EPISODE · Dec 11, 2020 · 1H 9M
Episode 36 - IT'S CHRIIIISTMAAAAS!
from The Host Unknown Podcast · host Thom Langford, Javvad Malik, Andrew Agens
This might be the last episode of the week, but that doesn't mean we scraped the barrel (except maybe for The Little People, but Jav has had a written warning for that already). Andy misunderstands the concept of "this week in infosec" and Thom tries to hold it together while juggling his newly acquired career in the security industry.Your usual tasty festive treats this week are:This Week in InfosecLiberated from the “today in infosec” twitter account:5th December 2013: Troy Hunt launched the site "Have I Been Pwned? (HIBP)". At launch, passwords from the Adobe, Stratfor, Gawker, Yahoo! Voices, and Sony Pictures breaches were indexed. Today? The identification of 10.5 billion compromised accounts.https://twitter.com/todayininfosec/status/1335020238765744129?s=208th December 2020: December 8, FireEye, a well-known security firm, announced that they had experienced a security incident that involved the theft of FireEye Red Team tools – the date of the incident was not revealed. Reportedly, evidence suggests that the compromise may have been carried out by a Russian nation-state threat actor “with top-tier offensive capabilities.” Per the blog post announcing the hack and authored by FireEye CEO Kevin Mandia, it appears that the attackers were also interested in the details related to FireEye customers that are government agencies. FireEye has engaged the FBI for this investigation.https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html Tweet of the Weekhttps://twitter.com/GrazianoDennis/status/1336796234120646662?s=20 Billy Big Balls3 Reasons Scientists Endure Social Media Trolls And Attackshttps://www.forbes.com/sites/marshallshepherd/2020/12/06/3-reasons-scientists-endure-social-media-trolls-and-attacks/?sh=668e1fb8424c Industry News#WebSummit: Nick Clegg Claims Internet Needs Accountability, Not RulesRansomware Set for Evolution in Attack Capabilities in 20212020: The Most Vulnerable Year Yet?Thales and Google Cloud Partner for External Encryption Key Management#BHEU: Collision of Cyber-Communities Creating Tension and Risk#BHEU: Focus on Security Fundamentals, Not Adversarial SophisticationData Loss Reports to ICO Increase Once Again#BHEU: North Korea’s Cyber-Offense Strategy Evolving to Focus on International Economic Targets Jav's industry NewsNear three in ten of workers furloughed feel less loyal to their employer post-furloughBusiness Executives’ Logins Sold on Russian Hacking Forum; Accounts Can Be Used for BEC ScamsPower banks could infect your smartphone with malwareExperts On Clop Ransomware Attacking Retail Giant E-LandCredential Stuffing Attack Targeted Spotify, Affecting More Than 300,000 AccountsSouth Korean retail giant E-Land Retail suffers Clop ransomware attack Rant of the WeekA new lawsuit brought by one of Apple’s oldest foes seeks to force the iPhone maker to allow alternatives to the App Store, the latest in a growing number of cases that aim to curb the tech giant’s power.The lawsuit was filed on Thursday by the maker of Cydia, a once-popular app store for the iPhone that launched in 2007, before Apple created its own version. The lawsuit alleges that Apple used anti-competitive means to nearly destroy Cydia, clearing the way for the App Store, which Cydia’s attorneys say has a monopoly over software distribution on iOS, Apple’s mobile operating system.https://www.washingtonpost.com/technology/2020/12/10/cydia-apple-lawsuit/https://twitter.com/ihackbanme/status/1337079701756493825?s=20 The Little PeopleDon't go there. Seriously, just skip ahead. Look Back on the YearJanuary:Travelex: Travelex services were pulled offline following a malware infection. The company itself and businesses using the platform to provide currency exchange services were all affected.February:Estée Lauder: 440 million internal records were reportedly exposed due to middleware security failures. March:Marriott: The hotel chain suffered a cyberattack in which email accounts were infiltrated. 5.2 million hotel guests were impacted. April:Nintendo: Nintendo said 160,000 users were impacted by a mass account hijacking account caused by the NNID legacy login system.May:EasyJet: The budget airline revealed a data breach exposing data belonging to nine million customers, including some financial records.Blackbaud: The cloud service provider was hit by ransomware operators who hijacked customer systems. The company later paid a ransom to stop client data from being leaked online.June:University of California SF: The university paid a $1.14 million ransom to hackers in order to save COVID-19 research.July:MGM Resorts: A hacker put the records of 142 million MGM guests online for sale.August:Experian, South Africa: Experian's South African branch disclosed a data breach impacting 24 million customers. September:NS8: The CEO of the cyberfraud startup was accused of defrauding investors out of $123 million.October:Dickey's: The US barbeque restaurant chain suffered a point-of-sale attack between July 2019 and August 2020. Three million customers had their card details later posted online. November:Manchester United: Manchester United football club said it was investigating a security incident impacting internal systems.Fake Zoom invite cripples Aussie hedge fund with $8m hitDecember:FireEye: FireEye disclosed a cyberattack, suspected to be the work of a nation-state group. The cybersecurity firm said the hack resulted in penetration tools being stolen. The Dead DonkeyMicrosoft discloses fewest vulnerabilities in a month since JanuaryDescription: Microsoft released its monthly security update Tuesday, disclosing 58 vulnerabilities across its suite of products, the lowest number of vulnerabilities in any Patch Tuesday since January. There are only 10 critical vulnerabilities as part of this release, while there are two moderate-severity exploits, and the remainder are considered "important." Users of all Microsoft and Windows products are urged to update their software as soon as possible to avoid possible exploitation of all these bugs.https://blog.talosintelligence.com/2020/12/microsoft-patch-tuesday-dec-2020-.html Come on! Like and bloody well subscribe!
What this episode covers
It's the last episode of the year as Host Unknown's contractual duties draw to a close. This weeks episode brings you your regular podcasty delectables: This week in Infosec Tweet of the Week Billy Big Balls Rant of the week Industry News Will we have a Little people today? We also look back at some of the notable events of the year
NOW PLAYING
Episode 36 - IT'S CHRIIIISTMAAAAS!
No transcript for this episode yet
Similar Episodes
Dec 5, 2025 ·50m
Oct 9, 2025 ·33m
Oct 3, 2025 ·40m
Sep 11, 2025 ·31m
Aug 27, 2025 ·39m
Aug 18, 2025 ·54m