Couverture de Talkin' Bout [Infosec] News

Talkin' Bout [Infosec] News

Talkin' Bout [Infosec] News

De : Black Hills Information Security
Écouter gratuitement

A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team. Join us live on YouTube, Monday's at 4:30PM ETCopyright 2025 Talkin' About [Infosec] News, Powered by Black Hills Information Security Politique et gouvernement
Épisodes
  • OnlyFans Models Are Accidental Blue Team Defenders - 2026-07-13
    Jul 15 2026
    This week, the team unpacks a wide range of cybersecurity news, including a fraudulent offensive security startup tied to cybercriminals, how leaked OnlyFans content is inadvertently helping defenders identify compromised government websites, and new vishing attacks targeting Microsoft Entra passkey enrollment. They also examine AI prompt injection risks in GitHub workflows, malware campaigns abusing hundreds of GitHub repositories and Go packages, Microsoft's latest identity security developments, and the growing push for online age verification through government-issued IDs and selfies.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-event-chatChapters(00:00) - PreShow Banter™ — The New Mainframes(05:24) - OnlyFans Models are Accidental Blue Team Defenders - 2026-07-13(06:23) - Story #1 - Felons, Fraudsters Flog Offensive Cybersecurity Startup(15:37) - Story #2 - OnlyFans Models Are Accidentally Making Hacked Government Websites Disappear(20:37) - Story #3 - Vishing actors target Entra passkey enrollment(32:44) - Story #4 - GitLost: How We Tricked GitHub’s AI Agent into Leaking Private Repos(46:32) - Story #5 - Network of 200 GitHub Repositories Used for Malware Infection(48:13) - Story #6 - Microsoft admits Windows 11 has a GDID tracker with no off switch, first documented publicly in an FBI hacker complaint(53:53) - Story #7 - EU Reddit Users Must Verify Age With Government ID or Selfie(59:39) - Story #8 - Risky Bulletin: All new cars to include a camera aimed at the driver's faceLinksStory #1 - Felons, Fraudsters Flog Offensive Cybersecurity StartupStory #2 - OnlyFans Models Are Accidentally Making Hacked Government Websites DisappearStory #3 - Vishing actors target Entra passkey enrollmentStory #4 - GitLost: How We Tricked GitHub’s AI Agent into Leaking Private ReposStory #5 - Network of 200 GitHub Repositories Used for Malware InfectionStory #6 - Microsoft admits Windows 11 has a GDID tracker with no off switch, first documented publicly in an FBI hacker complaintStory #7 - EU Reddit Users Must Verify Age With Government ID or SelfieStory #8 - Risky Bulletin: All new cars to include a camera aimed at the driver’s faceCreators & Guests John Strand - HostMishaal Khan - GuestRalph May - HostMeagan Bentley - ProducerBronwen Aker - HostWade Wells - HostDoc Blackburn - GuestJake Hildreth - GuestClick here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.com☯️ Introducing BHIS Fusion Penetration Testinghttps://www.blackhillsinfosec.com/fusion-penetration-testing/Antisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
    Afficher plus Afficher moins
    1 h et 8 min
  • Apple's Hide My Email ... Doesn't! – 2026-07-06
    Jul 7 2026
    This episode of BHIS - Talkin' Bout [infosec] News covers the latest cybersecurity headlines, including debate over the economics of AI infrastructure, updates on the Huntress controversy, new details surrounding Scattered Spider, a critical Microsoft SharePoint vulnerability, and reports of a breach involving a DHS information-sharing network. The discussion also examines Apple's legal battles over alternative app stores, the limitations of Apple's Hide My Email feature, a Medtronic breach, firmware security, Palo Alto Networks attribution disputes, and other notable security stories that didn't make the main rundown.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — Ask GPU(02:09) - Story # 0: The memory crisis heads to court as class-action lawsuit filed against Samsung, SK Hynix, and Micron(05:15) - Apple's Hide My Email ... Doesn't! – 2026-07-06(08:38) - Story #1 - These Recent Insider Threat Allegations(12:53) - Story #2a - Alleged Scattered Spider hacker extradited to the United States(16:40) - Story #3 - US Department of Homeland Security says it is probing a cyber breach at information-sharing network(22:20) - Story #5 - Espionage Against the European Parliament(28:33) - Story #6a - Sony Is Going Disc-Free: What It Means for PS6 and Your Wallet(33:35) - Story #6b - Resetting XBOX(38:51) - Story #7 - Command & Conquer Generals: Zero Hour — macOS, iOS & iPadOS(42:47) - Story #8 - Medtronic notifies customers impacted by ShinyHunters data breach(43:56) - Story #9 - Flipper Zero firmware development continues with community help(55:18) - Story #10 - Amazon will stop accepting new customers for Mechanical Turk(59:06) - Fletus’ YouTube Channel(59:42) - Doc’s Upcoming Workshop(01:03:22) - Story #11 - Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email Addresses(01:03:56) - Story #12 - Startup sues Palo Alto Networks' Koi Security, saying an AI-hallucinated report falsely linked it to Chinese espionageLinksStory # 0: The memory crisis heads to court as class-action lawsuit filed against Samsung, SK Hynix, and MicronStory #1 - These Recent Insider Threat AllegationsStory #2a - Alleged Scattered