POPULARITY
C'est une menace qui se fait discrète… trop discrète. Détecté en mars dernier par les chercheurs de Morphisec, ResolverRAT fait partie de ces malwares capables d'accéder à distance à une machine infectée, d'en extraire des fichiers ou d'exécuter des commandes. Un fonctionnement classique pour un RAT, un Remote Access Trojan. Mais ce qui le rend redoutable, c'est sa manière de passer sous les radars. ResolverRAT ne s'installe pas vraiment. Il s'exécute uniquement en mémoire, sans jamais écrire de fichier sur le disque dur, ni modifier de programme existant. Résultat : les antivirus classiques et même les systèmes EDR (Endpoint Detection and Response), pourtant plus évolués, peinent à le repérer.Le vecteur d'infection reste le bon vieux phishing, avec une recrudescence dans le secteur de la santé. Les victimes reçoivent un e-mail contenant une archive. À l'intérieur : un programme tiers légitime, hpreader.exe, signé et valide – déjà utilisé dans d'autres campagnes malveillantes – et une bibliothèque corrompue. À l'exécution, le programme charge cette DLL malicieuse sans poser de question. Et l'infection débute. Le code s'exécute alors directement dans la mémoire vive, en détournant un mécanisme du framework .NET pour y injecter ses propres modules. Une architecture complexe : composants chiffrés, chaînes masquées, présence furtive dans le registre Windows, et surtout, une capacité à communiquer via des connexions chiffrées sans dépendre des certificats de la machine. Les données extraites sont morcelées en blocs de 16 Ko, évitant ainsi toute alerte liée à une consommation anormale de bande passante.Morphisec a observé des variantes du malware dans de nombreuses langues : italien, hindi, tchèque, turc, portugais, indonésien… Les indices laissent penser à une opération internationale, avec une infrastructure rappelant d'autres familles bien connues comme Rhadamanthys ou Lumma. Mais ici, il s'agirait d'une souche inédite, construite sur mesure pour l'invisibilité. Face à une menace aussi furtive, les outils classiques sont dépassés. La meilleure défense reste la prévention. Ne cliquez pas sur des fichiers inattendus. Méfiez-vous des messages urgents. Vérifiez systématiquement l'identité de l'expéditeur. Même en 2025, ces réflexes restent vos meilleurs alliés contre des menaces de plus en plus sophistiquées. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.
Doge Laugh Love Ep. 2 - Hands OFF! - In the second episode of DLL, Lisa, Phil, Aaron and The Will of the People talk about some of the misdeeds the administration has committed since our last cadence two weeks ago. In fact, as we were dutifully recording episode one, Single-gate was literally breaking out and exposing our National Security team as one of the most inept collection of clowns ever assembled by a modern government. Soon after, Trump made "good" on his eternal promise to unilaterally slaps tarrifs on the entire world, including conuntries comprised exclusively of Penguins, sendiong the stock market into the abys and economists into hyteria describing what this self-inflicted wound might portend for the future. But, there IS good news, and perhaps a glimmer of hope for the future. There was a Supreme Court of Wisconsin election that proved that not everyone has gone completely insane. Also, Lisa and Phil attended a couple of great events since the last cadence, including the incredible 5050.one national protest that drew 6 million people out from under the jackboot of Maga this weekend! The message is grouwing strong to Maga. HANDS OFF our Democracy! #HandsOff #50501 #fiftyfity.one #activism #indivisible #mobilize #authoritarianism #jingoism #democracy #justice #januarysix #cybertruck #Trump #BermoeSamders #CoryBooker #denaturalizationBe advised. This podcast does take a position on the events of the day.: Music by TechnoAXE from Washington State - "Back to Work"If you don't like what is going on with your government, here are some great resources to follow.Hands Off!https://www.fiftyfifty.one/Indivisiblehttps://indivisible.orgMobilizehttps://mobilize.usSpringfield Township Action Committeehttps://www.facebook.com/groups/991352129598406
Quel est selon vous le meilleur réalisateur de films d'horreur de ces 20 dernières années ? Pour nous James Wan fait clairement parti de ceux qui nous ont le plus surpris dans son approche cinématographique.Dans cet épisode je reçois Mateo et Matthieu et on reviens sur tous les films d'horreur de James Wan.N'hésitez pas à donner votre avis, donner des conseils qui pourrait améliorer l'émission. Merci par avance.Crédit musical : SATY.DLL @SuperPiaule-8bitsProjet musical de SATY.DLL : https://open.spotify.com/artist/2NJzBI8e5wSSdWJuu7EMl4?si=8L0nkeC_TuyFthtmtA9_6A
This week, we are joined by Tom Hegel, Principal Threat Researcher from SentinelLabs research team, to discuss their work on "Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition." The latest Ghostwriter campaign, linked to Belarusian government espionage, is actively targeting Ukrainian military and government entities as well as Belarusian opposition activists using weaponized Excel documents. SentinelLabs identified new malware variants and tactics, including obfuscated VBA macros that deploy malware via DLL files, with payload delivery seemingly controlled based on a target's location and system profile. The campaign, which began preparation in mid-2024 and became active by late 2024, appears to be an evolution of previous Ghostwriter operations, combining disinformation with cyberattacks to further political and military objectives. The research can be found here: Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition Learn more about your ad choices. Visit megaphone.fm/adchoices
This week, we are joined by Tom Hegel, Principal Threat Researcher from SentinelLabs research team, to discuss their work on "Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition." The latest Ghostwriter campaign, linked to Belarusian government espionage, is actively targeting Ukrainian military and government entities as well as Belarusian opposition activists using weaponized Excel documents. SentinelLabs identified new malware variants and tactics, including obfuscated VBA macros that deploy malware via DLL files, with payload delivery seemingly controlled based on a target's location and system profile. The campaign, which began preparation in mid-2024 and became active by late 2024, appears to be an evolution of previous Ghostwriter operations, combining disinformation with cyberattacks to further political and military objectives. The research can be found here: Ghostwriter | New Campaign Targets Ukrainian Government and Belarusian Opposition Learn more about your ad choices. Visit megaphone.fm/adchoices
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Python Bot Delivered Through DLL Side-Loading A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Side-Loading/31778 Tomcat RCE Correction To exploit the Tomcat RCE I mentioned yesterday, two non-default configuration options must be selected by the victim. https://x.com/dkx02668274/status/1901893656316969308 SAML Roulette: The Hacker Always Wins This Portswigger blog explains in detail how to exploit the ruby-saml vulnerablity against GitLab. https://portswigger.net/research/saml-roulette-the-hacker-always-wins Windows Shortcut Zero Day Exploit Attackers are currently taking advantage of an unpatched vulnerability in how Windows displays Shortcut (.lnk file) details. Trendmicro explains how the attack works and provides PoC code. Microsoft is not planning to fix this issue https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html
L'Année 2024 a-t-elle été une bonne année en terme de films , séries et jeux vidéo ? Dans cet épisode on donne nos top/flop de l'année 2023 avec Arnaud, Marc, Mateodesmallville et Young. N'hésitez pas à donner votre avis, donner des conseils qui pourrait améliorer l'émission. Merci par avance. Crédit musical : SATY.DLL @SuperPiaule-8bits Projet musical de SATY.DLL : https://open.spotify.com/artist/2NJzBI8e5wSSdWJuu7EMl4?si=8L0nkeC_TuyFthtmtA9_6A
Qu'est-ce qu'un Souls Like exactement ? Pourquoi ça existe ? Qu'est-ce qui attire les joueurs ? Dans cet épisode je reçois Arnaud et Marc pour discuter et échanger ensemble de ce sous-genre du jeu vidéo qui nous tient tant à cœur. N'hésitez pas à donner votre avis, donner des conseils qui pourrait améliorer l'émission. Merci par avance. Crédit musical : SATY.DLL @SuperPiaule-8bits Projet musical de SATY.DLL : https://open.spotify.com/artist/2NJzBI8e5wSSdWJuu7EMl4?si=8L0nkeC_TuyFthtmtA9_6A
Podcast co-hosts Kelli Nienaber and Will Tefft are joined by Shannon Stangl of DLL to discuss the current and future outlook for the office and workplace segment of the industry. Listen in to learn more about this space including emerging technologies and increased interest in sustainability trends and how equipment can be fit for the future.
