Security Take Two - Real. Serious. Security.

Sony Part 2 [012]

Tue, 24 Feb 2026 21:20:18 -0800

Our last episode covered Sony’s cybersecurity woes from 2005 until 2011, we pick up where we left of in the midst of the 50 days of LulzSec. This episode covers everything up until the alleged theft of the PS5 root signing keys in January 2026. So much s0wnage and so little time…

2014 Sony Pictures hack - Wikipedia
Lizard Squad - Wikipedia
Kim Dotcom May Have Just Saved Holiday Gaming - Gizmodo
Hackers Used Sophisticated SMB Worm Tool to Attack Sony - Security Week
Hacker group claims it breached Sony’s PlayStation Network and stole information - Business Insider
‘All Of Sony Systems’ Allegedly Hacked By New Ransomware Group - Kotaku
Ransomed.vc group claims hack on ‘all of Sony systems’ - CyberDaily.au
Sony Confirms Data Breach - Gamerant
Sony confirms data breach impacting thousands in the U.S. - Bleeping Computer
CTRL-ALT-CHAOS - Elliott & Thompson
PS5 ROM Keys Leak: What Happened, Why it Matters, and How it Impacts Security? - PC Quest
PS5 Open to Hacks and Jailbreak as ROM Keys Leak – Report - PlayStation Lifestyle
Sony Pictures Statement Related To Lulzsec Attack - Sony
Member Of LulzSec Hacking Group Sentenced To Over Year In Federal Prison For 2011 Intrusion Into Sony Pictures Computer Systems - Department of Justice
Sony Online President’s Flight Diverted After Hacker Bomb Threat - Kotaku
Update on Sony Investigation - FBI
TA14-353A: Targeted Destructive Malware - Seclists
PlayStation Network Update - Sony
American and Dutch Teenagers Arrested on Criminal Charges for Allegedly Operating International Cyber-Attack-For-Hire Websites- Department of Justice
PlayStation social media accounts briefly hacked - We Live Security
PlayStation Social Media Accounts Hacked - Security Week
Breach letter - Sony victim
#StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability - CISA
Sony Confirms Data Stolen in Two Recent Hacker Attacks - Security Week

Sony Part 1 [011]

Sat, 31 Jan 2026 15:42:59 -0800

When it comes to information security, Sony has had a bit of a tough go of it. In fact, there have been so many incidents, Ben and Chet decided to make this a multi-part series. This post covers 2005 to mid-2011 which we are referring to as part 1. From rootkits, to DDoS, stolen credit cards and SQL injection, Sony has been through a lot. These are opportunities to reflect for the rest of us, though. We can recognize some of the weaknesses we ourselves may still have and hopefully take away lessons on hardening our own defences.

Firewall Times - Sony Data Breaches: Full Timeline Through 2023
LinkedIn - Sony PlayStation Network Hack (2011) - A Deep Dive
ON THE PLAYSTATION 3 - GeoHot’s first post about hacking the PS3
Reuters - Sony PlayStation suffers massive data breach
EFF - Updated Sony BMG DRM Spotter’s Guide
EDN - The Sony PlayStation 3 hack deciphered: what consumer-electronics designers can learn from the failure to protect a billion-dollar product ecosystem
Wikipedia - Sony BMG copy protection rootkit scandal
CSO - New PS3 hack claims to be the most powerful yet
YouTube - The Light It Up Contest – geohot
VG247 - SOE: 12,700 old CC numbers, 10,700 DD records breached
The Register - Sony says data for 25 million more customers stolen
Wikipedia - George Hotz
Medium - Meet Cyber: How “Anonymous” Hacked Sony PlayStation And Breached the Data of 77 Million Gamers\

WannaCry [010]

Tue, 19 Aug 2025 21:43:06 -0700

May 12, 2017 was memorable for many in the information security industry, but it was also memorable in health care, manufacturing, shipping and more as the WannaCry worm laid waste to unpatched Windows machines the world over. May it be the last widespread worm we need to cover on this podcast…

Wikipedia - WannaCry
Microsoft - MS17-010
The Hacker News - TSMC Chip Maker Blames WannaCry Malware for Production Halt
Arstechnica - NSA Leaking Shadow Brokers Just Dumped Its Most Damaging Release Yet
NCCIC - What is WannaCry/WanaCryptor
Arstechnica - An NSA Derived Ransomware Worm is Shutting Down Computers Worldwide
NIH - NHS ransomware attack spreads worldwide
Wired - Accidental Kill Switch Slowed Friday’s Massive Ransomware Attack
Zero Day - U.S. Government Disclosed 39 Zero-Day Vulnerabilities in 2023, Per First-Ever Report
Arstechnica - Wanna Decryptor Kill Switch Analysis
Sophos - WannaCry Aftershock
Microsoft - Customer Guidance For WannaCrypt Attacks
The Hacker News - WannaCry Ransomware Bitcoin
Gov.UK - Foreign Office Minister condemns North Korean actor for WannaCry attacks
White House - Press Briefing on the attribution of the WannaCry malware attack to North Korea\

