The Host Unknown Podcast

April 1st!https://www.facebook.com/burgerking/posts/4438200159526619https://twitter.com/VW/status/1376868756782219266https://www.animationmagazine.net/tv/the-cats-out-of-the-bag-cn-rebrands-as-cat-toon-network/  This week in InfosecLiberated from the “today in infosec” twitter account:27th March 1979: 33-year-old computer consultant Stanley Mark Rifkin was sentenced to 8 years in prison for stealing $10.2 million from a bank via computer. Federal District Judge Matthew‐Byrne Jr., rejecting an appeal from Mr. Rifkin that he be placed on probation.https://twitter.com/todayininfosec/status/1243427187165814785https://www.social-engineer.org/wiki/archives/Hackers/hackers-Mark-Rifkin-Social-Engineer-furtherInfo.htmRant of the WeekWhistleblower: Ubiquiti Breach "Catastrophic"https://krebsonsecurity.com/2021/03/whistleblower-ubiquiti-breach-catastrophic/https://community.ui.com/questions/Update-to-January-2021-Account-Notification/3813e6f4-b023-4d62-9e10-1035dc51ad2e Billy Big BallsThoughts on Selling to Security LeadersJason Chan - VP Security NetflixIf I ask to not be contacted by your company, ensure that fulfilling my request covers all channels (phone, LinkedIn, email, snail mail, etc.) and extends to your colleagues.Don’t sell based on FUD (Fear, Uncertainty, and Doubt). Security is a tough field to work in, and bad things happen. I don’t need scare tactics from sales folks.It’s fine to follow up to an unanswered message - once. And give it at least a week between messages. If someone doesn’t respond after the second reachout, it’s likely they are not interested. I’d not have time to do my job if I replied or unsubscribed to every reach out I receive.Don’t assume you understand the problems I’m facing or that you know what should be at the top of my priority list. Every organization has a different threat model, culture, and risk tolerance.If you’re selling something, don’t ask to “pick my brain” or for “feedback on your approach.”DO NOT CALL ME ON THE PHONE. There is no situation where I'm looking to have this conversation. Email or LinkedIn is fine.If you’re working with someone on my team, don’t escalate to me if things don’t go your way. I trust my team to make good decisions.Your solution or product doesn’t solve every security problem. That’s okay, I don’t expect it to. Just be clear about the value you believe your solution brings.Your solution won’t save me from the next [INSERT BREACH/EXPLOIT/VULNERABILITY] here. Don’t say it will. Perhaps it’s additive or helpful, but operating a security program successfully is complex and involves people and technology working together. Again, just be clear about your product’s value.Don’t offer me a gift card, gift, or cash in exchange for a meeting. Just no.Keep your word, and follow up on time if and when asked. I appreciate folks who meet their commitments and respect my time.If I’m a customer, think long term partnership vs. transactional sale. There is a lot of overhead to switching vendors and I appreciate folks that I can build a long term, mutually beneficial relationship with. Industry NewsFBI Issues Mamba AlertBurned Out Employees Put Corporate Security at RiskAussie TV Network Taken Off Air by RansomwareGerman MPs Hit by Russian-Backed Phishing AttacksCyberbullying Linked to Social Media AddictionUK Cyber Security Council Officially Launches as Independent BodyCISA and RH-ISAC to Run Cybersecurity DrillThree-Quarters of Legal Breaches Caused by InsidersMost Global Chip Companies Show Signs of Compromise Tweet of the Weekhttps://twitter.com/0x26d/status/1377415060759269377 Come on! Like and bloody well subscribe!

