The Host Unknown Podcast

This week in InfosecWith content liberated from the “today in infosec” twitter account14th August 2013: Affinity Health Plan was fined $1,215,780 for a HIPAA violation after a photocopier purchased by CBS for an investigatory report in 2010 revealed medical info.At $1.2M, photocopy breach proves costlyhttps://twitter.com/todayininfosec/status/1294252352191565824  17th August 2005: Jason Smathers, a former employee of AOL, was sentenced to 15 months in prison for selling screen names and email addresses of 92 million users to spammers.Ex-AOL worker who stole e-mail list sentencedJason Smathers: Internet Criminalhttps://twitter.com/todayininfosec/status/1295500512830394371 The Box incidental music © Charlie Langford Rant of the WeekYou can post LinkedIn jobs as almost ANY employer — so can attackersAnyone can create a job listing on the leading recruitment platform LinkedIn on behalf of just about any employer—no verification needed.And worse, the employer cannot easily take these down.Now, that might be nothing new, but the feature and lax verification on career websites pave the ways for attackers to post bogus listings for malicious purposes.The attackers can, for example, use this social engineering tactic to collect personal information and resumes from professionals who believe they are applying to a legitimate company, without realizing their data may be sold or used for phishing scams. Billy Big Balls of the WeekWoman accessed ex-partner’s Alexa to torment his new girlfriendPhilippa Copleston-Warren terrified love rival by using smart device to switch lights on and off and tell her to get out of the houseChelsea woman used Alexa to scold ex-lover’s new girlfriendA management consultant from west London accessed the Alexa device at her ex-boyfriend’s home from more than 100 miles away to tell his new partner to get out of the house.Philippa Copleston-Warren, 46, logged into an app linked to smart devices in the victim’s Lincolnshire home, and was able to see her ex’s new girlfriend on the property’s CCTV system.Prosecutors said Copleston-Warren was able to tell the woman “to get out” and used the app to turn the bedside lights on and off.At Isleworth crown court, Copelston-Warren admitted posting a naked photo of her ex-boyfriend on Facebook, accompanying it with the caption: “Do I look fat??? My daily question”.[That was this weeks BILLY BIG BALLS][SEEN ON REDDIT] Thom:Antivaxers Think Their ‘Pure’ Semen Will Skyrocket in ValueI’m going to retire as a “cum cow” Industry News"Jigsaw Puzzle" Phishing Attacks Use Morse Code to HideCadbury Campaigns Against Cyber-bullyingMisconfigured Server Leaks US Terror WatchlistYik Yak ReturnsAirline Employee Jailed for Spending Passengers’ MoneyT-Mobile: 49 Million Customers Hit by Data BreachJPMorgan Chase Notifies Customers of Data BreachCoin Ninja CEO Admits Operating Darknet Bitcoin MixerWomen Charged Over Sexually Exploitative Child Modeling Sites Tweet of the Weekhttps://twitter.com/Kaipo_Rozwolf/status/1428426623091724289OnlyFans Will Ban Pornography Starting in October, Citing Need to Comply With Financial Partners   Come on! Like and bloody well subscribe!

