Artwork

Вміст надано Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.
Player FM - додаток Podcast
Переходьте в офлайн за допомогою програми Player FM !

Episode 171 - The Stitched Up Episode

43:16
 
Поширити
 

Manage episode 379685343 series 2706360
Вміст надано Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.

This week in InfoSec (09:48)

With content liberated from the “today in infosec” twitter account and further afield

8th October 2018: Google announced that it exposed the private info of hundreds of thousands of Google+ users between 2015 and 2018, only disclosing it 7 months after discovery because it was reported by The Wall Street Journal. Social network Google+ launched in 2011 and closed in 2019.

Google hid major Google+ security flaw that exposed users’ personal information

https://twitter.com/todayininfosec/status/1711159728552685667

16th October 1983: FBI agents raided homes of "young electronics buffs known as 'hackers'" in 6 states as part of an investigation of unauthorized intrusions into scores of large commercial and DoD computers. These teens included Lord Flathead - real name Tom Anderson, future MySpace founder.

https://twitter.com/todayininfosec/status/1712593589237076056

Rant of the Week (15:44)

Everest cybercriminals offer corporate insiders cold, hard cash for remote access

The Everest ransomware group is stepping up its efforts to purchase access to corporate networks directly from employees amid what researchers believe to be a major transition for the cybercriminals.

In a post at the top of its dark web victim blog, Everest said it will offer a "good percentage" of the profits generated from successful attacks to those who assist in its initial intrusion.

The group also promised to offer partners "full transparency" regarding the nature of each operation, as well as confidentiality about their role in the attack.

Everest is specifically looking for access to organizations based in the US, Canada, and Europe, and would accept remote access by a variety of means including TeamViewer, AnyDesk, and RDP.

Billy Big Balls of the Week (22:23)

Chinese citizens feel their government is doing a fine job with surveillance

Chinese residents are generally comfortable with widespread use of surveillance technology, according to a year-long project conducted by the Australian Strategic Policy Institute (ASPI) and an unnamed non-government research partner.

The project mainly investigated how state surveillance is conducted by Beijing and how the population of the People's Republic of China (PRC) perceives it. For the investigation, the researchers conducted media analysis, and an online survey of over 4,000 Chinese citizens.

Most respondents ranked their trust in central government positively – at an average of 7.3 on a scale out of 10. Businesses received a 6.7 rating. When it came to surveillance – by video, audio or internet activity – roughly half said they were comfortable.

As part of the project, ASPI provided a tool that could be considered quite subversive in China: an interactive website that provided access to uncensored non-Beijing information about deployed surveillance technologies and the agencies that run them. It consisted of five educational modules with quizzes at the end.

The website content was shaped by the survey results and reached over 55,000 users over the course of four months. It covered facial recognition, Wi-Fi probes, DNA surveillance, database management and surveillance cameras.

Industry News (28:08)

AWS to Mandate Multi-Factor Authentication from 2024

Blackbaud Settles Ransomware Breach Case For $49.5m

DNA Tester 23andMe Hit By Credential Stuffing Campaign

MGM Resorts Reveals Over $100M in Costs After Ransomware Attack

Air Europa Asks Customers to Cancel Cards After Breach

US Smashes Annual Data Breach Record With Three Months Left

European Police Hackathon Hunts Down Traffickers

Chinese APT ToddyCat Targets Asian Telecoms, Governments

California Enacts “Delete Act” For Data Privacy

Tweet of the Week (36:01)

https://twitter.com/ireteeh/status/1712408097170325968

Come on! Like and bloody well subscribe!

  continue reading

213 епізодів

Artwork
iconПоширити
 
Manage episode 379685343 series 2706360
Вміст надано Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Весь вміст подкастів, включаючи епізоди, графіку та описи подкастів, завантажується та надається безпосередньо компанією Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik або його партнером по платформі подкастів. Якщо ви вважаєте, що хтось використовує ваш захищений авторським правом твір без вашого дозволу, ви можете виконати процедуру, описану тут https://uk.player.fm/legal.

This week in InfoSec (09:48)

With content liberated from the “today in infosec” twitter account and further afield

8th October 2018: Google announced that it exposed the private info of hundreds of thousands of Google+ users between 2015 and 2018, only disclosing it 7 months after discovery because it was reported by The Wall Street Journal. Social network Google+ launched in 2011 and closed in 2019.

Google hid major Google+ security flaw that exposed users’ personal information

https://twitter.com/todayininfosec/status/1711159728552685667

16th October 1983: FBI agents raided homes of "young electronics buffs known as 'hackers'" in 6 states as part of an investigation of unauthorized intrusions into scores of large commercial and DoD computers. These teens included Lord Flathead - real name Tom Anderson, future MySpace founder.

https://twitter.com/todayininfosec/status/1712593589237076056

Rant of the Week (15:44)

Everest cybercriminals offer corporate insiders cold, hard cash for remote access

The Everest ransomware group is stepping up its efforts to purchase access to corporate networks directly from employees amid what researchers believe to be a major transition for the cybercriminals.

In a post at the top of its dark web victim blog, Everest said it will offer a "good percentage" of the profits generated from successful attacks to those who assist in its initial intrusion.

The group also promised to offer partners "full transparency" regarding the nature of each operation, as well as confidentiality about their role in the attack.

Everest is specifically looking for access to organizations based in the US, Canada, and Europe, and would accept remote access by a variety of means including TeamViewer, AnyDesk, and RDP.

Billy Big Balls of the Week (22:23)

Chinese citizens feel their government is doing a fine job with surveillance

Chinese residents are generally comfortable with widespread use of surveillance technology, according to a year-long project conducted by the Australian Strategic Policy Institute (ASPI) and an unnamed non-government research partner.

The project mainly investigated how state surveillance is conducted by Beijing and how the population of the People's Republic of China (PRC) perceives it. For the investigation, the researchers conducted media analysis, and an online survey of over 4,000 Chinese citizens.

Most respondents ranked their trust in central government positively – at an average of 7.3 on a scale out of 10. Businesses received a 6.7 rating. When it came to surveillance – by video, audio or internet activity – roughly half said they were comfortable.

As part of the project, ASPI provided a tool that could be considered quite subversive in China: an interactive website that provided access to uncensored non-Beijing information about deployed surveillance technologies and the agencies that run them. It consisted of five educational modules with quizzes at the end.

The website content was shaped by the survey results and reached over 55,000 users over the course of four months. It covered facial recognition, Wi-Fi probes, DNA surveillance, database management and surveillance cameras.

Industry News (28:08)

AWS to Mandate Multi-Factor Authentication from 2024

Blackbaud Settles Ransomware Breach Case For $49.5m

DNA Tester 23andMe Hit By Credential Stuffing Campaign

MGM Resorts Reveals Over $100M in Costs After Ransomware Attack

Air Europa Asks Customers to Cancel Cards After Breach

US Smashes Annual Data Breach Record With Three Months Left

European Police Hackathon Hunts Down Traffickers

Chinese APT ToddyCat Targets Asian Telecoms, Governments

California Enacts “Delete Act” For Data Privacy

Tweet of the Week (36:01)

https://twitter.com/ireteeh/status/1712408097170325968

Come on! Like and bloody well subscribe!

  continue reading

213 епізодів

Усі епізоди

×
 
Loading …

Ласкаво просимо до Player FM!

Player FM сканує Інтернет для отримання високоякісних подкастів, щоб ви могли насолоджуватися ними зараз. Це найкращий додаток для подкастів, який працює на Android, iPhone і веб-сторінці. Реєстрація для синхронізації підписок між пристроями.

 

Короткий довідник