The Biggest Loser, Week 0Andy is running a book if you are interested in a little flutter on who will be the healthiest in the next six months.Jav issues an apology to our listeners for misinformation and to Andy for correcting him when he stated the opposite had occurred: https://mashable.com/article/joe-biden-green-screen-conspiracy-debunked/?europe=trueEvil Knievel:https://twitter.com/little_birdy__/status/1373722427126116352?s=21Andy *Bathes in the glory of a heartfelt apology from Jav* Jav spoke at Infosecurity Conference and Thom spoke at The SASIGhttps://www.infosecurity-magazine.com/news/imos21-overcoming-defenders-dilemma/Thom mentions  the Nextdoor supplemental episode released midweek and how we could have saved many more people from the Royal Mail text scam had we not run out of time: https://www.standard.co.uk/business/royal-mail-text-scam-victim-banking-security-checks-b925810.html This week in Infosec(Liberated from the “today in infosec” twitter account):25th March 2010: Albert Gonzalez was sentenced to 20 years in prison for stealing credit card data from TJX and other companies. He is currently serving his sentence at FMC Lexington, a Kentucky facility for inmates requiring medical or mental health attention.https://www.independent.co.uk/life-style/gadgets-and-tech/news/albert-gonzalez-200-million-damage-hacker-sentenced-1928313.htmlhttps://twitter.com/todayininfosec/status/124304097074195661021st March 2021: Announcement from Attrition that on March 20, 2021, an argument was made to open their mirror back up to everyone.“While we had provided access to the mirror for a couple dozen people over the last ten years, we think it may be beneficial to be public. Some defacers from back then want a trip down nostalgia lane. We still have reporters doing in-depth research on various topics that request access to dig up historical citations. It stands to reason more might be interested in revisiting the 'good old days' and the content that would lead us to over one million hits a few days. With that, the doors are open again. We hope you enjoy”.https://attrition.org/news/content/21-03-21.001.html Rant of the WeekDaniel Kelley, Associate Director, Center for Technology and Society at Anti-Defamation LeagueToday we're releasing our annual nationally representative survey of hate and harassment on social media.In a year where tech companies made bold statements about their efforts to address hate on their platforms, Americans' experience of harassment remained constant.41% of Americans experienced harassment online according to this year's survey, with 27% experiencing severe harassment, which includes stalking, sustained harassment, physical threats, sexual harassment, doxing and swatting.Overwhelmingly, the platform where Americans experience harassment was Facebook- 75% of Americans who were harassed reported being harassed on Facebook with the next highest being Twitter at 24%https://www.adl.org/online-hate-2021https://www.linkedin.com/posts/activity-6780520538549882880-ZmYD/ Billy Big Balls of the WeekStory of Helen Bevan, Chief Transformation Officer at the NHS, had her two Twitter accounts, with nearly 140,000 followers, stolen by hackers and used to promote fake PlayStation 5 sales.She now has the accounts back but has received dozens of messages from people who fell for the scam.Ms Bevan also paid money to someone who said they could help - but they turned out to be a scammer too.She said she wanted to highlight the importance of extra security measures.NHS Horizons chief transformation officer Ms Bevan mistakenly thought she had activated two-factor authentication (2FA), which requires account-holders to use two methods to log in, the second often involving a code sent by text or email.https://www.bbc.co.uk/news/technology-56456002https://twitter.com/HelenBevanTweet/status/1372955366212898816  She’s got an easy out if she doesn’t want to upset this guy: Industry NewsRussian Man Pleads Guilty in Tesla Extortion PlotUK Govt Department Loses 306 Mobiles and Laptops in Two YearsDelhi Police Bust Call Center ScammersFired IT Contractor Jailed for Retaliatory Cyber-AttackUK Govt Department Loses 306 Mobiles and Laptops in Two YearsFirms Urged to Patch as Attackers Exploit Critical F5 BugsDrug Maker to Pay $50m for Destroying DataFatFace Faces Customer Anger After Controversial Breach ResponseHalf of UK Firms Suffer Cyber-Skills Gaps Javvad’s Weekly StoriesJav interviewed by PureVPN Tweet of the Weekhttps://twitter.com/ParikPatelCFA/status/1375096656933306369https://www.wired.co.uk/article/suez-canal-ship-stuck-ever-given Come on! Like and bloody well subscribe!

Jav, Andy and Thom chat about the delights of the Nextdoor app. For our international listeners, just head to https://nextdoor.co.uk/ to find out about the uniquely Britishness of complaining about your neighbours on a public forum in a passive aggressive way without actually openly complaining about them. And it is all OK because it is on an App.In their own words:"It's where communities come together to greet newcomers, exchange recommendations, and read the latest local news. Where neighbours support local businesses and get updates from public services. Where neighbours borrow tools and sell sofas. It's how to get the most out of everything nearby. Welcome, neighbour."You're welcome. Come on! Like and bloody well subscribe!

