Podcasts about Bleeping Computer

Don't get duped, doxxed, or drained! In this episode of "Smashing Security" we dive into the creepy world of sextortion scams, and investigate how crypto wallet firm Ledger's Discord server was hijacked in an attempt to phish for cryptocurrency recovery phrases.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Plus! Don't miss our featured interview with Drata's Matt Hillary.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Ledger secures Discord after hacker bot tried to steal seed phrases - CoinTelegraph.Binance Founder CZ Warns: Ledger Discord Hack Targets Recovery Phrases - CoinPedia.Ledger confirms physical scam letters requesting seed phrase in fake security upgrade - The Block.Physical addresses of 270K Ledger owners leaked on hacker forum - Bleeping Computer.Criminals are mailing altered Ledger devices to steal cryptocurrency - Bleeping Computer.New Hello Pervert Email Attack Warning — ‘I Know Where You Live' - Forbes.‘Hello pervert': the sextortion scam claiming to have videoed you - The Guardian."Hello Pervert" Email Is A Total Scam - What You Need To Know - Malware Tips.Scam email sent from my own email address - Microsoft Community.Thunderbolts* review: 'The greatest Marvel offering in years' - BBC.Limelight, Exemplar - BBC Radio 4.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Drata - The world's most advanced Trust Management platform – making risk and compliance management accessible, continuous, and 10x more automated than ever before.Dashlane - Protect against the #1 cause of data breaches - poor password habits. Save 25% off a new business plan, or 35% off a personal Premium plan!

Bleeping Computer reported that a China-linked advanced threat group named Weaver Ant spent more than four years in the network of a telecommunications services provider, hiding traffic and infrastructure with the help of compromised Zyxel CPE routers. Confidence Staveley, Africa's most celebrated female cybersecurity leader, is the founder of the Cybersafe Foundation, a Non-Governmental Organization on a mission to facilitate pockets of changes that ensure a safer internet for everyone with digital access in Africa. In this episode, Confidence joins host Amanda Glassner to discuss. To learn more about Confidence, visit her website at https://confidencestaveley.com, and for more on the CyberSafe Foundation, visit https://cybersafefoundation.org.

Welcome to program 383 of the Technology blog and podcast series. On this program, we're going to talk about an article I recently spotted that talks about malware and more abuse of the accessibility of Android for people who are blind or disabled. This is a Bleeping Computer article and you can also find the blog post on our blog. Search Android accessibility if you wish. The article is titled New">https://www.bleepingcomputer.com/news/security/new-crocodilus-malware-steals-android-users-crypto-wallet-keys/">New Crocodilus malware steals Android users' crypto wallet keys if you are an Android user and are interested on what this does.Finally, we're going to listen to Discarded and the threat research trenches dealing with Takedowns of domains and my thoughts on the domain industry as a whole. This was aired on Throwback Saturday Night for March 8, 2025. If you have questions, comments and or want to say hey, feel free to do so. The email is tech at menvi.org as well as imessage. Text/WhatsApp 804-442-6975 and feel free to leave a comment at 888-405-7524. Have fun with this cast!

Welcome to podcast 231. On this podcast, a very interesting ransomware program out there called EncryptHub. What can it do? This is bad in its own way. News, notes, trivia answers and more. EncryptHub">https://www.bleepingcomputer.com/news/security/encrypthub-breaches-618-orgs-to-deploy-infostealers-ransomware/">EncryptHub breaches 618 orgs to deploy infostealers, ransomware is the article from Bleeping Computer. This may be the new type of Ransomware, and if so, this could be very bad. Have you read this article or the blog post on it that I wrote? If you'd like to support our efforts on what this podcast is doing, you can feel free to donate">http://www.jaredrimer.net/donations.html">donate to the network, subscribing">https://www.986themix.com/mailman/listinfo/thesecuritybox_986themix.com">subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog">https://technology.jaredrimer.net/contact-admins/">blog page found here. Thanks so much for listening, reading and learning! We can't do this alone.

Hello folks, welcome to program 381 of the technology blog and podcast series. We are going to start with an interesting video with Trend Micro that talks about customer success. Making sure customers are happy is the key to having a successful company, and this does not matter what the business is. Next, in our first article we're going to talk about, we're talking about one that should really have more of a punishment than 10 years. The article talks about a guy who basicly sabotoged his former employer after he got terminated. Thinking that he wouldn't be caught at whatever he got caught doing, he put in a kill switch which disabled the company computer network. If you read the article titled Developer">https://www.bleepingcomputer.com/news/security/developer-guilty-of-using-kill-switch-to-sabotage-employers-systems/">Developer guilty of using kill switch to sabotage employer's systems from Bleeping Computer, what did you think of it? Do you agree with the 10 years he ould get if found guilty? Why or why not? Email, imessage, text, WhatsApp or call and leave a comment on the comment line. Let me know if your comments should be aired. Microsoft">https://krebsonsecurity.com/2025/03/microsoft-6-zero-days-in-march-2025-patch-tuesday/">Microsoft: 6 Zero-Days in March 2025 Patch Tuesday comesfrom Krebs On security as we have a segment on Windows Update. If you can, get those updates going. Email/Imessage tech at menvi.orgtext/WhatsApp: 804-442-6975Leave a message or talk to me: (888) 405-7524 or (818) 527-4754. Enjoy the program!

A major employee screening provider discloses a data breach affecting over 3.3 million people. Signal considers exiting Sweden over a proposed law that would give police access to encrypted messages. House Democrats call out DOGE's negligent cybersecurity practices. Critical vulnerabilities in Rsync allow attackers to execute remote code. A class action lawsuit claims Amazon violates Washington State's privacy laws. CISA warns that attackers are exploiting Microsoft's Partner Center platform. A researcher discovers a critical remote code execution vulnerability in MITRE's Caldera security training platform. An analysis of  CISA's JCDC AI Cybersecurity Collaboration Playbook. Ben Yelin explains Apple pulling iCloud end-to-end encryption in response to the UK Government. A Disney employee's cautionary tale.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Caveat podcast co-host Ben Yelin to discuss Apple pulling iCloud end-to-end encryption in response to the UK Government. You can read the article from Bleeping Computer here. Ben is the Program Director for Public Policy & External Affairs at University of Maryland Center for Health and Homeland Security. You can catch Caveat every Thursday here on the N2K CyberWire network and on your favorite podcast app.  Selected Reading 3.3 Million People Impacted by DISA Data Breach (SecurityWeek) DOGE must halt all ‘negligent cybersecurity practices,' House Democrats tell Trump (The Record) Signal May Exit Sweden If Government Imposes Encryption Backdoor (Infosecurity Magazine) Rsync Vulnerabilities Let Hackers Gain Full Control of Servers - PoC Released (Cyber Security News) Lawsuit: Amazon Violates Washington State Health Data Law (BankInfo Security) CISA Warns of Microsoft Partner Center Access Control Vulnerability Exploited in Wild (Cyber Security News) MITRE Caldera security suite scores perfect 10 for insecurity (The Register) CISA's AI cybersecurity playbook calls for greater collaboration, but trust is key to successful execution (CyberScoop) A Disney Worker Downloaded an AI Tool. It Led to a Hack That Ruined His Life. (Wall Street Journal)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A CEO is arrested for turning satellite receivers into DDoS attack weapons, and we journey into the world of bossware and "affective computing" and explore how AI is learning to read our emotions – is this the future of work, or a recipe for dystopia?All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Korea arrests CEO for adding DDoS feature to satellite receivers - Bleeping Computer.Data on our minds: affective computing at work - IFOW. How Much Does 'Bossware' Really Curb Remote Work Slacking? - Inc. MN8 – 2 Channel EEG Headphones - Emotiv.Commercial EEG Headsets for Enterprises - Emotiv.‘Bossware' computer tracking devices harm workers' wellbeing, says report - The Times.Your Company's Bossware Could Get You in Legal Trouble - 1Password.The Abandoned, Apocalyptic Architecture of One Bold 1970s Retail Chain - Atlas Obscura.Bankrupt - BEST Products Co. - YouTube.Defunct BEST Products Store Architecture Documentary - YouTube.Play Winning Cribbage - Amazon.Cribbage Classic - iOS App Store.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password Extended Access Management – Secure every sign-in for every app on every device.BlackBerry - Tune in and empower your team with the knowledge to stay connected, no matter what crisis. Learn more about BlackBerry's critical event management solutions.ThreatLocker - the Zero Trust endpoint protection platform that provides enterprise-level cybersecurity to organizations globally. Start your 30-day free trial today!SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on

Hello folks, welcome to the security box, podcast 217. Its been a long time since we did how notes, as NCSAM doesn't necessarily need show notes per see. We've got a great topic on something I blogged and we talked about awhile back about the braille space. No, not the way braille is written as you know it, but a hexidecimal character used to cause havoc. We'll explain on this podcast. Besides that, we're going to have the news, the notes, the landscape, answers to trivia and more. Please feel free to participate. Starting with this podcast, we're going to have our click to call wigit available so you can feel free to use it to call the comment line and leave your message or talk to us, depending on availability. Thanks so much for listening to the program, and we hope you enjoy! The braille space When writing braille, it is no different than writing print. But braille can be written with hexidecimal characters just like other languages using a computer keyboard. We found an article talking about the fact that this braille character is used to actually hide file extensions, amking you think you're opening one type of file, but opening another. On September 16, 2024: Robert Stepp responded to the email I sent him iquiring to the braille space as a character, and he wrote the following. Hi, There is nothing special about a "braille" space. The 0x2800 character is simply a space in the 8-dot braille page of Unicode (three bytes in UTF-8). Apparently 0x2800 is interesting because is shows as nothing but is parsed as non-whitespace. A bogus filename SomeName.pdfxxxxxxxxxxxxxxxxxxxx.hta where x is the braille space, when written to a FileName box (whose length is too short to show the final .hta without scrolling) appears to be a .pdf file when it is actually a .hta (private malware) file. Any Unicode character, not known by Windows controls to be whitespace (space, thin-space, zero-width- space, etc) would work just as well for this visualization spoof. To read the entire blog post including the article which will lead to our discussion, I did not know there was something called a braille space is the article in which I wrote, linking to the article from Bleeping Computer. For those that just want to dive in to the Bleeping computer article, Windows vulnerability abused braille “spaces” in zero-day attacks will be your article. Thanks Bob for your great insite! Its much appreciated. Contacting the podcast If you would like to contact the podcast folk, please use the following info which goes to Jared and can be shared with the rest of the contributors as needed: Email/imessage: jaredrimer@986themix.com or tech@menvi.org which go to Jared. Text or WhatsApp: 804-442-6975 Call the comment line at (888) 405-7524 or use the click to call button located in the show notes. If available, Jared can take your call below. You may also call long distance by calling (818) 527-4754. Supporting the podcast If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone. Internet Radio affiliates airing our program Our Internet Radio stations that carry us include International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Microsoft describes a macOS vulnerability. A trio of healthcare organizations reveal data breaches affecting nearly three quarters a million patients. Group-IB infiltrates a ransomware as a service operation. Instagram rolls out new measures to combat sextortion schemes. Updates from Bitdfender address Man-in-the-Middle attacks. An Alabama man is arrested for allegedly hacking the SEC. In our Industry Voices segment, Gerry Gebel, VP of Strata Identity, describes how to ensure identity continuity during IDP disrupted, disconnected and diminished environments. CISOs want to see their role split into two positions. Game Freak's Servers Take Critical Hit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we have our Industry Voices segment with Gerry Gebel, VP of Products and Standards at Strata Identity, discussing how to ensure identity continuity during IDP disrupted, disconnected and diminished environments. Resources to learn more:  Identity Continuity™: How to have uninterrupted IDP access Resilience in extreme conditions: Why DDIL environments need continuous identity access Selected Reading macOS Vulnerability Could Expose User Data, Microsoft Warns (Infosecurity Magazine) Microsoft warns it lost some customer's security logs for a month (Bleeping Computer) 3 Longtime Health Centers Report Hacks Affecting 740,000 (GovInfo Security) Cicada3301 ransomware affiliate program infiltrated by security researchers (SC Media) Instagram Rolls Out New Sextortion Protection Measures (Infosecurity Magazine) Bitdefender Total Security Vulnerability Exposes Users to Man-in-the-Middle Attacks (Cyber Security News) Alabama Man Arrested in SEC Social Media Account Hack That Led the Price of Bitcoin to Spike (SecurityWeek) CISOs Concerned Over Growing Demands of Role (Security Boulevard) Pokémon video game developer confirms its systems were breached by hackers (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

WordPress's emperor, Matt Mullenweg, demands a hefty tribute from WP Engine, and a battle erupts, leaving millions of websites hanging in the balance. Meanwhile, the Internet Archive, a digital library preserving our online history, is under siege from hackers.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:WP Engine is not WordPress - WordPress.Secure Custom Fields - ​​WordPress.Tweet from Advanced Custom Fields.Advisory: Advanced Custom Fields changes - Tim Nash.WordPress saga escalates as WP Engine plugin forcibly forked and legal letters fly - The Register.Internet Archive hacked, data breach impacts 31 million users - Bleeping Computer.The Internet Archive is still down but will return in ‘days, not weeks' - The Verge.Dimsdale podcasts - OTR radio drama comedy and more.Jeff Goldblum's furiously fun Greek gods drama is a masterpiece - The Guardian.KAOS - Netflix.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password Extended Access Management – Secure every sign-in for every app on every device.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!Flashpoint - Access the industry's best threat data and intelligence.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on

Video Episode: https://youtu.be/BQoTaqXLZlw In today’s episode, we discuss the FBI’s unprecedented creation of a fake cryptocurrency, NexFundAI, aimed at exposing widespread manipulation in the crypto market, leading to multiple arrests in Operation Token Mirrors. We also cover OpenAI’s confirmation that threat actors are leveraging ChatGPT to write malware, significantly enhancing their cyber-attack capabilities. Lastly, we examine the Iranian threat actor OilRig exploiting a Windows kernel flaw in espionage campaigns, while Microsoft announces the deprecation of legacy VPN protocols PPTP and L2TP to enhance security. Sources: 1. The Hacker News – https://thehackernews.com/2024/10/fbi-creates-fake-cryptocurrency-to.html 2. Bleeping Computer – https://www.bleepingcomputer.com/news/security/openai-confirms-threat-actors-use-chatgpt-to-write-malware/ 3. The Hacker News – https://thehackernews.com/2024/10/oilrig-exploits-windows-kernel-flaw-in.html 4. Bleeping Computer – https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-pptp-and-l2tp-vpn-protocols-in-windows-server/ Timestamps 00:00 – Introduction 01:07 – FBI Fake Crypto NexFundAI 02:13 – OpenAI reports ChatGPT used by criminals 03:37 – OilRig exploiting a Windows kernel flaw 06:05 – Microsoft deprecates VPN protocols PPTP and L2TP 1. What are today’s top cybersecurity news stories? 2. How is the FBI using cryptocurrency to combat market manipulation? 3. What actions has OpenAI taken against threat actors using ChatGPT for malware? 4. What recent cyber espionage activities have been linked to the Iranian group OilRig? 5. Why has Microsoft deprecated PPTP and L2TP VPN protocols in Windows Server? 6. How are threat actors leveraging ChatGPT for cybercrime? 7. What vulnerabilities are being exploited by the OilRig group in their latest campaigns? 8. What steps is the U.S. DoJ taking to tackle cryptocurrency fraud? 9. What are the risks of wash trading in cryptocurrency markets? 10. How are generative AI tools changing the landscape of cybercrime? NexFundAI, crypto fraud, Operation Token Mirrors, market manipulation, OpenAI, ChatGPT, cybercrime, generative AI, OilRig, cyber espionage, Windows Kernel, STEALHOOK, PPTP, L2TP, SSTP, IKEv2,

Interpol arrests eight in an international cybercrime crackdown. A MedusaLocker variant targets financial organizations. Cloudflare mitigates a record DDoS attempt. Insights from the Counter Ransomware Initiative summit. Fin7 uses deepnudes as a lure for malware. Researchers discovered critical vulnerabilities in DrayTek routers. CISA issues urgent alerts for products from Synacor and Ivanti. A former election official gets nine years in prison for a voting system data breach. Microsoft and the DOJ seize domains used by Russia's ColdRiver hacking group. On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. to learn how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. Harvard students demonstrate glasses that can see through your privacy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices Segment On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. Eric talks about how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. You can check out Strata's blog on “Understanding the 7 A's of IAM” and their book on “Identity Orchestration for Dummies”.  Selected Reading International police dismantle cybercrime group in West Africa (The Record) New MedusaLocker Ransomware Variant Deployed by Threat Actor (Infosecurity Magazine) Cloudflare Mitigates Record Breaking 3.8 Tbps DDoS Attack (Hackread) Recently patched CUPS flaw can be used to amplify DDoS attacks (Bleeping Computer) More frequent disruption operations needed to dent ransomware gangs, officials say (CyberScoop) FIN7 hackers launch deepfake nude “generator” sites to spread malware (Bleeping Computer) 14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries (Security Affairs) CISA Warns Active Exploitation of Zimbra & Ivanti Endpoint Manager Vulnerability (Cyber Security News) Former Mesa County clerk sentenced to 9 years for 2020 voting system breach (CyberScoop) Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (Bleeping Computer) Someone Put Facial Recognition Tech onto Meta's Smart Glasses to Instantly Dox Strangers (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

FOLLOW UP: GHOSN ORDERED TO RETURN YATCH Carlos Ghosn has lost his appeal over the ruling that he must return his luxury yacht and repay approximately $32 million, to Nissan. This could prove tricky as he is in Lebanon and due to geopolitical issues, it may be tricky to send someone to go pick it up. To learn more, click this article link from The Autopian. JLR INVESTS £500M IN HALEWOOD PLANTIn order to build hybrid vehicles and prepare for their electric future, JLR are updating the Halewood plant to the tune of £500 million. They will also be able to build combustion engined vehicles at the same facility. Click this article link to The Guardian. NISSAN BUYS MORE SHARES BACK FROM RENAULTNissan is buying another 5% of shares back from Renault as the Rebel Alliance continues to dissolve. Estimated to be worth around $551 million which will help Renault's finances. If you wish to learn more, click this article link from Automotive News Europe. UK GOVERNMENT HAS NO PLANS FOR PAY-PER-MILE CHARGE YETIn a surprise move, the UK Government has confirmed that it will not be announcing a pay-per-mile charging scheme, which many expected as a replacement for fuel duty and VED. That is not to say it isn't going to happen at some stage. Click here to read more from Top Gear. KIA DEALER PORTAL VULNERABILITY FOUNDSecurity researchers found a flaw in the Kia dealer portal which allowed them to take remote control of vehicles, find their location, examine details of customers and more using only the license plate information. This was reported to Kia who have fixed the issue and confirm no one maliciously accessed their systems via this method. To read more on this, click here for the Bleeping Computer article. LUXURY VEHICLES STILL GETTING TO RUSSIASky News has followed up an earlier investigation and found that luxury vehicles, including those from British manufacturers, are finding their way to Russian customers via other countries. We are not sure what the car brands can do to prevent this, as it is not from them directly. If you want to see what is going on, click this link here to read more. POLESTAR ANNOUNCE INFOSYS AS SOFTWARE PARTNERPolestar is going to partner up with Infosys, the Indian IT giant, for their infotainment, driver assistance and connected services software. We REALLY hope Polestar has the people to check and tripple check the software that is produced. We are not confident this will be a good move. You can read more by clicking this article link from The Register. If you like what we do, on this show, and think it is worth a £1.00, please consider supporting us via Patreon. Here is the link to that

Transport for London (TfL) suffers a cybersecurity incident and tells its 30,000 staff they will all have to their identities verified... in-person. Who might have been behind the attack and why? Meanwhile, Donald Trump's curious relationship with cryptocurrency is explored.All this and Demi Moore is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.(This episode was recorded before the former US President survived a second assassination attempt)Episode links:TFL cybersecurity incident announcement.TFL Employee Hub.DICK'S shuts down email, locks employee accounts after cyberattack - Bleeping Computer.MGM Resorts shuts down IT systems and slot machines go quiet following "cybersecurity incident" - Hot for Security.Teenage suspect in MGM Resorts hack arrested in Britain - The Record.Arrest made in NCA investigation into Transport for London cyber attack - NCA.Donald Trump Prepares to Unveil World Liberty Financial, a Cryptocurrency Business - The New York Times.Behind the Trump Crypto Project Is a Self-Described ‘Dirtbag of the Internet' - Bloomberg. Cryptocurrency price on July 22: Bitcoin hits $68,000 level, Dogecoin, Avalanche surge up to 11% - The Economic Times.Trump vows to make US ‘world capital of crypto,' taps Musk for new task force - CoinTelegraph.What bankers need to know about Trump's World Liberty Financial - Yahoo! Finance. Bitcoin soars to two-week high after Trump attack - Reuters.Trump pitches himself as 'crypto president' at San Francisco tech fundraiser - Reuters.Aave fork on...

