POPULARITY
This week, we are joined by Martin Zugec, Technical Solutions Director from Bitdefender, sharing their work and findings on "EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company. A newly identified Chinese APT group has been observed deploying a sophisticated, fileless malware framework called EggStreme against a Philippine military company. The multi-stage toolkit uses DLL sideloading and in-memory execution to evade detection, with its core backdoor, EggStremeAgent, enabling reconnaissance, lateral movement, keylogging, and data theft. Researchers note the campaign's persistence and stealth highlight professional, geopolitically motivated espionage activity linked to Chinese national interests. The research can be found here: EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are joined by Martin Zugec, Technical Solutions Director from Bitdefender, sharing their work and findings on "EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company. A newly identified Chinese APT group has been observed deploying a sophisticated, fileless malware framework called EggStreme against a Philippine military company. The multi-stage toolkit uses DLL sideloading and in-memory execution to evade detection, with its core backdoor, EggStremeAgent, enabling reconnaissance, lateral movement, keylogging, and data theft. Researchers note the campaign's persistence and stealth highlight professional, geopolitically motivated espionage activity linked to Chinese national interests. The research can be found here: EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company Learn more about your ad choices. Visit megaphone.fm/adchoices
Top Headlines: LastPass Labs | Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware: https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages Cisco Talos Blog | How RainyDay, Turian and a new PlugX variant abuse DLL search order hijacking: https://blog.talosintelligence.com/how-rainyday-turian-and-a-new-plugx-variant-abuse-dll-search-order-hijacking/?&web_view=true SentinelOne | Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware: https://www.sentinelone.com/labs/prompts-as-code-embedded-keys-the-hunt-for-llm-enabled-malware/ Trend MicroTrend Micro | AI-Powered App Exposes User Data, Creates Risk of Supply Chain Attacks: https://www.trendmicro.com/en_us/research/25/i/ai-powered-app-exposes-user-data.html?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/
Elizabeth Figura is a Wine developer at Code Weavers. We discuss how Wine and Proton make it possible to run Windows applications on other operating systems. Related links WineHQ Proton Crossover Direct3D MoltenVK XAudio2 Mesa 3D Graphics Library Transcript You can help correct transcripts on GitHub. Intro [00:00:00] Jeremy: Today I am talking to Elizabeth Figuera. She's a wine developer at Code Weavers. And today we're gonna talk about what that is and, uh, all the work that goes into it. [00:00:09] Elizabeth: Thank you Jeremy. I'm glad to be here. What's Wine [00:00:13] Jeremy: I think the first thing we should talk about is maybe saying what Wine is because I think a lot of people aren't familiar with the project. [00:00:20] Elizabeth: So wine is a translation layer. in fact, I would say wine is a Windows emulator. That is what the name originally stood for. it re implements the entire windows. Or you say win 32 API. so that programs that make calls into the API, will then transfer that code to wine and and we allow that Windows programs to run on, things that are not windows. So Linux, Mac, os, other operating systems such as Solaris and BSD. it works not by emulating the CPU, but by re-implementing every API, basically from scratch and translating them to their equivalent or writing new code in case there is no, you know, equivalent. System Calls [00:01:06] Jeremy: I believe what you're doing is you're emulating system calls. Could you explain what those are and, and how that relates to the project? [00:01:15] Elizabeth: Yeah. so system call in general can be used, referred to a call into the operating system, to execute some functionality that's built into the operating system. often it's used in the context of talking to the kernel windows applications actually tend to talk at a much higher level, because there's so much, so much high level functionality built into Windows. When you think about, as opposed to other operating systems that we basically, we end up end implementing much higher level behavior than you would on Linux. [00:01:49] Jeremy: And can you give some examples of what some of those system calls would be and, I suppose how they may be higher level than some of the Linux ones. [00:01:57] Elizabeth: Sure. So of course you have like low level calls like interacting with a file system, you know, created file and read and write and such. you also have, uh, high level APIs who interact with a sound driver. [00:02:12] Elizabeth: There's, uh, one I was working on earlier today, called XAudio where you, actually, you know, build this bank of of sounds. It's meant to be, played in a game and then you can position them in various 3D space. And the, and the operating system in a sense will, take care of all of the math that goes into making that work. [00:02:36] Elizabeth: That's all running on your computer and. And then it'll send that audio data to the sound card once it's transformed it. So it sounds like it's coming from a certain space. a lot of other things like, you know, parsing XML is another big one. That there's a lot of things. The, there, the, the, the space is honestly huge [00:02:59] Jeremy: And yeah, I can sort of see how those might be things you might not expect to be done by the operating system. Like you gave the example of 3D audio and XML parsing and I think XML parsing in, in particular, you would've thought that that would be something that would be handled by the, the standard library of whatever language the person was writing their application as. [00:03:22] Jeremy: So that's interesting that it's built into the os. [00:03:25] Elizabeth: Yeah. Well, and languages like, see it's not, it isn't even part of the standard library. It's higher level than that. It's, you have specific libraries that are widespread but not. Codified in a standard, but in Windows you, in Windows, they are part of the operating system. And in fact, there's several different, XML parsers in the operating system. Microsoft likes to deprecate old APIs and make new ones that do the same thing very often. [00:03:53] Jeremy: And something I've heard about Windows is that they're typically very reluctant to break backwards compatibility. So you say they're deprecated, but do they typically keep all of them still in there? [00:04:04] Elizabeth: It all still It all still works. [00:04:07] Jeremy: And that's all things that wine has to implement as well to make sure that the software works as well. [00:04:14] Jeremy: Yeah. [00:04:14] Elizabeth: Yeah. And, and we also, you know, need to make it work. we also need to implement those things to make old, programs work because there is, uh, a lot of demand, at least from, at least from people using wine for making, for getting some really old programs, working from the. Early nineties even. What people run with Wine (Productivity, build systems, servers) [00:04:36] Jeremy: And that's probably a good, thing to talk about in terms of what, what are the types of software that, that people are trying to run with wine, and what operating system are they typically using? [00:04:46] Elizabeth: Oh, in terms of software, literally all kinds, any software you can imagine that runs on Windows, people will try to run it on wine. So we're talking games, office software productivity, software accounting. people will run, build systems on wine, build their, just run, uh, build their programs using, on visual studio, running on wine. people will run wine on servers, for example, like software as a service kind of things where you don't even know that it's running on wine. really super domain specific stuff. Like I've run astronomy, software, and wine. Design, computer assisted design, even hardware drivers can sometimes work unwind. There's a bit of a gray area. How games are different [00:05:29] Jeremy: Yeah, it's um, I think from. Maybe the general public, or at least from what I've seen, I think a lot of people's exposure to it is for playing games. is there something different about games versus all those other types of, productivity software and office software that, that makes supporting those different. [00:05:53] Elizabeth: Um, there's some things about it that are different. Games of course have gotten a lot of publicity lately because there's been a huge push, largely from valve, but also some other companies to get. A lot of huge, wide range of games working well under wine. And that's really panned out in the, in a way, I think, I think we've largely succeeded. [00:06:13] Elizabeth: We've made huge strides in the past several years. 5, 5, 10 years, I think. so when you talk about what makes games different, I think, one thing games tend to do is they have a very limited set of things they're working with and they often want to make things run fast, and so they're working very close to the me They're not, they're not gonna use an XML parser, for example. [00:06:44] Elizabeth: They're just gonna talk directly as, directly to the graphics driver as they can. Right. And, and probably going to do all their own sound design. You know, I did talk about that XAudio library, but a lot of games will just talk directly as, directly to the sound driver as Windows Let some, so this is a often a blessing, honestly, because it means there's less we have to implement to make them work. when you look at a lot of productivity applications, and especially, the other thing that makes some productivity applications harder is, Microsoft makes 'em, and They like to, make a library, for use in this one program like Microsoft Office and then say, well, you know, other programs might use this as well. Let's. Put it in the operating system and expose it and write an API for it and everything. And maybe some other programs use it. mostly it's just office, but it means that office relies on a lot of things from the operating system that we all have to reimplement. [00:07:44] Jeremy: Yeah, that's somewhat counterintuitive because when you think of games, you think of these really high performance things that that seem really complicated. But it sounds like from what you're saying, because they use the lower level primitives, they're actually easier in some ways to support. [00:08:01] Elizabeth: Yeah, certainly in some ways, they, yeah, they'll do things like re-implement the heap allocator because the built-in heap allocator isn't fast enough for them. That's another good example. What makes some applications hard to support (Some are hard, can't debug other people's apps) [00:08:16] Jeremy: You mentioned Microsoft's more modern, uh, office suites. I, I've noticed there's certain applications that, that aren't supported. Like, for example, I think the modern Adobe Creative Suite. What's the difference with software like that and does that also apply to the modern office suite, or is, or is that actually supported? [00:08:39] Elizabeth: Well, in one case you have, things like Microsoft using their own APIs that I mentioned with Adobe. That applies less, I suppose, but I think to some degree, I think to some degree the answer is that some applications are just hard and there's, and, and there's no way around it. And, and we can only spend so much time on a hard application. I. Debugging things. Debugging things can get very hard with wine. Let's, let me like explain that for a minute because, Because normally when you think about debugging an application, you say, oh, I'm gonna open up my debugger, pop it in, uh, break at this point, see what like all the variables are, or they're not what I expect. Or maybe wait for it to crash and then get a back trace and see where it crashed. And why you can't do that with wine, because you don't have the application, you don't have the symbols, you don't have your debugging symbols. You don't know anything about the code you're running unless you take the time to disassemble and decompile and read through it. And that's difficult every time. It's not only difficult, every time I've, I've looked at a program and been like, I really need to just. I'm gonna just try and figure out what the program is doing. [00:10:00] Elizabeth: It takes so much time and it is never worth it. And sometimes you have to, sometimes you have no other choice, but usually you end up, you ask to rely on seeing what calls it makes into the operating system and trying to guess which one of those is going wrong. Now, sometimes you'll get lucky and it'll crash in wine code, or sometimes it'll make a call into, a function that we don't implement yet, and we know, oh, we need to implement that function. But sometimes it does something, more obscure and we have to figure out, well, like all of these millions of calls it made, which one of them is, which one of them are we implementing incorrectly? So it's returning the wrong result or not doing something that it should. And, then you add onto that the. You know, all these sort of harder to debug things like memory errors that we could make. And it's, it can be very difficult and so sometimes some applications just suffer from those hard bugs. and sometimes it's also just a matter of not enough demand for something for us to spend a lot of time on it. [00:11:11] Elizabeth: Right. [00:11:14] Jeremy: Yeah, I can see how that would be really challenging because you're, like you were saying, you don't have the symbols, so you don't have the source code, so you don't know what any of this software you're supporting, how it was actually written. And you were saying that I. A lot of times, you know, there may be some behavior that's wrong or a crash, but it's not because wine crashed or there was an error in wine. [00:11:42] Jeremy: so you just know the system calls it made, but you don't know which of the system calls didn't behave the way that the application expected. [00:11:50] Elizabeth: Exactly. Test suite (Half the code is tests) [00:11:52] Jeremy: I can see how that would be really challenging. and wine runs so many different applications. I'm, I'm kind of curious how do you even track what's working and what's not as you, you change wine because if you support thousands or tens thousands of applications, you know, how do you know when you've got a, a regression or not? [00:12:15] Elizabeth: So, it's a great question. Um, probably over half of wine by like source code volume. I actually actually check what it is, but I think it's, i, I, I think it's probably over half is what we call is tests. And these tests serve two purposes. The one purpose is a regression test. And the other purpose is they're conformance tests that test, that test how, uh, an API behaves on windows and validates that we are behaving the same way. So we write all these tests, we run them on windows and you know, write the tests to check what the windows returns, and then we run 'em on wine and make sure that that matches. and we have just such a huge body of tests to make sure that, you know, we're not breaking anything. And that every, every, all the code that we, that we get into wine that looks like, wow, it's doing that really well. Nope, that's what Windows does. The test says so. So pretty much any code that we, any new code that we get, it has to have tests to validate, to, to demonstrate that it's doing the right thing. [00:13:31] Jeremy: And so rather than testing against a specific application, seeing if it works, you're making a call to a Windows system call, seeing how it responds, and then making the same call within wine and just making sure they match. [00:13:48] Elizabeth: Yes, exactly. And that is obviously, or that is a lot more, automatable, right? Because otherwise you have to manually, you know, there's all, these are all graphical applications. [00:14:02] Elizabeth: You'd have to manually do the things and make sure they work. Um, but if you write automateable tests, you can just run them all and the machine will complain at you if it fails it continuous integration. How compatibility problems appear to users [00:14:13] Jeremy: And because there's all these potential compatibility issues where maybe a certain call doesn't behave the way an application expects. What, what are the types of what that shows when someone's using software? I mean, I, I think you mentioned crashes, but I imagine there could be all sorts of other types of behavior. [00:14:37] Elizabeth: Yes, very much so. basically anything, anything you can imagine again is, is what will happen. You can have, crashes are the easy ones because you know when and where it crashed and you can work backwards from there. but you can also get, it can, it could hang, it could not render, right? Like maybe render a black screen. for, you know, for games you could very frequently have, graphical glitches where maybe some objects won't render right? Or the entire screen will be read. Who knows? in a very bad case, you could even bring down your system and we usually say that's not wine's fault. That's the graphics library's fault. 'cause they're not supposed to do that, uh, no matter what we do. But, you know, sometimes we have to work around that anyway. but yeah, there's, there's been some very strange and idiosyncratic bugs out there too. [00:15:33] Jeremy: Yeah. And like you mentioned that uh, there's so many different things that could have gone wrong that imagine's very difficult to find. Yeah. And when software runs through wine, I think, Performance is comparable to native [00:15:49] Jeremy: A lot of our listeners will probably be familiar with running things in a virtual machine, and they know that there's a big performance impact from doing that. [00:15:57] Jeremy: How does the performance of applications compare to running natively on the original Windows OS versus virtual machines? [00:16:08] Elizabeth: So. In theory. and I, I haven't actually done this recently, so I can't speak too much to that, but in theory, the idea is it's a lot faster. so there, there, is a bit of a joke acronym to wine. wine is not an emulator, even though I started out by saying wine is an emulator, and it was originally called a Windows emulator. but what this basically means is wine is not a CPU emulator. It doesn't, when you think about emulators in a general sense, they're often, they're often emulators for specific CPUs, often older ones like, you know, the Commodore emulator or an Amiga emulator. but in this case, you have software that's written for an x86 CPU. And it's running on an x86 CPU by giving it the same instructions that it's giving on windows. It's just that when it says, now call this Windows function, it calls us instead. So that all should perform exactly the same. The only performance difference at that point is that all should perform exactly the same as opposed to a, virtual machine where you have to interpret the instructions and maybe translate them to a different instruction set. The only performance difference is going to be, in the functions that we are implementing themselves and we try to, we try to implement them to perform. As well, or almost as well as windows. There's always going to be a bit of a theoretical gap because we have to translate from say, one API to another, but we try to make that as little as possible. And in some cases, the operating system we're running on is, is just better than Windows and the libraries we're using are better than Windows. [00:18:01] Elizabeth: And so our games will run faster, for example. sometimes we can, sometimes we can, do a better job than Windows at implementing something that's, that's under our purview. there there are some games that do actually run a little bit faster in wine than they do on Windows. [00:18:22] Jeremy: Yeah, that, that reminds me of how there's these uh, gaming handhelds out now, and some of the same ones, they have a, they either let you install Linux or install windows, or they just come with a pre-installed, and I believe what I've read is that oftentimes running the same game on both operating systems, running the same game on Linux, the battery life is better and sometimes even the performance is better with these handhelds. [00:18:53] Jeremy: So it's, it's really interesting that that can even be the case. [00:18:57] Elizabeth: Yeah, it's really a testament to the huge amount of work that's gone into that, both on the wine side and on the, side of the graphics team and the colonel team. And, and of course, you know, the years of, the years of, work that's gone into Linux, even before these gaming handhelds were, were even under consideration. Proton and Valve Software's role [00:19:21] Jeremy: And something. So for people who are familiar with the handhelds, like the steam deck, they may have heard of proton. Uh, I wonder if you can explain what proton is and how it relates to wine. [00:19:37] Elizabeth: Yeah. So, proton is basically, how do I describe this? So, proton is a sort of a fork, uh, although we try to avoid the term fork. It's a, we say it's a downstream distribution because we contribute back up to wine. so it is a, it is, it is a alternate distribution fork of wine. And it's also some code that basically glues wine into, an embedding application originally intended for steam, and developed for valve. it has also been used in, others, but it has also been used in other software. it, so where proton differs from wine besides the glue part is it has some, it has some extra hacks in it for bugs that are hard to fix and easy to hack around as some quick hacks for, making games work now that are like in the process of going upstream to wine and getting their code quality improved and going through review. [00:20:54] Elizabeth: But we want the game to work now, when we distribute it. So that'll, that'll go into proton immediately. And then once we have, once the patch makes it upstream, we replace it with the version of the patch from upstream. there's other things to make it interact nicely with steam and so on. And yeah, I think, yeah, I think that's, I got it. [00:21:19] Jeremy: Yeah. And I think for people who aren't familiar, steam is like this, um, I, I don't even know what you call it, like a gaming store and a [00:21:29] Elizabeth: store game distribution service. it's got a huge variety of games on it, and you just publish. And, and it's a great way for publishers to interact with their, you know, with a wider gaming community, uh, after it, just after paying a cut to valve of their profits, they can reach a lot of people that way. And because all these games are on team and, valve wants them to work well on, on their handheld, they contracted us to basically take their entire catalog, which is huge, enormous. And trying and just step by step. Fix every game and make them all work. [00:22:10] Jeremy: So, um, and I guess for people who aren't familiar Valve, uh, softwares the company that runs steam, and so it sounds like they've asked, uh, your company to, to help improve the compatibility of their catalog. [00:22:24] Elizabeth: Yes. valve contracted us and, and again, when you're talking about wine using lower level libraries, they've also contracted a lot of other people outside of wine. Basically, the entire stack has had a tremendous, tremendous investment by valve software to make gaming on Linux work. Well. The entire stack receives changes to improve Wine compatibility [00:22:48] Jeremy: And when you refer to the entire stack, like what are some, some of those pieces, at least at a high level. [00:22:54] Elizabeth: I, I would, let's see, let me think. There is the wine project, the. Mesa Graphics Libraries. that's a, that's another, you know, uh, open source, software project that existed, has existed for a long time. But Valve has put a lot of, uh, funding and effort into it, the Linux kernel in various different ways. [00:23:17] Elizabeth: the, the desktop, uh, environment and Window Manager for, um, are also things they've invested in. [00:23:26] Jeremy: yeah. Everything that the game needs, on any level and, and that the, and that the operating system of the handheld device needs. Wine's history [00:23:37] Jeremy: And wine's been going on for quite a while. I think it's over a decade, right? [00:23:44] Elizabeth: I believe. Oh, more than, oh, far more than a decade. I believe it started in 1990, I wanna say about 1995, mid nineties. I'm, I probably have that date wrong. I believe Wine started about the mid nineties. [00:24:00] Jeremy: Mm. [00:24:00] Elizabeth: it's going on for three decades at this rate. [00:24:03] Jeremy: Wow. Okay. [00:24:06] Jeremy: And so all this time, how has the, the project sort of sustained itself? Like who's been involved and how has it been able to keep going this long? [00:24:18] Elizabeth: Uh, I think as is the case with a lot of free software, it just, it just keeps trudging along. There's been. There's been times where there's a lot of interest in wine. There's been times where there's less, and we are fortunate to be in a time where there's a lot of interest in it. we've had the same maintainer for almost this entire, almost this entire existence. Uh, Alexander Julliard, there was one person starting who started, maintained it before him and, uh, left it maintainer ship to him after a year or two. Uh, Bob Amstat. And there has been a few, there's been a few developers who have been around for a very long time. a lot of developers who have been around for a decent amount of time, but not for the entire duration. And then a very, very large number of people who come and submit a one-off fix for their individual application that they want to make work. [00:25:19] Jeremy: How does crossover relate to the wine project? Like, it sounds like you had mentioned Valve software hired you for subcontract work, but crossover itself has been around for quite a while. So how, how has that been connected to the wine project? [00:25:37] Elizabeth: So I work for, so the, so the company I work for is Code Weavers and, crossover is our flagship software. so Code Weavers is a couple different things. We have a sort of a porting service where companies will come to us and say, can we port my application usually to Mac? And then we also have a retail service where Where we basically have our own, similar to Proton, but you know, older, but the same idea where we will add some hacks into it for very difficult to solve bugs and we have a, a nice graphical interface. And then, the other thing that we're selling with crossover is support. So if you, you know, try to run a certain application and you buy crossover, you can submit a ticket saying this doesn't work and we now have a financial incentive to fix it. You know, we'll try to, we'll try to fix your, we'll spend company resources to fix your bug, right? So that's been so, so code we v has been around since 1996 and crossover, I don't know the date, but it's crossover has been around for probably about two decades, if I'm not mistaken. [00:27:01] Jeremy: And when you mention helping companies port their software to, for example, MacOS. [00:27:07] Jeremy: Is the approach that you would port it natively to MacOS APIs or is it that you would help them get it running using wine on MacOS? [00:27:21] Elizabeth: Right. That's, so that's basically what makes us so unique among porting companies is that instead of rewriting their software, we just, we just basically stick it inside of crossover and, uh, and, and make it run. [00:27:36] Elizabeth: And the idea has always been, you know, the more we implement, the more we get correct, the, the more applications will, you know, work. And sometimes it works out that way. Sometimes not really so much. And there's always work we have to do to get any given application to work, but. Yeah, so it's, it's very unusual because we don't ask companies for any of their code. We don't need it. We just fix the windows API [00:28:07] Jeremy: And, and so in that case, the ports would be let's say someone sells a MacOS version of their software. They would bundle crossover, uh, with their software. [00:28:18] Elizabeth: Right? And usually when you do this, it doesn't look like there's crossover there. Like it just looks like this software is native, but there is soft, there is crossover under the hood. Loading executables and linked libraries [00:28:32] Jeremy: And so earlier we were talking about how you're basically intercepting the system calls that these binaries are making, whether that's the executable or the, the DLLs from Windows. Um, but I think probably a lot of our listeners are not really sure how that's done. Like they, they may have built software, but they don't know, how do I basically hijack, the system calls that this application is making. [00:29:01] Jeremy: So maybe you could talk a little bit about how that works. [00:29:04] Elizabeth: So there, so there's a couple steps to go into it. when you think about a program that's say, that's a big, a big file that's got all the machine code in it, and then it's got stuff at the beginning saying, here's how the program works and here's where in the file the processor should start running. that's, that's your EXE file. And then in your DLL files are libraries that contain shared code and you have like a similar sort of file. It says, here's the entry point. That runs this function, this, you know, this pars XML function or whatever have you. [00:29:42] Elizabeth: And here's this entry point that has the generate XML function and so on and so forth. And, and, then the operating system will basically take the EXE file and see all the bits in it. Say I want to call the pars XML function. It'll load that DLL and hook it up. So it, so the processor ends up just seeing jump directly to this pars XML function and then run that and then return and so on. [00:30:14] Elizabeth: And so what wine does, is it part of wine? That's part of wine is a library, is that, you know, the implementing