Podcast co-hosts Kelli Nienaber and Will Tefft are joined by Shannon Stangl of DLL to discuss the current and future outlook for the office and workplace segment of the industry. Listen in to learn more about this space including emerging technologies and increased interest in sustainability trends and how equipment can be fit for the future.
A short episode this week, featuring Keyhole which abuses a logic bug in Windows Store DRM, an OAuth flow issue, and a CSRF protection bypass. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/265.html [00:00:00] Introduction [00:00:16] Attacking Hypervisors From KVM to Mobile Security Platforms [00:02:30] Keyhole [00:10:12] Drilling the redirect_uri in OAuth [00:18:00] Cross-Site POST Requests Without a Content-Type Header [00:24:03] New AMSI Bypss Technique Modifying CLR.DLL in Memory Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9
Cette ville apparaît dans mes rêves agités. Silent Hill. Tu m'avais promis de m'y ramener un jour. Tu ne l'as pas fait. J´y suis seule désormais ... Dans notre " lieu à nous"... Je t'attends ... Dans cet épisode je reçois Mateo ainsi que Slimkane pour discuter d'un monument du jeu vidéo horrifique : Silent Hill 2. N'hésitez pas à donner votre avis, donner des conseils qui pourrait améliorer l'émission. Merci par avance. Crédit musical : SATY.DLL @ Perfect Seeding Projet musical de SATY.DLL : https://open.spotify.com/intl-fr/album/5rolU95NPPcbxEC9oNpiWT?si=8PIfBQN8S3abVbhnljvf-A
Dr. Ryan Augustin and Dr. Jason Luke discuss neoadjuvant immunotherapy and the importance of multidisciplinary team coordination, promising new TIL therapy for advanced melanoma, and the emerging role of CD3 engagers in treatment strategies. TRANSCRIPT Dr. Ryan Augustin: Hello, I'm Dr. Ryan Augustin, your guest host of the ASCO Daily News Podcast today. I'm a medical oncology fellow at Mayo Clinic in Rochester, Minnesota. Joining me today is Dr. Jason Luke, an associate professor of medicine and the director of the Cancer Immunotherapeutic Center at the University of Pittsburgh Hillman Cancer Center. I had the privilege of working as a postdoc in Jason's translational bioinformatics lab, where we investigated mechanisms of resistance to immunotherapy in melanoma and other cancers. Today, we'll be discussing 3 important topics, including neoadjuvant immunotherapy and the importance of multidisciplinary team coordination, the impact and practical considerations for incorporating TIL therapy into melanoma, and the current and future use of CD3 engagers in both uveal and cutaneous melanoma. You'll find our full disclosures in the transcript of this episode. Jason, it's great to have this opportunity to speak with you today. Dr. Jason Luke: Absolutely. Thanks, Ryan. It's great to see you. Dr. Ryan Augustin: So, to kick things off, Jason, we, of course, have seen tremendous advances in cancer immunotherapy, not only in metastatic disease but also the perioperative setting. Recent data have shown that the use of neoadjuvant therapy can provide not only critical prognostic information but can also help individualize post-resection treatment strategies and potentially even eliminate adjuvant therapy altogether in patients who achieve a pathologic, complete response. This signifies a conceptual shift in oncology with the goal of curing patients with immunotherapy. In triple-negative breast cancer, the KEYNOTE-522 regimen with pembrolizumab is standard of care. In non-small cell lung cancer, there are now four FDA approved chemo-IO regimens in both the neoadjuvant and perioperative settings. And, of course, in melanoma, starting with SWOG S1801 utilizing pembro mono therapy, and now with combined CTLA-4 PD-1 blockade based on results from the NADINA trial, neoadjuvant IO is the new standard of care in high-risk, resectable melanoma. It's important to highlight this because whereas other tumor types have more mature multidisciplinary care, for example, patients with breast cancer are reviewed by the whole team in every center, and every patient with lung cancer certainly benefits from multidisciplinary care conferences, that's not always the case with melanoma, given the relative frequency of cases compared to other tumor types. Jason, would you say that we have now moved into an era where the integration of a multidisciplinary team and melanoma needs to be prioritized. And why is it important to have multidisciplinary team coordination from the onset of a patient's diagnosis? Dr. Jason Luke: Well, I think those are great questions, Ryan, and I think they really speak to the movement in our field and the great success that we've had integrating systemic therapy, particularly immunotherapy, into our treatment paradigms. And so, before answering your question directly, I would add even a little bit more color, which is to note that over the last few years, we've additionally seen the development of adjuvant therapy into stages of melanoma that, historically speaking, were considered low-risk, and medical oncologists might not even see the patient. To that, I'm speaking specifically about the stage 2B and 2C approvals for adjuvant anti-PD-1 with pembrolizumab or nivolumab. So this has been an emerging complication. Classically, patients are diagnosed with melanoma by either their primary care doctor or a dermatologist. Again, classically, the next step was referral to a surgeon who had removed the primary lesion, with discussion around nodal evaluation as well. And that paradigm has really changed now, where I think integration of medical oncology input early on in the evaluation of the appropriate treatment plan for patients with melanoma is quite a pressing issue now, both because we have FDA approvals for therapeutics that can reduce risk of recurrence, and whether or not to pursue those makes a big difference to the patient for discussion early on. And, moreover, the use of systemic therapies now, prior to surgery, of course, then, of course, requires the involvement of medical oncology. And just for an emphasis point on this, it's classically the case, for good reason, that surgeons complete their surgery and then feel confident to tell the patient, “Well, we got it all, and you're just in really good shape.” And while I understand where that's coming from, that often leaves aside the risk of recurrence. So you can have the most perfect surgery in the world and yet still be at very high risk of recurrence. And so it's commonly the case that we get patients referred to us after surgery who think they're just in totally good shape, quite surprised to find out that, in fact, they might have a 20% to 50% risk of recurrence. And so that's where this multidisciplinary integration for patient management really does make a big difference. And so I would really emphasize the point you were making before, which is that we need multidisciplinary teams of med onc with derm, with surgery early on, to discuss “What are the treatment plans going to be for patients?” And that's true for neoadjuvant therapy, so, for palpable stage 3, where we might give checkpoint inhibitors or combinations before surgery. But it's true even in any reasonably high-risk melanoma, and I would argue in that state, anything more than stage 1 should be discussed as a group, because that communication strategy with the patient is so important from first principles, so that they have an expectation of what it's going to look like as they are followed out over time. And so we're emphasizing this point because I think it's mostly the case at most hospitals that there isn't a cutaneous oncology disease management meeting, and I think there needs to be. It's important to point out that usually the surgeons that do this kind of surgery are actually either the GI surgeons who do colon cancer or the breast surgeons. And so, given that melanoma, it's not the most common kind of cancer, it could easily be integrated into the existing disease review groups to review these cases. And I think that's the point we really want to emphasize now. I think we're not going to belabor the data so much, but there are enormous advantages to either perioperative or adjuvant systemic therapy in melanoma. We're talking about risk reduction of more than 50%, 50-75% risk reduction. It's essential that we make sure we optimally offer that to patients. And, of course, patients will choose what they think is best for their care. But we need to message to them in a way that they can understand what the risks and benefits of those treatments are and then are well set up to understand what that treatment might look like and what their expectations