EPISODE · Aug 12, 2022 · 50 MIN
Episode 116 - Thom Can't Work The Buttons
from The Host Unknown Podcast · host Javvad Malik, Thom Langford, Andrew. Agnēs
This Week in InfoSecWith content liberated from the “today in infosec” twitter account and further afield10th August 1988: 34 years ago today, Dade Murphy aka Zero Cool crashed 1507 computers, causing a 7 point drop in the NY stock exchange. He was 11 and his family was fined $45,000. He was banned from touching a computer until he turned 18.https://twitter.com/hakluke/status/15572420864238714886th August 2014: A hacker announced the theft of 40 GB of data from the maker of FinFisher spyware, then leaked the price list, client list, and more.A Hacker Claims to Have Leaked 40GB of Docs on Government Spy Tool FinFisherTop gov't spyware company hacked; Gamma's FinFisher leakedhttps://twitter.com/todayininfosec/status/115895644924810854411th August 2015: A day after Oracle CSO Mary Ann Davidson posted a blog titled "No, You Really Can’t", security community blowback caused Oracle to remove the post.No, you really can’t (Wayback Machine)Oracle has this Modest Proposal, via its CSOhttps://twitter.com/todayininfosec/status/1293374259637768194 Rant of the WeekMeta's chatbot says the company 'exploits people'Meta's new prototype chatbot has told the BBC that Mark Zuckerberg exploits its users for money.Meta says the chatbot uses artificial intelligence and can chat on "nearly any topic".Asked what the chatbot thought of the company's CEO and founder, it replied "our country is divided and he didn't help that at all".Meta said the chatbot was a prototype and might produce rude or offensive answers."Everyone who uses Blender Bot is required to acknowledge they understand it's for research and entertainment purposes only, that it can make untrue or offensive statements, and that they agree to not intentionally trigger the bot to make offensive statements," said a Meta spokesperson.The chatbot, called BlenderBot 3, was released to the public on Friday.The programme "learns" from large amounts of publicly available language data. Billy Big Balls of the WeekBackground: Twilio discloses data breach after SMS phishing attack on employees"On August 4, 2022, Twilio became aware of unauthorized access to information related to a limited number of Twilio customer accounts through a sophisticated social engineering attack designed to steal employee credentials," Twilio said over the weekend."The attackers then used the stolen credentials to gain access to some of our internal systems, where they were able to access certain customer data."The company also revealed the attackers gained access to its systems after tricking and stealing credentials from multiple employees targeted in the phishing incident.To do that, they impersonated Twilio's IT department, asking them to click URLs containing "Twilio," "Okta," and "SSO" keywords that would redirect them to a Twilio sign-in page clone.The SMS phishing messages baited Twilio's employees into clicking the embedded links by warning them that their passwords had expired or were scheduled to be changed.BBB: Cloudflare: Someone tried to pull the Twilio phishing tactic on us too. Cloudflare says it was subject to a similar attack to one made on comms company Twilio last week, but in this case it was thwarted by hardware security keys that are required to access applications and services.Twilio reported a breach after employees received phishing text messages claiming to be from the company's IT department. These fooled them into logging into a fake web page designed to look like Twilio's own sign-in page, using pretexts such as claiming they needed to change their passwords. The attackers were then able to use credentials supplied by the victims to log into the real site.According to Cloudflare, it recorded a very similar incident late last month, which could suggest the two attacks may have originated from the same attacker or group.Detailing the incident on its blog, the content delivery network claimed that no Cloudflare systems were compromised, but said it was "a sophisticated attack targeting employees and systems in such a way that we believe most organizations would be likely to be breached." Industry NewsMeta Takes Action Against Cyber Espionage Operations Targeting Facebook in South AsiaNumber of Firms Unable to Access Cyber-Insurance Set to DoubleSmishing Attack Led to Major Twilio BreachHealth Adviser Fined After Illegally Accessing Medical RecordsUS Treasury Sanctions Virtual Currency Mixer For Connections With Lazarus GroupPredator Pleads Guilty After Targeting Thousands of Girls OnlineCyber-criminals Shift From Macros to Shortcut Files to Hack Business PCs, HP ReportsDeathStalker's VileRAT Continues to Target Foreign and Crypto ExchangesSuspected $3m Romance Scammer Extradited to Japan Tweet of the Weekhttps://twitter.com/mttaggart/status/1557399523575508993 Come on! Like and bloody well subscribe!
What this episode covers
This week in InfoSec talks about repressive governments weapon of choice long before Pegasus Rant of the Week is another big tech chatbot in the wild Billy Big Balls demonstrates why defence-in-depth really can save you some pain Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is an infosec dad joke
NOW PLAYING
Episode 116 - Thom Can't Work The Buttons
No transcript for this episode yet
Similar Episodes
Dec 5, 2025 ·50m
Oct 9, 2025 ·33m
Oct 3, 2025 ·40m
Sep 11, 2025 ·31m
Aug 27, 2025 ·39m
Aug 18, 2025 ·54m