Dive into the dynamic world of cybersecurity with "The Daily Decrypt," hosted by offsetkeyz, a Security Developer and SANS student, and d0gesp4n, a Cloud Detections Engineer. Unpack the latest cyber threats, vulnerabilities, and defense strategies in concise, expert-led discussions. Whether you're a tech pro or enthusiast, stay ahead of digital risks with our insightful analysis and practical advice. Tune in for a smarter, safer digital experience. Tags: #Cybersecurity #TechNews #InfoSec #DigitalSafety #TheDailyDecrypt #SpotifyPodcast
Video Episode: https://youtu.be/O_xw1Nkau8c In today’s episode, we discuss critical vulnerabilities affecting Mazda Connect infotainment systems that could allow hackers to install persistent malware and gain unauthorized control over vehicle networks. We also explore Anthropic’s controversial partnership with Palantir to process secret government data with its AI model, Claude, raising concerns about ethical implications and safety. Additionally, we cover Google's AI-enhanced security features in Chrome, and the risks associated with deploying AI in sensitive applications, highlighted by D-Link’s refusal to patch critical flaws in outdated NAS devices that jeopardize security. Sources: 1. https://www.bleepingcomputer.com/news/security/unpatched-mazda-connect-bugs-let-hackers-install-persistent-malware/ 2. https://arstechnica.com/ai/2024/11/safe-ai-champ-anthropic-teams-up-with-defense-giant-palantir-in-new-deal/ 3. https://www.bleepingcomputer.com/news/google/google-says-enhanced-protection-feature-in-chrome-now-uses-ai/ 4. https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-flaw-affecting-60-000-older-nas-devices/ Music: https://youtu.be/B4gk5tWMvyY?si=q_JjohozMBH7XPNe Timestamps 00:00 – Introduction 01:14 – Mazda 03:06 – Anthropic AI DoD 05:00 – Google AI Safe Browsing 06:32 – No DLink Patch 1. What are today’s top cybersecurity news stories? 2. How can vulnerabilities in Mazda Connect systems be exploited by hackers? 3. What are the implications of Claude AI being used for government data processing? 4. What security issues are associated with D-Link NAS devices? 5. Why is Google incorporating AI into Chrome’s Enhanced Protection feature? 6. What are the risks of using AI in cybersecurity applications? 7. How does command injection vulnerability affect network-attached storage devices? 8. What criticisms are being made about Anthropic’s partnership with Palantir? 9. How do unpatched security flaws impact vehicle safety and operation? 10. What steps can users take to protect vulnerable network devices from exploitation? Mazda Connect, malware, vulnerability, hackers, Claude, Anthropic, Palantir, AWS, AI, Chrome, Enhanced protection, privacy, D-Link, NAS, vulnerability, command injection
Video Episode: https://youtu.be/kobyMdrVQeg In today's episode, we discuss Canada's order to dissolve TikTok Technology Canada amid national security concerns regarding ByteDance's operations, highlighting the country's ongoing scrutiny of potential user data collection risks. We also explore the alarming rise of the SteelFox and Rhadamanthys malware campaigns, which exploit copyright scams and vulnerable drivers to compromise victims' data, as well as the dangerous "fabrice" package on PyPI designed to stealthily steal AWS credentials. Lastly, we cover a critical vulnerability in Cisco industrial wireless access points that could lead to total device compromise if exploited. Links to articles:1. https://www.bleepingcomputer.com/news/security/canada-orders-tiktok-to-shut-down-over-national-risk-concerns/2. https://thehackernews.com/2024/11/steelfox-and-rhadamanthys-malware-use.html3. https://thehackernews.com/2024/11/malicious-pypi-package-fabrice-found.html4. https://www.helpnetsecurity.com/2024/11/07/cve-2024-20418/ Timestamps 00:00 - Introduction 01:04 - Canada shuts down tiktok 02:36 - Phishing Copyright scams 05:06 - PyPI Fabrice Malicious Package 06:56 - Cisco Vulnerability 1. What are today's top cybersecurity news stories?2. Why did Canada order TikTok to shut down?3. What national risks are associated with TikTok in Canada?4. How is the Rhadamanthys malware campaign targeting victims?5. What is the significance of the SteelFox malware discovery?6. How can developers protect themselves from malicious PyPI packages?7. What vulnerabilities have been fixed in Cisco's industrial wireless access points?8. How does the 'fabrice' package exploit developers' AWS credentials?9. What are the potential consequences of TikTok's shutdown in Canada?10. What security measures should users take when using mobile applications? TikTok, national security, privacy, data security, Rhadamanthys, SteelFox, phishing, Check Point, fabrice, PyPI, typosquatting, AWS keys, Cisco, vulnerability, access points, HTTP,
Video Episode: https://youtu.be/SryXt8EZLBU In today’s episode, we explore the recent Gootloader campaign targeting Bengal cat enthusiasts in Australia, detailing how SEO poisoning has been utilized to distribute malicious payloads disguised as legitimate content. Additionally, we cover new Australian laws imposing hefty fines on banks and social media companies for failing to protect consumers from scams, alongside Germany’s draft legislation aimed at safeguarding security researchers. Finally, we discuss Google Cloud’s upcoming mandate for multifactor authentication (MFA) to further enhance user security. Sources: 1. https://news.sophos.com/en-us/2024/11/06/bengal-cat-lovers-in-australia-get-psspsspssd-in-google-driven-gootloader-campaign/ 2. https://www.theguardian.com/money/2024/nov/07/banks-and-social-media-companies-to-be-fined-over-scams-under-new-australian-laws-touted-as-strongest-in-world 3. https://www.bleepingcomputer.com/news/security/germany-drafts-law-to-protect-researchers-who-find-security-flaws/ 4. https://www.cybersecuritydive.com/news/google-cloud-mandate-multifactor-authentication/732141/ 1. What are today’s top cybersecurity news stories? 2. How is Gootloader using SEO poisoning in malware campaigns? 3. What are the new Australian laws against scams targeting social media and banks? 4. How is Germany protecting security researchers from legal repercussions? 5. What changes is Google Cloud implementing regarding multifactor authentication? 6. What threats do GootLoader and GootKit pose to cybersecurity? 7. How can users recognize SEO-poisoned websites? 8. What significant penalties are included in Australia’s anti-scam legislation? 9. What measures are being taken to keep security researchers safe in Germany? 10. How will the new MFA requirements affect Google Cloud users? GootLoader, SEO poisoning, Sophos X-Ops MDR, ransomware, anti-scam, Albanese, liability, accountability, Germany, cybersecurity, legal protection, ethical hacking, Google Cloud, multifactor authentication, cybersecurity, secure-by-design
Video Episode: https://youtu.be/yDNIBS8OBoE In today’s episode, we delve into the alarming rise of cybercrime as a 26-year-old Canadian, Alexander Moucka, is arrested for allegedly extorting over 160 companies using the Snowflake cloud data service. We also discuss the emergence of the Android banking malware “ToxicPanda,” designed to bypass security measures for fraudulent transactions, and Google’s urgent patching of two vulnerabilities threatening millions of Android users. Furthermore, we highlight Synology’s critical zero-click vulnerability impacting NAS devices, emphasizing the ongoing threats to data security. Sources: 1. https://krebsonsecurity.com/2024/11/canadian-man-arrested-in-snowflake-data-extortions/ 2. https://thehackernews.com/2024/11/new-android-banking-malware-toxicpanda.html 3. https://www.helpnetsecurity.com/2024/11/05/cve-2024-43093/ 4. https://thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html Timestamps 00:00 – Introduction 01:06 – Snowflake Canadian Arrested 02:41 – Android ToxicPanda Banking Malware 04:24 – Android Patches 05:30 – Synology NAS Zero-Click 1. What are today’s top cybersecurity news stories? 2. Who was arrested in connection with the Snowflake data extortions? 3. What is the ToxicPanda malware and how does it work? 4. What vulnerabilities were recently patched in Android by Google? 5. How are hackers exploiting vulnerabilities in Synology NAS devices? 6. What were the implications of the Snowflake data breach on major companies? 7. How does the Android banking malware ToxicPanda conduct fraud? 8. What security measures should companies implement to prevent data extortion? 9. What are the latest updates on the UNC5537 hacking group? 10. How do recent Android vulnerabilities affect user security? data theft, Snowflake, cybercrime, Alexander ‘Connor’ Moucka, ToxicPanda, malware, banking, android, Google, vulnerabilities, Qualcomm, spyware, RISK:STATION, Synology, vulnerability, Pwn2Own, # Intro A Canadian man has been arrested in a massive data theft operation, allegedly extorting over 160 companies using Snowflake’s cloud service and linking to notorious cybercriminal Alexander ‘Connor’ Moucka. With ties to extremist groups and millions made from ransom attempts, Moucka’s arrest unveils the destructive potential of cybercrime fueled by misconfigured security settings. How did hackers manage to compromise so many companies using Snowflake’s data service, and what role did lax security measures play in their success? ToxicPanda, a sinister new Android banking malware, has already compromised over 1,500 devices by bypassing advanced security measures to conduct fraudulent money transfers. Masquerading as popular apps and exploiting accessibility services, this threat marks a rare attack by Chinese cybercriminals on European and Latin American banking users, leaving a trail of financial havoc. How does ToxicPanda manage to bypass advanced banking security measures while targeting international users? In a crucial security update, Google has patched actively exploited vulnerabilities that could allow hackers to target Android users, with one flaw affecting Qualcomm chipsets and another in the Google Play framework potentially being used for cyber espionage. Join us as we uncover how these vulnerabilities could be leveraged in campaigns against journalists and activists around the globe. What kind of specialized spyware exploits are these vulnerabilities likely implicated in? Millions of Synology NAS devices are at risk due to a critical zero-click vulnerability, dubbed RISK:STATION, that allows attackers root-level access without user interaction, prompting an urgent patch release. Exploited during the Pwn2Own 2024 contest, this flaw underscores the critical need for users to update their devices to prevent potential data breaches and malware attacks. How does the zero-click nature of the RISK:STATION vulnerability provide such a significant threat to Synology NAS devices?
Video Episode: https://youtu.be/-fHd8wOJGHg In today’s episode, we discuss the recent surge in cyber threats, starting with the improved LightSpy spyware targeting iPhones, which enables heightened surveillance through 28 new plugins and destructive capabilities like device freezing. We also cover a critical vulnerability (CVE-2024-50550) in the LiteSpeed Cache WordPress plugin, allowing hackers to gain unauthorized admin access to over six million sites. Additionally, we examine the Phish n’ Ships campaign, which has affected over a thousand online stores, and the EmeraldWhale operation that has stolen more than 15,000 cloud credentials from exposed Git repositories, highlighting the ongoing challenges in mobile security, WordPress vulnerabilities, and credential theft. References: 1. https://thehackernews.com/2024/10/new-lightspy-spyware-version-targets.html 2. https://www.bleepingcomputer.com/news/security/litespeed-cache-wordpress-plugin-bug-lets-hackers-get-admin-access/ 3. https://www.bleepingcomputer.com/news/security/over-a-thousand-online-shops-hacked-to-show-fake-product-listings/ 4. https://www.bleepingcomputer.com/news/security/hackers-steal-15-000-cloud-credentials-from-exposed-git-config-files/ 1. What are today’s top cybersecurity news stories? 2. How does the new version of LightSpy spyware target iPhones? 3. What vulnerabilities exist in the LiteSpeed Cache WordPress plugin? 4. What is the Phish n’ Ships phishing campaign about? 5. How did hackers steal 15,000 cloud credentials from Git config files? 6. What measures can be taken to secure iPhones against spyware? 7. What are the implications of the LiteSpeed Cache privilege elevation flaw? 8. What steps should consumers take to avoid falling for phishing scams? 9. How are hackers exploiting Git configuration files for data theft? 10. What are the latest trends in mobile cybersecurity threats? LightSpy, spyware, iOS, malware, LiteSpeed Cache, vulnerability, WordPress, exploitation, Satori, phishing, vulnerabilities, counterfeit, EmeraldWhale, Git, credentials, Sysdig,
Video Episode: https://youtu.be/eXP0jiOQjFc In today’s episode, we explore the alarming rise of phishing campaigns exploiting Webflow to harvest sensitive login credentials from crypto wallets like Coinbase and MetaMask, alongside vulnerabilities in SonicWall VPNs linked to ransomware attacks. We also discuss a new technique allowing attackers to bypass Windows’ security features for kernel rootkits and a critical CVE affecting Cisco VPN services that can lead to denial-of-service attacks. Tune in for insights on how these attack methods are shaping the cybersecurity landscape and the challenges they present to organizations globally. References: 1. https://thehackernews.com/2024/10/cybercriminals-use-webflow-to-deceive.html 2. https://www.bleepingcomputer.com/news/security/new-windows-driver-signature-bypass-allows-kernel-rootkit-installs/ 3. https://www.bleepingcomputer.com/news/security/fog-ransomware-targets-sonicwall-vpns-to-breach-corporate-networks/ 4. https://www.cybersecuritydive.com/news/cisco-exploited-cve-vpn/731216/ Timestamps 00:00 – Introduction 01:03 – Webflow Phishing 02:06 – Windows Downgrade Updates 03:29 – VPN Vulnerabilities 1. What are today’s top cybersecurity news stories? 2. How are cybercriminals using Webflow for phishing attacks? 3. What is the new Windows Driver Signature bypass vulnerability? 4. How did Fog ransomware exploit SonicWall VPNs? 5. What is the CVE-2024-20481 vulnerability affecting Cisco VPNs? 6. Why have phishing attacks on crypto wallets increased recently? 7. What are the implications of the Windows Update takeover vulnerability? 8. How do ransomware operators breach corporate networks through VPNs? 9. What security measures can organizations take against VPN-related attacks? 10. What trends are emerging in cyberattacks against financial services? Webflow, phishing, credentials, scams, Windows Update, rootkits, vulnerabilities, Driver Signature Enforcement, Fog, Akira, SonicWall, ransomware, Cisco, VPN, vulnerability, denial of service,
Video Episode: https://youtu.be/FPiwoFbhV7Y In today’s episode, we delve into recent cybersecurity developments recommended by the NSA for iPhone and Android users, emphasizing the significance of weekly device reboots to mitigate malware threats in 2024. We also explore the U.S. Cybersecurity and Infrastructure Security Agency’s new security proposals aimed at protecting sensitive data from hostile entities, along with the potential risks of hardcoded AWS and Azure credentials in popular mobile applications. Finally, we discuss the exploitation of a critical Microsoft SharePoint vulnerability (CVE-2024-38094) that could enable remote code execution, revealing the importance of prompt patching and security diligence. Sources: 1. https://www.forbes.com/sites/daveywinder/2024/10/23/nsa-tells-iphone-and-android-users-reboot-your-device-now/ 2. https://www.bleepingcomputer.com/news/google/google-to-let-businesses-create-curated-chrome-web-stores-for-extensions/ 3. https://www.bleepingcomputer.com/news/security/aws-azure-auth-keys-found-in-android-and-ios-apps-used-by-millions/ 4. https://thehackernews.com/2024/10/cisa-warns-of-active-exploitation-of.html Timestamps 00:00 – Introduction 01:01 – Reboot your phone 02:49 – Google Enterprise Store 04:02 – Hardcoded Credentials 05:09 – Sharepoint Vulnerability 1. What are today’s top cybersecurity news stories? 2. Why did the NSA advise smartphone users to reboot their devices? 3. What is the cybersecurity significance of the NSA’s reboot recommendation? 4. How are AWS and Azure credentials being exposed in mobile apps? 5. What recent vulnerabilities have been identified in Microsoft SharePoint? 6. How can regular device rebooting enhance smartphone security? 7. What are the new security proposals from CISA for sensitive data? 8. What is the latest news about Google’s Enterprise Web Store for Chrome extensions? 9. Why is turning off and on your smartphone recommended by security experts? 10. How does the exposure of hardcoded credentials in apps affect user security? NSA, iPhone, Android, malware, Enterprise Web Store, Chrome extensions, productivity, AI tools, cloud service, credentials, Symantec, vulnerabilities, CVE-2024-38094, Microsoft SharePoint, hackers, remote code execution,
Video Episode: https://youtu.be/2YiTiU75inA In today’s episode, we discuss Microsoft’s innovative approach to fighting phishing attacks using fake Azure tenants as honeypots to gather intelligence on cybercriminals, as highlighted by Ross Bevington at BSides Exeter. We also cover Cisco’s DevHub portal being taken offline following the leak of non-public data by a hacker, while examining recent exploitation of the Roundcube webmail XSS vulnerability for credential theft. Finally, we delve into critical flaws identified in several end-to-end encrypted cloud storage platforms, including Sync and pCloud, raising concerns over user data security. Articles referenced: 1. https://www.bleepingcomputer.com/news/security/microsoft-creates-fake-azure-tenants-to-pull-phishers-into-honeypots/ 2. https://www.bleepingcomputer.com/news/security/cisco-takes-devhub-portal-offline-after-hacker-publishes-stolen-data/ 3. https://thehackernews.com/2024/10/hackers-exploit-roundcube-webmail-xss.html 4. https://www.bleepingcomputer.com/news/security/severe-flaws-in-e2ee-cloud-storage-platforms-used-by-millions/ Timestamps 00:00 – Introduction 00:52 – Microsoft Phishing Honeypots 02:51 – Webmail Roundcube XSS 03:54 – CSP Vulns 05:08 – Cisco’s DevHub portal taken offline 1. What are today’s top cybersecurity news stories? 2. How is Microsoft using honeypots to combat phishing? 3. What happened with Cisco’s DevHub after a data leak? 4. What vulnerabilities have been discovered in Roundcube webmail? 5. What are the security issues found in E2EE cloud storage platforms? 6. How does Microsoft’s Deception Network gather threat intelligence? 7. What data was allegedly leaked from Cisco’s platform? 8. What is the significance of the Roundcube webmail XSS vulnerability? 9. Which platforms were found to have severe flaws in end-to-end encryption? 10. How does Microsoft's approach to phishing differ from traditional methods? Azure, phishers, honeypot, cybercriminals, Cisco, DevHub, cyber, data leak, Roundcube, phishing, JavaScript, vulnerability, security, encryption, Sync, vulnerabilities,
Video Episode: https://youtu.be/jjp4xiYI0Xw In today’s episode, we delve into the escalating cyber tensions between China and the U.S. as China accuses the latter of fabricating the Volt Typhoon threat to divert attention from its own cyber-espionage activities. We also discuss the Internet Archive’s partial recovery from recent DDoS attacks and the critical vulnerability found in the Jetpack plugin affecting over 27 million WordPress sites. Additionally, we cover the ongoing risks posed by the CVE-2024-23113 vulnerability in Fortinet devices, emphasizing the need for immediate action by IT administrators. Article Links: 1. China Accuses U.S. of Fabricating Volt Typhoon to Hide Its Own Hacking Campaigns: https://thehackernews.com/2024/10/china-accuses-us-of-fabricating-volt.html 2. The Internet Archive and its 916 billion saved web pages are back online: https://arstechnica.com/tech-policy/2024/10/the-internet-archive-and-its-916-billion-saved-webpages-are-back-online/ 3. WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites: https://thehackernews.com/2024/10/wordpress-plugin-jetpack-patches-major.html 4. 87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113): https://www.helpnetsecurity.com/2024/10/15/cve-2024-23113/ Timestamps 00:00 – Introduction 01:04 – China vs US on Volt Typhoon 03:08 – Internet Archive’s partial recovery 04:05 – Vulnerability found in the Jetpack plugin 05:16 – Fortinet devices vulnerable 1. What are today’s top cybersecurity news stories? 2. What did China say about Volt Typhoon and U.S. cybersecurity claims? 3. How has the Internet Archive recovered from DDoS attacks? 4. What vulnerability was found in the Jetpack WordPress plugin? 5. How can users protect themselves from the Fortinet CVE-2024-23113 vulnerability? 6. What is the significance of China accusing the U.S. of false flag cyber operations? 7. How is the Wayback Machine functioning after the recent attack? 8. What remediation steps were taken for the Jetpack plugin vulnerabilities? 9. What are the potential implications of the Fortinet devices vulnerability? 10. What does the report say about the nature of the Volt Typhoon cyber group? Volt Typhoon, cyber espionage, Microsoft, CrowdStrike, Internet Archive, Wayback Machine, DDoS, data breach, Jetpack, vulnerability, WordPress, security, Fortinet, vulnerability, remote code execution, cybersecurity, 1. **Volt Typhoon**: A moniker for a China-nexus cyber espionage group alleged to be fabricated by the United States and its allies. It’s claimed to have been active since 2019, focusing on stealthily embedding in critical infrastructure networks. Its importance lies in its potential to influence international relations and cybersecurity defenses. 2. **False Flag Operation**: An act committed with the intent to disguise the actual source of responsibility and blame another party. In cybersecurity, this is a critical concept as it involves the deceptive masking of attacks, complicating attribution and heightening global tensions. 3. **Edge Devices**: Hardware that provides an entry or exit point for data communication in a network, such as routers, firewalls, and VPN hardware. In cybersecurity, these devices are vital as they are often targeted in attacks to relay or intercept data and evade detection. 4. **Operational Relay Boxes (ORBs)**: Network devices used to obscure the origin of cyber operations by routing attacks through intermediary points. This term is significant in cybersecurity because it demonstrates sophisticated tactics used to hide attacker identity and enhance stealth. 5. **Zero-Day Exploitation**: The act of exploiting a software vulnerability undiscovered or not yet patched by the vendor, often leading to significant security breaches. This term is crucial in cybersecurity as it represents threats posed by novel and unpatched vulnerabilities. 6. **Web Shell**: A script placed on a compromised web server to enable remote control. The term is pertinent in cybersecurity given its use in facilitating unauthorized access and further attacks. 7. **Backdoor**: A method of bypassing normal authentication to access a system, often installed by attackers to maintain continued access. Its importance in cybersecurity is underscored by its potential to allow undetected, persistent threats. 8. **Marble Framework**: A software toolkit allegedly used by U.S. intelligence to obscure attribution in cyber attacks. Understanding such frameworks is crucial for cybersecurity professionals in unraveling sophisticated attempts at masking the identity of cyber threats. 9. **Cyber Espionage**: The practice of engaging in covert operations to obtain confidential information from foreign governments or companies through cyber means. It is a significant aspect of national security and international relations in the digital age. 10. **Five Eyes**: An intelligence alliance comprising the United States, the United Kingdom, Canada, Australia, and New Zealand. Its role in cybersecurity involves extensive information sharing and cooperation on threats, making it a key player in global cyber defense strategies.
