The Host Unknown Podcast

This Week in InfoSec (08:13)With content liberated from the “today in infosec” Twitter account29th October 1969: The first message sent over the ARPANET was from Leonard Kleinrock’s UCLA computer, sent by student programmer Charley Kline at 10:30 PM to the second node at Stanford Research Institute’s computer in Menlo Park, California.The message was simply "Lo." But not on purpose.Charley Kline Sends the First Message Over the ARPANET from Leonard Kleinrock's Computerhttps://twitter.com/todayininfosec/status/132186187898595328225th October 2008: A 43-year-old woman in Japan was arrested after she hacked into the computer of the man she'd married in the online game MapleStory and erased his carefully constructed digital character after their relationship curdled.Woman faces jail for hacking her virtual husband to deathhttps://twitter.com/todayininfosec/status/1320513559500128257 Rant of the Week (18:18)Why You Should Delete Your Facebook AppA stark new warning for almost all iPhone users, as Facebook is suddenly caught “secretly” harvesting sensitive data without anyone realizing. And worse, there’s no way to stop this especially invasive tracking other than by deleting the app. Billy Big Balls of the Week (27:15)Teen bought Google ad for his scam website and made 48 Bitcoins duping UK online shoppersThe schoolboy set up a website impersonating gift voucher site Love2Shop. Having done that he then bought Google ads which resulted in his fake site appearing above the real one in search results. Industry News (34:03) Government Agents Compromise REvil Backups to Force Group OfflineHalloween Horror-Show for Candy-Maker Hit by RansomwareNew Cybersecurity World Record SetTesco App and Website Back Online After Cyber IncidentBlackMatter Bug Saved Victims Millions in Ransom PaymentsStudy Coordinator Falsified Clinical Trial DataEC-Council Offers Free Cybersecurity TrainingOfcom's Scam Call-Blocking Plan Could Save Consumers MillionsNorth Korean Lazarus APT Targets Software Supply Chain Tweet of the week (41:28)https://twitter.com/coriplusplus/status/1453483418944159748https://twitter.com/MegabitMeghan/status/1453398057312215042 Come on! Like and bloody well subscribe!

This Week in InfoSec (13:03)With content liberated from the “today in infosec” Twitter account20th October 1996: Twenty-five years ago today. Happy birthday, Ping of Death. Ping of Deathhttps://twitter.com/ajMSFT/status/1450833383597043713?s=2015th October 1985: 50 FBI agents raided more than 20 homes, seizing 25 personal computers (mostly Commodore 64s) after a group of at least 23 teenagers in San Diego County remotely broke into Chase Manhattan Bank computer systems that July and August.CHASE COMPUTER RAIDED BY YOUTHShttps://twitter.com/todayininfosec/status/1184283049204174849 On the Group Chat (20:27) From @maxsec friend of the show:Cybercrime gang sets up fake company to hire security experts to aid in ransomware attackshttps://twitter.com/campuscodi/status/1451241038908121099 Billy Big Balls of the Week  (29:04)https://twitter.com/ImposeCost/status/1449738212696641538?s=20 Industry News (36:50)US Treasury Tracks $5.2bn of Ransomware Transactions in Six MonthsTwitch: No Passwords Were Taken in Data BreachUK in Midst of $200m Crypto Fraud EpidemicApple iCloud Hacker Steals NudesLightBasin Operation Compromises 13 Global Telcos in Two YearsMicrosoft, Intel and Goldman Sachs Team Up For New Supply Chain Security InitiativeTwitter Pulls Account After Argentinian Mega Breach ClaimsData Scrapers Expose 2.6 Million Instagram and TikTok UsersUS to Ban Export of Hacking Tools to Authoritarian States Tweet of the Week (46:02)https://twitter.com/ElJefeDSecurIT/status/1451232980463075332 Come on! Like and bloody well subscribe!

