Podcast Summary: Talkin' About [Infosec] News, Powered by Black Hills Information Security Episode: Yacht Doc
Release Date: November 21, 2024

1. Introduction and Opening Banter

The episode kicks off with the hosts—Corey, Daniel, Wade, John, Alex, Eddie, and Ryan—engaging in light-hearted banter about going live and reminiscing about old T-shirt slogans. This casual start sets a friendly and relaxed tone for the discussions to follow.

Corey [00:01]: "Are we live? Is this it?"
Daniel [00:03]: "I think we're live."
Wade [00:07]: "Yeah, I get the reference. Checky. Is it live or is it Memorex?"

2. Half-Life 2 Documentary Discussion

Alex brings up the "Half-Life 2 20th Anniversary Documentary," highlighting its quality and the intriguing insights it offers about why the game series was halted. The hosts share their appreciation for the documentary's depth and recommend it to listeners.

Alex [02:17]: "Instead of a video game, it's just a documentary now because they know everyone that played it is too old to play a video game."
John [02:44]: "It's pretty good. They talk about why they didn't make any more Half Life and then it's a pretty good document. I was surprised. It's two hours long, but it's pretty good. Highly suggested."

3. Resigning from Fictional Positions

In a humorous segment, Alex announces her resignation from a fictional position as the head of SZA, prompting others to jokingly resign from various non-existent roles. This playful exchange underscores the camaraderie among the hosts.

Alex [07:54]: "Hello and welcome to Black Hills Information Security's talking about news. It's November 18, 2024, and I'm officially resigning from my position as the head of sza, effective immediately."
John [08:13]: "Smart move. Smart move. I would have done the same."

4. Palo Alto Networks Vulnerability Analysis

The core of the episode centers around a newly discovered vulnerability in Palo Alto Networks' firewall management interface. The hosts delve into the implications of exposing management interfaces to the internet, emphasizing the potential risks and the importance of securing such critical points.

Corey [08:39]: "So, news article. ... There's an undisclosed or unknown vulnerability in Palo Alto Networks management interface for firewalls."
Eddie [10:00]: "It's just a matter of time before there is an exploit available and then you're going to get popped. And then you also are missing things like two factor authentication and things like that usually on these interfaces."

The discussion highlights real-world scenarios where management interfaces are inadvertently exposed, often due to third-party vendor management, and underscores the necessity of adhering to best security practices.

Alex [10:03]: "When we're doing pen tests and we're getting, ... reporting that and we're using examples like this to prove why you should never, ever, ever do it."

5. North Korean IT Threat Actors and Job-Related Compromises

Alex introduces an Intelligence Brief from Palo Alto Networks regarding North Korean IT workers based in Laos. The segment explores sophisticated methods employed by these threat actors, such as posing as legitimate IT professionals to distribute malware during job interviews, aiming to infiltrate target companies from within.

Alex [23:00]: "The two attacks they do the most are trying to get, trying to compromise people who are actually searching for jobs. So posing as a real IT company, interviewing developers, and then during the interview they distribute malware..."

The hosts discuss the challenges in verifying the identities of job applicants and the broader implications for organizational security, particularly the risks posed by insider threats.

Alex [27:45]: "There's nothing that says that they're going to come fly out from North Korea. There's nothing that says that they, if they're using a fake picture, maybe you catch them, but they could very easily settle themselves into another country..."

6. T-Mobile Breaches and Industry Impact

The conversation shifts to recurring breaches at T-Mobile, analyzing the company's statements denying significant impacts on customer data. The hosts speculate on possible third-party vulnerabilities and emphasize the need for vigilance even when major companies downplay breaches.

Alex [28:50]: "T Mobile representatives have said... 'T Mobile systems and data have not been impacted in any significant way. We have no evidence of impacts to Customer information.' So I don't know how that statement can be true."

They critique the tendency of organizations to immediately deny breaches without transparent communication, underscoring the importance of accountability and thorough investigation.

Corey [30:06]: "Yeah, those like historically the way they, they totally operate."
Alex [30:11]: "Now SolarWinds, you know we've talked about on the show a lot the person who said we're super secure to the shareholders is now being prosecuted for basically lying to."

7. 23andMe Layoffs and Data Privacy Concerns

Wade brings attention to the layoffs at 23andMe, discussing the potential risks associated with the company's vast collection of DNA data. The hosts express concerns over data selling practices and the permanence of DNA information once it is shared.

Wade [45:37]: "It's like I found that one, you know, interesting because like 23andMe, they still have all that user data and it's just going to get to the point to where they're going to sell that to try to make ends meet."
Alex [46:43]: "The whole Onion acquiring Infowars thing... pretty funny to imagine someone reading InfoWars and then it changing to the Onion and being like, what the heck?"

8. Infowars Acquisition by The Onion

The hosts discuss the acquisition of Infowars by The Onion, pondering the legal and ethical implications. They humorously speculate on the transformation of content and the potential benefits for victims through monetary compensation.