LulzSec [009]

Mon, 30 Jun 2025 15:12:32 -0700

For 50 days in mid-2011 the hacker world and even the wider pop-culture world was enthralled by a rampant series of brazen hacks conducted by a splinter group of anonymous who called themselves LulzSec. They claimed it was “just for the lulz”, but as we explore in this episode, there was much more to this than simply the lulz.

Wikipedia - LulzSec
Wired - Anonymous’ Most Notorious Hacker Is Back, and He’s Gone Legit
BBC - LulzSec hacker helps FBI stop over 300 cyber attacks
BBC - LulzSec hacker group handed jail sentences
Purdue University - Hacktivism: The Short Life of LulzSec
Parmy Olson’s book - “We are Anonymous”
Chester Wisniewski speaking on LulzSec for the BBC - 2011

ILOVEYOU [008]

Sun, 04 May 2025 11:52:35 -0700

May 4, 2000 many people in world woke up to a love letter in their INBOX. It wasn’t your typical love letter, this one was one of the world’s most destructive email worms and it quickly spread to infect an estimated 10% of the world’s PCs. For a longer write-up on ILOVEYOU, see my LinkedIn Post.

Wikipedia - ILOVEYOU
CNN - ‘I love you’: How a badly-coded computer virus caused billions in damage and exposed vulnerabilities which remain 20 years on
WIRED - The 20-Year Hunt for the Man Behind the Love Bug Virus
GAO - CRITICAL INFRASTRUCTURE PROTECTION “ILOVEYOU” Computer Virus Highlights Need for Improved Alert and Coordination Capabilities
ELECTRONIC COMMERCE ACT OF 2000- CHAN ROBLES VIRTUAL LAW LIBRARY
How ILOVEYOU worm became the first global computer virus pandemic
BBC - Love Bug’s creator tracked down to repair shop in Manila\

Uber [007]

Fri, 04 Apr 2025 22:02:31 -0700

Uber has suffered many breaches over the years, so this podcast has focused just on breaches that involved external parties and not internal employee abuse of privileges. There is much to learn from Uber’s misfortune and in this episode we cover 5 distinct hacks and a couple of third-party breaches impacting Uber customers and drivers.

The Uber data breach cover-up: A timeline of events
Uber Pays $148 Million Over Yearlong Cover-Up Of Data Breach
Uber driver info stolen yet again: This time from law firm
Uber accidentally leaks personal data for hundreds of drivers
Teen on Musk’s DOGE Team Graduated from ‘The Com’
Uber Breaches (2014 & 2016)
Teqtivity Breach Notification Statement
Uber Investigating Breach of Its Computer Systems
Federal Trade Commission Gives Final Approval to Settlement with Uber
Uber Paid Hackers to Delete Stolen Data on 57 Million People
FTC: Uber Failed To Protect 100,000 Drivers In 2014 Hack
Uber Data Breaches: Full Timeline Through 2023
Uber was breached to its core, purportedly by an 18-year-old. Here’s what’s known
The Uber Hack’s Devastation Is Just Starting to Reveal Itself
Uber Breach 2022 – Everything You Need to Know
Case Study: The Uber Hack

Transport for London [006]

Fri, 07 Mar 2025 18:22:45 -0800

The Transport for London (Operator of the London UK region’s transit network) was crippled by a cyber attack in September, 2024 that had widespread impacts on it’s operation. Fortunately safety was not a casualty, but we explore a bit of the nuance in incident response, segmnentation and other important lessons from this hack.

Boy arrested over London transport cyber hack
TfL writes to 5,000 cyber attack customers
TfL cyber attack: What you need to know
Cyber security recovery
TfL provides update on ongoing cyber security incident - 12 September
TfL cyber attack cost over 30 million pounds to date
TfL cyberattack bites into profits with 30 million pounds spent on recovery
“An utter shitshow”: Inside the Transport for London cyberattack

SamSam [005]

Tue, 14 Jan 2025 22:28:08 -0800

SamSam may not be the most well known ransomware group, but they triggered a pivotal change when then began operations at the end of 2015. Over the course of nearly 3 years they demonstrated the profitability of extorting businesses instead of consumers and paved the path from $1000 ransom demands to the astronimical sums we see today. Allegedly operating from Iran they demonstrated sanctions evasion, the use of LOLbins and tested the waters for what amounts could be extorted from Western businesses. This podcast explores their operations and explains how they changed the ransomware landscape.