This Week in Infosec (14:29)With content liberated from the “today in infosec” Twitter account10th August 2001: A Japanese woman, Kumiyo Kishi, was arrested for accessing her coworker's email account, then contacting the user's ISP to regain access after the coworker changed their password.Japan arrests woman for email snoopinghttps://twitter.com/todayininfosec/status/1425123899474423811 7th August 2010: Terry Childs was sentenced to 4 years in prison for network tampering after refusing to hand over network passwords to his supervisor. He was later ordered to pay nearly $1.5 million in restitution. S.F. computer whiz Childs gets 4-year sentenceSorting out the facts in the Terry Childs casehttps://twitter.com/todayininfosec/status/1291377901456232448 Billy Big Balls of the Week (28:34)https://twitter.com/J4vv4D/status/1425381977482539008?s=20My scooter was stolen last week. Unknown to the thief, I hid two Airtags inside it. I was able to use the Apple Find My network and UWB direction finding to recover the scooter today. Here’s how it all went down: - Dan Guido Industry News (38:51)Disney Employees Among Those Arrested in Child Abuse StingNCSC Sticks by 'Three Random Words' Strategy for PasswordsMartial Arts Instructor Accused of Spying on StudentsFraudsters Impersonate DPD in "Convincing" New Smishing ScamHouse of Commons (HoC) Beefs up Cyber Training Following Matt Hancock CCTV Leak ScandalChinese Espionage Group UNC215 Targeted Israeli Government NetworksSalesforce Communities Could Expose Business-Sensitive InformationOver $600 Million Stolen in Biggest Ever Cryptocurrency TheftAccenture Tied Up in $50M Ransom Lockbit 2.0 Attack Tweet of the Week (46:45)https://twitter.com/runasand/status/1423810127451365382?s=20Looks like pornhub is always bending over backwards, doing far more than any other social media platformIn a Huge Policy Shift, Pornhub Bans Unverified Uploads The Box incidental music © Charlie Langford Come on! Like and bloody well subscribe!

This Week in InfoSec (07:40) With content liberated from the “today in infosec” Twitter account30th July 2013: Chelsea Manning (their name was Bradley Manning at the time) was found guilty of espionage, theft, and computer fraud, as well as military infractions.United States v Manninghttps://twitter.com/todayininfosec/status/1421171398656024587 3rd August 2007: Reporter Michelle Madigan (Associate Producer of Dateline NBC) went undercover at DEF CON with a hidden camera to try to get attendees to confess to crimes, was outed by @thedarktangent, and bolted from the venue chased by a pack of 150 people. Dateline Mole Allegedly at DefCon with Hidden CameraAn undercover Dateline NBC reporter flees the Defcon (Video)https://twitter.com/todayininfosec/status/1422682529220472833 Rant of the Week (18:42)UK Politicians are apparently very unlucky with their IT equipment, especially when they need to be investigated. Billy Big Balls of the Week (29:45)Apple snooping on your picshttps://twitter.com/matthew_d_green/status/1423109002280513540?s=20 Industry News (41:04)US Seeks Espionage Retrial for Chinese ResearcherZoom Pays $85m to Settle Privacy SuitUS Senate: Seven out of Eight Agencies Are Failing on CyberSon Charged in Murder of Cybersecurity ‘Genius’MoD Boosts Cyber-Resilience with Ethical Hacker ProjectOver 60 Million Americans Exposed Through Misconfigured DatabaseWeb Shells and Digital Extortion Drive Triple-Digit Growth in Cyber-IntrusionsDecade-Old Router Bug Could Affect Millions of DevicesCybercrime Ransomware 'Ban' is No Match for Threat Actors Tweet of the Week (54:52)https://twitter.com/iamdevloper/status/1423219304435228676?s=21 "The Box" Incidental Music ©Charlie Langford Come on! Like and bloody well subscribe!

