Talkin' Bout [Infosec] News

00:00 - PreShow Banter™ — The Bed Slinger08:34 - The Oracle of Lies! - BHIS - Talkin’ Bout [infosec] News 2025-03-3110:43 - Story # 1: Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service20:00 - Story # 2: A Sneaky Phish Just Grabbed my Mailchimp Mailing List26:17 - Story # 3: Windows 11 is closing a loophole that let you skip making a Microsoft account29:51 - Story # 4: The Trump Administration Accidentally Texted Me Its War Plans32:51 - Story # 4b: Signal is ‘absolutely not suitable’ for government use: Former NSA hacker37:42 - Story # 5: How the FBI Tracked, and Froze, Millions Sent to Criminals in Massive Caesars Casino Hack42:27 - Story # 6: Retail giant Sam’s Club investigates Clop ransomware breach claims45:07 - WEBCAST – Keeping Things Local – Making Your Own Private LLM w/ Bronwen Aker46:16 - Story # 7: New VanHelsing ransomware targets Windows, ARM, ESXi systems48:28 - Story # 8: Infostealer campaign compromises 10 npm packages, targets devs53:13 - Story # 9: Risky Biz News: EU bans anonymous crypto payments56:02 - ChickenSec: South African Poultry Company Reports $1M Loss After Cyber Intrusion (00:00) - PreShow Banter™ — The Bed Slinger (08:34) - BHIS - Talkin' Bout [infosec] News 2025-03-31 (10:43) - Story # 1: Oracle attempt to hide serious cybersecurity incident from customers in Oracle SaaS service (20:00) - Story # 2: A Sneaky Phish Just Grabbed my Mailchimp Mailing List (26:16) - Story # 3: Windows 11 is closing a loophole that let you skip making a Microsoft account (29:50) - Story # 4: The Trump Administration Accidentally Texted Me Its War Plans (32:51) - Story # 4b: Signal is 'absolutely not suitable' for government use: Former NSA hacker (37:41) - Story # 5: How the FBI Tracked, and Froze, Millions Sent to Criminals in Massive Caesars Casino Hack (42:26) - Story # 6: Retail giant Sam’s Club investigates Clop ransomware breach claims (45:07) - WEBCAST – Keeping Things Local – Making Your Own Private LLM w/ Bronwen Aker (46:15) - Story # 7: New VanHelsing ransomware targets Windows, ARM, ESXi systems (48:27) - Story # 8: Infostealer campaign compromises 10 npm packages, targets devs (53:12) - Story # 9: Risky Biz News: EU bans anonymous crypto payments (56:02) - ChickenSec: South African Poultry Company Reports $1M Loss After Cyber Intrusion

00:00 - PreShow Banter™ — We’re Not Ready For the Finger Thing01:40 - Trading in Jock Straps for Jock Hacks – BHIS - Talkin’ Bout [infosec] News 2025-03-2403:24 - Story # 1: GitHub Action hack likely led to another in cascading supply chain attack07:53 - Story # 2: Wiz to Join Google Cloud: Making Magic Together14:47 - Story # 3: Oracle denies breach after hacker claims theft of 6 million data records19:52 - Story # 4: Critical flaw in Next.js lets hackers bypass authorization25:47 - Story # 5: Cloudflare builds an AI to lead AI scraper bots into a horrible maze of junk content29:20 - Story # 6: Ex-Michigan QB coach Matt Weiss facing 24 federal charges in hack of thousands of student accounts35:47 - Story # 7: DNA of 15 Million People for Sale in 23andMe Bankruptcy38:40 - Story # 8: Everything you say to your Echo will be sent to Amazon starting on March 2844:03 - Story # 9: We partner with world-renowned scambusters to create our own fraud-fighting call centre52:01 - Story # 10: Sperm donation giant California Cryobank warns of a data breach54:19 - Story # 11: Microsoft: New RAT malware used for crypto theft, reconnaissance56:32 - Story # 12: TrustedSec | Trimarc Joins Forces with TrustedSec to Strengthen… (00:00) - PreShow Banter™ — We're Not Ready For the Finger Thing (01:40) - Trading in Jock Straps for Jock Hacks – BHIS - Talkin' Bout [infosec] News 2025-03-24 (03:23) - Story # 1: GitHub Action hack likely led to another in cascading supply chain attack (07:53) - Story # 2: Wiz to Join Google Cloud: Making Magic Together (14:46) - Story # 3: Oracle denies breach after hacker claims theft of 6 million data records (19:51) - Story # 4: Critical flaw in Next.js lets hackers bypass authorization (25:46) - Story # 5: Cloudflare builds an AI to lead AI scraper bots into a horrible maze of junk content (29:20) - Story # 6: Ex-Michigan QB coach Matt Weiss facing 24 federal charges in hack of thousands of student accounts (35:46) - Story # 7: DNA of 15 Million People for Sale in 23andMe Bankruptcy (38:40) - Story # 8: Everything you say to your Echo will be sent to Amazon starting on March 28 (44:02) - Story # 9: We partner with world-renowned scambusters to create our own fraud-fighting call centre (52:00) - Story # 10: Sperm donation giant California Cryobank warns of a data breach (54:19) - Story # 11: Microsoft: New RAT malware used for crypto theft, reconnaissance (56:32) - Story # 12: TrustedSec | Trimarc Joins Forces with TrustedSec to Strengthen…