would be out over time. So I think this is a great art of medicine place to start. Instead of belaboring just the details of the trial to say, let's think about how we take care of our patients and how we communicate with them on first principles so that we can make the most out of the treatments that we do have available. Dr. Ryan Augustin: That's great, Jason. Very insightful points. Thank you. So, shifting gears now, I'd also like to ask you a little bit about TIL therapy in melanoma. So our listeners will be aware that TIL is a promising new approach for treating advanced melanoma and leverages the power of a patient's cytotoxic T cells to attack cancer cells. While we've known about the potential of this therapy for some time, based on pioneering work at the NCI, this therapy is now FDA approved under the brand AMTAGVI (Lifileucel) from Iovance Biotherapeutics, making it the first cellular therapy to be approved for a solid tumor. Now, I know TIL therapy has been administered at your institution, Jason, for several years now, under trial status primarily for uveal melanoma using an in-house processing. But for many cancer centers, the only experience with cellular therapy has come under the domain of malignant hematology with CAR T administration. At our institution, for example, we have only recently started administering TIL therapy for melanoma, which has required a tremendous multidisciplinary effort among outpatient oncology, critical care, and an inpatient hematology service that has expertise in cytokine release syndrome. Jason, where do you see TIL therapy fitting into the metastatic space? Which patients do you think are truly candidates for this intensive therapy? And what other practical or logistical considerations do you think we should keep in mind moving forward? Dr. Jason Luke: Well, thanks for raising this. I think the approval of lifileucel, which is the scientific name for the TIL product that's on the market now. It really is a shift, a landscape shift in oncology, and we're starting in melanoma again, as seems to be commonly the case in drug development. But it's really important to understand that this is a conceptually different kind of treatment, and therefore, it does require different considerations. Starting first with data and then actualization, maybe secondarily, when we see across the accelerated approval package that led to this being available, we quote patients that the response rate is likely in the range of 30%, maybe slightly lower than that, but a meaningful 25% to 30% response rate, and that most of those patients that do have response, it seems to be quite durable, meaning patients have been followed up to four years, and almost all the responders are still in response. And that's a really powerful thing to be able to tell a patient, particularly if the patient has already proceeded through multiple lines of prior standard therapy. So this is a very, very promising therapy. Now, it is a complicated therapy as well. And so you highlighted that to do this, you have to have a tumor that's amenable for resection, a multidisciplinary team that has done a surgery to remove the tumor, sent it off to the company. They then need to process the TIL out of the tumor and then build them up into a personalized cell product, bring it back, you have to lympho-deplete the patient, re-introduce this TIL. So this is a process that, in the standard of care setting under best circumstances, takes roughly six weeks. So how to get that done in a timely fashion, I think, is evolving within our paradigms. But I think it is very important for people who practice in settings where this isn't already available to realize that referring patients for this should be a strong consideration. And thinking about how you could build your multidisciplinary team in a way to be able to facilitate this process, I think is going to be important, because this concept of TIL is relevant to other solid tumors as well. It's not approved yet in others, but we kind of assume eventually it probably will be. And so I think, thinking through this, how could it work, how do you refer patients is very important. Now, coming back to the science, who should we treat with this? Well, of course, it's now an air quotes “standard of care option”, so really it ought to be available to anybody. I will note that currently, the capacity across the country to make these products is not really adequate to treat all the patients that we'd want. But who would we optimally want to treat, of course, would be people who have retained a good performance status after first line therapy, people who have tumors that are easily removable and who have not manifested a really rapid disease progression course, because then, of course, that six-week timeline probably doesn't make sense. The other really interesting data point out of the clinical trials so far is it has looked like the patients who got the least amount of benefit from anti-PD-1 immunotherapy, in other words, who progressed immediately without any kind of sustained response, those patients seem to have the best response to TILs, and that's actually sort of a great biomarker. So, this drug works the best for the population of patients where checkpoint inhibitors were not effective. And so as you think about who those patients might be in your practice, as you're listening, I think prioritizing it for primary progression on anti PD-1, again and giving it ahead thought about how would you get the patient through this process or referred to this process very quickly is really important because that lag time is a problem. Patients who have melanoma tend to progress reasonably quickly, and six weeks can be a long time in melanoma land. So, thinking ahead and building those processes is going to be important moving into the future Dr. Ryan Augustin: Definitely appreciate those practical considerations. Jason, thank you. Moving on to our final topic, I was hoping to discuss the use of immune cell engagers in melanoma. So, similar to CAR T therapy, bispecific T-cell engagers, or BiTEs, as they're commonly known, are standard of care in refractory myeloma and lymphoma. But these antibodies engaging CD-3 on T cells and a tumor specific antigen on cancer cells are relatively new in the solid tumor space. Tarlatamab, which is a DLL-3 and CD-3 bispecific antibody, was recently approved in refractory small cell lung cancer, and, of course, tebentafusp, an HLA-directed CD-3 T cell engager was approved in uveal melanoma in 2022. Both T and NK cell engaging therapies are now offering hope in cancers where there has historically been little to offer. However, similar to our discussion with TIL therapy, bispecifics can lead to CRS and neurotoxicity, which require considerable logistical support and care coordination. Jason, I was wondering if you could briefly discuss the current landscape of immune cell engagers in melanoma and how soon we may see these therapies enter the treatment paradigm for cutaneous disease. Dr. Jason Luke: I think it is an exciting, novel treatment strategy that I think we will only see emerge more and more. You alluded to the approval of tebentafusp in uveal melanoma, and those trials were, over the course of a decade, where those of us in solid tumor land learned how to manage cytokine release syndrome or the impact of these C3 bispecifics, in a way that we weren't used to. And what I'll caution people is that CRS, as this term, it sounds very scary because people have heard of patients that, of course, had difficult outcomes and hematological malignancies, but it's a spectrum of side effects. And so, when we think about tebentafusp, which is the approved molecule, really what we see is a lot of rash because GP100, the other tumor antigen target, is in the skin. So, patients get a rash, and then people do get fevers, but it's pretty rare to get more than that. So really what you have to have is the capacity to monitor patients for 12 hours, but it's really not more scary than that. So it really just requires treating a few people to kind of get used to these kinds of symptoms, because they're not the full-on ICU level CRS that we see with, say, CAR T-cells. But where is the field going? Well, there's a second CD3 bispecific called brenetafusp that targets the molecule PRAME, that's in a phase 3 clinical trial now for frontline cutaneous melanoma. And tebentafusp is also being evaluated in cutaneous melanoma for refractory disease. So, it's very possible that these could be very commonly used for cutaneous melanoma, moving into, say, a two-to-four-year time horizon. And so