that parse XML and read XML function, but part of it is the loader, which is the part of the operating system that hooks everything together. And when we load, we. Redirect to our libraries. We don't have Windows libraries. [00:30:38] Elizabeth: We like, we redirect to ours and then we run our code. And then when you jump back to the program and yeah. [00:30:48] Jeremy: So it's the, the loader that's a part of wine. That's actually, I'm not sure if running the executable is the right term. [00:30:58] Elizabeth: no, I think that's, I think that's a good term. It's, it's, it's, it starts in a loader and then we say, okay, now run the, run the machine code and it's executable and then it runs and it jumps between our libraries and back and so on. [00:31:14] Jeremy: And like you were saying before, often times when it's trying to make a system call, it ends up being handled by a function that you've written in wine. And then that in turn will call the, the Linux system calls or the MacOS system calls to try and accomplish the, the same result. [00:31:36] Elizabeth: Right, exactly. [00:31:40] Jeremy: And something that I think maybe not everyone is familiar with is there's this concept of user space versus kernel space. you explain what the difference is? [00:31:51] Elizabeth: So the way I would explain, the way I would describe a kernel is it's the part of the operating system that can do anything, right? So any program, any code that runs on your computer is talking to the processor, and the processor has to be able to do anything the computer can do. [00:32:10] Elizabeth: It has to be able to talk to the hardware, it has to set up the memory space. That, so actually a very complicated task has to be able to switch to another task. and, and, and, and basically talk to another program and. You have to have something there that can do everything, but you don't want any program to be able to do everything. Um, not since the, not since the nineties. It's about when we realized that we can't do that. so the kernel is a part that can do everything. And when you need to do something that requires those, those permissions that you can't give everyone, you have to talk to the colonel and ask it, Hey, can you do this for me please? And in a very restricted way where it's only the safe things you can do. And a degree, it's also like a library, right? It's the kernel. The kernels have always existed, and since they've always just been the core standard library of the computer that does the, that does the things like read and write files, which are very, very complicated tasks under the hood, but look very simple because all you say is write this file. And talk to the hardware and abstract away all the difference between different drivers. So the kernel is doing all of these things. So because the kernel is a part that can do everything and because when you think about the kernel, it is basically one program that is always running on your computer, but it's only one program. So when a user calls the kernel, you are switching from one program to another and you're doing a lot of complicated things as part of this. You're switching to the higher privilege level where you can do anything and you're switching the state from one program to another. And so it's a it. So this is what we mean when we talk about user space, where you're running like a normal program and kernel space where you've suddenly switched into the kernel. [00:34:19] Elizabeth: Now you're executing with increased privileges in a different. idea of the process space and increased responsibility and so on. [00:34:30] Jeremy: And, and so do most applications. When you were talking about the system calls for handling 3D audio or parsing XML. Are those considered, are those system calls considered part of user space and then those things call the kernel space on your behalf, or how, how would you describe that? [00:34:50] Elizabeth: So most, so when you look at Windows, most of most of the Windows library, the vast, vast majority of it is all user space. most of these libraries that we implement never leave user space. They never need to call into the kernel. there's the, there only the core low level stuff. Things like, we need to read a file, that's a kernel call. when you need to sleep and wait for some seconds, that's a kernel. Need to talk to a different process. Things that interact with different processes in general. not just allocate memory, but allocate a page of memory, like a, from the memory manager and then that gets sub allocated by the heap allocator. so things like that. [00:35:31] Jeremy: Yeah, so if I was writing an application and I needed to open a file, for example, does, does that mean that I would have to communicate with the kernel to, to read that file? [00:35:43] Elizabeth: Right, exactly. [00:35:46] Jeremy: And so most applications, it sounds like it's gonna be a mixture. You're gonna have a lot of things that call user space calls. And then a few, you mentioned more low level ones that are gonna require you to communicate with the kernel. [00:36:00] Elizabeth: Yeah, basically. And it's worth noting that in, in all operating systems, you're, you're almost always gonna be calling a user space library. That might just be a thin wrapper over the kernel call. It might, it's gonna do like just a little bit of work in end call the kernel. [00:36:19] Jeremy: [00:36:19] Elizabeth: In fact, in Windows, that's the only way to do it. Uh, in many other operating systems, you can actually say, you can actually tell the processor to make the kernel call. There is a special instruction that does this and just, and it'll go directly to the kernel, and there's a defined interface for this. But in Windows, that interface is not defined. It's not stable. Or backwards compatible like the rest of Windows is. So even if you wanted to use it, you couldn't. and you basically have to call into the high level libraries or low level libraries, as it were, that, that tell you that create a file. And those don't do a lot. [00:37:00] Elizabeth: They just kind of tweak their parameters a little and then pass them right down to the kernel. [00:37:07] Jeremy: And so wine, it sounds like it needs to implement both the user space calls of windows, but then also the, the kernel, calls as well. But, but wine itself does that, is that only in Linux user space or MacOS user space? [00:37:27] Elizabeth: Yes. This is a very tricky thing. but all of wine, basically all of what is wine runs in, in user space and we use. Kernel calls that are already there to talk to the colonel, to talk to the host Colonel. You have to, and you, you get, you get, you get the sort of second nature of thinking about the Windows, user space and kernel. [00:37:50] Elizabeth: And then there's a host user space and Kernel and wine is running all in user, in the user, in the host user space, but it's emulating the Windows kernel. In fact, one of the weirdest, trickiest parts is I mentioned that you can run some drivers in wine. And those drivers actually, they actually are, they think they're running in the Windows kernel. which in a sense works the same way. It has libraries that it can load, and those drivers are basically libraries and they're making, kernel calls and they're, they're making calls into the kernel library that does some very, very low level tasks that. You're normally only supposed to be able to do in a kernel. And, you know, because the kernel requires some privileges, we kind of pretend we have them. And in many cases, you're even the drivers are using abstractions. We can just implement those abstractions kind of over the slightly higher level abstractions that exist in user space. [00:39:00] Jeremy: Yeah, I hadn't even considered the being able to use hardware devices, but I, I suppose if in, in the end, if you're reproducing the kernel, then whether you're running software or you're talking to a hardware device, as long as you implement the calls correctly, then I, I suppose it works. [00:39:18] Elizabeth: Cause you're, you're talking about device, like maybe it's some kind of USB device that has drivers for Windows, but it doesn't for, for Linux. [00:39:28] Elizabeth: no, that's exactly, that's a, that's kind of the, the example I've used. Uh, I think there is, I think I. My, one of my best success stories was, uh, drivers for a graphing calculator. [00:39:41] Jeremy: Oh, wow. [00:39:42] Elizabeth: That connected via USB and I basically just plugged the windows drivers into wine and, and ran it. And I had to implement a lot of things, but it worked. But for example, something like a graphics driver is not something you could implement in wine because you need the graphics driver on the host. We can't talk to the graphics driver while the host is already doing so. [00:40:05] Jeremy: I see. Yeah. And in that case it probably doesn't make sense to do so [00:40:11] Elizabeth: Right? [00:40:12] Elizabeth: Right. It doesn't because, the transition from user into kernel is complicated. You need the graphics driver to be in the kernel and the real kernel. Having it in wine would be a bad idea. Yeah. [00:40:25] Jeremy: I, I think there's, there's enough APIs you have to try and reproduce that. I, I think, uh, doing, doing something where, [00:40:32] Elizabeth: very difficult [00:40:33] Jeremy: right. Poor system call documentation and private APIs [00:40:35] Jeremy: There's so many different, calls both in user space and in kernel space. I imagine the, the user space ones Microsoft must document to some extent, but, oh. Is that, is that a [00:40:51] Elizabeth: well, sometimes, [00:40:54] Jeremy: Sometimes. Okay. [00:40:55] Elizabeth: I think it's actually better now than it used to be. But some, here's where things get fun, because sometimes there will be, you know, regular documented calls. Sometimes those calls are documented, but the documentation isn't very good. Sometimes programs will just sort of look inside Microsoft's DLLs and use calls that they aren't supposed to be using. Sometimes they use calls that they are supposed to be using, but the documentation has disappeared. just because it's that old of an API and Microsoft hasn't kept it around. sometimes some, sometimes Microsoft, Microsoft own software uses, APIs that were never documented because they never wanted anyone else using them, but they still ship them with the operating system. there was actually a kind of a lawsuit about this because it is an antitrust lawsuit, because by shipping things that only they could use, they were kind of creating a trust. and that got some things documented. At least in theory, they kind of haven't stopped doing it, though. [00:42:08] Jeremy: Oh, so even today they're, they're, I guess they would call those private, private APIs, I suppose. [00:42:14] Elizabeth: I suppose. Uh, yeah, you could say private APIs. but if we want to get, you know, newer versions of Microsoft Office running, we still have to figure out what they're doing and implement them. [00:42:25] Jeremy: And given that they're either, like you were saying, the documentation is kind of all over the place. If you don't know how it's supposed to behave, how do you even approach implementing them? [00:42:38] Elizabeth: and that's what the conformance tests are for. And I, yeah, I mentioned earlier we have this huge body of conformance tests that double is regression tests. if we see an API, we don't know what to do with or an API, we do know, we, we think we know what to do with because the documentation can just be wrong and often has been. Then we write tests to figure out what it's supposed to behave. We kind of guess until we, and, and we write tests and we pass some things in and see what comes out and see what. The see what the operating system does until we figure out, oh, so this is what it's supposed to do and these are the exact parameters in, and, and then we, and, and then we implement it according to those tests. [00:43:24] Jeremy: Is there any distinction in approach for when you're trying to implement something that's at the user level versus the kernel level? [00:43:33] Elizabeth: No, not really. And like I, and like I mentioned earlier, like, well, I mean, a kernel call is just like a library call. It's just done in a slightly different way, but it's still got, you know, parameters in, it's still got a set of parameters. They're just encoded differently. And, and again, like the, the way kernel calls are done is on a level just above the kernel where you have a library, that just passes things through. Almost verbatim to the kernel and we implement that library instead. [00:44:10] Jeremy: And, and you've been working on i, I think, wine for over, over six years now. [00:44:18] Elizabeth: That sounds about right. Debugging and having broad knowledge of Wine [00:44:20] Jeremy: What does, uh, your, your day to day look like? What parts of the project do you, do you work on? [00:44:27] Elizabeth: It really varies from day to day. and I, I, a lot of people, a lot of, some people will work on the same parts of wine for years. Uh, some people will switch around and work on all sorts of different things. [00:44:42] Elizabeth: And I'm, I definitely belong to that second group. Like if you name an area of wine, I have almost certainly contributed a patch or two to it. there's some areas I work on more than others, like, 3D graphics, multimedia, a, I had, I worked on a compiler that exists, uh, socket. So networking communication is another thing I work a lot on. day to day, I kind of just get, I, I I kind of just get a bug for some program or another. and I take it and I debug it and figure out why the program's broken and then I fix it. And there's so much variety in that. because a bug can take so many different forms like I described, and, and, and the, and then the fix can be simple or complicated or, and it can be in really anywhere to a degree. [00:45:40] Elizabeth: being able to work on any part of wine is sometimes almost a necessity because if a program is just broken, you don't know why. It could be anything. It could be any sort of API. And sometimes you can hand the API to somebody who's got a lot of experience in that, but sometimes you just do whatever. You just fix whatever's broken and you get an experience that way. [00:46:06] Jeremy: Yeah, I mean, I was gonna ask about the specialized skills to, to work on wine, but it sounds like maybe in your case it's all of them. [00:46:15] Elizabeth: It's, there's a bit of that. it's a wine. We, the skills to work on wine are very, it's a very unique set of skills because, and it largely comes down to debugging because you can't use the tools you normally use debug. [00:46:30] Elizabeth: You have to, you have to be creative and think about it different ways. Sometimes you have to be very creative. and programs will try their hardest to avoid being debugged because they don't want anyone breaking their copy protection, for example, or or hacking, or, you know, hacking in sheets. They want to be, they want, they don't want anyone hacking them like that. [00:46:54] Elizabeth: And we have to do it anyway for good and legitimate purposes. We would argue to make them work better on more operating systems. And so we have to fight that every step of the way. [00:47:07] Jeremy: Yeah, it seems like it's a combination of. F being able, like you, you were saying, being able to, to debug. and you're debugging not necessarily your own code, but you're debugging this like behavior of, [00:47:25] Jeremy: And then based on that behavior, you have to figure out, okay, where in all these different systems within wine could this part be not working? [00:47:35] Jeremy: And I, I suppose you probably build up some kind of, mental map in your head of when you get a, a type of bug or a type of crash, you oh, maybe it's this, maybe it's here, or something [00:47:47] Elizabeth: Yeah. That, yeah, there is a lot of that. there's, you notice some patterns, you know, after experience helps, but because any bug could be new, sometimes experience doesn't help and you just, you just kind of have to start from scratch. Finding a bug related to XAudio [00:48:08] Jeremy: At sort of a high level, can you give an example of where you got a specific bug report and then where you had to look to eventually find which parts of the the system were the issue? [00:48:21] Elizabeth: one, one I think good example, that I've done recently. so I mentioned this, this XAudio library that does 3D audio. And if you say you come across a bug, I'm gonna be a little bit generics here and say you come across a bug where some audio isn't playing right, maybe there's, silence where there should be the audio. So you kind of, you look in and see, well, where's that getting lost? So you can basically look in the input calls and say, here's the buffer it's submitting that's got all the audio data in it. And you look at the output, you look at where you think the output should be, like, that library will internally call a different library, which programs can interact with directly. [00:49:03] Elizabeth: And this our high level library interacts with that is the, give this sound to the audio driver, right? So you've got XAudio on top of, um. mdev, API, which is the other library that gives audio to the driver. And you see, well, the ba the buffer is that XAudio is passing into MM Dev, dev API. They're empty, there's nothing in them. So you have to kind of work through the XAudio library to see where is, where's that sound getting lost? Or maybe, or maybe that's not getting lost. Maybe it's coming through all garbled. And I've had to look at the buffer and see why is it garbled. I'll open up it up in Audacity and look at the weight shape of the wave and say, huh, that shape of the wave looks like it's, it looks like we're putting silence every 10 nanoseconds or something, or, or reversing something or interpreting it wrong. things like that. Um, there's a lot of, you'll do a lot of, putting in print fs basically all throughout wine to see where does the state change. Where was, where is it? Where is it? Right? And then where do things start going wrong? [00:50:14] Jeremy: Yeah. And in the audio example, because they're making a call to your XAudio implementation, you can see that Okay, the, the buffer, the audio that's coming in. That part is good. It, it's just that later on when it sends it to what's gonna actually have it be played by the, the hardware, that's when missing. So, [00:50:37] Elizabeth: We did something wrong in a library that destroyed the buffer. And I think on a very, high level a lot of debugging, wine is about finding where things are good and finding where things are bad, and then narrowing that down until we find the one spot where things go wrong. There's a lot of processes that go like that. [00:50:57] Jeremy: like you were saying, the more you see these problems, hopefully the, the easier it gets to, to narrow down where, [00:51:04] Elizabeth: Often. Yeah. Especially if you keep debugging things in the same area. How much code is OS specific?c [00:51:09] Jeremy: And wine supports more than one operating system. I, I saw there was Linux, MacOS I think free BSD. How much of the code is operating system specific versus how much can just be shared across all of them? [00:51:27] Elizabeth: Not that much is operating system specific actually. so when you think about the volume of wine, the, the, the, vast majority of it is the high level code that doesn't need to interact with the operating system on a low level. Right? Because Windows keeps putting, because Microsoft keeps putting lots and lots of different libraries in their operating system. And a lot of these are high level libraries. and even when we do interact with the operating system, we're, we're using cross-platform libraries or we're using, we're using ics. The, uh, so all these operating systems that we are implementing are con, basically conformed to the posix standard. which is basically like Unix, they're all Unix based. Psic is a Unix based standard. Microsoft is, you know, the big exception that never did implement that. And, and so we have to translate its APIs to Unix, APIs. now that said, there is a lot of very operating system, specific code. Apple makes things difficult by try, by diverging almost wherever they can. And so we have a lot of Apple specific code in there. [00:52:46] Jeremy: another example I can think of is, I believe MacOS doesn't support, Vulkan [00:52:53] Elizabeth: yes. Yeah.Yeah, That's a, yeah, that's a great example of Mac not wanting to use, uh, generic libraries that work on every other operating system. and in some cases we, we look at it and are like, alright, we'll implement a wrapper for that too, on top of Yuri, on top of your, uh, operating system. We've done it for Windows, we can do it for Vulkan. and that's, and then you get the Molten VK project. Uh, and to be clear, we didn't invent molten vk. It was around before us. We have contributed a lot to it. Direct3d, Vulkan, and MoltenVK [00:53:28] Jeremy: Yeah, I think maybe just at a high level might be good to explain the relationship between Direct 3D or Direct X and Vulcan and um, yeah. Yeah. Maybe if you could go into that. [00:53:42] Elizabeth: so Direct 3D is Microsoft's 3D API. the 3D APIs, you know, are, are basically a way to, they're way to firstly abstract out the differences between different graphics, graphics cards, which, you know, look very different on a hardware level. [00:54:03] Elizabeth: Especially. They, they used to look very different and they still do look very different. and secondly, a way to deal with them at a high level because actually talking to the graphics card on a low level is very, very complicated. Even talking to it on a high level is complicated, but it gets, it can get a lot worse if you've ever been a, if you've ever done any graphics, driver development. so you have a, a number of different APIs that achieve these two goals of, of, abstraction and, and of, of, of building a common abstraction and of building a, a high level abstraction. so OpenGL is the broadly the free, the free operating system world, the non Microsoft's world's choice, back in the day. [00:54:53] Elizabeth: And then direct 3D was Microsoft's API and they've and Direct 3D. And both of these have evolved over time and come up with new versions and such. And when any, API exists for too long. It gains a lot of croft and needs to be replaced. And eventually, eventually the people who developed OpenGL decided we need to start over, get rid of the Croft to make it cleaner and make it lower level. [00:55:28] Elizabeth: Because to get in a maximum performance games really want low level access. And so they made Vulcan, Microsoft kind of did the same thing, but they still call it Direct 3D. they just, it's, it's their, the newest version of Direct 3D is lower level. It's called Direct 3D 12. and, and, Mac looked at this and they decided we're gonna do the same thing too, but we're not gonna use Vulcan. [00:55:52] Elizabeth: We're gonna define our own. And they call it metal. And so when we want to translate D 3D 12 into something that another operating system understands. That's probably Vulcan. And, and on Mac, we need to translate it to metal somehow. And we decided instead of having a separate layer from D three 12 to metal, we're just gonna translate it to Vulcan and then translate the Vulcan to metal. And it also lets things written for Vulcan on Windows, which is also a thing that exists that lets them work on metal. [00:56:30] Jeremy: And having to do that translation, does that have a performance impact or is that not really felt? [00:56:38] Elizabeth: yes. It's kind of like, it's kind of like anything, when you talk about performance, like I mentioned this earlier, there's always gonna be overhead from translating from one API to another. But we try to, what we, we put in heroic efforts to. And try, try to make sure that doesn't matter, to, to make sure that stuff that needs to be fast is really as fast as it can possibly be. [00:57:06] Elizabeth: And some very clever things have been done along those lines. and, sometimes the, you know, the graphics drivers underneath are so good that it actually does run better, even despite the translation overhead. And then sometimes to make it run fast, we need to say, well, we're gonna implement a new API that behaves more like windows, so we can do less work translating it. And that's, and sometimes that goes into the graphics library and sometimes that goes into other places. Targeting Wine instead of porting applications [00:57:43] Jeremy: Yeah. Something I've found a little bit interesting about the last few years is [00:57:49] Jeremy: Developers in the past, they would generally target Windows and you might be lucky to get a Mac port or a Linux port. And I wonder, like, in your opinion now, now that a lot of developers are just targeting Windows and relying on wine or, or proton to, to run their software, is there any, I suppose, downside to doing that? [00:58:17] Jeremy: Or is it all just upside, like everyone should target Windows as this common platform? [00:58:23] Elizabeth: Yeah. It's an interesting question. I, there's some people who seem to think it's a bad thing that, that we're not getting native ports in the same sense, and then there's some people who. Who See, no, that's a perfectly valid way to do ports just right for this defacto common API it was never intended as a cross platform common API, but we've made it one. [00:58:47] Elizabeth: Right? And so why is that any worse than if it runs on a different API on on Linux or Mac and I? Yeah, I, I, I guess I tend to, I, that that argument tends to make sense to me. I don't, I don't really see, I don't personally see a lot of reason for, to, to, to say that one library is more pure than another. [00:59:12] Elizabeth: Right now, I do think Windows APIs are generally pretty bad. I, I'm, this might be, you know, just some sort of, this might just be an effect of having to work with them for a very long time and see all their flaws and have to deal with the nonsense that they do. But I think that a lot of the. Native Linux APIs are better. But if you like your Windows API better. And if you want to target Windows and that's the only way to do it, then sure why not? What's wrong with that? [00:59:51] Jeremy: Yeah, and I think the, doing it this way, targeting Windows, I mean if you look in the past, even though you had some software that would be ported to other operating systems without this compatibility layer, without people just targeting Windows, all this software that people can now run on these portable gaming handhelds or on Linux, Most of that software was never gonna be ported. So yeah, absolutely. And [01:00:21] Elizabeth: that's [01:00:22] Jeremy: having that as an option. Yeah. [01:00:24] Elizabeth: That's kind of why wine existed, because people wanted to run their software. You know, that was never gonna be ported. They just wanted, and then the community just spent a lot of effort in, you know, making all these individual programs run. Yeah. [01:00:39] Jeremy: I think it's pretty, pretty amazing too that, that now that's become this official way, I suppose, of distributing your software where you say like, Hey, I made a Windows version, but you're on your Linux machine. it's officially supported because, we have this much belief in this compatibility layer. [01:01:02] Elizabeth: it's kind of incredible to see wine having got this far. I mean, I started working on a, you know, six, seven years ago, and even then, I could never have imagined it would be like this. [01:01:16] Elizabeth: So as we, we wrap up, for the developers that are listening or, or people who are just users of wine, um, is there anything you think they should know about the project that we haven't talked about? [01:01:31] Elizabeth: I don't think there's anything I can think of. [01:01:34] Jeremy: And if people wanna learn, uh, more about the wine project or, or see what you're up to, where, where should they, where should they head? Getting support and contributing [01:01:45] Elizabeth: We don't really have any things like news, unfortunately. Um, read the release notes, uh, follow some, there's some, there's some people who, from Code Weavers who do blogs. So if you, so if you go to codeweavers.com/blog, there's some, there's, there's some codeweavers stuff, uh, some marketing stuff. But there's also some developers who will talk about bugs that they are solving and. And how it's easy and, and the experience of working on wine. [01:02:18] Jeremy: And I suppose if, if someone's. Interested in like, like let's say they have a piece of software, it's not working through wine. what's the best place for them to, to either get help or maybe even get involved with, with trying to fix it? [01:02:37] Elizabeth: yeah. Uh, so you can file a bug on, winehq.org,or, or, you know, find, there's a lot of developer resources there and you can get involved with contributing to the software. And, uh, there, there's links to our mailing list and IRC channels and, uh, and, and the GitLab, where all places you can find developers. [01:03:02] Elizabeth: We love to help you. Debug things. We love to help you fix things. We try our very best to be a welcoming community and we have got a long, we've got a lot of experience working with people who want to get their application working. So, we would love to, we'd love to have another. [01:03:24] Jeremy: Very cool. Yeah, I think wine is a really interesting project because I think for, I guess it would've been for decades, it seemed like very niche, like not many people [01:03:37] Jeremy: were aware of it. And now I think maybe in particular because of the, the Linux gaming handhelds, like the steam deck,wine is now something that a bunch of people who would've never heard about it before, and now they're aware of it. [01:03:53] Elizabeth: Absolutely. I've watched that transformation happen in real time and it's been surreal. [01:04:00] Jeremy: Very cool. Well, Elizabeth, thank you so much for, for joining me today. [01:04:05] Elizabeth: Thank you, Jeremy. I've been glad to be here.