Spider hacker extradited to the United StatesStory #3 - US Department of Homeland Security says it is probing a cyber breach at information-sharing networkStory #5 - Espionage Against the European ParliamentStory #6a - Sony Is Going Disc-Free: What It Means for PS6 and Your WalletStory #6b - Resetting XBOXStory #7 - Command & Conquer Generals: Zero Hour — macOS, iOS & iPadOSStory #8 - Medtronic notifies customers impacted by ShinyHunters data breachStory #9 - Flipper Zero firmware development continues with community helpStory #10 - Amazon will stop accepting new customers for Mechanical TurkFletus’ YouTube ChannelDoc’s Upcoming WorkshopStory #11 - Apple ‘Hide My Email’ Vulnerability Reveals Peoples’ Real Email AddressesStory #12 - Startup sues Palo Alto Networks’ Koi Security, saying an AI-hallucinated report falsely linked it to Chinese espionageCreators & Guests Corey Ham - HostJohn Strand - HostWade Wells - HostDoc Blackburn - GuestHayden Covington - HostRalph May - HostFletus Poston - GuestRyan Poirier - ProducerClick here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
    Afficher plus Afficher moins
    1 h et 7 min
  • Polymarket's Bad Bet with Third-Party Vendors - 2026-06-29
    Jun 30 2026
    This week on BHIS - Talkin' Bout [infosec] News, the team discusses the Polymarket supply chain compromise that led to the theft of millions from a small number of high-value accounts, emerging phishing campaigns abusing OpenAI invitations and Microsoft 365 device code authentication, and recent Oracle security updates. They also cover convictions tied to the Transport for London and U.S. healthcare intrusions, Google's Android earthquake warning system, concerns over MITRE ATT&CK evaluation methodology, and the ongoing debate surrounding threat intelligence researchers interacting with cybercriminals.Join us LIVE on Mondays, 4:30pm EST.A weekly Podcast with BHIS and Friends. We discuss notable Infosec, and infosec-adjacent news stories gathered by our community news team.https://www.youtube.com/@BlackHillsInformationSecurityChat with us on Discord! - https://discord.gg/bhis🔴live-chatChapters(00:00) - PreShow Banter™ — The Next Webcast Thing(00:14) - Polymarket's Bad Bet with Third-Party Vendors - 2026-06-29(03:56) - Story #1 - It's looking like a hot, messy summer for security teams as AI finds countless previously hidden vulns(07:49) - Story #2 - FBI issues urgent Kali365 security warning for Teams, Outlook, OneDrive users(08:55) - Story #3 - heavener: This is what happens when you can't afford EDR licenses(18:50) - Story #4 - Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues(31:59) - Story #5 - I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.(36:14) - Story #6 - CISA Adds Four Known Exploited Vulnerabilities to Catalog(37:09) - Story #7 - Victory! 702 has Expired!(37:43) - Story #8 - Scattered Spider Hackers Plead Guilty on Day 1 of Trial(40:52) - Story #9 - Polymarket customers lose $3 million in supply-chain attack(44:56) - Story #10 - Bad cybersecurity by Secret Service agents put US officials at risk, inspector general says(49:31) - Story #11 - How Android Earthquake Alerts System Works(53:47) - Story #12 - Cybersecurity firms targeted by fraudulent OpenAI organization invites(59:34) - Story #13a - The Trojan horse of cybercrime: Weaponizing SaaS notification pipelines(59:59) - Story #13b - Order-tracking app Shop abused to push callback phishing attacks(01:04:29) - Chinese AI vs. Anthropic Mythos | BHIS [In Focus]LinksStory #1 - It’s looking like a hot, messy summer for security teams as AI finds countless previously hidden vulnsStory #2 - FBI issues urgent Kali365 security warning for Teams, Outlook, OneDrive usersStory #3 - heavener: This is what happens when you can’t afford EDR licensesStory #4 - Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensuesStory #5 - I Could’ve Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.Story #6 - CISA Adds Four Known Exploited Vulnerabilities to CatalogStory #7 - Victory! 702 has Expired!Story #8 - Scattered Spider Hackers Plead Guilty on Day 1 of TrialStory #9 - Polymarket customers lose $3 million in supply-chain attackStory #10 - Bad cybersecurity by Secret Service agents put US officials at risk, inspector general saysStory #11 - How Android Earthquake Alerts System WorksStory #12 - Cybersecurity firms targeted by fraudulent OpenAI organization invitesStory #13a - The Trojan horse of cybercrime: Weaponizing SaaS notification pipelinesStory #13b - Order-tracking app Shop abused to push callback phishing attacksChinese AI vs. Anthropic Mythos | BHIS [In Focus]Creators & Guests John Strand - HostBronwen Aker - HostCorey Ham - HostMeagan Bentley - ProducerWade Wells - HostRalph May - HostHayden Covington - HostClick here to watch this episode on YouTube. Click here to view the episode transcript. 🔗 Register for FREE Infosec Webcasts, Anti-casts & Summits https://poweredbybhis.comBrought to you by:Black Hills Information Security https://www.blackhillsinfosec.comAntisyphon Traininghttps://www.antisyphontraining.com/Active Countermeasureshttps://www.activecountermeasures.comWild West Hackin Festhttps://wildwesthackinfest.com
    Afficher plus Afficher moins
    1 h et 6 min
adbl_web_anon_alc_button_suppression_t1
Aucun commentaire pour le moment