MSG’s Hidden Face Database Just Leaked

China’s AI Secretly Undermines U.S. Software Giants

MSG’s Hidden Face Database Just Leaked

You may have gone to Madison Square Garden for a game or concert. But the bigger question is whether the venue was quietly building a file on you. In this episode of Legitimate Cybersecurity, Frank Downs and Dustin Brewer break down the alleged Madison Square Garden data leak, the ShinyHunters claims, facial recognition concerns, VIP dossiers, biometric surveillance, and why modern venues may be collecting far more information than ordinary fans realize. This is not just a story about hackers. It is a story about what happens when stadiums, arenas, and entertainment companies turn guests into data profiles — and then that data becomes someone else’s leverage. Frank and Dustin discuss: How biometric and facial recognition data changes the risk of attending public events Why “we met best practices” is not always good enough after a breach How extortion groups profit without traditional ransomware Why venues collect data they may not fully understand yet What ordinary people can actually do when opting out is barely realistic Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Hosted by Frank Downs and Dustin Brewer. Chapters: 00:00 Should you still go to major sporting events? 01:07 What allegedly leaked from Madison Square Garden 02:00 Why venues collect more data than they need 04:19 “Best practices” after a breach 05:17 Oracle, vendors, and third-party risk 09:12 Who are ShinyHunters? 13:29 Token theft, MFA, and modern extortion 14:57 VIP dossiers, face scans, and SSNs 16:08 The privacy regulation problem 18:35 Why companies collect data before knowing its use 21:48 Consent is hard, so systems avoid asking 24:57 Preventable security failures 25:34 Why AI will not kill cybersecurity 28:44 How ordinary people can reduce exposure 30:20 Keep on cyberin’ #Cybersecurity #DataPrivacy #MadisonSquareGarden #FacialRecognition #Biometrics #DataBreach #ShinyHunters #Surveillance #Privacy

SpaceX IPO: Did You Just Fund a Spy Network?

The SpaceX IPO is being sold as rockets, innovation, and the future of space. But investors may have also bought into a private network with battlefield, intelligence, and surveillance potential. In this episode of Legitimate Cybersecurity, Frank Downs and Dr. Dustin Brewer examine what the SpaceX IPO really means when you look beyond rockets and stock hype. Starlink has already proven how powerful satellite internet can be in remote regions and war zones. Starshield raises an even bigger question: what happens when the same company building consumer satellite internet also builds national-security infrastructure? This is not a claim that SpaceX is spying on Americans. It is a question about capability, incentives, oversight, and public-market funding. If Starlink can shape connectivity in Ukraine and Russia, and Starshield is built for government and intelligence use, what stops similar infrastructure from becoming part of domestic surveillance, border enforcement, emergency response, law enforcement, or classified government operations? And if that happens, would ordinary citizens or retail investors ever know? Frank and Dustin discuss: * Why the SpaceX IPO changes the public-interest question * The difference between Starlink and Starshield * How satellite internet became a war-zone capability * Why private infrastructure can become public power * Whether investors understand what they actually bought * Why regulation always arrives after someone sticks their finger in the pencil sharpener * The uncomfortable line between innovation, profit, warfare, and surveillance Media/interview: mailto:admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Hosted by Frank Downs and Dr. Dustin Brewer. Chapters: 00:00 - Did SpaceX Just Become the Biggest IPO Ever? 01:06 - Why Everyone Loves Rockets 02:23 - Starlink vs. Starshield Explained 03:52 - Why Starlink Is Different From Old Satellite Internet 05:22 - The Good Side: Remote Access and Global Connectivity 06:41 - How Starlink Changed Modern War 07:21 - Drones, Jamming, Fiber Optics, and Satellite Links 08:44 - Should One Company Control Battlefield Connectivity? 10:46 - Is This Different From Traditional Arms Dealers? 13:22 - Why the IPO Changes the Question 14:45 - Lockheed, Palantir, Boeing, and Public Funding 16:59 - Did Investors Know What They Bought? 17:28 - The Elon Musk Factor and Private Decision-Making 18:52 - Rockets Are Cool — The Implications Are Harder 20:02 - The Hidden Cost of Powerful Technology 22:12 - Starshield and Government Intelligence Contracts 23:23 - When Safety Tools Become Tracking Tools 24:32 - Could Becomes Should: The Jurassic Park Problem 29:32 - Shareholder Value vs. Human Consequences 31:00 - Facebook, Terrorists, and “We Just Connect People” 35:32 - Why Regulation Exists 37:23 - Who Should Decide Who Gets the Network? 38:33 - Final Thoughts: Know What You Invest In #spacex #starlink #Starshield #cybersecurity #surveillance #ipo #privacymatters #nationalsecurity #techethics #legitimatecybersecurity #ai