JCO PO authors Dr. Abhishek Tripathi and Dr. Salvador Jaime-Casas at City of Hope Comprehensive Cancer Center share insights into their article, “Comparative Genomic Characterization of Small Cell Carcinoma of the Bladder Compared With Urothelial Carcinoma and Small Cell Lung Carcinoma.” Host Dr. Rafeh Naqash and Drs. Tripathi and Jaime-Casas discuss a novel understanding of the genomic alterations underlying SCBC, revealing actionable mutations that could serve as potential targets for improved clinical outcomes. TRANSCRIPT Dr. Rafeh Naqash: Hello and welcome to JCO Precision Oncology Conversations, where we bring you engaging conversations with authors of clinically relevant and highly significant JCO PO articles. I am your host, Dr. Dr. Rafeh Naqash, Podcast Editor for JCO Precision Oncology and Associate Professor at the OU Health Stephenson Cancer Center at the University of Oklahoma. Today, I am thrilled to be joined by Dr. Abhishek Tripathi, Associate Professor in the Department of Medical Oncology and Experimental Therapeutics Research at the City of Hope Comprehensive Cancer Center, as well as his mentee, Dr. Salvador Jaime-Casas, postdoctoral research fellow and first author of the JCO Precision Oncology article entitled "Comparative Genomic Characterization of Small Cell Carcinoma of the Bladder Compared with Urothelial Carcinoma and Small Cell Lung Carcinoma". At the time of this recording, our guest disclosures will be linked in the transcript. Abhishek and Salvador, welcome to our podcast and thank you for joining us today. This is a very interesting topic given that at least the landscape for neuroendocrine carcinomas, where small cell lung cancer is on one end of the spectrum, has been changing, at least on the lung cancer side, with recent approvals and some new ADCs. So, of course, understanding the genomic and transcriptomic similarities or differences between pulmonary small cell and extrapulmonary small cell is of huge interest. Could you tell us a little bit about small cell bladder cancer, current approaches to treatment of small cell bladder cancer, and then why you wanted to investigate that in this project as far as the genomic differences or similarities are concerned? Dr. Salvador Jaime-Casas: Well, first of all, thank you very much for having me. I am very excited to be here. And really what served as backbone for this research project was the notion that there is a currently evolving genomic landscape in the area of bladder cancer. We know this is a highly heterogeneous disease when it comes to molecular underpinnings and mutational profile. Specifically, we know that the most common histologic subtype is urothelial carcinoma. Small cell bladder cancer represents a histology that is found in less than 1% of all bladder cancer cases. However, it is one of the most aggressive histologies. It presents with a very poor prognosis to patients and very poor response to treatment, which is why we attempted to really elucidate what is the mutational profile behind this and provide a comparison contrast between small cell bladder cancer, small cell lung cancer, and conventional urothelial carcinoma. As your question mentioned, in terms of treatment, the conventional urothelial carcinoma and small cell bladder cancer are two distinct pathways when it comes to treatment algorithms. We know that in the current era there are newer and newer drugs being developed for conventional urothelial carcinoma. We have perioperative immunotherapy in the context of metastatic disease. We have antibody-drug conjugates such as enfortumab vedotin. But really, this amazing track record of drug development hasn't been mirrored in small cell bladder cancer. And here most of the therapy is usually extrapolated from studies from other small cell histologies like you mentioned earlier, small cell lung cancer has given some form of background in terms of what therapies are used here. Cytotoxic chemotherapy, for some patients with localized disease and small cell bladder cancer, concurrent chemotherapy and radiotherapy or perioperative cytotoxic chemotherapy have been the cornerstone of treatment for many years now. However, like I mentioned, the oncologic outcomes are very suboptimal when it comes to comparing it with other disease histologies, which is why we really wanted to describe the landscape here and provide this comparison across three different groups. For this particular study, we leveraged the Tempus dataset. So, include patients with urothelial carcinoma with small cell bladder cancer and small cell lung cancer. We included their demographic information, as well as the frequency of most common genomic alterations identified. And really, it was a very comparable Table 1. We see the demographic data across the three groups was very similar. One key thing that we identified was the female prevalence was a little bit lower in patients with small cell bladder cancer when compared to small cell lung cancer. But other than that, the age, race, ethnicity, was comparable across groups, and even the smoking history. Most of the patients in this cohort were former smokers, which we believe comes to explain that regardless of any mutational profile that we talked about in a few minutes, there are shared commonalities between these histologies and shared environmental exposures and risk factors that are going to be implicated in the disease biology for these three histologies. Dr. Rafeh Naqash: Thank you so much, Salvador, for that useful background. I would like to shift to Abhishek real quick. Abhishek, you are a practicing clinician, you have led several studies in the GU space, especially bladder. Based on what you see in the small cell lung cancer space, how drug development is shaping up, which aligns with what you are trying to evaluate in this paper as targets, how do you see some of that being implemented for small cell bladder cancer in the current era and age? Abhishek Tripathi: Thanks so much for the excellent question, Rafeh. As a GU investigator, small cell bladder cancer has always lagged behind in some regards regarding enrollment abilities for the novel clinical trials. And small cell lung cancer has paved the way and led the development of a lot of these drugs across the board. With the most recent sort of drugs targeting DLL3 already approved and several antibody-drug conjugates currently in development. That actually translates really well to how we should approach drug development in bladder cancer. What we saw in the study is that although there are overlaps and similarities between small cell lung cancer and small cell bladder cancer, there are also certain differences. So the long-term assumption that all therapies for small cell bladder cancer can be extrapolated to small cell bladder], may or may not be true, and I think it is high time that we specifically investigate these novel agents in tissue-specific small cell carcinomas. To that effect, we are excited to be participating in trials that are looking at some of the novel DLL3 targeted agents, specifically bispecific antibodies and T cell engagers so to speak, and antibody-drug conjugates that are now starting to open enrollment specifically in non-lung cancer cohorts to evaluate its efficacy. So overall, I think studies like this have the opportunity to identify more putative targets for organ-specific development of these novel agents. Dr. Rafeh Naqash: Absolutely, I could not agree more. I think tumor-agnostic therapies definitely have a place, but not all therapies work the same in different tumors with a similar histological or genomic background because there are definitely differences. So now going to the comparison that Salvador, you guys did in this project, could you help us understand what are some of the things you looked at, what were some of the commonalities and the differences, and what were some of the conceptual thoughts that come out from those results? Dr. Salvador Jaime-Casas: Of course. So, the first thing that we identified was which were the most frequent molecular alterations across these histologies. We actually provided a table showcasing how the most common mutations that we identified were TP53, TERT, RB1. However, like Dr. Tripathi mentioned, the distinction between these histologies is notable in the sense that some are more predominant in small cell-pertaining cancers such as bladder cancer and lung cancer. While some others are more common in bladder-pertaining malignancies like urothelial carcinoma and small cell bladder cancer. For instance, we saw that TP53 and RB1 were significantly more evident in small cell histologies, both small cell bladder cancer and small cell lung cancer, as opposed to conventional urothelial carcinoma, which really this mirrors what is known about these mutations and what has been published. These are markers associated with more aggressive disease with a worse prognosis and even to resistance to treatment. We also identified how TERT mutations were characteristically more prevalent in small cell bladder cancer as opposed to small cell lung cancer, as well as in urothelial carcinoma. TERT mutations were more commonly identified than in small cell lung cancer. And we give a long list of these mutations that we identified, but really what we wanted to underscore here was, A, the most common mutations across histologies; B, the most common co-occurring mutations where we saw that these are not mutually exclusive. A lot of patients had co-occurring TP53 and RB1 or RB1 and TERT or RB1 and ARID1A, really elucidating how heterogeneous this molecular landscape is across histologies. And the third one that we believe really brings down the clinical impact of this research was evidencing the idea of clinically actionable mutations. We also provided a table here showcasing how mutations like FGFR, DLL notch pathway, HER2, were evident in these histologies, and what is the current status of some clinical trials evaluating different drug designs for these mutations. Like Dr. Tripathi mentioned in the context of FGFR, approximately 6% of our cohort with small cell bladder cancer showcased mutations in FGFR3. However, up to 14% of them had mutations in any FGFR gene, which really underscores the notion that drugs like erdafitinib, which have been introduced in the market in recent years, could potentially showcase some response in the space of small cell bladder cancer. We actually provide the description of two trials, phase two, phase three trials, that are evaluating erdafitinib in the context of high-risk non-muscle invasive bladder cancer and even metastatic urothelial carcinoma. Like Dr. Tripathi mentioned as well, antibody-drug conjugates, another very interesting area of drug development targeting HER2, we included evidence on how disitamab vedotin and trastuzumab deruxtecan are currently being explored across different phase two and phase three clinical trials, both as part of basket trial designs for solid malignancies expressing HER2, but also for patients with urothelial carcinoma where there is evidence of HER2 expression. So, we believe that the landscape is shifting in the right direction in the sense that therapies are becoming much more personalized and targeted against these known molecular profiles. Dr. Rafeh Naqash: Thank you, Salvador, for summarizing some of those very interesting results and providing a very unique conceptual context to that. I would like to go to Abhishek this last portion. Of course, I am sure you guys will expand on this work and there are a lot of other interesting things that will likely come out from this work and hopefully you will publish that in JCO PO. But one of the very important things that I wanted to highlight from this podcast specifically was the science is obviously very interesting, but I feel the more important interesting aspect is giving trainees and fellows, residents, mentorship opportunities, mentoring them and giving them lead roles in projects like this, which is what Dr. Tripathi has successfully done for you in this project, Salvador. So, Abhishek, as somebody I have known for a couple of years now, more than a couple of years, as a very successful clinical translational investigator in the GU space in the early phase setting, Abhishek, really briefly, within a minute, could you tell us about your journey and what are some of the things that have worked for you as an early career investigator that you have learned from, and then your journey of mentorship, how has that been for you and what are some of the things that you take home from your mentorship role? Abhishek Tripathi: Absolutely. And as you mentioned, mentorship has been pivotal for all early career investigators for them to really succeed. So, my journey, as you know, I started off as an early career investigator at another institution, and I think I owe it to my mentors even at that time and even now who are helping me develop some of these newer translational and clinical trial ideas, creating opportunities where we could really showcase some of the interesting work that we are doing. That actually goes a long way in terms of creating independence as an established investigator. And I think the sooner we start off with mentorship prospects, I think the better it is. And paying it forward, I think I have been lucky to have mentees like Salvador who are just extremely talented, really committed, and goal-oriented. He really led the project right from the beginning in terms of initial analyses and looking up all the sort of correlative studies that we could do and the contextual data between small cell lung cancer and bladder cancer that we have delved into for the past several years. And it really showcases the ability of young mentees like Salvador to really excel given the right guidance and the support. As a mentor, it has been a really rewarding experience. It is really helpful to actually learn from some of these mentees as well as to approach the same problem from a different angle and different thought process and guide them through the study. So, it has been incredibly helpful and rewarding both being a mentee and a mentor over the past several years as I have transitioned. Dr. Rafeh Naqash: Thank you, Abhishek, for those very insightful comments on how both being a mentee and being a mentor helps shape you as an individual as well. And then you take a lot of pride in the success of your mentees. Now real quick, Salvador, could you tell us a little bit about yourself, you know, how you ended up at City of Hope under Dr. Tripathi's mentorship and what are some of the next important things that you are looking forward to doing? Dr. Salvador Jaime-Casas: So, a little bit about who I am. I did medical school in Mexico City. I was born and raised there, and towards the end of my medical training, I started to be engaged in research projects. And through one of my mentors in Mexico, I was actually introduced to the team here at City of Hope, including Dr. Tripathi. And through this, we got the opportunity to have some conversations about what I wanted to do, become a physician-researcher in the area of genitourinary oncology and hopefully my transition to residency in a few years. And that is how I came to be his mentee here at City of Hope. I think it has been a very rewarding experience, like Dr. Tripathi said, having such an incredible mentor and really being with him both in the academic setting and in the clinical setting, in patients with clinic, seeing this curiosity and all these clinical trials, all of this evidence that we have coming together to generate this insight. Dr. Rafeh Naqash: Thank you so much for both the scientific insights, as well as the journey of being a mentee for you, Salvador, and as a mentor for you, Abhishek. I really enjoyed talking to you guys about both aspects here today and hopefully we will see more of your work, Abhishek and Salvador, as far as understanding the transcriptomic heterogeneity in neuroendocrine tumors or neuroendocrine cancers of the bladder. Dr. Salvador Jaime-Casas: Thank you very much. Thank you for having us. Dr. Rafeh Naqash: Thank you for listening to JCO Precision Oncology Conversations. Do not forget to give us a rating or review and be sure to subscribe so you never miss an episode. You can find all ASCO shows at ASCO.org/podcasts. The purpose of this podcast is to educate and to inform. This is not a substitute for professional medical care and is not intended for use in the diagnosis or treatment of individual conditions. Guests on this podcast express their own opinions, experience and conclusions. Guest statements on the podcast do not express the opinions of ASCO. The mention of any product, service, organization, activity or therapy should not be construed as an ASCO endorsement. Dr. Abhishek Tripathi Disclosures Consulting or Advisory Role: Company: Aadi biosciences, Seattle Genetics/Astellas, Exelixis, Bayer, Gilead Sciences, Pfizer, Deka biosciences Speakers' Bureau: Company: Sanofi
Referências do EpisódioU.S. Secret Service dismantles imminent telecommunications threat in New York tristate areaHow RainyDay, Turian and a new PlugX variant abuse DLL search order hijackingBroken Trust: Fixed Supermicro BMC Bug Gains a New Life in Two New VulnerabilitiesSonicWall releases SMA100 firmware update to wipe rootkit malwareSobre o ataque de 22 TbpsYiBackdoor: A New Malware Family With Links to IcedID and Latrodectus/bin/live: Cyber Threat Intelligence na PráticaRoteiro e apresentação: Carlos CabralEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia
Di episode terbaru Podcast Telat Lulus, Demas dan Freddy bongkar rahasia keluarga mereka yang super diverse! Freddy cerita gimana darah Argentina-nya bikin hidupnya penuh passion ala tango dan sepak bola, sementara Demas share pengalaman keluarganya yang punya keturunan Arab – dari tradisi kumpul-kumpul Dll. Tapi yang bikin seru, mereka kasih tips-tips gokil buat pacaran sama pasangan internasional, langsung dari point of u masing-masing. kaya culture shock, dan momen romantis ala film Netflix. Mau tau gimana handle beda budaya, bahasa, atau bahkan makanan keluarga pasangan? Ini episode yang wajib didengerin buat kamu yang lagi swipe right di app dating global atau penasaran sama relationship cross-culture. Update setiap Senin, yuk dengerin sekarang di platform podcast favoritmu dan spill pengalamanmu di IG @telat_lulus ! #PodcastTelatLulus #CrossCulturalLove https://open.firstory.me/user/clhyojn2g01v001v9hy1da8sp/comments Powered by Firstory Hosting
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
CTRL-Z DLL Hooking Attackers may use a simple reload trick to overwrite breakpoints left by analysts to reverse malicious binaries. https://isc.sans.edu/diary/CTRL-Z%20DLL%20Hooking/32294 Global Admin in every Entra ID tenant via Actor tokens As part of September s patch Tuesday, Microsoft patched CVE-2025-55241. The discoverer of the vulnerability, Dirk-jan Mollema has published a blog post showing how this vulnerability could have been exploited. https://dirkjanm.io/obtaining-global-admin-in-every-entra-id-tenant-with-actor-tokens/ WatchGuard Firebox iked Out of Bounds Write Vulnerability CVE-2025-9242 WatchGuard patched an out-of-bounds write vulnerability, which could allow an unauthenticated attacker to compromise the devices. https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2025-00015 NVidia Triton Inference Server NVIDIA patched critical vulnerabilities in its Triton Inference Server. https://nvidia.custhelp.com/app/answers/detail/a_id/5691
"Arrête de m'aimer. Je t'aimerai toujours. Lâche ce pinceau, quitte cette toile."Dans cet épisode je suis accompagné de Marc, Arnaud et Mateo et nous revenons sur le jeu phénomène Clair Obscur : Expedition 33.N'hésitez pas à donner votre avis, donner des conseils qui pourrait améliorer l'émission. Merci par avance.Crédit musical : SATY.DLL @SuperPiaule-8bitsProjet musical de SATY.DLL : https://open.spotify.com/artist/2NJzBI8e5wSSdWJuu7EMl4?si=8L0nkeC_TuyFthtmtA9_6A
Un jour je serai le meilleur dresseur ...Dans cet épisode je reçois Staz, Yorizura et Young. On revient sur tous les jeux principaux de la saga Pokémon depuis la sortie au Japon de Pokémon Rouge et Vert en 1996 jusqu'à la sortie de Pokémon Noir 2 et Blanc 2 en 2012 qui marque une scission dans la saga. Nous reviendrons dans un second épisode en fin d'année pour la suite des jeux de 2013 à aujourd'hui.N'hésitez pas à donner votre avis, donner des conseils qui pourrait améliorer l'émission. Merci par avance.Crédit musical : SATY.DLL @SuperPiaule-8bitsProjet musical de SATY.DLL : https://open.spotify.com/artist/2NJzBI8e5wSSdWJuu7EMl4?si=8L0nkeC_TuyFthtmtA9_6A
A segurança dos meios de pagamento é um fator decisivo na operação dos estabelecimentos comerciais. Com o advento da digitalização dos documentos fiscais, e novas tecnologias para transação de fundos, novos desafios têm incomodado o varejista, e os fornecedores de sistemas de automação comercial. Os golpes podem ser mais simples, como comprovantes falsos, agendamento de PIX, e também podem ser bem mais complexos e difíceis de serem combatidos, como o Prilex. Com isso em mente, nesse Podcast nós vamos explicar todas as novas camadas de segurança que a PayGo adicionou em sua DLL. Até quando vale a DLL antiga? Será preciso homologar novamente? E sobre as novidades que o ACBr agora possui, beneficiando comercialmente as software houses em até 50% de desconto na licença através do TEF Promo?Fique por dentro, e não perca essa edição do Papo Pro ACBr. Convidados: Daniel Simões, CEO do ACBr.Gleisy Gomes, Head de planejamento do C6 Bank. David Moreno, Analista de Sistemas na Setis Automação.
