Podcast Summary: "Trading in Jock Straps for Jock Hacks – 2025-03-24"

Podcast Information:

• Title: Talkin' About [Infosec] News, Powered by Black Hills Information Security
• Host/Author: Black Hills Information Security
• Episode: Trading in Jock Straps for Jock Hacks
• Release Date: March 26, 2025
• Description: A weekly infosec podcast where a team of penetration testers discuss the latest attacks, breaches, and the methodologies behind them.

Table of Contents

1. Apple Mac Studio and High-Cost Configurations
2. GitHub Supply Chain Attacks
3. Wiz Acquisition by Google
4. Oracle Cloud Breach Discussion
5. Next.js Authentication Vulnerability
6. Cloudflare’s AI-Based Content Poisoning
7. Ex-Michigan Coach Charged with Hacking
8. 23andMe Filing for Bankruptcy
9. Amazon Echo Privacy Changes
10. Scam Busting with Content Creators
11. Delachi RAT: A New Remote Access Trojan
12. Trimark Merging with Trusted SEC
13. Conclusion

1. Apple Mac Studio and High-Cost Configurations

The episode kicks off with a discussion about Apple's latest hardware release, the Mac Studio, notable for its exorbitant price tags when configured with high memory.

Key Points:

• Apple's Mac Studio now offers configurations with up to 512 GB of memory, priced around $4,000.
• The hosts highlight the financial implications, humorously cautioning against such high expenditures.

Notable Quote:

• Corey [00:15]: "Also, the new just for the record, Apple now has just so many fun ways to drop massive stacks of cash because they have the new Mac studio which you can get with up to 512 gigs of memory."

2. GitHub Supply Chain Attacks

A significant portion of the discussion centers on a recent supply chain attack targeting GitHub repositories, specifically the TJ Actions/Changed Files repository.

Key Points:

• Attack Vector: Compromised personal access tokens led to malicious code insertion.
• Impact: Potential exposure of CI/CD secrets across approximately 23,000 repositories.
• Target: Speculation that cryptocurrency exchanges like Coinbase were primary targets.

Notable Quotes:

• Corey [03:25]: "Yeah, this GitHub thing is genuinely kind of scary."
• Alex [04:20]: "There's a rumor that this was targeting actually Coinbase specifically."

3. Wiz Acquisition by Google

The hosts delve into the acquisition of Wiz, an Israeli cloud security company, by Google for a hefty $32 billion.

Key Points:

• Wiz's Role: Provides orchestration and configuration audits across various cloud platforms.
• Market Impact: Seen as Google bolstering its cloud security offerings to compete with Azure and AWS.
• Community Reaction: Skepticism about the actual security effectiveness of Wiz remains.

Notable Quotes:

• Corey [11:02]: "32 bill out the door at Google."
• Joff [12:09]: "If you want to buy BHIS for $32 billion, we are taking offers less than that."

4. Oracle Cloud Breach Discussion

The episode examines unconfirmed reports of a breach in Oracle Cloud, where purportedly 6 million accounts or records were compromised.

Key Points:

• Oracle's Response: Denied the breach, stating that the exposed credentials did not pertain to Oracle Cloud customers.
• Community Skepticism: The hosts express doubt, drawing parallels to previous corporate denial cases.
• Potential Realities: Suggests that indirect breaches via third-party vendors might be the actual issue.

Notable Quotes:

• Corey [15:21]: "But this breach is kind of an unconfirmed breach from the outside perspective."
• Joff [16:26]: "Probably loudly. And then you call your bank of lawyers and you put up your shields."

5. Next.js Authentication Vulnerability

A critical vulnerability in Next.js's middleware handling was uncovered, allowing for authentication bypass through header manipulation.

Key Points:

• Vulnerability Mechanism: Mismanagement of the X-Middleware-Sub-Request header leading to infinite middleware loops.
• Impact: Potential exploitation across various versions, especially v14 and v15.
• Mitigation: Hosts suggest patching and implementing stricter logging and validation.

Notable Quotes:

• Alex [20:00]: "It's an authentication bypass in Next js."
• Corey [23:50]: "Well, patch your next JS if you're using it. If you're a CPT customer. We'll be in touch."

6. Cloudflare’s AI-Based Content Poisoning

Cloudflare introduced an AI-driven approach to deter AI-based content scrapers by generating misleading or low-quality content.

Key Points:

• Objective: Confuse and disrupt AI scrapers to prevent data poisoning and reduce content quality.
• Mechanism: Uses AI to generate irrelevant or nonsensical responses, increasing the difficulty for scrapers to collect meaningful data.
• Challenges: Potential for improved AI to counteract these measures, leading to an ongoing cat-and-mouse scenario.

Notable Quotes:

• Corey [26:22]: "It's a data poisoning attack back."
• Joff [28:37]: "But remember this is scaled up at AI level."