Our regular know our regular features, so here is our regular update for our regular features for our regular listeners.This week in InfosecTweet of the WeekBilly Big BallsRant of the weekIndustry NewsThere is no Little People, there has never been a Little PeopleWill we have a Sticky Pickle of the Week?  This Week in InfoSec(Liberated from the “today in infosec” twitter account):6th March 1995: The SATAN (Security Administrator Tool for Analyzing Networks) security tool was released by Dan Farmer and Wietse Venema. The release stirred huge debate about security auditing tools being given to the public.Fun fact: @neilhimself drew the tool's documentation artwork. https://www.latimes.com/archives/la-xpm-1995-03-01-fi-37458-story.htmlhttps://twitter.com/todayininfosec/status/1240452423778308097 Rant of the WeekCatalin Cimpanu:Check Point says it is seeing a doubling in ProxyLogon exploitation attempts every few hours.Please, red teamers, explain it to us like we're 5 how releasing PoCs for highly-dangerous bugs too early doesn't help threat actorsWe're listening!Dave Kennedy:Blaming red teamers is already an inaccurate statement as it's typically security researchers who publish these.It was already actively exploited with hundreds of thousands of already compromised systems with little to no direction from Microsoft.Yet offsec is to blame?https://twitter.com/HackingDave/status/1370424240801996809?s=20 Billy Big BallsTIKTOK INTRODUCES NEW ‘KINDNESS’ FEATURES AS IT URGES PEOPLE TO BE NICER TO EACH OTHERTikTok has introduced new features in an attempt to make its users be “kinder” to each other.They include a new prompt that will attempt to spot cruel comments and advise people to reconsider their posts before they are sent.Video creators will also be able to filter comments – removing any comments at all, unless the owner of the video approves them.That feature is called “filter all comments” and TikTok said it was an extension of existing tools that look out for “spam and offensive comments” so they can be filtered out, as well as a feature that allows for the hiding of specific keywords.https://www.independent.co.uk/life-style/gadgets-and-tech/tiktok-update-new-feature-kind-comment-b1815148.html[That was this week's BILLY BIG BALLS]Our source on probation over at the Infosec PA newswire has been very busy bringing us the latest and greatest security news from around the globe!  Industry NewsEncrypted Comms Firm Denies Police Cracked User MessagesEncrypted Comms CEO Indicted in Drug Trafficking ConspiracyExchange Exploit Attempts Surge Sixfold as Ransomware LandsOVH Data Center Fire Impacts Cyber-criminalsUK Nurseries Get First Official Cyber-Attack WarningTwitter Updates 2FA to Enable Use of Multiple Security KeysDropbox to Make Password Manager Feature Free for All UsersSecurity Consultant Indicted on Cyberstalking ChargesMom Charged in Deepfake Cheerleading Plot Javvad’s Weekly Storieshttps://mashable.com/article/joe-biden-green-screen-conspiracy-debunked/?europe=truehttps://futurism.com/the-byte/deepfake-elon-musk-zoom-meetings Tweet of the Weekhttps://www.nytimes.com/2021/03/18/business/hacking-cars-cybersecurity.htmlhttps://twitter.com/WeldPond/status/1372530409536380931 Sticky Pickle of the WeekTheree is no Sticky Pickle of the Week Come on! Like and bloody well subscribe!

 This week in Infosec(Liberated from the “today in infosec” twitter account):6th March 1992: For the second year in a row the Michelangelo virus activated on this date. However, the lead up to March 6th, 1992 was the first instance of mass hysteria about a virus, though the hysteria was overblown. https://en.wikipedia.org/wiki/Michelangelo_(computer_virus)https://nakedsecurity.sophos.com/2012/03/05/michelangelo-virus/https://twitter.com/todayininfosec/status/1368258690143371264https://nakedsecurity.sophos.com/2010/04/08/fame-bbc-newsround/5th March 2003: A Sendmail remote buffer overflow vulnerability was made public. Discovered by ISS 2 months prior, exploit code was published within 24 hours.https://www.techrepublic.com/article/watch-out-for-critical-buffer-overflow-vulnerability-in-sendmail/https://twitter.com/todayininfosec/status/1235425049923862529 Rant of the WeekNike’s Resell Scandal and VP Ann Hebert’s Resignation, Explainedhttps://www.complex.com/sneakers/nike-ann-hebert-son-sneaker-resale-scandal-explained/how-was-joe-hebert-getting-shoes19-year-old entrepreneur from Portland, Oregon. Known as “West Coast Joe” and runs the @west.coast.streetwear account on Instagram, along with its affiliates.Starting his business in high school, Joe begins selling limited-edition drops, “Deadstock”, and establishes Discord channels to share his unique knowledge of Nike sale schedules, sale locations, and more. His success caught the eye of Joshua Hunt, who sought to write a piece for Bloomberg.Fame and fortune got to Joe’s head when he sends through an American Express statement to demonstrate the company’s revenue. The name on the card? It wasn’t Joe. It was Ann Hebert, VP and GM of Nike’s North American market. Joe's mom. Hunt reaches out to Joe to discuss the relationship. Joe begs Hunt to not disclose this information in the article and ceases communication with Bloomberg entirely. Ann Hebert resigns just days after the publication of Hunt’s article outlining the story.  