Video Episode: https://youtu.be/yyl2icu6o3I In today’s episode, we discuss groundbreaking research from Chinese scientists who demonstrated that D-Wave's quantum computers can break RSA encryption and threaten widely used cryptographic methods, emphasizing the urgency for quantum-safe solutions. We also cover the aftermath of a significant cyberattack on Clorox, which has impacted its sustainability goals, and analyze a report from Checkmarx detailing “command jacking” vulnerabilities in open source packages, highlighting the need for robust security measures in software development. Join us as we unpack these critical cybersecurity developments and their implications for businesses and the future of data protection. Source articles: 1. https://www.csoonline.com/article/3562701/chinese-researchers-break-rsa-encryption-with-a-quantum-computer.html 2. https://www.cybersecuritydive.com/news/clorox-cyberattack-waste-reduction-goals/729642/ 3. https://www.csoonline.com/article/3560931/open-source-package-entry-points-could-be-used-for-command-jacking-report.html Timestamps 00:00 – Introduction 00:57 – Quantum Cracks RSA 02:26 – Clorox behind on plastic reduction 04:41 – Command Jacking in OSS 1. What are today’s top cybersecurity news stories? 2. How are quantum computers threatening RSA encryption? 3. What impact did Clorox's 2023 cyberattack have on its sustainability goals? 4. What is command jacking in open source software? 5. How can D-Wave’s quantum computers break cryptographic systems? 6. What are the implications of quantum computing for data security? 7. How did Clorox recover from its major cyberattack? 8. What vulnerabilities exist in open source package managers? 9. Why is post-quantum cryptography important for cybersecurity? 10. What strategies can developers implement to safeguard against package entry point vulnerabilities? D-Wave, quantum computing, RSA encryption, cryptographic solutions, Clorox, cyberattack, sustainability, plastic waste, Checkmarx, command jacking, malicious code, security checks, 1. **RSA Encryption** – *Definition*: A widely used public-key cryptographic system that relies on the computational difficulty of factoring large integers, ensuring secure data transmission. – *Importance*: RSA is foundational to numerous secure communications over the internet, and its potential vulnerability to quantum attacks could compromise global data integrity and confidentiality. 2. **Quantum Computer** – *Definition*: A type of computer that uses quantum bits (qubits) and principles of quantum mechanics, enabling it to process complex computations significantly faster than classical computers. – *Importance*: Quantum computers, by their nature, pose significant threats to classical cryptographic systems due to their ability to solve problems deemed infeasible for traditional computers, such as factoring large numbers. 3. **D-Wave** – *Definition*: A company specializing in the development of quantum computing systems, particularly known for its quantum annealing technology. – *Importance*: D-Wave’s systems are central to the study showcasing quantum capabilities to break traditional encryption, illustrating the practical advancements in quantum technologies. 4. **Quantum Annealing** – *Definition*: A quantum computing technique used to find the global minimum of a given objective function over a set of candidate solutions, particularly useful in optimization problems. – *Importance*: This technique has been demonstrated to potentially break encryption by optimizing and solving cryptographic problems more efficiently than classical methods. 5. **Substitution-Permutation Network (SPN)** – *Definition*: A method used in the design of block ciphers, which is based on a series of linked mathematical operations involving substitution and permutation. – *Importance*: SPN forms the basis for various encryption algorithms, and compromising it indicates vulnerabilities in widely used cryptographic systems. 6. **Advanced Encryption Standard (AES)** – *Definition*: A symmetric encryption algorithm adopted as the standard for encrypting data by the U.S. government, based on the Rijndael cipher. – *Importance*: AES is critical for securing sensitive information worldwide, and any threat to its integrity threatens global cybersecurity structures. 7. **Post-Quantum Cryptography (PQC)** – *Definition*: A branch of cryptography focused on developing algorithms resistant to attacks from quantum computers. – *Importance*: With quantum computing emerging as a threat to current cryptographic systems, PQC aims to secure communications in a quantum-capable future. 8. **Public-Key Cryptography** – *Definition*: A cryptographic system that uses pairs of keys: public keys that may be disseminated widely, and private keys which are known only to the owner. – *Importance*: It is pivotal for numerous secure transactions and encrypted communications on the internet, underpinning the security of data exchanges. 9. **Encryption** – *Definition*: The process of encoding information in such a way that only authorized parties can access it, rendering the data unreadable to unauthorized users. – *Importance*: It is essential for protecting sensitive information across all forms of digital communication against unauthorized access and data breaches. 10. **Quantum-Safe Encryption** – *Definition*: Encryption methods that are secure against decryption by quantum computers, typically developed as part of post-quantum cryptographic efforts. – *Importance*: As quantum computing progresses, developing quantum-safe methods is crucial to maintain the security of data and communications against future quantum threats.
Video Episode: https://youtu.be/BQoTaqXLZlw In today’s episode, we discuss the FBI’s unprecedented creation of a fake cryptocurrency, NexFundAI, aimed at exposing widespread manipulation in the crypto market, leading to multiple arrests in Operation Token Mirrors. We also cover OpenAI’s confirmation that threat actors are leveraging ChatGPT to write malware, significantly enhancing their cyber-attack capabilities. Lastly, we examine the Iranian threat actor OilRig exploiting a Windows kernel flaw in espionage campaigns, while Microsoft announces the deprecation of legacy VPN protocols PPTP and L2TP to enhance security. Sources: 1. The Hacker News – https://thehackernews.com/2024/10/fbi-creates-fake-cryptocurrency-to.html 2. Bleeping Computer – https://www.bleepingcomputer.com/news/security/openai-confirms-threat-actors-use-chatgpt-to-write-malware/ 3. The Hacker News – https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html 4. Bleeping Computer – https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-pptp-and-l2tp-vpn-protocols-in-windows-server/ Timestamps 00:00 – Introduction 01:07 – FBI Fake Crypto NexFundAI 02:13 – OpenAI reports ChatGPT used by criminals 03:37 – OilRig exploiting a Windows kernel flaw 06:05 – Microsoft deprecates VPN protocols PPTP and L2TP 1. What are today’s top cybersecurity news stories? 2. How is the FBI using cryptocurrency to combat market manipulation? 3. What actions has OpenAI taken against threat actors using ChatGPT for malware? 4. What recent cyber espionage activities have been linked to the Iranian group OilRig? 5. Why has Microsoft deprecated PPTP and L2TP VPN protocols in Windows Server? 6. How are threat actors leveraging ChatGPT for cybercrime? 7. What vulnerabilities are being exploited by the OilRig group in their latest campaigns? 8. What steps is the U.S. DoJ taking to tackle cryptocurrency fraud? 9. What are the risks of wash trading in cryptocurrency markets? 10. How are generative AI tools changing the landscape of cybercrime? NexFundAI, crypto fraud, Operation Token Mirrors, market manipulation, OpenAI, ChatGPT, cybercrime, generative AI, OilRig, cyber espionage, Windows Kernel, STEALHOOK, PPTP, L2TP, SSTP, IKEv2,
Video Episode: https://youtu.be/igJqDBKj13o In today’s episode, we discuss a new cybercriminal campaign utilizing Unicode obfuscation to hide the Mongolian Skimmer on e-commerce platforms, aiming to steal sensitive data. OpenAI has reported disrupting over 20 malicious operations leveraging its technology for tasks including malware development and election-related misinformation. Additionally, we cover critical vulnerabilities in Firefox and Fortinet products, emphasizing the need for urgent updates to mitigate risks and ensure cybersecurity. References: 1. https://thehackernews.com/2024/10/cybercriminals-use-unicode-to-hide.html 2. https://thehackernews.com/2024/10/openai-blocks-20-global-malicious.html 3. https://www.helpnetsecurity.com/2024/10/10/cve-2024-9680/ 4. https://thehackernews.com/2024/10/cisa-warns-of-critical-fortinet-flaw-as.html Timestamps 00:00 – Introduction 01:12 – Fortinet Urgent Patch 02:12 – Firefox Zero-Day 03:14 – OpenAI blocks 20 abusive networks 05:04 – Unicode Obfuscation 1. What are today’s top cybersecurity news stories? 2. How is the Mongolian Skimmer using Unicode to hide its malware? 3. What actions has OpenAI taken against malicious operations using its platform? 4. What are the latest updates regarding the Firefox zero-day vulnerability CVE-2024-9680? 5. What critical vulnerabilities are impacting Fortinet and Palo Alto Networks? 6. How can ransomware be concealed with obfuscated scripts? 7. Which cybersecurity threats are currently being reported by CISA? 8. What steps should be taken to secure systems against the new vulnerabilities? 9. How are cyber actors leveraging generative AI for malicious purposes? 10. What recent updates have been made to safeguard web applications from skimmers? Unicode obfuscation, Mongolian Skimmer, malware, e-commerce, OpenAI, malware, misinformation, countermeasures, zero-day, Firefox, Mozilla, vulnerability, CISA, Fortinet, vulnerabilities, cyber threats
Video Episode: https://youtu.be/O2h2nBA4BQ8 In today’s episode, we discuss significant security vulnerabilities found in Manufacturing Message Specification (MMS) protocol libraries, potentially allowing attackers to execute remote code or crash industrial devices. We also cover the sudden blockade of Discord in Russia and Turkey due to illegal activity, affecting user access, and the release of exploit code for a critical GitLab authentication bypass flaw, CVE-2024-45409, which could allow unauthorized access to GitLab installations. Lastly, we explore the GoldenJackal APT group's sophisticated attacks targeting air-gapped systems in Europe for cyberespionage purposes. References: 1. https://thehackernews.com/2024/10/researchers-uncover-major-security.html 2. https://www.bleepingcomputer.com/news/government/discord-blocked-in-russia-and-turkey-for-spreading-illegal-content/ 3. https://www.helpnetsecurity.com/2024/10/09/exploit-cve-2024-45409/ 4. https://www.helpnetsecurity.com/2024/10/09/goldenjackal-air-gapped-systems-compromise/ Timestamps 00:00 – Introduction 00:59 – GoldenJackal APT bypass Air-Gapped Systems 02:01 – GitLab Vulnerability 02:47 – Russia and Turkey block Discord 04:04 – Industrial Environments Vulnerability 1. What are today’s top cybersecurity news stories? 2. How are vulnerabilities in MMS protocol impacting industrial security? 3. What are the reasons behind Discord’s blocking in Russia and Turkey? 4. What should GitLab users know about the CVE-2024-45409 authentication bypass vulnerability? 5. Who is the GoldenJackal APT group and what attacks have they launched? 6. What are the implications of air-gapped systems being breached by cyberespionage groups? 7. What vulnerabilities were found in the libIEC61850 and TMW IEC 61850 libraries? 8. How can organizations mitigate risks from the newly discovered vulnerabilities in industrial systems? 9. Why is Discord considered a platform for illegal activities in Russia and Turkey? 10. What steps should GitLab administrators take to protect from recent exploit scripts? MMS protocol, MZ Automation, Triangle MicroWorks, remote code execution, Discord, VPNs, protests, government control, GitLab, CVE-2024-45409, SAML, exploit, GoldenJackal, APT, air-gapped, cyberespionage,
Video Episode: https://youtu.be/lEaBTx6FvCI In today’s episode, we dive into the alarming rise of Linux malware “perfctl,” which has stealthily targeted millions of servers for cryptomining over the past three years. We discuss the critical CVE-2024-29824 vulnerability in Ivanti Endpoint Manager, exploited for unauthorized SQL injection, and the ongoing threats posed by the North Korean APT group Stonefly, known for their intricate cybercrime tactics. Additionally, we explore the disturbing trend of cybercriminals leveraging compromised cloud credentials to operate sexualized AI chat bots, highlighting the urgent need for improved security practices. Sources: 1. https://www.bleepingcomputer.com/news/security/linux-malware-perfctl-behind-years-long-cryptomining-campaign/ 2. https://www.helpnetsecurity.com/2024/10/03/cve-2024-29824/ 3. https://www.helpnetsecurity.com/2024/10/03/private-us-companies-targeted-by-stonefly-apt/ 4. https://krebsonsecurity.com/2024/10/a-single-cloud-compromise-can-feed-an-army-of-ai-sex-bots/ Timestamps 00:00 – Introduction 01:06 – AI powered s3x bots 03:13 – Ivanti SQL Injection 04:08 – Perfectl Linux Malware 05:33 – APT45 StoneFly Attacks US companies 1. What are today’s top cybersecurity news stories? 2. What is the Linux malware “perfctl” and how does it work? 3. How is the Ivanti Endpoint Manager flaw (CVE-2024-29824) being exploited? 4. What activities are linked to the Stonefly APT group targeting US companies? 5. How are stolen cloud credentials being used for AI-powered sex chat services? 6. What vulnerabilities does CVE-2024-29824 address and why is it critical? 7. What measures can organizations take to detect the “perfctl” malware? 8. What are the implications of the Stonefly APT’s recent attacks on private companies? 9. How did researchers demonstrate the abuse of AWS Bedrock for illegal activities? 10. What security best practices can prevent cloud credential theft and misuse? perfctl, Linux, Monero, vulnerabilities, Ivanti, SQL injection, cybersecurity, remediation, Stonefly, cyberattacks, Preft, malware, cloud credentials, AI-powered, child sexual exploitation, cybercriminals, # Intro In a shocking revelation, a stealthy Linux malware named “perfctl” has been exploiting server vulnerabilities for over three years, using advanced evasion techniques to secretly mine Monero cryptocurrency on countless systems worldwide. This elusive threat not only disrupts normal operations by maxing out CPU usage but also deftly vanishes when users log in, making detection extremely difficult for many administrators. How do adversaries exploit vulnerabilities to gain initial access to systems with the perfctl malware? Hackers are actively exploiting a critical SQL injection flaw in Ivanti Endpoint Manager, prompting US federal agencies to rush and remediate the threat by October 23, 2024. Despite Ivanti’s urgent patches, details of the attacks remain sparse, spotlighting the pressing need for effective cybersecurity measures. Why does this particular vulnerability pose such a significant risk compared to others? North Korean APT group Stonefly, undeterred by legal indictments, is intensifying its financially-motivated cyberattacks on US companies, leveraging a unique arsenal of malware and tools. Despite failed ransomware attempts, their distinctive Preft backdoor confirms their tenacity in pursuing targets with no direct intelligence value. Why has Stonefly shifted their focus from espionage to financially-driven cybercrime in recent years? A staggering rise in stolen cloud credentials is fueling an underground market of AI-powered sex chat services, with cybercriminals bypassing content filters for disturbing role-plays involving child sexual exploitation. As security researchers lay bare the chilling implications of compromised AI infrastructure, the industry scrambles for solutions to thwart this escalating threat. **Question:** How are cybercriminals leveraging stolen cloud credentials to evade content restrictions on AI, and what are the financial and ethical implications for the victims? # Stories In this episode, we discuss a recent discovery by Aqua Nautilus researchers of the Linux malware “perfctl,” which has been running a covert cryptomining campaign for over three years. This malware has targeted potentially millions of Linux servers, using advanced evasion techniques and rootkits to remain largely undetected. Perfctl primarily uses compromised servers to mine the Monero cryptocurrency, exploiting misconfigurations and vulnerabilities, such as CVE-2023-33246 in Apache RocketMQ and CVE-2021-4034 in Polkit, for initial access. It operates stealthily, disguising processes and using TOR for encrypted communications. The malware also deploys proxy-jacking software for additional revenue streams. System administrators often notice infections due to 100% CPU usage, though perfctl halts its activities as soon as the user logs in. Due to its evasive and persistent nature, typical removal methods are ineffective, with a full system wipe and reinstall recommended to ensure complete removal. Aqua Nautilus suggests monitoring system directories, CPU usage, and network traffic, alongside patching known vulnerabilities, to detect and prevent perfctl infections. Certainly! Here's a list of ten important terms and nouns from the article, each followed by a brief definition particularly related to cybersecurity: 1. **Linux**: An open-source operating system known for its robust security features and wide use in servers and workstations. In cybersecurity, it’s crucial as many servers run on Linux, making them targets for attacks like the mentioned malware. 2. **Malware**: Malicious software designed to infiltrate, damage, or disable computers and networks. It is important because it can weaponize for financial gain, as in cryptomining without consent. 3. **Cryptomining**: The process of validating cryptocurrency transactions and adding them to the blockchain ledger, in this context, unauthorized use of others’ computer resources to generate cryptocurrency like Monero. 4. **Rootkit**: A set of software tools that enable unauthorized users to gain control of a system without being detected. Rootkits are important in malware because they allow it to remain hidden and maintain persistent access. 5. **CVE (Common Vulnerabilities and Exposures)**: A list of publicly disclosed cybersecurity vulnerabilities. CVEs are critical for understanding and mitigating known vulnerabilities that attackers might exploit as seen with CVE-2023-33246 and CVE-2021-4034. 6. **Monero**: A cryptocurrency known for its privacy features, making transactions challenging to trace. Important in cyber threats like cryptomining, as attackers use infected systems to mine Monero for profit. 7. **TOR**: Short for The Onion Router, a decentralized network to anonymize internet traffic through encryption and relay techniques. It is crucial for maintaining anonymity in cyber operations, as noted in the malware’s communication method. 