US Department of Justice indictment, wanted poster and victim list
Sophos report: SamSam: The Almost Six Million Dollar Ransomware

City of Atlanta [004]

Sun, 17 Nov 2024 16:37:03 -0800

When the City of Atlanta was hit by the ransomware group SamSam in 2018 it made headlines worldwide. Headlines often cited costs ranging from $2.6 million all the way up to $17 million, often presented as the costs incurred for not paying the $52,000 ransom. Ben and Chet dive into the archives to determine what series of events lead to these exceptional expenses.

Coverlink case study on the City of Atlanta
Wired - Atlanta spent $2.6 million to recover from ransomware scare
Archive.org Rendition InfoSec report
Archive.org Emergency procurement spending by the City of Atlanta
Wikipedia - Atlanta government ransomware attack
Reuters - Atlanta Officials Reveal Worsening Effects of Cyber Attack
TechTarget - Atlanta ransomware attack cost city more than $5 million\

January 2018: An audit reveals 1,500 to 2,000 vulnerabilities in Atlanta’s IT systems, highlighting complacency regarding cybersecurity.

March 22, 2018: Atlanta’s Department of Information Management detects outages in various internal and customer applications.

March 22, 2018: The City of Atlanta shuts down numerous digital services, including the court system database and airport Wi-Fi, to contain the situation. The attack is publicly acknowledged as a ransomware attack using SamSam ransomware.

March 22-27, 2018: Atlanta collaborates with the FBI, Department of Homeland Security, and Secret Service, while engaging security firms like SecureWorks for investigation. Government computers are advised to remain offline.

May 2018: Atlanta restores its online payment systems.

June 2018: Atlanta Police Department resumes full digital operations. Reports surface estimating that a third of the city’s software programs are still offline or partially disabled. The attack resulted in permanent data loss, including legal documents and police dashcam footage.

November 26, 2018: The US Department of Justice indicts two Iranian hackers, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, for the attack, alleging their involvement in the SamSam group and the creation of the SamSam ransomware.

Post-attack period: Atlanta allocates $2.7 million to contractors for recovery, with later estimations suggesting a total cost of $17 million, including $6 million for initial response and $11 million for system repairs and replacements.

3CX [003]

Wed, 18 Sep 2024 12:16:39 +1000

In this episode, Chet and Ben dive deep into the 3CX supply chain attack, tracing it back from the initial compromise to the unfolding investigations and findings over several months. We explore how the threat actors, likely linked to North Korea, managed to infiltrate a trusted software supply chain and what the security community uncovered along the way.

3CX Security Alert
Mandiant Initial Results
Mandiant Full Report
Sophos Report on DLL Sideloading
Kaspersky Labs Report
Google TAG Report on Chrome 0-day
Kim Zetter Blog
Kim Zetter’s 3CX Article\

Garmin [002]

Thu, 15 Aug 2024 20:12:06 -0700

Episode 2 covers the 2020 ransomware attack against technology giant, Garmin. In this episode, Chester kept track of his sources and provided the following links as additional reading and source materials used in this episode:
https://www.wired.com/story/garmin-ransomware-hack-warning/
https://www.bleepingcomputer.com/news/security/garmin-outage-caused-by-confirmed-wastedlocker-ransomware-attack/
https://www.bleepingcomputer.com/news/security/evil-corp-blocked-from-deploying-ransomware-on-30-major-us-firms/
https://news.sky.com/story/garmin-obtains-decryption-key-after-ransomware-attack-12036761
https://www.wired.com/story/garmin-outage-ransomware-attack-workouts-aviation/
https://www.theverge.com/2020/8/4/21353842/garmin-ransomware-attack-wearables-wastedlocker-evil-corp
https://web.archive.org/web/20200819201313/https://areteir.com/wp-content/uploads/2020/07/Ransomware-WastedLocker-1.pdf
https://x.com/Arete_Advisors/status/1286653508771614721?prefetchTimestamp=1723669546016\

Medibank [001]

Sun, 21 Jul 2024 14:47:36 -0700

In our inaugural podcast we dive into the hack and breach of Medibank Private Health Insurance, an Australian medical insurance provider that lead to the leak of health records on 9.1 million Australians.

Beatings will continue until show notes improve…

Pilot [000]

Sun, 26 May 2024 14:33:52 -0700

In our pilot episoed we each share a little about our backgrounds in information security and lay out the concept behind what this podcast will share with its listeners.