Billy Big Balls of the WeekSTURGIS, Mich. – A virtual preliminary examination in Michigan was interrupted last week after the defendant was found to be at the same home as an alleged victim of assault while the hearing took place.Coby James Harris, 21, had gone before St. Joseph County District Court on March 2, accused of assault with intent to commit bodily harm less than murder, stemming from an incident Feb. 9 in Sturgis, Michigan.About seven minutes into the proceeding, Deborah Davis, assistant to the prosecuting attorney and representing Lindsey, said she believed Lindsey and Harris were in close proximity during the livestream, based on Lindsey’s answers and body language.“Your Honor … I have reason to believe that the defendant is in the same apartment as the complaining witness right now, and I am extremely scared for her safety,” Davis said. “The fact that she’s looking off to the side and he’s moving around, I want some confirmation that she is safe before we continue."Middleton asked Lindsey where she was at that moment.“Um, I’m at a house,” Lindsey said, with hesitation, giving a Hatch Street address in Sturgis.Middleton then asked Harris to divulge the address where he was. Harris gave a house number on East Lafayette Street.Middleton told Harris to go outside with his cell-phone and take a photograph of the house number. Harris declined, saying he was limited by low phone battery and that his device was connected to a charger.A few moments later, Davis said the police were at the door of Lindsey’s confirmed location to check on her. Lindsey was instructed to go to the door to speak to police.“We may need to adjourn this, your Honor,” Davis said to Middleton.Lindsey's connection to the court proceeding went offline after it showed her speaking to police outside the home. Moments later, Lindsey’s livestream came back online, showing Harris inside on Lindsey's phone and in the custody of police. Davis briefly “face-palmed” upon the reveal that Harris was at the same location as Lindsey.https://eu.sturgisjournal.com/story/news/crime/2021/03/05/court-hearing-postponed-after-accused-found-same-house-witness/4587600001/(start at 06:30.) Rollerblading Karachi cops https://youtu.be/Q0jED85uwbw Our source on probation over at the Infosec PA newswire has been very busy bringing us the latest and greatest security news from around the globe! Industry newsSITA Supply Chain Breach Hits Multiple AirlinesDocker Hub and Bitbucket Resources Hijacked for Crypto-MiningMcAfee Faces Decades Behind Bars After Fraud IndictmentNCSC: Don’t Fall for Mother’s Day Scams This WeekMicrosoft Expands Coverage of Exchange Server PatchesMost Threat Analysts Banned from Sharing Intel with PeersThird of Office Workers Warned After Sharing Data Via Unofficial AppsSuperstar K-Pop Band’s TikTok HackedSchool Boss Resigns After Porn Found on Computer Javvad’s Weekly StoriesIndustry Leaders Javvad Malik and Wendy Nather to Headline Infosecurity Magazine Online Summit - industry pioneers Javvad Malik, security awareness advocate at KnowBe4, and Wendy Nather, head of advisory CISOs at Duo Security (Cisco), will be headlining the upcoming Infosecurity Magazine Online Summit, taking place on March 23 and 24. Tweet of the WeekDr Jen Golbeck reminding us how creepy Facebook and other advertisers (but mostly Facebook) are:Accelerometer Vibrations to Speech — How your phone’s accelerometer can snoop on your calls (popular press)La Liga Soccer App Spying Scandal — Without telling users, Spain’s soccer app used GPS and microphone access to fine bars who hadn’t paid licensing feesSonitor’s Lyra system uses your phone’s microphone to track your position — an example of the ultrasonic beacons mentioned in one of my videosLocation tracking through WiFi signals — Your location can be tracked even if you turn off location servicesFacebook Shadow Profiles — Even if you haven’t set up a Facebook account, the company likely maintains a “shadow profile” of you.Target Knows You’re Pregnant before you tell anyone else — here’s howhttps://www.tiktok.com/@jengolbeck? https://gizmodo.com/facebook-knows-how-to-track-you-using-the-dust-on-your-1821030620https://twitter.com/jengolbeck/status/1368991334309257216?s=20 Come on! Like and bloody well subscribe!