WARNING ISSUED FOR UK NEW CAR MARKETCox Automotive, the automotive consultancy that helps those selling cars, has warned that the last quarter of 2024 will be very difficult for brands and dealers in the UK. They have gone so far as to liken the struggles they foresee as similar to those faced in the economic turmoil of the 2008 financial crash. To read more and get a better understanding of what is facing OEMs, click this Autocar article link here. CATERHAM SEPARATES EV BUSINESS Caterham has created a separate business that is focused on the EV side of things. Named Caterham Evo, it has been funded by investors as profits from the main business are not enough for the development. For more on this, click here to read the Autocar article. FORD REVISING EV PLANSFord has announced it is canning a planned three-row large electric SUV, which will now be a hybrid, will pursue a mid-sized pick-up (that's mid sized for the US, so think Ranger) and will refuse to launch an EV unless it can be profitable in the first 12 months, according to InsideEVs. This will add costs and delay product launches. Click here to read more. COUNCILS TO DECIDE ON SPEED LIMITS AND LTNSLouise Haigh, the new Transport Secretary, has stated that councils will decide if roads should be 20mph and if areas should be covered by Low Traffic Neighbourhood (LTNs) schemes. However, she did say that the implementation or not, needs to involve the local communities. If you want to read more on this, click this Autocar article link here. TOYOTA US DATA STOLENToyota US has had data stolen and leaked. This data included customer, staff, financial, contracts and credentials. There is speculation that the information has come from a back up server as one date found, on the files, was December 2022. To find out more, click this Bleeping Computer link here. If you like what we do, on this show, and think it is worth a £1.00, please consider supporting us via Patreon. Here is the link to that CLICK HERE TO SUPPORT THE PODCAST As discussed in the show, there is a new way to play podcasts on non-Apple devices as they have brought the Podcast app to web browsers. Click this Podnews link to find out how to install and use it on your device. Thank you to James Cridland, the editor at Podnews, for making it easy to help more people listen to podcasts (and hopefully ours) with that guide.NEW NEW CAR NEWS - Mazda EZ-6Mazda unveiled the EZ-6 at a Chinese motor show, originally for that market, but is now coming to Europe with a chance it will be brought to the UK too. The design is the antidote to all the swooshes, slashes and dents that seem to be so very en vogue. Click this Autocar

Apps can let you spy on strangers in bars, a gang of cryptocurrency thieves turns to kidnap and assault, and have you joined the mile-high evil twin club?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of the brand-new "The AI Fix" podcast (co-hosted with Graham!).Talk about nepotism.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Hoos Out Tonight? Dundee medical student launches new app which reveals ‘hot' pubs - The Courier.‘It's completely invasive': New app lets you spy on SF bars to see if they're poppin' - San Francisco Standard.Florida Man Convicted in Violent Crypto Theft Spree - Crypto Daily.Inside a Violent Gang's Ruthless Crypto-Stealing Home Invasion Spree - Wired.Man charged over creation of ‘evil twin' free WiFi networks to access personal data - Australian Federal Police.Police allege 'evil twin' in-flight Wi-Fi used to steal info - The Register.Australian charged for ‘Evil Twin' WiFi attack on plane - Bleeping Computer.Suno - make a song about anything.The AI Fix podcast - hosted by Graham Cluley and Mark Stockley.Putty Pals - Nintendo Switch.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:1Password Extended Access Management – Secure every sign-in for every app on every device.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter via Patreon or Apple Podcasts for ad-free episodes and our early-release feed!FOLLOW US:Follow us on Twitter at...

Bleeping Computer reports that threat actors hacked into Disney's internal servers looking for old Club Penguin secrets, but ended up stealing 2.5 GB of up-to-date internal information regarding Disney's much larger business. In this episode, host Paul John Spaulding is joined by Kyle Haglund, Senior Audio Engineer at Cybercrime Magazine, Sam White, Video Producer at Cybercrime Magazine, and Amanda Glassner, Deputy Editor at Cybercrime Magazine, to discuss. • For more on cybersecurity, visit us at https://cybersecurityventures.com

Microsoft makes Recall opt-in. The Senate holds hearings on federal cybersecurity standards. Snowflake's scrutiny snowballs. New York Times source code is leaked online. Ransomware leads to British hospitals' desperate need for blood donors. Cisco Talos finds 15 serious vulnerabilities in PLCs. Sticky Werewolf targets Russia and Belarus. Frontier Communications warns 750,000 customers of a data breach. Chinese nationals get prison time in Zambia for cybercrimes. N2K's CSO Rick Howard speaks with Danielle Ruderman, Security GTM Leader, AWS about what keeps CISOs up at night. DIY cell towers can land you in hot water.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K's CSO Rick Howard speaks with Danielle Ruderman, Security GTM Leader, AWS about what keeps CISOs up at night and learnings from AWS CISO Circles. Today, our team is at the AWS re:Inforce this week. Stay tuned for our coverage. Selected Reading Windows won't take screenshots of everything you do after all — unless you opt in (The Verge)  US Senate Committee holds hearing on harmonizing federal cybersecurity standards to address business challenges (Industrial Cyber) What Snowflake isn't saying about its customer data breaches (TechCrunch) New York Times source code stolen using exposed GitHub token (Bleeping Computer) London Hospitals Seek Biologics Backup After Ransomware Hit (GovInfo Security) Cisco Finds 15 Vulnerabilities in AutomationDirect PLCs (SecurityWeek) Sticky Werewolf targets the aviation industry in Russia and Belarus (Security Affairs) Frontier warns 750,000 of a data breach after extortion threats (Bleeping Computer) 22 Chinese Nationals Sentenced to Long Prison Terms in Zambia for Multinational Cybercrimes (SecurityWeek) Two arrested in UK over fake cell tower smishing campaign (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft gets itself into a pickle with a privacy-popping new feature on its CoPilot+ PCs, the FTC warns of impersonated companies, and has your company hiring North Korean IT workers?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by author, journalist, and podcaster Geoff White.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Microsoft's new Windows 11 Recall is a privacy nightmare - Bleeping Computer.Statement in response to Microsoft Recall feature - ICO.Arizona woman charged in North Korean IT worker scheme that raised millions - CNN.Charges and Seizures Brought in Fraud Scheme Aimed at Denying Revenue for Workers Associated with North Korea - US Department of Justice.New FTC Data Shed Light on Companies Most Frequently Impersonated by Scammers - FTC website.Who's who in scams: a spring roundup - FTC.Udio.Geoff's Labyrinth ext v2 - Graham's AI song about Geoff White's book “Rinsed”.“Nuclear War” by Annie Jacobsen - Amazon.The Patient - Disney+.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 20% off!Kolide – Kolide ensures that if your device isn't secure it can't access your cloud apps. It's Device Trust for Okta. Watch the demo today!Kiteworks – Step into the future of secure managed file transfer with Kiteworks.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or

In today's episode, we delve into the warning issued by the NSA and FBI regarding the APT43 North Korea-linked hacking group's exploitation of weak email DMARC policies to conduct spearphishing attacks. The podcast also covers a significant counterfeit operation involving fake Cisco gear infiltrating US military bases, creating a $100 million revenue stream. Lastly, we explore how Iranian hackers posing as journalists are utilizing social engineering tactics to distribute backdoor malware, breaching corporate networks and cloud environments. To read more about the topics discussed, visit https://www.bleepingcomputer.com/news/security/nsa-warns-of-north-korean-hackers-exploiting-weak-dmarc-email-policies/, and https://arstechnica.com/information-technology/2024/05/counterfeit-cisco-gear-ended-up-in-us-military-bases-used-in-combat-operations/, and https://www.bleepingcomputer.com/news/security/iranian-hackers-pose-as-journalists-to-push-backdoor-malware/ 00:00 Massive Counterfeit Scam Unveiled: A Decade of Deception 01:08 Deep Dive into the Counterfeit Cisco Gear Scandal 04:14 The Art of Social Engineering: A Hacker's Best Tool 07:05 Protecting Against Cyber Threats: Insights and Recommendations 08:46 Wrapping Up: Stay Informed and Secure Tags: North Korea, APT43, DMARC, spearphishing, hacking, group, email, policies, attacks, intelligence, journalists, academics, organizations, prevent, security, policy, configurations, counterfeit, scam, Florida resident, gear, revenue, networking gear, US military, security, Air Force, Army, Navy, officials, stop, operation, Iranian, APT42, Nicecurl, Tamecat, hackers, backdoor, malware, social engineering, tactics, custom, blend operations, evade detection. Search Phrases: How to prevent APT43 spearphishing attacks Counterfeit scam Florida military security risk Actions to stop massive counterfeit operation Iranian hackers impersonating journalists APT42 malware tactics Nicecurl and Tamecat backdoor malware Techniques to breach corporate networks and cloud environments Evading detection in cyber attacks North Korea hacking group APT43 US military response to counterfeit gear scam May6 A Florida man was just sentenced to six and a half years in prison for running a massive counterfeit scam that ran from 2013 to 2022 where he sold fake Cisco networking gear to the US military. This resulted in over 100 million of revenue for this man while also putting our US military operations at risk. How did he get away with this for so long? Iranian hackers are impersonating journalists to distribute backdoor malware known as APT42 in order to harvest both personal and corporate credentials in an attempt to infiltrate corporations at large. What social engineering tactics are they using to help blend in with normal operations and evade detection? And speaking of impersonating journalists, a North Korean hacking group is exploiting DMARC policies to conduct spear phishing attacks aimed at collecting sensitive intelligence, while impersonating journalists and academics to do so. What actions can organizations take to prevent these spear phishing attacks? You're listening to The Daily Decrypt. So just last week on Thursday, a Florida man named Onur Aksoy, who is also known by Ron Axoy and Dave Durden, which sounds almost like a Fight Club reference to me, was sentenced to 78 months, or 6 and a half years, for orchestrating a counterfeit scheme that generated over 100 million in revenue, all by selling fake Chinese Cisco networking gear to the US military. This clearly would pose a significant risk to the US military's security. Because it was utilized in critical applications, including combat operations and classified information systems. This man, who I'm going to refer to as Dave Durden because I like alliteration and I like Fight Club, has been partaking in this counterfeit operation starting in 2013 all the way to 2022, receiving multiple cease and desist letters throughout those years, yet still continued to get fake Cisco networking gear into the hands of the US military. So since this has been going on for so long, and so much money has been spent on this, these pieces of fake Cisco networking equipment have spread out across the country, across the world, and will be very difficult to remove from the US military as a whole. Because they've been integrated into critical systems. And anyone who works in IT knows that it's very hard to even patch one of these devices, let alone swap it out for something with different components, because this isn't an actual Cisco router. And as reported by Ars Technica, technica. Cisco estimates that their products being sold on the quote IT gray market is costing them about 1. 2 billion dollars, billion with a B, each year. Along with the unmeasurable reputational risks that go along with fake gear touting your brand name. And with a price tag that high, I would imagine Cisco should spin up a whole department that could cost less than 1. 2 billion dollars a year just to track down these counterfeit marketers. And who knows, maybe they do have that. If you work for one of these departments or you know of them, please leave a comment and let me know. But yeah, this really just highlights the need for more robust security measures in the military IT supply chain. By no means am I an expert in military spending, but I do know that there are actual laws, rules, and regulations that govern how the military spends money, and it involves opening up a bid for very large purchases where the lowest bidder wins the contract. So in this case, the gear that this man, Dave Durden, sold to the U. S. military was valued well over a billion dollars. Yet the reason he was so successful is he was willing to sell it for 80 90 percent off, making only 100 million off of this gear. And though that is the fiscally responsible thing to do with U. S. taxpayers money, You can see how this would sort of breed this environment for counterfeit gear, because you can't make the actual gear cost less than the counterfeit gear, so the counterfeit gear is going to win. And with the ease of spinning up eBay and Amazon Marketplace, I'm sure we'll see a lot more cases like this coming out in the near future. So in case you didn't know this, social engineering, which is the art of As it sounds, engineering other people to do what you want them to do is one of the most effective hacking techniques out there. And it doesn't involve writing a single line of code, or even using a computer at all, if you know what you're doing. It's just like it sounds, manipulating people into doing what you want them to do. So in this case, the Iranian state backed threat actor. known as APT42, has been using social engineering tactics, impersonating journalists and academics to breach corporate and cloud environments of Western and Middle Eastern targets. So they're essentially posing as these people to build trust and rapport with their targets. And then eventually they ask the target. to download a Dropbox document or article or something related to their conversations. But instead of a document, they'll be downloading some custom backdoors named Nice Curl or Tame Cat in order to gain command execution and data exfiltration capabilities. Now if you're curious to see what these accounts and fake journalists look like, check out the article by Bleeping Computer in the show notes. It contains some fun screenshots of profiles that are being used and they look very convincing. The documents that the targets will end up downloading often use what's called macros, which when opened up it's like Word asks you if you'd like to enable macros to Utilize the full potential of this document. And after having trust built with these threat actors, targets are much less likely to think twice when clicking accept. People, especially in corporate environments, are used to accepting security risks and accepting toggle boxes and all this stuff constantly throughout the day, so it's almost become mundane to do so. And this is just another example of that. But there is a good rule of thumb on this. If you download a document from the internet and you don't personally know someone who's sending it to you, don't enable macros, especially if it's just full of information. Macros are used to have more interactive documents because it allows these documents to open up applications and interact with other applications on your computer. You don't need that for journalistic articles or academic articles. Because, yeah, this allows for the document to do anything on your computer, depending on the permissions requested, such as launch custom backdoors and install malware. For the listeners who work in the InfoSec community, the article linked in the show notes by Bleeping Computer references a report by Google's Mandiant that contains some YARA rules in detecting these custom backdoors. So make sure to check those out and implement them in yours or your customers environments. And speaking of impersonating journalists, the NSA and FBI have issued a warning regarding the APT43 North Korea linked hacking group exploiting weak email, domain based message authentication, reporting, and confirmance DMARC policies to carry out spear phishing attacks. The attackers are able to utilize misconfigured DMARC policies to send spoof emails, posing as credible sources like journalists and academics specializing in East Asian affairs. The goal of these spear phishing campaigns orchestrated by the DPRK is to gather intelligence on geopolitical events, foreign policy strategies of adversaries, and any information impacting the DPRK interests by illicitly accessing targets private documents and communications. The primary mission of APT 43 operatives, which is also known as KimSuki, is to provide stolen data and valuable geopolitical insight to the North Korean regime by compromising policy analysts and experts. So I personally don't know any policy analysts or experts, especially in this type of realm, but if you happen to be listening to this and you happen to be somebody who might be affected by this, pay extra attention to the emails you receive validating their authenticity, especially from researchers. in eastern asian affairs again, if you work in information technology, the FBI recommends updating your DMARC security policies to utilize configurations outlined in another article by Bleeping Computer in the show notes below. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.

From malware developers targeting child exploiters with ransomware, to major cloud services exposing credentials, learn how digital vigilantes and technological oversights shape online security. Featuring insights on the United Nations' latest ransomware dilemma, uncover the intricate web of cybersecurity challenges faced globally. URLs for Reference: Malware Dev lures child exploiters into honeytrap to extort them AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs United Nations agency investigates ransomware attack, data theft Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: cybersecurity, ransomware, malware, cloud security, digital threats, cyber vigilantes, tech giants, United Nations, cyber attack, data theft, CryptVPN, AWS, Google Cloud, Azure, CLI tools, BleepingComputer, The Hacker News Search Phrases: Cyber vigilante justice malware extortion Cloud CLI tools security vulnerabilities United Nations cyberattack investigation CryptVPN ransomware against child exploiters AWS, Google, and Azure CLI tools leaking credentials Impact of ransomware on global organizations Cybersecurity threats in cloud computing Cybersecurity tactics against illegal online activities Data breach at United Nations agency New trends in cyber threats and digital security Transcript: Apr22 Malware developers are now targeting individuals seeking child exploitation material, employing cryptVPN ransomware to extort them by locking their systems and demanding payment, as revealed by Bleeping Computer. What methods are these developers using, and why do I want them to succeed? Leaky CLI, a vulnerability discovered by Orca in AWS, Google, and Azure CLI tools, is exposing sensitive credentials in build logs, putting countless organizations at risk of cyber attacks. What measures can organizations take to prevent sensitive credentials from being exposed by build logs? Finally, hackers have infiltrated the United Nations Development Program's IT systems, stealing sensitive human resources data from its global network dedicated to fighting poverty and inequality. You're listening to the Daily Decrypt. Malware developers are now turning their tactics against individuals seeking child exploitation material, specifically targeting them with ransomware designed to extort money by feigning legal action. This new strain of malware, dubbed CryptVPN, was recently analyzed by Bleeping Computer after a sample was shared with the cybersecurity researcher MalwareHunterTeam. CryptVPN tricks users into downloading a seemingly harmless software, which then locks the user's desktop and changes their wallpaper to a menacing ransom note. The ploy begins with a decoy website that impersonates. Usenet Club, a purported subscription service offering uncensored access to downloadable content from Usenet, which is an established network used for various discussions, which unfortunately also includes illegal content. The site offers several subscription tiers, but the trap is set with the free tier, which requires the installation of the CryptVPN software to access the supposed free content. Now to be honest, I feel like I don't even want to give away these clues to any child predators that may be listening. So I'm going to stop there as far as how the attack works, but I'm really glad that attackers have found this vector because people who are partaking in illegal activities have a lot to lose and are often pretty scared, you know, unless they're complete psychopaths. And and so if someone's able to get the information or lure people into these websites You know, this reminds me of something that happened to me back in my single days. And those of you who know me personally can validate the authenticity of this story, but it might sound a little crazy to just an average listener. But swiping on Tinder, matched with someone, they didn't really want to chat too much, they just wanted to start sending nude photographs. And I personally, it's not my thing, but let's just say I'm not going to unmatch this person for offering. And so nude photographs came through, there was no exchange, but they did ask for photographs of myself, which I was not interested in sending. And in fact, I wasn't really interested in pursuing anyone who would just jump in and send nude photographs. So I stopped talking to them. And about a couple of days later, I got a phone call from a Someone claiming to be the police department, saying that they had gotten my number from this girl's dad, and she's underage, and now they have proof that I've been sending nude photographs to this underage person. Well, I don't know. They accused me of that and that never happened. So immediately I knew it was a scan. But let's just say hypothetically that I had sent pictures to this person. I would be pretty scared receiving this threat. Because my whole life would change, right? If I became a child predator or a sexual predator or whatever it's called, then like a lot of stuff changes. And at the time I was in the military, so that was the end of my military career or whatever. So it's a very similar to that. If you're doing something wrong. And you get caught in a trap, you're very likely to pay the ransom. So first of all, don't mess around with children online. Don't do illegal sexual things. And you have nothing to worry about with this scam. So please stop doing that. Don't do that. And you've got nothing to worry about, it's been recently unveiled that command line interface tools from the tech giants such as Amazon Web Services and Google Cloud are susceptible to exposing sensitive credentials in the build logs, presenting a substantial security hazard to enterprises. This vulnerability is a Which the cloud security firm Orca has dubbed Leaky CLI, involves certain commands on the Azure CLI, AWS CLI, and Google Cloud CLI that could reveal environment variables. Roy Nizmi, a prominent security researcher, highlights in a report to the Hacker News that, quote, some commands can expose sensitive information in the form of environment variables, which can be collected by adversaries when published by tools such as GitHub Actions. In response, Microsoft has proactively addressed this security lapse in its November 2023 update, designating it with the CVE identifier 2023 36052, which carries a critical CVSS score of 8. 6 out of 10. Conversely, Amazon and Google view the exposure of environment variables as an anticipated behavior, advising organizations to refrain from storing secrets within these variables. Instead, they recommend using specialized services like AWS Secrets Manager or Google Cloud Secret Manager, which is a great recommendation. Furthermore, Google has advised users of its CLI tools to employ the dash dash no dash user output enabled option, which prevents the printing of command output to the terminal, thereby mitigating the risk of data leaks. Orca has also identified several instances on GitHub where projects inadvertently leaked access tokens and other sensitive data through continuous integration and deployment tools, including GitHub actions, CircleCI, TravisCI, and CloudBuild, which is always going to be a problem. Take those. Pull request reviews, seriously. Nimzy warns, if bad actors get their hands on these environment variables, this could potentially lead to view sensitive information, including credentials, such as passwords, usernames, and keys, which could allow them to access any resources that the repository owners can. He added that CLI commands are by default assumed to be running in a secure environment. But coupled with CICD pipelines or continuous integration, continuous development, they may pose a security threat. This ongoing issue underscores the critical need for heightened security measures within cloud computing environments. Go out there, get you a new cloud job, my guys. Finally, the United Nations Development Program, or UNDP, has launched an investigation into a significant cyber attack where intruders compromised its IT systems, resulting in the theft of critical human resources data. So, human resources data sounds It's pretty benign to me, like, the way that that's framed seems like nothing, but think about what the data Human Resources has. It's the crown jewels. They've got your social security number for your W 2 form, they've got your previous jobs, they've got your address, they've got your email address, they've got everything. So Human Resources data is nothing to bat an eye at. The agency, which is a cornerstone of the United Nations efforts to combat poverty and inequality worldwide. Confirmed the breach occurred in late March within the local IT infrastructure for the United Nations. Following the detection of the breach on March 27th, thanks to a threat intelligence alert, UNDP acted swiftly. Quote, actions were immediately taken to identify a potential source and contain the effective server as well. As to determine the specifics of the exposed data and who was impacted. The ongoing investigation seeks to fully understand the incident's nature and scope, as well as its impact on individuals whose information was compromised, but to further complicate some matters, the eight base ransomware gang, a group known for its broad attacks on various industries, claimed responsibility for the data theft. On the same day as the breach, they added a new entry for UNDP on their dark web leak site. The documents leaked, according to the attackers, contain a huge amount of confidential information, ranging from personal data to financial records and employment contracts. This cyberattack is not the first the United Nations has suffered. Previous breaches have struck the United Nations Environmental Program and key United Nations networks in Geneva and Vienna, showcasing ongoing vulnerabilities within UNIT systems. Meanwhile, the 8Base group, which claims to target companies neglecting data privacy, continues its surge of attacks, having listed over 350 victims on its data leak site to date. So if you're listening and you know your company is rejecting some data privacy protocols, maybe use this story as incentive to get them to pay more attention to this. That's all we got for you today. Happy Monday. Thanks so much for listening. Please head over to our social media accounts, Instagram, Twitter, Twitter. com. Youtube Give us a follow, give us a like, and send us a comment. We'd love to talk. And we'll be back tomorrow with some more news.

