EPISODE · May 26, 2023 · 41 MIN
Episode 153 - The Poorly Planned Episode
from The Host Unknown Podcast · host Javvad Malik, Andrew Agnēs, Thom Langford
This week in InfoSec (09:59)With content liberated from the “today in infosec” twitter account and further afield26th May 2006: BackTrack v1.0 was released.https://twitter.com/todayininfosec/status/126547168776142438421st May 2012: Nmap 6.00 was released. https://nmap.org/6/https://twitter.com/todayininfosec/status/126358991810779136223rd May 1997: Carlos Felipe Salgado Jr. (aka "Smak"), who allegedly stole 100,000 credit cards from an Internet provider was granted bail on the condition he not go "anywhere near a computer." He was arrested after trying to sell it to the FBI.Hacker gets conditional bailhttps://twitter.com/todayininfosec/status/1264033568436568070 Rant of the Week (16:25)Dish confirms 300,000 people's data was exposed in February's attackBut don't worry – we know it was deleted.Dish Network has admitted that a February cybersecurity incident and associated multi-day outage led to the extraction of data on nearly 300,000 people, while also appearing to indirectly admit it may have paid cybercriminals to delete said data.Dish customers can rest easy, at the very least, as the telco said in a sample letter posted to the Maine Attorney General's breach notification website that customer databases weren't accessed and the stolen data belonged instead to employees both past and present, their family members, "and a limited number of other individuals" that Dish didn't specify.The satellite TV company also didn't say what sorts of personal information was stolen from those 296,851 individuals in the attack, aside from driver's license and non-driver ID card numbers.Dish never went on the record to publicly state the attack was caused by ransomware, though internal sources who contacted The Register, did report that ransomware was involved. Dish also made mention of ransomware in its SEC filing.Reports from February citing internal Dish sources claim the Black Basta ransomware gang was behind the break-in at Dish, and in its template letter [PDF] notifying affected individuals of the incident, the company sought to reassure recipients that there's no evidence the extracted data has been misused, and that it believes the data has been deleted.Er, who confirmed that again?"We have received confirmation that the extracted data has been deleted," Dish said, adding that it has been monitoring the dark web and criminal forums for signs the data is available online. "The results of the monitoring are consistent with the confirmation that the extracted data has been deleted," it added. That, as Emsisoft security analyst Brett Callow has pointed out, could be interpreted as an admission that Dish paid whatever ransom was demanded of it because "totally untrustworthy cybercriminals assured us the data would be deleted if we paid the ransom," Callow tweeted. Billy Big Balls of the Week (26:30)Ads for lucrative jobs in Asia fail to mention chance of slavery as crypto-scammerThe FBI has issued a warning about fake job ads that recruit workers into forced labor operations in Southeast Asia – some of which enslave visitors and force them to participate in cryptocurrency scams.The warning follows reports of multi-storey slave compounds housing unwilling workers in places like Cambodia.The FBI's advice suggests those scams are ongoing."Criminal actors assign debts to victims under the guise of travel fees and room and board, and use victims' mounting debt and fear of local law enforcement as additional means to control victims. Trafficked victims are sometimes sold and transferred between compounds, further adding to their debt," said the FBI.Advocacy groups and media report similar tactics, with victims targeted online and promised lucrative jobs abroad with travel fees and other benefits paid.Upon arrival in a foreign country – which may not even be the one jobseekers were told they'd visit – workers' passports and travel documents may be confiscated, and the victim coerced to conduct scams under the threat of violence.The scams the slaves conduct often involve "pig butchering" tactics that see perpetrators encourage victims to make investments in cryptocurrency. Once payments are made, the scammer ceases communication with the victim and their cash disappears. Pig butchering perps often use romance scams, promises of sex, or illegal gambling as lures. Industry News (32:53)Meta Fined €1.2bn for Violating GDPRChina Issues Ban on US Chipmaker ProductsTwo-Thirds of IT Leaders Say GDPR Has Reduced Consumer TrustDiversity advocate and renowned practitioner, Becky Pinkard, to be Inaugurated into Infosecurity Europe's Hall of FamePrivate Sector Cybersecurity Task Force Called for to Defend DemocraciesUS Sanctions North Korean Entities Training Expat IT Workers in Russia, China and LaosSMBs Targeted by State-Aligned Actors for Financial Theft and Supply Chain AttacksNCSC Warns Against Chinese Cyber Attacks on Critical InfrastructureExpo Framework API Flaw Reveals User Data in Online Services Tweet of the Week (39:35)https://twitter.com/ireteeh/status/1661635416204648448https://twitter.com/VladCraita/status/1661461184665604096?s=20https://twitter.com/primevideouk/status/1661760395659321346 Come on! Like and bloody well subscribe!
What this episode covers
This week in InfoSec shows that May has historically been a good year for hacker tools Rant of the Week is a dishy story putting faith in the bad guys Billy Big Balls is a warning for digital nomads Industry News brings us the latest and greatest security news stories from around the world And Tweet of the Week is a job transition hack for those new to the industry
NOW PLAYING
Episode 153 - The Poorly Planned Episode
No transcript for this episode yet
Similar Episodes
Dec 5, 2025 ·50m
Oct 9, 2025 ·33m
Oct 3, 2025 ·40m
Sep 11, 2025 ·31m
Aug 27, 2025 ·39m
Aug 18, 2025 ·54m