By Adam Turteltaub There's a lot of discussion about the relationship between compliance and the general counsel. Less words, though, have been dedicated to the important relationship between compliance and HR. Netherlands-based Asaf Shalev, Global Ethics, Risk & Compliance Lead for DLL rightly observes that maximizing synergy between the work of HR and compliance is a key for success of both the compliance program and the business. The departments share overlapping interests in a number of areas, including the code of conduct. He advocates both sides working closely together to ensure that it is human centric. When it comes to compensation, HR can help by building in compliance-related metrics. When it comes to discipline, HR can ensure that it is documented, consistent and fair. They can also be helpful for navigating local the labor laws that may apply. Listen in to learn more about how to make the compliance-HR relationship work from recruiting and onboarding through the entire employee lifecycle. Listen now Sponsored by Ethena - automated compliance training, an employee hotline, and case management, all in one tool.
C'est une menace qui se fait discrète… trop discrète. Détecté en mars dernier par les chercheurs de Morphisec, ResolverRAT fait partie de ces malwares capables d'accéder à distance à une machine infectée, d'en extraire des fichiers ou d'exécuter des commandes. Un fonctionnement classique pour un RAT, un Remote Access Trojan. Mais ce qui le rend redoutable, c'est sa manière de passer sous les radars. ResolverRAT ne s'installe pas vraiment. Il s'exécute uniquement en mémoire, sans jamais écrire de fichier sur le disque dur, ni modifier de programme existant. Résultat : les antivirus classiques et même les systèmes EDR (Endpoint Detection and Response), pourtant plus évolués, peinent à le repérer.Le vecteur d'infection reste le bon vieux phishing, avec une recrudescence dans le secteur de la santé. Les victimes reçoivent un e-mail contenant une archive. À l'intérieur : un programme tiers légitime, hpreader.exe, signé et valide – déjà utilisé dans d'autres campagnes malveillantes – et une bibliothèque corrompue. À l'exécution, le programme charge cette DLL malicieuse sans poser de question. Et l'infection débute. Le code s'exécute alors directement dans la mémoire vive, en détournant un mécanisme du framework .NET pour y injecter ses propres modules. Une architecture complexe : composants chiffrés, chaînes masquées, présence furtive dans le registre Windows, et surtout, une capacité à communiquer via des connexions chiffrées sans dépendre des certificats de la machine. Les données extraites sont morcelées en blocs de 16 Ko, évitant ainsi toute alerte liée à une consommation anormale de bande passante.Morphisec a observé des variantes du malware dans de nombreuses langues : italien, hindi, tchèque, turc, portugais, indonésien… Les indices laissent penser à une opération internationale, avec une infrastructure rappelant d'autres familles bien connues comme Rhadamanthys ou Lumma. Mais ici, il s'agirait d'une souche inédite, construite sur mesure pour l'invisibilité. Face à une menace aussi furtive, les outils classiques sont dépassés. La meilleure défense reste la prévention. Ne cliquez pas sur des fichiers inattendus. Méfiez-vous des messages urgents. Vérifiez systématiquement l'identité de l'expéditeur. Même en 2025, ces réflexes restent vos meilleurs alliés contre des menaces de plus en plus sophistiquées. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.
Doge Laugh Love Ep. 2 - Hands OFF! - In the second episode of DLL, Lisa, Phil, Aaron and The Will of the People talk about some of the misdeeds the administration has committed since our last cadence two weeks ago. In fact, as we were dutifully recording episode one, Single-gate was literally breaking out and exposing our National Security team as one of the most inept collection of clowns ever assembled by a modern government. Soon after, Trump made "good" on his eternal promise to unilaterally slaps tarrifs on the entire world, including conuntries comprised exclusively of Penguins, sendiong the stock market into the abys and economists into hyteria describing what this self-inflicted wound might portend for the future. But, there IS good news, and perhaps a glimmer of hope for the future. There was a Supreme Court of Wisconsin election that proved that not everyone has gone completely insane. Also, Lisa and Phil attended a couple of great events since the last cadence, including the incredible 5050.one national protest that drew 6 million people out from under the jackboot of Maga this weekend! The message is grouwing strong to Maga. HANDS OFF our Democracy! #HandsOff #50501 #fiftyfity.one #activism #indivisible #mobilize #authoritarianism #jingoism #democracy #justice #januarysix #cybertruck #Trump #BermoeSamders #CoryBooker #denaturalizationBe advised. This podcast does take a position on the events of the day.: Music by TechnoAXE from Washington State - "Back to Work"If you don't like what is going on with your government, here are some great resources to follow.Hands Off!https://www.fiftyfifty.one/Indivisiblehttps://indivisible.orgMobilizehttps://mobilize.usSpringfield Township Action Committeehttps://www.facebook.com/groups/991352129598406
Quel est selon vous le meilleur réalisateur de films d'horreur de ces 20 dernières années ? Pour nous James Wan fait clairement parti de ceux qui nous ont le plus surpris dans son approche cinématographique.Dans cet épisode je reçois Mateo et Matthieu et on reviens sur tous les films d'horreur de James Wan.N'hésitez pas à donner votre avis, donner des conseils qui pourrait améliorer l'émission. Merci par avance.Crédit musical : SATY.DLL @SuperPiaule-8bitsProjet musical de SATY.DLL : https://open.spotify.com/artist/2NJzBI8e5wSSdWJuu7EMl4?si=8L0nkeC_TuyFthtmtA9_6A
This week, we are joined by Tom Hegel, Principal Threat Researcher from SentinelLabs research team, to discuss their work on "Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition." The latest Ghostwriter campaign, linked to Belarusian government espionage, is actively targeting Ukrainian military and government entities as well as Belarusian opposition activists using weaponized Excel documents. SentinelLabs identified new malware variants and tactics, including obfuscated VBA macros that deploy malware via DLL files, with payload delivery seemingly controlled based on a target's location and system profile. The campaign, which began preparation in mid-2024 and became active by late 2024, appears to be an evolution of previous Ghostwriter operations, combining disinformation with cyberattacks to further political and military objectives. The research can be found here: Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are joined by Tom Hegel, Principal Threat Researcher from SentinelLabs research team, to discuss their work on "Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition." The latest Ghostwriter campaign, linked to Belarusian government espionage, is actively targeting Ukrainian military and government entities as well as Belarusian opposition activists using weaponized Excel documents. SentinelLabs identified new malware variants and tactics, including obfuscated VBA macros that deploy malware via DLL files, with payload delivery seemingly controlled based on a target's location and system profile. The campaign, which began preparation in mid-2024 and became active by late 2024, appears to be an evolution of previous Ghostwriter operations, combining disinformation with cyberattacks to further political and military objectives. The research can be found here: Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition Learn more about your ad choices. Visit megaphone.fm/adchoices
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Python Bot Delivered Through DLL Side-Loading A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Side-Loading/31778 Tomcat RCE Correction To exploit the Tomcat RCE I mentioned yesterday, two non-default configuration options must be selected by the victim. https://x.com/dkx02668274/status/1901893656316969308 SAML Roulette: The Hacker Always Wins This Portswigger blog explains in detail how to exploit the ruby-saml vulnerablity against GitLab. https://portswigger.net/research/saml-roulette-the-hacker-always-wins Windows Shortcut Zero Day Exploit Attackers are currently taking advantage of an unpatched vulnerability in how Windows displays Shortcut (.lnk file) details. Trendmicro explains how the attack works and provides PoC code. Microsoft is not planning to fix this issue https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html
L'Année 2024 a-t-elle été une bonne année en terme de films , séries et jeux vidéo ? Dans cet épisode on donne nos top/flop de l'année 2023 avec Arnaud, Marc, Mateodesmallville et Young. N'hésitez pas à donner votre avis, donner des conseils qui pourrait améliorer l'émission. Merci par avance. Crédit musical : SATY.DLL @SuperPiaule-8bits Projet musical de SATY.DLL : https://open.spotify.com/artist/2NJzBI8e5wSSdWJuu7EMl4?si=8L0nkeC_TuyFthtmtA9_6A
Podcast co-hosts Kelli Nienaber and Will Tefft are joined by Shannon Stangl of DLL to discuss the current and future outlook for the office and workplace segment of the industry. Listen in to learn more about this space including emerging technologies and increased interest in sustainability trends and how equipment can be fit for the future.
Podcast co-hosts Kelli Nienaber and Will Tefft are joined by Shannon Stangl of DLL to discuss the current and future outlook for the office and workplace segment of the industry. Listen in to learn more about this space including emerging technologies and increased interest in sustainability trends and how equipment can be fit for the future.
A short episode this week, featuring Keyhole which abuses a logic bug in Windows Store DRM, an OAuth flow issue, and a CSRF protection bypass. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/265.html [00:00:00] Introduction [00:00:16] Attacking Hypervisors From KVM to Mobile Security Platforms [00:02:30] Keyhole [00:10:12] Drilling the redirect_uri in OAuth [00:18:00] Cross-Site POST Requests Without a Content-Type Header [00:24:03] New AMSI Bypss Technique Modifying CLR.DLL in Memory Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
Dr. Ryan Augustin and Dr. Jason Luke discuss neoadjuvant immunotherapy and the importance of multidisciplinary team coordination, promising new TIL therapy for advanced melanoma, and the emerging role of CD3 engagers in treatment strategies. TRANSCRIPT Dr. Ryan Augustin: Hello, I'm Dr. Ryan Augustin, your guest host of the ASCO Daily News Podcast today. I'm a medical oncology fellow at Mayo Clinic in Rochester, Minnesota. Joining me today is Dr. Jason Luke, an associate professor of medicine and the director of the Cancer Immunotherapeutic Center at the University of Pittsburgh Hillman Cancer Center. I had the privilege of working as a postdoc in Jason's translational bioinformatics lab, where we investigated mechanisms of resistance to immunotherapy in melanoma and other cancers. Today, we'll be discussing 3 important topics, including neoadjuvant immunotherapy and the importance of multidisciplinary team coordination, the impact and practical considerations for incorporating TIL therapy into melanoma, and the current and future use of CD3 engagers in both uveal and cutaneous melanoma. You'll find our full disclosures in the transcript of this episode. Jason, it's great to have this opportunity to speak with you today. Dr. Jason Luke: Absolutely. Thanks, Ryan. It's great to see you. Dr. Ryan Augustin: So, to kick things off, Jason, we, of course, have seen tremendous advances in cancer immunotherapy, not only in metastatic disease but also the perioperative setting. Recent data have shown that the use of neoadjuvant therapy can provide not only critical prognostic information but can also help individualize post-resection treatment strategies and potentially even eliminate adjuvant therapy altogether in patients who achieve a pathologic, complete response. This signifies a conceptual shift in oncology with the goal of curing patients with immunotherapy. In triple-negative breast cancer, the KEYNOTE-522 regimen with pembrolizumab is standard of care. In non-small cell lung cancer, there are now four FDA approved chemo-IO regimens in both the neoadjuvant and perioperative settings. And, of course, in melanoma, starting with SWOG S1801 utilizing pembro mono therapy, and now with combined CTLA-4 PD-1 blockade based on results from the NADINA trial, neoadjuvant IO is the new standard of care in high-risk, resectable melanoma. It's important to highlight this because whereas other tumor types have more mature multidisciplinary care, for example, patients with breast cancer are reviewed by the whole team in every center, and every patient with lung cancer certainly benefits from multidisciplinary care conferences, that's not always the case with melanoma, given the relative frequency of cases compared to other tumor types. Jason, would you say that we have now moved into an era where the integration of a multidisciplinary team and melanoma needs to be prioritized. And why is it important to have multidisciplinary team coordination from the onset of a patient's diagnosis? Dr. Jason Luke: Well, I think those are great questions, Ryan, and I think they really speak to the movement in our field and the great success that we've had integrating systemic therapy, particularly immunotherapy, into our treatment paradigms. And so, before answering your question directly, I would add even a little bit more color, which is to note that over the last few years, we've additionally seen the development of adjuvant therapy into stages of melanoma that, historically speaking, were considered low-risk, and medical oncologists might not even see the patient. To that, I'm speaking specifically about the stage 2B and 2C approvals for adjuvant anti-PD-1 with pembrolizumab or nivolumab. So this has been an emerging complication. Classically, patients are diagnosed with melanoma by either their primary care doctor or a dermatologist. Again, classically, the next step was referral to a surgeon who had removed the primary lesion, with discussion around nodal evaluation as well. And that paradigm has really changed now, where I think integration of medical oncology input early on in the evaluation of the appropriate treatment plan for patients with melanoma is quite a pressing issue now, both because we have FDA approvals for therapeutics that can reduce risk of recurrence, and whether or not to pursue those makes a big difference to the patient for discussion early on. And, moreover, the use of systemic therapies now, prior to surgery, of course, then, of course, requires the involvement of medical oncology. And just for an emphasis point on this, it's classically the case, for good reason, that surgeons complete their surgery and then feel confident to tell the patient, “Well, we got it all, and you're just in really good shape.” And while I understand where that's coming from, that often leaves aside the risk of recurrence. So you can have the most perfect surgery in the world and yet still be at very high risk of recurrence. And so it's commonly the case that we get patients referred to us after surgery who think they're just in totally good shape, quite surprised to find out that, in fact, they might have a 20% to 50% risk of recurrence. And so that's where this multidisciplinary integration for patient management really does make a big difference. And so I would really emphasize the point you were making before, which is that we need multidisciplinary teams of med onc with derm, with surgery early on, to discuss “What are the treatment plans going to be for patients?” And that's true for neoadjuvant therapy, so, for palpable stage 3, where we might give checkpoint inhibitors or combinations before surgery. But it's true even in any reasonably high-risk melanoma, and I would argue in that state, anything more than stage 1 should be discussed as a group, because that communication strategy with the patient is so important from first principles, so that they have an expectation of what it's going to look like as they are followed out over time. And so we're emphasizing this point because I think it's mostly the case at most hospitals that there isn't a cutaneous oncology disease management meeting, and I think there needs to be. It's important to point out that usually the surgeons that do this kind of surgery are actually either the GI surgeons who do colon cancer or the breast surgeons. And so, given that melanoma, it's not the most common kind of cancer, it could easily be integrated into the existing disease review groups to review these cases. And I think that's the point we really want to emphasize now. I think we're not going to belabor the data so much, but there are enormous advantages to either perioperative or adjuvant systemic therapy in melanoma. We're talking about risk reduction of more than 50%, 50-75% risk reduction. It's essential that we make sure we optimally offer that to patients. And, of course, patients will choose what they think is best for their care. But we need to message to them in a way that they can understand what the risks and benefits of those treatments are and then are well set up to understand what that treatment might look like and what their expectations would be out over time. So I think this is a great art of medicine place to start. Instead of belaboring just the details of the trial to say, let's think about how we take care of our patients and how we communicate with them on first principles so that we can make the most out of the treatments that we do have available. Dr. Ryan Augustin: That's great, Jason. Very insightful points. Thank you. So, shifting gears now, I'd also like to ask you a little bit about TIL therapy in melanoma. So our listeners will be aware that TIL is a promising new approach for treating advanced melanoma and leverages the power of a patient's cytotoxic T cells to attack cancer cells. While we've known about the potential of this therapy for some time, based on pioneering work at the NCI, this therapy is now FDA approved under the brand AMTAGVI (Lifileucel) from Iovance Biotherapeutics, making it the first cellular therapy to be approved for a solid tumor. Now, I know TIL therapy has been administered at your institution, Jason, for several years now, under trial status primarily for uveal melanoma using an in-house processing. But for many cancer centers, the only experience with cellular therapy has come under the domain of malignant hematology with CAR T administration. At our institution, for example, we have only recently started administering TIL therapy for melanoma, which has required a tremendous multidisciplinary effort among outpatient oncology, critical care, and an inpatient hematology service that has expertise in cytokine release syndrome. Jason, where do you see TIL therapy fitting into the metastatic space? Which patients do you think are truly candidates for this intensive therapy? And what other practical or logistical considerations do you think we should keep in mind moving forward? Dr. Jason Luke: Well, thanks for raising this. I think the approval of lifileucel, which is the scientific name for the TIL product that's on the market now. It really is a shift, a landscape shift in oncology, and we're starting in melanoma again, as seems to be commonly the case in drug development. But it's really important to understand that this is a conceptually different kind of treatment, and therefore, it does require different considerations. Starting first with data and then actualization, maybe secondarily, when we see across the accelerated approval package that led to this being available, we quote patients that the response rate is likely in the range of 30%, maybe slightly lower than that, but a meaningful 25% to 30% response rate, and that most of those patients that do have response, it seems to be quite durable, meaning patients have been followed up to four years, and almost all the responders are still in response. And that's a really powerful thing to be able to tell a patient, particularly if the patient has already proceeded through multiple lines of prior standard therapy. So this is a very, very promising therapy. Now, it is a complicated therapy as well. And so you highlighted that to do this, you have to have a tumor that's amenable for resection, a multidisciplinary team that has done a surgery to remove the tumor, sent it off to the company. They then need to process the TIL out of the tumor and then build them up into a personalized cell product, bring it back, you have to lympho-deplete the patient, re-introduce this TIL. So this is a process that, in the standard of care setting under best circumstances, takes roughly six weeks. So how to get that done in a timely fashion, I think, is evolving within our paradigms. But I think it is very important for people who practice in settings where this isn't already available to realize that referring patients for this should be a strong consideration. And thinking about how you could build your multidisciplinary team in a way to be able to facilitate this process, I think is going to be important, because this concept of TIL is relevant to other solid tumors as well. It's not approved yet in others, but we kind of assume eventually it probably will be. And so I think, thinking through this, how could it work, how do you refer patients is very important. Now, coming back to the science, who should we treat with this? Well, of course, it's now an air quotes “standard of care option”, so really it ought to be available to anybody. I will note that currently, the capacity across the country to make these products is not really adequate to treat all the patients that we'd want. But who would we optimally want to treat, of course, would be people who have retained a good performance status after first line therapy, people who have tumors that are easily removable and who have not manifested a really rapid disease progression course, because then, of course, that six-week timeline probably doesn't make sense. The other really interesting data point out of the clinical trials so far is it has looked like the patients who got the least amount of benefit from anti-PD-1 immunotherapy, in other words, who progressed immediately without any kind of sustained response, those patients seem to have the best response to TILs, and that's actually sort of a great biomarker. So, this drug works the best for the population of patients where checkpoint inhibitors were not effective. And so as you think about who those patients might be in your practice, as you're listening, I think prioritizing it for primary progression on anti PD-1, again and giving it ahead thought about how would you get the patient through this process or referred to this process very quickly is really important because that lag time is a problem. Patients who have melanoma tend to progress