therefore, getting used to what are these side effects, how do you manage them in an ambulatory practice for solid tumor, etc., is going to be something everyone's going to have to learn how to deal with, but I don't think it should be something that people should be afraid of. One thing that we've seen with these molecules so far is that their kinetics of treatment effect do look slightly different than what we see with more classic oncology therapies. These drugs have a long-term benefit but doesn't always manifest as disease regression. So, we commonly see patients will have stable disease, meaning their tumor stops growing, but we don't see that it shrank a lot, but that can turn into a very meaningful long-term benefit. So that's something that we're also, as a community, going to have to get used to. It may not be the case we see tumors shrink dramatically upfront, but rather we can actually follow people with good quality- of-life over a longer period of time. Where is the field going? You mentioned tarlatamab in small cell lung cancer, and I think we're only going to see more of these as appropriate tumor antigens are identified in different tumors. And then the other piece is these CD3 engagers generally rely upon some kind of engagement with a T cell, whether CD3 engagers, and so they can be TCR or T-cell receptor-based therapies, although they can be also SCFV-based. But that then requires new biomarkers, because TCR therapy requires HLA restriction. So, understanding that now we're going to need to profile patients based on their germline in addition to the genomics of the tumor. And those two things are separate. But I would argue at this point, basically everybody with cutaneous melanoma should be being profiled for HLA-A(*)0201, which is the major T-cell receptor HLA haplotype that we would be looking for, because whether or not you can get access immediately to tebentafusp, but therefore clinical trials will become more and more important. Finally, in that T-cell receptor vein, there are also T cell receptor-transduced T cells, which are also becoming of relevance in the oncology community and people listening will be aware in synovial sarcoma of the first approval for a TCR-transduced T cell with afamitresgene autoleucel. And in melanoma, we similarly have TCR-transduced T cells that are coming forward in clinical trials into phase 3, the IMA203 PRAME-directed molecule particularly. And leveraging our prior conversation about TILs, we're going to have more and more cellular based therapies coming forward, which is going to make it important to understand what are the biomarkers that go with those, what are the side effect profiles of these, and how do you build your practice in a way that you can optimally get your patients access to all of these different treatments, because it will become more logistically complicated, kind of as more of these therapies come online over the next, like we said, two to four years kind of time horizon. So, it's very exciting, but there is more to do, both logistically and scientifically. Dr. Ryan Augustin: That's excellent. Thanks, Jason, and thank you so much for sharing your great insight with us today on the ASCO Daily News Podcast. Dr. Jason Luke: Thanks so much for the opportunity. Dr. Ryan Augustin: And thank you to our listeners for your time today. You will find links to the abstracts discussed today in the transcript of this episode, and you can follow Dr. Luke on X, formerly known as Twitter, @jasonlukemd. And you can find me, @RyanAugustinMD. Finally, if you value the insights that you hear on the ASCO Daily News Podcast, please take a moment to rate, review, and subscribe wherever you get your podcasts. Disclaimer: The purpose of this podcast is to educate and to inform. This is not a substitute for professional medical care and is not intended for use in the diagnosis or treatment of individual conditions. Guests on this podcast express their own opinions, experience, and conclusions. Guest statements on the podcast do not express the opinions of ASCO. The mention of any product, service, organization, activity, or therapy should not be construed as an ASCO endorsement. Follow today's speakers: @ryanaugustinmd Dr. Jason Luke @jasonlukemd Follow ASCO on social media: @ASCO on Twitter ASCO on Facebook ASCO on LinkedIn Disclosures: Dr. Ryan Augustin: No relationships to disclose Dr. Jason Luke: Stock and Other Ownership Interests: Actym Therapeutics, Mavu Pharmaceutical, Pyxis, Alphamab Oncology, Tempest Therapeutics, Kanaph Therapeutics, Onc.AI, Arch Oncology, Stipe, NeoTX Consulting or Advisory Role: Bristol-Myers Squibb, Merck, EMD Serono, Novartis, 7 Hills Pharma, Janssen, Reflexion Medical, Tempest Therapeutics, Alphamab Oncology, Spring Bank, Abbvie, Astellas Pharma, Bayer, Incyte, Mersana, Partner Therapeutics, Synlogic, Eisai, Werewolf, Ribon Therapeutics, Checkmate Pharmaceuticals, CStone Pharmaceuticals, Nektar, Regeneron, Rubius, Tesaro, Xilio, Xencor, Alnylam, Crown Bioscience, Flame Biosciences, Genentech, Kadmon, KSQ Therapeutics, Immunocore, Inzen, Pfizer, Silicon Therapeutics, TRex Bio, Bright Peak, Onc.AI, STipe, Codiak Biosciences, Day One Therapeutics, Endeavor, Gilead Sciences, Hotspot Therapeutics, SERVIER, STINGthera, Synthekine Research Funding (Inst.): Merck , Bristol-Myers Squibb, Incyte, Corvus Pharmaceuticals, Abbvie, Macrogenics, Xencor, Array BioPharma, Agios, Astellas Pharma , EMD Serono, Immatics, Kadmon, Moderna Therapeutics, Nektar, Spring bank, Trishula, KAHR Medical, Fstar, Genmab, Ikena Oncology, Numab, Replimmune, Rubius Therapeutics, Synlogic, Takeda, Tizona Therapeutics, Inc., BioNTech AG, Scholar Rock, Next Cure Patents, Royalties, Other Intellectual Property: Serial #15/612,657 (Cancer Immunotherapy), and Serial #PCT/US18/36052 (Microbiome Biomarkers for Anti-PD-1/PD-L1 Responsiveness: Diagnostic, Prognostic and Therapeutic Uses Thereof) Travel, Accommodations, Expenses: Bristol-Myers Squibb, Array BioPharma, EMD Serono, Janssen, Merck, Novartis, Reflexion Medical, Mersana, Pyxis, Xilio
De retour après 4 mois d'absence on débute la Saison 2 de La Piaule ! Dans cet épisode je reçois de nouveau Matthieu et Mateo, on revient sur la saga Alien dans son intégralité en passant même par Alien Isolation. N'hésitez pas à donner votre avis, donner des conseils qui pourrait améliorer l'émission. Merci par avance. Crédit musical : SATY.DLL @ Perfect Seeding Projet musical de SATY.DLL : https://open.spotify.com/intl-fr/album/5rolU95NPPcbxEC9oNpiWT?si=8PIfBQN8S3abVbhnljvf-A
Video Episode: https://youtu.be/lEaBTx6FvCI In today’s episode, we dive into the alarming rise of Linux malware “perfctl,” which has stealthily targeted millions of servers for cryptomining over the past three years. We discuss the critical CVE-2024-29824 vulnerability in Ivanti Endpoint Manager, exploited for unauthorized SQL injection, and the ongoing threats posed by the North Korean APT group Stonefly, known for their intricate cybercrime tactics. Additionally, we explore the disturbing trend of cybercriminals leveraging compromised cloud credentials to operate sexualized AI chat bots, highlighting the urgent need for improved security practices. Sources: 1. https://www.bleepingcomputer.com/news/security/linux-malware-perfctl-behind-years-long-cryptomining-campaign/ 2. https://www.helpnetsecurity.com/2024/10/03/cve-2024-29824/ 3. https://www.helpnetsecurity.com/2024/10/03/private-us-companies-targeted-by-stonefly-apt/ 4. https://krebsonsecurity.com/2024/10/a-single-cloud-compromise-can-feed-an-army-of-ai-sex-bots/ Timestamps 00:00 – Introduction 01:06 – AI powered s3x bots 03:13 – Ivanti SQL Injection 04:08 – Perfectl Linux Malware 05:33 – APT45 StoneFly Attacks US companies 1. What are today’s top cybersecurity news stories? 2. What is the Linux malware “perfctl” and how does it work? 3. How is the Ivanti Endpoint Manager flaw (CVE-2024-29824) being exploited? 4. What activities are linked to the Stonefly APT group targeting US companies? 5. How are stolen cloud credentials being used for AI-powered sex chat services? 6. What vulnerabilities does CVE-2024-29824 address and why is it critical? 7. What measures can organizations take to detect the “perfctl” malware? 8. What are the implications of the Stonefly APT’s recent attacks on private companies? 9. How did researchers demonstrate the abuse of AWS Bedrock for illegal activities? 