8. **Userland rootkits**: Types of rootkits that operate in the user space and manipulate user-level applications to evade detection, demonstrating advanced techniques for obscuring malicious activities and maintaining control. 9. **Apache RocketMQ**: An open-source messaging server often used in enterprise environments. Its mention highlights how vulnerabilities in widely used software such as CVE-2023-33246 can be critical entry points for attacks. 10. **Indicators of Compromise (IoC)**: Forensic evidence of potential intrusion or malware activity within a network or system. Recognizing IoCs is essential for detecting and responding to security breaches like those associated with perfctl. This list encompasses important cybersecurity concepts relevant to understanding and contextualizing threats, detection, and protection mechanisms discussed in the article. — On today’s podcast, we’re discussing a critical security flaw in Ivanti Endpoint Manager, known as CVE-2024-29824. This unauthenticated SQL Injection vulnerability is actively being exploited, prompting the Cybersecurity and Infrastructure Security Agency to add it to their Known Exploited Vulnerabilities catalog. Ivanti has acknowledged that a limited number of their customers have been impacted. This flaw, part of a group of ten similar vulnerabilities, affects versions prior to Ivanti EPM 2022 SU5 and could allow attackers to execute code within the service account. Researchers have published detailed technical information and proof-of-concept exploits for this vulnerability. To address the issue, Ivanti released a patch involving the replacement of critical DLL files and a server restart. Federally, US agencies are mandated to remediate this vulnerability by October 23, 2024. Ivanti has urged all users to ensure their systems are up to date with the latest patch. Stay informed and make sure your systems are protected. Certainly! Here’s a list of the top 10 most important nouns and technical terms from the article, along with their definitions and relevance to cybersecurity: 1. **CVE-2024-29824** *Definition:* A Common Vulnerabilities and Exposures (CVE) identifier assigned to an unauthenticated SQL Injection vulnerability found in Ivanti Endpoint Manager (EPM) appliances. *Importance:* This vulnerability is critical because it allows attackers to execute arbitrary code, potentially leading to unauthorized access or data manipulation in affected systems. 2. **Ivanti Endpoint Manager (EPM)** *Definition:* A management tool used to automate and control IT systems, providing capabilities such as hardware and software management, asset discovery, and endpoint security. *Importance:* EPM’s widespread deployment in various organizations makes security flaws within it particularly concerning, as they can affect numerous systems. 3. **SQL Injection** *Definition:* A type of security vulnerability that allows an attacker to interfere with the queries an application makes to its database by injecting malicious SQL code. *Importance:* SQL injection vulnerabilities can lead to data breaches, unauthorized data access, and full system compromise, making them a high priority in security. 4. **Cybersecurity and Infrastructure Security Agency (CISA)** *Definition:* A U.S. federal agency responsible for enhancing the security, resilience, and reliability of the nation’s cybersecurity infrastructure. *Importance:* CISA’s involvement indicates the severity of a vulnerability, guiding organizations on critical security measures to implement. 5. **Security Advisory** *Definition:* An official notification providing details about a vulnerability, including its impact, affected systems, and measures for remediation. *Importance:* Security advisories are crucial for informing organizations and the public about vulnerabilities and recommended actions to mitigate security risks. 6. **Zero Day Initiative (ZDI)** *Definition:* A program that focuses on finding and reporting zero-day vulnerabilities to affected vendors for remediation before they can be exploited by attackers. *Importance:* ZDI’s work helps in identifying and patching vulnerabilities before they are widely exploited, enhancing overall cybersecurity posture. 7. **Proof of Concept (PoC)** *Definition:* A demonstration that shows how a vulnerability can be exploited to achieve harmful results, often used to prove the existence and impact of a security flaw. *Importance:* PoCs help in understanding the practical implications of vulnerabilities and in developing appropriate fixes or mitigation strategies. 8. **KEV Catalog** *Definition:* The Known Exploited Vulnerabilities (KEV) catalog is a list maintained by CISA of vulnerabilities that have been actively exploited in the wild. *Importance:* Inclusion in the KEV catalog underscores the critical nature of a vulnerability, signaling to organizations the urgency in applying patches. 9. **DLL Files** *Definition:* Dynamic-link library (DLL) files are collections of small programs used by larger programs to perform specific tasks, often shared among different applications. *Importance:* Replacing vulnerable DLL files is a method of patching software to fix security vulnerabilities like those described in the article. 10. **IISRESET** *Definition:* A command-line utility used to restart Internet Information Services (IIS), the web server software used by Windows servers. *Importance:* Restarting services using IISRESET ensures that any patched or updated files are loaded into memory, completing the remediation process for vulnerabilities. — In this episode, we delve into Stonefly APT, a North Korean cyber-threat group, also known as APT45. Despite previous indictments, Stonefly continues to target US companies. Linked to North Korea’s military intelligence, the group uses a mix of modified and custom malware for espionage and financially-motivated attacks, having been active since 2009. Recent attacks in August 2024 against US companies, using tools like Preft and Nukebot, highlight their ongoing efforts, likely for financial gain. Experts suggest these actions may fund other state priorities, underscoring the persistent cyber threat posed by Stonefly. 1. **Stonefly (APT45):** A North Korean Advanced Persistent Threat (APT) group also known as Andariel and OnyxFleet, linked to military intelligence. It is significant due to its involvement in cyber espionage and financially-motivated cybercrime targeting US companies. 2. **Reconnaissance General Bureau (RGB):** North Korean military intelligence agency associated with directing cyber operations. Important for understanding the state-backed nature of certain threat groups like Stonefly. 3. **APT (Advanced Persistent Threat):** A prolonged and targeted cyberattack where an unauthorized user gains access to a network and remains undetected for an extended period. Key in cybersecurity since it highlights the sophisticated nature of cyber threats. 4. **3PROXY:** A publicly available proxy server software used for network connections. Important as a tool often exploited by cyber-attacks for masking and redirecting traffic. 5. **Malware:** Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems. Critical in cybersecurity as it encompasses various attack methods utilized by threat actors. 6. **Preft (backdoor):** A custom persistent backdoor linked specifically to Stonefly, allowing unauthorized access into a computer system. Its recognition aids in the identification and attribution of attacks to specific groups. 7. **Ransomware:** A type of malware that encrypts the victim’s files and demands a ransom for the decryption key. Vital due to its financial impact and prevalence in cybercrime. 8. **Keyloggers:** Software or devices designed to record keystrokes on a computer, often covertly. Their detection is crucial as they are commonly used for information theft. 9. **Mimikatz:** A publicly available security tool often misused to extract password data from Windows systems. Its relevance in cybersecurity lies in its frequent misuse for credential theft. 10. **Indicators of Compromise (IoCs):** Artifacts or forensic data that indicate potential intrusion or malicious activity in a network. Essential for threat detection and response in cybersecurity. — In a recent report, cybersecurity experts from Permiso Security have uncovered a troubling trend where cybercriminals exploit stolen cloud credentials to operate AI-powered sex bots. These bots, which are bypassing content filters through custom jailbreaks, often delve into dangerous and illegal role-playing scenarios involving child sexual exploitation and rape. The attacks primarily target large language models (LLMs) hosted on platforms like Amazon's Bedrock. Permiso's investigation revealed that attackers quickly commandeer exposed credentials to fuel AI chat services, racking up unauthorized usage costs for cloud account owners. Platforms like “Chub[.]ai” are suspected of leveraging this method to offer chats with AI characters engaging in controversial and explicit scenarios. Chub claims to bypass content restrictions for a small monthly fee, fueling a broader uncensored AI economy. AWS has responded by tightening security measures, but concerns persist around the potential misuse of AI technologies. The situation highlights the necessity for organizations to protect access keys and to consider enabling logging features to detect unusual activities, despite the additional costs involved. Anthropic, a provider of LLMs to Bedrock, continues to enhance safeguards against such abuses. 1. **Cloud Credentials** **Definition:** Authentication information required to access cloud computing services. **Importance:** Stolen cloud credentials allow cybercriminals unauthorized access to a victim’s cloud resources, which can be exploited for malicious activities such as operating unauthorized services or reselling access clandestinely. 2. **Generative Artificial Intelligence (AI)** **Definition:** AI systems capable of generating text, images, or other media in response to prompts by leveraging large datasets and complex algorithms. **Importance:** These systems can be misused to create harmful or illegal content, as evidenced by their exploitation in unauthorized sex chat services, highlighting the need for robust ethical and security safeguards. 3. **Large Language Models (LLMs)** **Definition:** Advanced AI systems that process and generate human-like text by analyzing vast amounts of language data. **Importance:** LLMs can be manipulated by bad actors to bypass restrictions and produce inappropriate or illegal content, underscoring the risks of inadequate security measures. 4. **Jailbreak (in AI context)** **Definition:** Techniques used to bypass or disable restrictions set within AI systems, allowing them to produce content or perform actions usually forbidden. **Importance:** Jailbreaking enables cybercriminals to exploit AI platforms for illicit purposes, making the development of resilient models a key priority for AI security. 5. **Amazon Web Services (AWS) Bedrock** **Definition:** A cloud-based platform by AWS that provides foundational tools and services for building and deploying generative AI models. **Importance:** Its compromise can lead to significant unauthorized usage and financial liabilities for the account holder, as demonstrated by the unauthorized use in illicit AI chat services. 6. **Prompt Logging** **Definition:** The process of recording and monitoring the prompts given to AI models and the responses they generate. **Importance:** Enables transparency and security oversight, allowing organizations to detect and mitigate misuse of AI resources effectively. 7. **Chub AI** **Definition:** A platform offering AI chat bot characters, including those with explicit and controversial themes. **Importance:** Exemplifies the challenge of regulating AI-powered services to prevent the exploitation and dissemination of harmful content. 8. **NSFL (Not Safe for Life)** **Definition:** A categorization used to describe content that is extraordinarily disturbing or offensive. **Importance:** Highlights the potential for AI-driven services to generate deeply objectionable material, raising ethical and legal concerns. 9. **GuardDuty** **Definition:** An AWS security service that provides monitoring and threat detection for identifying malicious activity and unauthorized behavior. **Importance:** Essential for maintaining cloud security posture and preemptively identifying potential threats, particularly in preventing unwanted exploitation of cloud resources. 10. **Anthropic** **Definition:** An AI safety and research organization focused on developing models with built-in ethical constraints. **Importance:** Plays a critical role in enhancing AI safety to prevent misuse, working towards models resistant to manipulation and fostering industry-wide best practices for secure AI deployment. —
Video Episode: https://youtu.be/7et_7YkwAHs In today’s episode, we dive into the alarming rise of malware delivery through fake job applications targeting HR professionals, specifically focusing on the More_eggs backdoor. We also discuss critical gaming performance issues in Windows 11 24H2 and the vulnerabilities in DrayTek routers that expose over 700,000 devices to potential hacking. Lastly, we address the urgent exploitation of a remote code execution flaw in Zimbra email servers, emphasizing the need for immediate updates to safeguard against evolving threats. Links to articles: 1. https://thehackernews.com/2024/10/fake-job-applications-deliver-dangerous.html 2. https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-11-24h2-gaming-performance-issues/ 3. https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html 4. https://www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-exploited-to-backdoor-servers-using-emails/ Timestamps 00:00 – Introduction 01:14 – Zimbra RCE Vulnerability 02:17 – 700k DrayTek Routers Vulnerable 04:36 – Recruiters Targeted with Malware 06:14 – Microsoft blocks updates for gamers 1. What are today’s top cybersecurity news stories? 2. How is More_eggs malware targeting HR professionals? 3. What vulnerabilities exist in DrayTek routers? 4. Why did Microsoft block Windows 11 24H2 upgrades? 5. What is the impact of the Zimbra RCE flaw? 6. How do fake job applications spread malware? 7. What security measures can protect against More_eggs malware? 8. What are the latest gaming issues with Windows 11? 9. How can DrayTek router vulnerabilities be mitigated? 10. What are the latest tactics used by cybercriminals in email attacks? More_eggs, Golden Chickens, spear-phishing, credential theft, Microsoft, Windows 11, Asphalt 8, Intel Alder Lake+, DrayTek, vulnerabilities, exploits, cyber attackers, Zimbra, RCE, vulnerability, exploitation, # Intro HR professionals are under siege as a spear-phishing campaign disguised as fake job applications delivers the lethal More_eggs malware, leading to potentially devastating credential theft. Powered by the notorious Golden Chickens group, this malware-as-a-service targets recruiters with chilling precision. **How are recruitment officers unknowingly downloading malicious files, and what methods are threat actors using to bypass security measures?** “Microsoft is blocking Windows 11 24H2 upgrades on some systems due to critical gaming performance issues like Asphalt 8 crashes and Easy Anti-Cheat blue screens. The company is scrambling to resolve these problems that uniquely impact devices with Intel Alder Lake+ processors.” How can gamers with affected systems work around these issues until Microsoft releases a fix? Over 700,000 DrayTek routers are currently vulnerable to 14 newly discovered security flaws, with some critical exploits that could be used to take full control of the devices and infiltrate enterprise networks. Despite patches being released, many routers remain exposed, creating a lucrative target for cyber attackers. How can these vulnerabilities impact businesses that rely on DrayTek routers for network security? Hackers are leveraging a critical Zimbra RCE vulnerability to backdoor servers through specially crafted emails that execute malicious commands, revealing widespread exploitation just days after a proof-of-concept was published. Notable security experts warn of attackers embedding harmful code in the email’s CC field, which the Zimbra server inadvertently executes. How are attackers camouflaging their malicious emails to slip through security measures unnoticed? # Stories Welcome back to our podcast. Today, we’re talking about a new cyber threat targeting HR professionals. Researchers at Trend Micro have uncovered a spear-phishing campaign where fake job applications deliver a JavaScript backdoor called More_eggs to recruiters. This malware, sold as malware-as-a-service by a group known as Golden Chickens, can steal credentials for online banking, email accounts, and IT admin accounts. What’s unique this time is that attackers are using spear-phishing emails to build trust, as observed in a case targeting a talent search lead in engineering. The attack sequence involves downloading a ZIP file from a deceptive URL, leading to the execution of the More_eggs backdoor. This malware probes the host system, connects to a command-and-control server, and can download additional malicious payloads. Trend Micro’s findings highlight the persistent and evolving nature of these attacks, which are difficult to attribute because multiple threat actors can use the same toolkits. The latest insights also connect these activities to known cybercrime groups like FIN6. Stay vigilant, especially if you work in HR or recruitment. 1. **Spear-Phishing**: – **Definition**: A targeted phishing attack aiming at specific individuals or companies, typically using information about the victim to make fraudulent messages more convincing. – **Importance**: This method is specifically dangerous because it can trick even tech-savvy users by exploiting personalized details, leading to significant security breaches like credential theft. 2. **More_eggs**: – **Definition**: A JavaScript backdoor malware sold as a malware-as-a-service (MaaS) with capabilities to siphon credentials and provide unauthorized access to infected systems. – **Importance**: Due to its ability to latently steal sensitive information and its widespread use by various e-crime groups, More_eggs represents a significant threat to corporate cybersecurity. 3. **Malware-as-a-Service (MaaS)**: – **Definition**: A business model where malicious software is developed and sold to cybercriminals who can then use it to conduct attacks. – **Importance**: This model lowers the barrier of entry for cybercriminals, allowing even those with limited technical skills to launch sophisticated attacks using pre-made malware. 4. **Golden Chickens**: – **Definition**: A cybercriminal group (also known as Venom Spider) attributed with developing and distributing the More_eggs malware. – **Importance**: Understanding threat actors like Golden Chickens can help cybersecurity professionals anticipate and defend against specific threat tactics. 