Talkin' About [Infosec] News: "Cyberattack Bricks Speed Cameras"

Podcast: Talkin' About [Infosec] News, Powered by Black Hills Information Security
Date: August 18, 2025
Summary by: Podcast Summarizer AI

Episode Overview

In this lively episode, the Black Hills Information Security crew, a team of penetration testers and ethical hackers, dissect the latest cybersecurity news, focusing on high-profile breaches, vulnerabilities, and the culture of infosec. A highlight is the story of Russian threat actors allegedly bricking speed cameras in the Netherlands—a rare "feel-good" cyberattack for speeders everywhere. Other discussions include outlandish business deals, government tracking anti-diversion efforts, critical vulnerabilities, pressure on legal record-keeping, and quirky intersections between tech and… chickens.

Key Discussion Points & Insights

1. The $35 Billion "Perplexity-Buys-Chrome" Offer

Timestamps: 02:17–06:52

• Topic: Claims that Perplexity is trying to acquire Google Chrome for $35B.
• Panelists joke about the absurdity of the valuation and possible ulterior motives such as shell companies or circumventing regulatory scrutiny.
• Quote:
  “It's like, all right, Black Hills Information Security, we're going to acquire Cisco. Don’t look at our numbers; don’t worry about how much money we have.” — Host A [02:50]
• Commentary on the browser ad revenue war and how Perplexity’s CEO has proposed "very personalized advertising," much to the discomfort of users.

2. U.S. Government Tracking AI Chip Shipments to China

Timestamps: 07:13–10:04

• Topic: Reuters reports the U.S. putting “tracking devices” in sensitive chip shipments.
• Panelists speculate (hilariously) about literal AirTags being inserted in shipments; questions about the effectiveness and intent.
• Quote:
  “If I bought a server for like 200 grand, it better have an AirTag included…like I want to know where that thing’s at.” — Host A [09:57]
• Discussion touches on changes to export restrictions and the nature of these sources.

3. Leaky Dating Apps: “Tea on Her” Fails at Privacy

Timestamps: 10:17–11:50

• Topic: Male-focused clone of the “Tea” dating app is breached less than 10 minutes after launch, leaking sensitive IDs.
• Panel highlights the obvious risks of uploading government IDs to “doxing” apps with poor security.
• Quote:
  “That's identity theft natural selection…if you start uploading your license…you have to expect that outcome.” — Host D [11:25]

4. Critical Cisco Firewall Flaw (CVSS 10 Council)

Timestamps: 11:51–13:37

• Topic: Another severe remote command injection flaw found in Cisco Secure Firewall Management Center (CVSS score: 10).
• The running gag: the show needs a sound effect for every ten severity bug Cisco gets.
• Quote:
  “Anytime you see remote unauthenticated command injection, you should be concerned.” — Host C [13:24]

5. APT Phishing Tool Public Drop – “Frack Magazine” Leak

Timestamps: 13:56–15:57

• Topic: The return of Frack magazine and publication of custom phishing/Cobalt Strike tools allegedly from North Korean APTs.
• Noted that peeking behind the "APT curtain" is always fascinating but emphasizes that many attacks still rely on social engineering basics.

6. Scattered Spider's Simplicity & The Power of Social Engineering

Timestamps: 15:01–17:36

• Topic: Rise of the Scattered Spider group—a reminder that basic helpdesk social engineering still beats fancy tooling.
• Recap of how attackers swap between calling as the user vs. the helpdesk and use trusted channels (Teams) or fake voicemails.

7. Voicemail Phishing & Direct Send Attacks

Timestamps: 17:36–18:52

• Topic: Bypassing phishing defenses by sending internal-looking emails or voicemails ("the call is coming from inside the house").
• Practical advice on disabling risky features, referencing a forthcoming blog post.

8. Speed Cameras “Bricked” by Russian Cyberattack

Timestamps: 19:14–21:44

• Topic: The Netherlands' Public Prosecution Service hit by a cyberattack that permanently disabled dozens of speed cameras—sparking jokes about hacktivism for social good.
• Memorable Quote:
  “Finally, Russia does something good!” — Host A [19:14]
• No technical details were provided, but the group mused on geolocation games: how would drivers figure out which cameras are down?

9. HTTP/2 Vulnerabilities Continue to Emerge

Timestamps: 23:30–24:47

• Topic: HTTP/2 concurrency (DoS) flaw reminiscent of previous vulnerabilities; primarily a concern for developers using specific server platforms.