00:00 - PreShow Banter™ — Fun Jank Decks05:25 - BHIS - Talkin’ Bout [infosec] News 2025-03-17 - Malicious browser plugins will destroy us ALL!!!!!06:35 - Story # 1: Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension14:37 - Story # 1b: Chrome Web Store is a mess31:14 - Story # 2: Lazarus Strikes npm Again with New Wave of Malicious Packages36:17 - Story # 3: China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days44:44 - Story # 4: Saudi Arabia Buys Pokémon Go, and Probably All of Your Location Data49:31 - Story # 5: Second biggest bank in US hit by major data breach stealing social security numbers and other personal info51:25 - Story # 6: Hackers Take Credit for X Cyberattack54:32 - Story # 7: Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account (00:00) - PreShow Banter™ — Fun Jank Decks (05:24) - BHIS - Talkin' Bout [infosec] News 2025-03-17 - Malicious Browser Plugins will Destroy us ALL!! (06:35) - Story # 1: Polymorphic Extensions: The Sneaky Extension That Can Impersonate Any Browser Extension (14:37) - Story # 1b: Chrome Web Store is a mess (31:14) - Story # 2: Lazarus Strikes npm Again with New Wave of Malicious Packages (36:17) - Story # 3: China’s Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days (44:43) - Story # 4: Saudi Arabia Buys Pokémon Go, and Probably All of Your Location Data (49:31) - Story # 5: Second biggest bank in US hit by major data breach stealing social security numbers and other personal info (51:25) - Story # 6: Hackers Take Credit for X Cyberattack (54:32) - Story # 7: Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account

00:00 - PreShow Banter™ — Agent A.I.07:35 - BHIS - Talkin’ Bout [infosec] News 2025-03-1010:47 - Story # 1: 12 Chinese hackers charged with US Treasury breach — and much, much more15:25 - Story # 2: Signal President Meredith Whittaker calls out agentic AI as having ‘profound’ security and privacy issues25:33 - Story # 3: X/Twitter is down for a third time today27:33 - Story # 4: Developer sabotaged ex-employer with kill switch activated when he was let go33:37 - Story # 5: Undocumented commands found in Bluetooth chip used by a billion devices45:37 - Story # 6: Cybercrime’s Cobalt Strike Use Plummets 80% Worldwide46:19 - Story # 7: Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags55:01 - Story # 8: Ransomware gang encrypted network from a webcam to bypass EDR (00:00) - PreShow Banter™— Agent A.I. (07:35) - BHIS - Talkin' Bout [infosec] News 2025-03-10 (10:47) - Story # 1: 12 Chinese hackers charged with US Treasury breach — and much, much more (15:24) - Story # 2: Signal President Meredith Whittaker calls out agentic AI as having ‘profound’ security and privacy issues (25:32) - Story # 3: X/Twitter is down for a third time today (27:33) - Story # 4: Developer sabotaged ex-employer with kill switch activated when he was let go (33:37) - Story # 5: Undocumented commands found in Bluetooth chip used by a billion devices (45:36) - Story # 6: Cybercrime's Cobalt Strike Use Plummets 80% Worldwide (46:19) - Story # 7: Majority of Orgs Hit by AI Cyber-Attacks as Detection Lags (55:00) - Story # 8: Ransomware gang encrypted network from a webcam to bypass EDR

