EP044

EP044 – Plain Ketchup
Music provided by: Denis Kreynin https://soundcloud.com/denis-kreynin

Greetings & Banter
indistinguishable from the rest of the show. Sorry.

Projects & Homework
None this “week”, so maybe take the time to watch MR ROBOT if you haven’t already. Season 3 just started and episode 1 has some awesome scenes featuring Shodan, social engineering and a Capture The Flag style event (you can play around with your own if you want, just see the resources at https://captf.com/practice-ctf/). It’s so good.
Also, come meet Max at BSides Toronto, learn awesome stuff, and play CTF games!

Topic for this week: Catching up on the biggest events in the last year
Yahoo: One Billion More Accounts Hacked — Krebs on Security

Wannacry ransomware recap by the UK Telegraph
WannaCry: The North Korea Debate Good numbers of affected systems

‘Counter-Strike’ Bug Allowed Hackers to Completely Own Your Computer with a Frag – Motherboard Counter-strike, L4D, and TF2 all affected with a frag to remote command execution bug

Equifax:
Equifax website borked again, this time to redirect to fake Flash update | Ars Technica
Equifax, TransUnion websites push fake Flash player in malvertising campaign | Malwarebytes Labs Equifax 2nd breach actually malvertising
8,000 Canadian residents data breached down from the 100k initially reported

Russia hacking stuff we skipped over but I don’t want to do a separate episode on now…

• Bear Hunting: History and Attribution of Russian Intelligence Operations
• FBI NCCIC report on Grizzly Steppe This is the PDF on Russian Intelligence Service (RIS) involvement in compromising the RNC and DNC systems during the US National elections.
• FBI-DHS Report Provides Insight Into Russian Malicious Cyber Activity eWeek’s analysis and conclusions based on the FBI NCCIC report
• Did Russia Hack Ukraine’s Electrical Grid?: CYBERWAR (Clip) – YouTube Viceland’s coverage of the attack against Ukraine’s power grid
• On the Frontlines of Ukraine’s Proxy War Between the West and Russia – YouTube Viceland: Canada main contributor to proxy (real) war in Ukraine
• The rise of TeleBots: Analyzing disruptive KillDisk attacks – Was blackenergy group, now the TeleBots group.
• The awesome NPR Planet money episode on Russia’s propaganda machine

pi-hole is awesome! You should totally run it in your home. Details are at pi-hole.net

Cryptocurrency mining in your browser:
Ads don’t work so websites are using your electricity to pay the bills | Technology | The Guardian
CBS’s Showtime caught mining crypto-coins in viewers’ web browsers • The Register

CCleaner Compromised to Distribute Malware for Almost a Month Le Sad 🙁

What every Browser knows about you Pretty cool

Since no one is going to get my reference, here’s the WuTang Financial video (explicit) that speaks to “diversifying yo bonds”.