5. **Command-and-Control (C2) Server**: – **Definition**: A server used by threat actors to maintain communications with compromised systems within a target network to execute commands and control malware. – **Importance**: Disrupting C2 servers is crucial because it can cut off the attacker's control over their malware, mitigating the threat. 6. **LNK File**: – **Definition**: A shortcut file in Windows that points to another file or executable. – **Importance**: Misuse of LNK files in phishing campaigns can lead to automated execution of malicious payloads, making them an effective vector for malware distribution. 7. **PowerShell**: – **Definition**: A task automation framework from Microsoft consisting of a command-line shell and scripting language. – **Importance**: PowerShell is often used by attackers to execute and conceal malicious scripts due to its powerful capabilities and integration with Windows. 8. **Tactics, Techniques, and Procedures (TTPs)**: – **Definition**: The behavior patterns or methodologies used by cyber threat actors to achieve their goals. – **Importance**: Identifying TTPs helps security professionals understand, detect, and mitigate specific attack strategies used by threat actors. 9. **Obfuscation**: – **Definition**: The process of deliberately making code or data difficult to understand or interpret. – **Importance**: Obfuscation is commonly used by malware developers to conceal malicious activities and bypass security mechanisms. 10. **Cryptocurrency Miner**: – **Definition**: Software used to perform the computational work required to validate and add transactions to a blockchain ledger in exchange for cryptocurrency rewards. – **Importance**: Unauthorized cryptocurrency mining (cryptojacking) can misuse system resources for financial gain, leading to performance degradation and security vulnerabilities. — On today’s tech update: Microsoft has blocked upgrades to Windows 11 version 24H2 on certain systems due to gaming performance issues. Players of Asphalt 8 may encounter game crashes, while some systems running Easy Anti-Cheat might experience blue screens. These problems mainly affect devices with Intel Alder Lake+ processors. Until Microsoft resolves these issues, impacted users are advised not to manually upgrade using tools like the Media Creation Tool. Microsoft is working on fixes and will include them in upcoming updates. 1. **Windows 11 24H2**: A version of Microsoft’s Windows 11 operating system, released in the second half (H2) of 2024. It is significant because it represents Microsoft’s ongoing update cycle aimed at improving system performance and user experience, though it also highlights the challenges of software compatibility and stability. 2. **Asphalt 8 (Airborne)**: A popular racing video game often used for showcasing graphical and processing capabilities of devices. Its relevance lies in exposing potential software and hardware compatibility issues when new operating systems are released. 3. **Easy Anti-Cheat**: A software tool designed to detect and prevent cheating in multiplayer games. It is crucial for maintaining fair play and integrity in online gaming environments but can pose compatibility challenges with system updates. 4. **Blue Screen of Death (BSoD)**: An error screen displayed on Windows computers following a system crash. It is important as it signals serious software or hardware issues that could affect system stability and data integrity. 5. **Intel Alder Lake+ processors**: A generation of Intel’s microprocessors known for their hybrid architecture design. Understanding these chips is important for recognizing which systems might be more susceptible to the reported compatibility issues. 6. **vPro platform**: A set of Intel technologies aimed at enhancing business security and manageability. It’s critical to cybersecurity professionals because it allows for hardware-level encryption and more robust security management, but compatibility with OS updates can be problematic. 7. **MEMORY_MANAGEMENT error**: A specific type of error indicating system memory management problems, often leading to system crashes. It is crucial for cybersecurity and IT professionals as it affects the stability and reliability of a system. 8. **Compatibility holds (Safeguard IDs)**: Mechanisms employed by Microsoft to prevent system upgrades when known issues are detected. These are essential for protecting users from potential system failures and ensuring a stable computing environment. 9. **Media Creation Tool**: A Microsoft utility used for installing or upgrading Windows OS. It's important for IT professionals as it provides a means to manually deploy Windows updates, though it highlights the risks of bypassing automatic update safeguards. 10. **KB5043145 (Preview Update)**: A specific Windows update known to cause issues such as reboot loops and connection failures. Understanding these updates is crucial for maintaining system stability and ensuring that deployed systems are free from vulnerabilities and bugs. — In a recent cybersecurity alert, over 700,000 DrayTek routers have been identified as vulnerable to hacking due to 14 newly discovered security flaws. These vulnerabilities, found in both residential and enterprise routers, include two rated critical, with one receiving the maximum CVSS score of 10.0. This critical flaw involves a buffer overflow in the Web UI, potentially allowing remote code execution. Another significant vulnerability is OS command injection via communication binaries. The report highlights the widespread exposure of these routers’ web interfaces online, creating a tempting target for attackers, particularly in the U.S. DrayTek has released patches to address these vulnerabilities, urging users to apply updates, disable unnecessary remote access, and utilize security measures like ACLs and two-factor authentication. This development coincides with international cybersecurity agencies offering guidance to secure critical infrastructure, emphasizing the importance of safety, protecting valuable OT data, secure supply chains, and the role of people in cybersecurity. 1. **Vulnerability**: A weakness in a system or software that can be exploited by hackers. – **Importance**: Identifying vulnerabilities is crucial in cyber security because it helps protect systems from attacks. 2. **Router**: A device that routes data from one network to another, directing traffic on the internet. – **Importance**: Routers are essential for internet connectivity and their security is vital to prevent unauthorized access to networks. 3. **Buffer Overflow**: A coding error where a program writes more data to a buffer than it can hold, potentially leading to system crashes or unauthorized code execution. – **Importance**: Buffer overflows are common vulnerabilities that can be exploited to gain control of a system. 4. **Remote Code Execution (RCE)**: A type of vulnerability that allows an attacker to execute code on a remote system without authorization. – **Importance**: RCE vulnerabilities are highly critical as they enable attackers to take over affected systems. 5. **Cross-site Scripting (XSS)**: A web security vulnerability that allows attackers to inject malicious scripts into content from otherwise trusted websites. – **Importance**: XSS can be used to steal information, deface websites, and spread malware. 6. **Adversary-in-the-Middle (AitM) Attack**: An attack where the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. – **Importance**: AitM attacks can lead to data theft, man-in-the-middle proxy attacks, and unauthorized access to sensitive information. 7. **Denial-of-Service (DoS)**: An attack intended to shut down a machine or network, making it inaccessible to its intended users. – **Importance**: DoS attacks disrupt the availability of services and can cause significant downtime and financial loss. 8. **Access Control List (ACL)**: A list of permissions attached to an object that specifies which users or system processes can access the object and what operations they can perform. – **Importance**: ACLs are crucial for implementing security policies to control access to resources. 9. **Two-Factor Authentication (2FA)**: A security process in which the user provides two different authentication factors to verify themselves. – **Importance**: 2FA improves security by adding an additional layer of verification, making it harder for attackers to gain unauthorized access. 10. **Operational Technology (OT)**: Hardware and software that detects or causes changes through direct monitoring and control of physical devices, processes, and events in an enterprise. – **Importance**: OT security is critical for the functioning and safety of critical infrastructure systems, such as those in manufacturing, power generation, and transportation. — Today, we’re discussing a critical remote code execution (RCE) vulnerability in Zimbra email servers, tracked as CVE-2024-45519, which hackers are actively exploiting. This flaw allows attackers to trigger malicious commands simply by sending specially crafted emails, which are processed by Zimbra’s post journal service. First flagged by Ivan Kwiatkowski of HarfangLab and confirmed by Proofpoint, the exploit involves spoofed emails with commands hidden in the “CC” field. Once processed, these emails deliver a webshell to the server, giving attackers full access for data theft or further network infiltration. A proof-of-concept exploit was released by Project Discovery on September 27, prompting immediate malicious activity. Administrators are urged to apply security updates released in Zimbra’s latest versions—9.0.0 Patch 41 and later—or disable the vulnerable postjournal service and ensure secure network configurations to mitigate the threat. Stay vigilant and update your Zimbra servers immediately to protect against this critical vulnerability. 1. **Remote Code Execution (RCE)** – **Definition**: A type of security vulnerability that enables attackers to run arbitrary code on a targeted server or computer. – **Importance**: This flaw can be exploited to gain full control over the affected machine, leading to data theft, unauthorized access, and further network penetration. 2. **Zimbra** – **Definition**: An open-source email, calendaring, and collaboration platform. – **Importance**: Popular among organizations for its integrated communication tools, making it a significant target for cyberattacks due to the sensitive data it handles. 3. **SMTP (Simple Mail Transfer Protocol)** – **Definition**: A protocol used to send and route emails across networks. – **Importance**: Integral to email services, its exploitation can deliver malicious content to servers and users, forming a vector for cyber-attacks. 4. **Postjournal Service** – **Definition**: A service within Zimbra used to parse incoming emails over SMTP. – **Importance**: Its vulnerability can be leveraged to execute arbitrary commands, making it a crucial attack point for hackers. 5. **Proof-of-Concept (PoC)** – **Definition**: A demonstration exploit showing that a vulnerability can be successfully taken advantage of. – **Importance**: PoC exploits serve as proof that theoretical vulnerabilities are practical and dangerous, necessitating urgent security responses. 6. **Base64 Encoding** – **Definition**: A method of encoding binary data into an ASCII string format. – **Importance**: Often used to encode commands within emails or other data streams to evade basic security detections. 7. **Webshell** – **Definition**: A type of malicious script that provides attackers with remote access to a compromised server. – **Importance**: Webshells afford attackers sustained control over a server, allowing for ongoing data theft, disruptions, and further exploits. 8. **CVE (Common Vulnerabilities and Exposures)** – **Definition**: A list of publicly known cybersecurity vulnerabilities and exposures, identified by unique CVE IDs. – **Importance**: Helps standardize and track security issues, facilitating communication and management of vulnerabilities across the cybersecurity community. 9. **Patch** – **Definition**: An update to software aimed at fixing security vulnerabilities or bugs. – **Importance**: Patching vulnerabilities is critical for protecting systems from attacks exploiting known security flaws. 10. **Execvp Function** – **Definition**: A function in Unix-like operating systems that executes commands with an argument vector, featuring improved input sanitization. – **Importance**: By replacing vulnerable functions like ‘popen,’ ‘execvp’ helps prevent the execution of malicious code, thus enhancing system security. —
Video Episode: https://youtu.be/665pQQC8k-4 In today’s episode, we delve into the shocking case of Adam Iza, a California man allegedly linked to extortion and bribery involving local police officers, and his ties to the notorious hacking group UGNazi. We also discuss developments in cybersecurity, including the SEC’s charges against Robert B. Westbrook for insider trading through computer hacks, the alarming rise of the Sniper Dz phishing-as-a-service platform, the unveiling of vulnerabilities in court systems nationwide, and Microsoft Defender’s new features to detect unsecured Wi-Fi networks. Join us as we unpack these significant stories impacting the cybercrime landscape. Links to articles: 1. https://krebsonsecurity.com/2024/09/crooked-cops-stolen-laptops-the-ghost-of-ugnazi/ 2. https://www.bleepingcomputer.com/news/security/hacker-charged-for-breaching-5-companies-for-insider-trading/ 3. https://thehackernews.com/2024/10/free-sniper-dz-phishing-tools-fuel.html 4. https://www.bleepingcomputer.com/news/security/microsoft-defender-now-automatically-detects-unsecure-wi-fi-networks/ 5. https://arstechnica.com/security/2024/09/systems-used-by-courts-and-govs-across-the-us-riddled-with-vulnerabilities/ Timestamps 00:00 – Introduction 01:07 – Crooked Cops 02:50 – Insider Trading 04:06 – PHaaS SniperDZ 06:00 – Defender VPN on Insecure Wifi 1. What are today’s top cybersecurity news stories? 2. How are law enforcement officers involved in cybercrime? 3. What charges were filed against hacker Robert B. Westbrook? 4. What is phishing-as-a-service and how does it work? 5. How does Microsoft Defender protect against unsafe Wi-Fi networks? 6. What vulnerabilities were found in U.S. court and government systems? 7. What is the connection between Adam Iza and the UGNazi hacker group? 8. What techniques do cybercriminals use for insider trading? 9. How can you identify and prevent phishing attacks? 10. What role does encryption play in protecting public Wi-Fi connections? corruption, cybercrime, Adam Iza, violence-as-a-service, Westbrook, insider trading, cybercrime, SEC, Sniper Dz, phishing, credential theft, Telegram, Microsoft Defender, Wi-Fi networks, cyber-attacks, VPN, Parker, vulnerabilities, voter registrations, security,
Video Episode: https://youtu.be/Lw7MiiRsuk0In today's episode, we discuss critical vulnerabilities in Progress Software's WhatsUp Gold requiring urgent patches, alongside freshly reported exploits in Linux's Common Unix Printing System. We also explore Meta's hefty €91 million fine for improperly storing plaintext passwords, and Microsoft's revisions to the Copilot+ Recall feature after security concerns. Stay informed on these significant developments in software security and data privacy! Links to articles discussed:1. https://thehackernews.com/2024/09/progress-software-releases-patches-for.html2. https://www.cybersecuritydive.com/news/linux-cves-open-source/728310/3. https://thehackernews.com/2024/09/meta-fined-91-million-for-storing.html4. https://www.helpnetsecurity.com/2024/09/30/copilot-recall-security/Timestamps00:00 - Introduction00:55 - CUPS and WhatsUp updates03:38 - Windows Recall 1. What are today's top cybersecurity news stories?2. What vulnerabilities were patched in WhatsUp Gold?3. How serious are the Linux CVEs discovered recently?4. What penalties did Meta face for storing passwords in plaintext?5. What changes has Microsoft made to the Copilot+ Recall feature?6. Which critical CVEs affect print jobs on Linux systems?7. How can WhatsUp Gold customers mitigate security threats?8. What are the implications of Meta's latest GDPR fine?9. What security measures did Microsoft implement in Copilot+ Recall?10. How have researchers responded to Linux security vulnerabilities? Progress Software, WhatsUp Gold, vulnerabilities, patches, Linux, vulnerabilities, Red Hat, Canonical, Meta, €91 million, plaintext, security lapse, Copilot+ Recall, encryption, Trusted Platform Module, privacy,
Video Episode: https://youtu.be/LyKMiecH2Ms In today’s episode, we discuss critical vulnerabilities addressed by HPE Aruba Networking in its Access Points, which could allow remote code execution by unauthenticated attackers. We also cover alarming discoveries about Kia vehicles where hackers could take control using just license plates, and how Google’s shift to using memory-safe programming in Android has significantly reduced security vulnerabilities. Lastly, be informed about the ongoing clash between Automattic and WP Engine, leading to restricted access to vital WordPress resources for affected users. Links to articles mentioned: 1. https://www.bleepingcomputer.com/news/security/hpe-aruba-networking-fixes-three-critical-rce-flaws-impacting-its-access-points/ 2. https://thehackernews.com/2024/09/hackers-could-have-remotely-controlled.html 3. https://www.helpnetsecurity.com/2024/09/26/android-memory-safety-vulnerabilities/ 4. https://www.bleepingcomputer.com/news/security/automattic-blocks-wp-engines-access-to-wordpress-resources/ Timestamps 00:00 – Introduction 01:27 – Aruba AP Vulnerabilities Patched 02:36 – Kia Remote Access 03:55 – Android Memory Vulnerabilities Reduced 05:42 – WP Engine Blocked from WordPress updates Sign up for the best newsletter in cybersecurity at https://news.thedailydecrypt.com 1. What are today’s top cybersecurity news stories? 2. What critical vulnerabilities were fixed in HPE Aruba Networking Access Points? 3. How could hackers remotely control Kia cars using just license plates? 4. What impact did Google's use of Rust have on Android memory safety vulnerabilities? 5. Why did WordPress.org ban WP Engine from accessing its resources? 6. What are the recent cybersecurity fixes provided by HPE for their products? 7. What does the Kia vehicle vulnerability disclosure mean for car owners? 8. How has Android reduced its number of memory safety vulnerabilities in recent years? 9. What actions has Automattic taken against WP Engine in their ongoing conflict? 10. What are the potential risks for WP Engine customers following the WordPress.org decision? HPE, Aruba Access Points, vulnerabilities, remote code execution, hackers, Kia, vulnerabilities, security, Rust, Android, memory safety, vulnerabilities, Automattic, WP Engine, WordPress, security,