This week in Infosec (06:42)With content liberated from the “today in infosec” Twitter account27th July 1979: The first edition of Computer Security was published. It was written by David K. Hsiao, Douglas S. Kerr, and Stuart E. Madnick.And to think, some of you probably are surprised there were computers in 1979, never mind computer security!Computer Security 1st Editionhttps://twitter.com/todayininfosec/status/1420498414874370049 28th July 1997: Tfreak (Dan Moschuk) released his program, smurf, a decision he later regarded as questionable. Exactly one year after he retired smurf in 1997, Tfreak published (papa)smurf.c v5.0, a new hybrid DoS attack based on Smurf and Fraggle. (papa)smurf.c v5.0 - New hybrid DoS attack based on smurf and fraggle Rant of the Week (23:23) https://twitter.com/shanselman/status/1420800992388415491https://www.idtheftcenter.org/google-voice-scam-tries-to-trick-you-while-you-are-selling-items-online/ Billy Big Balls of the Week (32.25)The Tech Support Scams YouTube channel has been erased from existence in a blaze of irony as host and creator Jim Browning fell victim to a tech support scam that convinced him to secure his account – by deleting it.Scamming the scam scammer Industry News (40:40)Apple patches zero-day vulnerability in iOS, iPadOS, macOS under active attackTech biz must tell us about more security breaches, says UK.gov as it ponders lowering report thresholdsICO ends its involvement in dispute between NatWest Bank and data breach whistleblowereBay ex-security boss sent down for 18 months for cyber-stalking, witness tamperingIranian state-backed hackers posed as flirty Scouser called Marcy to target workers in defence and aerospace'Woefully insufficient': Biden administration's assessment of critical infrastructure infosec protectionIsraeli authorities investigate NSO Group over Pegasus spyware abuse claimsUpcoming Android privacy changes include ability to blank advertising ID, and 'safety section' in Play storeSpam is Chipotle's secret ingredient: Marketing email hijacked to dish up malware Tweet of the Week (55:24)https://twitter.com/bryanl/status/1420925333864386562 Come on! Like and bloody well subscribe!

This week in Infosec (08:10)With content liberated from the “today in infosec” twitter account16th July 2001: Russian programmer Dmitry Sklyarov was arrested the day after DEF CON for writing software to decrypt Adobe's e-book format. Charges against him were later dropped and the trial against his employer resulted in not guilty verdicts. United States v. Elcom Ltd.https://twitter.com/todayininfosec/status/1416188118655459329 15th July 2011: Microsoft Hotmail announced that it would be banning very common passwords such as "123456" and "ilovecats".Weak Passwords Banned from Hotmailhttps://twitter.com/todayininfosec/status/1414330928537686021 Rant of the Week (24:29)Majority of Britons convinced their phones and smart speakers are listening without being prompted. Billy Big Balls of the Week (33:48)Accuracy at any cost? Gamer leaks British military secrets to company founded in Russia to prove its tank model is wrong Industry News (43:05)Amnesty International and French media protection org claim massive misuse of NSO spywareUS legal eagles representing Apple, IBM, and more take 5 months to inform clients of ransomware data breachVerified: UK.gov launching plans for yet another digital identity schemeNorthern Train's ticketing system out to lunch as ransomware attack shuts down serversJourno who went to prison for 2 years for breaking US cyber-security law is jailed againSpanish cops cuff Brit bloke accused of playing role in 2020 celeb Twitter hijackingNSO Group 'will no longer be responding to inquiries' about misuse of its softwareChina pushes back against Exchange attack sponsorship claimsThales launches payment card with onboard fingerprint scanner Tweet of the Week (48:26)Tennessee Man Died After He Was 'Swatted' by People Targeting His Twitter Handle https://twitter.com/ThomLangford/status/1416690928354463744Police forces in brazil celebrating a thief's 18th birthday because they can't arrest anyone under 18 Come on! Like and bloody well subscribe!