SMS phishing warnings by the FBI and innovative skimming tactics exposed by Sucuri experts. Discover actionable tips to shield yourself and your digital platforms from these sophisticated threats. Join the conversation by sharing your cybersecurity challenges and solutions. 00:00 Kickoff: Live from Cape Canaveral 00:59 Deep Dive into the FBI's Warning on SMS Phishing 06:14 Protecting Yourself Against Smishing and Phishing 13:13 Exploring the Dangers of Default WordPress Credentials Related Articles: FBI warns of massive wave of road toll SMS phishing attacks: https://www.bleepingcomputer.com/news/security/fbi-warns-of-massive-wave-of-road-toll-sms-phishing-attacks/ https://www.ic3.gov/Media/Y2024/PSA240412 Sneaky Credit Card Skimmer Disguised as Harmless Facebook Tracker: https://thehackernews.com/2024/04/sneaky-credit-card-skimmer-disguised-as.html https://blog.sucuri.net/2024/04/credit-card-skimmer-hidden-in-fake-facebook-pixel-tracker.html Hackable Intel and Lenovo hardware that went undetected for 5 years won't ever be fixed: https://arstechnica.com/security/2024/04/supply-chain-snafu-causes-intel-and-others-to-ship-hackable-hardware-for-5-years/ Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for the episode: FBI, SMS phishing, cybersecurity, Sucuri, credit card skimming, Meta Pixel, WordPress, Magento, digital threats, personal data protection, cyber attacks, scam awareness, online security, toll fraud, phishing alerts Search Phrases: FBI SMS phishing alert 2024 How to protect against SMS phishing Sucuri finds credit card skimmer in Meta Pixel script Preventing credit card fraud on WordPress and Magento Latest cyber scams and digital threats Protecting personal information from online scams Understanding toll service phishing scams Cybersecurity tips for digital platforms Identifying fake toll debt notices Enhancing website security against skimmers Transcript: Boyz offsetkeyz: Let's do this so we friggin rocket launch Welcome back to the Daily Decrypt. Coming to you live from Cape Canaveral, Florida. got offsetkeys and dogespan. dogespan: hello. offsetkeyz: we're going to bring you some tasty news. Up first, the FBI has sounded the alarm on a massive SMS phishing wave sweeping across the U. S., targeting unsuspecting individuals with bogus road toll debt notices as part of a sophisticated scam aimed at harvesting personal data. What can you do to protect yourself from falling victim to these SMS phishing scams? dogespan: Cybersecurity experts at Securi have unearthed a cunning credit card skimmer disguised within a fake Metapixel tracker script. Cleverly hidden in customizable code sections of widely used platforms like WordPress and Magneto. How can website administrators safeguard their platforms against such stealthy credit card skimming attacks? offsetkeyz: Alright, so the first story comes to you straight from the FBI, and what better way to deliver the news than to just read the memo that the FBI released. So, here we go. Since early March of 2024, the FBI Internet Crime Complaint Center, or IC3, has received over 2, 000 complaints reporting smishing texts representing road toll collection services from at least three states. The FBI does not mention which three states, so, good luck. The IC3 complaint information indicates the scam may be moving from state to state. Nice. The texts will look something like this. We've noticed an outstanding toll amount of 12. 51 on your record. To avoid a late fee of $50, visit some URL to settle your balance. dogespan: true. And offsetkeyz: true. dogespan: part offsetkeyz: part of the reason dogespan: that so many users have gotten hit, is because If I got a bill for 12, I'd click and pay. And offsetkeyz: the mail. The road department is going to know your phone number. They're not. Your license plate is linked to your address, and then they mail it to you there. dogespan: you there. So, offsetkeyz: So, any text you're getting probably isn't coming from them unless you signed up for it, in which case you would know. The texts claim the recipient owes money for unpaid tolls and contain almost identical language. The outstanding toll amount is similar among the complaints reported to the dogespan: the IC3. offsetkeyz: However, the link provided within the text is created to impersonate the state's toll service name, and phone numbers appear to change between states. ok so they're at least like masqurading as that state Yeah, they are, they are targeting specific states, yes. Which is an easy tactic to take, probably takes the attackers very little time, dogespan: oh yeah offsetkeyz: and is very effective. dogespan: Yeah. So if you receive one of these texts, the following is suggested file a complaint with the IC3 at www.IC3.gov texts I'm gonna admit, I'm actually really guilty of never reporting those names, those scams. I get them all the time. Text messages for like UPS deliveries and stuff. But also like, yeah, I never think of reporting it to the IC3. But I do tend to put on my security researcher hat and offsetkeyz: on dogespan: go click the link. On a safe device, it is always, don't try it at home unless you, you know, know how to virtualize and segment and all that stuff. Um, But yeah, that's usually my approach is I just want to learn what they're doing and I offsetkeyz: report it as dogespan: guess I need to report it as well because it's stopping at me if nobody else reports it. offsetkeyz: I, until you said that, I didn't even consider reporting anything to whom I didn't, I don't know. So I think I've mentioned before on the podcast that you can report things to the FBI, but I personally have never done it. So, yeah, I think both of us, both dogespan and I's takeaway is that we're going to start reporting stuff and imagine how many people also don't report things. So 2, 000 reports came in to the FBI. dogespan: in to the offsetkeyz: Is probably hitting hundreds of thousands of dogespan: people. Yeah, like a, I don't know, what is that, 10%? Yeah. offsetkeyz: What's the reporting rate? How do you study that? I don't know. Not my problem, but if it does happen to you, it really helps dogespan: FBI offsetkeyz: the FBI understand the severity of the situation by you reporting it and they can gather the information. That's your tax dollars hard at work. So make sure you get your bang for your buck there. dogespan: so there. offsetkeyz: So, Pennsylvania Turnpike officials have reacted to these threats by advising customers to avoid clicking on any suspicious links sent via text that claim to resolve outstanding toll amounts. So, by hearing that article, that's mentioned in the article from Bleeping Computer, so Pennsylvania is one of those states. Thanks. They emphasize the importance of deleting the phishing texts immediately, which is interesting. Additionally, the Pennsylvania State Police have issued warnings about these deceptive texts, stressing that the links lead to counterfeit websites designed to harvest personal information. So, they're not coming after money at this point. They're trying to get your credentials to unlock even more than dogespan: credentials to unlock even more than 12. Yeah, this is very offsetkeyz: Yeah, this is very smart, because those types of things keep a lot of people up at night. Unpaid debts, that people are very scared of the banking systems and the credit scores and all that stuff. So if you have this threat of an unpaid debt. And you have the means to afford to pay that unpaid debt, You're gonna go on and hastily pay that so that you can sleep well at night. So in the spirit of security awareness, what can you do as the listener to identify these types of smishing, it's a fun word to say, you should say it, smishing, smishing attack text messages. This podcast, I often mention hanging up the phone and calling the source or the claimed source of text messages or phone calls. So if you're getting a call from, or if you're getting a text message from this toll company, one way to verify is to go Google it, right? Google that toll company, find the website, don't click on the Google ad. Go find the actual listing for the website, go to that website, fill out a contact us form, And say, hey, I received a text that says I have unclaimed debts. Is that real? pro tip from someone who hasn't paid most of their toll fees. They don't. It's not urgent They they'll keep that debt on ya for a while and yeah it might go up a few pennies a couple pennies but honestly I don't think it does I think they come after that toll and that's it the only times I've seen it is if they're tied into the registrationl so when you go to renew your registration it. guys, dogespan: toll. Yeah. offsetkeyz: It might seem easy to pay 12, but you know, there's a lot more at risk than just 12 for your data. I'm, I'm curious if these attackers have infiltrated some sort of toll system, or if they're just shooting them off at random. Because the only other attack, which you had mentioned earlier, is the USPS or UPS package incoming, and what's crazy about that one, dogespan: about offsetkeyz: a family dogespan: one is I always have a package incoming when I get those. offsetkeyz: why are they texting me about my package? Oh, it's not them. I'm going to have to do some research into that because it's just occurring to me now that dogespan: me now offsetkeyz: I always have a package on the way. But luckily the attackers who have purchased that information, or the ones who are conducting the smishing of the UPS, haven't figured it all out yet. I have a screenshot from one of my most recent ones that came from a sexyboy69 at gmail. com text. That's the dogespan: That's the trend. Yes, they've been compromising email accounts to send these out. offsetkeyz: send these out. dogespan: Or they are making bogus. But I've gotten an AOL and a Yahoo before. offsetkeyz: Interesting. there's always some typos, so keep your eye out for typos. In the age of chat GPT and, and large language models, you don't really even have to speak English to get a coherent, smishing message out there. So like, honestly, attackers, there's no excuse for this. Come on, but dogespan: Keep offsetkeyz: keep, yeah, keep an eye out for those indicators. Check with the source. Don't click any links unless you're absolutely positive. Um, if anyone calls you, try to hang up. Like, I, I, you know, moment of truth, I received a call from, I believe it was Pretty Litter, cat litter delivery service, because I cancel my credit card once a year just to, you know, shed all the subscriptions and have to re subscribe, and right after I canceled it, they called and asked for 80 bucks, and I just gave them the new credit card number without calling back, and I felt icky about it. So, dogespan: Did your litter offsetkeyz: anyways, if someone calls you, doesn't matter who it is, Don't give them your credit card information, call them back. It's like, it's inconvenient, but it's going to save you a lot of hassle on the backend. dogespan: I was in that generative AI. Red teaming talk this morning. This, uh, this talk goes into a quick demonstration on a phishing text, er, a phishing email that was created to target a cyber security professional as a test. . So, they targeted Dave Kennedy in this phishing email. And What they did is they sent several GPT agents Scouring the web for personal information about Dave Kennedy. And one of the things that I think has been very prominent in his more recent endeavors is health and, offsetkeyz: know, taking dogespan: um, weight management, you know, taking care of your body, fitness, all of that. So it actually crafted up a really good phishing email that was like, hi, Dave. Um, This is the bodybuilding. com community representative or whatever, and we want to bring you on as a offsetkeyz: you on dogespan: community advocate offsetkeyz: advocate dogespan: or something. And it, it totally like spoke to his interests, and he even, he even said, like as he received that, they were tweeting him, like they gave him a heads up and everything, but he was like, I 100 percent would have clicked on offsetkeyz: have clicked dogespan: And it's a, that's a cyber security offsetkeyz: cyber security dogespan: Yeah. So these generative AIs are getting better and most attackers may not be using it to the full extent, but there will be ones out there that are going to be really good, like the lego. com one we talked about previously. Yeah, that might get me. offsetkeyz: lego. com one we talked about. You're probably going to get me, so there you go. What was that? Did they use ChatGPT officially? I'm mostly curious because, yeah, ChatGPT has built in, safeguards against any malicious activity, so if you ask it for anything that can be used maliciously, like craft a phishing text or craft something that someone would be manipulated by, it's gonna say no, so, dogespan: That goes into just tricking the AI, because you could very easily just say, Hey, you know, this person, here's a couple social media profiles, go find more info on them. And then you say, okay, you know, how can I appeal to this person's interest in an email or something? And offsetkeyz: that's a whole nother conversation we could get into where you can actually give prompts to ChatGPT to make it do whatever you want because large language models like ChatGPT are very smart and very dumb. And they are not very refined. So that's, that's super interesting. The talk that dogespan was mentioning is called Red, Blue, Purple AI, practical AI for security dogespan: security practitioners. offsetkeyz: the speaker is Jason Haddix. dogespan: Yeah, it was a really good presentation. offsetkeyz: Great job, Jason. Cybersecurity experts have uncovered a deviously camouflaged credit card skimmer masquerading as a seemingly harmless metapixel tracker script. Researchers at Sikuri have pinpointed this malware, which sneaks onto websites through seemingly benign tools that permit custom code. plugins such as Simple Custom CSS and JS. dogespan: or offsetkeyz: the miscellaneous scripts section of the Magento admin panel. So that's a little bit of technical jargon. to do a bit more research to figure out like what the heck is even a metapixel tracker. but if you've ever had a business or a website, and you've subscribed to Google Analytics, It's a little snippet of code that you can place in the HTML that allows Google Analytics to track web page visits and other data points on web traffic. And Facebook or Meta has the same sort of thing for your website. They do Facebook analytics. And so this Meta pixel tracker script is essentially that. You add it to your website and Meta is allowed to track it. So that. That isn't what's happening here, but it is what it's being disguised as. These little scripts are coming in and they're trying to look like Metapixel tracker scripts so they don't get picked up by signature detectors or things like that. But what they're actually doing, which is pretty interesting, is it's a piece of code that identifies if you're on a checkout page. So if your WordPress site has a shop, and that shop, Allows you to pay inside the WordPress app. That little snippet of code is able to identify that this is a checkout page. And it just turns on and starts listening for your credit card number. security Researcher at Securi. Securi, Highlighted the risk posed by custom script editors. Custom script editors are popular with bad actors because they allow for external third party and malicious JavaScript and can easily pretend to be benign by leveraging naming conventions that match popular scripts like Google jQuery. dogespan: Google Analytics or libraries like jQuery. offsetkeyz: Lol. dogespan: law, yeah, where the attacker will try to replicate what is normal within an environment. So in this case, it is the website. So they're masquerading as a typical analytics, but it has a malicious intent of scraping of the credit cards. So as mentioned before, this bogus script mimics the legitimate megapixel tracker. offsetkeyz: However, a deeper inspection revealed a sinister twist. It stealthily replaces references to the authentic connect. facebook. net with a malicious beconnected. com. This rogue domain is then used to load a harmful script, fbevents. js, which targets victims on checkout pages by deploying a fraudulent overlay designed to capture their credit card information. I see, I see. So, it may look exactly the same as the regular checkout page, but it's an overlay, and you're actually entering it into some sort of dogespan: sort of iframe or offsetkeyz: iframe, or div, or something else that's sending the information somewhere else. So it's crucial to note that beconnected. com itself is a legitimate e commerce website, which at some point was compromised to serve this skimmer code. WordPress is notorious for going, unup updated. There's so many plugins that all require separate security updates, and you're lucky if that plugin is still maintained and offering security updates. But since it's a commercial tool and often free, WordPress I mean, the people running their WordPress sites aren't the most security minded, or they don't have time to go in once a week and update their plugins. So, spoiler alert, the best way to combat this type of attack is to go into WordPress. And we're using WordPress as an example to go into WordPress and update your plugins, but also take a look at the users tab and just see if there are any users in there that shouldn't be in there. That would be a pretty key indicator. If there are, delete that user, revoke all login sessions. dogespan: yeah, offsetkeyz: don't know either. I bet they do. Or you can enable more verbose logging to get that information. But I think they do. And there are a lot of free security plugins out there. I don't know which one we use. But every time I go into the WordPress dashboard, it says 15, 000 login attempts blocked. And I said, great, keep blocking them. dogespan: Let me know when they get in. offsetkeyz: Yeah, let me know if there are any that weren't dogespan: are any that weren't blocked. Um, offsetkeyz: this is my first WordPress website. TheDailyDecrypt. com. Plug, plug, plug. Have you ever worked with WordPress before? Yeah, dogespan: experiment. Yeah, offsetkeyz: which is how this started out too. And when we started this, we started this together. dogespan: WordPress offsetkeyz: creates a default account for you. And the username is user and the password is always the same. I don't remember what it is because I promptly deleted that, but you can Google it and it will say, this is the default WordPress credentials. And I would imagine that many WordPress administrators out there without any technical expertise, continue to use those default login credentials. And so if you do. dogespan: do, offsetkeyz: It's very easy to access your WordPress admin portal and set this type of credit card skimmer up. dogespan: you remember if it prompts you at any point to offsetkeyz: It does not. dogespan: not. Fantastic. offsetkeyz: It does not, and it's actually kind of complicated to delete an account. I had a hard time. I don't know if I actually could delete it, but I did change the password if I didn't delete it and revoke admin privileges and do all this stuff, but yeah, WordPress is not designed around security. And I, I think it's just not talked about enough how bad it is to use default credentials. It's significantly worse than reusing passwords, even if those passwords have been compromised on the dark web. Using default credentials. Well, first of all, if you have a WordPress site. top The domain, followed by the top level domain, which is the daily decrypt, and then dot com, slash admin. A script can easily navigate, do a get, for all of these things, to check even if it's a WordPress site. And then once, if they've determined that it is, They can plug in the default credentials and get a count of how many they have now access to. It's very just, automatable. And that is the enemy of defense. You don't want any sort of attack vector to be automatable. You're gonna get got, you just are. So anyways. dogespan: gonna getcha. offsetkeyz: They're gonna get ya. dogespan: getcha. Literally, offsetkeyz: please reach out to us if you're a novice tech person who owns a WordPress site, especially if there's e commerce on there. Either of us would be happy to donate one of our evenings to helping you secure that. It would be mutually beneficial, and your consumers would have a lot more confidence in you. dogespan: And yeah, it'd be great. Yep. Oh yeah. That's true. We offsetkeyz: true. We should. We can replace the metaskimmer's web overlay. With uh, this skimmer has been taken down by the Daily Decrypt, and now all your credit information goes to us. Ha ha ha ha. Just kidding, that won't happen! dogespan: won't happen. Yeah, you offsetkeyz: Yeah, you just got to be our first subscriber to Patreon, which I do not want to do. dogespan: to do. It offsetkeyz: That sounds like a lot of work. you know what, we're not gonna do Patreon, we're gonna do OnlyFans. So, when we get our OnlyFans up, you better subscribe, as I mentioned at the beginning, we are here in Florida, we both flew in from our respective locations. We're visiting the Kennedy Space Center for HackspaceCon. dogespan: Center offsetkeyz: Day one, amazing. Loved it. But we have insider information that SpaceX is doing a launch in 30 minutes. and so we gotta go dogespan: We out. offsetkeyz: We got to make sure everything's safe in the in the low earth orbit or LEO So huge thanks to dogespan for being on as always huge. Thanks to me and uh Hey, dogespan: this. We'll talk to offsetkeyz: for being a part of it. dogespan: more offsetkeyz: We'll talk to you some more later