This week in InfosecLiberated from the “today in infosec” twitter account:2nd March 2002: Zone-H was launched in Estonia and began saving and publishing copies of defaced websites 7 days later. http://www.zone-h.org/news/id/4742?hz=2https://twitter.com/todayininfosec/status/12344923508330086402nd March 2010: Gregory  D. Evans' book "How To Become The World's No. 1 Hacker" was published. The book was heavily plagiarized and not held in high regard. Evans was quite controversial...to say the least. And got a lot of attention for a couple of years. Google him if you wish.https://twitter.com/todayininfosec/status/1234320212117221376https://attrition.org/errata/charlatan/gregory_evans/ https://blog.c22.cc/2010/06/17/threats/comment-page-2/ Rant of the Week (not covered)A warning went up on the perl.org infrastructure weblog late in January notifying users that perl.com now directed to a parking site and advised against visiting "as there are some signals that it may be related to sites that have distributed malware in the past."The site later returned an ERR_CONNECTION_CLOSED error message.The hijack appears to have followed the age-old path of an attacker pouncing on a compromised account and swiping the domain rather than a simple expiration.A good read out of what happened from Perl’s point of view as well as their Incident Response processes (link at the bottom).We had learned very quickly that when you use the registered domain for your email contact, no one can contact you when that domain no longer handles your mail. What we think happenedThis part veers into some speculation, and Perl.com wasn’t the only victim. We think that there was a social engineering attack on Network Solutions, including phony documents and so on. There’s no reason for Network Solutions to reveal anything to me (again, I’m not the injured party), but I did talk to other domain owners involved and this is the basic scheme they reported.John Berryhill provided some forensic work in Twitter that showed the compromise actually happened in September. The domain was transferred to the BizCN registrar in December, but the nameservers were not changed. The domain was transferred again in January to another registrar, Key Systems, GmbH. This latency period avoids immediate detection, and bouncing the domain through a couple registrars makes the recovery much harder.RANT: Domain was hijacked, old methods, there are no new hacks!https://www.perl.com/article/the-hijacking-of-perl-com/ Billy Big BallsAOL phishing email states your account will be closedhttps://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/https://mashable.com/2014/08/21/aol-disc-marketing-jan-brandt/?europe=true Industry NewsOur source on probation over at the Infosec PA newswire has been very busy bringing us the latest and greatest security news from around the globe!  TikTok Set for Massive $92m Payout Over Privacy SuitFacebook Photo-tagging Lawsuit Settled for $650mGo Malware Detections Increase 2000%Quarter of Healthcare Apps Contain High Severity BugsMicrosoft Patches Four Zero-Day Exchange Server BugsPassword Reuse at 60% as 1.5 Billion Combos Discovered OnlineRansomware Attacks Soared 150% in 2020Canadian Cyber-Agency Workers Threaten StrikeMissing Teens Used School Laptops to Chat with Alleged Abductors Javvad’s Weekly StoriesJav has the COVID Jab Tweet of the WeekMalwareAndPickles @malwrandpicklesIt's probably nothing.Marc J @DrGeekthumbThe server room had no lock.Andy Cooke แอนดี้ คุกส์ @cooke_andyOK, 3389 open to the internet.MrR3b00t | it's safe just don't go outside @UK_Daniel_Cardi wiped the right drive right?Christopher J. Marcinko @christoperjI’m compliant so I’m definitely secureDavid Downs @drdownsWe have a strong password policySimon @cigh033"sorry, your password is too long"Josh Centers @jcentersRudy Giuliani, professional cyber security expertwim letzer @wimletzerThat does not happen to me.David Robert Newman @davidnewman“I wrote my own crypto libraries”Jeroen Jetten @TheTallestJJWe’re too small to be attackedJames Kelley @kelleyllcClient required SolarWinds for security reasons.dao ming si @dms1899Our security policy protects against abuse.Moreno Daltin @morenjiWe have always done this wayPaul Stephenson @tupelofortitudeWife found my credit card statementhttps://twitter.com/Sophos/status/1367082335997427720 The Little PeopleThere will no longer be a Little People segment for the foreseeable future. Sticky Pickle of the WeekImagine you are the CEO of an American based, billion dollar global company.  You hit a SNAFU and are called to testify before congress about what happened.  Obviously the members of congress will want to know in layman's terms how your IT infrastructure was left so unprotected that it was used to deliver malware to several branches of the federal government as well as a series of high-profile private sector targets?What might be your go-to responses?Correct answer: Blame the internAccording to Thompson and current SolarWinds CEO Sudhakar Ramakrishna, an intern who worked at the company posted the “solarwinds123” password on GitHub back in 2017. Security researcher Vinoth Kumar later discovered that the password had been posted publicly since at least June 2018 and informed the company of the leak in 2019, at which point, according to Ramakrishna, it was removed from GitHub.Needless to say, that explanation still leaves a lot of questions unanswered. For instance, was the intern actually responsible for setting the “solarwinds123” password? And, if so, why on earth had the company delegated responsibility for setting such an important password to an intern? Was the password actually changed when the leak was discovered in 2019 or was it just removed from GitHub? And why was there no multifactor authentication protecting that server if it could be used to transfer files onto company servers?It’s a tempting narrative—as the stories about how a massive, complicated breach is the fault of a single actor often are—in which some clueless college student shows up for a summer and sets a dumb password and then carelessly leaves it up in some publicly accessible code on GitHub. Above all, it’s a story that’s easy to understand, especially for members of Congress. For instance, California Rep. Katie Porter pointed out at the hearing, “I’ve got a stronger password than ‘solarwinds123’ to stop my kids from watching too much YouTube on their iPad.”https://slate.com/technology/2021/03/solarwinds-hack-cyber-espionage-intern-password.html Come on! Like and bloody well subscribe!

