Approaching the end of Q1, this special-edition episode answers questions from the audience including the U.S. Cyber Command's suspended operations against Russia and some essential beard maintenance. Security Analyst Tim Boyer sits in for Pinky to fill the blue team perspective. Now happening quarterly, listeners can ask all things security to our expert crew! The next Q & A Session will be held June 13th. Submit questions to our survey here: https://www.surveymonkey.com/r/thehacklebox To stay updated on all things The Hackle Box, sign up to receive our newsletters: https://frsecure.com ..read more

Oscar, Pinky, and Eric dive into DeepSeek, the downward trend of Ransomware extortions, and new, actively exploited vulnerabilities. Links: "DeepSeek App Transmits Sensitive User and Device Data Without Encryption" https://thehackernews.com/2025/02/deepseek-app-transmits-sensitive-user.html "DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked" https://thehackernews.com/2025/01/deepseek-ai-database-exposed-over-1.html "Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023" https://thehackernews.com/2025/02/ransomware-extortion-drops-to-8135m-in.html ..read more

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.  This special holiday episode, Pinky shares a reading of "The Night Before Breachmas", the gang talks encrypted texting, Microsoft's MFA flaw - aka "AuthQuake", and hackers bypassing AntiVirus protections with BYOVD. Links: "FBI Warns iPhone And Android Users—Stop Sending Texts" https://www.forbes.com/sites/zakdoffman/2024/12/06/fbi-warns-iphone-and-android-users-stop-sending-texts/  "Microsoft MFA AuthQuake Flaw Enabled Unlimited Br ..read more

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.  This month, Oscar and the crew focus on SolarWinds cyber attack and the resulting charges from the SEC, guidance from OWASP on AI Security, and CISCO's security patch. Links: "Google Cloud to Enforce Multi-Factor Authentication by 2025 for All Users" https://thehackernews.com/2024/11/goo... "SEC Charges 4 Companies Over Misleading SolarWinds Cyber Attack Disclosures" https://thehackernews.com/2024/10/sec... "OWASP Releases AI Security ..read more

Oscar, Pinky, and Eric are back with another session of the Hackle Box—a monthly conversation between the three cybersecurity experts about new and noteworthy threats, attacks, breaches, exploits, and (of course) how to avoid them. This month's episode includes: - EyeMed fined $600k in data breach - Attackers reviving a 20-year-old tactic in Microsoft 365 phishing campaigns - Google auto-enables two-step verification for more than 150 Million users - A new tactic for data exfil using Power Automate in Microsoft 365 Please like, subscribe, and follow us on social! Facebook: https://www.face ..read more

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.  This month, the hosts talk about personal preparation for emergency events like natural disasters, the DDOS attacks of Internet Archive, newest CISA warnings, and Zero Day Alert for Ivanti exploitation. They also open up to the live audience for questions! Links: "Internet Archive Hacked, Data Breach Impacts 31 Million Users" https://www.bleepingcomputer.com/news/security/internet-archive-hacked-data-breach-impacts-31-million-users/ "CI ..read more

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits. With Oscar out traveling, Pinky and Eric lead the discussion this month. Together, they discuss: A worm-driven USB attack strategy, Microsoft's disclosure of four zero-days in their September update, and the Scattered Spider ransomware group's sophisticated smishing and vishing campaigns on cloud services. They also open up to the live audience for questions! Links:  Mustang Panda Feeds Worm-Driven USB Attack Strategy https://www.darkread ..read more

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.  This time, they discuss Midnight Blizzard, a zero-click Outlook vulnerability, and CISA's takedown of Ivanti Systems. Links:  Network Segmentation Saved TeamViewer From APT29 Attack https://www.darkreading.com/cyberattacks-data-breaches/teamviewer-network-segmentation-apt29-attack Zero-Click Outlook RCE Vulnerability - Project Hyphae https://projecthyphae.com/threat/zero-click-outlook-rce-vulnerability/  CISA Takedown of Ivan ..read more

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits.  This time, they discuss critical Citrix flaws, fake journalists stealing data, Microsoft holding execs accountable for security, police trolling a ransomware gang, and more. Links:  Citrix Addresses High-Severity Flaw in NetScaler ADC and Gateway https://thehackernews.com/2023/10/critical-citrix-netscaler-flaw.html Apt42 Pose As Journalists, Harvest Credentials, Access Cloud Data https://attackfeed.com/apt42-hackers-pose-as-journa ..read more

The guys are back for another episode of the Hackle Box—a monthly conversation between information security experts about new and noteworthy exploits. This time, they discuss AI-written malware, XZ Utils, and attackers targeting hospital IT help desks. Links: XZ Utils scare  https://www.darkreading.com/application-security/xz-utils-scare-exposes-hard-truths-in-software-security Change Healthcare hit with cyber extortion (again) https://www.infosecurity-magazine.com/news/change-healthcare-double-cyber/ Health Department warns attackers targeting IT help desks https://www.bleepingcompu ..read more