Learn about the latest strides in cybersecurity with NIST's $3.6 million initiative to close the workforce gap across the U.S., uncover a vast phishing network exploiting Privnote's popularity, and explore a newly discovered HTTP/2 vulnerability capable of crashing web servers with a single connection. 00:00 Welcome to the Daily Decrypt: Cybersecurity Updates 00:04 NIST's Major Investment in Cybersecurity Education 03:49 The Curious Case of Fake Privnote Websites 07:39 A New Threat: The Continuation Flood Vulnerability 09:25 Closing Thoughts and Call to Action Original URLs: https://www.helpnetsecurity.com/2024/04/04/nist-cooperative-agreements-3-6-million/ https://krebsonsecurity.com/2024/04/fake-lawsuit-threat-exposes-privnote-phishing-sites/ https://www.bleepingcomputer.com/news/security/new-http-2-dos-attack-can-crash-web-servers-with-a-single-connection/#:~:text=Newly discovered HTTP%2F2 protocol,TCP connection in some implementations Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: cybersecurity, NIST, workforce development, phishing scams, Privnote, HTTP/2 vulnerability, DoS attacks, digital security, cybercrime, cybersecurity education, web server security Search Phrases: NIST cybersecurity funding Cybersecurity workforce gap solutions Privnote phishing scam exposure How to detect phishing sites HTTP/2 DoS attack vulnerability Protecting web servers from crashes National cybersecurity education initiatives Cybercrime and digital security trends Addressing the cybersecurity talent shortage Latest cybersecurity threats and protections Transcript: April 5 Welcome back to the Daily Decrypt. In a groundbreaking effort to close the cybersecurity workforce gap, the National Institute of Standards and Technology, or NIST, is injecting nearly 3. 6 million into educational initiatives across 15 states. Also, a mistaken lawsuit threat by a cybercriminal has unveiled a vast network of fake privnote websites websites, which were designed to hijack cryptocurrency transactions by duping users with near identical copies of the website How can you protect yourself from these very sophisticated phishing copies of legitimate websites? And finally, web server administrators worldwide are on high alert because now a single TCP connection can crash their systems. This is done by exploiting the continuation flood vulnerability in the HTTP2 protocol. What safeguards can you place on your web server to prevent the exploitation of this vulnerability? The National Institute of Standards and Technology, or NIST, has taken a significant step to address the growing cybersecurity workforce gap by awarding nearly 3. 6 million in cooperative agreements. These funds will be distributed across 18 education and community organizations in 15 states, each receiving about 200, 000 to bolster efforts in cyber security education and workforce development. The Undersecretary of Commerce for Standards and Technology and the NIST Director, Lori E. Lucascio, highlighted the critical nature of these investments, emphasizing that strengthening the cybersecurity workforce is paramount to our national and economic security. With nearly 450, 000 cybersecurity job openings reported in the past year, and only 82 workers available for every 100 openings, these initiatives aim to build regional alliances and multi stakeholder partnerships to stimulate cybersecurity education and workforce development. Catering to the diverse backgrounds, and experiences of Americans and contributing to local and regional economic development. And the article linked in the show notes below by HelpNet Security is calls out each one of the institutions and how much money they're getting. Now, I'm sure it'll be up to each institution on how they distribute that, whether it's to improve their education, whether it's to offer scholarships. We're not sure what the specifics are, but universities are getting money from NIST to help bring more cybersecurity professionals into the workforce. Now, this brings up another point that I've heard about where companies are adding more and more job postings in order to boost their standings on LinkedIn or Indeed or other job sites like that, that they don't actually intend to fill. As a LinkedIn business page owner for the Daily Decrypt, I could probably post some jobs for Cybersecurity Analyst or whatever I wanted, and there's not really much follow through from LinkedIn. So I just checked LinkedIn, and it looks like there is a review process for every job that's posted, just to make sure that it follows policies and guidelines. But once it's posted, it's up. So I wonder how NIST is taking that into account. If they're even taking that into account, it's a really hard thing, to prove that a job is open. Why should you have to, who's going to enforce that? Why should, why should they have to? What's the incentives, like all these questions. So what's the incentive for companies to not post fake jobs to help boost their standings? People nowadays are doing anything to boost their SEO, especially in the age of AI. So what's stopping them from doing this? Regardless, the money that NIST is giving to these educational communities is only going to help grow and enhance cyber security as a field. Misstep by one nefarious actor has brought to light a vast network of phishing sites disguised to mimic the self destructing message service PrivNote. com. This network is adept at duping users with sites that closely resemble the legitimate PrivNote platform, and it was inadvertently exposed following a lawsuit threat aimed at a software company. So reading from the article by Krebs on security linked in our show notes. Last month, a new user on GitHub named 4e66399 lodged a complaint on the issues page for Metamask, which is a software cryptocurrency wallet used to interact with the Ethereum blockchain. This user insisted that their website, privnote. co, was being wrongfully flagged by Metamask's phishing detect service list as malicious. So their comment, On this site, Red, we filed a lawsuit with a lawyer for dishonestly adding a site to the block list, damaging reputation as well as ignoring the moderation department and ignoring answers. Provide evidence or I will demand compensation. So this is sort of like an Icarus situation which is what happens to a lot of criminals where they feel like they're untouchable and they kind of get the itch to be discovered. They want to be more in the public so they go comment on something or write a letter to the newspaper or something like that and this is exactly what happened here with this user. Really mad that some site has flagged his phishing site as phishing, threatening to sue the software company that flagged them. So to back up a little bit, privnote. com is a service that launched in 2008 and is renowned for its encrypted message service that ensures even the service itself cannot access the content of the messages. It has a unique feature for generating one time links for messages, which has made it pretty popular among cryptocurrency enthusiasts. But you know what happens when something becomes really popular? It also attracts phishers. The clone websites manipulate messages containing cryptocurrency addresses, swapping them with addresses under the control of scammers. So this one review that threatens a lawsuit unearthed a ton of fake phishing sites that were targeting privnote users since 2020. One thing you can do as a consumer And a cryptocurrency user is regularly check domain registration details and use trusted sources to verify the legitimacy of websites. So this one was really close. It was privnote. co when the actual website name is privnote. com. And the attackers manipulated search engine results to promote their phishing site by buying Google ads. So what do we always say about Google ads? Don't click them unless you absolutely have to, which is because anyone can buy Google ads. And if you're a cyber criminal, you probably have lots of money to throw at it. So you can almost immediately get that top search spot , when users search for PrivNote, they might even search for privnote. com. because Google's clever and the search bar or the URL bar is also a search bar. So maybe they put a space in the front and then they search for privnote. com and then it doesn't navigate them there. And then they click on the first one, which is privnote. co. It looks exactly like what they're looking for. And they enter in crypto details and get their wallets drained. It looks like this phishing network has successfully stolen and transferred nearly 18, 000 in cryptocurrencies within a four day period in March. make sure to monitor your crypto wallets, probably a lot, and just be extra scrutinous of any website you visit, especially when you're entering in financial details, in a significant cybersecurity revelation, a solitary TCP connection is now capable of destabilizing web servers thanks to a newly identified vulnerability within the HTTP2 protocol, termed as Continuation Flood. This discovery adds a critical layer to the Internet's security concerns, given HTTP2's role in enhancing web efficiency through its 2015 standardization. Barket Nowatarski, who is the researcher behind this discovery, shed light on how the misuse of HTTP2's continuation frames by inadequately checked or limited implementations can trigger denial of service attacks. The technical essence lies in HTTP2 messages being divided into blocks for transmission, where continuation frames come into play for combining these segments. By not flagging the end headers, attackers can unleash a torrent of frames, leading to server crashes from either memory overload or CPU depletion. The article in our show notes by Bleeping Computer elaborates on the mundane yet devastating nature of out of memory conditions, pointing out that certain implementations failure to cap headerless sizes built via continuation frames spells doom for web servers. So far, according to CertCC, vendors and HTTP2 libraries who have confirmed they are impacted by at least one of the above CVEs are Red Hat. SUSE Linux, Arista Networks, the Apache HTTP server project, Node. js, AMPHP, and the Go programming language. And it sounds like there's no direct fixes by any of them yet, but just make sure to keep an eye out for when updates come down the pipeline, and keep your systems as up to date as you possibly can. Alright, well that's all I got for you today, thanks so much for listening, and We'd love it if you could give us a five star review on Spotify. If you like what you're hearing or come follow us on Instagram, we'd love to hear from you, but until then, happy Friday. And we'll talk to you in the next episode.

Today, we're discussing the lawsuits coming out of AT&T's massive data breach affecting 73 million, a critical flaw in the LayerSlider WordPress plugin jeopardizing 1 million sites, and a preventable hack into Microsoft Exchange highlighting cybersecurity's critical stakes. Experts weigh in on the ramifications and preventive strategies, ensuring you stay informed and ahead in the cybersecurity game. Your feedback on these issues is crucial; join the conversation and help shape a more secure digital future. References: For insights on the AT&T lawsuits and data breach impacts: https://www.bleepingcomputer.com/news/security/atandt-faces-lawsuits-over-data-breach-affecting-73-million-customers/ Understanding the critical vulnerability in the LayerSlider WordPress plugin: https://www.bleepingcomputer.com/news/security/critical-flaw-in-layerslider-wordpress-plugin-impacts-1-million-sites/ Analysis of the Microsoft Exchange hack and recommended security reforms: https://www.cybersecuritydive.com/news/microsoft-exchange-hack-china-preventable/712146/ and https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for the Episode: AT&T data breach, cybersecurity, legal actions, LayerSlider WordPress plugin, SQL injection, plugin security, Microsoft Exchange hack, cloud service security, cybersecurity reforms, identity theft, data privacy, security protocols, cyber risk management, plugin vulnerabilities, security best practices, cyber attack prevention, digital security, cybersecurity insights, technology law, security updates Search Phrases: AT&T 73 million data breach details Legal consequences of cybersecurity failures How to secure WordPress sites from SQL injection Impact of LayerSlider plugin vulnerability Preventing Microsoft Exchange cyber attacks Enhancing cloud service cybersecurity Best practices in digital security updates Addressing identity theft and data breaches Cybersecurity insights for tech professionals Cyber risk management strategies Lawsuits following major data breaches Plugin security for WordPress administrators Learning from cybersecurity breaches Updates and security in technology law Prevention strategies for cyber attacks Transcript: Apr 4 Welcome back to the Daily Decrypt. AT&T is grappling with the fallout of a data breach that impacted 73 million customers. As class action lawsuits begin to mount, also, over 1 million WordPress sites are at immediate risk due to a critical vulnerability in the Layerslider plugin, which can expose these sites to SQL injection attacks. How can WordPress admins protect themselves from this vulnerability? And finally, the Cyber Safety Review Board has declared the massive intrusion into Microsoft's Exchange Online entirely preventable. And just a reminder, this mega intrusion led to over 60, 000 U. S. State Department officials emails being compromised. How the heck is Microsoft gonna restore trust and confidence from the consumers in their security protocols? Stick around to find out. So it's been two days since my last episode, in which I highlighted the most recent AT& T breach. Well, it's been a long couple of days, the reason there were no new episodes is because I lost internet, and you might be thinking, Hey, you just finished slandering AT& T on this podcast on Monday, and then your AT& T internet goes out? That's correct. There's really no other explanation other than aT& T is seeking revenge against the Daily Decrypt. But I digress. To recap what has happened, AT& T has admitted to a data breach exposing sensitive information of 73 million customers this breach included usernames, social security numbers, email addresses, and AT& T PINs used to make secure account changes on AT& T customer accounts. The timeline reveals that AT& T's initial denial of the breach, which was first alleged by ShinyHunters in 2021, and their recent admission after a second threat actor leaked the data in 2024, raises questions about the effectiveness of corporate data breach detection and response strategies. The leaked data isn't from the past year or even couple of years. The leaked data is from 2019. And it includes 7. 6 million current customers and 65. 4 million former AT& T account holders, which I guess says a lot about AT& T's churn rate, that they have 65 million former customers and only 7 million current customers. Needless to say, a lot of data was breached. Now, what's fascinating about this is that this was brought to AT& T's attention in early 2021 and they denied it. And then another threat actor group released the same data from 2019 and early 2024 AT& T also denied that. They're just saying that they don't know this data doesn't belong to them. This data wasn't stolen from their systems when clearly it was. So only in the last week did AT& T finally admit that that data from 2019 belongs to them and was breached from their networks. So because of this negligence, multiple class action lawsuits have spun up very recently. Most notably, there's one from Morgan Morgan, which is the same law firm that's been suing Google over the fact that it tracks users data even when they're in incognito mode. And I believe Google paid out a settlement. So this is the same law firm that did that. And they're accusing AT& T of negligence, breach of implied contract, and unjust enrichment. And they're aiming for compensatory damages and improved data security protocols. Their lawsuit criticizes AT& T for not acting on known vulnerabilities and delaying breach acknowledgement, jeopardizing customer data privacy and confidence. I'm really glad to see these lawsuits are being spun up. As you heard in Monday's episode, I was calling for multiple class action lawsuits.. So yeah, I hope you get the crap suit out of you. And yes, I am an AT& T customer.. If you are also an AT& T customer and you're concerned about your data being in one of these breaches or this main breach from 2019, I believe the site haveibeenpwned. com has acquired the data from this breach. And so you can just search your email addresses in that site to see if it was compromised. Listen to the episode released this past Monday for some tips on how to stay safe when attackers have all of this information. All the information needed to open up new credit cards, take out new lines of credit in your name, and do a whole lot of stuff. All right. Well, there's another WordPress vulnerability out there with a CVSS score of 9. 8 out of a 10 max. The name of the plugin? Layerslider. This plugin is used by over 1 million sites. and exposes these sites to SQL injection attacks. This flaw allows attackers to potentially extract sensitive data, including password hashes, leading to site takeovers or data breaches. This vulnerability was discovered on March 25th, and was promptly reported to WordFence, earning the researcher 5, 500 bounty. The vulnerability affects layer slider version 7. 9. 11 through 7. 10, which as mentioned before, allows for SQL code injection. And just to quickly discuss what SQL code injection is, it's when data is queried from a database to be populated on a website. Those databases use a language called SQL or SQL that uses a query language, which is what the QL stands for, to query that data. This vulnerability allows attackers to query that data by injecting malicious commands. using SQL. They can essentially pull anything they want out of the databases. So that includes, yeah, password hashes, names, emails, whatever data is on the website. If that's social security numbers, that's vulnerable too. Despite the severity though, the attack is limited to a time based blind SQL injection, which relies on observing response times to infer data. And this type of SQL injection is hard to detect, but it's also hard for the attacker to get large amounts of data. It's more of an inferred sort of data attack. For more information on this attack, check out the article in the show notes by Bleeping Computer. The good news is that the flaw was quickly addressed by the plugin's developers, Creatura, who released an update to version 7. 10. 1 on March 27th, so within 48 hours of being notified. If you are a layer slider user, please go update immediately to mitigate this risk. WordPress is built on the use of plugins. That's what makes it so marketable. The more plugins you have, the more plugins you use, the higher your risk is. And I personally am a WordPress user. The DailyDecrypt. com is a WordPress site, and I'm having a hard time setting up notifications for outdated plugins. It's not very intuitive. Granted, I don't use any plugins other than the podcast plugins hosts this podcast and I'm constantly on the site making sure everything's updated and posting new podcasts, but a lot of people with WordPress sites will set it and forget it. Like they'll put up their site. It's a shop. They respond to orders they get, but they don't actually go onto the WordPress site too much. And a lot of WordPress users are less tech savvy than me. So they probably don't have alerts set up for outdated plugins. I highly encourage you to just set up a reminder that goes off once a week, once a month, whatever interval you think is appropriate for the risk of your website. and just go check to make sure all the plugins are up to date. It's a really quick check, and if they're not up to date, you just press a little button and update them. You're likely not doing advanced programming on your WordPress site that might break with an update, so just, just press the little button. All right, and our final story comes from the Cyber Safety Review Board, where they have officially declared, which is a pretty bold stance, they've officially declared that the intrusion into Microsoft Exchange Online that exposed about 60, 000 U. S. State Department emails, was entirely preventable. This report criticizes Microsoft's corporate culture for insufficient investment in security and risk management and calls for widespread security reforms within Microsoft and among all cloud service providers to prioritize cybersecurity. The Cyber Safety Review Board, or CSRF, urges Microsoft to publicly outline its security reforms and outlines a series of operational decisions that encourages cloud service providers and government partners to make security focused changes. The report, released by CSRF, details the compromise of key U. S. officials mailboxes by China affiliated actors and criticizes Microsoft for charging extra for essential security features like enhanced logging. Which, in the recent past, has since been reversed. Microsoft no longer charges extra. But still, why did they do that in the first place? Microsoft has responded and announced plans for major security reforms, including better infrastructure and security processes. It's worth noting that Microsoft has been very cooperative throughout the CSRB's investigation, and are definitely willing to listen to the suggestions and make some changes, so That's step one, that's Way better than what AT& T did when confronted. Microsoft is looking into this. They want to maintain consumer confidence as much as anybody. They're at the center of our tech universe and even more so than most consumers might even know. A lot of servers and digital infrastructure is hosted on Windows server and Windows machines. And if you've been listening for a while, you've heard DogeSpan and I discuss another recent breach amongst senior developers and executives at Microsoft without multi factor authentication on their development accounts. Attackers were able to get in. So all of these incidents are starting to pile up and really pointing fingers at Microsoft. We got to get this fixed. They're starting to crack down. We're going to keep an eye on them. We're going to keep reporting what happens at Microsoft. Hopefully nothing else big because they hold a lot of data. in their cloud services, Exchange, Azure. Microsoft is a pretty big powerhouse in the cloud service provider. So yeah, hopefully they're throwing some money at this. They're spinning up some new teams and they're really looking at legacy infrastructure. It's a pretty old product that they're continually building on. So they need to start peeling away these layers of this product and figure out how they can boost up security. They need to be leading. and setting a good example for smaller companies by being so secure. Well, that's the show. That's all we got for you. Again, sorry about the quick hiatus. Internet went out. Hopefully it will stay on for the remainder of the week and maybe I can put an episode out on Saturday, recapping some stuff. But if you like what you hear, please go find us on Instagram or The Daily Decrypt and send us a comment or a DM. We'd love to hear from you. Until then, we'll talk to you some more tomorrow.

Security researchers find a way to unlock millions of hotel rooms, the UK introduces cyberflashing laws, and Google's AI search pushes malware and scams.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by T-Minus's Maria Varmazis.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Unsaflok - Security vulnerabilities in Saflok hotel locks.3 million doors open to uninvited guests in keycard exploit - The Register.Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds - Wired.Google's new AI search results promotes sites pushing malware, scams - Bleeping Computer.Man who sent nude picture to teenage girl is jailed under new cyberflashing laws - The Independent.Cyber-flashing convict is first to be jailed under new law - BBC News.What to do if you're a victim of cyber flashing and how to report it - Metro.The first cyberflasher has been convicted: meet the woman who made it happen - Yahoo!What is cyber flashing? 'Banter' – or a sinister breach of consent - UK News.Love Island star sent unsolicited pictures online calls for tougher cyber laws - Bristol Live.Secret Agent Shenanigans: 13 Weird Spy Weapons And Gadgets - Stay Weird.Baldur's Gate 3.Merlin Bird ID - Conell Labs.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kiteworks – Step into the future of secure managed file transfer with Kiteworks.Vanta – Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get 20% off!Kolide

