Episode 178 - The Last Of Us Episode

The Host Unknown Podcast

Nội dung được cung cấp bởi Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik. Tất cả nội dung podcast bao gồm các tập, đồ họa và mô tả podcast đều được Host Unknown, Thom Langford, Andrew Agnes, and Javvad Malik hoặc đối tác nền tảng podcast của họ tải lên và cung cấp trực tiếp. Nếu bạn cho rằng ai đó đang sử dụng tác phẩm có bản quyền của bạn mà không có sự cho phép của bạn, bạn có thể làm theo quy trình được nêu ở đây https://vi.player.fm/legal.

4M ago 49:35

MP3•Trang chủ episode

This week in InfoSec (12:55)

With content liberated from the “Today in infosec” Twitter account and further afield

11th December 2010: The hacker group Gnosis released the source code for Gawker's website and 1.3 million of its users' password hashes.

After a jury found Gawker's parent company liable in a lawsuit filed by Hulk Hogan and awarded him $140 million, Gawker shut down in 2016.

https://twitter.com/todayininfosec/status/1734217170173763907

14th December 2009: RockYou admitted that 32 million users' passwords (stored as plain text) and email addresses were compromised via a SQL injection vulnerability. RockYou's customer notification said "it was important to notify you of this immediately"...10 days after they became aware.

https://twitter.com/todayininfosec/status/1735357287147995514

Not really infosec https://x.com/depthsofwiki/status/1735147763447595024?s=20 but 14th Dec 2008 was the infamous Bush shoeing incident. Where Bush ducked the shoes thrown by Al-Zaidi while the Iraqi PM Nouri Al-Maliki tried to parry it.

Rant of the Week (22:10)

UK government woefully unprepared for 'catastrophic' ransomware attack

The UK has failed to address the threat posed by ransomware, leaving the country at the mercy of a catastrophic ransomware attack that the Joint Committee on National Security Strategy (JCNSS) yesterday warned could occur "at any moment."

The Parliamentary Select Committee reached this conclusion in a scathing report released December 13 that accused the government of failing to take ransomware seriously, and of providing "next-to-no support" to victims of ransomware attacks.

"There is a high risk that the government will face a catastrophic ransomware attack at any moment, and that its planning will be found lacking," the report concluded. "There will be no excuse for this approach when a major crisis occurs, and it will rightly be seen as a strategic failure."

Recent examples of ransomware infections at UK government institutions and critical private infrastructure are not hard to find.

Manchester Police, Royal Mail and the British Library have all fallen victim to ransomware attacks since September 2023.

In July 2023, the Barts Health NHS Trust hospital group was hit by the BlackCat ransomware gang. The NHS had already been taught a lesson about the vicious power of ransomware in 2017 when multiple Brit hospitals stopped taking new patients, other than in emergencies, after being hobbled by WannaCry.

Third-party providers of NHS software systems have been hit as well, taking systems offline and forcing care providers to revert to pen and paper.

In short, the situation with ransomware in the UK is already bad, and the JCNSS has predicted things will likely get worse.

Billy Big Balls of the Week (29:54)

Polish Hackers Repaired Trains the Manufacturer Artificially Bricked.

After breaking trains simply because an independent repair shop had worked on them, NEWAG is now demanding that trains fixed by hackers be removed from service.

They did DRM to a train.

In one of the coolest and more outrageous repair stories in quite some time, three white-hat hackers helped a regional rail company in southwest Poland unbrick a train that had been artificially rendered inoperable by the train’s manufacturer after an independent maintenance company worked on it. The train’s manufacturer is now threatening to sue the hackers who were hired by the independent repair company to fix it.

The fallout from the situation is currently roiling Polish infrastructure circles and the repair world, with the manufacturer of those trains denying bricking the trains despite ample evidence to the contrary. The manufacturer is also now demanding that the repaired trains immediately be removed from service because they have been “hacked,” and thus might now be unsafe, a claim they also cannot substantiate.

Industry News (38:38)

EU Reaches Agreement on AI Act Amid Three-Day Negotiations

Europol Raises Alarm on Criminal Misuse of Bluetooth Trackers

Widespread Security Flaws Blamed for Northern Ireland Police Data Breach

UK Ministry of Defence Fined For Afghan Data Breach

UK at High Risk of Catastrophic Ransomware Attack, Government Ill-Prepared

MITRE Launches Critical Infrastructure Threat Model Framework

Microsoft Targets Prolific Outlook Fraudster Storm-1152

Vulnerabilities Now Top Initial Access Route For Ransomware

Cozy Bear Hackers Target JetBrains TeamCity Servers in Global Campaign

Tweet of the Week (46:06)

https://x.com/WorkRetireDie/status/1732108681087508947?s=20

Come on! Like and bloody well subscribe!

192 tập

#Tech #Entrepreneur #Business #Comedy #Improv #Host Unknown #Andrew Agnes #Javvad Malik #This Week In Infosec #Cyber Security #Risk Management #Hackers #Cybersecurity #Rant Of The Week #Tweet Of The Week #Billy Big Balls Of The Week #InfoSec