Talkin’ About Infosec News – 6/27/2022

ORIGINALLY AIRED ON JUNE 27, 2022 Articles discussed in this episode: 02:13 – Story # 1: The #1 Period Tracker on the App Store Will Hand Over Data Without a Warrant – https://www.vice.com/en/article/y3pgvg/the-1-period-tracker-on-the-app-store-will-hand-over-data-without-a-warrant 20:56 – Story # 2: LockBit 3.0 introduces the first ransomware bug bounty program – https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/ 25:44 – Story # 3: Former AWS engineer convicted over hack that cost Capital One $270m – https://techmonitor.ai/technology/cybersecurity/capital-one-hack-aws-paige-thompson 28:52 – Story # 4: CISA experts propose ‘311’ cybersecurity emergency call line for small businesses – https://therecord.media/cisa-experts-propose-311-cybersecurity-emergency-call-line-for-small-businesses/ 38:25 – Story # 5: Clever phishing method bypasses MFA using Microsoft WebView2 apps – https://www.bleepingcomputer.com/news/security/clever-phishing-method-bypasses-mfa-using-microsoft-webview2-apps/ 40:00 – Story # 5b: mrd0x/WebView2-Cookie-Stealer – https://github.com/mrd0x/WebView2-Cookie-Stealer 43:28 – Story # 6: Game on! The 2022 Google CTF is here – https://security.googleblog.com/2022/06/game-on-2022-google-ctf-is-here.html 46:07 – Story # 7: Critical PHP flaw exposes QNAP NAS devices to RCE attacks – https://www.bleepingcomputer.com/news/security/critical-php-flaw-exposes-qnap-nas-devices-to-rce-attacks/ 50:03 – Story # 8: Japanese man loses USB stick with entire city’s personal details – https://www.bbc.com/news/world-asia-61921222 54:51 – Story # 9: A Microsoft 365 feature can ransom files on SharePoint and OneDriveCould – https://securityaffairs.co/wordpress/132353/hacking/microsoft-365-feature-ransomware.html We are self-publishing free Infosec Zines called PROMPT#.