Today, we dusciss the Unsaflok hack by Ian Carroll and Lennert Wouters, exposing vulnerabilities in millions of hotel keycard locks. Then, switch gears to an unpatchable flaw in Apple's M-series chips that's left the tech world buzzing. We'll also touch on a cautionary tale from KDE, highlighting the risks lurking in the themes and extensions we often take for granted. Keywords: Unsaflok, Ian Carroll, Lennert Wouters, Saflok, Dormakaba, Apple M-series chips, encryption keys, KDE, cybersecurity Original Articles: https://www.wired.com/story/saflok-hotel-lock-unsaflok-hack-technique/ https://arstechnica.com/security/2024/03/hackers-can-extract-secret-encryption-keys-from-apples-mac-chips/ https://www.bleepingcomputer.com/news/linux/kde-advises-extreme-caution-after-theme-wipes-linux-users-files/ https://blog.davidedmundson.co.uk/blog/kde-store-content/ Engage with us as we dissect these groundbreaking discoveries, offering insights and practical advice on navigating the ever-evolving landscape of digital security. Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for This Episode: cybersecurity, hotel lock hack, Unsaflok, Apple M-series vulnerability, encryption keys, KDE theme incident, digital security, tech vulnerabilities, Ian Carroll, Lennert Wouters, Saflok, Dormakaba, Apple chip flaw, Linux security, KDE, RFID hacking, mobile security, password managers Search Phrases That Should Lead to This Episode: How to hack hotel keycard locks Unsaflok vulnerability details Apple M-series chip security flaw Encryption key vulnerabilities in tech KDE theme wipes user files incident Latest cybersecurity threats and hacks Saflok door lock hacking technique Ian Carroll and Lennert Wouters research Impact of Apple chip vulnerability on encryption Preventing KDE theme-related data loss Digital security insights and tips Exploring RFID keycard vulnerabilities Securing Apple devices against chip flaws Understanding Linux theme security risks Cybersecurity updates from Wired and Ars Technica Transcript: Mar 22 [00:00:00] offsetkeyz: Security researchers while partying in Las Vegas have cracked the code to unlock millions of hotel rooms. revealing a vulnerability in the widely used SAFLOCK keycards. I tell you what, that sounds like my kind of party. And now I know how to get into their hotel room. What does this mean for your next trip to Las Vegas? Other security researchers have just discovered a vulnerability in the Apple M Series chips that allows attackers to extract secret encryption keys. What can MacBook users do to reduce their risk? And a Linux user had his data wiped after installing a KDE theme for his personal computer. What is KDE doing to prevent this from happening again? So as reported by Wired Magazine, security researchers have revealed a hacking technique they're calling UnsafeLock that exposes an RFID [00:01:00] vulnerability in millions of SafeLock keycard locks. which allows the door to be unlocked within seconds. Now, I know you guys have seen the TikToks and the Instagram reels or YouTube shorts of Flipper Zero's unlocking hotel doors. Now, I hate to spoil it for you, but most of those are pre staged. They likely scanned their own hotel keycard. into their Flipper Zero and then just opened it, claiming they were hacking it. But this attack is real. It involves two key cards, which you can find laying around most Vegas hotels. In fact, the one I just stayed at lets you create your own hotel key in the lobby, and they just have them sitting around. So grab one of those, you can program it. It takes two. One rewrites a little bit of code in the lock, and then the second one unlocks it. The maker of these locks is working on fixes, but as of right now, only 36 percent of these vulnerable door locks have been fixed, which leaves a lot of [00:02:00] doors open. This exploit is publicly available online. So if you are staying in a Las Vegas hotel or any hotel that uses this type of locking mechanism, you can use an app called NFC Tag Info to check if your door is vulnerable. If it is, I recommend locking up. any valuables in the safes provided. And when you're in the room, use the deadbolt, or if you can, use that app to check if the hotel you're about to stay in is vulnerable, and try to find another hotel that doesn't use these safe lock locks. [00:02:33] Transition: Do do do do do do do. [00:02:38] offsetkeyz: A different group of security researchers just recently discovered a vulnerability in Apple's M series chips, or the Silicon series chips that have widely replaced their use of Intel chips, that allows attackers to extract certain encryption keys used in specific Cryptographic operations and the major bummer about this is that this [00:03:00] vulnerability is inherent to the chip and cannot be patched It's a hardware vulnerability. Those are the worst kind I'm learning this alongside you, and I'm recording onto a MacBook Pro with an M series chip, so I'm going to be doing my research on this one. Any mitigations to this would require changing the cryptographic software on the MacBook, which would seriously slow down the cryptographic processes. Specifically on the M1 and M2 models. I'm not sure what's going on with M3, but this article from Ars Technica, linked in the show notes below, calls out M1 and M2. The article by Ars Technica that reported this vulnerability doesn't specify what specific keys this is in reference to, but it does specify that this is applicable to all encryption methods on your M series Mac, to include those hardened for the anticipation of quantum computing. So we're thinking iMessage, end-to-end encryption, iCloud, and even the Apple Password [00:04:00] Manager. Sticking to the Las Vegas theme, this exploit does require a bit of luck. It requires an app to be installed and it to be running on the same cluster as the encryption. There's no evidence of this being exploited in the wild. Like I said, this was just security research, but hopefully Apple takes precautions to keep apps that might exploit this vulnerability off their app store. And you as the user be really careful when downloading apps that aren't from the Apple app store. And even if they are, do some research, don't jump into an app. And if you do have unused apps, on your Mac, it's probably best to remove them just as good practice. [00:04:38] Transition: Uh, uh, uh, uh, uh, uh, uh. [00:04:50] offsetkeyz: And finally, there was a recent incident on the KDE store, which is a Linux product of a user who downloaded a theme for their Linux [00:05:00] machine. When we're saying theme, we're literally talking like cute colors and new behaviors, but when you download these themes, and all operating systems are the same, code is run to set them up. Like, a script will go in and change the colors, or change the background, or do all these things on your computer. It just so happened that the theme this user downloaded wiped all of his data. This was originally reported by Bleeping Computer, but one of the developers on the KDE store also published to their blog saying they're going to work on ways to prevent this, but he warns this is going to take a lot of resources that they don't have at the moment, so he cautions to be extra careful when downloading these themes, or any themes, off the internet. I'm gonna take it one step further and caution you to not download themes off the internet. I definitely recognize the appeal, especially as Linux users, the themes tend to be pretty bland, but the risk [00:06:00] just doesn't quite add up to the reward of having a cool theme. And that's all we've got for you today. Happy Friday. Hope you have a great weekend and we will talk to you some more next week!

Our episode today discusses the latest on the Apex Legends Global Series hacking fiasco, Microsoft's Bing popup controversy, critical WordPress plugin vulnerabilities, innovative acoustic side-channel attacks, and the cunning world of HTML smuggling. Explore the evolving challenges and ingenious exploits shaking up the cybersecurity realm. Uncover what these developments mean for your digital safety and privacy. Article URLs: Apex Legends Tournament Hacking: https://www.bleepingcomputer.com/news/security/apex-legends-players-worried-about-rce-flaw-after-algs-hacks/ Microsoft's Bing Popup Ads: https://www.bleepingcomputer.com/news/microsoft/microsoft-again-bothers-chrome-users-with-bing-popup-ads-in-windows/ WordPress Plugin Vulnerability: https://thehackernews.com/2024/03/wordpress-admins-urged-to-remove.html Acoustic Side-channel Attack: https://www.bleepingcomputer.com/news/security/new-acoustic-attack-determines-keystrokes-from-typing-patterns/ HTML Smuggling in Cyberattacks: https://thehackernews.com/2024/03/hackers-using-sneaky-html-smuggling-to.html Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: cybersecurity, Apex Legends, Microsoft Bing, WordPress vulnerabilities, acoustic side-channel attack, HTML smuggling, digital privacy, hacking incidents, software vulnerabilities, web security Search Phrases: Apex Legends tournament hack Microsoft Bing popup ads controversy How to protect against WordPress plugin vulnerabilities What is an acoustic side-channel attack Understanding HTML smuggling in cyberattacks Latest cybersecurity threats and protections Hacking incidents in esports Preventing digital privacy breaches Addressing software vulnerabilities Enhancements in web security Transcript: Mar 19 [00:00:00] [00:00:02] offsetkeyz: Alright, welcome back to the Daily Decrypt. Researchers have developed a new method to deduce keystrokes, or manually entered passwords, from the sounds your keyboard makes, revealing a new attack that poses challenges to users even in noisy environments. How can you stay safe from this type of attack? Hackers have disrupted the Apex Legends Global Tournament using a remote code execution flaw. Imagine if these gamers spent that much time learning cyber security. We might have these world problems solved. And Google Chrome users on Windows are getting unsolicited ads from Microsoft trying to get them to set their default search engine to Bing. If I'm already using Google Chrome, I know what I want to be doing, so thanks Microsoft. And for our nerdier listeners, cybercriminals are exploiting HTML smuggling [00:00:56] offsetkeyz: to deliver malware through fake Google documents [00:01:00] which circumvents traditional security defenses by embedding malicious payloads in normal appearing web content, okay, so since yesterday's episode was focused on a discussion and didn't really bring the news, I'm going to deliver three pieces of news really quick. In a lightning round style. So up first, The North American finals of the Apex Legends Global Series were postponed after a shocking security breach. Hackers using a remote code execution flaw managed to infiltrate the game mid match, compromising the integrity of the whole competition. One player reported seeing a cheat tool. I mean, I'd report that too if I was cheating. While another was given an aimbot, which is another form of cheating, enhancing the user's aiming abilities, which led to the suspension of the tournament. And this incident has raised [00:02:00] concerns about the security of gaming environments, and the potential vulnerabilities within Apex Legends client or the associated anti cheat software. Meanwhile, Microsoft has stirred up frustration among Windows users by pushing unsolicited Bing pop up ads to Google Chrome users, suggesting a switch to Bing as the default search engine. This marketing strategy, which included pixelated that led some to suspect malware, has been met with criticism for its intrusive nature. Microsoft claims this is a one time notification, but I personally have gotten this notification multiple times and dismissed it multiple times. And like I said during the intro, I downloaded Google Chrome and I set my default search to DuckDuckGo or Google. I don't want to switch it to Bing, and if I did, I would. So sending me a popup If you've listened to any of my previous episodes and how much I hate pop ups, is going to do the opposite thing, [00:03:00] Microsoft. And especially a pixelated pop up that looks like malware? Figure it out! And finally, in more cyber security related news, there's a WordPress plugin series called Mini Orange that, according to the developer, has been deprecated for a couple weeks now, and There's now a vulnerability with I believe a CVE rating of 9. 8 out of 10 for these plugins So WordPress is recommending just removing these plugins. These plugins are security features like firewalls and anti malware So go out there, try to find a new plugin that does your security for you. This one is going to do the opposite of what you want it to do. And just to clarify, that is Mini Orange, specifically their malware scanner and their web application firewall. [00:03:47] transition: uh, uh, uh, [00:03:53] offsetkeyz: Okay. So there's a new acoustic side channel attack that could potentially. allow attackers to [00:04:00] determine your keystrokes, or manually entered passwords, based on the sound that your typing makes. So this was developed by security researchers, and as far as we know is not being exploited in the wild, though, if it is possible, it probably is being exploited in the wild. We can't ask a breached account how to do that. The attacker breached it, and attackers aren't really giving up that information, so we can assume that it's being used in the wild, though there's no direct evidence at this time. This article comes from Bleeping Computer, but the research was completed at Augusta University, and the researchers claim that you don't need a quiet environment to perform this attack, or even the consistency of a mechanical keyboard, per se. Like the keyboard on my Macbook uses what's butterfly keys that are really light and to us they sound entirely the same. But yes, this attack can be performed on any type of [00:05:00] keyboard. Currently the attack only has an average success rate of 43%, but that success rate is much higher than other attacks like credential stuffing, which is where attackers find your credentials on the dark web and then put them into A myriad of websites that accept usernames and passwords. For more information on this attack, you can check out the article by bleeping computer in the show notes. But you might be wondering how can you protect yourself from this type of attack? Well, first of all, if you're still manually entering passwords, you cannot protect yourself from this type of attack. You can get little rubber keyboard covers, you can do whatever, but this attack can be used when you're manually entering your passwords. So there's no way to get around manually entering some passwords. So what I'm trying to get at here is You should be using a password manager, which only requires you to copy and paste your [00:06:00] passwords, which makes no sound. You will have to occasionally enter in your master password for the password manager, and I would recommend doing that at home, And try to avoid doing it while you're making Instagram videos, or live streaming, or something like that. But the ultimate way to protect yourself from this is to start using a password manager. It's amazing how many of these hacks using a password manager can prevent. If you have any questions about using a password manager, switching over your routine, I've developed a four day plan. with about 10 to 30 minutes per day to ease yourself into this new lifestyle. Reach out to us in the comments or in a direct message on any of our social media platforms, and I'll be happy to get you that four day plan. [00:06:56] offsetkeyz: Alrighty, and our final piece of news for the day comes from [00:07:00] thehackernews. com, and it involves an attack called HTML smuggling, which has been developed only recently thanks to the innovations in new versions of HTML. And if you're not familiar, HTML is essentially the backbone of all websites. It's the coding language used, hypertext markup language, to develop websites. That HTML might integrate with JavaScript or CSS or a myriad of other languages. HTML tends to be the backbone of all websites. So HTML5 introduces new interactive features that kind of blur the lines between software, computer apps, and web based. applications or websites, and allows for more sophisticated interaction with the user's browser and system. So, to back up a little bit, cybercriminals are creating counterfeit pages that mimic Google Docs. When someone visits these pages, they unknowingly trigger the download of malware onto their [00:08:00] devices. And this malware is not to be underestimated. It can steal a wide range of personal information, including credentials from web browsers, documents, and even data from cryptocurrency wallets. So as I said before, this attack is thanks to the innovations and advancements brought about through HTML 5 specifically including the support for blobs or binary large objects blobs allow for the manipulation and direct handling of binary data such as executable files or images from within the browser So this feature enables web applications to create, read, and manipulate binary data client side, which is crucial for modern web applications that handle rich media and documents without relying on additional plugins or server side processing. So the further we advance in technology, the more processing we're going to be able to do on our independent machines, as opposed to relying on [00:09:00] processing in the cloud and then transitioning that data back to our machines. It allows for much faster loading times and such when you're interacting with a web application. So essentially attackers are creating fake websites that utilize these blobs by writing JavaScript code that essentially creates malware in the browser. So the malware isn't embedded per se, the code that's being executed in the browser creates the malware, usually in the form of a PDF, and then downloads it to your computer. And mind you, downloading files from a web application is a relatively normal process. It takes place all the time, you might not even know it. But this one is usually downloaded in the form of a PDF, and once that PDF is opened, the malware is created and run. And it uses some pretty cool techniques. If you're interested in that type of thing, they're outlined in the articles linked in the show notes. But the key [00:10:00] takeaways from this are that attackers are innovating, and they're using these new advancements in technology against us. So we just have to be extra vigilant and careful as we navigate throughout the web, clicking on links, and when you're searching for something specific on Google, Make sure not to click Google Ads, as attackers can buy these. And this is probably how it's mostly getting disseminated, is fake websites that look like the real websites, and as you interact with it, it's downloading things to your computer. So try to avoid clicking on Google Ads as much as possible. All right, that's all I've got for you today. I'll see you If you haven't had a chance yet, check out the episode we released yesterday about Texas and the age verification. It's an open ended discussion and we'd love to hear your thoughts on it. We've thrown out some kind of radical ideas in there about what's happening in Texas and what's happening with these age verification methods. So take a listen, let us know what you think, and we will talk to you some more tomorrow. [00:11:00]

Is there any truth behind the alleged data breach at Fortnite maker Epic Games? Who launched the ransomware attack that caused a fallout at pharmacies? And what's the latest on the heart-breaking hack of Finnish therapy clinic Vastaamo?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Jessica Barker.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Mogilevich claims it has breached Epic Games - Twitter.Fraudster's fake data breach claims should remind media to be carefu what we report - DataBreaches.net.Prescription orders delayed as US pharmacies grapple with "nation-state" cyber attack - Bitdefender.US pharmacy outage triggered by 'Blackcat' ransomware at UnitedHealth unit, sources say - Reuters.Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment - Wired.Vastaamo data breach - Wikipedia.The CEO who also ran IT, Strava strife, and TikTok tall tales - Smashing Security podcast.Ex-CEO of hacked therapy clinic sentenced for failing to protect patients' session notes - Bitdefender.Ex-CEO of breached pyschotherapy clinic gets prison sentence for bad data security – Sophos.Vastaamo victims' lawyer: Some took their own lives after patient record leak - Yle.Prosecutors call for maximum penalty over Vastaamo hacking - Helsinki Times.Self-pay gas station pumps break across NZ as software can't handle Leap Day - Ars Technica.Citrix, Sophos software impacted by 2024 leap year bugs - Bleeping Computer.Resident Alien trailer - YouTube.

Explore the intriguing case of 'NSO Group's Pegasus Spyware Code Handover to WhatsApp' as reported by The Hacker News. Dive into the court's decision, its implications, and understand the spyware's capabilities. Source article: thehackernews.com/2024/03/us-court-orders-nso-group-to-hand-over.html Unravel the alarming findings from Security Magazine's '92% of Companies Experienced an Application-Related Breach Last Year'. Discover the challenges in application security and the importance of prioritizing vulnerabilities. Source article: securitymagazine.com/articles/100470-92-of-companies-experienced-an-application-related-breach-last-year Reflect on consumer trust post-data breach in the retail sector with 'More than 60% of Consumers Would Avoid a Retailer Post-Breach' from Security Magazine. Learn about the significant impact on consumer behavior and proactive cybersecurity measures. Source article: securitymagazine.com/articles/100466-more-than-60-of-consumers-would-avoid-a-retailer-post-breach Delve into Bleeping Computer's report on the 'Windows Kernel Bug Exploited as Zero-Day Since August.' Understand the vulnerability, its exploitation by the Lazarus Group, and the crucial need for system updates. Source article: bleepingcomputer.com/news/security/windows-kernel-bug-fixed-last-month-exploited-as-zero-day-since-august/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Transcript: Mar 4 [00:00:00] Announcer: Welcome to The Daily Decrypt, the go to podcast for all things cyber security. Get ready to decrypt the complexities of cyber safety and stay informed. Stand at the frontier of cyber security news, where every insight is a key to unlocking the mysteries of the digital domain. Your voyage through the cyber news vortex starts now. [00:00:29] d0gesp4n: Welcome back to the daily decrypt. Today is March 4th. And I'm your host. Dogespan. Kicking off today's episode, we're talking about a real courtside drama from the hacker news us court orders, NSO group to hand over Pegasus spyware code to WhatsApp. It seems like NSO is Pegasus is flying a bit too close to the sun this time. Next up, we're scrolling through a security magazine report. That's got more leaks than my old garden hose. The article 92% of companies experienced an application related breach last year. Talks about the cyber equivalent [00:01:00] of Swiss cheese application security. Ready for a cyber shopping spree today we're virtually window shopping through an insightful article from security magazine. Titled more than 60% of consumers would avoid a retailer. Post-breach and for a final bite of the day, we're patching things up with a story from bleeping computer windows, kernel bug fixed last month exploded as zero day since August now. That's a longer running bud than my uncle's 72 Volkswagen. We're talking about a windows flaw that was more open than my dad's garage door. [00:01:34] d0gesp4n: This first article from the hacker news titled us court orders, NSO group to hand over Pegasus spyware code to WhatsApp. Let's unpack this and understand why it's significant. Let's talk about who NSO group is. They're in an Israeli tech firm known for creating Pegasus, which is a powerful piece of spyware. Now spyware for those who might not know is software that enables someone to spy on another's computer [00:02:00] or phone activities. Pegasus is particularly notorious because it can be installed on a device without the owner's knowledge. I imagine someone secretly watching everything you do on your phone, pretty scary. Right? Us judge has ordered NSO group to hand over the source code for Pegasus to Metta the parent company of WhatsApp. This is a big deal because the source code is like the secret recipe for how Pegasus works. Source code is basically a set of instructions written by programmers that tells the software how to function. It's like the blueprint for building a software application. In 2019 WhatsApp sued NSO group because they used what's app to distribute Pegasus to about 1400 devices, including devices of Indian activists and journalists. They exploded a zero day flaw, which is a previously unknown vulnerability in software to install the spyware. This flaw originally identified as CVE 20 19 35 60 gate was a critical bug in [00:03:00] what's apps. Voice call feature. The attackers could install Pegasus just by making a call and the target didn't even need to answer it. To make it more stealthy. They even erase the call logs. By getting the source code medical, understand how Pegasus infiltrated, WhatsApp and improve their defenses. But the court didn't require NSO group to reveal their client list. This has disappointed, many who hoped to learn, who use this spyware. The NSO group previously has been accused of selling Pegasus to governments who then used it to spy on journalists, activists and others. Knowing who used it would shed light on potential human rights abuses. This case isn't just about a single spyware. It's part of a bigger conversation about cybersecurity and privacy. And it's important to understand these different core cases and how it's playing out because well, cybersecurity is just a complex and ever evolving field. It's not just really about protecting our devices, but also understanding the ethical implications of [00:04:00] technology. I feel like a lot of these companies are just dabbling in that gray area until they're called out for something or the government steps in. One way or another, we really need to understand how this impacts our lives and keep looking for ways to stay safe and just overall be aware of. How people are invading our privacy. This next one comes from security magazine. The articles titled 92% of companies experienced an application related breach last year, and it sheds light on the widespread issue of application security breaches. This report by Checkmarx reveals that a staggering 92% of companies face breaches through vulnerabilities in applications they developed in-house last year. This is a huge number, indicating that application security is a critical concern for businesses [00:04:50] d0gesp4n: Some of you might be wondering what in application related breach is an application related breach occurs when hackers exploit weaknesses in software applications to [00:05:00] gain unauthorized access to data. It's like finding a back door into a secured building. This report highlights the struggle between meeting businesses, deadlines and ensuring application security. It's a tough balance for AppSec managers, CSOs and developers. One of the biggest challenges is prioritizing which vulnerabilities to fix first. Not all weaknesses are equal and some pose, a higher risk than others. One of the things that I had to do a lot with clients previously was tried to prioritize those things. So we would take it, take a step back and look at. How. What would happen if this vulnerability got exploited? We wouldn't really always focus on how severe the score was, but it was more what. I was holding what data, for instance, if a customer dealt with payment card information and stuff, we wanted to make sure that those were locked down as much as possible before moving into other areas of the business. But it overall, it is a difficult [00:06:00] balance to achieve because on one hand you have all these vulnerable systems in your network. And on the other hand, you have. Users are. Inherently vulnerable. We are all susceptible to falling for phishing attacks. And that is a lot of times the ways in which you could. Poke at all sorts of external websites. And we might be able to get a breach that way, but. Why would we spend all that time when we could get directly into a network and start bouncing from one workstation to another? Who knows how it's locked down internally? We tend to think about it a lot differently on the inside. And proving application security involves integrating developer friendly security tools into the development process. This means making security a part of the entire application development life cycle. Really the key here is the need for proactive approach to application security. We need to prioritize the security and protect the data, [00:07:00] especially. If we want to maintain customers trust and it is very difficult, but I think. We're moving in the right direction from what. From what I've seen across the board. Is that security is getting more involved in these public companies. And there. They're actual executive board and so on up and we're security teams are able to vocalize this now and we're able to start. Putting a dollar sign behind it. There's all these fines that are going to be put in place. More and more privacy concerns. Overall we're heading in the right direction, but we still have a long road ahead of us. Thanks for watching! [00:07:43] d0gesp4n: Tying into that last piece. We have another one from security magazine. This one titled more than 60% of consumers would avoid a retailer post breach. It's a deep dive into consumer behavior. Post-breach in the retail sector. The article reveals a startling fact [00:08:00] over 60% of customers would likely avoid shopping at a retailer that has recently experienced a data breach. This figure even jumps to 74% among high income consumers. This is really interesting to me because I was under the impression that a lot of times when a data breach went public, there would be. A little time that people would shy away from it, but ultimately going right back to it. I might be just a little ignorant to it. That's one of the things that I personally would hone in on, but if 60% of consumers that's a huge number. And that kind of makes me feel a lot better knowing that the general public. Is looking at it the same way. When a breach happens, it's not just about stolen data. It's about broken trust. Customers are entrusting their personal and financial information to retailers and a breach is a violation of that trust. The article also highlights that in the finance sector, the situation is even more critical around 83% of [00:09:00] consumers would think twice about using a finance app. If their data was compromised. This brings us to an important point. Businesses need to not only protect data, but also their reputation and customer trust. This is really interesting. I think just because we're. Positioning companies to think about, not just, yeah, there's a, there's going to be a little bit of a financial loss, especially if customer's data is gone, there's sometimes fines imposed but we're looking at it as far as reputation. Yeah. There might be a fine, however, We're now scarred. We have that. Mark on our chest that and trying to do business, but yet we have that breach sitting there. There's a couple of companies that I've used previously that have had cybersecurity breaches, and I have shifted and I haven't looked back. How do you feel when one of the products or services that you subscribe to or utilize notifies you that there's a breach? Let us know. [00:10:00] And to wrap things up, I wanted to get into the bug land. So we're going to be looking at the article from bleeping computer. Windows kernel bug fixed last month exploded as zero day since August. [00:10:12] d0gesp4n: Microsoft patched, a serious vulnerability in the window is curdle known as CVE 20 24, 2 1 3 3 8. Discovered by an Avast researcher. This flaw was actively exploited by attackers before Microsoft could fix it. Zero day or also known as an O day. Vulnerability means it was exploited by hackers before Microsoft was aware of it and could patch it. Think of it as a secret passage that hackers found and used before the homeowner could seal it. Another term that we've been throwing around often is CVE 20, 24 or 2023, whatever, followed by some more numbers. That is. Common vulnerabilities and exposures, and then they're dated. And then given a number based on when they came out within that year. This one, for [00:11:00] example, it's CVE 20 24, 2 1 3 3 8. It means that it's the 21338th vulnerability discovered this year. This flaw was dangerous because it gave attackers like the north Korean Lazarus group, deep access to the system known as Colonel level access. This allows them to disable security software and perform more sinister actions undetected. Lazarus exploded this bug to turn off security tools, using a technique called B Y O V D. Bring your own vulnerable driver. This could manipulate the system at its core affecting processes, files, and network activities. Now for an average user. It means that you could have been compromised without knowing. Risking the data and system integrity. That's like having an intruder in your house that you can't even see. The main thing that we can do with this is of course always making sure your systems are up to date. So anytime you [00:12:00] get that, it doesn't matter if you're on a windows system, Mac, if you're one of the Linux users out there. Any chance of yet. Make sure it's up to date. Windows we'll notify you. Yeah, you got to restart it. That's probably the most annoying aspect of it is it'll pop up and you got to restart your system. It's worth it. Step away. Go grab a coffee go take a quick walk. If you can. You'll be helping yourself out and. The organization that you work for. That's all I got for you. Thanks for tuning in Monday morning or Monday evening afternoon. Whenever you're getting a chance to listen to this. We appreciate. All of our listeners out there [00:12:35] d0gesp4n: and we'll see you tomorrow.