Video Episode: https://youtu.be/gSEirErEqCs In today’s episode, we explore critical topics in cybersecurity, including expert tips for spotting phishing links leveraging tools like ANY.RUN’s Safebrowsing, the release of a proof-of-concept exploit for the critical SolarWinds Web Help Desk CVE-2024-28987 vulnerability, and Mozilla’s privacy complaint over its new tracking feature in Firefox. We also discuss CrowdStrike’s recent testimony regarding a major IT outage caused by a faulty update, highlighting the importance of robust testing protocols for cybersecurity platforms. Tune in to stay informed about the latest trends and vulnerabilities in the cyber threat landscape. Links to articles discussed: 1. Expert Tips on How to Spot a Phishing Link – https://thehackernews.com/2024/09/expert-tips-on-how-to-spot-phishing-link.html 2. PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987) – https://www.helpnetsecurity.com/2024/09/25/cve-2024-28987-poc/ 3. Mozilla Faces Privacy Complaint for Enabling Tracking in Firefox Without User Consent – https://thehackernews.com/2024/09/mozilla-faces-privacy-complaint-for.html 4. CrowdStrike's mea culpa: 5 takeaways from the Capitol Hill testimony – https://www.cybersecuritydive.com/news/crowdstrike-mea-culpa-testimony-takeaways/727986/ Timestamps 00:00 – Introduction 01:14 – Crowdstrike VP Testifies 03:28 – SolarWinds Exploit Public Release 04:56 – Mozilla Privacy Issues Sign up for the best newsletter in cybersecurity at https://news.thedailydecrypt.com 1. What are today’s top cybersecurity news stories? 2. How can you identify phishing links effectively? 3. What should I know about the SolarWinds Web Help Desk vulnerability? 4. Why is Mozilla facing a privacy complaint regarding Firefox? 5. What changes has CrowdStrike implemented after the IT network outage? 6. What are the best practices for recognizing suspicious URLs? 7. How does Mozilla’s Privacy Preserving Attribution threaten user privacy? 8. What lessons can be learned from CrowdStrike’s recent testimony? 9. What are the warning signs of a phishing email? 10. How can organizations protect themselves from emerging cybersecurity threats? phishing, URLs, CAPTCHA, Cloudflare, SolarWinds, vulnerability, cyberattacks, help desk, Mozilla, Privacy Preserving Attribution, tracking cookies, data protection, CrowdStrike, software update, policy changes, IT nightmare,
Video Episode: https://youtu.be/_DKTFyP1bOM In today’s episode, we discuss Microsoft’s recent cybersecurity initiatives, including the appointment of deputy CISOs and the launch of the Cybersecurity Governance Council as part of their Secure Future Initiative to enhance internal security measures and reduce risks. We also explore the implications of ‘never expire’ passwords in cybersecurity, highlighting the potential risks while considering the practicality of password policies. Additionally, we cover critical vulnerabilities found in Microchip’s software affecting IoT devices and Discord’s introduction of the new DAVE protocol for secure audio and video communication. Article URLs: 1. https://www.cybersecuritydive.com/news/microsoft-deputy-cisos-security/727763/ 2. https://thehackernews.com/2024/09/why-never-expire-passwords-can-be-risky.html 3. https://thehackernews.com/2024/09/critical-flaw-in-microchip-asf-exposes.html 4. https://thehackernews.com/2024/09/discord-introduces-dave-protocol-for.html Timestamps 00:00 – Introduction 01:07 – Microsoft Removes Inactive Accounts 02:48 – IoT RCE Vulnerability 04:53 – Discord’s DAVE end-to-end Encryption 06:00 – Should all passwords expire? 1. What are today’s top cybersecurity news stories? 2. What security changes is Microsoft implementing in its internal practices? 3. How is Microsoft addressing its internal security culture? 4. What vulnerabilities were recently disclosed for Microchip’s Advanced Software Framework? 5. Why might ‘never expire’ passwords pose a risk in organizations? 6. What is Discord’s new DAVE protocol and how does it enhance security? 7. How is Microsoft restructuring its cybersecurity governance? 8. What impact did the federal Cyber Safety Review Board report have on Microsoft? 9. What recent vulnerabilities affect IoT devices and what are their risks? 10. How is Microsoft training its staff to improve security practices? Microsoft, deputy CISOs, security breach, email theft, passwords, cybersecurity, expiration, IT help desk, Microchip, IoT, vulnerability, remote code execution, DAVE protocol, end-to-end encryption, audio calls, video calls, —
Video Episode: https://www.youtube.com/watch?v=-sAsXlXZixs In today’s episode, we discuss critical updates affecting cybersecurity and networking, including significant issues with macOS 15 ‘Sequoia’ impacting VPN and antivirus functionalities such as CrowdStrike Falcon and ESET Endpoint Security. We also cover Microsoft’s new Hotpatching feature in Windows Server 2025, enabling seamless security updates without restarts, and LinkedIn’s halting of AI data processing in the U.K. due to privacy concerns. Additionally, we delve into the hacktivist group Twelve’s destructive cyber attacks targeting Russian entities, highlighting their methods and tools. Timestamps 00:00 – Introduction 01:14 – MacOS Sequoia Upgrade Bugs 02:45 – Windows Server 2025 Hot Patching 04:06 – LinkedIn AI Privacy Violations 05:53 – Hacktivists attack Russian infrastructure Links to articles discussed: 1. https://www.bleepingcomputer.com/news/apple/macos-sequoia-change-breaks-networking-for-vpn-antivirus-software/ 2. https://www.bleepingcomputer.com/news/microsoft/windows-server-2025-hotpatching-in-public-preview-installs-security-updates-without-restarts/ 3. https://thehackernews.com/2024/09/linkedin-halts-ai-data-processing-in-uk.html 4. https://thehackernews.com/2024/09/hacktivist-group-twelve-targets-russian.html 1. What are today’s top cybersecurity news stories? 2. How does macOS 15 Sequoia impact VPN and antivirus software? 3. What are the issues reported with CrowdStrike Falcon on macOS Sequoia? 4. Why did LinkedIn halt AI data processing in the UK? 5. What is Microsoft’s Hotpatching feature for Windows Server 2025? 6. How does the hacktivist group Twelve conduct cyber attacks on Russian entities? 7. What problems are users experiencing with Mullvad VPN after upgrading to macOS Sequoia? 8. What changes in macOS Sequoia are affecting network connections for security tools? 9. How has the ICO responded to LinkedIn’s use of user data for AI training? 10. What security vulnerabilities did the group Twelve exploit for their attacks? macOS Sequoia, VPN, antivirus, compatibility, Hotpatching, Microsoft, security updates, compatibility, LinkedIn, AI, privacy, data, Twelve, DARKSTAR, cyber operations, encrypting,
Video Episode: https://youtu.be/wJO-8X_Wvww In today's episode, we discuss critical security updates from Adobe that address severe vulnerabilities in Acrobat and Reader, specifically CVE-2024-41869 and CVE-2024-45112, as well as the implications of a newly discovered PoC exploit. We also explore the rise of Vo1d malware, which has infected 1.3 million Android TV boxes globally, compromising outdated systems from various brands. Lastly, we cover GitLab's urgent advisory regarding a significant pipeline execution vulnerability, CVE-2024-6678, urging users to update to secure versions immediately. 00:00 - Intro 00:55 - Adobe Patches 01:56 - GitLab 03:00 - Android TV Vulnerabilities Resources: https://www.helpnetsecurity.com/2024/09/12/cve-2024-41869/ https://thehackernews.com/2024/09/beware-new-vo1d-malware-infects-13.html https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-pipeline-execution-vulnerability/ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Adobe, CVE-2024-41869, vulnerabilities, zero-day, Vo1d, Android TV box, malware, Doctor Web, GitLab, CVE-2024-6678, execute What are today's top cybersecurity news stories?, Adobe security updates, CVE-2024-41869 zero-day, Vo1d malware Android TV box, protect Android TV box Vo1d malware, GitLab critical vulnerability, CVE-2024-6678, vulnerabilities in software updates, implications of delaying updates, securing GitLab installations
Video Episode: https://youtu.be/otdn468NX9Y In today's episode, we explore the alarming implications of a rogue WHOIS server exploited by Benjamin Harris, the CEO of watchTowr, enabling him to generate counterfeit HTTPS certificates and potentially manipulate thousands of servers. We also discuss new malicious tactics employed by the Lazarus Group, including fake coding tests for software developers to disseminate malware, and Microsoft's recent patch release addressing 79 vulnerabilities, including three actively exploited flaws. Additionally, we touch on Ivanti's urgent updates for critical vulnerabilities in its Endpoint Manager software. 00:00 - Intro 01:07 - Ivanti Vulnerability 02:30 - Microsoft Patch Tuesday 04:00 - Lazarus Fake Code Challenges 07:00 - Researcher Exposes WHOIS Server Vulnerabilities Articles referenced in this episode: https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/ https://thehackernews.com/2024/09/developers-beware-lazarus-group-uses.html https://thehackernews.com/2024/09/microsoft-issues-patches-for-79-flaws.html https://thehackernews.com/2024/09/ivanti-releases-urgent-security-updates.html Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Benjamin Harris, WHOIS server, HTTPS certificates, vulnerabilities, Lazarus Group, Malware, VMConnect, Cybersecurity, Microsoft, Endpoint Manager, remote code execution Search Phrases: What are today's top cybersecurity news stories?, Benjamin Harris WHOIS server exploit, fake HTTPS certificates tracking, vulnerabilities in internet security, Lazarus Group malware campaign, VMConnect software developer scams, Microsoft security patch urgency, critical vulnerabilities in Windows, Ivanti Endpoint Manager updates, remote code execution risks
In today's episode, we explore the alarming rise of sextortion and its devastating impact on individuals, families, and communities. We discuss recent cases involving Nigerian brothers sentenced for their role in the tragic death of a Michigan teenager, the emergence of sadistic sextortion targeting children in Australia, and new scams using personal information to exploit victims. Together, we shine a light on this critical issue, emphasize the importance of online safety, and share resources for those affected. Those worried their intimate images will be shared can use a tool such as StopNCII, which creates a digital hash, or fingerprint, of images that is shared with companies such as Instagram, Snapchat, OnlyFans and Pornhub so they can block them from being posted to the platform. Article URLs: Nigerian brothers whose sextortion plot led to death of Michigan teen get 17 years: https://www.theguardian.com/us-news/article/2024/sep/06/sextortion-samuel-samson-ogoshi-jordan-demay?CMP=oth_b-aplnews_d-1 Australian police are warning about ‘sadistic sextortion'. Here's how it works, and the red flags for parents: https://www.theguardian.com/technology/article/2024/sep/07/australia-federal-police-sadistic-child-sextortion-warning Sextortion scam now use your "cheating" spouse's name as a lure: https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/ Nigerian brothers Samuel (22) and Samson Ogoshi (20) sentenced to 17 years (210 months) in prison. Victim: Jordan DeMay, 17, who died in March 2022. Jordan DeMay sent nude photographs after being befriended on social media. The brothers demanded $1,000, and Jordan paid $300 before threatening to kill himself. Less than 6 hours after the threat, Jordan died. FBI tracked communications to the brothers in Nigeria, revealing attempts to extort over 100 individuals. Australian police report children as young as 12 being coerced into producing extreme content via 'sadistic sextortion'. Increase of reports of image-based abuse in Australia: 117% in 2022-2023, with sextortion being the most frequently reported form. RMIT's Prof. Nicola Henry noted that intimate partners are often the perpetrators of sextortion. Just under 16% of surveyed adults reported experiencing threats to share intimate images, higher than most surveyed countries except the USA. Victim Rohan Cosgriff, age 17, died in 2022 after being pressured into sending intimate photos. Recent sextortion emails target spouses, claiming infidelity and demanding payments between $500 to $5,000. First appearance of the new sextortion variant noted about three weeks prior to the article's publication. Profits from sextortion scams were over $50,000 in the first week of their appearance in 2018. Recipients of new sextortion emails reported names used that aren't commonly associated with them, including maiden names and pet names.
Video Episode: https://youtu.be/ECOVSA0MIyY In today's episode, we delve into the newly discovered EUCLEAK attack affecting YubiKey FIDO devices, emphasizing the potential for state-sponsored actors to exploit vulnerabilities in the Infineon SLE78 microcontroller. We also discuss Cisco's response to a backdoor found in the Smart Licensing Utility, a critical flaw that allows unauthorized admin access, and highlight the Revival Hijack supply-chain attack endangering over 22,000 PyPI packages. Lastly, we urge Android users to install security updates addressing the actively exploited CVE-2024-32896 vulnerability. Links to articles discussed: https://www.bleepingcomputer.com/news/security/new-eucleak-attack-lets-threat-actors-clone-yubikey-fido-keys/ https://www.bleepingcomputer.com/news/security/cisco-warns-of-backdoor-admin-account-in-smart-licensing-utility/ https://www.bleepingcomputer.com/news/security/revival-hijack-supply-chain-attack-threatens-22-000-pypi-packages/ https://thehackernews.com/2024/09/google-confirms-cve-2024-32896.html Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ EUCLEAK, YubiKey, Infineon, microcontroller, Cisco, Smart Licensing Utility, vulnerability, cybersecurity, Revival Hijack, PyPI, JFrog, Hackers, CVE-2024-32896, Google What are today's top cybersecurity news stories?, EUCLEAK YubiKey vulnerability, Cisco Smart Licensing Utility backdoor, Revival Hijack PyPI package threat, CVE-2024-32896 Android update urgency, cybersecurity measures for YubiKey owners, protecting Cisco systems from vulnerabilities, safeguarding PyPI packages from hackers, critical updates for Android devices, cybersecurity risks in the technology industry
Video Episode: https://youtu.be/oMptm-Oi1R4 In today's episode of The Daily Decrypt, we tackle a high-profile case involving the City of Columbus and security researcher David Leroy Ross. Ross is facing a lawsuit and restraining order after revealing the true extent of a ransomware attack that the city had downplayed. Despite claims by Mayor Andrew Ginther that the stolen 6.5 terabytes of sensitive data were unusable due to encryption, Ross proved otherwise—highlighting that personal information like Social Security numbers and details from domestic violence cases were fully intact and accessible on the dark web. 00:00 - Intro 00:37 - Updates from The Daily Decrypt 01:45 - Columbus, OH vs Security Researcher 09:23 - More News We dive into the legal and ethical complexities that arise when a researcher discloses illegally obtained data in the name of public interest. What happens when the desire to protect people's privacy clashes with responsible disclosure protocols? Ross bypassed these procedures, opting instead to expose the city's misinformation by going directly to the media, leading to legal consequences that reflect a challenging gray area for security researchers. In the second half, we discuss how Columbus's reaction—suing the very person who pointed out the severity of their data breach—sends a chilling message to those working in cybersecurity. Are they discouraging future researchers from revealing vulnerabilities, even when it's for the public good? We also explore: How Columbus mishandled the attack. The city's controversial decision to sue Ross. The broader implications for security researchers who choose to challenge powerful organizations. Stick around for our lightning round of cybersecurity headlines, including a busted one-time password fraud service in the UK, a former engineer's attempt to extort Bitcoin, and new vulnerabilities in Microsoft's macOS applications. Links to the articles discussed: https://thehackernews.com/2024/09/new-flaws-in-microsoft-macos-apps-could.html https://thehackernews.com/2024/09/ex-engineer-charged-in-missouri-for.html https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/ https://arstechnica.com/security/2024/08/city-of-columbus-sues-man-after-he-discloses-severity-of-ransomware-attack/ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ vulnerabilities, Microsoft, Cisco Talos, macOS, Bitcoin, extortion, insider, Missouri, OTP Agency, interception, passcodes, scammers, ransomware, Columbus, dark web, restraining order What are today's top cybersecurity news stories, how can macOS users safeguard their devices from vulnerabilities, what tactics did the ex-employee use for Bitcoin extortion, what precautions can individuals take against OTP interception scams, what legal implications arise from disclosing ransomware attack details, what are the latest threats in cybersecurity, how does insider knowledge contribute to cyber crimes, what are the impacts of ransomware on local governments, how can companies protect themselves from extortion, what measures can be taken to enhance online security against scams
Video Episode: https://youtu.be/sUwjbJ_Uzm0 In today's episode, we explore the alarming rise of sophisticated cyber threats, starting with the exploitation of a 5-year-old zero-day vulnerability (CVE-2024-7029) affecting AVTECH IP cameras by the Corona Mirai-based malware botnet. We also analyze the tactics of the Russian APT29 group, which has been leveraging zero-day exploits against Mongolian government websites, using techniques akin to commercial spyware vendors. Finally, we explore how the Iranian hacking group Pioneer Kitten is collaborating with ransomware affiliates to extort various sectors in the U.S., highlighting the importance of proactive cybersecurity measures. Links to articles: https://www.bleepingcomputer.com/news/security/malware-exploits-5-year-old-zero-day-to-infect-end-of-life-ip-cameras/ https://www.bleepingcomputer.com/news/security/russian-apt29-hackers-use-ios-chrome-exploits-created-by-spyware-vendors/ https://www.bleepingcomputer.com/news/security/iranian-hackers-work-with-ransomware-gangs-to-extort-breached-orgs/ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Akamai, Corona Mirai, vulnerability, AVTECH, APT29, exploits, cyberattacks, spyware, Pioneer Kitten, Ransomware, Infiltrate, Extort What are today's top cybersecurity news stories?, How can we defend against malware like Corona Mirai?, What vulnerabilities exist in AVTECH IP cameras?, Who are the Russian hackers known as APT29?, How do state-sponsored hackers exploit devices?, What measures can protect against iOS exploits?, How is ransomware being used by Pioneer Kitten?, What tactics are used in cyber extortion?, How can organizations defend against ransomware attacks?, What are the risks of outdated IP camera systems?