This week in InfosecLiberated from the “today in infosec” twitter account:25th February 1989: Knight Lightning published an Enhanced 911 technical doc (it had been stolen from a BellSouth computer) to Phrack under the pseudonym "The Eavesdropper".http://phrack.org/issues/24/5.html#articlehttps://en.wikipedia.org/wiki/United_States_v._RiggsOn This Day: Feb. 25, 2005, authorities arrested Dennis Rader, a municipal employee and church leader, for the so-called BTK (blind, torture, kill) serial killings that terrorized Wichita, Kan. Rader was convicted and sentenced to 10 consecutive life terms.Between 1974 and 1991, he murdered at least 10 people in Wichita, Kansas. He apparently got away with it for over a decade.In 2004 an article was published suggesting that nobody remembered him.Desperate for notoriety, he began to write to the police and media gloating and showboating.In 2005 he sent a floppy disk with some bragging. When police examined the disk, they found metadata of an old word document on it which revealed the name of the Church where he worked and his surname.https://www.abajournal.com/magazine/article/how_the_cops_caught_btk Bill Big Balls of the WeekI use an email tracker to spy on people I work with. This is whyhttps://www.independent.co.uk/life-style/email-trackers-how-to-work-b1806723.html Rant of the WeekApple has long held its position on iCloud backups. It has focused on usability rather than total security. If a user changes iPhone and wants all their old iMessages, the easiest way to retrieve them is by getting Apple to store and send them from the iCloud to the new device. It’s the same for other messaging apps like WhatsApp, which offers backups.But Apple has reportedly considered making iClouds much more difficult for police to access. A Reuters report last year suggested that Apple did have plans to fully encrypt iCloud accounts too, so only users had the key, but backed down. Though the report claimed the decision was made after the FBI asked for iClouds to remain accessible, Reuters found no evidence of Apple’s motivation for ditching the plans.https://www.forbes.com/sites/thomasbrewster/2021/02/15/when-imessages-arent-private-government-raids-apple-icloud-in-a-dark-web-drug-investigation/ Industry NewsInternet Registry RIPE NCC Warns of Credential Stuffing AttackConcern as Attacker “Breakout” Time Halves in 2020US Retailer Kroger Admits Accellion BreachAircraft-Maker Bombardier Breached by Accellion FTA HackersLegal Firm Leaks 15,000 Cases Via the CloudKia Denies Ransomware AttackAston Martin Partners with SentinelOneCrowdStrike Slams Microsoft Over SolarWinds HackEducational Adaptation Required to Close the Cyber-Skills Gap Javvad’s Weekly Stories6000 vmware vcentre devices vulnerable to remote attacksIs Clubhouse safe, and should CISOs stop its use?Google Alerts used to launch fake Adobe Flash Player updaterHackers are using Google Alerts to help spread malwareJavvad wins 2021 Cybersecurity Professional Awards – Winners Tweet of the Week (not aired)https://twitter.com/HackingDave/status/1364945642599182344?s=20 The Little PeopleYousef Syed and security architects Come on! Like and bloody well subscribe!

This week in InfosecNot liberated from the “today in infosec” twitter account:12th February 2009: 2009: Microsoft announced a $250,000 reward for info resulting in the arrest and conviction of those responsible for the Conficker worm. As of 2018, Microsoft's offer was still open.https://web.archive.org/web/20120418094401/http://www.microsoft.com/en-us/news/press/2009/feb09/02-12confickerpr.aspxhttps://www.dailymail.co.uk/sciencetech/article-6058565/Microsoft-offering-hackers-250-000-bounty-remove-Conficker-malware.htmlhttps://twitter.com/todayininfosec/status/1227775375565918208 Billy Big BallsAfter the failure of the Facebook Phone, get ready for a Facebook Watchhttps://arstechnica.com/gadgets/2021/02/after-the-failure-of-the-facebook-phone-get-ready-for-a-facebook-watch/ Rant of the WeekPassword manager LastPass is making its free accounts effectively useless by limiting account holders to one type of device, leaving millions of users stranded.https://www.forbes.com/sites/barrycollins/2021/02/17/lastpass-breaks-free-accounts-where-to-store-your-passwords-now/?ss=cybersecurityJohn Deere being dicks:https://www.bloomberg.com/news/features/2020-03-05/farmers-fight-john-deere-over-who-gets-to-fix-an-800-000-tractor Industry NewsNearly Two-Thirds of CVEs Are Low ComplexityPolice Reportedly Arrest Egregor Ransomware MembersYandex Insider Breach Hits Nearly 5000 InboxesDuo Charged with Multimillion-Dollar Dark Web Drugs SchemeMicrosoft: 1000+ Hackers Worked on SolarWinds CampaignCentreon: Sandworm Attacks Targeted Legacy Open Source ProductNHS Phishing Scam Promises #COVID19 VaccineSingtel Breach Hits 129,000 CustomersTwo More Lazarus Group Members Indicted for North Korean Attacks Javvad’s Weekly Stories Tweet of the Weekhttps://twitter.com/torriangray/status/1361778280521605122 Come on! Like and bloody well subscribe!