reasonably quickly, and six weeks can be a long time in melanoma land. So, thinking ahead and building those processes is going to be important moving into the future Dr. Ryan Augustin: Definitely appreciate those practical considerations. Jason, thank you. Moving on to our final topic, I was hoping to discuss the use of immune cell engagers in melanoma. So, similar to CAR T therapy, bispecific T-cell engagers, or BiTEs, as they're commonly known, are standard of care in refractory myeloma and lymphoma. But these antibodies engaging CD-3 on T cells and a tumor specific antigen on cancer cells are relatively new in the solid tumor space. Tarlatamab, which is a DLL-3 and CD-3 bispecific antibody, was recently approved in refractory small cell lung cancer, and, of course, tebentafusp, an HLA-directed CD-3 T cell engager was approved in uveal melanoma in 2022. Both T and NK cell engaging therapies are now offering hope in cancers where there has historically been little to offer. However, similar to our discussion with TIL therapy, bispecifics can lead to CRS and neurotoxicity, which require considerable logistical support and care coordination. Jason, I was wondering if you could briefly discuss the current landscape of immune cell engagers in melanoma and how soon we may see these therapies enter the treatment paradigm for cutaneous disease. Dr. Jason Luke: I think it is an exciting, novel treatment strategy that I think we will only see emerge more and more. You alluded to the approval of tebentafusp in uveal melanoma, and those trials were, over the course of a decade, where those of us in solid tumor land learned how to manage cytokine release syndrome or the impact of these C3 bispecifics, in a way that we weren't used to. And what I'll caution people is that CRS, as this term, it sounds very scary because people have heard of patients that, of course, had difficult outcomes and hematological malignancies, but it's a spectrum of side effects. And so, when we think about tebentafusp, which is the approved molecule, really what we see is a lot of rash because GP100, the other tumor antigen target, is in the skin. So, patients get a rash, and then people do get fevers, but it's pretty rare to get more than that. So really what you have to have is the capacity to monitor patients for 12 hours, but it's really not more scary than that. So it really just requires treating a few people to kind of get used to these kinds of symptoms, because they're not the full-on ICU level CRS that we see with, say, CAR T-cells. But where is the field going? Well, there's a second CD3 bispecific called brenetafusp that targets the molecule PRAME, that's in a phase 3 clinical trial now for frontline cutaneous melanoma. And tebentafusp is also being evaluated in cutaneous melanoma for refractory disease. So, it's very possible that these could be very commonly used for cutaneous melanoma, moving into, say, a two-to-four-year time horizon. And so therefore, getting used to what are these side effects, how do you manage them in an ambulatory practice for solid tumor, etc., is going to be something everyone's going to have to learn how to deal with, but I don't think it should be something that people should be afraid of. One thing that we've seen with these molecules so far is that their kinetics of treatment effect do look slightly different than what we see with more classic oncology therapies. These drugs have a long-term benefit but doesn't always manifest as disease regression. So, we commonly see patients will have stable disease, meaning their tumor stops growing, but we don't see that it shrank a lot, but that can turn into a very meaningful long-term benefit. So that's something that we're also, as a community, going to have to get used to. It may not be the case we see tumors shrink dramatically upfront, but rather we can actually follow people with good quality- of-life over a longer period of time. Where is the field going? You mentioned tarlatamab in small cell lung cancer, and I think we're only going to see more of these as appropriate tumor antigens are identified in different tumors. And then the other piece is these CD3 engagers generally rely upon some kind of engagement with a T cell, whether CD3 engagers, and so they can be TCR or T-cell receptor-based therapies, although they can be also SCFV-based. But that then requires new biomarkers, because TCR therapy requires HLA restriction. So, understanding that now we're going to need to profile patients based on their germline in addition to the genomics of the tumor. And those two things are separate. But I would argue at this point, basically everybody with cutaneous melanoma should be being profiled for HLA-A(*)0201, which is the major T-cell receptor HLA haplotype that we would be looking for, because whether or not you can get access immediately to tebentafusp, but therefore clinical trials will become more and more important. Finally, in that T-cell receptor vein, there are also T cell receptor-transduced T cells, which are also becoming of relevance in the oncology community and people listening will be aware in synovial sarcoma of the first approval for a TCR-transduced T cell with afamitresgene autoleucel. And in melanoma, we similarly have TCR-transduced T cells that are coming forward in clinical trials into phase 3, the IMA203 PRAME-directed molecule particularly. And leveraging our prior conversation about TILs, we're going to have more and more cellular based therapies coming forward, which is going to make it important to understand what are the biomarkers that go with those, what are the side effect profiles of these, and how do you build your practice in a way that you can optimally get your patients access to all of these different treatments, because it will become more logistically complicated, kind of as more of these therapies come online over the next, like we said, two to four years kind of time horizon. So, it's very exciting, but there is more to do, both logistically and scientifically. Dr. Ryan Augustin: That's excellent. Thanks, Jason, and thank you so much for sharing your great insight with us today on the ASCO Daily News Podcast. Dr. Jason Luke: Thanks so much for the opportunity. Dr. Ryan Augustin: And thank you to our listeners for your time today. You will find links to the abstracts discussed today in the transcript of this episode, and you can follow Dr. Luke on X, formerly known as Twitter, @jasonlukemd. And you can find me, @RyanAugustinMD. Finally, if you value the insights that you hear on the ASCO Daily News Podcast, please take a moment to rate, review, and subscribe wherever you get your podcasts. Disclaimer: The purpose of this podcast is to educate and to inform. This is not a substitute for professional medical care and is not intended for use in the diagnosis or treatment of individual conditions. Guests on this podcast express their own opinions, experience, and conclusions. Guest statements on the podcast do not express the opinions of ASCO. The mention of any product, service, organization, activity, or therapy should not be construed as an ASCO endorsement. Follow today's speakers: @ryanaugustinmd Dr. Jason Luke @jasonlukemd Follow ASCO on social media: @ASCO on Twitter ASCO on Facebook ASCO on LinkedIn Disclosures: Dr. Ryan Augustin: No relationships to disclose Dr. Jason Luke: Stock and Other Ownership Interests: Actym Therapeutics, Mavu Pharmaceutical, Pyxis, Alphamab Oncology, Tempest Therapeutics, Kanaph Therapeutics, Onc.AI, Arch Oncology, Stipe, NeoTX Consulting or Advisory Role: Bristol-Myers Squibb, Merck, EMD Serono, Novartis, 7 Hills Pharma, Janssen, Reflexion Medical, Tempest Therapeutics, Alphamab Oncology, Spring Bank, Abbvie, Astellas Pharma, Bayer, Incyte, Mersana, Partner Therapeutics, Synlogic, Eisai, Werewolf, Ribon Therapeutics, Checkmate Pharmaceuticals, CStone Pharmaceuticals, Nektar, Regeneron, Rubius, Tesaro, Xilio, Xencor, Alnylam, Crown Bioscience, Flame Biosciences, Genentech, Kadmon, KSQ Therapeutics, Immunocore, Inzen, Pfizer, Silicon Therapeutics, TRex Bio, Bright Peak, Onc.AI, STipe, Codiak Biosciences, Day One Therapeutics, Endeavor, Gilead Sciences, Hotspot Therapeutics, SERVIER, STINGthera, Synthekine Research Funding (Inst.): Merck , Bristol-Myers Squibb, Incyte, Corvus Pharmaceuticals, Abbvie, Macrogenics, Xencor, Array BioPharma, Agios, Astellas Pharma , EMD Serono, Immatics, Kadmon, Moderna Therapeutics, Nektar, Spring bank, Trishula, KAHR Medical, Fstar, Genmab, Ikena Oncology, Numab, Replimmune, Rubius Therapeutics, Synlogic, Takeda, Tizona Therapeutics, Inc., BioNTech AG, Scholar Rock, Next Cure Patents, Royalties, Other Intellectual Property: Serial #15/612,657 (Cancer Immunotherapy), and Serial #PCT/US18/36052 (Microbiome Biomarkers for Anti-PD-1/PD-L1 Responsiveness: Diagnostic, Prognostic and Therapeutic Uses Thereof) Travel, Accommodations, Expenses: Bristol-Myers Squibb, Array BioPharma, EMD Serono, Janssen, Merck, Novartis, Reflexion Medical, Mersana, Pyxis, Xilio
Video Episode: https://youtu.be/lEaBTx6FvCI In today’s episode, we dive into the alarming rise of Linux malware “perfctl,” which has stealthily targeted millions of servers for cryptomining over the past three years. We discuss the critical CVE-2024-29824 vulnerability in Ivanti Endpoint Manager, exploited for unauthorized SQL injection, and the ongoing threats posed by the North Korean APT group Stonefly, known for their intricate cybercrime tactics. Additionally, we explore the disturbing trend of cybercriminals leveraging compromised cloud credentials to operate sexualized AI chat bots, highlighting the urgent need for improved security practices. Sources: 1. https://www.bleepingcomputer.com/news/security/linux-malware-perfctl-behind-years-long-cryptomining-campaign/ 2. https://www.helpnetsecurity.com/2024/10/03/cve-2024-29824/ 3. https://www.helpnetsecurity.com/2024/10/03/private-us-companies-targeted-by-stonefly-apt/ 4. https://krebsonsecurity.com/2024/10/a-single-cloud-compromise-can-feed-an-army-of-ai-sex-bots/ Timestamps 00:00 – Introduction 01:06 – AI powered s3x bots 03:13 – Ivanti SQL Injection 04:08 – Perfectl Linux Malware 05:33 – APT45 StoneFly Attacks US companies 1. What are today’s top cybersecurity news stories? 2. What is the Linux malware “perfctl” and how does it work? 3. How is the Ivanti Endpoint Manager flaw (CVE-2024-29824) being exploited? 4. What activities are linked to the Stonefly APT group targeting US companies? 5. How are stolen cloud credentials being used for AI-powered sex chat services? 6. What vulnerabilities does CVE-2024-29824 address and why is it critical? 7. What measures can organizations take to detect the “perfctl” malware? 8. What are the implications of the Stonefly APT’s recent attacks on private companies? 9. How did researchers demonstrate the abuse of AWS Bedrock for illegal activities? 10. What security best practices can prevent cloud credential theft and misuse? perfctl, Linux, Monero, vulnerabilities, Ivanti, SQL injection, cybersecurity, remediation, Stonefly, cyberattacks, Preft, malware, cloud credentials, AI-powered, child sexual exploitation, cybercriminals, # Intro In a shocking revelation, a stealthy Linux malware named “perfctl” has been exploiting server vulnerabilities for over three years, using advanced evasion techniques to secretly mine Monero cryptocurrency on countless systems worldwide. This elusive threat not only disrupts normal operations by maxing out CPU usage but also deftly vanishes when users log in, making detection extremely difficult for many administrators. How do adversaries exploit vulnerabilities to gain initial access to systems with the perfctl malware? Hackers are actively exploiting a critical SQL injection flaw in Ivanti Endpoint Manager, prompting US federal agencies to rush and remediate the threat by October 23, 2024. Despite Ivanti’s urgent patches, details of the attacks remain sparse, spotlighting the pressing need for effective cybersecurity measures. Why does this particular vulnerability pose such a significant risk compared to others? North Korean APT group Stonefly, undeterred by legal indictments, is intensifying its financially-motivated cyberattacks on US companies, leveraging a unique arsenal of malware and tools. Despite failed ransomware attempts, their distinctive Preft backdoor confirms their tenacity in pursuing targets with no direct intelligence value. Why has Stonefly shifted their focus from espionage to financially-driven cybercrime in recent years? A staggering rise in stolen cloud credentials is fueling an underground market of AI-powered sex chat services, with cybercriminals bypassing content filters for disturbing role-plays involving child sexual exploitation. As security researchers lay bare the chilling implications of compromised AI infrastructure, the industry scrambles for solutions to thwart this escalating threat. **Question:** How are cybercriminals leveraging stolen cloud credentials to evade content restrictions on AI, and what are the financial and ethical implications for the victims? # Stories In this episode, we discuss a recent discovery by Aqua Nautilus researchers of the Linux malware “perfctl,” which has been running a covert cryptomining campaign for over three years. This malware has targeted potentially millions of Linux servers, using advanced evasion techniques and rootkits to remain largely undetected. Perfctl primarily uses compromised servers to mine the Monero cryptocurrency, exploiting misconfigurations and vulnerabilities, such as CVE-2023-33246 in Apache RocketMQ and CVE-2021-4034 in Polkit, for initial access. It operates stealthily, disguising processes and using TOR for encrypted communications. The malware also deploys proxy-jacking software for additional revenue streams. System administrators often notice infections due to 100% CPU usage, though perfctl halts its activities as soon as the user logs in. Due to its evasive and persistent nature, typical removal methods are ineffective, with a full system wipe and reinstall recommended to ensure complete removal. Aqua Nautilus suggests monitoring system directories, CPU usage, and network traffic, alongside patching known vulnerabilities, to detect and prevent perfctl infections. Certainly! Here's a list of ten important terms and nouns from the article, each followed by a brief definition particularly related to cybersecurity: 1. **Linux**: An open-source operating system known for its robust security features and wide use in servers and workstations. In cybersecurity, it’s crucial as many servers run on Linux, making them targets for attacks like the mentioned malware. 2. **Malware**: Malicious software designed to infiltrate, damage, or disable computers and networks. It is important because it can weaponize for financial gain, as in cryptomining without consent. 3. **Cryptomining**: The process of validating cryptocurrency transactions and adding them to the blockchain ledger, in this context, unauthorized use of others’ computer resources to generate cryptocurrency like Monero. 4. **Rootkit**: A set of software tools that enable unauthorized users to gain control of a system without being detected. Rootkits are important in malware because they allow it to remain hidden and maintain persistent access. 5. **CVE (Common Vulnerabilities and Exposures)**: A list of publicly disclosed cybersecurity vulnerabilities. CVEs are critical for understanding and mitigating known vulnerabilities that attackers might exploit as seen with CVE-2023-33246 and CVE-2021-4034. 6. **Monero**: A cryptocurrency known for its privacy features, making transactions challenging to trace. Important in cyber threats like cryptomining, as attackers use infected systems to mine Monero for profit. 7. **TOR**: Short for The Onion Router, a decentralized network to anonymize internet traffic through encryption and relay techniques. It is crucial for maintaining anonymity in cyber operations, as noted in the malware’s communication method. 8. **Userland rootkits**: Types of rootkits that operate in the user space and manipulate user-level applications to evade detection, demonstrating advanced techniques for obscuring malicious activities and maintaining control. 9. **Apache RocketMQ**: An open-source messaging server often used in enterprise environments. Its mention highlights how vulnerabilities in widely used software such as CVE-2023-33246 can be critical entry points for attacks. 10. **Indicators of Compromise (IoC)**: Forensic evidence of potential intrusion or malware activity within a network or system. Recognizing IoCs is essential for detecting and responding to security breaches like those associated with perfctl. This list encompasses important cybersecurity concepts relevant to understanding and contextualizing threats, detection, and protection mechanisms discussed in the article. — On today’s podcast, we’re discussing a critical security flaw in Ivanti Endpoint Manager, known as CVE-2024-29824. This unauthenticated SQL Injection vulnerability is actively being exploited, prompting the Cybersecurity and Infrastructure Security Agency to add it to their Known Exploited Vulnerabilities catalog. Ivanti has acknowledged that a limited number of their customers have been impacted. This flaw, part of a group of ten similar vulnerabilities, affects versions prior to Ivanti EPM 2022 SU5 and could allow attackers to execute code within the service account. Researchers have published detailed technical information and proof-of-concept exploits for this vulnerability. To address the issue, Ivanti released a patch involving the replacement of critical DLL files and a server restart. Federally, US agencies are mandated to remediate this vulnerability by October 23, 2024. Ivanti has urged all users to ensure their systems are up to date with the latest patch. Stay informed and make sure your systems are protected. Certainly! Here’s a list of the top 10 most important nouns and technical terms from the article, along with their definitions and relevance to cybersecurity: 1. **CVE-2024-29824** *Definition:* A Common Vulnerabilities and Exposures (CVE) identifier assigned to an unauthenticated SQL Injection vulnerability found in Ivanti Endpoint Manager (EPM) appliances. *Importance:* This vulnerability is critical because it allows attackers to execute arbitrary code, potentially leading to unauthorized access or data manipulation in affected systems. 2. **Ivanti Endpoint Manager (EPM)** *Definition:* A management tool used to automate and control IT systems, providing capabilities such as hardware and software management, asset discovery, and endpoint security. *Importance:* EPM’s widespread deployment in various organizations makes security flaws within it particularly concerning, as they can affect numerous systems. 3. **SQL Injection** *Definition:* A type of security vulnerability that allows an attacker to interfere with the queries an application makes to its database by injecting malicious SQL code. *Importance:* SQL injection vulnerabilities can lead to data breaches, unauthorized data access, and full system compromise, making them a high priority in security. 4. **Cybersecurity and Infrastructure Security Agency (CISA)** *Definition:* A U.S. federal agency responsible for enhancing the security, resilience, and reliability of the nation’s cybersecurity infrastructure. *Importance:* CISA’s involvement indicates the severity of a vulnerability, guiding organizations on critical security measures to implement. 5. **Security Advisory** *Definition:* An official notification providing details about a vulnerability, including its impact, affected systems, and measures for remediation. *Importance:* Security advisories are crucial for informing organizations and the public about vulnerabilities and recommended actions to mitigate security risks. 6. **Zero Day Initiative (ZDI)** *Definition:* A program that focuses on finding and reporting zero-day vulnerabilities to affected vendors for remediation before they can be exploited by attackers. *Importance:* ZDI’s work helps in identifying and patching vulnerabilities before they are widely exploited, enhancing overall cybersecurity posture. 7. **Proof of Concept (PoC)** *Definition:* A demonstration that shows how a vulnerability can be exploited to achieve harmful results, often used to prove the existence and impact of a security flaw. *Importance:* PoCs help in understanding the practical implications of vulnerabilities and in developing appropriate fixes or mitigation strategies. 8. **KEV Catalog** *Definition:* The Known Exploited Vulnerabilities (KEV) catalog is a list maintained by CISA of vulnerabilities that have been actively exploited in the wild. *Importance:* Inclusion in the KEV catalog underscores the critical nature of a vulnerability, signaling to organizations the urgency in applying patches. 9. **DLL Files** *Definition:* Dynamic-link library (DLL) files are collections of small programs used by larger programs to perform specific tasks, often shared among different applications. *Importance:* Replacing vulnerable DLL files is a method of patching software to fix security vulnerabilities like those described in the article. 10. **IISRESET** *Definition:* A command-line utility used to restart Internet Information Services (IIS), the web server software used by Windows servers. *Importance:* Restarting services using IISRESET ensures that any patched or updated files are loaded into memory, completing the remediation process for vulnerabilities. — In this episode, we delve into Stonefly APT, a North Korean cyber-threat group, also known as APT45. Despite previous indictments, Stonefly continues to target US companies. Linked to North Korea’s military intelligence, the group uses a mix of modified and custom malware for espionage and financially-motivated attacks, having been active since 2009. Recent attacks in August 2024 against US companies, using tools like Preft and Nukebot, highlight their ongoing efforts, likely for financial gain. Experts suggest these actions may fund other state priorities, underscoring the persistent cyber threat posed by Stonefly. 1. **Stonefly (APT45):** A North Korean Advanced Persistent Threat (APT) group also known as Andariel and OnyxFleet, linked to military intelligence. It is significant due to its involvement in cyber espionage and financially-motivated cybercrime targeting US companies. 2. **Reconnaissance General Bureau (RGB):** North Korean military intelligence agency associated with directing cyber operations. Important for understanding the state-backed nature of certain threat groups like Stonefly. 3. **APT (Advanced Persistent Threat):** A prolonged and targeted cyberattack where an unauthorized user gains access to a network and remains undetected for an extended period. Key in cybersecurity since it highlights the sophisticated nature of cyber threats. 4. **3PROXY:** A publicly available proxy server software used for network connections. Important as a tool often exploited by cyber-attacks for masking and redirecting traffic. 