc a year prior. DilDog proclaimed it "a remote administration tool for corporate America". https://twitter.com/todayininfosec/status/1811133606015983680 9th July 1981 - The game that launched two of the most famous characters in video game history is released for sale. Donkey Kong was created by Nintendo, a Japanese playing card and toy company turned fledgling video game developer, who was trying to create a hit game for the North American market. Unable at the time to acquire a license to create a video game based on the Popeye character, Nintendo decides to create a game mirroring the characteristics and rivalry of Popeye and Bluto. Donkey Kong is named after the game’s villain, a pet gorilla gone rogue. The game’s hero is originally called Jumpman, but is retroactively renamed Mario once the game becomes popular and Nintendo decides to use the character in future games. Due to the similarity between Donkey Kong and King Kong, Universal Studios sued Nintendo claiming Donkey Kong violated their trademark. Kong, however, is common Japanese slang for gorilla. The lawsuit was ruled in favor of Nintendo. The success of Donkey Kong helped Nintendo become one of the dominant companies in the video game market. Rant of the Week (15:55) Palestinians say Microsoft unfairly closing their accounts Palestinians living abroad have accused Microsoft of closing their email accounts without warning - cutting them off from crucial online services. They say it has left them unable to access bank accounts and job offers - and stopped them using Skype, which Microsoft owns, to contact relatives in war-torn Gaza. Microsoft says they violated its terms of service - a claim they dispute. Billy Big Balls of the Week (27:39) Scalpers Work With Hackers to Liberate Ticketmaster's ‘Non-Transferable’ Tickets A lawsuit filed in California by concert giant AXS has revealed a legal and technological battle between ticket scalpers and platforms like Ticketmaster and AXS, in which scalpers have figured out how to extract “untransferable” tickets from their accounts by generating entry barcodes on parallel infrastructure that the scalpers control and which can then be sold and transferred to customers. By reverse-engineering how Ticketmaster and AXS actually make their electronic tickets, scalpers have essentially figured out how to regenerate specific, genuine tickets that they have legally purchased from scratch onto infrastructure that they control. In doing so, they are removing the anti-scalping restrictions put on the tickets by Ticketmaster and AXS. 'Gay furry hackers' breach conservative US think tank behind Project 2025 A collective of self-described "gay furry hackers" have released 2GB of data lifted from the Heritage Foundation, the conservative think-tank behind Project 2025 - a set of proposals that would bring the USA closer to being an authoritarian state. The hacktivist group, known as SiegedSec, has been running a campaign it calls "OpTransRights," targeting (mostly government) websites to disrupt efforts to enact or enforce anti-trans and anti-abortion laws. Industry News (33:26) 10 Billion Passwords Leaked on Hacking Forum Crypto Thefts Double to $1.4 Billion, TRM Labs Finds Russia Blocks VPN Services in Information Crackdown Ticketmaster Extortion Continues, Threat Actor Claims New Ticket Leak Cyber-Attack on Evolve Bank Exposed Data of 7.6 Million Customers Most Security Pros Admit Shadow SaaS and AI Use Russian Media Uses AI-Powered Software to Spread Disinformation Smishing Triad Targets India with Fraud Surge Fraud Campaign Targets Russians with Fake Olympics Tickets Tweet of the Week (41:18) https://x.com/dennishegstad/status/1810044171765645568 Come on! Like and bloody well subscribe!…

مرحبًا بك في مشغل أف ام!

يقوم برنامج مشغل أف أم بمسح الويب للحصول على بودكاست عالية الجودة لتستمتع بها الآن. إنه أفضل تطبيق بودكاست ويعمل على أجهزة اندرويد والأيفون والويب. قم بالتسجيل لمزامنة الاشتراكات عبر الأجهزة.