This week in Infosec (10.28)With content liberated from the “today in infosec” Twitter account14th July 1998: Ethereal was first released publicly as version 0.2.0. Its creator, Gerald Combs, thought it was cool that Bob Metcalfe named Ethernet after luminiferous ether so he picked a name beginning with ether. Since 2006 the network protocol analyzer has been known as Wireshark.https://twitter.com/todayininfosec/status/141538475371334041711th July 2013: In the wake of revelations about the NSA's PRISM program, Jeff Moss (aka The Dark Tangent) asked feds not to attend DEF CON - the first time government employees were asked to stay away.https://twitter.com/todayininfosec/status/1414330928537686021 Billy Big Balls of the Week (17:39)Thousands of PS4s seized in Ukraine in illegal cryptocurrency mining stinghttps://www.zdnet.com/article/thousands-of-ps4s-seized-in-ukraine-in-illegal-cryptocurrency-mining-sting/ Tweet of the Week (27.57)FURY! at ICO doing their job for once.The ICO is robustly investigating the data leak of hidden camera footage of former Health Secretary Matt Hancock breaking his own isolation and distancing rules. https://www.theregister.com/2021/07/15/ico_matt_hancock_raids/https://metro.co.uk/2021/07/15/houses-raided-by-cops-in-hunt-for-matt-hancock-kissing-leaker-14934920/https://apple.news/AqkfgpuvFTd--l-z_bZRRmw Industry News (42.35)Too many workers are still falling victim to phishing attacksRemote workers battle against a massive range of distractionsRansomware groups are looking for new recruits with solid negotiation skillsSolarWinds rolls out another emergency patch as new attack vector emergesAlmost half of companies do not have a proper security policy in placeEmployees in the dark over the importance of new digital technologiesUK businesses are spending big on security, but drowning in false positivesTraditional ransomware defenses are failing businessesAlmost half of businesses reported to ICO since GDPR came into effect Rant of the Week (50:40)Facebook adds 'expert' feature to groupsFacebook is rolling out a way to designate topic "experts" inside user-run Facebook groups.The social network says the new feature is designed to help real experts "stand out" in discussions about their field of expertise.Group admins will have the power to give the title to nearly any member they want. Incidental Music "The Box" © Charlie Langford Come on! Like and bloody well subscribe!

This weeks show is 33% off but the content is still as average as ever!This week in Infosec - 3 mins 11 secsBilly Big Balls - 12 mins 49 secsRant of the week - 20 mins 52 secsIndustry News - 30 mins 56 secsTweet of the week - 38 mins 20 secs THIS WEEK IN INFOSECWith content liberated from the “today in infosec” twitter account4th July 1994: John Markoff's article "Cyberspace's Most Wanted: Hacker Eludes F.B.I. Pursuit" was published by the New York Times. It was about Kevin Mitnick.Cyberspace's Most Wanted: Hacker Eludes F.B.I. Pursuithttps://twitter.com/todayininfosec/status/14118918491329249328th July 2008: Dan Kaminksy gave a press conference announcing a DNS vulnerability he discovered 6 months prior.  RIP, Dan.Fix found for net security flawhttps://twitter.com/todayininfosec/status/1413206908882804739 BILLY BIG BALLSRansomware-hit law firm gets court order asking crooks not to publish the data they stoleCriminals break into your systems, they do the usual, exfiltrate data, deploy ransomware, and leave you nasty messages about how they pwned you while blackmailing you.However, New Square Ltd may have found a way to stop the criminals from capitalising on the data they have stolen by making it illegal for the criminals to release any of the stolen information.  RANT OF THE WEEKThis TikTok Lawsuit Is Highlighting How AI Is Screwing Over Voice ActorsVoice actors are rallying behind Bev Standing, who is alleging that TikTok acquired and replicated her voice using AI without her knowledge.At the center of this reckoning is voice actress Bev Standing, who is suing TikTok after alleging the company used her voice for its text-to-speech feature without compensation or consent. This is not the first case like this; voice actress Susan Bennett discovered that audio she recorded for another company was repurposed to be the voice of Siri after Apple launched the feature in 2011. She was paid for the initial recording session but not for being Siri.Find a job with TikTok Resumes INDUSTRY NEWSREvil Group Demands $70 Million for 'Universal Decryptor'Suspected Cyber-Criminal "Dr Hex" Tracked Down Via Phishing KitBA Settles with Data Breach VictimsOfficial Formula 1 App HackedBiden Administration Cancels $10bn JEDI ContractOver 170 Scam Cryptomining Apps Charge for Non-Existent ServicesRegulator Probes Former Health Secretary's Use of Private EmailTrump Sues Facebook, Google and TwitterNew PrintNightmare Patch Can Be Bypassed, Say Researchers TWEET OF THE WEEKhttps://twitter.com/sherrod_im/status/1412856171652861953https://twitter.com/doctorow/status/1412923242273140736?s=20Full story - Delivery Drivers Are Using Grey Market Apps to Make Their Jobs Suck LessDrivers are there virtually, using GPS-spoofing apps to position themselves right in the center of the McDonald's lot while they physically wait under nearby shelters. Using these unofficial apps, known as tuyul, drivers can set their GPS pins at the optimal location they would like orders from, without having to physically drive there.       And with that we leave you to enjoy the weekend! Come on! Like and bloody well subscribe!

