Dark mode: ON

Infosec Decoded Season 5 #52: Hot Garbage

With Doug Spindler and sambowne@infosec.exchange

Recorded Fri, July 4, 2025

Politics

America’s Hot Garbage Problem
Beneath layers of waste, landfills around the US have been reaching scorching temperatures, and neighbors have been getting sick.
US government withholding over $6 billion in school funding, research group says
A spokesman at the White House Office of Management and Budget said there was an "ongoing programmatic review" of education funding and that initial findings showed what he termed as a misuse of grant funds to "subsidize a radical leftwing agenda."
Trump is withholding $800 million from California schools. How kids will be affected
California school districts are short hundreds of millions of dollars in federal grant money they had already budgeted for this year. While Congress approved the funds as part of its 2025 budget, the Trump Administration today refused to release them, sending districts across the country scrambling.

The grant money pays for teacher professional development, after school and other enrichment programs, services for students learning English and migrant education.

RFK Jr.’s plan to put ‘AI’ in everything is a disaster
A misguided ‘AI revolution’ could fully replace animal testing and overhaul the Vaccine Adverse Event Reporting System (VAERS), which tracks reported vaccine side effects.

He implored viewers to “stop trusting the experts,” as highlighted by Gizmodo, and, presumably, put their trust into AI instead of decades of scientific consensus.

'He was a violent socialist': How Superman started out as a radical rebel
When there are wrongs to be righted, Superman knocks down doors and dangles suspects from fifth-storey windows, and he makes hearty jokes while he's doing so: "See how easily I crush your watch in my palm? I'll give your neck the same treatment!"

Some of the people who are roughed up by this boisterous outlaw are pistol-packing racketeers, but usually they are a less glamorous brand of villain – a domestic abuser, an orphanage superintendent who is cruel to children – and the majority are so wealthy that they don't need to rob banks: there is the mine owner who skimps on safety measures, the construction magnate who sabotages a competitor's buildings, the politician who buys a newspaper in order to turn it into a propaganda sheet. Rather than being a typical costumed crime-fighter, then, the Superman of 1938 was a left-wing revolutionary.

Orange Alternative
A Polish anti-communist underground movement that used absurf humor, painting ridiculous graffiti of dwarves on paint spots covering up anti-government slogans on city walls. By doing this, members of the Orange Alternative could not be arrested by the police for opposition to the regime without the authorities becoming a laughing stock.

They would all wear orange pointy hats and walk through the streets with banners, chanting Dwarf Dwarf Dwarf!

Infosec

Cisco scores a perfect 10 - sadly for a critical flaw in its comms platform
If you're running the Engineering-Special (ES) builds of Cisco Unified Communications Manager or its Session Management Edition, you need to apply Cisco's urgent patch. Both packages have hardcoded credentials baked in, and they cannot be changed or deleted, meaning an unauthenticated, remote attacker can quickly get themselves full root control of a system.
Call center staffers explain to researchers how their AI assistants aren't very helpful
One of the findings is that the AI often inaccurately transcribed customer call audio into text thanks to caller accents, pronunciation, and speech speed. The AI also had trouble rendering sequences of numbers accurately, like phone numbers.

And the AI's emotion recognition system worked poorly – it would misclassify normal speech as a negative emotion, had too few categories for classification, and would treat volume level as a sign of poor attitude. As a result, reps mostly ignored the emotional tags created by the AI system and said they had no trouble understanding the caller's tone.

NimDoor crypto-theft macOS malware revives itself when killed
The attack chain involves contacting victims via Telegram and luring them into running a fake Zoom SDK update. The most distinctive feature is its signal-based persistence mechanisms, where it installs custom handlers for SIGINT and SIGTERM. These are signals typically used to terminate processes, but when either is caught, CoreKitAgent triggers a reinstallation routine that re-deploys GoogIe LLC, restoring the persistence chain.
HPE finally closes Juniper deal, but offers no details on what happens next
HPE has completed its takeover of Juniper Networks, but the conjoined pair isn't yet ready to discuss details about how the networking business will fit into HPE's existing lineup alongside Aruba.
Meta’s “AI superintelligence” effort sounds just like its failed “metaverse”
Zuckerberg shared a vision for a near-future in which "personal [AI] superintelligence for everyone" forms "the beginning of a new era for humanity." The newly formed Meta Superintelligence Labs—freshly staffed with multiple high-level acquisitions from OpenAI and other AI companies—will spearhead the development of "our next generation of models to get to the frontier in the next year or so" -- echoing his 2021 plan for the metaverse,
Provider of covert surveillance app spills passwords for 62,000 users
"Catwatchful is invisible," a page promoting the app says. "It cannot be detected. It cannot be uninstalled. It cannot be stopped. It cannot be closed. Only you can access the information it collects." But a SQLi spilled email addresses, plain-text passwords, and other sensitive data belonging to 62,000 users.
Call of Duty: WWII Game Pass Launch Stained by Reports of RCE Attacks
Attackers are able to remotely run code on victims’ machines during gameplay, raising serious concerns about the security of the game’s PC version.
Nvidia briefly on track to become world's most valuable company ever
Good chart: currently Nvidia is #1, Microsoft is #2, Apple is #3.
Man goes viral after working for four startups at the same time
At least 10 tech companies said they recently employed the man.

Parekh said the most jobs he had at a single time was four, at least several of which had six-figure salaries. He estimated that he was bringing in $30,000 to $40,000 per month.