PayPal's innovative approach to detecting stolen cookies, Avast's privacy breach scandal, and Apple's leap into quantum-secure messaging with PQ3. Unpack the implications of these developments for user privacy and the future of secure communication. Learn about the cutting-edge technology aimed at outpacing cyber threats and the importance of vigilance in an increasingly digital world. Original URLs: PayPal's New Cookie Security Method: Read More Avast's Browsing Data Privacy Breach: Read More Apple's Quantum-Secure iMessage Upgrade: Read More Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Transcript: [00:00:30] offsetkeyz: All right. Good morning, everyone. And welcome back to the daily decrypt. Today is February 26th. And today we're going to unravel PayPal's latest patent. That's baking a new layer of security into the cookie jar. Ensuring that cyber thieves can't take a bite out of your personal data. Meanwhile, apple takes a quantum leap into the future with PQ three. Ensuring that I message. [00:00:53] offsetkeyz: Doesn't just send texts, but also sends hackers packing. And finally [00:01:00] Avast finds itself in hot water. As they're ordered to cease the sale of browser data. Serving. A reminder that in the quest for privacy, not all shields are impenetrable as they seem. [00:01:12] offsetkeyz: transition [00:01:16] dogespan: All right. [00:01:17] dogespan: from Bleeping Computer we have an intriguing development in cyber security. PayPal is stepping up its game against cyber threats. They've filed a patent for a method to identify when a super cookie is stolen. This aims to improve cookie based authentication and limit account takeover attacks. So what we talked about before, cookie authentication or cookies in general, if you remember they are Yeah, I guess the best comparison is like a loyalty card. [00:01:40] dogespan: You go to a coffee shop or something And you have. [00:01:43] dogespan: that loyalty card, you hand it to the barista, they get your order, and they know your previous preferences, they might have rewards or so on, and then every single time you go you get more rewards, they may be able to make your coffee or whatever without having to go [00:02:00] So, cookies are essentially the same thing. [00:02:03] dogespan: Your browser stores these cookies so that the website knows who you are, and can easily identify you, authenticate, and give you access to the website. Here's the issue. Hackers can steal these cookies that contain authentication tokens to access the accounts without needing valid credentials, even bypassing multi factor authentication. [00:02:22] dogespan: These stolen cookies might include hashed passwords, which also allows attackers to impersonate users. Think of a thief now stealing that loyalty card. They can go to that coffee shop, um, and essentially impersonate you. They know your coffee orders, and hey, maybe they're going to use your loyalty points. Now the supercookies that we mentioned earlier, they're a little bit different than standard cookies. They are local shared objects, and they are injected by the internet service provider. as your data goes in transit. A lot of cookies are typically stored on your browser. They're kind of baked into that network traffic [00:03:00] that's transmitting across the wire. [00:03:04] dogespan: And it makes it a little bit more difficult to detect and remove as they're, well, they're not stored locally. PayPal's engineers propose a method to calculate a fraud risk score in cookie based authentication. When a user tries to log in, the system assesses the risk by comparing expected cookie values with actual values in the device's storage locations. So, what does this all mean? It's really just about enhancing the security during the login process, and it makes it harder for attackers to steal those cookies. And for this to work, the system sorts cookie storage locations by fraud risk and then compares expected versus actual cookie values to determine if there's a breach. Based on the risk assessment, PayPal's system would manage authentication requests by accepting, rejecting, or triggering additional security checks. The cookies are encrypted for safety against tampering. While this isn't guaranteed technology that will be [00:04:00] implemented, it's the initiative by PayPal that highlights the evolving landscape of digital security. It's a proactive step in ensuring that our digital transactions remain secure. And one thing to keep in mind with this is while there are improving methods to enhance the security around authentication, just like everything, we can't assume that it's always going to be safe. [00:04:25] dogespan: A lot of the work that I do involves detecting how cookies get stolen. And it's only a matter of time. Even if this does get implemented, other websites will start using it. Attackers are going to have to evolve their techniques and they'll figure out a way around it. So everything that you are currently doing to kind of maintain your passwords or your authentication, keep it the same. [00:04:49] dogespan: And just know that there are efforts in place to make it more secure, but we still need to be vigilant. [00:05:00] [00:05:08] offsetkeyz: So you all know I am an apple nerd. And I love their privacy features while they just stepped up their game today. Bye. [00:05:17] offsetkeyz: Creating new. Encryption methods. To combat quantum computing. [00:05:22] offsetkeyz: So apple has taken a monumental step forward with this new encryption method called PQ. Three, which is designed to protect I message users from the potential future threat of quantum computing. Unlike traditional encryption methods, which could eventually be cracked by quantum computers, PQ three employees, post quantum cryptography or PQ SI. To secure messages, both at the initiation of a conversation and throughout the message exchange process. [00:05:48] offsetkeyz: The protocol employs a hybrid design that combines the new post quantum algorithms with the proven reliability of elliptic curve, cryptography or ECC, ensuring that eye messages encryption cannot [00:06:00] be less secure than its current state. Well, that's good. We've got a little baseline. This dual approach means that breaking PQ three security would require defeating both the new post quantum primitives and the existing classical ECC cryptography, which would be a formidable challenge for any adversary, quantum or otherwise. So for any normal, for any regular day user who's listening. It's not much, it's going to change. [00:06:25] offsetkeyz: I think as the iPhones advance, so will the computing power. And while this might take a little more computing power, you won't notice a difference. You're just going to get to bask. In the safety that is apple. I message. And the nice little blue bubbles. I'm pretty excited about this. Because I recently finished a book by my favorite author, Andy Weir. And Amazon decided they wanted to just suggest a short story he's written. Which is 30 pages long, which is the exact length of a book. [00:06:58] offsetkeyz: I want to read 30 pages. [00:07:00] And it was about quantum computing. Cracking Keno. Machines in Las Vegas, they were able to like bind quantum. [00:07:08] offsetkeyz: Behaviors to the ball, that it was very interesting and it really got my wheels turning about quantum computing and how it's really going to wreak havoc on. The encryption world, once it becomes more. [00:07:20] offsetkeyz: Consumer consumerized. Once it becomes more available to consumers. So great work, apple. [00:07:28] dogespan: Happy I switched. [00:07:30] offsetkeyz: Oh, you're here to here. First folks. Former Android user switched to apple happy. He [00:07:37] dogespan: It's been three years going now? Yeah, three I plan on going back. [00:07:49] dogespan: Got another one from Ars Technica. We have Avast, where they are ordered to stop selling browsing data from its browsing privacy [00:08:00] apps. Avast is known for its antivirus applications and privacy tools. They were recently found to be collecting and selling users browsing information through a subsidiary called JumpShot. [00:08:11] dogespan: Now this contradicts their promise of privacy as they were selling data from 2014 to 2020 to over 100 companies. This is just, if you're not paying for something, somewhere along the line, the company is making money from you. I used to use Avast a long, long time ago. Way before I switched to primarily using Linux. [00:08:36] dogespan: And I always wondered in the back of my mind, especially like as Facebook and these other social media companies came out, like who, we were getting more insight into being the product of these companies, more or less. So as I was using like free antivirus, it was always in the back of my mind. Are they, how are they making money off of this? How are they staying afloat? Yeah, they have their premium version, but hmm. The Federal Trade Commission, [00:09:00] or FTC, has stepped in and ordering Avast to pay 16. 5 million and implement a comprehensive privacy program. They must also stop selling browsing data and obtain explicit consent for future data collection. [00:09:15] dogespan: How clear is that consent going to be? Is it going to be just, your checkbox for terms and conditions? [00:09:20] offsetkeyz: It'll be very clear about 30 pages into the terms and conditions. Yeah. [00:09:25] dogespan: right at the end of your attention [00:09:26] dogespan: span [00:09:28] dogespan: The data Avast sold wasn't just random browsing info. It included detailed insights into online consumer habits, even down to individual user levels. This included data from Google Maps, LinkedIn, YouTube, and more, raising serious privacy concerns. If you used the Avast tools during this period your data might have been sold. Not a whole lot we can do about that at this time. What are we doing to prevent this? We can see that the FTC is finally taking action on this. And, again, just, [00:10:00] as a regular user, pay attention to those sorts of things. If you're I mean, I'm even guilty of it today. I still go to app stores and, I'll go hunting for an app that fits the need. [00:10:11] dogespan: And 5. 99 price tag, I'm like, Ugh, there's gotta be a free version. I know better! [00:10:20] offsetkeyz: I've already got my data anyways. Ah, [00:10:23] dogespan: So Avast has closed JumpShot and maintains its commitment to protecting digital lives, despite disagreeing with the FTC's allegations. So if they maintained its commitment to protecting digital lives, so when did the commitment To protecting start. [00:10:44] offsetkeyz: Yeah, I don't. If you're maintaining your previous commitment that allowed you to sell my data, maintaining it. Isn't a brag. I've asked. Sorry. [00:10:53] dogespan: Well, this case serves as a reminder of the importance of regulatory [00:11:00] oversight and safeguarding our online privacy. And that, I think, is the staple or biggest takeaway from the FTC stepping in, is that we just need More regulation around a lot of the tech companies. They're going to consistently find ways to monetize our data, and they're going to find those loopholes. [00:11:20] dogespan: So we need the agencies to get involved, to become aware, and we can't be oblivious to technology. [00:11:30] offsetkeyz: Well, that's all we've got for you today. Thanks so much to dogespan for joining us. Delivering the sweet tasty news to you guys. We'll be back tomorrow with your weekly. Who's been popped updates as well as some other news. So we'll talk to you then. [00:12:00]

In this episode, we navigate through a series of critical cybersecurity issues. First, we discuss Dark Reading's report on LastPass's alert about a counterfeit app in the Apple App Store, highlighting the risks of digital impersonation and fraud. Next, we delve into Bleeping Computer's coverage of the U.S. State Department's substantial reward for information on the Hive ransomware group, a significant step in combating cyber extortion. Finally, we explore a report from The Hacker News about the Chinese state-sponsored hacking group Volt Typhoon's stealthy presence in U.S. critical infrastructure, underscoring the evolving landscape of global cyber threats. Join us as we analyze these developments, shedding light on the ongoing battle against cybercrime and the importance of vigilance in our interconnected digital world. LastPass Warns on Password App Discovered in Apple App Store - Dark Reading Article US offers $10 million for tips on Hive ransomware leadership - Bleeping Computer Article Chinese Hackers Operate Undetected in U.S. Critical Infrastructure for Half a Decade - The Hacker News Article Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