This Week in InfosecWith content liberated from the “today in infosec” twitter account13th October 1999: An episode of the "True Life" documentary series titled "I'm a Hacker" aired on MTV. Afterwards one of the hackers featured on the show, Shamrock, issued a statement revealing that the whole thing was a hoax to dupe MTV. D'ohMTV made to look ridiculous by fake hackerTrue Life 'I'm a Hacker' 1 of 2True Life ‘I’m a Hacker’ 2 of 2https://twitter.com/todayininfosec/status/1316187816540413953  9th October 1999: A year after Staples launched its website, it was compromised.Add malicious code? Nope.Deface with a political message. No. Redirect to a porn site? Nah. Then what!? Advertisements were added which led to one of its competitors, Office Depot. Staples Sues Unnamed Hackerhttps://twitter.com/todayininfosec/status/1314710023931559937 As Seen on RedditSuperlative levels of TechBro shithousery in the technical recruitment zone of San FranciscoTech bro invents a "skip the interview" tool where you can crowdfund your way into getting a job. r/recruitinghell is having none of it.  Billy Big Balls of the WeekFraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police FindAI voice cloning is used in a huge heist in the U.A.E., according to Dubai investigators, amidst warnings about cybercriminal use of the new technology. Industry NewsNatWest Pleads Guilty in £400m Money Laundering CaseBrewer's Token Gaffe Causes Massive PII BreachCouple Arrested Over Sale of Nuclear Secrets  Android Phones Sharing Significant User Data Without Opt-OutsNCSC CEO: Ransomware the "Most Immediate Threat" Facing UK BusinessesGhanaian Women Cautioned Against Sharing NudesCrypto Romance Scam Drains $1.4MFinancial Regulator Warns of Hybrid Working Security RisksMet Police Loses 2280 Electronic Devices in Last Two Years As Seen on TikTokThe Ron Burgandy of British "politics"Nigel Farage promoting drug dealers The Box © Charlie Langford charlie@clmediagroup.com for all of your video and sound production and postproduction needs. Come on! Like and bloody well subscribe!

This Week in InfoSec (08:01)With content liberated from the “today in infosec” Twitter account8th September 2009: FBI director Robert Mueller disclosed that his wife banned him from banking online after he nearly fell for an email phishing scam.Wife bans FBI head from online bankinghttps://twitter.com/todayininfosec/status/13140022932269056003rd October 2017: A week after he retired as the result of Equifax's data breach, former CEO Richard F. Smith told members of Congress one person in the IT department was at fault.Equifax Breach Caused by Lone Employee’s Error, Former C.E.O. SaysHow the Equifax hack happened, and what still needs to be donehttps://twitter.com/todayininfosec/status/1312589059559170050 Rant of the Week (16:35)IKEA: Cameras were hidden in the ceiling above warehouse toilets for 'health and safety'IKEA has removed hidden security cameras from its warehouse in Peterborough, England, after an employee spotted one in the ceiling void while using the toilet. As Seen on TikTok (24:59)Facebook rendered spineless by buggy audit code that missed catastrophic network config errorFacebook has admitted buggy auditing code was at the core of Tuesday’s six-hour outage – and revealed a little more about its infrastructure to explain how it vanished from the internet.As described by rey.nbows on TIK TOK Industry News (34:18)Facebook Whistleblower to Testify Before SenatePandora Spills Secrets of Super RichDeepMind Technologies Sued Over Data SharingFacebook Blames Global Outage on Configuration ErrorText Message Giant Reveals Five-Year BreachSquid Game Scenes Cut Over Data ExposureNCSC: Revoke Admin Access for BYOD Users ImmediatelyInfosec Experts: Twitch Breach “As Bad as it Gets”US Creates National Cryptocurrency Enforcement Team Tweet of the Week (42:42)https://twitter.com/cybersecstu/status/1446104732578328583https://twitter.com/SmashinSecurity/status/1445520598017314826 The Box © Charlie Langford Come on! Like and bloody well subscribe!