5. **Malware:** Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems. Critical in cybersecurity as it encompasses various attack methods utilized by threat actors. 6. **Preft (backdoor):** A custom persistent backdoor linked specifically to Stonefly, allowing unauthorized access into a computer system. Its recognition aids in the identification and attribution of attacks to specific groups. 7. **Ransomware:** A type of malware that encrypts the victim’s files and demands a ransom for the decryption key. Vital due to its financial impact and prevalence in cybercrime. 8. **Keyloggers:** Software or devices designed to record keystrokes on a computer, often covertly. Their detection is crucial as they are commonly used for information theft. 9. **Mimikatz:** A publicly available security tool often misused to extract password data from Windows systems. Its relevance in cybersecurity lies in its frequent misuse for credential theft. 10. **Indicators of Compromise (IoCs):** Artifacts or forensic data that indicate potential intrusion or malicious activity in a network. Essential for threat detection and response in cybersecurity. — In a recent report, cybersecurity experts from Permiso Security have uncovered a troubling trend where cybercriminals exploit stolen cloud credentials to operate AI-powered sex bots. These bots, which are bypassing content filters through custom jailbreaks, often delve into dangerous and illegal role-playing scenarios involving child sexual exploitation and rape. The attacks primarily target large language models (LLMs) hosted on platforms like Amazon's Bedrock. Permiso's investigation revealed that attackers quickly commandeer exposed credentials to fuel AI chat services, racking up unauthorized usage costs for cloud account owners. Platforms like “Chub[.]ai” are suspected of leveraging this method to offer chats with AI characters engaging in controversial and explicit scenarios. Chub claims to bypass content restrictions for a small monthly fee, fueling a broader uncensored AI economy. AWS has responded by tightening security measures, but concerns persist around the potential misuse of AI technologies. The situation highlights the necessity for organizations to protect access keys and to consider enabling logging features to detect unusual activities, despite the additional costs involved. Anthropic, a provider of LLMs to Bedrock, continues to enhance safeguards against such abuses. 1. **Cloud Credentials** **Definition:** Authentication information required to access cloud computing services. **Importance:** Stolen cloud credentials allow cybercriminals unauthorized access to a victim’s cloud resources, which can be exploited for malicious activities such as operating unauthorized services or reselling access clandestinely. 2. **Generative Artificial Intelligence (AI)** **Definition:** AI systems capable of generating text, images, or other media in response to prompts by leveraging large datasets and complex algorithms. **Importance:** These systems can be misused to create harmful or illegal content, as evidenced by their exploitation in unauthorized sex chat services, highlighting the need for robust ethical and security safeguards. 3. **Large Language Models (LLMs)** **Definition:** Advanced AI systems that process and generate human-like text by analyzing vast amounts of language data. **Importance:** LLMs can be manipulated by bad actors to bypass restrictions and produce inappropriate or illegal content, underscoring the risks of inadequate security measures. 4. **Jailbreak (in AI context)** **Definition:** Techniques used to bypass or disable restrictions set within AI systems, allowing them to produce content or perform actions usually forbidden. **Importance:** Jailbreaking enables cybercriminals to exploit AI platforms for illicit purposes, making the development of resilient models a key priority for AI security. 5. **Amazon Web Services (AWS) Bedrock** **Definition:** A cloud-based platform by AWS that provides foundational tools and services for building and deploying generative AI models. **Importance:** Its compromise can lead to significant unauthorized usage and financial liabilities for the account holder, as demonstrated by the unauthorized use in illicit AI chat services. 6. **Prompt Logging** **Definition:** The process of recording and monitoring the prompts given to AI models and the responses they generate. **Importance:** Enables transparency and security oversight, allowing organizations to detect and mitigate misuse of AI resources effectively. 7. **Chub AI** **Definition:** A platform offering AI chat bot characters, including those with explicit and controversial themes. **Importance:** Exemplifies the challenge of regulating AI-powered services to prevent the exploitation and dissemination of harmful content. 8. **NSFL (Not Safe for Life)** **Definition:** A categorization used to describe content that is extraordinarily disturbing or offensive. **Importance:** Highlights the potential for AI-driven services to generate deeply objectionable material, raising ethical and legal concerns. 9. **GuardDuty** **Definition:** An AWS security service that provides monitoring and threat detection for identifying malicious activity and unauthorized behavior. **Importance:** Essential for maintaining cloud security posture and preemptively identifying potential threats, particularly in preventing unwanted exploitation of cloud resources. 10. **Anthropic** **Definition:** An AI safety and research organization focused on developing models with built-in ethical constraints. **Importance:** Plays a critical role in enhancing AI safety to prevent misuse, working towards models resistant to manipulation and fostering industry-wide best practices for secure AI deployment. —
This episode of Paul Security Weekly features John Hammond, a senior security researcher from Huntress, discussing malware analysis. Hammond dives into the analysis of Ocean Lotus attacks, highlighting the use of stealthy techniques like alternate data streams and DLL side-loading. The conversation also touches on the challenges of combating attackers who leverage ‘bring your own vulnerable driver' techniques to gain kernel-level privileges. The hosts discuss the need for secure-by-default configurations and the ongoing struggle to combat attackers who exploit vulnerabilities. The episode concludes with a discussion on how to improve the security of the industry. Segment Resources: https://www.huntress.com/blog/the-hackers-in-the-arena-the-huntress-ctf-retrospective https://www.huntress.com/blog/fake-browser-updates-lead-to-boinc-volunteer-computing-software Automated tank gauges are leaking more than just fuel, while CUPS is serving up a steaming hot brew of vulnerabilities. Meanwhile, Supermicro's BMC firmware is giving away root access like it's going out of style. If you thought your Kia was safe, think again - all it takes is a license plate and 30 seconds to turn your car into a hacker's joyride. China's been busy building a massive IoT botnet called Raptor Train. It's been chugging along undetected for four years. NIST has decided that your password doesn't need to be a cryptographic masterpiece anymore. No more special characters or arbitrary changes - just make it long and don't use "password123". A Texas hospital is playing a game of "hot potato" with ambulances thanks to a ransomware attack. More thoughts on known exploited vulnerabilities, firmware unpacking tools lowdown, Aruba, Bahama, come-on command injection, and kids changing the name of their school! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-845
Download Episode 992 – The one and only Grant “Stemage” Henry joins this episode for some huge Ball Squad news and more!The show kicks off with Jacob Garner, Bri Galgano, Aki, and Grant Henry all on hand to chat about how we’ve been and what kind of crazy stuff Grant has been up to, like COMPOSING THE SCORE FOR THE AVATAR PINBALL TABLE! We also cover the news of the week like the Xbox Game Pass addition and way too many departures, tons of PS Plus games leaving next month, Embracer info, Splatoon 3 support ending, and Sony remastering yet another last gen game because that’s all they do now. Plus an all new Movie Watch jingle and reviews!0:00 - Intro/Chatter48:29 - Funko Fusion - 10:10 Games (Bri)1:03:07 - DROS - emergeWorlds, RedDeerGames (Bri)1:09:11 - Paper Ghost Stories: Third Eye Open - Cellar Vault Games, Chorus Worldwide (Bri)1:15:51 - The Plucky Squire - All Possible Futures, Devolver Digital (Grant)1:25:46 - MindSeize - Kamina Dimension, Sometimes You (Jacob)1:31:20 - BZZZT - KO.DLL, Cinemax Games (Jacob)1:36:44 - Mika and The Witch’s Mountain - Chibig, Nukefist (Aki)1:44:44 - Andromeda Survivors - DevDumb, Aleo Games, AFIL Games (Jacob)1:49:44 - Moe Waifu H - Yume Game Studio, eastasiasoft (Jacob)The show ends with some Grandia II music from the one and only Stemage!2:01:04 - Stemage - FIGHT! (Grandia II)https://www.stemagemusic.com/https://www.1010games.com/https://emergeworlds.com/https://www.reddeergames.com/https://twitter.com/CellarVaulthttps://chorusworldwide.com/https://allpossiblefutures.com/https://www.devolverdigital.com/https://kaminadimension.itch.io/https://www.sometimesyou.com/https://twitter.com/ko_dllhttps://cinemax.cz/https://chibig.com/https://twitter.com/nukefisthttps://afilgames.com/https://twitter.com/YumeGameStudio1https://eastasiasoft.com/https://stemage.bandcamp.com/https://www.keymailer.co/https://itunes.apple.com/us/podcast/the-sml-podcast/id826998112https://open.spotify.com/show/6KQpzHeLsoyVy6Ln2ebNwKhttps://twitter.com/theSMLpodcast/https://www.facebook.com/theSMLpodcast/https://store.streamelements.com/thesmlpodcastALL REVIEWED GAMES HAVE BEEN PROVIDED FOR FREE FOR THE PURPOSE OF ANY COVERAGE ON THE SHOW
1 Star! Ever since I was just a little boy, I've always loved daddy longlegs! To be clear, I HATE spiders, but love, love, love, me a good DLL (which are opiliones, NOT spiders, yuck!). They are an ancient, non-venomous species who cluster together stay warm - how cute is that??? So imagine my surprise, nay, my shock when I went into the movie theater expecting to see a movie that celebrated Earth's most fascinating creature and instead I see a mystery/horror/thriller starring a "transformative" Nicolas Cage!! I will not be watching Longlegs (2024) again! Also the person sitting next to me kept eating all my popcorn... PS - for a good time call: (458) 666-4355
‘45 Years of Listening' tells the story of the Dublin Lesbian Line – an essential, landmark community-led resource – through a collection of personal reflections from one of the original founders, and current volunteers.Dublin Lesbian Line was founded in 1979 – a time in Ireland when homosexuality was invisible, unmentionable, and profoundly isolating – to provide a way for gay/queer/bi/questioning women to connect, meet, make friends, find a community, or even just to talk anonymously on the phone. In 1979, and in the years that followed, it took enormous courage to pick up that phone and dial. Homophobia, patriarchy/gender roles, and heterosexism were so normalized and taken for granted as ‘the way things should be' that some callers to Dublin Lesbian Line couldn't even get the words out once they had gotten through to the number. Others, like one-time caller and then volunteer, Marina, found it a lifeline — found not only support, but friends and community.Ireland has changed, but many LGBTQ+ people still experience discrimination and hostility. Now, in 2024, 45 years later (and despite its legacy name), Dublin Lesbian Line (DLL) serves the entire country – and all genders. As the current volunteers and organisers point out: “We're not just for Dublin, we're not just a phone line, and we're not just for lesbians.” DLL is a registered charity, and aside from offering a listening ear and advice, DLL acts as a reference point for other services (social, health, advisory), and the team at DLL also organises events and courses for the Lesbian community. In the words of volunteer Val, DLL strives to be an “open embrace”.This programme gives the listener an opportunity to learn about diversity of experience in Ireland and reflect on aspects of Irish society and social history, and explore the work of a grass-roots community-led charity/organisation.Information and support for the issues raised in this programme can be found at Switchboard, LGBTQIA support and resources, on 01 872 1055 or by visiting theswitchboard.ie. Please note: Anyone can call on any day, but Tuesday is a dedicated women's night, 6.30-9pm.'45 Years of Listening' was produced, recorded, and edited by Shaun O'Boyle and Maurice Kelliher, shaunandmaurice.com, and was supported by Coimisiún na Meán.Connect with Dublin Lesbian Line on Facebook: https://www.facebook.com/people/Dublin-Lesbian-Line/100064358546983
In today's episode, we explore how cybercriminals exploited StackOverflow to promote the malicious Python package "pytoileur" aimed at cryptocurrency theft (https://thehackernews.com/2024/05/cybercriminals-abuse-stackoverflow-to.html). We also examine the FBI's takedown of the 911 S5 botnet and its massive impact on online fraud and cybercrime (https://krebsonsecurity.com/2024/05/is-your-computer-part-of-the-largest-botnet-ever/). Lastly, we introduce RansomLord, an open-source anti-ransomware tool that leverages DLL hijacking to block ransomware attacks pre-encryption (https://github.com/malvuln/RansomLord). FBI Botnet: https://www.fbi.gov/investigate/cyber/how-to-identify-and-remove-vpn-applications-that-contain-911-s5-backdoors 00:00 Introduction to Ransomware Defense 01:12 Ransom Lord: A Game Changer 03:55 How to Check for Botnet Infections 06:47 Malicious Python Package Alert 09:19 Conclusion and Final Thoughts Tags: Cybercriminals, Python Package Index, pytoileur, cryptocurrency theft, malicious packages, StackOverflow, open source security, botnet, VPN, YunHe Wang, 911 S5, cybersecurity, RansomLord, exploits, vulnerabilities, ransomware protection Search Phrases: Cybercriminal infiltration of Python Package Index pytoileur malicious package on StackOverflow Cryptocurrency theft using pytoileur How to protect against malicious Python packages Largest botnet disguised as VPN service Arrest of YunHe Wang for cybercrime 911 S5 botnet detection methods Protecting computers from 911 S5 botnet RansomLord tool against ransomware Ransomware vulnerabilities exploited by RansomLord May30 There is a new proof of concept. Open source tool called ransom Lord. attacks, the malware that launches ransomware. In order to defeat it before it can encrypt your files. I'm a little blown away by this one, but we'll get to that in a sec. How can ransom Lord change the game for ransomware defenders? And what tactics does it use to defeat ransomware? The largest botnet ever operating under the guise of free VPN services. Has been dismantled with the arrest of its alleged mastermind for orchestrating cyber crimes, totalling billions of dollars in fraudulent losses. How can you check if your computer is part of the nine 11 s5 botnet and what steps can you take to protect yourself in the future? The Python package index has been infiltrated with a malicious package named PI told earlier. Which has now found to facilitate cryptocurrency theft by leveraging reputable platforms, such as stack overflow. What measures can developers take to protect themselves from being deceived by malicious packages? Like this one. You're listening to the daily decrypt. . Alright. So as defenders, we are constantly thinking about how to defeat ransomware. But I haven't seen much come out other than detection capabilities. So we're still focused on detecting. Indicators of compromise that might lead to ransomware. But just yesterday health net security released an article on an open source. Anti ransomware tool that essentially attacks the ransomware malware Using DLL hijacking. and automates the creation of PE files. Which are used to exploit. Ransomware before it can encrypt your files.. So even the thought of this type of defense makes me so excited. The idea that there can be more than just detecting indicators of compromise for ransomware prevention. When we can actually go in and attack the ransomware itself. And get rid of it before it even has the opportunity to encrypt your files. It's a breath of fresh air. So. This tool, which is free and open source and available on get hub. The link is in the show notes below. Deploys exploits in order to defend the network. Which is a novel strategy for defeating ransomware. It also uses vulnerability intelligence. That maps, threats to vulnerable DLLs. In order to target specific threats that you may believe may target your organization or industry. This tool in its current state has been shown to be effective. To defend against 49 ransomware families, including. Caliente. Loki locker. And many more. It can also target Trojans and info Steelers. The author of this tool writes. I created ransom Lord to demonstrate that ransomware is not invincible. And that it has vulnerabilities and its developers make mistakes and can write bad code, just like anyone else.. And I love this framing of ransomware itself being vulnerable to exploits. Because it's essentially just software on your computer and. It has vulnerabilities of its own.. And even though this is technically just a proof of concept, it is effective against current versions of these ransomware tools, though, the developers of these tools will likely patch. And it'll be a continuous cat and mouse game, but imagine if there was an entire company with thousands of employees. Whose sole purpose was to maintain the software to defeat ransomware strains. Any time a ransomware was successful. They would ship that source code off to this company and that company would analyze it and create the exploits for the vulnerabilities found in that ransomware file. I personally don't have enough time to handle this type of company and start it myself. But if you're listening and you're an entrepreneur in the cybersecurity space, I highly encourage you to get going and seek some investing and figure this company out, make it happen. So there was a giant botnet, potentially one of the biggest botnets of all time named 9 1 1 S five. Botnet. That has been masquerading around as a free VPN service. Well just recently authorities have arrested. And Hey Wang at 35 year old, Chinese national behind this entire botnet. They've also seized the 9 1 1 S five website and its infrastructure. This specific botnet has facilitated billions of dollars in online fraud and cyber crime. To include over 560,000 fraudulent unemployment claims. Causing a $5.9 billion loss. This botnet spanned more than 19 million computers across 190 countries. And. was responsible for enabling cybercriminals to route malicious traffic. Through any of those 19 million computers. Which of course allowed them to remain anonymous while they continued to partake in their cyber criminal activities. This bot net company or. Individual also sold access to compromised PCs. Within the botnet because they. Also provided a free VPN service.. And for those of you who might not know the intricacies of how a VPN works. At a high level, essentially, it's just a pathway or a tunnel. To access a network that you're not physically in. So for example, I have a VPN set up at my house. Anytime I'm out at a coffee shop. I access that VPN. Which essentially gives me access to all the devices in my house. So this bot net. Infected computers through the guise of a free VPN service. Installing and signing up for this free VPN service. Not only put your computer in part of this botnet, but gave. The botnet operators access to your computer. So, how can you check if your computer is infected by this botnet? Well, first of all, have you downloaded any free VPN services? In the last few years, if you can't remember. The FBI. Has created a webpage to help identify compromise systems. Which essentially just gives you steps to check if your computer has been infected such as checking for the running services. Such as mask VPN, do VPN proxy, gate shield, VPN shine, VPN and pallet and VPN. It gives you the step-by-step on how to do that on your own computer. It then gives you the steps you'll need to follow, to remove. The malicious free VPN service. And then also to confirm that that service has been removed. If you. We're compromised by this botnet. Please go check out the link. To the FBI site at the end, they're trying to collect a little bit of data to see what your experience was so that they can help. Detect and prevent this type of thing from happening again. And finally there has been a new malicious Python package. Found in the Python package index. This package is named PI Toya. It looks a little French. P Y T O Y L E U R. And it was designed to facilitate cryptocurrency theft. This package had only 316 downloads before the Python package index removed it. But. The developer of this package quickly uploaded a new version with the identical malicious functionality. So it will continue to go back and forth. And what's interesting about this is that. This package is being promoted by. Users. Across stack overflow. Which is a very popular. Platform where developers turn to get their questions answered. Or to provide tips for other developers to follow. So if you go on there and you are seeking. A specific package that might do something. Another stack overflow user can then suggest this malicious package. And maybe in turn, they will be rewarded or something like that. So, It seems like the whole internet at this point is a SEO. Competition doing what you can to get your search results up. And as a developer myself, I know the influence that stack overflow has on many developers. If you're a contributor to stack overflow, you have so much sway, especially if the questions you're answering are common questions, which often involve Python packages or Python coding. Tactics. You have a lot of influence on that platform. So, yeah, it makes sense that malicious actors would go on there. And maybe they buy a reputable stack overflow account for a lot of money. And then use it to promote malicious tools and packages. If you are a developer and you are out there looking for new packages to use for your organization. Especially for your organization, make sure you check out the documentation, check out the website, look for anything fishy in the metadata of that package. And look for. Reviews from verified developers. And trust me. I know the temptation as a developer, especially for personal projects at home to just get the job done as quickly as you can. If you find a stack overflow post. That might work. You tend to just copy the code, copy the imports, try it out. And see if it works, because at that point you're essentially just. Troubleshooting. In production, right. You're seeing if that code will work on your, on your little personal projects. So. No, that some of those Python packages can install malicious malware on your computer and be used to hijack your cryptocurrency. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.