10. What security best practices can prevent cloud credential theft and misuse? perfctl, Linux, Monero, vulnerabilities, Ivanti, SQL injection, cybersecurity, remediation, Stonefly, cyberattacks, Preft, malware, cloud credentials, AI-powered, child sexual exploitation, cybercriminals, # Intro In a shocking revelation, a stealthy Linux malware named “perfctl” has been exploiting server vulnerabilities for over three years, using advanced evasion techniques to secretly mine Monero cryptocurrency on countless systems worldwide. This elusive threat not only disrupts normal operations by maxing out CPU usage but also deftly vanishes when users log in, making detection extremely difficult for many administrators. How do adversaries exploit vulnerabilities to gain initial access to systems with the perfctl malware? Hackers are actively exploiting a critical SQL injection flaw in Ivanti Endpoint Manager, prompting US federal agencies to rush and remediate the threat by October 23, 2024. Despite Ivanti’s urgent patches, details of the attacks remain sparse, spotlighting the pressing need for effective cybersecurity measures. Why does this particular vulnerability pose such a significant risk compared to others? North Korean APT group Stonefly, undeterred by legal indictments, is intensifying its financially-motivated cyberattacks on US companies, leveraging a unique arsenal of malware and tools. Despite failed ransomware attempts, their distinctive Preft backdoor confirms their tenacity in pursuing targets with no direct intelligence value. Why has Stonefly shifted their focus from espionage to financially-driven cybercrime in recent years? A staggering rise in stolen cloud credentials is fueling an underground market of AI-powered sex chat services, with cybercriminals bypassing content filters for disturbing role-plays involving child sexual exploitation. As security researchers lay bare the chilling implications of compromised AI infrastructure, the industry scrambles for solutions to thwart this escalating threat. **Question:** How are cybercriminals leveraging stolen cloud credentials to evade content restrictions on AI, and what are the financial and ethical implications for the victims? # Stories In this episode, we discuss a recent discovery by Aqua Nautilus researchers of the Linux malware “perfctl,” which has been running a covert cryptomining campaign for over three years. This malware has targeted potentially millions of Linux servers, using advanced evasion techniques and rootkits to remain largely undetected. Perfctl primarily uses compromised servers to mine the Monero cryptocurrency, exploiting misconfigurations and vulnerabilities, such as CVE-2023-33246 in Apache RocketMQ and CVE-2021-4034 in Polkit, for initial access. It operates stealthily, disguising processes and using TOR for encrypted communications. The malware also deploys proxy-jacking software for additional revenue streams. System administrators often notice infections due to 100% CPU usage, though perfctl halts its activities as soon as the user logs in. Due to its evasive and persistent nature, typical removal methods are ineffective, with a full system wipe and reinstall recommended to ensure complete removal. Aqua Nautilus suggests monitoring system directories, CPU usage, and network traffic, alongside patching known vulnerabilities, to detect and prevent perfctl infections. Certainly! Here's a list of ten important terms and nouns from the article, each followed by a brief definition particularly related to cybersecurity: 1. **Linux**: An open-source operating system known for its robust security features and wide use in servers and workstations. In cybersecurity, it’s crucial as many servers run on Linux, making them targets for attacks like the mentioned malware. 2. **Malware**: Malicious software designed to infiltrate, damage, or disable computers and networks. It is important because it can weaponize for financial gain, as in cryptomining without consent. 3. **Cryptomining**: The process of validating cryptocurrency transactions and adding them to the blockchain ledger, in this context, unauthorized use of others’ computer resources to generate cryptocurrency like Monero. 4. **Rootkit**: A set of software tools that enable unauthorized users to gain control of a system without being detected. Rootkits are important in malware because they allow it to remain hidden and maintain persistent access. 5. **CVE (Common Vulnerabilities and Exposures)**: A list of publicly disclosed cybersecurity vulnerabilities. CVEs are critical for understanding and mitigating known vulnerabilities that attackers might exploit as seen with CVE-2023-33246 and CVE-2021-4034. 6. **Monero**: A cryptocurrency known for its privacy features, making transactions challenging to trace. Important in cyber threats like cryptomining, as attackers use infected systems to mine Monero for profit. 7. **TOR**: Short for The Onion Router, a decentralized network to anonymize internet traffic through encryption and relay techniques. It is crucial for maintaining anonymity in cyber operations, as noted in the malware’s communication method. 8. **Userland rootkits**: Types of rootkits that operate in the user space and manipulate user-level applications to evade detection, demonstrating advanced techniques for obscuring malicious activities and maintaining control. 9. **Apache RocketMQ**: An open-source messaging server often used in enterprise environments. Its mention highlights how vulnerabilities in widely used software such as CVE-2023-33246 can be critical entry points for attacks. 10. **Indicators of Compromise (IoC)**: Forensic evidence of potential intrusion or malware activity within a network or system. Recognizing IoCs is essential for detecting and responding to security breaches like those associated with perfctl. This list encompasses important cybersecurity concepts relevant to understanding and contextualizing threats, detection, and protection mechanisms discussed in the article. — On today’s podcast, we’re discussing a critical security flaw in Ivanti Endpoint Manager, known as CVE-2024-29824. This unauthenticated SQL Injection vulnerability is actively being exploited, prompting the Cybersecurity and Infrastructure Security Agency to add it to their Known Exploited Vulnerabilities catalog. Ivanti has acknowledged that a limited number of their customers have been impacted. This flaw, part of a group of ten similar vulnerabilities, affects versions prior to Ivanti EPM 2022 SU5 and could allow attackers to execute code within the service account. Researchers have published detailed technical information and proof-of-concept exploits for this vulnerability. To address the issue, Ivanti released a patch involving the replacement of critical DLL files and a server restart. Federally, US agencies are mandated to remediate this vulnerability by October 23, 2024. Ivanti has urged all users to ensure their systems are up to date with the latest patch. Stay informed and make sure your systems are protected. Certainly! Here’s a list of the top 10 most important nouns and technical terms from the article, along with their definitions and relevance to cybersecurity: 1. **CVE-2024-29824** *Definition:* A Common Vulnerabilities and Exposures (CVE) identifier assigned to an unauthenticated SQL Injection vulnerability found in Ivanti Endpoint Manager (EPM) appliances. *Importance:* This vulnerability is critical because it allows attackers to execute arbitrary code, potentially leading to unauthorized access or data manipulation in affected systems. 2. **Ivanti Endpoint Manager (EPM)** *Definition:* A management tool used to automate and control IT systems, providing capabilities such as hardware and software management, asset discovery, and endpoint security. *Importance:* EPM’s widespread deployment in various organizations makes security flaws within it particularly concerning, as they can affect numerous systems. 3. **SQL Injection** *Definition:* A type of security vulnerability that allows an attacker to interfere with the queries an application makes to its database by injecting malicious SQL code. *Importance:* SQL injection vulnerabilities can lead to data breaches, unauthorized data access, and full system compromise, making them a high priority in security. 4. **Cybersecurity and Infrastructure Security Agency (CISA)** *Definition:* A U.S. federal agency responsible for enhancing the security, resilience, and reliability of the nation’s cybersecurity infrastructure. *Importance:* CISA’s involvement indicates the severity of a vulnerability, guiding organizations on critical security measures to implement. 5. **Security Advisory** *Definition:* An official notification providing details about a vulnerability, including its impact, affected systems, and measures for remediation. *Importance:* Security advisories are crucial for informing organizations and the public about vulnerabilities and recommended actions to mitigate security risks. 