This Week in InfoSec (08:03)With content liberated from the “today in infosec” twitter account30th June 1998: AOL confirmed a leaked spreadsheet containing info of 1,300 AOL community leaders had been stolen from an employee's account.Not around then? AOL was kind of a big deal - it bought Time Warner in 2000 and was worth $200 billion before imploding.https://www.cnet.com/news/aol-volunteer-list-hacked/https://twitter.com/todayininfosec/status/1410396545896177668 Rant of the Week (22:15)via @rootsploitCybersecurity Workers Flood Twitter With Bikini Pics to Protest HarassmentInfosec Community Posts Solidarity Bikini Pics After Twitter Troll OutburstCybersecurity professionals have come together on Twitter to show their support for an infosec worker who was trolled after posting a bikini pic.Coleen Shane, founder and chief engineer for InfoSec Bad Girls and Hacker Spring Camp, was astonished when an anonymous follower reacted angrily to the shot.The user, who follows over 200 infosec-related accounts, argued that there was "no warning" for the image, intimating that "otherwise respectable people" should not be doing such.Coleen's response was widely praised."It's a bikini, and I'm a human being who is a lot more complicated than just Infosec - also I do whatever the hell I want, whenever the hell I want, however the hell I want. Adios," she tweeted.Communications company got their support for the movement (horribly) wrong by creating a calendar of the bikini photos (without consent) for people to downloadTheir apology has gone as well as expected Billy Big Balls of the Week (34:00)Doctor arrested for trying to hire a hitman to kidnap and inject ex-wife with heroin in bizarre bid to win her backRonald Ilg, 55, was arrested in April and is being charged in federal court for hiring a hitman over the internet to abduct his wife and imprison her in a "secure location" for a week, all the while dosing her with heroin.Dr Ilg apparently agreed to pay the would-be kidnapper in Bitcoin. The FBI traced the Bitcoin transaction, which led them to Dr Ilg's Coinbase account. Industry News ( 41:41)World’s Largest E-tailers to be Investigated Over Fake ReviewsUS the Only Top Tier Cyber-powerSensitive Defense Documents Found at Bus StopPentagon CISO Suspected of Sharing SecretsSalvation Army Hit by Ransomware AttackAnalyst Steals Millions by Spoofing DirectorPrintNightmare: Windows Zero-Day Accidentally Disclosed by Chinese ResearchersNew Charges Filed Against Alleged Capital One HackerPutin Orders Twitter to Open Russian Office Tweet of the Week (48:25)Teenagers are figuring out how to fake positive Covid tests using lemon juice and hacks from TikTokhttps://twitter.com/imbadatlife/status/1410526468577411072 Come on! Like and bloody well subscribe!