Video Episode: https://youtu.be/3xUukOuwAV8 In today's episode, we explore the major cyber threats facing organizations, including the exploitation of a zero-day vulnerability (CVE-2024-39717) in Versa Director by state-sponsored actors, particularly focusing on its implications for managed service providers and ISPs. We also discuss the ongoing cyberattack at Seattle-Tacoma International Airport that has led to significant service outages and delays, and the alarming rise in a QR code phishing campaign exploiting Microsoft Sway to steal Microsoft 365 credentials from users. Tune in to understand the sophisticated attack methods and what organizations can do to bolster their defenses against these critical threats. 00:00 - Intro 01:13 - Versa Director Zero Day 02:35 - Seattle Airport Outages 03:37 - 2000% Increase in QR Phishing 05:59 - Microsoft Security Logs https://www.helpnetsecurity.com/2024/08/27/cve-2024-39717-exploited/ https://www.cybersecuritydive.com/news/seattle-airport-cyberattack-widespread-outages/725342/ https://www.bleepingcomputer.com/news/security/microsoft-sway-abused-in-massive-qr-code-phishing-campaign/ https://www.cybersecuritydive.com/news/cisa-microsoft-security-log-expansion/725358/ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Volt Typhoon, Versa Director, VersaMem, cyber threats, cyberattack, Seattle-Tacoma, manual processes, safeguard, QR code phishing, Microsoft Sway, cybercriminals, credentials, security logs, threat detection, CISA Search phrases: What are today's top cybersecurity news stories? Volt Typhoon hackers exploit Versa Director, Seattle-Tacoma Airport cyberattack, how to protect managed service providers from cyber threats, QR code phishing attacks Microsoft Sway, cybersecurity measures against cybercriminals, improving threat detection with security logs, safeguarding critical systems at airports, latest cybersecurity vulnerabilities, CISA response to cyber threats, protecting against QR code phishing campaigns
In today's episode, we dive into significant cybersecurity developments including CISA's $524 million headquarters construction at the DHS campus, and the implications for infrastructure security. We also discuss the arrest of Telegram's founder Pavel Durov in France amidst rising concerns over content moderation failures, as well as the alarming use of AppDomain Injection in recent attacks deploying CobaltStrike beacons. Finally, we cover critical vulnerabilities identified in SolarWinds' Web Help Desk that require immediate patching to safeguard against exploitation. Video Episode: https://youtu.be/wCRh9s2XsyQ 00:00 - Intro 01:14 - Telegram's Pavel Durov Arrested for Cybercrime Hub 04:53 - APT 41 Uses AppDomain Manager Injection to Deploy CobaltStrike 06:42 - SolarWinds Web Help Desk: Another Critical Bug Fixed 07:57 - CISA's $524M HQ Links to the articles discussed: https://www.gsa.gov/about-us/newsroom/news-releases/gsa-awards-construction-contract-for-cisa-hq-on-the-st-elizabeths-west-campus-08192024 https://thehackernews.com/2024/08/telegram-founder-pavel-durov-arrested.html https://www.bleepingcomputer.com/news/security/hackers-now-use-appdomain-injection-to-drop-cobaltstrike-beacons/ https://www.helpnetsecurity.com/2024/08/23/cve-2024-28987/ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: CISA, Headquarters, Cybersecurity, Infrastructure, Pavel Durov, Telegram, Content moderation, Criminal activity, AppDomain Manager Injection, CobaltStrike, Cyberattacks, APT 41, CVE-2024-28987, SolarWinds, vulnerability, IT systems Search phrases: What are today's top cybersecurity news stories? CISA headquarters cybersecurity consolidation Telegram founder arrest criminal activity AppDomain Manager Injection cyberattacks CobaltStrike vulnerabilities SolarWinds IT systems security updates
In today's episode, we explore the alarming rise of NGate Android malware, which employs NFC technology to facilitate unauthorized ATM withdrawals from victims' bank accounts. We also discuss Google's urgent patch for the ninth Chrome zero-day vulnerability of 2024, addressing serious security flaws that could allow attackers to exploit devices. Plus, we cover the sentencing of Jesse Kipf, who faked his death through cyber intrusions to evade child support obligations. Video Episode: https://youtu.be/Mem_XEAQymI 00:00 - Intro 00:56 - Android NFC Malware 02:53 - Google Zero Day 04:14 - Kentucky Man Fakes Death Sources: https://www.helpnetsecurity.com/2024/08/22/android-malware-nfc-data-atm-withdrawals/ https://www.bleepingcomputer.com/news/security/google-fixes-ninth-actively-exploited-chrome-zero-day-in-2024/ https://www.justice.gov/usao-edky/pr/pulaski-county-man-sentenced-cyber-intrusion-and-aggravated-identity-theft Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: NGate, Android, NFC, malware, cybersecurity, Google, Chrome, zero-day, cyber heist, identity theft, hacking, ESET, V8 JavaScript, payment security, mobile crime, Jesse Kipf Search phrases: What are today's top cybersecurity news stories, NGate Android malware news, how to protect from malware attacks, zero-day vulnerabilities in Chrome, identity theft prevention measures, steps to update Chrome browser, impacts of NFC technology on security, cyber heist case studies, ESET cybersecurity research, mobile payment security tips
In today's episode, we discuss CrowdStrike's response to "shady commentary" from competitors following a significant IT outage that affected millions of devices and led to a loss of market value. We also explore the repercussions of a recent Microsoft update that malfunctioned in dual-boot systems, causing failure to boot for many Linux users, and uncover new macOS malware, TodoSwift, linked to North Korean hacking groups. Additionally, we highlight a critical vulnerability in the GiveWP WordPress plugin that puts over 100,000 websites at risk of remote code execution attacks. Video Episode: https://youtu.be/CEuFAj-EueU 00:00 - Intro 01:13 - CrowdsStrike Competitors Ambulance Chasing 03:18 - Microsoft Update Breaks Dual Boot Linux 05:07 - MacOS Malware TodoSwift 06:45 - WordPress RCE Vulnerability Sources: https://arstechnica.com/information-technology/2024/08/crowdstrike-unhappy-with-shady-commentary-from-competitors-after-outage/ https://arstechnica.com/security/2024/08/a-patch-microsoft-spent-2-years-preparing-is-making-a-mess-for-some-linux-users/ https://thehackernews.com/2024/08/new-macos-malware-todoswift-linked-to.html https://thehackernews.com/2024/08/givewp-wordpress-plugin-vulnerability.html Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: CrowdStrike, cybersecurity, IT outage, software update, Microsoft, Windows, Linux, dual-boot, TodoSwift, macOS, malware, North Korea, GiveWP, vulnerability, security, exploitation Search Phrases: What are today's top cybersecurity news stories, CrowdStrike market value drop, global IT outage cause, Microsoft update Linux dual-boot issue, TodoSwift macOS malware, North Korea hacking groups, GiveWP WordPress plugin vulnerability, how to restore dual-boot systems, security measures for Mac users, actions for protecting WordPress sites
In today's episode, we explore the critical challenges to AI adoption revealed by CISOs, including data privacy concerns, insufficient staff skills, and misaligned organizational priorities, as highlighted in a new survey by Tines. We also discuss how security leaders can address these blockers by leveraging automation, strategic alignment, and continuous training. Additionally, we delve into the rise of malware such as FakeBat, recent data breaches affecting FlightAware and National Public Data, and necessary steps for individuals to secure their personal information. Video Episode: https://youtu.be/HQt1nCHKgxI 00:00 - Intro 01:14 - NPD Hack Exposes Billions of User's Data 04:01 - FlightAware Configuration Error Exposed User Data 07:35 - FakeBat Malware Targets Brave, Zoom, Notion Users 09:45 - Top AI Adoption Challenges and CISO Solutions Articles referenced: https://www.cybersecuritydive.com/spons/the-biggest-blockers-to-ai-adoption-according-to-cisos-and-how-to-remove/723672/ https://thehackernews.com/2024/08/cybercriminals-exploit-popular-software.html https://www.bleepingcomputer.com/news/security/flightaware-configuration-error-leaked-user-data-for-years/ https://www.cbsnews.com/news/social-security-number-leak-npd-breach-what-to-know/ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Tines, Generative AI, Security, CISOs, FakeBat, malvertising, MSIX, Mandiant, FlightAware, Configuration, Cybersecurity, Data Leak, Data breach, Cybercriminals, Social Security, National Public Data Search Phrases: What are today's top cybersecurity news stories?, Tines generative AI security risks, FakeBat malware protection, FlightAware data breach user impact, Cybersecurity measures for CISOs, Understanding malvertising threats, How to safeguard against data leaks, Mandiant findings on malware, Protecting personal information from breaches, Addressing skill shortages in cybersecurity -- Transcript: Aug20 You probably heard about the data breach that alleged the compromised, the personal information of nearly every American citizen exposing social security numbers addresses. And so much more to the dark web cybercriminals. And so today we're going to talk about how this happened, what data was impacted and what you can do to make sure you stay safe. With your social security number on the dark web. Thousands of flight aware, users are now urged to reset their passwords after a configuration error, exposed, sensitive, personal data. For over three years. How did this FlightAware configuration error managed to leak user data for such an extended period of time. Cyber criminals are exploiting popular software searches to spread the fake bat malware using malvertising campaigns and Trojan ISED M S I. X installers to infect unsuspecting users. And finally a recent survey by tines shows that 98% of large tech executives have halted their generative AI projects due to security risks. What strategic measures are CSOs employing to overcome the biggest blockers to AI implementation in their organization. You're listening to the daily decrypt.. Hackers have allegedly infiltrated, a company known as national public data or NPD to steal un-encrypted personal information of billions of people, including social security numbers addresses. And family member names. This breach attributed to the hacker group, U S D O D in April of 2024, puts almost everyone at risk of identity theft. If your data was a part of this breach, which it likely is. People can access it or bid on it on the dark web. So if they could open new financial accounts or take out loans in your name. Luckily, this type of fraud is very preventable. All you have to do is contact the three major credit bureaus and place freezes on your accounts. And even before this breach, this is something that I would recommend to everybody. Unless they're in the process of buying a new home. Or opening up a new credit card. You don't need your credit accounts to be unfrozen. And this is something that I actually didn't do until about a year ago during the, at T and T breach. Where my social security number was also linked to the dark web. And I was very shocked to see how quickly it could be done. They all have web based interfaces where you can go sign up for an account. And click a button to place a freeze on your credit. It's also important to know that once your information is out there, it's out there forever. There's no company that can go and scrub your data from the dark web. If any company is selling you that service? It's not a real service. It's a scam. Or if you purchase the services of a specific company, Uh, under the impression that they can do that. Maybe they're not actually selling that, but maybe that's what you're thinking they're going to do. They're not going to be able to do that. What they are going to be able to do is coach you through the process of placing these credit freezes and help inform you about what that will actually prevent. Alternatively, you can listen to this episode of the daily decrypt and continue to for these tips for free. But placing these freezes on your credit. Essentially just prevents people or entities from running soft or hard credit checks. Against your credit. Which is the barrier for most lines of credit, like new credit cards or home loans. And so by proxy, it prevents new home loans and new credit cards from being opened in your name, which is one of the biggest risks for having your social security number out there. Now if an attacker is really motivated to get you personally, they can use that information to do all kinds of damage, primarily in information gathering about you. To craft more effective phishing campaigns against you. Which is the secondary risk of this type of data breach. So besides placing these credit checks, just be extra vigilant when you're looking at and clicking links through texts or emails. Knowing that this information can help craft more effective phishing emails. Look at everything skeptically. And you should be good to go. Very similarly to that last story. There's an app called FlightAware, which is the world's largest flight tracking platform. That has just revealed a major security data incident. FlightAware discovered a configuration error dating back to January of 2021, which exposed user data for over three years. This data that it exposed can include your user ID, password, email address. And possibly even more sensitive information like your full name, billing and shipping address, social media accounts, phone number, and even social security number. The error was fixed by flight aware on July 25th, 2024. So just a few weeks ago. But the breaches duration leaves significant room for potential misuse of your data. As we talked about in that last story. So if you have a FlightAware account, you'll need to reset your password immediately. If you log into the platform, it will prompt you to do so on your next login. But what they're not going to tell you is that you also need to change. The password to every account that uses the password to your FlightAware account. And that's because the username and combo that was leaked in the FlightAware data breach. We'll now be entered into every one of your accounts automatically. It's not a personal target. They're just going to. Try their luck and see if you may be reuse that username, Cabo password, if that's ringing any bells for you. PEI go change your password. To all of those accounts, and if it sounds too daunting to do that task manually. Or you're not even sure what accounts share passwords. It's time to start using a password manager. I personally use one password as do all of my friends. And I have almost a thousand accounts in there just for myself alone. Managing that amount of passwords is impossible, especially trying to maintain unique passwords. Across all of them. Nobody's memory can handle that. It will also create secure random passwords for you. So you don't have to use your creativity to come up with them or just changing the. The characters that follow the password. Which, by the way, if you use a password, even similar to the one. That was leaked in your FlightAware bridge. That too is considered compromised because attackers will do manipulations common manipulations to all passwords and just use those to try to log into your accounts as well. It's all automated. So, yeah, if you want more information about a password manager, Check out one password. There's also a blog on our website@thedailydecrypt.com that will outline. A simple three-step process to converting over to a password manager. It doesn't have to be as daunting as it may sound. FlightAware is also offering a free 24 month identity protection package through Equifax. So given these two stories back to back. Whoever is listening is likely impacted. Go take advantage of that. That will actually. Monitor for any credit inquiries to Equifax. In addition to you placing those freezes. Like I highly don't. I highly recommend against. Simply monitoring because by the time you get that alert, it's a little too late, right. Place the freeze, and then sign up for that free monitoring. And if you can't tell. Passwords are getting breached every day. I don't like talking about data breaches on this platform. I don't like hearing about them because they happen so frequently. I don't consider it cybersecurity news. The only reason this one made the cut is because they were so long standing. This one has been going on for three years. But if you're hearing this and you still don't use a password manager and you don't change your passwords, the implications are pretty bad. Go do that. Reach out to us on Instagram or YouTube, if you want any help or guidance along that process. It really is a lot simpler of a workflow as well. Like it's a quality of life improvement and a security improvement. I promise you it's worth it. Cyber criminals are using popular Google searches. To help them craft more effective info stealing campaigns. So, what does this mean? They're letting Google tell them what people are searching for specifically around business-related softwares. So for example, if you're going to Google and you're looking for a software that will help you manage personnel. Or manage your tasks or store your documents, et cetera. You're going to go to Google and you say, what are the best softwares? For this type of business task. Well, Google will happily give you the information. If you look for it about what is the most common things to search for around this space, right? So hackers are taking that information. And they're creating fake websites that will offer you services. Inline with what you're searching for. These websites might be carbon copies of actual services. That you could find on the web that would satisfy your search. Or they could be new services. After they've created these imitation websites, they purchase Google ads to get those websites at the top of the search results specifically. For what you're searching for. Then within those websites. You're going to click a link. That's going to download a malware called fake bat. This malware will live in the installer for the software. You're trying to find and download such as brave, like the browser. Key pass, which I'm assuming is a password manager notion, which is like a confluence style thing. Steam for games and zoom for business meetings online. It's important to know that even if you know the software you're searching for like, ah, I'm looking for notion, someone recommended it, you Google the words, notion. That first link. If it's an ad, can still be malicious. So not everyone is searching for what's a business software I can use to hold all my documents. Some of them are just searching for, Hey, where do I go to download notion? That download link. You click from Google. If it's a paid advertisement, could be malicious. And we always say it on this podcast. Just don't click ads. If you don't have to. That's one of the best ways you can avoid this type of thing. And finally 98% of large tech executives have paused AI initiatives due to security risks. This was discovered by an automation from tines during a recent survey and reveals the top barriers to AI adoption. 66% of CSOs, worry about losing control over this sensitive information. This can be anything from customer data, employee data. All the way down to proprietary code, you're feeding into AI to have it help you fix. 60% of the CSOs report lacking AI expertise. 51% find friction between departments from cross-functional teams to align on AI priorities and risks. 49% face issues without dated systems. So choose AI tools to integrate seamlessly with your existing tech stacks. This survey by times can be very valuable, especially if you're someone who's trying to get your CSO to allow you to use AI. AI. Has a lot of potential for automating a lot of work. And freeing up capacity for more impactful work. But. If you have a good CSO. They're going to try to push back on the security risks. Check out the article linked in the show notes below for more information on how and what statistics you can use to help combat your CSOs fears. And start using AI in your workplace. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.