00:00 - PreShow Banter™ — Not Talking About Anything04:29 - BHIS - Talkin’ Bout [infosec] News 2025-03-0305:42 - Story # 1: FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data24:28 - Story # 2: Disney engineer downloaded ‘helpful’ AI tool that ended up completely destroying his life34:28 - Story # 3: Have I Been Pwned adds 284M accounts stolen by infostealer malware43:22 - Story # 4: Dragos’s 8th Annual OT Cybersecurity Year in Review Is Now Available45:53 - Story # 5: Trump administration retreats in fight against Russian cyber threats55:19 - Story # 5b: Exclusive: US intel shows Russia and China are attempting to recruit disgruntled federal employees, sources say57:33 - Story # 6: Feds: Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’ (00:00) - PreShow Banter™ — Not Talking About Anything (04:28) - BHIS - Talkin' Bout [infosec] News 2025-03-03 (05:42) - Story # 1: FBI Warns iPhone, Android Users—We Want ‘Lawful Access’ To All Your Encrypted Data (24:27) - Story # 2: Disney engineer downloaded 'helpful' AI tool that ended up completely destroying his life (34:27) - Story # 3: Have I Been Pwned adds 284M accounts stolen by infostealer malware (43:22) - Story # 4: Dragos's 8th Annual OT Cybersecurity Year in Review Is Now Available (45:53) - Story # 5: Trump administration retreats in fight against Russian cyber threats (55:19) - Story # 5b: Exclusive: US intel shows Russia and China are attempting to recruit disgruntled federal employees, sources say (57:32) - Story # 6: Feds: Army soldier suspected of AT&T heist Googled ‘can hacking be treason,’ ‘defecting to Russia’

00:00 - PreShow Banter™ — Get Political05:27 - BHIS - Talkin’ Bout [infosec] News 2025-02-2506:07 - Story # 1: Trump 2.0 Brings Cuts to Cyber, Consumer Protections37:57 - Story # 2: OpenAI Uncovers Evidence of A.I.-Powered Chinese Surveillance Tool49:48 - Story # 3: Apple pulls data protection tool after UK government security row55:00 - Story # 4: Judge dismisses Chris Hadnagy lawsuit against DEF CON (00:00) - PreShow Banter™ — Get Political (05:26) - BHIS - Talkin' Bout [infosec] News 2025-02-25 (06:07) - Story # 1: Trump 2.0 Brings Cuts to Cyber, Consumer Protections (37:56) - Story # 2: OpenAI Uncovers Evidence of A.I.-Powered Chinese Surveillance Tool (49:48) - Story # 3: Apple pulls data protection tool after UK government security row (54:59) - Story # 4: Judge dismisses Chris Hadnagy lawsuit against DEF CON