7. Ex-Michigan Coach Charged with Hacking

The podcast covers the case of a former Michigan quarterback coach facing federal charges for unauthorized access to student athlete databases.

Key Points:

• Charges: 14 counts of unauthorized computer access and 10 counts of aggravated identity theft.
• Methodology: Allegedly used compromised credentials to access PII and other sensitive information.
• Motivation: Speculated to involve misuse of intimate data, raising concerns about data access policies in educational institutions.

Notable Quotes:

• Corey [29:27]: "Matt Weiss... hacking student accounts and pulling their information."
• Ralph [50:02]: "It's really tragic to me as well, that someone would be that low."

8. 23andMe Filing for Bankruptcy

A surprising turn of events reveals that 23andMe is filing for bankruptcy, primarily due to oversaturation in selling DNA data.

Key Points:

• Reason for Bankruptcy: Market saturation from extensive DNA data sales leaving no room for further monetization.
• Privacy Concerns: Raised issues about the irreversibility and ethics of selling genetic information.
• Industry Implications: Signals potential instability in the genetic testing and data brokerage sectors.

Notable Quotes:

• Corey [36:08]: "They sold all this DNA data already... they can't sell it anymore."
• Alex [36:40]: "Just think about this. One day, somebody sat around, they were like... we could sell all their data to whoever."

9. Amazon Echo Privacy Changes

Amazon announced policy changes affecting the privacy features of their Echo devices, moving towards mandatory data sharing.

Key Points:

• Policy Shift: Eliminating the option to disable voice recordings from being sent to Amazon.
• User Impact: Users lose control over personal voice data, aligning Alexa more closely with Google’s data practices.
• Subscription Model: Introduction of Alexa Plus, a paid subscription offering enhanced AI features, while standard functions remain integral.

Notable Quotes:

• Corey [38:44]: "Amazon saying, we're going to go the Google route. We're gonna explicitly say you are the product and you cannot opt out."
• Corey [41:36]: "Well, patch your next JS if you're using it."

10. Scam Busting with Content Creators

The episode highlights the efforts of scam busters like Kitboga, Jim Browning, and Pleasant Green in combating online scams through content creation.

Key Points:

• Methodology: Posing as victims to engage scammers, wasting their time, and gathering PII for law enforcement.
• Content Appeal: Educational, entertaining, and effective in raising awareness about scam tactics.
• Community Impact: Provides valuable insights into scammer behavior and victim psychology.

Notable Quotes:

• Corey [44:23]: "I highly recommend watching it because it's kind of like security adjacent."
• Joff [50:56]: "They have all of his, like, AI voices. All use, like, old lady and old man voices."

11. Delachi RAT: A New Remote Access Trojan

A new Remote Access Trojan (RAT) named Delachi has emerged, featuring traditional attack vectors with some modern twists.

Key Points:

• Functionality: Targets cryptocurrency wallets and steals browser state files, maintaining persistent access via TCP port 53.
• Evasion Techniques: Uses standard command and control over DNS to blend into legitimate traffic.
• Community Reaction: Recognized as a sophisticated yet familiar threat, echoing classic RAT behaviors.

Notable Quotes:

• Corey [54:27]: "It's like, how do you get people, like, off of. Off of this?"
• Alex [55:10]: "Still read it. But like, it might make you feel good that you probably know what a rat does."

12. Trimark Merging with Trusted SEC

The podcast briefly touches on the merger between Trimark and Trusted SEC, signaling consolidation in the cybersecurity sector.

Key Points:

• Strategic Move: Aimed at enhancing defensive product offerings and expanding service capabilities.
• Industry Implications: Reflects the trend of mergers to combat increasing cybersecurity threats and market competition.
• Host Reaction: Viewed positively as a beneficial development for both companies and their clients.

Notable Quotes:

• Corey [56:41]: "It's pretty cool."
• Alex [56:57]: "I think it's pretty cool."

13. Conclusion

The episode wraps up with reflections on the discussed topics, emphasizing the evolving landscape of cybersecurity, privacy concerns, and the continuous arms race between defenders and attackers.

Key Points:

• The hosts express optimism about the creation and acquisition of new security tools despite industry challenges.
• Acknowledgment of the human element in cybersecurity, highlighting both victim and perpetrator perspectives.
• Encouragement to stay informed and vigilant in the face of emerging threats and policy changes.

Notable Quotes:

• Corey [58:14]: "On that high note, see you all next week."
• Joff [58:24]: "Let's close on that."

Final Thoughts

"Trading in Jock Straps for Jock Hacks" provided a comprehensive overview of current infosec news, blending technical discussions with light-hearted banter. From high-cost tech releases to intricate supply chain attacks, and from AI-driven defensive measures to real-world hacking incidents, the episode offered valuable insights for cybersecurity professionals and enthusiasts alike.

Recommendation: For those keen on understanding the latest cybersecurity trends and enjoying a mix of humor with technical analysis, this episode is a must-listen.