In today's episode, we explore the latest cybersecurity issues, including Sophos' discovery of the new EDRKillShifter utility used in RansomHub ransomware attacks, vulnerabilities in Microsoft's Azure Health Bot Service, and the implications of the recent CrowdStrike outage. We also discuss the White House's $11M plan to enhance open-source security, emphasizing the importance of robust protective measures and collaboration. Tune in to stay informed on the evolving landscape of cybersecurity threats and defenses. Video Episode: https://youtu.be/-BIB59LxVpQ 00:00 - Intro 01:14 - Ransomware attackers introduce new EDR killer to their arsenal 02:30 - White House details $11M plan to help secure open source 04:42 - Researchers Uncover Vulnerabilities in AI-Powered Azure Health Bot Service 07:01 - Misguided lessons from CrowdStrike outage could be disastrous Article URLs: https://news.sophos.com/en-us/2024/08/14/edr-kill-shifter/ https://www.cybersecuritydive.com/news/white-house-11-million-secure-open-source/724223/ https://thehackernews.com/2024/08/researchers-uncover-vulnerabilities-in_0471960302.html https://www.cybersecuritydive.com/news/misguided-lessons-crowdstrike-outage/723991/ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Sophos, EDRKillShifter, ransomware, endpoint protection, cybersecurity, Biden administration, open source software, infrastructure, Azure Health Bot Service, patient data, breaches, CrowdStrike, automated patching, cyber resilience Search Phrases: What are today's top cybersecurity news stories? Newest threats in cybersecurity today How to protect against ransomware in 2023 Effective endpoint protection strategies Latest updates on the Open Source Software Prevalence Initiative How to secure open source software Cybersecurity measures for healthcare organizations Preventing breaches in AI-powered healthcare bots Benefits of automated patching versus manual updates Ensuring cyber resilience with automated patching
In today's episode, we explore the rapid adaptation of phishing attacks driven by AI and Phishing as a Service, examine the vulnerabilities in Solarman and Deye solar systems that could lead to power disruptions, and analyze the recent hack targeting the Trump 2024 campaign. We discuss how phishing attacks are leveraging events like the CrowdStrike BSOD, the 2024 Olympics, and UEFA Euro 2024, threatening businesses and individuals alike. Understand how threat actors exploit technological advancements to execute sophisticated phishing campaigns and what you can do to protect against them. Video Episode: https://youtu.be/iFeDkvPcKZY https://thehackernews.com/2024/08/how-phishing-attacks-adapt-quickly-to.html https://thehackernews.com/2024/08/researchers-uncover-vulnerabilities-in.html https://www.forbes.com/sites/daveywinder/2024/08/11/trump-2024-campaign-hack-explainer-what-how-who-and-why/ 00:00 - Intro 01:14 - Trump 2024 Hack 03:15 - Solar Panel Vulnerability 05:15 - AI and PhaaS Fuel Phishing Surge Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags phishing, AI, Phishing as a Service, cybersecurity, AI-driven phishing, cybersecurity news, Solarman, Deye, vulnerabilities, power blackouts, hackers, Mint Sandstorm, dossier, political landscape, cyber threat groups Search Phrases What are today's top cybersecurity news stories? How to defend against AI-driven phishing attacks Cybersecurity news podcast episode Latest tech vulnerabilities in solar management platforms How phishing attacks surged in recent years Mint Sandstorm hacking group and political implications Cyber threats to solar management systems Internal breaches in political campaigns Safeguarding against Phishing as a Service attacks Impact of hacking on political campaigns
In today's episode, we dive into security vulnerabilities affecting Roundcube Webmail, Progress WhatsUp Gold, and Microsoft 365, discussing how flaws such as CVE-2024-42008, CVE-2024-4885, and a bypass method using CSS could allow attackers to steal sensitive information or execute remote code. We also explore the innovative Linux kernel exploitation technique "SLUBStick," which elevates limited heap vulnerabilities to arbitrary memory read-and-write capabilities, potentially leading to privilege escalation. Tune in to hear expert insights on how these vulnerabilities could be exploited and the recommended mitigations to safeguard your systems. Video Episode: https://youtu.be/47sS-AKK2qo 00:00 - Intro 01:14 - SLUBStick Linux Kernel 02:37 - Microsoft 365 Phishing Alert Bypassed with CSS 04:45 - Roundcube Webmail Vulnerabilities 05:49 - WhatsUp Gold RCE Flaw URLs: https://thehackernews.com/2024/08/roundcube-webmail-flaws-allow-hackers.html https://thehackernews.com/2024/08/new-linux-kernel-exploit-technique.html https://www.bleepingcomputer.com/news/security/critical-progress-whatsup-rce-flaw-now-under-active-exploitation/ https://www.bleepingcomputer.com/news/security/microsoft-365-anti-phishing-feature-can-be-bypassed-with-css/ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Roundcube, vulnerabilities, hackers, updates, SLUBStick, exploit, Linux kernel, WhatsUp Gold, CVE 2024 4885, RCE, exploitation, Microsoft 365, anti-phishing, CSS Search Phrases: What are today's top cybersecurity news stories? What are the major vulnerabilities found in Roundcube? How can hackers steal emails using Roundcube? What is SLUBStick and how does it exploit the Linux kernel? What updates have been released for Roundcube vulnerabilities? How can users protect their accounts from Roundcube vulnerabilities? What is CVE-2024-4885 in WhatsUp Gold? How can admins secure WhatsUp Gold servers against CVE-2024-4885? How to protect against phishing given the Microsoft 365 vulnerability? What are the latest cybersecurity updates for Microsoft 365?
In today's episode, we dive into CrowdStrike's refutation of Delta Air Lines' claims over the recent IT failure, the recent surge of Magniber ransomware attacks targeting home users worldwide; we explore how Chinese APT group StormBamboo compromised an ISP to deliver malware, and discuss newly uncovered vulnerabilities in Microsoft Windows Smart App Control and SmartScreen. Join us for this deep dive into current cybersecurity threats and incidents. Video Episode: https://youtu.be/ODwu0Dhpm1Y 00:00 - Intro 01:08 - Crowdstrike v Delta 03:38 - Home Ransomware 06:07 - ISP Compromise 07:36 - Windows Flaw URLs: https://arstechnica.com/information-technology/2024/08/crowdstrike-claps-back-at-delta-says-airline-rejected-offers-for-help/ https://www.bleepingcomputer.com/news/security/surge-in-magniber-ransomware-attacks-impact-home-users-worldwide/ https://www.helpnetsecurity.com/2024/08/05/compromised-isp-dns-malware/ https://thehackernews.com/2024/08/researchers-uncover-flaws-in-windows.html Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: CrowdStrike, Delta Air Lines, software update, disruption, StormBamboo, DNS poisoning, cyberespionage, Volexity, Microsoft's vulnerabilities, Smart App Control, threat actors, Apache OFBiz, CVE-2024-38856, remote code execution, cyberattacks Search Phrases: What are today's top cybersecurity news stories? How to protect against Magniber ransomware Steps to take if files are encrypted by ransomware Latest Magniber ransomware outbreak CrowdStrike and Delta Air Lines software update issue Impact of software update failures on airline operations Prevention of DNS poisoning attacks Chinese cyberespionage group StormBamboo latest activities Securing software update mechanisms against malware Windows Smart App Control vulnerabilities How threat actors bypass SmartScreen security measures
In today's episode, we uncover the CrowdStrike outage's silver linings, delve into Microsoft's warning about VMware ESXi authentication bypass exploits, expose the Proofpoint email routing flaw used in massive spoofed phishing campaigns, and explore the creation of 3,000 fake GitHub accounts by Stargazer Goblin for malware distribution. 00:00 - Intro 01:14 - Ransomware gangs exploit VMware ESXi 03:02 - Proofpoint Flaw Exploited for EchoSpoofing Phishing Campaign 05:12 - Stargazer Goblin Exploits GitHub 06:42 - CrowdStrike Outage Spurs Cybersecurity Overhaul https://www.helpnetsecurity.com/2024/07/29/crowdstrike-outage-positive-effects/ https://www.bleepingcomputer.com/news/microsoft/microsoft-ransomware-gangs-exploit-vmware-esxi-auth-bypass-in-attacks/ https://thehackernews.com/2024/07/proofpoint-email-routing-flaw-exploited.html https://thehackernews.com/2024/07/stargazer-goblin-creates-3000-fake.html Video Episode: https://youtu.be/412WyUptaN0 Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags CrowdStrike, Cybersecurity, Transparency, Mitigate, Ransomware, VMware ESXi, CVE-2024-37085, Hypervisors, Proofpoint, EchoSpoofing, Phishing, Misconfiguration, Stargazer Goblin, Malware, GitHub, Check Point Search Phrases What are today's top cybersecurity news stories? Impact of CrowdStrike outage on cybersecurity practices Latest cybersecurity updates and improvements How to mitigate ransomware attacks Protecting VMware ESXi from vulnerabilities Preventing CVE-2024-37085 exploitation EchoSpoofing phishing campaign details Measures against email system misconfiguration Securing GitHub from malicious activities Understanding Stargazer Goblin malware attacks
In today's episode, we delve into a security flaw in WhatsApp for Windows that allows Python and PHP scripts to execute without warning, a new malicious PyPI package targeting macOS for stealing Google Cloud credentials, and how cybercriminals bypassed Google's email verification to exploit Google Workspace accounts. Additionally, we explore the controversial use of AI surveillance at the Paris 2024 Olympics, examining its possible long-term impacts on privacy and security. Stay tuned as we unpack these pressing cybersecurity issues. 00:00 - Intro 01:14 - At the Olympics, AI is watching you 02:47 - Crooks Bypassed Google's Email Verification 05:15 - Malicious PyPI Package Targets macOS 07:32 - WhatsApp lets Python, PHP scripts execute with no warning https://www.bleepingcomputer.com/news/security/whatsapp-for-windows-lets-python-php-scripts-execute-with-no-warning/ https://thehackernews.com/2024/07/malicious-pypi-package-targets-macos-to.html https://krebsonsecurity.com/2024/07/crooks-bypassed-googles-email-verification-to-create-workspace-accounts-access-3rd-party-services/ https://arstechnica.com/ai/2024/07/at-the-olympics-ai-is-watching-you/ Video Episode: https://youtu.be/4GS2Ofq4uW4 Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Meta, vulnerability, Python, security, WhatsApp, Windows, scripts, Telegram, exploit, power users, developers, PyPI, malicious package, lr-utils-lib, macOS, Google Cloud, credentials, cybercriminals, enterprise systems, developers, authentication, vulnerabilities, Workspace, email verification, user protection, Paris, AI algorithms, CCTV cameras, urban security, Olympics Search Phrases: What are today's top cybersecurity news stories? Why is Meta not blocking Python and PHP scripts on WhatsApp for Windows? How dangerous is the WhatsApp for Windows vulnerability? What was the Telegram exploit related to script execution? How to avoid downloading malicious PyPI packages? What are the risks of using lr-utils-lib on macOS? How were Google Cloud credentials targeted by lr-utils-lib? What vulnerabilities exist in Google Workspace authentication? How are AI algorithms used in urban security monitoring? Security concerns of AI surveillance during the Paris 2024 Olympics
In today's episode, we discuss Google Chrome's new download warnings for risky password-protected archives, the incident involving KnowBe4 mistakenly hiring a North Korean hacker leading to an infostealer attack, and CrowdStrike's software crash attributed to an undetected error in their testing infrastructure. Video Episode: https://youtu.be/G5tlyuMPFVw 00:00 - Intro 01:28 - CrowdStrike Testing Errors 04:17 - KnowBe4 Hires North Korean Spy 06:19 - Chrome's New AI-Powered Download Warnings Original URLs: https://www.bleepingcomputer.com/news/google/google-chrome-now-warns-about-risky-password-protected-archives/ https://www.bleepingcomputer.com/news/security/knowbe4-mistakenly-hires-north-korean-hacker-faces-infostealer-attack/ https://www.cybersecuritydive.com/news/crowdstrike-software-crash-undetected-error/722258/ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Google Chrome, AI-powered, warning system, online security, KnowBe4, North Korean hacker, Infostealer, AI, CrowdStrike, software crash, bugs, testing infrastructure Search Phrases: What are today's top cybersecurity news stories? How is Google Chrome's new AI-powered warning system enhancing online security? Ways to protect against malicious password-protected downloads Latest updates in cybersecurity technology Techniques North Korean hackers use to infiltrate companies Real-life examples of cyber attacks using stolen identities Impact of CrowdStrike software crash on global systems Best practices for testing infrastructure in software development Case study on KnowBe4's encounter with North Korean hackers How AI is being used in cyberattacks and security measures
In today's episode, we explore US sanctions on Russian hacktivists from the Cyber Army of Russia Reborn (CARR) for cyberattacks on critical infrastructure and Google's surprising decision to halt phasing out third-party cookies in Chrome. We also explore the emergence of the new ICS malware 'FrostyGoop' targeting critical infrastructure and a Telegram zero-day vulnerability dubbed 'EvilVideo' that enabled attackers to disguise malicious Android APKs as video files. 00:00 - Intro 01:14 - Google Retains Third-Party Cookies in Chrome 03:01 - Telegram Flaw 04:34 - Frosty Goop 05:58 - US Sanctions Russian Hackers US sanctions Russian hacktivists who breached water facilities: https://www.bleepingcomputer.com/news/security/us-sanctions-russian-hacktivists-who-breached-water-facilities/ Google Abandons Plan to Phase Out Third-Party Cookies in Chrome: https://thehackernews.com/2024/07/google-abandons-plan-to-phase-out-third.html New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure: https://thehackernews.com/2024/07/new-ics-malware-frostygoop-targeting.html Telegram zero-day allowed sending malicious Android APKs as videos: https://www.bleepingcomputer.com/news/security/telegram-zero-day-allowed-sending-malicious-android-apks-as-videos/ Video Episode: https://youtu.be/AHs5yEhPSS8 Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Sanctions, Russian cybercriminals, US government, Cyber Army of Russia Reborn, Google, cookies, privacy, user-choice prompt, regulatory challenges, Dragos, FrostyGoop, malware, Modbus TCP, Industrial Control Systems, critical infrastructure, Telegram, EvilVideo, Android, ESET, zero-day, cybersecurity news Search Phrases: What are today's top cybersecurity news stories? Impact of US sanctions on Russian cybercriminals Google's user-choice prompt for privacy Cyber Army of Russia Reborn attacks on US facilities Protecting Industrial Control Systems from malware Dragos FrostyGoop malware attack in Ukraine Details on Telegram EvilVideo vulnerability Steps to safeguard Android devices from malware US government response to cyber threats How ESET discovered Telegram EvilVideo flaw
In today's episode, we dissect CrowdStrike's recent Falcon platform update for Windows that inadvertently triggered system crashes, impacting customers globally (https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/). We also explore how cybercriminals exploited this mishap to distribute Remcos RAT malware in LATAM (https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html) and discuss the UK arrest of a suspected Scattered Spider hacker linked to the 2023 MGM Resorts ransomware attack (https://www.bleepingcomputer.com/news/security/uk-arrests-suspected-scattered-spider-hacker-linked-to-mgm-attack/). 00:00 - Intro 01:14 - UK Nabs Teen Hacker Tied to MGM Attack 03:48 - CrowdStrike Update Glitch Fuels Remcos RAT Attack 06:16 - Falcon Update Triggers BSOD on Windows Systems https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/ https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html https://www.bleepingcomputer.com/news/security/uk-arrests-suspected-scattered-spider-hacker-linked-to-mgm-attack/ Video Episode: https://youtu.be/9X3DtcQc2E4 Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: CrowdStrike, update, Windows defense, system crash, cybercriminals, Remcos RAT, phishing, arrest, 17-year-old, Scattered Spider, MGM Resorts, global cyber event, ransomware attack, cyber defense updates, system stability Search Phrases: What are today's top cybersecurity news stories CrowdStrike Windows update crash July 2024 Latest cybersecurity updates and vulnerabilities How Remcos RAT malware is affecting devices Preventing system crashes from antivirus updates Steps to identify legitimate CrowdStrike representatives Phishing schemes targeting cybersecurity updates Arrest of 17-year-old hacker linked to MGM ransomware Scattered Spider hacking group news International collaboration in cybersecurity enforcement
Show Notes In this episode of WUKY News, host Clay Wallace sits down with cybersecurity expert Colin to discuss a recent breach affecting AT&T customers. Earlier this year, cybercriminals accessed metadata from AT&T customers, detailing the numbers they interacted with, the frequency of texts, and call durations. Although the breach did not include message content or personal information, it highlights significant vulnerabilities in cloud security. AT&T recently informed customers that while the data breach occurred, there is no evidence of the data being publicly released or used illegally. The compromised metadata includes phone numbers and interaction records from May 1st to October 31st, 2022. Colin, a security software developer and host of the Daily Decrypt podcast, explains that this breach is part of a larger issue stemming from increased reliance on cloud storage. He emphasizes that while the cloud is often considered cheaper, more flexible, and more secure, storing data with third-party cloud services shifts the responsibility for data security. Companies like AT&T, Advanced Auto Parts, and Ticketmaster, which also faced breaches, stored data on the cloud service provider Snowflake. Many organizations created accounts with just usernames and passwords, neglecting additional security measures. Cybercriminals exploited this by purchasing stolen login credentials from the dark web and using them to access Snowflake accounts. details how phishing attacks can lead to info-stealer malware, which captures login credentials. Without multi-factor authentication (MFA), these credentials can be easily misused. He stresses that if MFA had been enabled, the breaches could have been prevented as unauthorized login attempts would have been flagged. For over 160 companies using Snowflake, the lack of MFA led to significant data breaches, including customer records from AT&T, Taylor Swift tickets from Ticketmaster, and social security numbers from Advance Auto Parts. Snowflake has since mandated MFA for all new customers. Colin offers advice on basic data protection steps, such as using end-to-end encrypted messaging services and being cautious about the amount of personal information shared with companies. Ultimately, he advocates for stricter regulations to protect user data, calling for legislative action and involvement from bodies like the SEC to ensure companies implement robust security measures, including multiple forms of authentication and physical encryption keys. https://www.wuky.org/local-regional-news/2024-07-18/two-factor-authentication-could-have-prevented-at-t-data-breach-affecting-110-million-customers Tags metadata breach, AT&T data breach, cybersecurity, cloud security, multi-factor authentication, data protection, regulatory measures, Snowflake compromise, data breach prevention Search Phrases AT&T metadata breach 2024 Snowflake cloud security breach Multi-factor authentication importance Cybercriminals accessing metadata Cloud storage security risks Protecting user data in the cloud Regulatory measures for data protection Steps to prevent data breaches
In today's episode, we discuss Kaspersky's exit from the U.S. market and their six-month free security software offer amidst regulatory challenges, Trump's allies drafting an AI-focused executive order for potential military tech advancements, and North Korean hackers updating their BeaverTail malware to target macOS users. For more details, visit the original articles at the following links: https://www.bleepingcomputer.com/news/security/kaspersky-offers-free-security-software-for-six-months-in-us-goodbye/ https://arstechnica.com/information-technology/2024/07/trump-allies-want-to-make-america-first-in-ai-with-sweeping-executive-order/ https://thehackernews.com/2024/07/north-korean-hackers-update-beavertail.html 00:00 - Intro 01:00 - Kaspersky Exits U.S., Offers Free Security 02:34 - Trump Allies Draft AI 'Manhattan Projects' Order 05:21 - North Korean Hackers Target MacOS with BeaverTail Video Episode: https://youtu.be/gnlxZhcVIUI Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags Kaspersky, US market, national security concerns, ban, Trump, AI, military, regulations, North Korean, BeaverTail malware, macOS, hackers Search Phrases What are today's top cybersecurity news stories? Why did Kaspersky exit the US market? National security concerns related to Kaspersky ban How will the Kaspersky ban affect American users? Trump's AI military policy 2025 Executive order to boost AI in military North Korean macOS malware threats Protecting macOS from BeaverTail malware New regulations for AI technology under Trump Updates on North Korean hackers targeting the US