6. **Zero Day Initiative (ZDI)** *Definition:* A program that focuses on finding and reporting zero-day vulnerabilities to affected vendors for remediation before they can be exploited by attackers. *Importance:* ZDI’s work helps in identifying and patching vulnerabilities before they are widely exploited, enhancing overall cybersecurity posture. 7. **Proof of Concept (PoC)** *Definition:* A demonstration that shows how a vulnerability can be exploited to achieve harmful results, often used to prove the existence and impact of a security flaw. *Importance:* PoCs help in understanding the practical implications of vulnerabilities and in developing appropriate fixes or mitigation strategies. 8. **KEV Catalog** *Definition:* The Known Exploited Vulnerabilities (KEV) catalog is a list maintained by CISA of vulnerabilities that have been actively exploited in the wild. *Importance:* Inclusion in the KEV catalog underscores the critical nature of a vulnerability, signaling to organizations the urgency in applying patches. 9. **DLL Files** *Definition:* Dynamic-link library (DLL) files are collections of small programs used by larger programs to perform specific tasks, often shared among different applications. *Importance:* Replacing vulnerable DLL files is a method of patching software to fix security vulnerabilities like those described in the article. 10. **IISRESET** *Definition:* A command-line utility used to restart Internet Information Services (IIS), the web server software used by Windows servers. *Importance:* Restarting services using IISRESET ensures that any patched or updated files are loaded into memory, completing the remediation process for vulnerabilities. — In this episode, we delve into Stonefly APT, a North Korean cyber-threat group, also known as APT45. Despite previous indictments, Stonefly continues to target US companies. Linked to North Korea’s military intelligence, the group uses a mix of modified and custom malware for espionage and financially-motivated attacks, having been active since 2009. Recent attacks in August 2024 against US companies, using tools like Preft and Nukebot, highlight their ongoing efforts, likely for financial gain. Experts suggest these actions may fund other state priorities, underscoring the persistent cyber threat posed by Stonefly. 1. **Stonefly (APT45):** A North Korean Advanced Persistent Threat (APT) group also known as Andariel and OnyxFleet, linked to military intelligence. It is significant due to its involvement in cyber espionage and financially-motivated cybercrime targeting US companies. 2. **Reconnaissance General Bureau (RGB):** North Korean military intelligence agency associated with directing cyber operations. Important for understanding the state-backed nature of certain threat groups like Stonefly. 3. **APT (Advanced Persistent Threat):** A prolonged and targeted cyberattack where an unauthorized user gains access to a network and remains undetected for an extended period. Key in cybersecurity since it highlights the sophisticated nature of cyber threats. 4. **3PROXY:** A publicly available proxy server software used for network connections. Important as a tool often exploited by cyber-attacks for masking and redirecting traffic. 5. **Malware:** Malicious software designed to disrupt, damage, or gain unauthorized access to computer systems. Critical in cybersecurity as it encompasses various attack methods utilized by threat actors. 6. **Preft (backdoor):** A custom persistent backdoor linked specifically to Stonefly, allowing unauthorized access into a computer system. Its recognition aids in the identification and attribution of attacks to specific groups. 7. **Ransomware:** A type of malware that encrypts the victim’s files and demands a ransom for the decryption key. Vital due to its financial impact and prevalence in cybercrime. 8. **Keyloggers:** Software or devices designed to record keystrokes on a computer, often covertly. Their detection is crucial as they are commonly used for information theft. 9. **Mimikatz:** A publicly available security tool often misused to extract password data from Windows systems. Its relevance in cybersecurity lies in its frequent misuse for credential theft. 10. **Indicators of Compromise (IoCs):** Artifacts or forensic data that indicate potential intrusion or malicious activity in a network. Essential for threat detection and response in cybersecurity. — In a recent report, cybersecurity experts from Permiso Security have uncovered a troubling trend where cybercriminals exploit stolen cloud credentials to operate AI-powered sex bots. These bots, which are bypassing content filters through custom jailbreaks, often delve into dangerous and illegal role-playing scenarios involving child sexual exploitation and rape. The attacks primarily target large language models (LLMs) hosted on platforms like Amazon's Bedrock. Permiso's investigation revealed that attackers quickly commandeer exposed credentials to fuel AI chat services, racking up unauthorized usage costs for cloud account owners. Platforms like “Chub[.]ai” are suspected of leveraging this method to offer chats with AI characters engaging in controversial and explicit scenarios. Chub claims to bypass content restrictions for a small monthly fee, fueling a broader uncensored AI economy. AWS has responded by tightening security measures, but concerns persist around the potential misuse of AI technologies. The situation highlights the necessity for organizations to protect access keys and to consider enabling logging features to detect unusual activities, despite the additional costs involved. Anthropic, a provider of LLMs to Bedrock, continues to enhance safeguards against such abuses. 1. **Cloud Credentials** **Definition:** Authentication information required to access cloud computing services. **Importance:** Stolen cloud credentials allow cybercriminals unauthorized access to a victim’s cloud resources, which can be exploited for malicious activities such as operating unauthorized services or reselling access clandestinely. 2. **Generative Artificial Intelligence (AI)** **Definition:** AI systems capable of generating text, images, or other media in response to prompts by leveraging large datasets and complex algorithms. **Importance:** These systems can be misused to create harmful or illegal content, as evidenced by their exploitation in unauthorized sex chat services, highlighting the need for robust ethical and security safeguards. 3. **Large Language Models (LLMs)** **Definition:** Advanced AI systems that process and generate human-like text by analyzing vast amounts of language data. **Importance:** LLMs can be manipulated by bad actors to bypass restrictions and produce inappropriate or illegal content, underscoring the risks of inadequate security measures. 4. **Jailbreak (in AI context)** **Definition:** Techniques used to bypass or disable restrictions set within AI systems, allowing them to produce content or perform actions usually forbidden. **Importance:** Jailbreaking enables cybercriminals to exploit AI platforms for illicit purposes, making the development of resilient models a key priority for AI security. 5. **Amazon Web Services (AWS) Bedrock** **Definition:** A cloud-based platform by AWS that provides foundational tools and services for building and deploying generative AI models. **Importance:** Its compromise can lead to significant unauthorized usage and financial liabilities for the account holder, as demonstrated by the unauthorized use in illicit AI chat services. 6. **Prompt Logging** **Definition:** The process of recording and monitoring the prompts given to AI models and the responses they generate. **Importance:** Enables transparency and security oversight, allowing organizations to detect and mitigate misuse of AI resources effectively. 7. **Chub AI** **Definition:** A platform offering AI chat bot characters, including those with explicit and controversial themes. **Importance:** Exemplifies the challenge of regulating AI-powered services to prevent the exploitation and dissemination of harmful content. 8. **NSFL (Not Safe for Life)** **Definition:** A categorization used to describe content that is extraordinarily disturbing or offensive. **Importance:** Highlights the potential for AI-driven services to generate deeply objectionable material, raising ethical and legal concerns. 9. **GuardDuty** **Definition:** An AWS security service that provides monitoring and threat detection for identifying malicious activity and unauthorized behavior. **Importance:** Essential for maintaining cloud security posture and preemptively identifying potential threats, particularly in preventing unwanted exploitation of cloud resources. 10. **Anthropic** **Definition:** An AI safety and research organization focused on developing models with built-in ethical constraints. **Importance:** Plays a critical role in enhancing AI safety to prevent misuse, working towards models resistant to manipulation and fostering industry-wide best practices for secure AI deployment. —