 00:00 - PreShow Banter™ — Prove That You’re Wearing Pants05:50 - BHIS - Talkin’ Bout [infosec] News 2025-05-1706:46 - Story # 1: Fortinet discloses second firewall auth bypass patched in January07:12 - Story # 1b: Fortinet CEO boasts it was voted the “most trusted” cybersecurity firm. Don’t die laughing08:45 - Story # 1c: Forbes Most Trusted Companies in America 2025 List16:25 - Story # 2: SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account18:37 - Story # 2b: Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation20:04 - Story # 3: Putting the human back into AI is key, former NSA Director Nakasone says36:35 - Story # 4: Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack37:44 - Story # 5: DOGE Exposes Once-Secret Government Networks, Making Cyber-Espionage Easier than Ever43:14 - Story # 5b: DOGE’s .gov site lampooned as coders quickly realize it can be edited by anyone46:59 - Story # 6: Man who SIM-swapped the SEC’s X account pleads guilty51:26 - Story # 7: Russia’s Sandworm caught snarfing credentials, data from American and Brit orgs53:55 - Story # 8: Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed  (00:00) - PreShow Banter™ — Prove That You're Wearing Pants (05:49) - BHIS - Talkin' Bout [infosec] News 2025-05-17 (06:46) - Story # 1: Fortinet discloses second firewall auth bypass patched in January (07:11) - Story # 1b: Fortinet CEO boasts it was voted the “most trusted” cybersecurity firm. Don't die laughing (08:44) - Story # 1c: Forbes Most Trusted Companies in America 2025 List (16:24) - Story # 2: SAML Bypass Authentication on GitHub Enterprise Servers to Login as Other User Account (18:37) - Story # 2b: Rapid7 Flags New PostgreSQL Zero-Day Connected to BeyondTrust Exploitation (20:04) - Story # 3: Putting the human back into AI is key, former NSA Director Nakasone says (36:34) - Story # 4: Apple Confirms USB Restricted Mode Exploited in ‘Extremely Sophisticated’ Attack (37:43) - Story # 5: DOGE Exposes Once-Secret Government Networks, Making Cyber-Espionage Easier than Ever (43:14) - Story # 5b: DOGE’s .gov site lampooned as coders quickly realize it can be edited by anyone (46:58) - Story # 6: Man who SIM-swapped the SEC's X account pleads guilty (51:26) - Story # 7: Russia's Sandworm caught snarfing credentials, data from American and Brit orgs (53:55) - Story # 8: Nearly 10 years after Data and Goliath, Bruce Schneier says: Privacy’s still screwed

00:00 - PreShow Banter™ — Walking Through Denver02:23 - BHIS - Talkin’ Bout [infosec] News 2025-02-1004:35 - Story # 1: Ransomware payments declined in 2024 despite massive. well-known hacks05:02 - Story # 1b: 35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Payments14:19 - Story # 2: Critical Cisco ISE bug can let attackers run commands as root16:43 - Story # 3: The Untold Story of a Crypto Crimefighter’s Descent Into Nigerian Prison24:18 - Story # 4: IoT’s botnet problem is up 500% – three things admins must do now31:49 - Story # 5: WhatsApp identifies dozens of users hacked by Paragon spyware company39:41 - Story # 6: Sri Lanka goes bananas after monkey unplugs nation43:36 - Story # 7: Microsoft Study Finds AI Makes Human Cognition “Atrophied and Unprepared”50:17 - ChickenSec Story #: 1 Here’s a Super Bowl riddle: Why are egg prices surging — but not chicken wings?52:21 - Story # 8: DOGE Staffer Previously Fired From Cybersecurity Company for Leaking Secrets58:07 - ChickenSec Story #2: Americans to Eat 1.47 Billion Chicken Wings for Super Bowl LIX (00:00) - PreShow Banter™ — Walking Through Denver (02:23) - BHIS - Talkin' Bout [infosec] News 2025-02-10 (04:34) - Story # 1: Ransomware payments declined in 2024 despite massive. well-known hacks (05:02) - Story # 1b: 35% Year-over-Year Decrease in Ransomware Payments, Less than Half of Recorded Incidents Resulted in Victim Payments (14:18) - Story # 2: Critical Cisco ISE bug can let attackers run commands as root (16:42) - Story # 3: The Untold Story of a Crypto Crimefighter’s Descent Into Nigerian Prison (24:17) - Story # 4: IoT’s botnet problem is up 500% – three things admins must do now (31:48) - Story # 5: WhatsApp identifies dozens of users hacked by Paragon spyware company (39:40) - Story # 6: Sri Lanka goes bananas after monkey unplugs nation (43:35) - Story # 7: Microsoft Study Finds AI Makes Human Cognition “Atrophied and Unprepared” (50:16) - ChickenSec Story #: 1 Here's a Super Bowl riddle: Why are egg prices surging — but not chicken wings? (52:21) - Story # 8: DOGE Staffer Previously Fired From Cybersecurity Company for Leaking Secrets (58:06) - ChickenSec Story #2: Americans to Eat 1.47 Billion Chicken Wings for Super Bowl LIX

