Mad Squirrel Tech
In this special episode Javvad and Erich welcome Jelle Wieringa (@JelleWieringa), Roger Grimes (@rogeragrimes), Anna Collard @AnnaCollard3) and James McQuiggan (@James_McQuiggan) to the show for their 2022 cyber predictions.
How bad will things get? Will we have to welcome our new robotic overlords? Will shortages doom the Pumpkin Spice Latte? This and more may be answered in this episode, so be sure to join us.
In this episode @J4vv4d bows out and let’s @James_McQuiggan take over as they discuss the IKEA internal email issue, an attack on Planned Parenthood, a medical breach with unsuspecting victims and @ErichKron’s @InnocentOrg ambassadorship. All this and more, live!
Comment, like and share!
Stories from the show:
IKEA Internal Email Attack:
https://threatpost.com/ikea-email-reply-chain-attack/176625/
Cyber-Attack on Planned Parenthood
https://www.infosecurity-magazine.com/news/cyberattack-on-planned-parenthood/
Medsurant Health discloses ransomware incident, but not yet notifying patients:
https://www.databreaches.net/medsurant-health-discloses-ransomware-incident-but-not-yet-notifying-patients/
Former Ubiquiti engineer arrested for inside threat attack:
https://www.techtarget.com/searchsecurity/news/252510411/Former-Ubiquiti-engineer-arrested-for-inside-threat-attack
In this episode, Erich and Javvad chat about the #infosec and #cybersecurity stories of the week. Check them out and chat live with the hosts.
Stories from the show:
New Memento ransomware switches to WinRar after failing at encryption:
https://www.bleepingcomputer.com/news/security/new-memento-ransomware-switches-to-winrar-after-failing-at-encryption/
Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day:
https://www.zdnet.com/article/security-company-faces-backlash-for-waiting-12-months-to-disclose-palo-alto-0-day/
FBI system hacked to email ‘urgent’ warning about fake cyberattacks:
https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/
In this episode, Erich and Javvad discuss issues around a fertility clinic hack, another way big pharma is a hot mess, how Robinhood was swindled with simple social engineering and how North Korea is up to it’s old tricks again.
Don’t forget to Like, Share and Subscribe!
Stories from the show:
Hack leaves fertility clinic medical data at risk:
https://www.bbc.com/news/technology-59156683
EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms:
https://www.zdnet.com/article/eu-pharmaceutical-giants-run-old-vulnerable-apps-and-fail-to-use-encryption-in-login-forms/
Robinhood discloses data breach impacting 7 million customers:
https://www.bleepingcomputer.com/news/security/robinhood-discloses-data-breach-impacting-7-million-customers/
OTP Bot Call Audio:
https://soundcloud.com/user-233140213/otp-bot-call-audio
North Korean hackers target the South’s think tanks through blog posts:
https://www.zdnet.com/article/north-korean-hackers-target-the-souths-think-tanks-through-blog-posts/
In this episode Javvad and Erich discuss Cisco’s decision to remover hard-coded credentials and SSH keys… finally, the US ban on Pegasus spyware, a Squid Game themed cryptocoin robbery, and parents being threatened after building a school app.
Stories from the show:
Cisco fixes hard-coded credentials and default SSH key issues:
https://www.bleepingcomputer.com/news/security/cisco-fixes-hard-coded-credentials-and-default-ssh-key-issues/
US Bans Trade With Pegasus Spyware Maker:
https://threatpost.com/pegasus-spyware-blacklisted-us/175999/
Squid Game crypto token collapses in apparent scam:
https://www.bbc.co.uk/news/business-59129466
These Parents Built a School App. Then the City Called the Cops:
https://www.wired.com/story/sweden-stockholm-school-app-open-source/
This week, Erich and Javvad discuss some of the latest cybersecurity stories, including the NRA hack, North Korea is going after security vendors in supply chain attacks, some Iranian gas pumps are taken offline by a cyber attack and the Groove ransomware gang wants revenge on the US for taking down REvil, and is enlisting other gangs to focus their attacks there.
All of this and more!
Remember to Like, Share and Subscribe!
Stories from the show:
NRA Hacked:
https://www.cbsnews.com/news/nra-hack-ransomware-gang-grief-russia/
North Korea is Hacking Supply Chains:
https://thehackernews.com/2021/10/latest-report-uncovers-supply-chain.html
Iran… Out of Gas:
https://www.bleepingcomputer.com/news/security/iranian-gas-stations-out-of-service-after-distribution-network-hacked/
Groove Wants Revenge:
https://www.bleepingcomputer.com/news/security/groove-ransomware-calls-on-all-extortion-gangs-to-attack-us-interests/
In this episode, Erich and Javvad talk about their fails during presentations, Accenture finally admits it’s data was breached, telecoms are targeted by China, the UK bans Huawei from the 5Gs bad actors steal cookies from content creators, and a whole lot more!