This episode of Paul Security Weekly features John Hammond, a senior security researcher from Huntress, discussing malware analysis. Hammond dives into the analysis of Ocean Lotus attacks, highlighting the use of stealthy techniques like alternate data streams and DLL side-loading. The conversation also touches on the challenges of combating attackers who leverage ‘bring your own vulnerable driver' techniques to gain kernel-level privileges. The hosts discuss the need for secure-by-default configurations and the ongoing struggle to combat attackers who exploit vulnerabilities. The episode concludes with a discussion on how to improve the security of the industry. Segment Resources: https://www.huntress.com/blog/the-hackers-in-the-arena-the-huntress-ctf-retrospective https://www.huntress.com/blog/fake-browser-updates-lead-to-boinc-volunteer-computing-software Automated tank gauges are leaking more than just fuel, while CUPS is serving up a steaming hot brew of vulnerabilities. Meanwhile, Supermicro's BMC firmware is giving away root access like it's going out of style. If you thought your Kia was safe, think again - all it takes is a license plate and 30 seconds to turn your car into a hacker's joyride. China's been busy building a massive IoT botnet called Raptor Train. It's been chugging along undetected for four years. NIST has decided that your password doesn't need to be a cryptographic masterpiece anymore. No more special characters or arbitrary changes - just make it long and don't use "password123". A Texas hospital is playing a game of "hot potato" with ambulances thanks to a ransomware attack. More thoughts on known exploited vulnerabilities, firmware unpacking tools lowdown, Aruba, Bahama, come-on command injection, and kids changing the name of their school! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-845
Download Episode 992 – The one and only Grant “Stemage” Henry joins this episode for some huge Ball Squad news and more!The show kicks off with Jacob Garner, Bri Galgano, Aki, and Grant Henry all on hand to chat about how we’ve been and what kind of crazy stuff Grant has been up to, like COMPOSING THE SCORE FOR THE AVATAR PINBALL TABLE! We also cover the news of the week like the Xbox Game Pass addition and way too many departures, tons of PS Plus games leaving next month, Embracer info, Splatoon 3 support ending, and Sony remastering yet another last gen game because that’s all they do now. Plus an all new Movie Watch jingle and reviews!0:00 - Intro/Chatter48:29 - Funko Fusion - 10:10 Games (Bri)1:03:07 - DROS - emergeWorlds, RedDeerGames (Bri)1:09:11 - Paper Ghost Stories: Third Eye Open - Cellar Vault Games, Chorus Worldwide (Bri)1:15:51 - The Plucky Squire - All Possible Futures, Devolver Digital (Grant)1:25:46 - MindSeize - Kamina Dimension, Sometimes You (Jacob)1:31:20 - BZZZT - KO.DLL, Cinemax Games (Jacob)1:36:44 - Mika and The Witch’s Mountain - Chibig, Nukefist (Aki)1:44:44 - Andromeda Survivors - DevDumb, Aleo Games, AFIL Games (Jacob)1:49:44 - Moe Waifu H - Yume Game Studio, eastasiasoft (Jacob)The show ends with some Grandia II music from the one and only Stemage!2:01:04 - Stemage - FIGHT! (Grandia II)https://www.stemagemusic.com/https://www.1010games.com/https://emergeworlds.com/https://www.reddeergames.com/https://twitter.com/CellarVaulthttps://chorusworldwide.com/https://allpossiblefutures.com/https://www.devolverdigital.com/https://kaminadimension.itch.io/https://www.sometimesyou.com/https://twitter.com/ko_dllhttps://cinemax.cz/https://chibig.com/https://twitter.com/nukefisthttps://afilgames.com/https://twitter.com/YumeGameStudio1https://eastasiasoft.com/https://stemage.bandcamp.com/https://www.keymailer.co/https://itunes.apple.com/us/podcast/the-sml-podcast/id826998112https://open.spotify.com/show/6KQpzHeLsoyVy6Ln2ebNwKhttps://twitter.com/theSMLpodcast/https://www.facebook.com/theSMLpodcast/https://store.streamelements.com/thesmlpodcastALL REVIEWED GAMES HAVE BEEN PROVIDED FOR FREE FOR THE PURPOSE OF ANY COVERAGE ON THE SHOW
Posix, Wsl: un ascoltatore integra...Mando la trascrizione in audio del commento di un ascoltatore sulla puntata in oggetto.Non aggiungo jingle e resto perche' sono virtualmente offline :) ma merita proprio essere distribuita subito. Buon ascolto e grazie !"visto che viene chiesto esplicitamente, ecco un paio di correzioni sulla puntata di oggi :) allora, iniziamo con Cygwin il progetto è nato nel 1995, quindi ha quasi 30 anni, ed è nato a mo di intuizione ( creare un cross-compilatore in modo da creare eseguibili su windows di tool unix/linux), per poi diventare un vero è proprio ambiente posix. Nella sua forma finale Cygwin è un ambiente posix su Windows, le cui chiamate posix vengono "convertite" tramite una libreria ( cygwin1.dll ), come da homepage a DLL (cygwin1.dll) which provides substantial POSIX API functionality. quindi a livello funzionale è un emulatore ( anche se è un pò più complesso ): lo avvii ed hai una shell posix ( bash, sh o qullo che si vuole ) e utilizzi i tool che di norma si trovano su linux. Puoi ovviamente anche compilare da codice sorgente ( ai tempi io mi ero ricompilato sul mio computer Bind per fare alcuni test con l'abilitazione rpz, che mi pare non fosse ufficiale inizialmente, ma è roba di anni fa)"WSL (versione 1), è qualcosa di simile, ma nativamente di Windows e più evoluto: è un sottosistema che converte le chiamate dall'ambiente wsl (quindi linux) nella controparte windows ( quindi anche qui è in sostanza un emulazione ) . Funziona adeguatamente, fin quando non sbatti il muso con i socket tcp ( ai tempi io non sono riuscito a far girare tcpdump ) . Microsoft ha poi "pachetizzato" l'ambiente per avere delle distro (ubuntu, debian, fedora etc) con i propri tools etc, quindi nella sostanza uno si ritrova qualcosa di molto simile all'ambiente scelto"WSL (versione 2) bypassa la questione di emulazione, che è di per se complesso da mantenere, ed è in sostanza un vero e proprio ambiente virtuale, molto leggero e "trasparente". Anche qui con le distro che uno preferisce. Essendo un ambiente virtuale si ha un kernel linux vero e proprio, il quale poi dialoga con l'hypervisor di windows. Cosi si è anche risolto la questione dei socket tcp etc."nella sua evoluzione poi l'ambiente WSL si è integrato sempre di più ( i cron possono rimanere attivi anche con ambiente spento, il filesystem è visibile da Windows etc )"l'utilizzo in se è decisamente dipendente da cosa uno deve farsene. io da sempre ( prima con cygwin poi con WSL ) lo uso perchè i tool che mi servono sono prevalentemente posix, mi è più comodo e molto molto più veloce usare una shell "nativa" del computer che usare una vm. Adesso che l'integrazione è più "fluida" ancor di più: ad esempio uso visual code (quindi "windows" ) usando i file su wsl, che mi permette istantamente di avviare e testare le modifiche, con le config git del caso etc"
1 Star! Ever since I was just a little boy, I've always loved daddy longlegs! To be clear, I HATE spiders, but love, love, love, me a good DLL (which are opiliones, NOT spiders, yuck!). They are an ancient, non-venomous species who cluster together stay warm - how cute is that??? So imagine my surprise, nay, my shock when I went into the movie theater expecting to see a movie that celebrated Earth's most fascinating creature and instead I see a mystery/horror/thriller starring a "transformative" Nicolas Cage!! I will not be watching Longlegs (2024) again! Also the person sitting next to me kept eating all my popcorn... PS - for a good time call: (458) 666-4355