This week in InfosecWith content liberated from the “today in infosec” Twitter account19th June 1987: The first Summercon hacker conference was held in St. Louis, Missouri and was run by the hacker zine Phrack. It's still going strong - the 33rd edition took place virtually last year with in-person attendance returning to NYC next month.https://www.summercon.org/https://hackstory.net/Summerconhttps://twitter.com/todayininfosec/status/127406578028854886420th June 2011: The earliest attack of Operation AntiSec was performed by LulzSec against the UK's Serious Organised Crime Agency.https://twitter.com/todayininfosec/status/1274498724786397184   Rant of the WeekEthics in Cybersecurity Marketing – Principles of Value ContributionEC-Council was recently discovered to be publishing blogs that were, in the opinion of a lawyer I spoke to, plagiarized from security and technology experts. One such work was my blog, “What is a Business Information Security Officer (BISO)”. What follows is a description of the events and what I believe needs to be done to correct this horrific trend.Alyssa Miller  Duchess of Hackington @AlyssaM_InfoSecSo I really want @ECCouncil to understand the damage they've done (a thread):EC-Council Deflects After Calls of Most Recent Plagiarism Billy Big Balls of the WeekThree things that have vanished: $3.6bn in Bitcoin, a crypto investment biz, and the two brothers who ran it“We got hacked and we'll be right back”, duo said ... two months ago.South African Brothers Vanish, and So Does $3.6 Billion in BitcoinA Cape Town law firm hired by investors says they can’t locate the brothers and has reported the matter to the Hawks, an elite unit of the national police force. It’s also told crypto exchanges across the globe should any attempt be made to convert the digital coins.Two South African brothers have vanished with $3.6 billion of bitcoin in what could be the biggest crypto heist in historyIn the time the story first hit, to the time Forbes published it, the value of the haul had dropped significantly in line with the volatility we expect :)South African Brothers Disappear, Along With $2.2 Billion Worth Of Bitcoin Industry NewsNovel Phishing Attack Abuses Google Drive and DocsGoogle Spices Up Supply Chain Security with SLSA FrameworkNuclear Research Institute Breached by Suspected North Korean HackersFinger Scanning Costs Six Flags $36mSEC Probes SolarWinds Breach Disclosure FailuresNIST Publishes Ransomware GuidanceNuisance Call Company Fined £130,000 After Eight-Month BlitzAnti-virus Pioneer John McAfee Found Dead in Spanish Prison CellGoogle Pushes Back Cookie Removal Plans to 2023 The John McAfee storyWhen Javvad met John McAfeeHow to uninstall McAfee anti-virus in his own words Tweet of the Weekhttps://twitter.com/ShootyDoody/status/1407684922786127873 Come on! Like and bloody well subscribe!

Artist - Carole Theriault This week in InfosecWith content liberated from the “today in infosec” Twitter account (and embellished by us 😉)11th June 2008: Verizon released the first edition of its annual Data Breach Investigations Report (DBIR).Incidents are still a thing.  Data breaches are still a thing.  Some stuff has changed.  Some hasn't.  Time keeps on ticking.  ¯_(ツ)_/¯Verizon Business Releases Trailblazing Data-Breach Study Spanning 500 Forensic InvestigationsAnalysis of the 2021 Verizon Data Breach Report (DBIR)https://twitter.com/todayininfosec/status/1271264648986124289  17th June 2010: The Stuxnet worm was first discovered by Sergey Ulasen at Belarusian antivirus software vendor VirusBlokAda. Announcement: http://anti-virus.by/en/tempo.shtmlInterview with Sergey Ulasen in 2011: The Man Who Found Stuxnet – Sergey Ulasen in the Spotlighthttps://twitter.com/todayininfosec/status/1273501720723648512   Rant of the Week[Carole saves the show by having something prepared (even if it is from the cutting room floor of Smashing Security)]ICO watchdog 'deeply concerned' over live facial recognitionhttps://www.bbc.co.uk/news/technology-57504717 Billy Big Balls of the WeekDoctors and Scientists Are Fighting Vaccine Misinformation on TikTokThe experts of the Team Halo initiative have taken to social media in order to combat falsehoods about COVID-19 and promote accurate vaccine science. Industry NewsVW Vendor Leaves Data UnsecuredIKEA Fined $1.2m for Spying on EmployeesThird of Staff Use Security Workarounds at HomeIoT Supply Chain Bug Hits Millions of CamerasMost Ransomware Victims Are Hit Again After PayingFootball Fever Puts Password Security at RiskHackers Can Spy on Peloton WorkoutsA Billion CVS Records ExposedPuzzling New Malware Blocks Access to Piracy Sites Sticky Pickle of the WeekA Neighbourly Pickle Tweet of the Weekhttps://twitter.com/InfosecMiles/status/1405194858965475328 Come on! Like and bloody well subscribe!