Talkin’ About Infosec News – 11/30/2022
00:00 – PreShow Banter™ — Inflatable Turkey
00:15 – BHIS – Talkin’ Bout [infosec] News 2022-11-28
02:34 – Story # 1: Musk recruits engineers for “Twitter 2.0”
https://arstechnica.com/tech-policy/2022/11/musk-recruits-engineers-for-twitter-2-0-after-mass-layoffs-and-resignations/
06:28 – Story # 2: Security experts are laying Mastodon’s flaws bare
https://www.techradar.com/news/security-experts-are-laying-mastodons-flaws-bare
15:01 – Story # 3: 5.4 million Twitter users’ stolen data leaked online — more shared privately
https://www.bleepingcomputer.com/news/security/54-million-twitter-users-stolen-data-leaked-online-more-shared-privately/
18:23 – Story # 4: 34 Russian Cybercrime Groups Stole Over 50 Million Passwords with Stealer Malware
https://thehackernews.com/2022/11/34-russian-hacker-groups-stole-over-50.html
19:48 – Story # 5: Sonder confirms data breach, documents and other PII potentially compromised
https://www.infosecurity-magazine.com/news/sonder-confirms-data-breach/
27:49 – Story # 6: Why Medibank should have paid the hackers
https://www.smh.com.au/business/consumer-affairs/this-is-a-business-for-them-why-medibank-should-have-paid-the-hackers-20221121-p5bzzn.html
30:43 – Story # 7: Hackers are locking out Mars Stealer operators from their own servers
https://techcrunch.com/2022/11/22/mars-stealers-flaw-lock-out/
33:42 – Story # 8: Ransomware gang says it won’t attack AirAsia again due to the “chaotic organisation” and sloppy security of hacked airline’s network
https://grahamcluley.com/ouch-ransomware-gang-says-it-wont-attack-airasia-again-due-to-the-chaotic-organisation-and-sloppy-security-of-hacked-companys-network/
40:09 – Story # 9: Over 1,600 Docker Hub Repositories Were Found to Hide Malware
https://heimdalsecurity.com/blog/over-1600-docker-hub-repositories-were-found-to-hide-malware/
46:25 – Story # 10: New Windows Server updates cause domain controller freezes, restarts
https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-domain-controller-freezes-restarts/
53:39 – Story # 11: Making Cobalt Strike harder for threat actors to abuse
https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse
We are self-publishing free Infosec Zines called PROMPT#.
PROMPT# will contain:
- Infosec articles
- Challenging puzzles
- Comic book based on real-life hacking adventures
- Coloring contests
- Bonus Backdoors & Breaches Consultant Cards (print version only)
- Other stuffs
You can check out current and upcoming issues here: https://www.blackhillsinfosec.com/prompt-zine/