Jav's Record Breakers 14th October https://www.eventbrite.ie/e/biggest-virtual-cybersecurity-lesson-tickets-166314899341 https://www.prnewswire.com/news-releases/organizers-of-security-serious-week-aim-to-set-new-guinness-world-records-title-for-viewership-of-an-online-security-lesson-301376191.html This week in InfosecWith content liberated from the “today in infosec” Twitter account27th September 2001: Jan de Wit was sentenced to 150 hours of community service in the Netherlands for creating and spreading the Anna Kournikova virus. It was one of the first of the major viruses created from a virus toolkit - the dawn of cybercrime toolkits.Kournikova virus kiddie gets 150 hours community servicehttps://twitter.com/todayininfosec/status/117777255707784396827th September 1998: On this day in 1998: Google launchesGoogle Milestones8 Search Engines That Rocked Before Google Even Existedhttps://twitter.com/JonErlichman/status/1442432706877399049?s=20   Rant of the WeekSecure those Macs: Apple must step up and support older machinesFor the good of the planet and the safety of its users, it's time for Apple to step up and support its older machines. Billy big Balls of the WeekMr GoxA hamster has been trading cryptocurrencies in a cage rigged to automatically buy and sell tokens since June - and it's currently outperforming the S&P 500 Industry NewsEU Slams Russia Over Disinformation Hacking CampaignHuawei CFO Released After Admitting She Misled BankComputer Scientist Jailed Over Dark Web ConspiracyCrypto Developer Pleads Guilty to North Korean PlotCanadian Vaccine Passport App Exposes DataSolarWinds Attackers Develop New FoggyWeb BackdoorVulnerability Exposes iPhone Users to Payment FraudScammers Capitalize on Release of New Bond MovieCyber Second Only to Climate Change as Biggest Global Risk Tweet of the Weekhttps://twitter.com/csoandy/status/1442501996750118915?s=20https://twitter.com/dcuthbert/status/1442821545047601163?s=20 "The Boc" © Charlie Langford Come on! Like and bloody well subscribe!

This Week in InfoSec (04:56)With content liberated from the “today in infosec” Twitter account18th September 2015: Google notified Symantec that the latter issued 23 test certificates for five organizations, including Google and Opera, without the domain owners' knowledge. Symantec performed an audit and announced that an additional 2,622 test certificates were mis-issued.Sustaining Digital Certificate Securityhttps://twitter.com/todayininfosec/status/143938865326496563820th September 1996: An email began spreading about a destructive virus named Irina. Some virus nerd called Graham Cluley discovered it was a hoax "marketing ploy" from Penguin Books.Computer Viruses and Hoaxeshttps://twitter.com/todayininfosec/status/1307862674387144705 The Box © Charlie Langford Rant of the Week (12:55)Investigation launched after MoD email blunder Billy Big Balls of the Week (20:55)Tick, tick, tick … TikTok China just limited kids to 40 minutes' use each day Industry News (34:17)Experts Concerned Over New Digital Secretary's Lack of Cyber KnowledgeRomance Scammers Make $133m in First Half of 2021Former IT Exec Pleads Guilty to Insider Trading ConspiracyData of 106 Million Visitors to Thailand BreachedEuropean Police Bust €10m Mafia Fraud RingPrison for AT&T Phone-Unlocking FraudsterAfghan Interpreters' Data Exposed in MoD BreachHalf of Web Owners Don't Know if Their Site Has Been AttackedUS Eye-Care Providers Report Data Breaches Tweet of the Week (41:43)https://twitter.com/aprivateguy/status/1441091095471874053?s=20https://twitter.com/ReverseICS/status/1441048111292506112And just for Andy...https://twitter.com/AlyssaM_InfoSec/status/1441135546961563649?s=20 Come on! Like and bloody well subscribe!