In today's episode, we dive deep into the digital world's hidden dangers, uncovering how the FBI's strategic takedown impacts us and the unseen battles fought in the cyber realm. First, we explore the aftermath of a major operation against Chinese malware in SOHO routers, shedding light on how botnets threaten our digital security and steps to safeguard our devices. Then, we shift focus to a critical vulnerability within Windows Event Log, known as EventLogCrasher, revealing its widespread impact and the community's swift response to mitigate the threat. Lastly, we touch on a sophisticated cyber-attack using popular platforms like Vimeo and Ars Technica for malware distribution. Stay informed and ahead of cyber threats with our insightful analysis and expert advice. Original articles: Chinese malware removed from SOHO routers after FBI issues covert commands US Feds shut down China-linked KV botnet Botnet threat to critical infrastructure New Windows Event Log zero-day flaw gets unofficial patches Music provided by http://www.jeredjones.com [00:00:00] announcer: Welcome to the Daily Decrypt, the go to podcast for all things cyber security. Get ready to decrypt the complexities of cyber safety and stay informed. Today is February 2nd, 2024, the most important day of your life. Here are your hosts, Offset Keys and Doja Span. [00:00:21] offsetkeyz: Welcome back to the Daily Decrypt. Thanks for tuning in. Today it is Offset Keys accompanied by DojaSpan. You got both the boys in town. We're back. And yesterday we talked a little bit about SOHO routers. And I had to bring in the expert on home networking, DojaSpan, to talk about a little more in depth SOHO routers. And if you don't remember from yesterday, SOHO stands for Small Office. We're gonna be talking about that a little more. I'm gonna bring you a story about a Windows event log crasher, but don't worry. I'm gonna help keep it relevant to everybody. And then finally, DogeSpan's [00:01:00] gonna close us off with some Vimeo USB stick to deliver second stage malware. [00:01:07] d0gesp4n: The article that was brought up yesterday, I thought was really good. Really relevant to a lot of users. Especially with some of the research that I've conducted myself, personally. I've gone on different websites that are accessible that you can essentially look at what is being publicly hosted. From different IP addresses, and one of the common ones that I found were Soho routers, they had their admin pages, which is what offset keys was going into yesterday about typing in that IP address, instead of a www address, and getting in and changing that admin. Some manufacturers like to, by default, expose that from time to time. Not gonna call any a specific one out because there wasn't a trend it was pretty much all across the board But the other thing is that they like to expose it and by [00:02:00] expose it publicly accessible Like we talked about you can navigate it navigate to it from anywhere in the internet the manufacturers will do that so that they can give you technical support or whatever. But the key thing that OffsetKey was talking about was just getting in there and changing the password. So that is first and foremost the number one step that you want to do. The other thing that you can do to mitigate a lot of issues. Is rebooting your router from time to time. Routers are a little bit different than computers where a lot of stuff is stored in short term memory and the way to think about that is, you're doing tasks throughout the day. And if you don't write down certain bits of information, you're going to forget about it when you go to sleep. And in terms of like computers and routers is when you reboot them, they pick right back up to what they originally knew from the start. [00:02:54] offsetkeyz: If you've ever seen the movie Memento it's an older movie, but it is exactly that. He cannot remember things for more [00:03:00] than like 30 minutes. Every 30 minutes he resets to a certain point, and that's how computers work too. [00:03:06] d0gesp4n: Yeah, so with this , I think it was, CISA, the Cybersecurity Infrastructure Security Agency. They mentioned that, this was going on by Chinese spies and the FBI took down the servers that were leveraging these vulnerable routers for a giant botnet. on the bright side, the bad guys were taken down on this. But this is a really common theme to use against home equipment because it's relatively unsecure unless you go in and take, a couple steps. And now, a botnet, it does sound terrible. The thing about a botnet is a bunch of computers, or routers, or Chromecasts, or printers all communicating back to one brain and doing whatever that brain wants them to do. And it could be, like, just sending out tons of emails. Could be [00:04:00] just monitoring a bunch of information off of those devices, and then also launching attacks. [00:04:07] offsetkeyz: That's so interesting. Yeah, I was reading the article yesterday about Soho devices and it was so vague. I think I even mentioned it yesterday. I was like, they don't really talk much about what's going on. So really, thanks to Doja Span for talking about botnets. Botnets, I just had this funny analogy in my head that I'm going to share with you guys. Botnets are like, yeah, you just bought a new house. And there's a little troll in the basement who just lives there until the troll master needs him to do something, right? So he's not it's not terrible. He does take up resources like air and probably needs water and food. So he might suck on that a little bit, But if you have Millions of houses with each having one troll in that house and then all of a sudden they get really mad at let's say Walmart and Every one of those trolls goes into Walmart and I have a million trolls in Walmart. No one else can go in no one else can [00:05:00] do anything So that's an example of what we would call a DDoS attack, which is a distributed, using the trolls, denial of service, right? Every troll goes in, denies anyone else access to Walmart. Walmart doesn't like that, because now they get no money. Of all the hacks I'd like to have done to me, I wouldn't want any done to me, but having a botnet, it's, they're not really trying to get you, they're just trying to Have access to your resources when they need them, and then attack somebody else using your resources. [00:05:28] d0gesp4n: I like that. [00:05:29] offsetkeyz: Little trolls. [00:05:31] d0gesp4n: A little troll. [00:05:32] offsetkeyz: thanks DojaSpan for bringing that to us. [00:05:34] d0gesp4n: Yeah. [00:05:34] offsetkeyz: The key takeaway from yesterday's episode is that most people have what's called a SoHo device in their home. Most of them are insecure. they were likely being used for botnets. if anyone has actually noticed an increase in their internet speed in the last month, I'd love to hear about it in the comments, because DojaSpan talked about, the servers being used have been shut down, so [00:06:00] likely the resources that those little trolls were using have gone away, or, come back to you and will show up as probably an internet speed boost, I would imagine. Do you agree with that? [00:06:12] d0gesp4n: Yeah. And I didn't think about the direct impact. I'm thinking of crypto mining and stuff, how that can burn up your energy, but that's big computers and, running your GPU or your graphics. even just your internet speed. [00:06:24] offsetkeyz: if you've experienced that kind of a boost, you're kind of like, Oh, it's working really well today. We'd love to hear about it. That's very interesting to us. So drop a comment below. Okay, so moving on to our next story, I'm going to be discussing What's known as a zero day vulnerability surprise, surprise from Microsoft in the windows operating system, which has been coined event log crasher. So before I go into that, I just wanted to explain what a zero day is. A zero day essentially is something that came out [00:07:00] in a product when the product was released that the company didn't know about and there's no fix for it. It's just sitting there. undiscovered until one day it's discovered by attackers, and then they can exploit it as long as they can keep it secret from the company. Once the company finds out, they declare it a zero day, they fix it. Sometimes those fixes take a long time, but they're always delivered to you in security updates. So one of the things we will harp on On this show is keep your phone up to date. If you've got the big red blinking button at the top of your chrome that says, please, for the love of God, update me, just do it. It's all the tabs are going to open back up. But what that update is doing is fixing security vulnerabilities. More often than not. So what's really cool about this article from Bleeping Computer is it talks about how this event log crasher vulnerability has not yet been patched by Microsoft. But what's cool is that a third party service called [00:08:00] Zeropatch has stepped in with unofficial fixes. Which is so cool, we're gonna need to start leveraging the community on these fixes, they're gonna start coming out quicker and quicker. One of the things I briefly touched on yesterday is What's called logs. Logs are just generally text files in a certain format that Write down everything that you do. [00:08:23] offsetkeyz: Everything that your computer does. I can't really think of a good analogy other than a sign in roster, maybe? If you went to the YMCA last month, you probably had to sign in and say that someone, got killed on that day. The police are probably going to go check that sign in roster. So that's what we would call logs. So when something happens in your network, the first thing that a security investigator is going to do is go check the logs for around the time that event happened. Attackers, we don't really think about this too much until we get into [00:09:00] network defense, but attackers want to cover their tracks. Just like murderers probably do as well, right? They want to go in and Maybe they signed in before they killed someone at the YMCA and they want to get their name off that roster, right? So that's essentially why this vulnerability is so bad, right? I didn't even explain this vulnerability so first of all attackers can use simple credentials and stop the service That logs events in windows computers for an indefinite amount of time. So the first thing they're going to do when they launch an attack is they're going to go stop that service. They're going to launch their attack and maybe they start it back up and maybe no one notices, but now there's no record of that attack. So this is pretty bad. It affects. All versions of Windows between 7 and 11. And, it's especially concerning for corporate networks, where, they need to know what's going on. [00:09:54] d0gesp4n: I really like that there are unofficial security patches coming out, even though you do want to be careful, [00:10:00] but it just pivots to the whole open source community. And the open source community is a collective of people for the most part trying to do the right thing and write useful software and help everybody out. It offers a lot of transparency which we've talked about in a previous episode. opens up the window so that everybody can go in and see what is running on this software. But you have a lot of major players in the industry like Apple, like Microsoft that tend to shy away from open source because they want to keep so much control over their devices. And this is really cool. I have come across this, I think just a small handful of times. [00:10:49] offsetkeyz: Yeah, there's a there's essentially a sect of people out there in the tech world that do really complex professional work for free and It's fun. It's [00:11:00] great Resume building. It's great community building great networking. It's probably gonna lead you to a very nice job, very high paying job because of your generosity. And that's really respected in the industry. But when we talk about open source, that's what that means is it's community funded, all of the code is available to anyone who wants to see it. And things like Microsoft. And Windows itself are closed source, where we can't actually see the source code. We can't contribute to it, etc. So when we say open source, all we're saying is, yeah, somebody from the tech community opened up their coding environment and wrote a fix for this Windows Event Crasher and distributed it for free. Did you ever see those old Budweiser commercials? Where real heroes, what was it? It was like, real American heroes. And then they would, do you remember those? It was like the 90s and they would just like pick. They would just pick a To you, sir, who [00:12:00] stands behind the bowling alley desk. Like a real American hero. They have a cool slogan. So yes, to you, individual who made this patch, we salute you. [00:12:10] d0gesp4n: The desk at your home office, and types away for the benefit of all humankind, we salute you. [00:12:20] offsetkeyz: real American hero right there. [00:12:23] d0gesp4n: All right. So this next one is brought to us by a combination of resources I pulled from different sources, but Ars Technica, Mandiant and HelpNet Security. Essentially what's going on is that this thread actor is using USBs to deliver malware that then go to websites that we commonly use. They'll plug them into their computer and it has a simple application that you may be familiar with. If you've used Windows, it could be explorer dot [00:13:00] whatever. And then you're clicking on it because you're curious. And what happens is it pulls up one of these websites. Now, baked into the website, could be in the description of the video. It's a little series of letters, numbers what's called an encoded string that is issuing the command for this malware to go and do its thing. So depending on where, what website you go, could be directing to a specific comment on a website. But depending on where it goes, Might be directing your infected machine to behave a certain way. It's gonna pick up CNC traffic, which is command and control. It could go do something else and just harvest your passwords and so on. It's really simple to do. It's simple for users to, to fall into this because you're just generally curious to see what's on a USB drive. Even as a security practitioner, I'm If I see something like that laying on the ground, I definitely want to plug it in, Yeah, [00:14:00] so it's running various programs. This one is called empty space, takes over your computer, steals info mines for cryptocurrency, which is similar to the botnets that we were talking about. Now, this kind of Stuff could if it has infected your computer could cause your energy bill to go up because your computer's starting to eat up a lot more power to run and try to make somebody else money through cryptocurrency. But really, the interesting side of this is the fact that they're using regular websites. So when you download a piece of malware, it could be an attachment. If you execute it by, double clicking on it, and then some website comes up and it seems benign a Vimeo video, could be YouTube. I know previously the website formerly known as Twitter X, was used to distribute and control different forms of malware. [00:14:54] offsetkeyz: I've not seen too many USB sticks on the floor. I've never been tempted to plug in a USB [00:15:00] stick, but I'm wondering, these attackers can get pretty creative when they're doing these sorts of things. And so I'm wondering if there's like maybe a Facebook marketplace or something where people are selling like used USB sticks or [00:15:14] d0gesp4n: This one's targeted at businesses. And that's usually where I hear about it is somebody would want to get information or trade secrets from a business in particular. So then they'll leave it outside of there, I could leave it outside of Starbucks. A lot of people go and they work remotely and go in for their afternoon coffee and a little bit of a. I don't know. Coffee and work? [00:15:35] offsetkeyz: Yeah, curiosity killed the cat. [00:15:44] offsetkeyz: I think that's it for today. I really appreciate Doge's Band coming on and [00:15:49] d0gesp4n: I appreciate Offset Keys showing up for this and giving us your expert opinion. [00:15:55] offsetkeyz: I'm a little sleepy. Because y'all have me delivering news to you [00:16:00] every day, alright? Demanding it of me. Thanks for demanding it of me. I really appreciate you guys listening. It's been a blast. Happy Friday! If y'all are bored this weekend, or you need to go on your jog, we have a little intro teaser interview between the two of us coming out that's gonna talk about how to break into cyber security and how we broke into cyber security and it'll be an all around good time so check that out tomorrow or sunday whenever we get to uploading it and thanks [00:16:32] d0gesp4n: Thank you! [00:17:00]

In this episode of Storm⚡️Watch, we delve into a variety of cybersecurity topics, with a running theme of the vital need for Multi-Factor Authentication (MFA). We kick off with introductions and a roundtable discussion, followed by an exploration of a mass crypto-miner takedown, with insights drawn from reports by the Ukrainian Cyber Police and Bleeping Computer.  We then discuss the Ivanti debacle, referencing a blog post by Volexity. This is followed up by the note of two X account hacking events (SEC & Mandiant), as reported by The Register and Security Affairs. The NSA's warning about AI-enhanced phishing is also on our agenda, with sources from NBC News and Infosec Exchange.  We tap back to ancient Stuxnet news, the malware that cost a billion dollars, based on an article by Graham Cluley (there are some new twists to this tale). We also delve into the broad implications of the Orrick breach, as reported by Security Week.  In our tool spotlight, we feature Cyberwatch, a GitHub project by Casualtek. We also discuss a blog posts from Censys, about a Juniper vulnerability and encourage folks to attend the "Stop Predicting, Start Protecting" lunch-and-learn. From GreyNoise, we highlight the second 2024 Tag Webinar and  2023 GreyNoise Internet Exploitation Retrospective Report. We wrap up with a roundup of known exploited vulnerabilities from CISA. Episode Slides >> Join our Community Slack >> Learn more about GreyNoise >>      

Mix TikTok with facial recognition, and you've got a doxxing nightmare, T-Mobile users report bizarre behaviour in their accounts, and a Windows flaw provides a new means of infecting users.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Paul Ducklin.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:T-Mobile customer reports privacy breach - Twitter.T-Mobile US exposes some customer data – but don't call it a breach - The Register.T-Mobile denies new data breach rumors, points to authorized retailer - Bleeping Computer.Connectivity Source - Despite appearances, don't confuse it with T-Mobile.ThemeBleed exploit is another reason to patch Windows quickly - MalwareBytes.If I Embarrass My Baby on TikTok, Will He Stay My Baby Forever? - New York Times.They Gossiped At Brunch. Now There's a Mob After Them - Rolling Stone.The End of Privacy is a Taylor Swift Fan TikTok Account Armed with Facial Recognition Tech - 404 Media.Egg crack challenge,the last baby is so cute - YouTube.Trailer for “The Deepest Breath” - YouTube.“The Deepest Breath” - Netflix.Nitpick: Meaningless communications.Naked Security.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – Kolide ensures that if your device isn't secure it can't access your cloud apps. It's Device Trust for Okta. Watch the demo today!Gigamon – Download the Gigamon Hybrid Cloud Security Survey to learn about the hidden dangers of encrypted traffic.Drata – With over 14 frameworks including SOC2, GDPR, HIPAA, and ISO 27001, Drata gets you audit-ready for crucial security standards needed to scale your business. As a listener to Smashing Security you can save 10% off Drata and have implementation fees...

What if you could purchase a computer built like a Mac but run a free and open source operating system on it that you can't break, would you buy one? Steve and Noah discuss the Malibal, and an immutable distro with Flatpaks that "just works" -- During The Show -- 00:58 Intro Steve's Nvidea Issue trouble shooting process root cause = it's dirty why dig for the root cause Good News! Axia fixed our board! 06:50 Google Ad Policy - Ahmed Google ads used for phishing Google ads placement confusing Why google don't clearly label ads 12:05 TPM & Drive Encryption On Fedora - Tiny Clevis (https://github.com/latchset/clevis) SystemD Cryptenroll Fedora TPM Blog Post (https://fedoramagazine.org/automatically-decrypt-your-disk-using-tpm2/) Fedora Security Keys Blog Post (https://fedoramagazine.org/use-systemd-cryptenroll-with-fido-u2f-or-tpm2-to-decrypt-your-disk/) 15:09 Linux Mint Issues - penguin prince Maybe re-seat things? 15:55 Current Grafana Setup - Tiny Current Usage Network CPU RAM Disk Matrix database Added to Ansible Grafana can be more than graphs 21:00 News Wire Fedora KDE Plasma 6 Dropping X11 - 9 to 5 Linux (https://9to5linux.com/fedora-linux-40-to-offer-the-kde-plasma-6-desktop-on-wayland-and-drop-x11-session) Linux 6.7 Drops Itanium IA-64 - Phoronix (https://www.phoronix.com/news/Linux-6.7-To-Drop-Itanium-IA-64) ReiserFS Removed From Default Kernel - Phoronix (https://www.phoronix.com/news/ReiserFS-Drop-From-Defconfigs) Tails 5.17.1 - Tails (https://tails.net/news/version_5.17.1/index.en.html) Real-Time Linux on AWS - The News Stack (https://thenewstack.io/canonical-brings-real-time-linux-to-amazon-web-services/) Delayed Module Signature Verification - Phoronix (https://www.phoronix.com/news/Linux-Delay-Module-Verification) OpenSUSE Seeks LEAP Replacement - ZDNet (https://www.zdnet.com/article/opensuse-seeks-a-leap-replacement-but-will-distro-community-rise-to-the-challenge/) OpenSource.com Reborn - Open SOurce Watch (https://opensourcewatch.beehiiv.com/p/invaluable-opensourcecom-site-reborn-opensourcenet) Intel FPGA & RISC-V - The Register (https://www.theregister.com/2023/09/15/intel_fpga_updates/) OpenSSL 1.1.1 is EOL - The News Stack (https://thenewstack.io/update-now-openssl-1-1-1s-shelf-life-has-ended/) Earth Lusca & SprySOCKS backdoor - Bleeping Computer (https://www.bleepingcomputer.com/news/security/new-sprysocks-linux-malware-used-in-cyber-espionage-attacks/) NCurses Flaw - The Hacker News (https://thehackernews.com/2023/09/microsoft-uncovers-flaws-in-ncurses.html) CISA Announcement - CISA.gov (https://www.cisa.gov/news-events/news/cisa-announces-open-source-software-security-roadmap) VC Bill Gurley - Fortune.com (https://fortune.com/2023/09/17/bill-gurley-warns-regulatory-capture-ai-hails-open-source/) 6.1.14 Kernel in Scratch - MIT.edu (https://scratch.mit.edu/projects/892602496) 23:00 OpenSuse Aeon "It Just Works" Linux MicroOS & Gnome as immmutable base Software via FlatPak and distrobox Good for some users What problem does this solve? Purpose Driven OpenSuse Aeon (https://en.opensuse.org/Portal:Aeon) All Systems GO Talk (https://www.youtube.com/watch?v=1K_kGbmlewo) 34:30 Penguin Prince Calls Adding a Page to WordPress Issue Page refuses to go live 38:55 The US Assembled Linux Laptop You Haven't Heard Of Malibal (https://www.malibal.com/) Final Assembly in the US Expensive Making a powerful sleek computer Most have graphics cards Optimus Manager (https://github.com/Askannz/optimus-manager) Coreboot Commitment to sustainability Barrel Power vs Type-C charging Dell's commitment to Linux System76 (https://system76.com/) Framework Laptops (https://frame.work/) 51:36 NextCloud Hub 6 They have to have email Mail in a Box (https://mailinabox.email/) LInux Today (https://www.linuxtoday.com/news/nextcloud-hub-6-more-than-a-foss-replacement-for-microsoft-365-business-standard/) Linux UnPlugged 528 (https://linuxunplugged.com/528) 52:25 LFNW Moved to Next Year Had to move the date Will still have things to do -- The Extra Credit Section -- For links to the articles and material referenced in this week's episode check out this week's page from our podcast dashboard! This Episode's Podcast Dashboard (http://podcast.asknoahshow.com/355) Phone Systems for Ask Noah provided by Voxtelesys (http://www.voxtelesys.com/asknoah) Join us in our dedicated chatroom #GeekLab:linuxdelta.com on Matrix (https://element.linuxdelta.com/#/room/#geeklab:linuxdelta.com) -- Stay In Touch -- Find all the resources for this show on the Ask Noah Dashboard Ask Noah Dashboard (http://www.asknoahshow.com) Need more help than a radio show can offer? Altispeed provides commercial IT services and they're excited to offer you a great deal for listening to the Ask Noah Show. Call today and ask about the discount for listeners of the Ask Noah Show! Altispeed Technologies (http://www.altispeed.com/) Contact Noah live [at] asknoahshow.com -- Twitter -- Noah - Kernellinux (https://twitter.com/kernellinux) Ask Noah Show (https://twitter.com/asknoahshow) Altispeed Technologies (https://twitter.com/altispeed) • Ask Noah Show © CC-BY-ND 2021 •

Razzlekhan, the self-proclaimed Crocodile of Wall Street, pleads guilty to the biggest crypto laundering scheme in history, and just how safe are you typing while on a Zoom call?Meanwhile, Graham rants about public EV chargers.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:With Nvidia Eye Contact, you'll never look away from a camera again - Ars Technica.“A Practical Deep Learning-Based Acoustic Side Channel Attack on Keyboards” - Technical paper (PDF).New acoustic attack steals data from keystrokes with 95% accuracy - Bleeping Computer.Bitfinex users to share 36% of bitcoin losses after hack - BBC News.Bitfinex's Latest News & Updates - BitFinex blog.Heather R. Morgan - Wikipedia.Razzlekhan and husband guilty of $4.5bn Bitcoin launder - BBC News.Record-high seizure of $4bn in stolen Bitcoin - BBC News.‘Sexy horror comedy': Bitcoin laundering suspect is also ‘raunchy rapper' Razzlekhan - The Guardian.”Versace Bedouin” music video by Razzlekhan - YouTube.“Pho King Badd Bhech” music video by Razzlekhan - YouTube.SWARCO - Nit Pick of the Week.Esim Holafly - Holafly.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kolide – Kolide ensures that if your device isn't secure it can't access your cloud apps. It's Device Trust for Okta. Watch the demo today!ClearVPN – Hide your IP address, browse without geo-restrictions, and stay private online with a 30 day free trial of its premium plan.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or

UPS delivers some smishing advice (but have they kept something under wraps?), we ask ChatGPT to take a long hard look at itself, and we debate what the penalty should be for taking national secrets home with you.All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's sole founder Thom Langford.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:UPS discloses data breach after exposed customer info used in SMS phishing - Bleeping Computer.Example of UPS SMS phishing message related to Lego order - Twitter.Another example of a Lego-related UPS phishing message - Twitter.Former FBI Analyst Sentenced for Retaining Classified Documents - US Department of Justice.How The Intercept might have helped unmask Reality Winner to the NSA - Graham Cluley.Bad adverts leave people scratching their heads - MSN.How Cybercriminals Can Perform Virtual Kidnapping Scams Using AI Voice Cloning Tools and ChatGPT - Trend Micro.Which Jobs Will Be Most Impacted by ChatGPT? - Visual Capitalist.Unraveling an AI Scam with AI - Imperva.100,000 Hacked ChatGPT Accounts Discovered on Dark Web - Hackread.97+ ChatGPT Statistics & User Numbers In June 2023 (New Data) - Nerdy Nav.“Speed Cubers” - Netflix.Trailer for “Speed Cubers” - YouTube.KBDcraft.”How to Win Friends and Disappear People” - Qcode Podcasts.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Bitwarden – Password security you can trust. Bitwarden is an open source...