In the fourth and final part of “Debunking Assumptions Through the Asian American Perspective”, our guests share inspirational stories of support, solidarity and growth. This special series is brought to you by the ELFA Equity Committee in celebration of Asian American, Native Hawaiian and Pacific Islander (AANHPI) Heritage Month. Featuring: Debbie Devassy-Babu, Moderator, Equity Committee Member, Shareholder at Darcy & Devassy https://www.linkedin.com/in/debbie-devassy-babu-377937/ Moto Tohda, Moderator, Equity Committee Member, VP of Information Systems at Tokyo Century USA https://www.linkedin.com/in/moto-tohda-emba-clfp-a520521/ Xiang Ji, Senior Manager, Commercial and Vendor Risk Management, Toyota Industries Commercial Finance https://www.linkedin.com/in/jixiang/ Kyin Lok, CEO, Dext Capital https://www.linkedin.com/in/kyin-lok-19a6504/ Kinna Pattani, Equity Committee Member, Associate Director, Alfa https://www.linkedin.com/in/kinnapattani/ Camtu Vo, Manager, Product Development - N.A., Food & Agriculture, DLL https://www.linkedin.com/in/camtu-vo-3143806b/ Resources mentioned in this episode: Advocacy organization: Asian Americans Advancing Justice https://www.advancingjustice-aajc.org/
In the fourth and final part of “Debunking Assumptions Through the Asian American Perspective”, our guests share inspirational stories of support, solidarity and growth. This special series is brought to you by the ELFA Equity Committee in celebration of Asian American, Native Hawaiian and Pacific Islander (AANHPI) Heritage Month. Featuring: Debbie Devassy-Babu, Moderator, Equity Committee Member, Shareholder at Darcy & Devassy https://www.linkedin.com/in/debbie-devassy-babu-377937/ Moto Tohda, Moderator, Equity Committee Member, VP of Information Systems at Tokyo Century USA https://www.linkedin.com/in/moto-tohda-emba-clfp-a520521/ Xiang Ji, Senior Manager, Commercial and Vendor Risk Management, Toyota Industries Commercial Finance https://www.linkedin.com/in/jixiang/ Kyin Lok, CEO, Dext Capital https://www.linkedin.com/in/kyin-lok-19a6504/ Kinna Pattani, Equity Committee Member, Associate Director, Alfa https://www.linkedin.com/in/kinnapattani/ Camtu Vo, Manager, Product Development - N.A., Food & Agriculture, DLL https://www.linkedin.com/in/camtu-vo-3143806b/ Resources mentioned in this episode: Advocacy organization: Asian Americans Advancing Justice https://www.advancingjustice-aajc.org/
In Part 3 of Voices United: Debunking Assumptions Through the Asian American Perspective, guests share their personal experiences facing adversity and talk about the impact of unconscious bias. This podcast is part of the ELFA Equity Committee's celebration of Asian American, Native Hawaiian and Pacific Islander (AANHPI) Heritage Month, which recognizes the contributions and influence of Asian Americans, Native Hawaiians and Pacific Islander Americans to the history, culture, and achievements of the United States. Featuring: Debbie Devassy-Babu, Moderator, Equity Committee Member, Shareholder at Darcy & Devassy https://www.linkedin.com/in/debbie-devassy-babu-377937/ Moto Tohda, Moderator, Equity Committee Member, VP of Information Systems at Tokyo Century USA https://www.linkedin.com/in/moto-tohda-emba-clfp-a520521/ Xiang Ji, Senior Manager, Commercial and Vendor Risk Management, Toyota Industries Commercial Finance https://www.linkedin.com/in/jixiang/ Kyin Lok, CEO, Dext Capital https://www.linkedin.com/in/kyin-lok-19a6504/ Kinna Pattani, Equity Committee Member, Associate Director, Alfa https://www.linkedin.com/in/kinnapattani/ Camtu Vo, Manager, Product Development - N.A., Food & Agriculture, DLL https://www.linkedin.com/in/camtu-vo-3143806b/ Resources mentioned in this episode:Report: Asian Americans' experiences with discrimination in their daily lives, Pew Research Center https://www.pewresearch.org/race-ethnicity/2023/11/30/asian-americans-experiences-with-discrimination-in-their-daily-lives/
In Part 3 of Voices United: Debunking Assumptions Through the Asian American Perspective, guests share their personal experiences facing adversity and talk about the impact of unconscious bias. This podcast is part of the ELFA Equity Committee's celebration of Asian American, Native Hawaiian and Pacific Islander (AANHPI) Heritage Month, which recognizes the contributions and influence of Asian Americans, Native Hawaiians and Pacific Islander Americans to the history, culture, and achievements of the United States. Featuring: Debbie Devassy-Babu, Moderator, Equity Committee Member, Shareholder at Darcy & Devassy https://www.linkedin.com/in/debbie-devassy-babu-377937/ Moto Tohda, Moderator, Equity Committee Member, VP of Information Systems at Tokyo Century USA https://www.linkedin.com/in/moto-tohda-emba-clfp-a520521/ Xiang Ji, Senior Manager, Commercial and Vendor Risk Management, Toyota Industries Commercial Finance https://www.linkedin.com/in/jixiang/ Kyin Lok, CEO, Dext Capital https://www.linkedin.com/in/kyin-lok-19a6504/ Kinna Pattani, Equity Committee Member, Associate Director, Alfa https://www.linkedin.com/in/kinnapattani/ Camtu Vo, Manager, Product Development - N.A., Food & Agriculture, DLL https://www.linkedin.com/in/camtu-vo-3143806b/ Resources mentioned in this episode:Report: Asian Americans' experiences with discrimination in their daily lives, Pew Research Center https://www.pewresearch.org/race-ethnicity/2023/11/30/asian-americans-experiences-with-discrimination-in-their-daily-lives/
In this episode of 'Lessons I Learned in Law', host Scott Brown speaks with Francisca Comiche, General Counsel at Rabobank.In her current role at Rabobank (the 2nd largest Bank in the Netherlands), Francisca is responsible for a global legal function of over 400 people.This is a far cry from her beginnings with the group. Francisca shares her journey of joining DLL (a Subsidiary of Rabobank) over 26 years ago as only the 2nd lawyer in the team. During her 26 years, she has witnessed and driven significant change across the function. Her role has been constantly varied and where she has started to get itchy feet, she has sought out discomfort to keep herself challenged...this has been the key success to the lasting career at Rabobank.We also discuss the importance of working internationally and hear how she has built the ability to connect the dots across jurisdictions. This is a really interesting conversation with a top European General Counsel...don't miss out!
May is Asian American, Native Hawaiian and Pacific Islander (AANHPI) Heritage Month, recognizing the contributions and influence of Asian Americans, Native Hawaiians and Pacific Islander Americans to the history, culture, and achievements of the United States. This four-part series is brought to you by the ELFA Equity Committee and moderated by Debbie Devassy-Babu, Shareholder at Darcy & Devassy, and Moto Tohda, VP of Information Systems at Tokyo Century USA. Part 1 of the AANHPI Heritage Month series introduces listeners to our four guests as they talk about their unique backgrounds and what brought them to the U.S. Join us each Tuesday in May for a new episode. Featuring: Xiang Ji, Senior Manager, Commercial and Vendor Risk Management, Toyota Industries Commercial Financehttps://www.linkedin.com/in/jixiang/ Kyin Lok, CEO, Dext Capital https://www.linkedin.com/in/kyin-lok-19a6504/ Kinna Pattani, Associate Director, Alfa https://www.linkedin.com/in/kinnapattani/ Camtu Vo, Manager, Product Development - N.A., Food & Agriculture, DLL https://www.linkedin.com/in/camtu-vo-3143806b/ Resources mentioned in this episode: Article: What does Asian American Pacific Islander Really Mean?: https://www.morningsidecenter.org/teachable-moment/lessons/what-does-asian-american-pacific-islander-really-mean Book: The Making of Asian America: A History by Erika Lee https://www.goodreads.com/book/show/23492717-the-making-of-asian-america Additional resources: The Library of Congress, National Archives and Records Administration, National Endowment for the Humanities, National Gallery of Art, National Park Service, Smithsonian Institution and United States Holocaust Memorial Museum join in paying tribute to the generations of Asian and Pacific Islanders who have enriched America's history and are instrumental in its future success. https://www.asianpacificheritage.gov/
Compliance is difficult enough in an air-conditioned data center; taking this essential concept to an austere geography that has spotty communications with the potential of bullets flying makes it almost impossible. This disruption of communication has a new term, Denied Disconnected Latent, or DLL. When communications are restored, they still must maintain compliance standards. Today we get some perspectives on how to manage this arduous task. From a design perspective, an agency may have a process where the developers who deploy the application may not be the ones who make end points secure. As a result, a process must be worked out where the apps are updated and the security process for the end points are systematized as well. Jay Bonci from the U.S. Air Force describes how compliance can be checked during a regular maintenance process where central compliance information can be transferred to the field. Nigel Hughes from Steel Cloud shares that today, many systems administrators are executing this update through a set of tools. This manual process may have been tolerated with a few end points, today there is such a profusion that automation is needed. In a perfect world, one can scan assets, determine policy posture, examine apps, browsers, databases, baseline. If there is a drift – they can be snapped back into compliance. For more details, listen to the discussion because it delves into federated vs. centralized compliance and the theoretical debate over defining an end point in a world of platform-as-a-service.
Eine fundierte Entscheidung bei der Finanzierung zu treffen ist entscheidend für den Erfolg in der Intralogistik. Dieser Grundsatz leitet die Experten von DLL. In Folge #225 begrüßt Jörg gleich zwei dieser Fachleute: Marco Wagner, den Global Head of Intralogistics, und Markus Handorfer, den Account Manager für DACH und Polen. Zusammen haben sie die folgenden Fragen erörtert: - Wie unterstützt man bei der Finanzierung in der Intralogistik? - Wird bei der Finanzierung Eigen- oder Fremdkapital genutzt? - Welche Finanzierungskonzepte gibt es und worin liegen die Unterschiede? - Inwiefern werden Flexibilitätsaspekte in die bereitgestellten Finanzierungslösungen integriert? - Wie werde die Finanzierungslösungen angepasst, um betriebliche Prozesse effizienter zu gestalten? - Warum könnte ein spezialisierter Finanzdienstleister wie DLL eine bessere Option, als die Hausbank, sein? - Warum ist es in wirtschaftlich angespannten Zeiten wichtig, in moderne Technologie zu investieren? - Warum ist es in wirtschaftlich angespannten Zeiten wichtig, in moderne Technologie zu investieren? Hört einfach mal rein! Bezahlte Partnerschaft.
Today we unravel the second ransomware extortion of Change Healthcare by RansomHub, the cunning malvertising campaign targeting IT pros with malware-laden ads for PuTTY and FileZilla, and the deceptive tactics on GitHub fooling developers into downloading malware. Discover protective strategies and engage with expert insights on bolstering defenses against these evolving cyber threats. Original URLs: https://www.securityweek.com/second-ransomware-group-extorting-change-healthcare/ https://www.helpnetsecurity.com/2024/04/10/malvertising-putty-filezilla/ https://thehackernews.com/2024/04/beware-githubs-fake-popularity-scam.html https://www.bleepingcomputer.com/news/security/malicious-visual-studio-projects-on-github-push-keyzetsu-malware/ Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: cybersecurity, ransomware, malvertising, GitHub scams, Change Healthcare, IT professionals, data protection, cybercrime, malware, software development Search Phrases: How to protect against ransomware attacks Strategies to combat malvertising campaigns Tips for IT professionals on avoiding malicious ads Safeguarding software development from GitHub scams Change Healthcare ransomware extortion case study Cybersecurity advice for IT administrators Dealing with malware in system utilities ads Best practices for data protection in healthcare Understanding cybercrime tactics on GitHub Preventing repeated ransomware extortions Transcript: Transition (Long) 2 Welcome back to the Daily Decrypt. Change Healthcare falls victim to a second ransomware extortion in just a month, now at the hands of the Emergent Ransom Hub Group, wielding over 4 terabytes of sensitive data stolen in the February 2024 cyberattack. Which comes as a result from the Black Cat Exit Scam. Next, we're turning over to a new malvertising campaign where searching for essential utilities for IT professionals like Putty and Filezilla leads to malware laden ads, and you all know what I'm going to say about this. Don't click Google Ads. And finally, GitHub becomes a battlefield as cybercriminals exploit its search functionality to trick developers into downloading repositories full of malware. How can developers ensure the repositories they download from GitHub are safe and not just traps set by cybercriminals? All right, so at the end of February of this year, you may remember that Change Healthcare, which is a subsidiary of UnitedHealthcare, was the victim of a ransomware attack by the notorious and since disbanded ransomware group named Black Cat. Well, Change Healthcare finds itself in the crosshairs of a ransomware extortion scheme for the second time in just over a month, coming from a new ransomware group called Ransom Hub. There hasn't been a second attack. But this is believed to be a result of the exit scam that Black Cat pulled, where they kept all of the ransom payment that Change Healthcare had made. Allegedly, Optum, which is a subsidiary of Change Healthcare, paid Black Cat 22 million in ransom after the attack. Black Cat then pulled an apparent exit scam and disappeared without paying the affiliate who carried out the attack. And according to Qualys Cyber Threat Director Ken Dunham, it's not uncommon for companies that give in and pay these ransoms to quickly become additional targets or soft targets where their information is extorted again and again and again. Paying and giving into these ransomware artists might seem like a quick fix to your problems, but once you've proven that you will and can pay, they're gonna come after you again. The data doesn't just disappear or get deleted. It's very valuable, and in this case it's worth 22 million dollars, so even if the attackers say they're gonna delete it, maybe they won't and maybe they'll come hit you again. So even though Black Cat has disbanded, whether or not they were taken down by the FBI or performed an exit scam, The data that they pillaged from Change Healthcare is now in the hands, or supposedly in the hands, of a group called Ransomhub, which is extorting Change Healthcare all over again. IT professionals have found themselves at the crosshairs of an ongoing malvertising campaign. These attackers are using malicious Google Ads to disguise malware as popular system utilities, like Putty, which is a free SSH IntelNet client. And FileZilla, which is a FTP application. This research comes from Malwarebytes researcher Jerome Segura, and he points out that even after alerting Google about these malicious ads, the campaign continues unabated. This sophisticated scheme begins when IT administrators search for these utilities on Google. The top search results, or sponsored ads, lead them through a series of cloaking pages. These pages are designed to filter out non target traffic such as bots or security researchers, directing only potential victims to imitation sites. Unwittingly, when these IT administrators download what they believe to be legitimate software, they instead receive nitrogen malware, which is a dangerous software for cybercriminals, enabling them to infiltrate private networks or steal data, deploy ransomware attacks, and was used by the notorious Black Cat from the previous story. The method of infiltration is known as DLL sideloading, which involves the malware masquerading as a legitimate and signed executable to launch a DLL, thereby avoiding detection. So what this essentially means is these IT professionals are probably getting the tool, FileZilla, Putty, that they're looking for, The functionality might remain exactly the same, which only serves to benefit the attackers because once the IT professionals download the software, there's no indicators that it's incorrect or fake, but this software such as Putty or FileZilla will then launch a separate DLL, which is just an executable that contains the malware. So one way you can prevent this as someone downloading software from the web, is to find what's called an MD5 hash, which is essentially a signature of sorts that verifies the integrity of the file you've downloaded. Now, hashing isn't necessarily something we need to get into, Right now on this podcast, but all you need to know is it's sort of like math where you multiply the data from within this piece of software or do algebra or something to create this long string of characters. that can't be replicated if the files have been altered. So as soon as the files are altered, the mathematical equation puts out a different set of characters, right? So the creators of the software release this hash, they display it on their website, and then when you download the software, you run the same algorithm against that software to see if those two hashes match. Now I personally am guilty of Not always checking the hash for softwares. And I know a lot of other IT professionals are guilty of that as well, but it's time to set up a new good habit and consistently check these hashes, maybe even develop a web scraper that will go grab the hash and also run the software through it, comparing it, reducing the amount of work you have to do on the other end, but in summary, as I always say, do not click Google ads unless you absolutely have to, unless the thing you're searching for down below. Unless the thing you're specifically searching for is not in the search results below, and is only present in the advertisement, which will probably only be for things like thedailydecrypt. com, where I haven't been around long enough to boost my search result ranking naturally, so eventually maybe I'll start buying ad space, trying to get to people who are looking for the content that we're providing. But if you're going to download some software, there's no need to click the ads, especially something as popular as FileZilla or PuTTY, VS Code, whatever you're trying to download, go find it in the search results. Do not click the ad. And in a similar vein, let's talk about a scam on GitHub that's fooling developers into downloading dangerous malware. Cybercriminals are exploiting GitHub's search features, luring users into downloading fake yet seemingly popular repositories. This scheme has been identified to distribute malware hidden within Microsoft Visual Studio Code project files, which are cunningly designed to fetch further malicious payloads from remote URLs, as reported by checkmarks. So the attackers are mimicking popular repositories and employing automated updates and fake stars to climb GitHub's search rankings. So unlike Google, I don't believe there are ads you can buy in GitHub search to boost your search rankings. So attackers are becoming a little more creative. Making the repository look like it's consistently updated, helps boost the search rankings, and then naming the repositories, things that developers are constantly searching for will also help boost its rankings in its SEO. So since many of these repositories are disguised legitimate projects, it can be pretty tricky to identify them, but among the discoveries, some repositories were found downloading an encrypted file named feedbackapi. exe. which is an executable and is notably large at 750 megabytes. This executable is designed to bypass antivirus detection and deploy malware, similar to the Kizetsu Clipper, a notorious tool known for hijacking cryptocurrency transactions. And unlike softwares downloaded from the internet by clicking on Google ads in the previous story, there may or may not be hashes for these repositories. Most likely not. Sometimes if they're an executable or a package, they'll provide a hash. But if you're on the GitHub repository, you think it's legit, they might list the hash, but that's just the hash to their malware, giving you a false sense of security, just be extra vigilant when you're downloading anything to your computer, especially open source things that are generally found on GitHub, it can't be that hard to create. A thousand GitHub accounts, or maybe even you can buy them online. And that immediately gives your repo a thousand stars, making it look legitimate. So if you're looking for a tool, it's best to find it on the web within, from within a reputable website. GitHub search feature is not the most reliable. And that's all I've got for you today. Thanks so much for tuning in. Today I'll be traveling to Florida to Participate in the Hackspace conference where I'm really excited to learn a little bit more about how cybersecurity and satellites and other spacecraft intertwine. I'll also be meeting up with dogespan where we'll hopefully do a joint episode, our first ever one in person. So be sure to tune in tomorrow for that episode.