In today's episode, we discuss a 20% rise in ransomware activity in Q2 2023, driven primarily by the ransomware group LockBit and impacting U.S.-based businesses most heavily, as reported by Reliaquest. We also explore Void Banshee APT's exploitation of CVE-2024-38112 to spread Atlantida malware via spear-phishing campaigns, and the NullBulge group's data breach of Disney in protest against AI-generated artwork. Finally, we cover Microsoft's announcement of new checkpoint cumulative updates for Windows to improve update efficiency. URLs: https://www.cybersecuritydive.com/news/ransomware-leak-site-increase/721480/ https://www.helpnetsecurity.com/2024/07/16/cve-2024-38112-void-banshee/ https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-new-windows-checkpoint-cumulative-updates/ https://www.theguardian.com/technology/article/2024/jul/16/hackers-claim-disney-data-theft-in-protest-against-ai-generated-artwork 00:00 - Intro 01:14 - Hackers Leak Disney Data Over AI Art 02:58 - Microsoft Unveils Efficient 'Checkpoint' Updates 04:18 - Void Banshee Exploits Windows Flaw, Microsoft Fumbles 06:05 - LockBit Surge Drives 20% Ransomware Spike Video Episode: https://youtu.be/lRuQiv-KWnQ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Ransomware, attacks, LockBit, organizations, Void Banshee, APT, MSHTML vulnerability, Trend Micro, Microsoft, Checkpoint, cumulative updates, bandwidth, NullBulge, hacktivists, Disney, AI-generated artwork Search Phrases: What are today's top cybersecurity news stories? How did ransomware group LockBit contribute to the spike in ransomware attacks during May? Ransomware attacks on organizations in Q2 Void Banshee APT exploits CVE-2024-38112 vulnerability Trend Micro's Zero Day Initiative findings on MSHTML vulnerability Microsoft checkpoint cumulative updates for Windows Benefits of Microsoft's new cumulative updates NullBulge hacktivists' breach of Disney's network AI-generated artwork controversy in cybersecurity Latest trends in hacktivism and digital protests
In today's episode, we discuss how cybercriminals exploit Facebook ads to distribute SYS01 password-stealing malware (https://www.bleepingcomputer.com/news/security/facebook-ads-for-windows-themes-push-sys01-info-stealing-malware/), Microsoft 365 Defender disruptions caused by recent Windows Server updates (https://www.bleepingcomputer.com/news/microsoft/june-windows-server-updates-break-microsoft-365-defender-features/), the SEXi ransomware rebranding to APT INC and targeting VMware ESXi servers (https://www.bleepingcomputer.com/news/security/sexi-ransomware-rebrands-to-apt-inc-continues-vmware-esxi-attacks/), and weaknesses in Squarespace security leading to domain hijacks targeting cryptocurrency businesses (https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/). Video Episode: https://youtu.be/feJqlYfCHZw Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags Trustwave, Cybercriminals, Facebook Ads, Malware, Windows Server 2022, Microsoft 365 Defender, Network Detection and Response, Patch Tuesday, Ransomware, VMware ESXi, APT INC, Encryptors, Babuk, LockBit 3, Squarespace, Security Flaws, Domain Hijacks, Cryptocurrency Websites Search Phrases What are today's top cybersecurity news stories? How are cybercriminals using Facebook ads to distribute malware? Protecting against info-stealing malware in Facebook ads June Patch Tuesday updates Windows Server 2022 issues Microsoft 365 Defender affected by Windows updates Ransomware attacks on VMware ESXi servers APT INC ransomware and its impact on businesses How to mitigate ransomware attacks using Babuk and LockBit 3 encryptors Squarespace security flaws and domain hijacking incidents Securing your domain during migration from Google Domains to Squarespace
In today's episode, we dive into the critical vulnerability in the Exim mail server, tracked as CVE-2024-39929, exposing millions to malicious attachments (https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html). We also discuss the massive data breach at AT&T Corp., exposing phone and SMS records for nearly 110 million customers (https://krebsonsecurity.com/2024/07/hackers-steal-phone-sms-records-for-nearly-all-att-customers/). Lastly, we review Cloudflare's Application Security report detailing how threat actors weaponize proof-of-concept exploits within minutes of their release (https://www.bleepingcomputer.com/news/security/hackers-use-poc-exploits-in-attacks-22-minutes-after-release/). 00:00 - Intro 00:53 - Exim Mail Servers Vulnerable to Malicious Attachments 02:04 - AT&T Data Breach Exposes 110M Call Records 03:23 - Hackers Exploit PoCs in 22 Minutes Video Episode: https://youtu.be/Fe0YXWRxxyM Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags Exim, CVE, Vulnerable, Attackers, Malware, Security, Cybersecurity News, Exploits, AT&T Breach, Data Exposure, Customer Data, Cloudflare, Security Report, Hackers, Cyber Threats, Proof-of-Concept Exploits, Security Measures Search Phrases What are today's top cybersecurity news stories? Latest Exim mail server vulnerabilities CVE-2024-39929 critical flaw details How to protect against Exim server attacks AT&T data breach 2023 impact Cloudflare security report highlights Real-world proof-of-concept exploits timeline Preventing breaches in cloud databases Security measures for mitigating cyber threats How hackers exploit vulnerabilities quickly
In today's episode of The Daily Decrypt, we celebrate our 100th episode with a special panel discussion on personal privacy and security. Hosts Trae, Colin, and Bill dive into real-life scenarios of phishing attacks, SIM swapping, and data breaches involving brands like PayPal, Navy Federal, Ticketmaster, and Neiman Marcus. The panel also shares actionable tips on password management, using canary tokens, and enhancing cybersecurity awareness to protect against evolving threats. Video Episode: https://youtu.be/0pNmZ3QfUWk 00:00 - Intro / Thanks for Listening 01:51 - Trae just ignores his emails 05:10 - Trae hangs up on scammers (and legit people too) 15:54 - Bill uses aliased emails 20:01 - Trae keeps up with data breaches 24:49 - Bill uses a password manager 27:20 - Trae changes his SIM pin 31:45 - Colin uses deception to detect intruders Tags: cybersecurity, phishing, SIM swapping, data breaches, PayPal, Navy Federal, Ticketmaster, Neiman Marcus, password management, canary tokens Search Phrases: How to protect against phishing attacks Best practices for password management in 2024 How to secure your SIM card from swapping attacks Latest data breaches: PayPal, Ticketmaster, Neiman Marcus Cybersecurity tips from The Daily Decrypt podcast How to use canary tokens for cybersecurity Real-life examples of phishing scams How to enhance personal privacy and security Strategies for cybersecurity awareness training
In today's episode, we delve into how AI-enhanced software Meliorator was used to spread Russian disinformation on X (formerly Twitter), as detailed by the US Justice Department (DoJ). We also discuss the ViperSoftX malware disguising as eBooks on torrents, uncovered by Trellix security researchers, and examine how the new EstateRansomware group exploited a Veeam Backup Software vulnerability to launch attacks. Lastly, we cover Check Point and Morphisec's findings on zero-day vulnerabilities CVE-2024-38112 and CVE-2024-38021, and the urgency of applying Microsoft's recent patches. Video Episode: https://youtu.be/ZeL8oo0HRBY Original URLs: https://www.helpnetsecurity.com/2024/07/10/russian-disinformation-x/ https://thehackernews.com/2024/07/vipersoftx-malware-disguises-as-ebooks.html https://thehackernews.com/2024/07/new-ransomware-group-exploiting-veeam.html https://www.helpnetsecurity.com/2024/07/10/cve-2024-38112-cve-2024-38021/ Sign up for digestible cyber news delivered to your inbox: news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Russian disinformation, AI-enhanced software, Meliorator, social media bot farms, US Justice Department, domain seizure, digital army, fake personas, propaganda, ViperSoftX, malware, eBooks, torrent sites, Common Language Runtime, AutoIt, PowerShell commands, EstateRansomware, Veeam Backup & Replication, FortiGate firewall, vulnerability, ransomware attack, Check Point Research, Windows, CVE-2024-38112, Microsoft, patch, remote code execution, deceptive .url files, cyber threats. Search Phrases: Russian disinformation bot farms AI-enhanced software in social media How Meliorator spreads fake news Protect against ViperSoftX malware Ransomware exploiting Veeam vulnerability FortiGate firewall security flaw Latest cyber threats Check Point Research CVE-2024-38112 vulnerability details Microsoft's latest security patch Prevent remote code execution attacks
In today's episode, we explore a critical remote code execution vulnerability in the Ghostscript library (CVE-2024-29510) exploited in the wild (https://www.bleepingcomputer.com/news/security/rce-bug-in-widely-used-ghostscript-library-now-exploited-in-attacks/), the significant impact of the CDK Global cyberattack on Sonic Automotive's sales and operations (https://www.cybersecuritydive.com/news/sonic-automotive-sales-decline-cdk-attack/720722/), and the rise of the Eldorado ransomware-as-a-service targeting Windows and Linux systems (https://thehackernews.com/2024/07/new-ransomware-as-service-eldorado.html). Tune in to get the latest insights and expert opinions on these pressing cybersecurity issues. Video Episode: https://youtu.be/dGMbjah4Gho Sign up for digestible cyber news delivered to your inbox: news.thedailydecrypt.com 00:00 - Intro 01:00 - Eldorado RaaS Encrypts Windows, Linux Files 03:50 - CDK Cyberattack Cripples Sonic Automotive Sales 05:42 - Ghostscript RCE Bug Exploited in Active Attacks Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Episode Tags Ghostscript, CVE-2024-29510, vulnerability, EPS, remote code execution, Linux systems, high-risk attacks, document conversion, protection, Sonic Automotive, CDK Global, cyberattack, financial performance, Ransomware-as-a-Service, Eldorado, encryption, cross-platform technologies Search Phrases How to protect against Ghostscript CVE-2024-29510 vulnerability Sonic Automotive cyberattack news Impact of CDK Global cyberattack on Sonic Automotive Eldorado ransomware encryption techniques Ghostscript EPS files exploit Ransomware-as-a-Service latest threats Financial impact of cyberattacks on automotive industry Advanced cross-platform ransomware Ghostscript remote code execution vulnerability 2024 Eldorado ransomware victims 2024 Jul9 There is a new ransomware as a service named Eldorado that is now encrypting files on both windows and Linux systems using advanced cross-platform technologies. And it's already targeted 16 victims across multiple industries since its debut in March of 2024. How does Eldorados ransomware encryption method differ from the other well-known strains, like lock bit or baboon? The effects of the CDK global ransomware attack. A few weeks ago, still remain as Sonic automotive vehicle sales have plummeted. How are CDK customers recovering and what are the longterm impacts? It might have on their financial performance. And finally. Thursday, remote code execution, vulnerability in ghost script that comes pre-installed on many Linux systems. That's now being exploited. Through EPS files disguised as JPEGs. How can you protect? The document conversion services against this go scrip, vulnerability. You're listening to the daily decrypt. It's both a sad and exciting day when we get to announce a new ransomware as a service operation. This time it's named Eldorado. And it targets both windows and Linux systems with specialized locker variants. It's specific strain of malware surfaced on March 16th, 2024. As of late June Eldorado has claimed 16 victims with 13 in the U S two in Italy and one in Croatia. And specifically it's targeting industries, including real estate education, professional services, healthcare and manufacturing. So it seems like they don't really have a type they're just looking to get their foot in the door. Eldorado. Is similar to all of the major names in ransomware as a service as it is a double extortion ransomware service which is a devilish tactic that builds on the traditional form of ransomware where threat actors. Would gain access to a network. Encrypt all the files. And then sell you the decryption key for an exorbitant amount of money. So that you can decrypt the files and carry on with your business. Well, it's now evolved to that. Plus they exfiltrate all your data and threatened to sell it on the dark web. If you don't pay. Which is much more effective because standard practices to back up your data. So you can get back up online. And if you do that correctly, Encrypting your data. It doesn't do anything because you'll be able to back it up. Oftentimes it's not done correctly. And your backups are also encrypted. But in the case, We're backups are appropriately implemented. These ransomware artists use double extortion. And this service has all the indicators that is very organized. As the affiliate program was advertised on the ransomware forum ramp, which. Indicates a level of professionalism and organization. You'd see in the top ransomware as a service groups. A security research firm was able to infiltrate this ransomware group and identified the representative as a Russian speaker. And noted that Eldorado does not share any sort of code with the previously. Leaked ransomware like locked bit or Bebout. And like mentioned before. This Target's primarily windows and Linux environments. And the encrypter comes in four different formats. ESX PSI. Yes. 6 64 when and when 64. Which enhances the flexibility and increases its threat potential across different system architectures. Eldorado uses Golang for its cross-platform capabilities. Cha-cha 20 for filing encryption and RSA. Oh, AEP for key encryption, it can also encrypt files. On shared networks using SMB. The windows variant employs a PowerShell command to overwrite the locker file with random bites before deleting it. Uh, aiming to erase the trace. Of the threat actor. And for more key indicators of compromise. Check out the article by the hacker news in our show notes. And I'm hopeful that we won't hear much more about this ransomware as a service. But given its capabilities, we probably will. This next story hits a little close to home, which is why I chose to include it in this episode as my car. Stopped working last night. And I got to spend an hour and a half on the phone with the technicians. Just trying to find me an appointment because all of the scheduling was still down due to the ransomware attack. Needless to say. I couldn't get an appointment at the dealership for. Over a month and a half. Which is in line with what the news is reporting. As an effect of the CDK global ransomware attack that happened three or four weeks ago. So Sonic automotive, which is a fortune 500 company has reported a significant drop in car sales. Since June 19th. Which is due to the fact that all their systems were down. So they weren't able to process these car sales at the same speed people. People still want to buy cars. They just can't. You know, it's kind of like fast food. Is a process that changed the market completely. As far as restaurants go. Because they're just able to serve more and more customers. Faster, thus making more money. But it's like if the stove got ransomwared and we had to take the stove down, right. There are alternate methods. Like maybe they go get some hot plates from target or whatever, but it just slows down the process. Which is exactly what ransomware can do. In fact, over 15,000 car dealerships across north America, rely on CDKs cloud-based services. And in the past couple of weeks, CDK was actually able to fully recover, bringing their core services back online. But the trickle down effect is that. These individual dealers still have to keep their services offline. Or we're unable to fully restore their services. So, yeah, this is just one example of how long it takes to recover. From a ransomware attack. And how helpless you can be if the ransomware attack happened earlier on in the supply chain, like it did here. And finally the hottest new vulnerability being exploited in the wild. Is there a remote code execution vulnerability found in the ghost script document conversion toolkit. That is widely used on Linux systems. And often integrated with software, like. Image magic Libra office. Inkscape scribe us. And all kinds of other softwares. This vulnerability affects all installations of ghost script 10. Point zero 3.0 and earlier it allows attackers to escape the dash D safer sandbox, enabling dangerous operations, such as command execution. And file IO. Attackers are exploiting this vulnerability in the wild. Using EPS files disguised as JPEG images to gain shell access to these vulnerable systems. If you work in it. And either no, or unsure. If your systems are vulnerable. Cody and labs has developed and released a postscript file. That can be used to detect these vulnerable systems. So make sure to check out the link by bleeping computer in the show notes below. So you can keep your system safe. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.
In today's episode, we delve into the recent extortion attempt on Ticketmaster involving leaked Taylor Swift Eras Tour tickets by ShinyHunters, and the subsequent response from Ticketmaster (https://www.bleepingcomputer.com/news/security/hackers-leak-alleged-taylor-swift-tickets-amp-up-ticketmaster-extortion/). We also explore Cloudflare's detailed analysis and mitigation actions related to a BGP hijacking incident affecting its DNS resolver service, 1.1.1.1 (https://www.bleepingcomputer.com/news/security/cloudflare-blames-recent-outage-on-bgp-hijacking-incident/). Additionally, we examine the surge in infostealing malware posing as generative AI tools, specifically highlighting threats like GoldPickaxe and RedLine Stealer, with insights from ESET research (https://www.helpnetsecurity.com/2024/07/05/infostealing-malware-generative-ai/). Video Episode: https://youtu.be/d9cGFsZfWnU Sign up for digestible cyber news delivered to your inbox: news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Taylor Swift, Ticketmaster, hackers, Snowflake, Cloudflare, BGP hijacking, DNS resolver service, internet security, cybercriminals, AI tools, GoldPickaxe, Vidar, infostealing malware, concert tickets, data breach Search Phrases: Taylor Swift ticket barcode leak Ticketmaster extortion demands Snowflake data breach Taylor Swift Cloudflare BGP hijacking incident DNS resolver service disruption Internet security solutions Cloudflare GoldPickaxe malware AI tools Vidar infostealing malware protection Cybercriminals using AI for malware Deepfake facial data theft prevention
In today's episode, we explore the exploitation of HTTP File Server (HFS) vulnerabilities by hackers leveraging CVE-2024-23692 to drop malware and Monero miners (https://www.bleepingcomputer.com/news/security/hackers-attack-hfs-servers-to-drop-malware-and-monero-miners/). We also discuss Brazil's temporary ban on Meta's AI data processing due to privacy concerns and its impact on AI development in the region (https://thehackernews.com/2024/07/brazil-halts-metas-ai-data-processing.html). Lastly, we cover the Ethereum mailing list breach, which exposed 35,000 users to a crypto-draining phishing attack (https://www.bleepingcomputer.com/news/security/ethereum-mailing-list-breach-exposes-35-000-to-crypto-draining-attack/). Video Episode: https://youtu.be/WLbxQW5oxO8 Sign up for digestible cyber news delivered to your inbox: news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags Hackers, Monero, AhnLab, CVE-2024-23692, Brazil, Meta, AI data processing, Privacy, Phishing, Ethereum, Lido DAO, Safeguard Search Phrases How hackers exploit HFS vulnerabilities Monero mining malware spread by hackers AhnLab CVE-2024-23692 cybersecurity warning Protecting HFS from CVE-2024-23692 Brazil stops Meta AI data processing Privacy risks in AI data processing Meta AI data processing ban in Brazil Ethereum phishing attack on 35,000 users Preventing phishing in crypto wallets Lido DAO collaboration phishing scam