Episode 114 - BACK OFF THE MIC JAV! episode artwork

EPISODE · Jul 29, 2022 · 47 MIN

Episode 114 - BACK OFF THE MIC JAV!

from The Host Unknown Podcast · host Robin Banks, Andrew Agnês, Thom Langford, Javvad Malik

This week in InfoSec With content liberated from the “today in infosec” twitter account and further afield25th July 2007: The US Ninth Circuit Court of Appeals ruled that IP addresses and to/from email fields can be monitored without probable cause. Appeals Court Rules No Privacy Interest in IP Addresses, Email To/From Fieldshttps://twitter.com/todayininfosec/status/115479199039704268829th July 2009: The first Security BSides conference was held in Las Vegas in a  3,767 square foot house.http://www.securitybsides.com/w/page/50746315/BSidesHistoryhttps://twitter.com/todayininfosec/status/1156078833277128704 Rant of the WeekHackers scan for vulnerabilities within 15 minutes of disclosureSystem administrators have even less time to patch disclosed security vulnerabilities than previously thought, as a new report shows threat actors scanning for vulnerable endpoints within 15 minutes of a new CVE being publicly disclosed.According to Palo Alto's 2022 Unit 42 Incident Response Report, hackers are constantly monitoring software vendor bulletin boards for new vulnerability announcements they can leverage for initial access to a corporate network or to perform remote code execution.However, the speed at which threat actors begin scanning for vulnerabilities puts system administrators in the crosshairs as they race to patch the bugs before they are exploited."The 2022 Attack Surface Management Threat Report found that attackers typically start scanning for vulnerabilities within 15 minutes of a CVE being announced," reads a companion blog post.Since scanning isn't particularly demanding, even low-skilled attackers can scan the internet for vulnerable endpoints and sell their findings on dark web markets where more capable hackers know how to exploit them.Then, within hours, the first active exploitation attempts are observed, often hitting systems that never had the chance to patch. Billy Big Balls of the WeekNew ‘Robin Banks’ phishing service targets BofA, Citi, and Wells FargoA new phishing as a service (PhaaS) platform named 'Robin Banks' has been launched, offering ready-made phishing kits targeting the customers of well-known banks and online services.The targeted entities include Citibank, Bank of America, Capital One, Wells Fargo, PNC, U.S. Bank, Lloyds Bank, the Commonwealth Bank in Australia, and Santander.Additionally, Robin Banks offers templates to steal Microsoft, Google, Netflix, and T-Mobile accounts.According to a report by IronNet, whose analysts discovered the new phishing platform, Robin Banks is already being deployed in large-scale campaigns that started in mid-June, targeting victims via SMS and email. LockBit 3.0 introduces the first ransomware bug bounty programWith the release of LockBit 3.0, the operation has introduced the first bug bounty program offered by a ransomware gang, asking security researchers to submit bug reports in return for rewards ranging between $1,000 and $1 million."We invite all security researchers, ethical and unethical hackers on the planet to participate in our bug bounty program. The amount of remuneration varies from $1000 to $1 million," reads the LockBit 3.0 bug bounty page.However, this bug bounty program is a bit different than those commonly used by legitimate companies, as helping the criminal enterprise would be illegal in many countries.Furthermore, LockBit is not only offering bounties for rewards on vulnerabilities but is also paying bounties for "brilliant ideas" on improving the ransomware operation and for doxxing the affiliate program manager.The following are the various bug bounty categories offered by the LockBit 3.0 operation:Web Site Bugs: XSS vulnerabilities, mysql injections, getting a shell to the site and more, will be paid depending on the severity of the bug, the main direction is to get a decryptor through bugs web site, as well as access to the history of correspondence with encrypted companies.Locker Bugs: Any errors during encryption by lockers that lead to corrupted files or to the possibility of decrypting files without getting a decryptor.Brilliant ideas: We pay for ideas, please write us how to improve our site and our software, the best ideas will be paid. What is so interesting about our competitors that we don't have?Doxing: We pay exactly one million dollars, no more and no less, for doxing the affiliate program boss. Whether you're an FBI agent or a very clever hacker who knows how to find anyone, you can write us a TOX messenger, give us your boss's name, and get $1 million in bitcoin or monero for it.TOX messenger: Vulnerabilities of TOX messenger that allow you to intercept correspondence, run malware, determine the IP address of the interlocutorand other interesting vulnerabilities.Tor network: Any vulnerabilities which help to get the IP address of the server where the site is installed on the onion domain, as well as getting root access to our servers, followed by a database dump and onion domains.The $1,000,000 reward for identifying the affiliate manager, known as LockBitSupp, was previously offered on the XSS hacking forum in April. Industry NewsNo More Ransom Has Helped Over 1.5m VictimsUS Doubles Reward for Info on North Korean HackersCriminals Use Malware as Messaging Bots to Steal DataCyber-Criminal Offers 5.4m Twitter Users’ DataEuropean Police Arrest 100 Suspects in BEC CrackdownSocial Media Accounts Hijacked to Post Indecent ImagesHackers Change Tactics for New Post-Macro EraRansomware Group Demands £500,000 From SchoolSpanish Police Arrest Alleged Radioactive Monitoring HackersTweet of the Weekhttps://twitter.com/danielmakelley/status/1550884696355225601 Come on! Like and bloody well subscribe!