En este episodio del podcast, exploramos el peligroso mundo del SIM swapping, donde los hackers pueden tomar el control de cuentas de teléfono y criptomonedas. Comenzamos con el relato de kaKi, que nos compartió su historia en el canal Telegram de ElSiglo21esHoy.com. Y continuaremos aprendiendo a través de casos como el de Michael Terpin, que perdió $24 millones en criptomonedas, hasta el robo del famoso streamer Ibai Llanos, aprendemos cómo estos ataques ocurren y damos consejos para protegernos.También analizaremos el caso Santa Clara, uno de los episodios más intrigantes y perturbadores en el mundo del ciberdelito, donde los hackers jóvenes y astutos llevaron a cabo una serie de estafas conocidas como SIM swapping. Además, se profundiza en el caso Bittrex y Gregg Bennett, donde Bennett demandó a Bittrex, el exchange de criptomonedas, luego de sufrir el hackeo de SIM y la pérdida de casi 100 BTC. Este episodio destaca la creciente preocupación por los ataques de SIM swapping y la necesidad de implementar medidas de seguridad más sólidas en la industria de las criptomonedas. Se ofrece información y consejos útiles para mantenerse seguro en línea y protegerse del SIM swapping.Bibiliografía:

En este episodio del podcast, exploramos el peligroso mundo del SIM swapping, donde los hackers pueden tomar el control de cuentas de teléfono y criptomonedas. Comenzamos con el relato de kaKi, que nos compartió su historia en el canal Telegram de ElSiglo21esHoy.com. Y continuaremos aprendiendo a través de casos como el de Michael Terpin, que perdió $24 millones en criptomonedas, hasta el robo del famoso streamer Ibai Llanos, aprendemos cómo estos ataques ocurren y damos consejos para protegernos.También analizaremos el caso Santa Clara, uno de los episodios más intrigantes y perturbadores en el mundo del ciberdelito, donde los hackers jóvenes y astutos llevaron a cabo una serie de estafas conocidas como SIM swapping. Además, se profundiza en el caso Bittrex y Gregg Bennett, donde Bennett demandó a Bittrex, el exchange de criptomonedas, luego de sufrir el hackeo de SIM y la pérdida de casi 100 BTC. Este episodio destaca la creciente preocupación por los ataques de SIM swapping y la necesidad de implementar medidas de seguridad más sólidas en la industria de las criptomonedas. Se ofrece información y consejos útiles para mantenerse seguro en línea y protegerse del SIM swapping.Bibiliografía:

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.FortiGaurd Labs encounters a kernel driver that makes use of the open-source donut tool.Checkpoint researchers observe Iranian threat actor Agrius operating against Israeli targets.SentielOne notes changes in the ongoing campaign by Kimsuky.Microsoft uncovers stealthy malicious activity aimed at critical infrastructure in the United States.ZScaler Threatlabz reporting on Pikabot, a new malware trojan.Bleeping Computer reporting that the QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program.eSentire launches a multi-pronged offensive against a growing cyberthreat: the Gootloader Initial Access-as-a-Service Operation.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

In the latest episode of the Risk Roundtable, the prodigal cybersecurity expert returns full of wisdom and words Dave admires but can't understand. Jen brings her expertise to the table and talks about 3CX, and staying vigilant. Dave builds upon vigilance talking about Nashville and about the value of taking stock of lessons learned from the latest school shooting. In the quick hits, Jen and Dave talk about protests, severe weather, and more cybersecurity updates. Not to be outdone, Andy pulls it all together and adds in his usual common sense approach and holding the security profession accountable. Then Andy runs the gang through love it, hate it, or don't care. Some of the references in the pod include: 3CX: 3CX - ⁠https://www.securityweek.com/mandiant-investigating-3cx-hack-as-evidence-shows-attackers-had-access-for-months/⁠3CX - Amazing work and helping the community - Huntress! ⁠https://www.huntress.com/blog/3cx-voip-software-compromise-supply-chain-threats Check My Operator (3CX). “This site is a way for users to identify if they were potentially impacted by the supply chain attack against 3CX from March 2023. If the background appears in red, the IP address you are visiting this site from was flagged by security researchers as potentially impacted. We do not have the ability to determine if you are still impacted. This site is a best effort to broadly notify potential impacted parties of this attack by members of the cyber security research community. If the background appears in gray, the IP address you are visiting this site from has not been reported to this site.” Nashville: Details about the Nashville shooter's gender identity sow confusion and disinformation. Audrey Hale's family ‘laying low,' communicating through church in wake of Nashville shooting Attacks on Christian schools ‘inevitable' amid rising violence permeating society: Christian education expert warns Hoax Shooting Threats Shut Down New York Schools Days After Nashville Tragedy How Nashville Prepared for the Day It Never Wanted to Face Understand the Threat. Gate 15 White Paper on The Hostile Event Attack Cycle (HEAC), 2021 Update. Protests: Online threats of violence but few signs of far-right organizing around Trump indictment Marjorie Taylor Greene calls for protests in New York after Trump indictment Severe Weather: 32 dead as tornadoes torment from Arkansas to Delaware. The President has made disaster declarations for Arkansas and Mississippi as concerns remain over continued tornado and other severe weather threats. And a reminder from CISA that criminals always seek to leverage these tragedies with scams. Significant Wintry Conditions from Intermountain West to Upper Midwest Here we go again: 2nd tornado outbreak in 5 days looms for Midwest Website Security: Exchange on-prem throttling - ⁠https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078⁠  Website Injection - ⁠https://blog.sucuri.net/2023/03/the-top-10-most-dangerous-types-of-injection-attacks.html⁠  Initial Access techniques - ⁠https://blog.qualys.com/vulnerabilities-threat-research/2023/03/30/risk-fact-3-initial-access-brokers-attack-what-organizations-ignore⁠ & ⁠https://thedfirreport.com/2023/03/06/2022-year-in-review/⁠ & ⁠https://vulncheck.com/blog/2022-cisa-kev-review⁠ KEV! IABs!: Bleeping Computer: 15 million public-facing services vulnerable to CISA KEV flaws (31 Mar). Read the report from Rezilion: Get to Know KEV In Our New Research Report (30 Mar) Others: ⁠Executive Order on Prohibition on Use by the United States Government of Commercial Spyware that Poses Risks to National Security⁠  Mandiant: ⁠Contracts Identify Cyber Operations Projects from Russian Company NTC Vulkan⁠, 30 Mar

An AI chatbot is causing a stir - both impressing and terrifying users in equal measure. A security researcher discovers that a "smart" cam that doesn't use the internet is err.. using the internet. And university students revolt over under-the-belt surveillance. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Host Unknown's Thom Langford.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:While anticipation builds for GPT-4, OpenAI quietly releases GPT-3.5 - TechCrunch.OpenAI upgrades GPT-3, stunning with rhyming poetry and lyrics - Ars Technica.GPT-3.5 finds a security vulnerability - Twitter.Mind-Blowing examples of OpenAI ChatGPT for Security, Infosec & Hacking - YouTube.OpenAI's new ChatGPT bot: 10 dangerous things it's capable of - Bleeping Computer.What GPT-3.5 really thinks about us humans - Twitter.We asked GPT-3.5 to write a story about the “Smashing Security” hosts - Twitter.GPT-Chat - OpenAI.Researcher Paul Moore questions Eufy about its privacy - Twitter.Eufy's “local storage” cameras can be streamed from anywhere, unencrypted - Ars Technica.Eufy privacy statement - Eufy.‘NO': Grad Students Analyze, Hack, and Remove Under-Desk Surveillance Devices Designed to Track Them - Vice. Max Von Himmel Twitter Feed - Twitter. It's Not Science, Just Surveillance (and it's Under Your Desk) - TWC newsletter. Northeastern University - Northeastern University homepage.

Why deleting your Twitter account may be a very bad idea, how the police unravelled the iSpoof fraud gang, and a trip into outer space (or at least interplanetary file systems).All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by original show co-host Vanja Švajcer.What an amazing 6 years of bickering it has been… thanks to all of you who have tuned in, appeared on the show, or supported us!

The corrupt Democrat elite and their willing accomplices are setting the stage for more election fraud for November 2022. From registering illegal aliens to vote, to tampering with gas prices to warning about “foreign actors” we are being set up once more.  To coincide with National Hug Your AK Day, we ask, what Duracoat color would you choose for your AK? During our Brownells Bullet Points, we will consider the numerous options available for the BRN-180. Do you practice situational awareness? Our SOTG Homeroom from CrossBreed Holsters highlights a horrible attack on an innocent man in a restaurant in California. Being armed is only part of the equation. We need to see the attack coming in order to stop it.  Thanks for being a part of SOTG! We hope you find value in the message we share. If you've got any questions, here are some options to contact us: Send an Email Send a Text Call Us Enjoy the show! And remember…You're a Beginner Once, a Student For Life! FEATURING: Latest Local News Report, KSLTV, DailyMail.co.uk, Daily Wire, Bleeping Computer, Madison Rising, Jarrad Markel, Paul Markel, SOTG University PARTNERS: SDS Imports, Brownells Inc, CrossBreed Holsters, DuraCoat Firearm Finishes, Hi-Point Firearms FIND US ON: Juxxi, Parler, MeWe.com, Gettr, iTunes, Stitcher, AppleTV, Roku, Amazon, GooglePlay, YouTube, Instagram, Facebook, Twitter, tumblr TOPICS COVERED THIS EPISODE [0:00:00] We hope you had a good Hug Your AK Day! [0:04:30] DuraCoat Finished Firearms - DuraCoat University TOPIC: What Color Would you Duracoat your AK? Huge thanks to our Partners:SDS Imports | Brownells | CrossBreed | Duracoat Firearm Finishes | Hi-Point Firearms Just because the Holiday has passed, doesn't mean you can't still celebrate! Hug Your AK Stickers www.ShopSOTG.com [0:15:40] Brownells Bullet Points - Brownells.com TOPIC: BRN-180 Uppers in a Variety of Calibers and Configurations www.brownells.com [0:25:20] SOTG Homeroom - CrossbreedHolsters.com TOPIC: Los Angeles Taco Bell stabbing of 82-year-old man in wheelchair caught on video latestlocalnewsreport.com [0:34:15] Evanston Woman Recovering in hospital after run with buck ksltv.com [0:42:50] Saudis release bombshell statement saying Biden DID try and delay oil production cut dailymail.co.uk [0:57:00] Colorado Officials ‘Incorrectly' Sent Out 30,000 Voter Registration Postcards To Noncitizens dailywire.com/news [1:03:05] FBI warns of disinformation threats before 2022 midterm elections bleepingcomputer.com SOURCES From latestlocalnewsreport.com: An 82-year-old man in a wheelchair was stabbed in an unprovoked attack earlier this month while inside a Los Angeles restaurant, police said Thursday. The attack occurred just before 7 p.m. on Oct. 3 inside Taco Bell in the Mar Vista area, Fox Los Angeles reported. Security footage shows the suspect entering the fast food restaurant and approaching the man from behind. (Click Here for Full Article)   From dailymail.co.uk: A bombshell statement from Saudi Arabia states the Biden administration reached out and pleaded with them to delay the OPEC deal to cut oil production until after the midterms. Saudi Foreign Minister Prince Faisal bin Farhan Al Saud said Thursday morning that US officials 'suggested' postponing the decision to reduce output by two million barrels a day by a month until after November 8, when millions of Americans will cast their ballots. The Kingdom also brushed off suggestions it sided with Russia by insisting it took a 'principled position' on the Ukraine war and said the OPEC decision was entirely based on economics, not politics. (Click Here for Full Article)   From www.bleepingcomputer.com: The Federal Bureau of Investigation (FBI) warned today of foreign influence operations that might spread disinformation to affect the results of this year's midterm elections. The federal law enforcement agency warned that foreign actors are actively spreading election infrastructure disinformation to manipulate public opinion, discredit the electoral process, sow discord, and encourage a lack of trust in democratic processes and institutions. As the FBI added, foreign actors might also target the public with attempts to incite violence before and after the midterms. (Click Here for Full Article)

Pete Ford from QuSecure sits down with Dave to discuss what exactly cyber quantum computing is, what it means for the country, and how other countries are using quantum. Dave and Joe share follow up on 2 stories, one Bleeping Computer reports, discussing the teen that hacked Uber and Rockstar Games has been arrested. Second, we share some listener follow up from last episode about medical documents being shared and how easy it would be to falsify your identity to obtain children's documents. Dustin, a Registered Health Information Management Technician, shares his thoughts on the matter. Dave's story follows the FCC's new plan to require phone companies to block spam texts from bogus numbers. Joe has the story on how two Abbotsford residents lose approximately forty six thousand dollars in a bank scam. Our catch of the day comes from listener Joseph who shares a strange email he received from a scammer claiming to be PayPal, which could have seemed real if it weren't for a few mistakes Joseph found to be peculiar. Links to stories: FCC advances plan to require blocking of spam texts from bogus numbers Two Abbotsford residents lose $46K in bank scam Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A new version of the LockBit ransomware offers a bug bounty, women uninstall period-tracking apps in fear of how their data might be used against them, and Microsoft's facial recognition tech no longer wants to know how you're feeling. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans https://www.smashingsecurity.com/hosts/graham-cluley (Graham Cluley) and https://www.smashingsecurity.com/hosts/carole-theriault (Carole Theriault), joined this week by Thom Langford from The Host Unknown podcast. Plus don't miss our featured interview with Bitwarden founder and CTO Kyle Spearrin. Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Episode links: https://www.bleepingcomputer.com/news/security/lockbit-30-introduces-the-first-ransomware-bug-bounty-program/ (LockBit 3.0 introduces the first ransomware bug bounty program) — Bleeping Computer. https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-emails-install-lockbit-ransomware/ (Fake copyright infringement emails install LockBit ransomware) — Bleeping Computer. https://www.theguardian.com/world/2022/jun/28/why-us-woman-are-deleting-their-period-tracking-apps (Why US women are deleting their period tracking apps) — The Guardian. https://foundation.mozilla.org/en/privacynotincluded/ (Privacy not included ) — Mozilla Foundation. https://www.vice.com/en/article/y3pgvg/the-1-period-tracker-on-the-app-store-will-hand-over-data-without-a-warrant (The #1 Period Tracker on the App Store Will Hand Over Data Without a Warrant) — Vice. https://www.nbcnews.com/tech/tech-news/microsoft-removing-emotion-recognition-features-facial-recognition-tec-rcna35087 (Microsoft is removing emotion recognition features from its facial recognition tech) — NBC News. https://research.aimultiple.com/emotional-ai-examples/ (Top 10 Emotional AI Examples in 2022 & Reasons for Success) — AI Multiple. https://ieeexplore.ieee.org/document/7155930 (Analysis of Speech Features for Emotion Detection: A Review ) — IEEE Xplore. https://blogs.microsoft.com/on-the-issues/2022/06/21/microsofts-framework-for-building-ai-systems-responsibly/ (Microsoft's framework for building AI systems responsibly ) — Microsoft. https://www.youtube.com/watch?v=d6IBiR9m3vY (The Swedish chemist shop sketch) — As performed by Mel Smith and Rowan Atkinson on Not the Nine O'Clock News. https://en.wikipedia.org/wiki/Alley_Cat_(video_game) (Alley Cat) — Wikipedia. https://archive.org/details/msdos_Alley_Cat_1984 (Play Alley Cat ) — Internet Archive. https://gamejolt.com/games/alleycatremeow/327439 (Alley Cat Remeow Edition ) — Game Jolt. https://remarkable.com/ (reMarkable.) https://www.solarthepodcast.com/listen (SOLAR podcast.) https://www.smashingsecurity.com/store (Smashing Security merchandise (t-shirts, mugs, stickers and stuff)) Sponsored by: https://l.kolide.co/3uSdmVj (Kolide) - the SaaS app that sends employees important, timely, and relevant security recommendations concerning their Mac, Windows, and Linux devices, right inside Slack. https://bitwarden.com/smashing/ (Bitwarden) - Password security you can trust. Bitwarden is an open source password manager trusted by millions of individuals, teams, and organizations worldwide for secure password storage and sharing. https://snyk.co/smashing (Snyk) - Find, prioritize, and fix security vulnerabilities in your code. Support the show: You can help the podcast by telling your friends and colleagues about “Smashing Security”, and leaving us a review on https://apple.co/2J1YMCu (Apple Podcasts) or https://www.podchaser.com/podcasts/smashing-security-244729 (Podchaser). Become a https://www.patreon.com/smashingsecurity (Patreon supporter) for ad-free episodes and our early-release feed! Follow us: Follow the show on Twitter at...

Biden's decision on student loan forgiveness later this summer. Here's why Elon Musk cannot just walk away from the Twitter deal. Novartis falls victim to cyberattack but claims sensitive data not compromised - Bleeping Computer. Apple WWDC: Tech giant shows off new MacBook Air, Pro, M2 chip, iOS 16 and more. Catch today's WSB article here. Learn more about your ad choices. Visit megaphone.fm/adchoices

California's AB-2408 aims to hold social media companies responsible for social media addiction. DuckDuckGo comes under scrutiny for its deal with Microsoft. Apple's Self-Service Repair Program leaves a lot to be desired. Researchers set their sites on social media dissociation. First, Techdirt's Mike Masnick stops in to discuss California's AB-2408. The bill, if passed, would allow parents and guardians to sue social media companies for their kids' social media addiction. But does the bill go too far in limiting free speech? Masnick shares his thoughts. Then, Tom Merritt of the Daily Tech News Show, discusses Bleeping Computer's recent report on DuckDuckGo. The company, which has a partnership with Microsoft, has been accused of allowing Microsoft trackers in its browser while still blocking other third-party trackers. Then, Mikah regales listeners with the tumultuous tale of embarking on the quest to replace the battery in his iPhone 12 Pro Max by way of Apple's Self Service Repair Program. Lastly, Jason shares a project from researchers at the University of Washington that looked at how social media design influences dissociation. Hosts: Jason Howell and Mikah Sargent Guests: Mike Masnick and Tom Merritt Download or subscribe to this show at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Melissa.com/twit checkout.com/tnw ZipRecruiter.com/tnw

California's AB-2408 aims to hold social media companies responsible for social media addiction. DuckDuckGo comes under scrutiny for its deal with Microsoft. Apple's Self-Service Repair Program leaves a lot to be desired. Researchers set their sites on social media dissociation. First, Techdirt's Mike Masnick stops in to discuss California's AB-2408. The bill, if passed, would allow parents and guardians to sue social media companies for their kids' social media addiction. But does the bill go too far in limiting free speech? Masnick shares his thoughts. Then, Tom Merritt of the Daily Tech News Show, discusses Bleeping Computer's recent report on DuckDuckGo. The company, which has a partnership with Microsoft, has been accused of allowing Microsoft trackers in its browser while still blocking other third-party trackers. Then, Mikah regales listeners with the tumultuous tale of embarking on the quest to replace the battery in his iPhone 12 Pro Max by way of Apple's Self Service Repair Program. Lastly, Jason shares a project from researchers at the University of Washington that looked at how social media design influences dissociation. Hosts: Jason Howell and Mikah Sargent Guests: Mike Masnick and Tom Merritt Download or subscribe to this show at https://twit.tv/shows/tech-news-weekly. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Melissa.com/twit checkout.com/tnw ZipRecruiter.com/tnw

Canary Cry News Talk #456 - 03.09.2022 TINFOIL OIL LINKTREE: CanaryCry.Party SHOW NOTES: CanaryCryNewsTalk.com CLIP CHANNEL: CanaryCry.Tube SUPPLY DROP: CanaryCrySupplyDrop.com SUPPORT: CanaryCryRadio.com/Support MEET UPS: CanaryCryMeetUps.com Basil's other podcast: ravel Gonz' YT: Facelikethesun Resurrection App Made by Canary Cry Producer: Truther Dating App   UKRAINE 1/ENERGY 3:35 V / 0:59 P Clip: Biden bans Russian oil, warns gas prices → Clip Flashback: Trump 2020 campaign, Biden gas price prediction   US rejects Poland offer for Migs to Ukraine, NATO disharmony (WBNC/CBS) Aliens?: UFO attacked Russian forces, says CBN News' Ukraine Director (IB Times)    FLIPPY 39:43 V / 37:07 P Nationwide home assistance robots, Labrador, for stay at home seniors (Dispatch)   UKRAINE 2/BIOLABS 56:48 V / 54:12 P Source 4/2020: Ukraine op group calls for probe on US labs (TASS/Russia) → China pushes conspiracy theory about labs in Ukraine (Bloomberg)   Clip: Undersecretary of State Victoria Nuland mentions “biological research facilities” in Ukraine  Source 2012: Biosecurity Challenges of the Global Expansion…Biolabs (Nat'l Acad. of Sci.)   The Power of False War Propaganda (The Daily Beast)  -connection with the US Gov Ad Buy's for vaccine = state TV (The Blaze)    COVID19/WACCINE 2:04:15 V / 2:01:39  4th jab could be silver bullet to anti-vax crisis (Fortune) Moderna to build mRNA factory in Kenya (CNBC) → Florida's top health official says no child should get jab, calls it “reckless” (Wapo) CA Officials raid preschool, question 2 year old about masks (NY Post)   CYBORG 2:44:14 V / 2:41:38 Clip: Tucker Carlson guest says we're headed towards “Cyborg Vivarium” (Media Matters) → New patent to allow people to control cars with their brains (PowerNationTV)   METAVERSE 3:00:08 V / 2:57:32 Meta celebrated black history month with “Afrofuturistic” world (Twitter)   ADDITIONAL STORIES: What does banning Russian oil accomplish? (AP) Clip: What they don't tell you about Russia Putin Bill Gates issues huge warning over Elon Musk and cryptocurrencies (The Sun) Extinct Judean Date Palm resurrected from seeds (Ancient-Origins, Arava Institute) Researchers find white supremacy on the rise in America (Chinese News) New theory on aliens is how they exist “as we don't know it” (SciTechDaily) FBI: Ransomware gang breached 52 US critical infrastructure orgs (Bleeping Computer) …more Ukraine/Russia Biden confronts new conflict of energy (Spectator World) With world in crisis, Israel steps up (Jerusalem Post) Coinbase caves to Russia sanctions (The Street) Ukrainian researchers stationed in Antarctica “in agony” (Nature, Wired version)  → Deleted webpages show Obama connection to Ukraine biolabs (E7) …more Flippy Amazon workers films himself getting trapped by robot shelves (NY Post, Newsweek) GE's worm robot to clear fat deposits from sewage pipes (Tech Crunch) Trading bots will take over all market trading (TMZ) Robots: Saviors of Creativity? (Creative Review) EPISODE 456 WAS PRODUCED BY…   Executive Producers Sister Sarah** Dustin H**   Producers Krissy H, Pocojojo, MORV, Cloud Suriel, Sir JC Knight of the TechnoSquatch, Malik W, LX PROTOCOL V2, BB, Palmer B, Aaron W, Sir Scott Knight of Truth, Sir James Knight of and servant of the lion of Judah, Veronica D, Jody P, Jackie U, Runksmash, Sir Casey the Shield Knight, DrWhoDunDat, Gail M   AUDIO PRODUCTION (Jingles, Iso, Music):   ART PRODUCTION (Drawing, Painting, Graphics): Dame Allie of the Skillet Nation, Sir Dove Knight of Rusbeltia, Sir Sammons Knight of the FIshes, MrJAG   CONTENT PRODUCTION (Microfiction etc.): Runksmash:  The Sentinel:    CLIP PRODUCER Emsworth, FaeLivrin, Epsilon   Timestamps: Mondays: Jackie U Wednesdays: Jade Bouncerson Fridays: Christine C