10 minutes before rolling, our show notes were empty. This is what you get when you are dealing with professionals.This week in InfosecTweet of the WeekBilly Big BallsRant of the weekIndustry NewsSticky Pickle of the Week This week in Infosec(Liberated from the “today in infosec” twitter account):11th February: 1956: 'Cambridge spies' surface in MoscowTwo British diplomats who vanished in mysterious circumstances five years ago have reappeared in the Soviet Union.Guy Burgess and Donald Maclean handed a statement to four representatives from the press in a hotel room overlooking Moscow's Red Square.In their 1,000-word statement the former diplomats denied ever having been Soviet agents.They said they had come to the USSR to "work for the aim of better understanding between the Soviet Union and the West".http://news.bbc.co.uk/onthisday/hi/dates/stories/february/11/newsid_2721000/2721413.stmAgent Garbo: https://www.mi5.gov.uk/agent-garbo Billy Big Ballshttps://www.theguardian.com/business/2021/feb/12/kpmg-bill-michael-resigns-after-telling-staff-to-stop-moaningKPMG’s UK chairman, Bill Michael, has resigned after telling staff to “stop moaning” during a virtual meeting about the coronavirus pandemic and the impact of lockdown on people’s lives.Michael, who has headed the company since 2017, was speaking at a virtual town hall meeting on Monday with members of the firm’s financial services consulting team when he made the comments.The 52-year old Australian, who also said that staff should stop “playing the victim card” and described the concept of unconscious bias as being “complete and utter crap for years”, apologised and said on Friday the scandal over his comments had made his position at the accounting giant “untenable”.“I love the firm and I am truly sorry that my words have caused hurt among my colleagues and for the impact the events of this week have had on them,” Michael said. “In light of that, I regard my position as untenable and so I have decided to leave the firm. It has been a privilege to have acted as chair of KPMG. I feel hugely proud of all our people and the things they have achieved, particularly during these very challenging times.”KPMG, which said that it will undertake a “leadership election” to replace Michael in due course, has appointed senior elected board member Bina Mehta as acting UK chair.“Bill has made a huge contribution to our firm over the last 30 years, especially over the last three years as chairman, and we wish him all the best for the future,” said Mehta. Rant of the WeekFlorida county sheriff Bob Gualtieri held a remarkably clear-headed and fact-filled news conference about an attempt to poison the water supply of Oldsmar, a town of around 15,000 not far from Tampa.Gualtieri told the media that someone (they don’t know who yet) remotely accessed a computer for the city’s water treatment system (using Teamviewer) and briefly increased the amount of sodium hydroxide (a.k.a. lye used to control acidity in the water) to 100 times the normal level.“The city’s water supply was not affected,” The Tampa Bay Times reported. “A supervisor working remotely saw the concentration being changed on his computer screen and immediately reverted it, Gualtieri said. City officials on Monday emphasized that several other safeguards are in place to prevent contaminated water from entering the water supply and said they’ve disabled the remote-access system used in the attack.”https://krebsonsecurity.com/2021/02/whats-most-interesting-about-the-florida-water-system-hack-that-we-heard-about-it-at-all/ Industry NewsEuropol Breaks $14m Card Fraud RingCyber-Attacker Tries to Remotely Poison Florida CityExperts Warn of “Beg Bounty” Extortion AttemptsNew Council Will Drive UK’s Cyber-Training and StandardsScammers Selling Fake #COVID19 Vaccination Cards for Just $20Credential Theft Attacks Doubled Between 2016 and 2020UK Cops Arrest Eight in US Celeb SIM Swap CaseUN Links North Korea to $281m Crypto Exchange HeistPolitical Bias and Impulsive Behavior Open Door to Misinformation Javvad’s Weekly Stories Tweet of the Weekhttps://www.theregister.com/2021/02/11/facebook_phishing_domains/https://www.zdnet.com/article/proofpoint-sues-facebook-to-get-permission-to-use-lookalike-domains-for-phishing-tests/https://twitter.com/campuscodi/status/1359708438859776002?s=20 Sticky Pickle of the WeekYou’re the head of a trio - have been wrongfully accused of having an over-inflated ego. And you get this amazing interview and coverage in the largest magazine in the UK.How do you bring it up without reinforcing their image of you having a large ego, and being insecure of your greatness. https://edition.pagesuite-professional.co.uk/html5/reader/production/default.aspx?pubname=&edid=f73de865-57f0-49d7-9a61-318ea24773c7 Come on! Like and bloody well subscribe!