00:00 - PreShow Banter™ — Community Swear Bucket01:40 - BHIS - Talkin’ Bout [infosec] News 2025-02-0503:27 - Story # 1: DeepSeek R1 Exposed: Security Flaws in China’s AI Model11:25 - Story # 2: Backdoor found in two healthcare patient monitors, linked to IP in China15:21 - Story # 3: Facebook flags Linux topics as ‘cybersecurity threats’ — posts and users being blocked20:56 - Story # 4: Here’s how Musk’s access to Treasury system may impact Social Security, other government payments31:29 - Story # 5: Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections34:34 - Story # 6: Insurance Company Globe Life Notifying 850,000 People of Data Breach36:15 - Story # 10: DeepSeek Fails Researchers’ Safety Tests38:35 - Story # 11: Engineering giant Smiths Group discloses security breach (00:00) - PreShow Banter™ — Community Swear Bucket (01:39) - BHIS - Talkin' Bout [infosec] News 2025-02-05 (03:26) - Story # 1: DeepSeek R1 Exposed: Security Flaws in China’s AI Model (11:24) - Story # 2: Backdoor found in two healthcare patient monitors, linked to IP in China (15:20) - Story # 3: Facebook flags Linux topics as 'cybersecurity threats' — posts and users being blocked (20:55) - Story # 4: Here’s how Musk’s access to Treasury system may impact Social Security, other government payments (31:28) - Story # 5: Russian Cybercrime Groups Exploiting 7-Zip Flaw to Bypass Windows MotW Protections (34:34) - Story # 6: Insurance Company Globe Life Notifying 850,000 People of Data Breach (36:15) - Story # 10: DeepSeek Fails Researchers' Safety Tests (38:35) - Story # 11: Engineering giant Smiths Group discloses security breach

00:00 - PreShow Banter™ — Fake Australian04:17 - BHIS - Talkin’ Bout [infosec] News 2025-01-2704:34 - Story # 1: DeepSeek sparks AI stock selloff; Nvidia posts record market-cap loss30:50 - Story # 2: Tech giants are putting $500bn into ‘Stargate’ to build up AI in US42:23 - Story # 3: DeepSeek Faces Large-scale Cyberattack, Halts New User Registrations43:34 - Story # 4: DHS cyber review board cleaned out in Trump move to eliminate ‘misuse of resources’47:38 - Story # 5: UnitedHealth estimates 190M people impacted by Change Healthcare cyberattack50:02 - Story # 5b: UnitedHealth now says 190 million impacted by 2024 data breach53:09 - Story # 6: Cloudflare Issue Can Leak Chat App Users’ Broad Location54:09 - Story # 7: Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel59:40 - Story # 8: Researchers say new attack could take down the European power grid (00:00) - PreShow Banter™ — Fake Australian (04:17) - BHIS - Talkin' Bout [infosec] News 2025-01-27 (04:34) - Story # 1: DeepSeek sparks AI stock selloff; Nvidia posts record market-cap loss (30:49) - Story # 2: Tech giants are putting $500bn into 'Stargate' to build up AI in US (42:23) - Story # 3: DeepSeek Faces Large-scale Cyberattack, Halts New User Registrations (43:33) - Story # 4: DHS cyber review board cleaned out in Trump move to eliminate ‘misuse of resources’ (47:38) - Story # 5: UnitedHealth estimates 190M people impacted by Change Healthcare cyberattack (50:01) - Story # 5b: UnitedHealth now says 190 million impacted by 2024 data breach (53:08) - Story # 6: Cloudflare Issue Can Leak Chat App Users' Broad Location (54:09) - Story # 7: Hacking Subaru: Tracking and Controlling Cars via the STARLINK Admin Panel (59:39) - Story # 8: Researchers say new attack could take down the European power grid