Alex [46:43]: "It's kind of a corollary of, like, you never know who's going to buy the data when it goes up for auction."
Wade [49:05]: "And it's not even from what I was reading. It's not even hitting on, like, Twitter owns some of this or Musk owned some of this. It's that nobody else knew what was going on. It said they went ahead and sniped in on it all. Nobody had a chance to go ahead and outbid them."

9. Sentencing of a Hacker: Case Study

John presents a case study of Robert Purbeck, an Idaho resident sentenced to 10 years in prison for stealing personal data and extortion. The hosts discuss the severity of the sentence, its implications for cybercrime deterrence, and the ongoing challenges in prosecuting such offenders.

John [40:11]: "Robert Purbeck is sentenced to 10 years in prison for stealing personal data of 132,000 people and extortion."
Alex [41:43]: "He bought access or he's buying access from initial access brokers to probably through info stealers."

They debate whether the punishment is adequate, considering the scale of the crimes and the potential for restitution.

Alex [42:11]: "I think it's enough. I think it's actually pretty harsh. I mean extortion is bad, data theft is bad."
Corey [42:27]: "Yeah, well, before I would make a judgment on whether or not it was harsh enough."

10. Top Vulnerabilities of 2023

The hosts touch upon the most exploited vulnerabilities of 2023, with a focus on the prevalence of zero-day exploits and the critical importance of timely patching.

John [50:47]: "So here's the top vulnerabilities of 2023... the worst passwords of 2024."
Corey [51:03]: "They were all a lot of zero days."
Alex [51:20]: "A lot of these vulnerabilities were patched pretty quickly after they were disclosed."

They emphasize the necessity for organizations to maintain robust patch management processes to mitigate the risks associated with these vulnerabilities.

John [53:37]: "Patch."
Alex [53:44]: "Maybe we could have Russian APT guy give us an overview of why we shouldn't patch."

11. Ransomware Attacks on Pharmaceutical Companies

Corey introduces a ransomware incident targeting a pharmaceutical company, highlighting the devastating impact on critical healthcare infrastructure. The discussion underscores the urgency for enhanced security measures in the healthcare sector.

John [42:47]: "Pharmaceutical company Embargo Ransomware ... they are looking for 1.5 mil this year."
Corey [43:41]: "CEOs probably. I think I got a million on me."

The hosts lament the frequent targeting of healthcare organizations, recognizing the essential services they provide and the dire consequences of such breaches.

Alex [43:38]: "Healthcare ransomware, sadly too common, unfortunately. Usually very, very active."

12. Collegiate Pen Testing Competition and Education

Alex shares his experience sponsoring a regional collegiate penetration testing competition at Stanford. He praises the event's structure, where student teams engage in realistic pen testing scenarios, fostering practical skills and encouraging the next generation of cybersecurity professionals.

Alex [56:35]: "I was over the weekend... Collegiate Pen Testing. It was cool to see, you know, 10 teams ... create a report, submit it. And that was mainly what was scored."

The hosts advocate for student participation in such competitions, recognizing their value in honing critical security skills.

Alex [58:02]: "If you're a college kid, definitely recommend getting involved with this if you're interested in pen testing. It's pretty cool."

13. Predictions and Closing Remarks

In their final segment, the hosts make light-hearted predictions about future security incidents, including recurring breaches at T-Mobile and the exploitation of management interfaces by malicious actors. They also brainstorm humorous ideas for future pen testing services, blending technical insights with their signature humor.

John [59:54]: "There's gonna be another management interface open to the Internet exploited."
Alex [54:03]: "You patch for me, right?"

The episode concludes with the hosts expressing gratitude to their listeners and signing off with their characteristic wit.

Alex [60:17]: "So yeah, their marketing department will go for it. They'll be like, we love memes that."
Corey [60:32]: "We'Re selling as a lot of CEOs are aging in from like the millennial generation. And lower that that might actually work."

Notable Quotes:

• Alex [07:54]: "Hello and welcome to Black Hills Information Security's talking about news. It's November 18, 2024, and I'm officially resigning from my position as the head of sza, effective immediately."

• Eddie [10:00]: "It's just a matter of time before there is an exploit available and then you're going to get popped."

• Alex [23:00]: "The two attacks they do the most are trying to get, trying to compromise people who are actually searching for jobs."

• Corey [42:27]: "Yeah, well, before I would make a judgment on whether or not it was harsh enough."

• John [53:37]: "Patch."

• Corey [43:41]: "CEOs probably. I think I got a million on me."

• Alex [56:18]: "Anytime's interested in a pen testing startup idea. You know, I have one for sale for zero. Just let me know."

This episode of "Talkin' About [Infosec] News" offers a comprehensive exploration of current cybersecurity threats, best practices, and the evolving landscape of infosec. From dissecting vulnerabilities in major network vendors to understanding sophisticated threat actor tactics, the hosts provide valuable insights for both seasoned professionals and enthusiasts alike. Their blend of technical expertise and engaging dialogue ensures that listeners are both informed and entertained throughout the episode.