They Send a Fake IT Guy to Hack Your Office

The hacker isn't a thousand miles away in a hoodie. He's standing at your desk in a polo shirt, holding a clipboard, asking to plug something into your computer. And law firms are the target. Frank Downs and Dustin Brewer break down the Silent Ransom Group — the crew skipping the phishing email and walking straight through the front door. In this episode of Legitimate Cybersecurity, Frank and Dustin dig into SRG (aka Luna Moth, aka Chatty Spider), a Conti offshoot now assessed — and corroborated by an FBI FLASH alert — to be running physical IT-impersonation attacks against law firms and other data-rich targets. They discuss why physical social engineering is suddenly back from the 1990s, the cyber-psychology that makes us trust a stranger with a lanyard, Dustin's casino fake-badge pen test, why law firms are such a rich target (trade secrets, M&A, criminal defense, HIPAA data), and the brutally simple fix most companies skip: trust but verify. The conversation also covers why "keyboard Frank" is a different person, the hospital HIPAA nightmares you've personally witnessed, and AI's role on both sides of the kill chain. The one thing to leave with: if an IT person shows up unannounced, it costs you nothing to call IT and confirm before you let Steven in. Media/interview: admin@legitimatecybersecurity.com Audio: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] Chapters: 00:00 — The hacker shows up at your door 00:36 — Mandiant + FBI: who Silent Ransom Group really is 02:39 — The cyber-psychology of "why physical works" 06:00 — War story: the student who ran from the front desk 08:00 — Cutouts, proxies, and unwitting accomplices 11:53 — Why physical access does damage instantly 12:09 — Law firms: the richest target set there is 15:46 — Mar-a-Lago, thumb drives, and the history of in-person hacks 19:08 — Tailgating past security (Dustin's seventh-floor proof) 20:58 — Trust but verify: the fix that actually works 26:26 — The societal norms bad guys exploit 27:02 — The casino badge: getting your face "known" 28:00 — The human is always the weakest link 29:41 — AI is only as smart (and hackable) as we are 32:12 — Keep on cybering #Cybersecurity #SocialEngineering #Hacking #InfoSec #DataPrivacy #LawFirms #PenTesting #AI #CyberAwareness #SilentRansomGroup #LunaMoth #PhysicalSecurity

AI-Built Apps Are Leaking Private Company Data

Researchers just found thousands of AI-built apps leaking medical records, financial data, and customer PII straight to the open internet. The scary part isn't that AI writes code — it's that it writes code just well enough that nobody asks questions. Frank Downs and Dustin Brewer break down the hidden cost of vibe coding: insecure-by-default software shipped to production, AI tools replacing the junior developers who'd grow into the people who fix it, and AI quietly wired into services you never consented to — including a dentist's chair that records every cleaning and sends it to an insurance-linked system. AI learned security from us. And we were never good at it. 🎙️ Listen: https://legitimatecybersecurity.podbean.com/ [https://legitimatecybersecurity.podbean.com/] 📩 Media/interview: admin@legitimatecybersecurity.com Hosted by Frank Downs and Dustin Brewer. Chapters: 00:00 The code works — that's the problem 01:24 "Do you consider yourself a coder?" 03:15 What AI actually learned to copy (us) 04:58 Vibe-coded tools running in production 05:19 3,380 exposed apps, 5,000 data leaks 07:56 Who fixes it when the cyber team finds holes? 08:26 The $1.5M QA cut that cost $6M 09:35 AI talking to AI: nobody reads the code 15:21 "Your password is God" — security never changed 16:27 Should AI touch the live service? 17:48 The dentist chair that records everything 21:00 Where the line actually is (help desk vs. prod) 24:20 AI monitoring employees & the gold-standard trap 28:23 Always-on "streaming AI" is 5 years out 29:25 The coming AI caste system 30:34 Adversaries already use it (the Lego propaganda) 33:14 We're about to lose every junior analyst 40:15 The Twitter "efficiency" parallel 41:35 Keep on cybering #vibecoding #cybersecurity #aisecurity #dataprivacy #shadowit #infosec #aitools #privacy #devsecops #surveillance