ChatGPT goes off-script with Shakespearean flair, and cybersecurity becomes the beacon in guarding our maritime and water utility infrastructures. We unravel the complexities of software supply chain threats with a focus on the Python Package Index, and spotlight the latest vulnerabilities in ConnectWise's ScreenConnect. It's a journey through the cyber squalls and the efforts to anchor down our digital defenses. Featured Stories: ChatGPT's Shakespearean Spiral - Delving into the reasons behind ChatGPT's unexpected dive into nonsensical outputs. Read more on Ars Technica and Reddit. Bolstering Maritime Cybersecurity - How the Biden administration is strengthening America's maritime defenses against cyber threats. Cybersecurity at Sea: Strengthening America's Maritime Defenses. Protecting Water Utilities from Cyber Threats - A look into the new wave of cybersecurity measures for water utilities by CISA, the FBI, and the Environmental Protection Agency. The Stealthy Expansion of Software Supply Chain Threats - Unpacking a sophisticated cyber-attack via the Python Package Index. Discover more at ReversingLabs. Patch and Protect: ConnectWise ScreenConnect Update - Addressing the vulnerabilities reported in ScreenConnect and the steps for remediation. ConnectWise Security Bulletins. Join us as we dissect these pivotal moments in digital security and AI quirks, ensuring you stay informed and ahead of the curve in the ever-evolving world of technology. Only on Spotify. For the best listening experience, follow us on Spotify and dive into the digital depths with our insightful episodes on technology, cybersecurity, and the unexpected turns of AI. Transcript: Feb 22 [00:00:00] All right. Good morning listeners. And welcome back to the daily decrypt. Huge shout out to Jared Jones for his brand new release song played under the. Super sophisticated AI announcer. If you're looking for some music, if you're working hard all day in front of the computer and you're looking for some [00:01:00] music that doesn't have words and isn't too distracting, highly recommend looking up Jared Jones. J E R E D. You're going to find lots of sick bangers like that one. All right. But let's get into the news today. We're going to dive into a digital pandemonium as chat GPT, seemingly takes a Shakespearian swerve. Leaving user's puzzled with it's nonsensical Jabber. Meanwhile, the us government makes waves in cybersecurity. Anchoring down on maritime defenses against the rising tide of cyber threats, proving that when it comes to securing our ports, It's not just about the web. It's about the water. Speaking of water. We are also going to explore how America's water utilities are fortifying, their cyber defenses. Ensuring that the only things flowing through our pipes, our water and wifi. In the realm of software and vulnerabilities, we're gonna be talking about the Python package index or PI as I call it. And how it becomes a Trojan horse for cyber attackers highlighting the stealthy expansion of [00:02:00] threats within our digital supply chains. And lastly, if you stick around this long, we're going to just touch base on connect Wise's screen connect vulnerabilities. All right. So yesterday, Users on Reddit started reporting that chat GPT. What's going absolutely insane. The responses from techy, PT would start out pretty normal and then quickly devolve into what I would describe as someone with a dementia or Verna keys, aphasia. Thanks to all the Reddit users who posted their chats. They're very fun to read through. Various journalists have reached out to open AI, the makers of chatty Beatty. For comment and we're met just with direction to their status page. So no comment at this time has been released. But I have an example here of what ChatGPT was spitting out. And you can see by looking at the. Output. It's just [00:03:00] going through how it formulates its responses. It's creating noise and then refining that noise. So here. Is. An example of what it was doing yesterday. "The high, the high or the heart where the hair. The his, or the Howell hones, a hill, a heel or a hand where all the Astor and any, and all, or an ACE or a story or a strain at grok stands for, of you a visit or the verb there site. Is a stand, a state or a story the in or the in wit makes a must a may or a most." Part of that sounded kind of like the monologue from V for vendetta, which I'm not going to even try. To repeat, but if you haven't seen me for vendetta, highly recommended, Given the help the chat should. The T made composing this episode, it seems to be back to normal. But. It is a reminder at how. These quote, artificial intelligent. Chat bots are not perfect [00:04:00] and they can quickly devolve. So did, do you know that. Our planet is made up of mostly water. And so our, our bodies. Though these facts may seem startling. They're starting. To get the attention of government officials such as the Biden administration who yesterday released an executive order aimed at bolstering cybersecurity measures across the United States port facilities. This is sparked by increasing concerns over cyber threats, particularly from nation state actors like China. Who could cripple a lot of our infrastructure. By just taking down a few maritime ports. In an era where cybersecurity incidents can ripple through the global supply chain with devastating effect, the executive order represents a significant pivot towards enhancing the resilience of [00:05:00] maritime infrastructure. The us coast guard is now endowed with explicit authority to counter malicious cyber activities. Targeting the nation's Marine transportation system. This includes a mandate for the immediate reporting of any cyber threats or incidents that could compromise vessels, harbors, ports, or waterfront facilities. Part of the executive order involved reallocating over $20 billion towards port infrastructure over the next five years. And this is an aim to repatriate crane manufacturing, eh, which is a sector currently dominated by China, which manufacturers approximately 80% of the cranes used in us ports. So if you're wondering why focus on ports? Well, consider this America's ports are not just points of entry for goods. They're bustling hubs that can support 31 million American jobs and contribute $5.4 trillion to the economy. They're smooth operation is pivotal to our national security and economic prosperity. The threat of cyber attacks, particularly those that could be orchestrated by foreign adversaries. So as it [00:06:00] turns out, network ports, aren't the only ports cybercriminals are sneaking into. In the world of port. Cybersecurity, it looks like we're moving from pirate, infested waters. To cyber secure harbors. Ari a feeling safe yet. Speaking of water and making waves in the world of cybersecurity. The FBI SISA and the EPA. Released tips targeted specifically to water plants and water managing agencies. At an age where hackers seem to have the thirst for infiltrating our critical infrastructures. The spotlight has turned to our water utilities. This isn't just about keeping the water flowing. It's about ensuring that the only thing going down the drain is well water. And not our security. In recent years, several water treatment companies have been the target of ransomware attacks, which has led to significant disruptions. Such events compromise the safety and availability of drinking water, which is a serious risk to public health and [00:07:00] safety. These agencies. Are aiming to prevent such outcomes by helping utilities, bolster their defenses against malicious cyber activity. The article in our show notes, outlines eight top notch strategies to keep cyber threats at bay. From hiding key assets to changing passwords, as often as we're supposed to change our water filters. It seems like water utilities are being prepped for a stormy season in cyberspace. So what kind of attacks are they trying to prevent? Often hackers exploit vulnerabilities in the software and hardware that control water treatment processes. And by gaining unauthorized access, they can disrupt operations, demand, ransom, or even tamper with water quality. The guidance provided by SISA the EPA and FBI emphasizes the importance of regular updates and patches to address these vulnerabilities. Alongside training for staff to recognize and respond to cyber threats. Well, no system can be made completely invulnerable. The adoption of these recommended practices significantly reduces the risks [00:08:00] of successful cyber attacks, which is what we're going for. It is a lofty goal to completely eliminate cyber risk, but. The goal is to just do what we can. To make ourselves more secure. Alrighty, we're going to turn this a little bit more technical and talk about some recent vulnerabilities that have been discovered. Reversing labs. Released an article that discusses. A sophisticated cyber attack that leverages the Python package index or PI as I like to call it. To distribute malicious software through a technique known as DLL sideloading. In January of 2024. Carlos janky, a reverse engineer at reversing labs discovered two suspicious packages on PI. Named helper and NP six helper HTTP or. These packages were found to exploit DLL sideloading, which is a method where attackers execute malicious code on a computer without being detected by security [00:09:00] software. This technique was used to target legitimate pie packages, revealing a concerning trend in the misuse of open source platforms for cyber attacks. DLL sideloading typically involves replacement or of a dynamic link library or DLL with a malicious one. The attacker's goal is to trick the application into loading this malicious DLL. Thereby executing the harmful code. It contains. In this case, the malicious packages were designed to mimic legitimate ones, very closely, which fooled developers into incorporating them into their projects. So, this is pretty significant. It affects not just individual developers, but potentially the entire supply chain. As compromised packages could be integrated into a wide array of applications. The attackers utilized Typosquatting, which is a tactic where malicious packages are named similarly to legitimate ones. In an effort to deceive users into downloading them. Reversing labs investigation further revealed that these malicious packages downloaded additional payloads, including a legitimate [00:10:00] file from king soft core. And a malicious DLL designed to execute a second stage payload. For those interested in diving deeper into the specifics of this breach, including the technical details and indicators of compromise. We encourage you to check out the full article in our show notes for a comprehensive understanding of the attack, vectors and protective measures. And before we finish up for the day. We're just going to quickly circle back to the recent ConnectWise ScreenConnect vulnerabilities that were reported on February 13th. If you're running ScreenConnect on premises, you're going to need to update your servers to version 23.9 0.8 immediately. If you're in the cloud, there are no actions needed at this time. And ConnectWise is saying that there's no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken by on-premise partners to address these identified security risks. All right. That's all we've got for today. I hope you enjoyed Water puns as well as the new music by [00:11:00] Jared Jones. Today was probably my favorite episode I've done so far. So if you have any feedback Uh, please shoot me a message on Instagram. Shoot us a tweet on Twitter. Uh, We'd love to hear from you. We understand your feedback is an honor. And so we'd be honored to receive And I believe we were taking tomorrow off. So we will talk to you more next week. [00:12:00] [00:13:00]
Download Episode 936 – It’s as low energy as we’ve got, so let’s just start.It’s a PartyCast. Pernell Vaughan, Brooke Poole, Chris Taylor, and Andy Sperry are here. We talk about how we’re all tired. Then I mention how I upgraded my Switch memory card. Then Chris talks about Switch sales and his band learning EarthBound music. Andy had a 2 year Streamiversary celebration, Pernell worked out a bunch, and Brooke is excited for new Elden Ring DLC. And we’re all REALLY tired. Plus reviews.0:00 - Intro/Yawns21:03 - Lords of Exile - Squidbit Works, PID Games, PixelHeart (Chris)34:38 - Moonbreaker - Unknown Worlds, KRAFTON (Pernell)44:20 - Bzzzt - KO.DLL, Cinemax Games (Andy)52:14 - Sympathy Kiss - Idea Factory, Design Factory, Idea Factory International (Brooke)1:13:07 - Arzette: The Jewel of Faramore - Seedy Eye Software, Limited Run Games (Chris)1:30:47 - Noxia Somnia - Reframe Games (Pernell)1:39:19 - ASTLIBRA Gaiden: The Cave of Phantom Mist - KEIZO, WhisperGames (Chris)The show ends with some EarthBound goodness from Christian Pacaud because Chris mentioned EarthBound in the episode. It’s a natural reaction at this point. Yay.1:50:50 - Christian Pacaud - ~FATSH-T~ Guitar Arrange Plushttp://www.squidbitworks.com/https://pidgames.com/https://www.pixelheart.eu/https://unknownworlds.com/https://www.krafton.com/https://twitter.com/ko_dllhttps://cinemax.cz/https://www.ideaf.co.jp/https://www.designf.com/https://ifi.games/https://www.seedyeyesoftware.com/https://limitedrungames.com/https://www.reframegames.com/https://www.keizo.games/http://www.whisperinteractive.com/https://christianpacaud.bandcamp.com/https://joecam.net/boundtogether/https://www.keymailer.co/https://itunes.apple.com/us/podcast/the-sml-podcast/id826998112https://open.spotify.com/show/6KQpzHeLsoyVy6Ln2ebNwKhttps://twitter.com/theSMLpodcast/https://www.facebook.com/theSMLpodcast/https://store.streamelements.com/thesmlpodcastALL REVIEWED GAMES HAVE BEEN PROVIDED FOR FREE FOR THE PURPOSE OF ANY COVERAGE ON THE SHOW
In this week's DF Direct, the team catches up with the news about The Last of Us Part 2's remaster and wonders what the fuss is about, while Alex takes another look at Cyberpunk 2077 DLSS 3.5 Ray Reconstruction across its updates and via the Alan Wake 2 DLL. Rich finally gets his hands on a PlayStation 5 'Slim' and unboxes it for your viewing pleasure, and Half-Life's 25th anniversary is celebrated by the team. Also: what is actually going on with Xbox's console sales in Europe? 0:00:00 Introduction and DF merch store! 0:03:13 News 01: The Last of Us Part 2 Remastered announced 0:17:27 News 02: Cyberpunk 2077 gets Ultimate Edition 0:35:16 News 03: Xbox sales down in Europe 0:53:19 News 04: Half-Life hits 25th anniversary, documentary released 1:07:59 News 05: StarEngine graphics update video released 1:19:30 News 06: Rich unboxes a PS5 Slim! 1:33:56 DF Supporter Q1: Have you checked out the Portal port for N64? 1:41:59 DF Supporter Q2: I think TLOU Part 2 looks similar to path traced games, with better image clarity - what do you think? 1:47:44 DF Supporter Q3: Do you worry that you emphasize top-end graphics too much in your game coverage? 1:50:37 DF Supporter Q4: Is there a niche for a powerful, exclusively handheld system in today's market? 1:57:26 DF Supporter Q5: What if the new Switch was actually two consoles - a portable console and a home console? 2:02:07 DF Supporter Q6: Happy Thanksgiving! Do the American expats at DF celebrate Thanksgiving in their new European homes? Learn more about your ad choices. Visit megaphone.fm/adchoices
Check out SignalWire at: https://bit.ly/signalwirewan Make compliance easy with Kolide at: https://www.kolide.com/WAN Save time and automate your social media marketing! Check out Tailwind at https://lmg.gg/tailwind and get 50 free bonus Ghostwriter AI credits! Timestamps (Courtesy of NoKi1119) Note: Timing may be off due to sponsor change: 0:00 Chapters. 1:09 Intro. 1:33 Topic #1: CS:GO is no more, long lives CS 2. 2:48 History of CS, Source, Luke's experience. 9:36 Subtick, playing with Joe, volumetric smoke, recoil & shield. 16:00 Twitch & FP on CS recoil, Steam reviews, $40M in 40 minute. 22:06 Steam reviews, discussing CS 2 replacing CS:GO, a negative review. 32:50 BG3, Linus's BG3 review on Discord, BG3's tutorial, games reviews. 48:21 Yvonne's character choice, camera mod, game preference. 56:03 LTTStore's new desk pad. 57:06 Linus recalls a viewer's argument on using YT Superchats. 58:18 Creator's warehouse bread plushies ft. FP poll. 1:01:16 Merch Messages #1. 1:01:22 Would you wipe your controversies if you also wipe what you learnt from them? 1:03:44 Luke disagrees with FP Poll. 1:04:58 Any personal experience dealing with low temperature on tech? 1:07:23 New FP Poll for breads. 1:07:48 How many times has DLL said anything that caused chaos within LMG? 1:11:00 FP Poll result, bread is the meme. 1:12:09 Topic #2: Newegg's GPU trade in program. 1:12:34 Trade in prices, easy process & warranty. 1:20:49 Linus's price take, Luke on working with PayPal, LTT's AMD video, Linus on satire. 1:38:30 Sponsors. 1:42:13 Covering last WAN's supplement sponsorship. 1:45:30 Merch Messages #2. 1:45:36 How bad a monitor would you use for free before spending on one? 1:53:16 Has LTT ever used consultors or contractors? 2:00:56 How do you address technical debt in your projects? 2:06:00 Topic #3: Samsung's Neo G9 monitors cracking. 2:08:10 Luke on the low frequency of curved screens damage, Linus on per-region support. 2:12:08 Linus calls about if the Secret Shopper segment was shot, continues to leak. 2:22:16 Linus recalls Samsung's The Wall, purchases TCL's 115" MiniLED TV. 2:30:22 Linus's theory on why this is Chinese exclusive, LTT shot the Compensator. 2:35:30 Topic #4: Russian zero-day seller offers $20M to hack iOS & Android. 2:39:57 Topic #5: Reddit phases out gold & awards, now pays for karma. 2:42:08 Topic #6: Metaverse's 3D facial scan. 3:02:07 Topic #7: TheFloW teases a PS4/PS5 exploit. 3:03:39 Topic #8: Google will discontinue Podcast next year. 3:04:52 Topic #9: OpenAI's & Meta's new AI. 3:09:28 Topic #10: Getty's library generates images through an ethical database. 3:10:23 Topic #11: Google Search showcases ChatGPT-3's "eggs can be melted" response. 3:11:09 Topic #12: Military AI to sort U.S. intelligence. Cont. Topic #9: OpenAI's & Meta's new AI. 3:13:11 Meta's Ray-Band glasses article. 3:15:04 Luke shows Hotbunlover. 3:15:56 Merch Messages #3 ft. WAN Show After Dark. 3:16:58 How viable do you believe LTT's cleanest setup is? 3:19:48 Difficult challenge for tech that you've come to terms with? 3:20:41 Has Luke looked into aftermarket options for his car's infotainment system? 3:22:27 Has Linus's workload lowered after stepping down? ft. Tech shop sequel, Sea of Stars, cutscenes. 3:39:41 Did Yvonne's medical history help her learn finance better? 3:40:16 Any noticeable LTTStore merch preference per region? 3:40:43 Do you see 12GB VRAM being enough for 2K Ultra settings in the future? 3:45:14 Is it true that Linus can leap over the chair from a standing position? 3:49:16 Arm wrestling on WAN Show? 3:50:18 Have you explored what it'd take to start an ISP? 3:50:52 What is Linus's favorite WAN Show snack? 3:51:22 Do you think you'll see AI reach full sentience in your lifetime? 3:52:32 Why does Luke stream his Starfield gameplay on Twitch and not on FP? 3:54:08 Outro.
Top 5 Threat Hunting Headlines - 21 Aug 2023 Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America https://blogs.blackberry.com/en/2023/08/cuba-ransomware-deploys-new-tools-targets-critical-infrastructure-sector-in-the-usa-and-it-integrator-in-latin-america Hunting Rituals #1: Threat hunting for DLL side-loading https://www.group-ib.com/blog/hunting-rituals-dll-side-loading/ Suspected N. Korean Hackers Target S. Korea-US Drills https://www.securityweek.com/suspected-n-korean-hackers-target-s-korea-us-drills/?web_view=true Ransomware Diaries: Volume 3 – LockBit's Secrets https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/ Add 'writing malware' to the list of things generative AI is not very good at doing https://www.theregister.com/2023/08/18/ai_malware_truth/?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Instagram: https://www.instagram.com/cyborgsecinc/ Facebook: https://www.facebook.com/CyborgSecInc
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.FortiGaurd Labs encounters a kernel driver that makes use of the open-source donut tool.Checkpoint researchers observe Iranian threat actor Agrius operating against Israeli targets.SentielOne notes changes in the ongoing campaign by Kimsuky.Microsoft uncovers stealthy malicious activity aimed at critical infrastructure in the United States.ZScaler Threatlabz reporting on Pikabot, a new malware trojan.Bleeping Computer reporting that the QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program.eSentire launches a multi-pronged offensive against a growing cyberthreat: the Gootloader Initial Access-as-a-Service Operation.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.
Picture of the Week So... Not an attack, then? AI Overlord Hysteria Italy says NO to ChatGPT It's illegal... How much will that be? The U.S. FDA & medical device security Hack the Pentagon Firefox 3dr-party DLL check-up Microsoft's Extortion? The Silver Ships Zombie Software Show Notes: https://www.grc.com/sn/sn-917-notes.pdf Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT meraki.cisco.com/twit
Genesis Market gets taken down. Proxyjackers exploit Log4j vulnerabilities. Fast-encrypting Rorschach ransomware uses DLL sideloading. Killnet attempts DDoS attacks against the German ministry. Carole Theriault ponders AI assisted cheating. Johannes Ullrich tracks malware injected in a popular tax filing website. Soft power and Russia's hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/65 Selected reading. 'Operation Cookie Monster': International police action seizes dark web market (Reuters) Stolen credential warehouse Genesis Market seized by FBI (Register) FBI Seizes Bot Shop ‘Genesis Market' Amid Arrests Targeting Operators, Suppliers (KrebsOnSecurity) Genesis Market, one of world's largest platforms for cyber fraud, seized by police (Record) 'Operation Cookie Monster': FBI seizes popular cybercrime forum used for large-scale identity theft (CNN) Cybercrime marketplace Genesis Market shut by FBI, international law enforcement (CNBC) FBI seizes stolen credentials market Genesis in Operation Cookie Monster (BleepingComputer) Notorious Genesis Market cybercrime forum seized in international law enforcement operation (CyberScoop) Proxyjacking has Entered the Chat (Sysdig) Rorschach – A New Sophisticated and Fast Ransomware (Check Point Research) Russian hackers attack German ministry's website (TVP World) Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA 'Must Patch' List (SecurityWeek) Zimbra vulnerability exploited by Russian hackers targeting Nato countries - CISA (Tech Monitor) CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) NVD - CVE-2022-27926 (National Vulnerability Database) The Interview - Russian cyber weapons 'could do a lot of damage' in the US: Former counterterrorism czar (France 24) Biden cybersecurity chief 'surprised' Russia has not hit US targets amid Ukraine war (Washington Examiner) Ukrainian Cyber War Confirms the Lesson: Cyber Power Requires Soft Power (Council on Foreign Relations)
Picture of the Week So... Not an attack, then? AI Overlord Hysteria Italy says NO to ChatGPT It's illegal... How much will that be? The U.S. FDA & medical device security Hack the Pentagon Firefox 3dr-party DLL check-up Microsoft's Extortion? The Silver Ships Zombie Software Show Notes: https://www.grc.com/sn/sn-917-notes.pdf Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT meraki.cisco.com/twit
Picture of the Week So... Not an attack, then? AI Overlord Hysteria Italy says NO to ChatGPT It's illegal... How much will that be? The U.S. FDA & medical device security Hack the Pentagon Firefox 3dr-party DLL check-up Microsoft's Extortion? The Silver Ships Zombie Software Show Notes: https://www.grc.com/sn/sn-917-notes.pdf Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT meraki.cisco.com/twit
Picture of the Week So... Not an attack, then? AI Overlord Hysteria Italy says NO to ChatGPT It's illegal... How much will that be? The U.S. FDA & medical device security Hack the Pentagon Firefox 3dr-party DLL check-up Microsoft's Extortion? The Silver Ships Zombie Software Show Notes: https://www.grc.com/sn/sn-917-notes.pdf Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT meraki.cisco.com/twit
Picture of the Week So... Not an attack, then? AI Overlord Hysteria Italy says NO to ChatGPT It's illegal... How much will that be? The U.S. FDA & medical device security Hack the Pentagon Firefox 3dr-party DLL check-up Microsoft's Extortion? The Silver Ships Zombie Software Show Notes: https://www.grc.com/sn/sn-917-notes.pdf Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT meraki.cisco.com/twit