This Week in InfoSec (04:09)With content liberated from the “today in infosec” twitter account16th September 2008: 20-year-old David Kernell compromised the Yahoo! email account of US vice presidential candidate Sarah Palin, then posted her emails to 4chan.2 years later he was found guilty and sentenced to a year in prison. At age 30 he died of complications related to MS.Student convicted of hacking Sarah Palin e-mail accountSarah Palin email hackhttps://twitter.com/todayininfosec/status/13063605979158650979th September 2015: The security of 300 million travel locks was compromised after 3-D printing files were posted online.Then again, these travel locks never were particularly secure.Lockpickers 3-D Print TSA Master Luggage Keys From Leaked Photoshttps://twitter.com/todayininfosec/status/1303847394556219392   Tweet of the Week (13:06)https://twitter.com/yolkfolk_com/status/1438580784294735875 Sticky Pickle of the Week (18:16)Sticky Pickle of the Week is the part of the show where everyone chooses something that they like. It could be a funny story, a book they’ve read, a TV show, movie, record, a podcast, a website, or an app, whatever they like.  It doesn’t have to be security-related necessarily.Better not be!Brits open doors for tech-enabled fraudsters because they 'don't want to seem rude'Brits are too polite to tell phone scammers to "get stuffed", "take a hike" or "sling yer 'ook" when they impersonate so-called "trusted organisations" such as banks.That's according to the trade association UK Finance, which found that the number of "impersonation scam cases" more than doubled in the first half of 2021 to 33,115 – up from 14,947 during the same period last year.That is a Sticky PickleIt's time to delete that hunter2 password from your Microsoft account, says IT giantFrom this week, Microsoft won't require you, or your password manager, to come up with strings of letters, numbers, and special characters forming a silly sentence or a reconfiguration of an ex’s name and birthday to access the Windows giant's services.That is to say, you can delete the password from your Microsoft account, and login using the Microsoft Authenticator app, Windows Hello, a security key, or a verification code sent to your cellphone or email inbox. (Last year, Redmond said SMS codes were unsafe for authentication, we note.)That is a Sticky PickleRansomware crims saying 'We'll burn your data if you get a negotiator' can't be legally paid off anywayA couple of ransomware gangs have threatened to start deleting files if targeted companies call in professional negotiators to help lower prices for decryption tools.Grief Corp is the latest criminal crew to warn its victims with instant data destruction if it suspects a mark has engaged a mediator.In a statement posted to its Tor-hosted blog, Grief Corp said: "We wanna play a game. If we see professional negotiator from Recovery Company™ – we will just destroy the data.That is a Sticky Pickle Industry News (31:16)Poland Extradites Alleged Botnet Operator to USUK Man Gets Five Years for Online Abuse CampaignWhatsApp to Roll Out Encrypted BackupsUS Locks Up Key Player in Nigerian Romance ScamApple Releases Urgent Patch Following Discovery of Pegasus SpywareMassachusetts AG Launches Probe into T-Mobile Data BreachMicrosoft Patches OMIGOD, MSHTML and PrintNightmare BugsAmericans Fined After Hacking for Foreign GovernmentHousehold Names Hit with £500K Fine for Spamming Consumers Tweet of the Week (38:05)https://twitter.com/snipeyhead/status/1437935968460304384?s=20 Come on! Like and bloody well subscribe!

This Week in InfoSec (11:14)With content liberated from the “today in infosec” twitter account5th September 1983: The term "hacker" was used by Newsweek, mainstream media's earliest known use of the term in the pejorative sense.The magazine's cover photo of 17-year-old 414s (hacker group) member Neal Patrick was captioned '414 "Hacker" Neal Patrick.'.‘Hacker’ is used by mainstream media, September 5, 1983the414s.comhttps://twitter.com/todayininfosec/status/1302239152046563328https://en.wikipedia.org/wiki/Phreaking_box 9th September 2001: Mark Curphey started OWASP (the Open Web Application Security Project).Who is the OWASP® Foundation?https://twitter.com/todayininfosec/status/1303830903987359744    Tweet of the Week (21:26)https://twitter.com/RSnake/status/1435989191414976512?s=20 Tweet of the Week (26:41) https://twitter.com/hanbandit/status/1436008564020088833 Industry News (31:55)FTC Bans Stalkerware App in Industry FirstTexan Accused of Cyber-Stalking and Murder Dies in JailID Theft Couple on the RunICO Requests International Support to Tackle Cookie Pop-UpsCybersecurity Student Scams Senior Out of $55KStress and Burnout Affecting Majority of Cybersecurity ProfessionalsData Breach Lawsuit Against Sonic Will ProceedBerners-Lee Joins ProtonMail Following Privacy DebacleSecurity Now a "Thankless Task" For 80% of IT Teams Tweet of the Week (40:01)https://twitter.com/hondanhon/status/1436027395115393024 The Box © Charlie Langford Come on! Like and bloody well subscribe!