10. AI-Powered Geolocation for Law Enforcement (“GeoSpy”)

Timestamps: 24:49–28:48

• Topic: LAPD’s interest in GeoSpy, an AI tool for locating images' origins, sparked concerns about law enforcement “easy mode” in tracking and privacy.
• Discussion of the difference between investigative leads and admissible evidence.

11. Major Breaches: Manpower Ransomware, “PayPal Breach,” and PACER

Timestamps: 29:38–41:14

• Manpower: Facing a ransomware extortion with loss of HR, passport, and personal data.
• “PayPal Breach”: Likely just another data repack from infostealer troves, sold on BreachForums with little credibility.
• PACER US Court System: Suffered a hack exploiting years-old flaws (possibly by multiple nation-state actors).
• Quote:
  “If you want the easiest way to hack a system, just do the same thing you did five years ago because they didn’t do any sort of updates.” — Host B [37:10]

12. The Power (and Danger) of Unicode/Punycode Domain Tricks

Timestamps: 41:43–45:57

• Topic: Use of Japanese characters imitating slashes in URLs to create deceptive domain names for phishing.
• Panel acknowledges it's a fleeting trick, soon to be filtered, but underscores how attackers prey on URL misunderstandings.
• Examples of clever social engineering with doppelganger domains for phishing.

13. Sim Product, Fortinet & Other Vulnerabilities

Timestamps: 46:25–47:44

• Topic: Watchtower reports pre-auth remote code execution in Fortinet’s SIEM product (reminder to patch perimeter services).

14. Plex and Home Network Security

Timestamps: 48:13–49:58

• Topic: Plex servers and other home lab services as a vector for breaches, referencing past incidents (e.g., LastPass developer breach via Plex server).
• Good security hygiene: keep work and home networks isolated, patch home devices, beware of default credentials.

15. Chicken Technology: Gamma-Ray Soil Mapping for Better Eggs

Timestamps: 51:55–57:05

• Topic: A tongue-in-cheek detour into agricultural technology: UK’s Noble Foods uses “TerraMap” gamma ray detection to map soil nutrients for chicken farming.
• Discussion quickly shifts to jokes about “hulked-out” radioactive chickens, but with a solid technical primer on how gamma spectrometry helps agriculture.
• Quote:
  “Is there a detection for when your chicken’s going to go full hulked-out chicken due to the gamma radiation?” — Host A [55:04]

Memorable Moments & Recurring Jokes

• “CVSS 10 Council”: Calling for council every time a remote unauthenticated command injection is found in Cisco products.
• "Alias Acquisition": Running gag about buying massive companies (Cisco, Chrome) with imaginary billions.
• Radioactive Chickens: The panel’s mix of technical explanation and humor on farming tech.
• GIFs of John Strand: The tradition of catching a frozen video frame of co-host John for memes.
• Social Engineering as “Natural Selection”: Referencing the folly of trusting sensitive ID to sketchy apps.

Useful Timestamps (MM:SS)

• 02:17 – Opening salvo on tech absurdities, Perplexity, and browser business models.
• 07:13 – Government tracking anti-diversion attempts and chip shipments.
• 10:17 – Tea on Her breach and privacy errors in doxing/dating apps.
• 11:51 – Cisco “Council of Tens” vulnerability.
• 13:56 – Frack magazine’s infamous APT leak and phishing tools.
• 15:01 – The rise of Scattered Spider and social engineering basics.
• 19:14 – The speed camera cyberattack saga.
• 24:49 – AI/geolocating suspect images for law enforcement.
• 29:38 – Ransomware, PayPal repacks, and PACER hack critiques.
• 41:43 – Unicode attacks and the psychology of URL phishing.
• 51:55 – The great chicken/soil/gamma-ray technology deep dive.

Closing Thoughts

This episode embodies the relaxed but technical banter that defines Black Hills Information Security podcasts. While many stories are “same stuff, different day” — poor development hygiene, social engineering, exploit reuse — the hosts blend deep technical knowledge with the camaraderie and humor of a seasoned infosec team. Listeners get actionable takeaways (patch, segment, be suspicious!), a window into attacker methods, and some laughs about the intersections where hacking meets real life (and radioactive chickens).

For more, and to enjoy the panel’s banter in full, listen to the podcast or join their Discord community.