Remember to Like, Subscribe and Share!
Stories from the show:
Accenture confirms data breach after August ransomware attack:
https://www.bleepingcomputer.com/news/security/accenture-confirms-data-breach-after-august-ransomware-attack/
Huawei ban: UK to impose early end to use of new 5G kit:
https://www.bbc.com/news/business-55124236
Potential Chinese hackers targeting telecommunications companies:
https://thehill.com/policy/cybersecurity/577440-potential-chinese-hackers-targeting-telecommunications-companies
Hackers Stealing Browser Cookies to Hijack High-Profile YouTube Accounts:
https://thehackernews.com/2021/10/hackers-stealing-browser-cookies-to.html
In this episode, Erich and Javvad discuss the weekly hot infosec topics, including ransomware without the encryption, angry ex-employees turned insider threat at a flight school, “super” passwords to not use, and whether or not “It was a deepfake” is the new, “The dog ate my homework”.
All of this and more!
Remember to like, subscribe and share!
Stories from the show:
30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware:
https://threatpost.com/rapid-attacks-extort-ransomware/175445/
Woman, 26, is arrested ‘for hacking into Florida flight training school’s system and tampering with airplane information, including clearing some aircraft with maintenance issues for takeoff’: Cops say attack was in retaliation after father was fired:
https://www.newsbreak.com/news/2400876442542/woman-26-is-arrested-for-hacking-into-florida-flight-training-school-s-system-and-tampering-with-airplane-information-including-clearing-some-aircraft-with-maintenance-issues-for-takeoff-cops-say-attack-was-in-retaliation-after-father-was-fired
Superman, Not to Rescue: Passwords With Superhero Names Are Most Hacked:
https://www.news18.com/news/buzz/superman-not-to-rescue-passwords-with-superhero-names-are-most-hacked-4317128.html
Fraudsters Cloned Company Director’s Voice In $35 Million Bank Heist, Police Find:
https://www.forbes.com/sites/thomasbrewster/2021/10/14/huge-bank-fraud-uses-deep-fake-voice-tech-to-steal-millions/?sh=18cc26697559
In this episode, Javvad makes fun of Erich for his current state of mental exhaustion due to National CyberSecurity Awareness Month, the Facebook outage and incident response tips are discussed, the ramifications of the Twitch breach are covered and an interesting, but maybe not so useful, method of pulling data from an air-gapped system is covered. All of this and more!
Remember to Like, Share and Subscribe!
Stories from the show:
Understanding How Facebook Disappeared from the Internet:
https://blog.cloudflare.com/october-2021-facebook-outage/
Security experts have given advice following the Twitch data breach:
https://www.nme.com/news/gaming-news/security-experts-have-given-advice-following-the-twitch-data-breach-3064855
Twitch source code and creator payouts part of massive leak:
https://www.theverge.com/2021/10/6/22712250/twitch-hack-leak-data-streamer-revenue-steam-competitor
LANtenna Attacks Exploit Air-Gapped Networks Via Ethernet:
https://www.bankinfosecurity.com/lantenna-attacks-exploit-air-gapped-networks-via-ethernet-cables-a-17688
In this episode, Javvad really messes up the intro, but finally finds his grove as they discuss the stroy about the Group-IB CEO being charged with Treason by Russia, The DDoS attack on Bandwidth, A very specific vulnerability with iPhones and Visa cards and how YouTube is going to remove all vaccine misinformation from the platform.
All of this and more!
Like, share and subscribe!
Stories from the show:
Top Russian Cybersecurity CEO Charged with Treason:
https://www.govinfosecurity.com/top-russian-cybersecurity-ceo-charged-treason-a-17644
Bandwidth Hit with DDoS Attack, Dealing with Service Disruptions:
https://www.channelfutures.com/security/bandwidth-hit-with-ddos-attack-dealing-with-service-disruptions
Security experts urge iPhone users to remove Visa as a transport card via Apple Pay:
https://uk.news.yahoo.com/security-experts-urge-iphone-users-234037124.html
YouTube to remove all anti-vaccine misinformation:
https://www.bbc.com/news/technology-58743252
Show Contents:
00:00 – 02:04 Javvad ruins the Intro
02:04 – 06:56 Treason or just business?
06:56 – 12:52 DDoS and the Bandwidth attack
12:52 – 22:49 Transporting with Visa
22:49 – 22:17 YouTube removing anti-vaxx misinformation
22:17 – 27:30 Outro