This Week in InfoSecWith content liberated from the “today in infosec” twitter account1st September 1997: Nmap was first released as a simple port scanner via an article in issue 51 of Phrack magazine which included the source code.http://phrack.org/issues/51/11.htmlhttps://twitter.com/todayininfosec/status/130086427849755852831st August 2014: A user of the message board 4chan posted leaked photos of actress Jennifer Lawrence and numerous other celebrities.https://mashable.com/archive/celebrity-nude-photo-hackhttps://twitter.com/todayininfosec/status/1300537361676283905   Rant of the WeekGuntrader site hacked and plotted onto Google Maps Billy Big Balls of the WeekScam artists are recruiting English speakers for business email campaignsAccording to Intel 471, forums are now being used to seek out English speakers, in particular, to bring together teams able to manage both the technical aspects and social engineering elements of a BEC scam. If a scam is to succeed, the target employee must believe communication comes from a legitimate source -- and secondary language use, spelling mistakes, and grammatical issues could all be indicators that something isn't right, in the same way that run-of-the-mill spam often contains issues that alert recipients to attempted fraud. "Actors like those we witnessed are searching for native English speakers since North American and European markets are the primary targets of such scams," the researchers say.In addition, threat actors are also trying to recruit launderers to clean up the proceeds from BEC schemes, often achieved through cryptocurrency mixer and tumbler platforms. One advert spotted by the team asked for a service able to launder up to $250,000. "The BEC footprint on underground forums is not as large as other types of cybercrime, likely since many of the operational elements of BEC use targeted social engineering tactics and fraudulent domains, which do not typically require technical services or products that the underground offers," Intel 471 says. "[...] Criminals will use the underground for all types of schemes, as long as those forums remain a hotbed of skills that can make criminals money." Industry NewsBangkok Airways Admits Attackers Stole Passenger DataMicrosoft Cloud Databases ExposedUK Government Considers New Regulations for Video Streaming PlatformsIndonesians Told to Delete Unsecured Tracing AppVictim of Cyber-Theft Sues Parents of Alleged CulpritsAustralian Couple Admits “Serious Cyber Hacking Offenses”WhatsApp Fined a Record €225m for GDPR ViolationsSacked Employee Deletes 21GB of Credit Union FilesUK Researchers Invent Device to Thwart USB Malware Tweet of the Weekhttps://twitter.com/JackRhysider/status/1433097343692324864https://cybarrior.com/blog/2019/04/05/eagle-eye-reverse-lookup-tool-for-social-media-accounts/ "The Box" © Charlie Langford Come on! Like and bloody well subscribe!

This week in Infosec (13:24)With content liberated from the “today in infosec” Twitter account25th August 1991: Linux completes 30 years.It was on this date in 1991 that Linus Torvalds announced the first version. He actually wanted to call it as Freax, but his friend Ari Lemmke named it as Linux, which he accepted. Version 1.0 would later be released in March 1994.https://twitter.com/SadaaShree/status/14304157238562037772004: (a mere 17 years ago) The US Department of Justice (DOJ) announced the results of Operation Web Snare - the arrest or conviction of over 150 individuals involved in cybercrime.https://www.justice.gov/archive/opa/pr/2004/August/04_crm_583.htm Rant of the Week (29:03)https://www.ncsc.gov.uk/blog-post/10-years-of-10-steps-to-cyber-security Billy Big Balls of the Week (36:40)Iran official acknowledges videos of Evin prison abuse realThis clip of a security control room at Iran's most notorious prison being shut down by hackers is straight out of a movie.Hackers are now leaking stolen CCTV from across the Evin prison to highlight the abuse of inmates Industry News (45:35)Crunch Time for Liquid as Crypto Exchange Loses $97m to HackersMan Gets Three Years for Stealing Nude Photos from College VictimsHackers Leak Footage of Iranian PrisonPoly Network Hacker Returns Remaining FundsAT&T Denies Data BreachTime to Fix High Severity Apps Increases by Ten DaysDrug Dealers Get 27 Years After Police Crack EncroChat Comms70% of Cyber Pros Believe Cyber Insurance is Exacerbating RansomwareAngry Birds Developer Accused of Illegal Data Collection Tweet of the Week (51:42)Charlatan - Frank W. Abagnale Jr.https://twitter.com/securityerrata/status/1429225280997142530 Come on! Like and bloody well subscribe!