This week in InfoSec pays homage to the the best conference for hackers, by hackers Rant of the Week laughs at your 14 day patching cycle Billy Big Balls is the opposite end of the scale to a 419-scam with bad spelling Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week could probably be found in the Shower Thoughts subreddit

NOW PLAYING

Episode 114 - BACK OFF THE MIC JAV!

0:00 47:30

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Big Old Life: Heather Blackbird interviews people on planet earth. Heather Blackbird loves asking questions. This podcast is a learning experience. Join me, Heather Blackbird, as I talk to people about their lives. Frequency of new episodes is a little all over the place and I'm learning as I go. Big Old Life is a small way of talking about the vastness of life, one person at a time. If you are reading this or found this podcast it's probably because someone you know gave you a link to it. :) Explicit Tales Of A Superstar DJ The Insomniac Spun seemingly out of nowhere from her complacent life in the corporate world, turned seemingly overnight from 16-Hour shift work and into the life of a literally starving artist and working musician, The Protagonist navigates her supposed rise to fame and superstardom on a journey through spiritual awakening, coming-of-age, and intimate self-realization--guided by an omnipresent force and equipped with the power of love, magic, and music. {Enter The Multiverse.} [The Festival Project] The Festival Project, Inc.™ is a multidimensional multimedia platform which encompasses exploratory and artistic social personifications and expressions on cosmic theory, spirituality, growth, health & wellness, philosophy and theoretic dynamics in entertainment such as music, design, film, television, radio, dance and festival culture, art, fashion, literature, and science. The Festival Project™ and its subsidiary Non-Profit, The Collective Complex © aims to challenge modern artistic and philosop Explicit Bitcoin Is Dead Trey Carson Welcome to Bitcoin is Dead, the ultimate Bitcoin variety show where host Trey takes you on a journey through the ever-evolving world of Bitcoin. Each episode brings new personalities, fascinating locations, and insightful conversations with politicians, educators, and innovators shaping the future of Bitcoin. Whether you're a seasoned Bitcoiner or just starting your journey, tune in for thought-provoking discussions, unique perspectives, and a deep dive into the ideas and people driving the Bitcoin revolution. Explicit The Sacred +Profane Podcast nephtaragrace The Sacred + Profane Podcast is a provocative conversation dedicated to cementing a better future for all. We specialize in unpacking the nuances of what is considered sacred and profane, particularly focusing on sex, death, and all that pertains to the circle of life. Our aim in focusing on such ”taboo” subject matter is to demystify what is unconscious, bring to light what has been known for centuries as ”the occult,” and empower the rapid transformation that is occurring on the Planet. Explicit

Frequently Asked Questions

How long is this episode of The Host Unknown Podcast?

This episode is 47 minutes long.

When was this The Host Unknown Podcast episode published?

This episode was published on July 29, 2022.

What is this episode about?

This week in InfoSec With content liberated from the “today in infosec” twitter account and further afield25th July 2007: The US Ninth Circuit Court of Appeals ruled that IP addresses and to/from email fields can be monitored without probable...

Can I download this The Host Unknown Podcast episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!