Nobody will look at Javvad in the eye again without seeing that image. It could be worse, you could have seen it live like Andy and Thom had to.This week in InfoSec(Liberated from the “today in infosec” twitter account):3rd February 2007: A former Coca-Cola secretary to a executive was convicted after stealing documents and unlaunched product samples, then conspiring with coworkers to sell them to Pepsi, which warned Coca-Cola.https://www.thestar.com/business/2007/02/03/former_coke_secretary_convicted_in_spy_case.htmlhttps://edition.cnn.com/2007/LAW/05/23/coca.cola.sentencing/https://twitter.com/todayininfosec/status/12245225616539197441st February 1952:A new method for tracking down users of unlicensed television sets was unveiled in the UK.http://news.bbc.co.uk/onthisday/hi/dates/stories/february/1/newsid_2521000/2521357.stm5th February 1953: Sweet rationing ends in BritainChildren all over Britain have been emptying out their piggy-banks and heading straight for the nearest sweet-shop as the first unrationed sweets went on sale today.Toffee apples were the biggest sellers, with sticks of nougat and liquorice strips also disappearing fast.http://news.bbc.co.uk/onthisday/hi/dates/stories/february/5/newsid_2737000/2737731.stm Rant of the WeekThe Biggest Threat to Facebook Isn’t Apple, It’s Mark ZuckerbergDuring Facebook's earnings call, the company's founder and CEO, Mark Zuckerberg, made a point of talking about the risk Apple's upcoming iOS 14 changes pose to Facebook's business. Those changes will require apps to ask permission before they are able to track users across apps and the internet. For Facebook, a company whose entire business model is built on the ability to track users, collect their data, and then sell targeted ads based on all of that information, losing the ability to track users could be a real problem. The thing is, Apple isn't stopping any app from tracking any user. It's only requiring that apps ask permission first. The real problem is that now everyone will be given a choice about whether to let Facebook track them, and the company logically assumes that most people will opt out. Suddenly people will be confronted with the reality that Facebook isn't free at all--it's just that most people weren't aware of the cost.https://www.inc.com/jason-aten/mark-zuckerberg-is-worried-apples-privacy-changes-could-be-end-of-facebook.html Tweet of the Weekhttps://twitter.com/TatianaDior/status/1357178566413287426Almost ran: https://twitter.com/fs0c131y/status/1356291273255227392?s=20 Industry NewsApprenticeships Could Solve Cyber-Skills Crisis, Say ExpertsGlobal Government Outsourcer Serco Hit by RansomwareTrickbot Trojan Back from the Dead in New CampaignMan Charged in $11m Crypto Scheme that Featured Steven SeagalSocial Media Oversharing Exposes 80% of Office WorkersData on Thousands of Foxtons Customers Posted OnlineOver Three Million US Drivers Exposed in Data BreachUS Shipping Giant Loses $7.5m in Ransomware AttackThree More Vulnerabilities Found in SolarWinds Products Javvad’s Weekly StoriesFoxtons rejects claims of slow reaction to data leakSMS Bandits owner arrested for carrying out large-scale phishing scamsRansomware attack disrupts UKRI services and web assets Billy Big BallsRansomware: A company paid millions to get their data back, but forgot to do one thing.A cautionary tale shows how organisations that fall foul of ransomware should concentrate on finding how it happened before anything else A company that fell victim to a ransomware attack and paid cyber criminals millions for the decryption key to restore their network fell victim to the exact same ransomware gang under two weeks later after failing to examine why the attack was able to happen in the first place.https://www.zdnet.com/article/ransomware-this-is-the-first-thing-you-should-think-about-if-you-fall-victim-to-an-attack/ The Little PeopleWant to star in The Little People? Have an opinion you want to share, but don't have the social media clout to be heard?  Send us a 30-60 second voice recording and we might even play it on the show. theveryfinechaps@hostunknown.tv Come on! Like and bloody well subscribe!