‘45 Years of Listening' tells the story of the Dublin Lesbian Line – an essential, landmark community-led resource – through a collection of personal reflections from one of the original founders, and current volunteers.Dublin Lesbian Line was founded in 1979 – a time in Ireland when homosexuality was invisible, unmentionable, and profoundly isolating – to provide a way for gay/queer/bi/questioning women to connect, meet, make friends, find a community, or even just to talk anonymously on the phone. In 1979, and in the years that followed, it took enormous courage to pick up that phone and dial. Homophobia, patriarchy/gender roles, and heterosexism were so normalized and taken for granted as ‘the way things should be' that some callers to Dublin Lesbian Line couldn't even get the words out once they had gotten through to the number. Others, like one-time caller and then volunteer, Marina, found it a lifeline — found not only support, but friends and community.Ireland has changed, but many LGBTQ+ people still experience discrimination and hostility. Now, in 2024, 45 years later (and despite its legacy name), Dublin Lesbian Line (DLL) serves the entire country – and all genders. As the current volunteers and organisers point out: “We're not just for Dublin, we're not just a phone line, and we're not just for lesbians.” DLL is a registered charity, and aside from offering a listening ear and advice, DLL acts as a reference point for other services (social, health, advisory), and the team at DLL also organises events and courses for the Lesbian community. In the words of volunteer Val, DLL strives to be an “open embrace”.This programme gives the listener an opportunity to learn about diversity of experience in Ireland and reflect on aspects of Irish society and social history, and explore the work of a grass-roots community-led charity/organisation.Information and support for the issues raised in this programme can be found at Switchboard, LGBTQIA support and resources, on 01 872 1055 or by visiting theswitchboard.ie. Please note: Anyone can call on any day, but Tuesday is a dedicated women's night, 6.30-9pm.'45 Years of Listening' was produced, recorded, and edited by Shaun O'Boyle and Maurice Kelliher, shaunandmaurice.com, and was supported by Coimisiún na Meán.Connect with Dublin Lesbian Line on Facebook: https://www.facebook.com/people/Dublin-Lesbian-Line/100064358546983
In today's episode, we explore how cybercriminals exploited StackOverflow to promote the malicious Python package "pytoileur" aimed at cryptocurrency theft (https://thehackernews.com/2024/05/cybercriminals-abuse-stackoverflow-to.html). We also examine the FBI's takedown of the 911 S5 botnet and its massive impact on online fraud and cybercrime (https://krebsonsecurity.com/2024/05/is-your-computer-part-of-the-largest-botnet-ever/). Lastly, we introduce RansomLord, an open-source anti-ransomware tool that leverages DLL hijacking to block ransomware attacks pre-encryption (https://github.com/malvuln/RansomLord). FBI Botnet: https://www.fbi.gov/investigate/cyber/how-to-identify-and-remove-vpn-applications-that-contain-911-s5-backdoors 00:00 Introduction to Ransomware Defense 01:12 Ransom Lord: A Game Changer 03:55 How to Check for Botnet Infections 06:47 Malicious Python Package Alert 09:19 Conclusion and Final Thoughts Tags: Cybercriminals, Python Package Index, pytoileur, cryptocurrency theft, malicious packages, StackOverflow, open source security, botnet, VPN, YunHe Wang, 911 S5, cybersecurity, RansomLord, exploits, vulnerabilities, ransomware protection Search Phrases: Cybercriminal infiltration of Python Package Index pytoileur malicious package on StackOverflow Cryptocurrency theft using pytoileur How to protect against malicious Python packages Largest botnet disguised as VPN service Arrest of YunHe Wang for cybercrime 911 S5 botnet detection methods Protecting computers from 911 S5 botnet RansomLord tool against ransomware Ransomware vulnerabilities exploited by RansomLord May30 There is a new proof of concept. Open source tool called ransom Lord. attacks, the malware that launches ransomware. In order to defeat it before it can encrypt your files. I'm a little blown away by this one, but we'll get to that in a sec. How can ransom Lord change the game for ransomware defenders? And what tactics does it use to defeat ransomware? The largest botnet ever operating under the guise of free VPN services. Has been dismantled with the arrest of its alleged mastermind for orchestrating cyber crimes, totalling billions of dollars in fraudulent losses. How can you check if your computer is part of the nine 11 s5 botnet and what steps can you take to protect yourself in the future? The Python package index has been infiltrated with a malicious package named PI told earlier. Which has now found to facilitate cryptocurrency theft by leveraging reputable platforms, such as stack overflow. What measures can developers take to protect themselves from being deceived by malicious packages? Like this one. You're listening to the daily decrypt. . Alright. So as defenders, we are constantly thinking about how to defeat ransomware. But I haven't seen much come out other than detection capabilities. So we're still focused on detecting. Indicators of compromise that might lead to ransomware. But just yesterday health net security released an article on an open source. Anti ransomware tool that essentially attacks the ransomware malware Using DLL hijacking. and automates the creation of PE files. Which are used to exploit. Ransomware before it can encrypt your files.. So even the thought of this type of defense makes me so excited. The idea that there can be more than just detecting indicators of compromise for ransomware prevention. When we can actually go in and attack the ransomware itself. And get rid of it before it even has the opportunity to encrypt your files. It's a breath of fresh air. So. This tool, which is free and open source and available on get hub. The link is in the show notes below. Deploys exploits in order to defend the network. Which is a novel strategy for defeating ransomware. It also uses vulnerability intelligence. That maps, threats to vulnerable DLLs. In order to target specific threats that you may believe may target your organization or industry. This tool in its current state has been shown to be effective. To defend against 49 ransomware families, including. Caliente. Loki locker. And many more. It can also target Trojans and info Steelers. The author of this tool writes. I created ransom Lord to demonstrate that ransomware is not invincible. And that it has vulnerabilities and its developers make mistakes and can write bad code, just like anyone else.. And I love this framing of ransomware itself being vulnerable to exploits. Because it's essentially just software on your computer and. It has vulnerabilities of its own.. And even though this is technically just a proof of concept, it is effective against current versions of these ransomware tools, though, the developers of these tools will likely patch. And it'll be a continuous cat and mouse game, but imagine if there was an entire company with thousands of employees. Whose sole purpose was to maintain the software to defeat ransomware strains. Any time a ransomware was successful. They would ship that source code off to this company and that company would analyze it and create the exploits for the vulnerabilities found in that ransomware file. I personally don't have enough time to handle this type of company and start it myself. But if you're listening and you're an entrepreneur in the cybersecurity space, I highly encourage you to get going and seek some investing and figure this company out, make it happen. So there was a giant botnet, potentially one of the biggest botnets of all time named 9 1 1 S five. Botnet. That has been masquerading around as a free VPN service. Well just recently authorities have arrested. And Hey Wang at 35 year old, Chinese national behind this entire botnet. They've also seized the 9 1 1 S five website and its infrastructure. This specific botnet has facilitated billions of dollars in online fraud and cyber crime. To include over 560,000 fraudulent unemployment claims. Causing a $5.9 billion loss. This botnet spanned more than 19 million computers across 190 countries. And. was responsible for enabling cybercriminals to route malicious traffic. Through any of those 19 million computers. Which of course allowed them to remain anonymous while they continued to partake in their cyber criminal activities. This bot net company or. Individual also sold access to compromised PCs. Within the botnet because they. Also provided a free VPN service.. And for those of you who might not know the intricacies of how a VPN works. At a high level, essentially, it's just a pathway or a tunnel. To access a network that you're not physically in. So for example, I have a VPN set up at my house. Anytime I'm out at a coffee shop. I access that VPN. Which essentially gives me access to all the devices in my house. So this bot net. Infected computers through the guise of a free VPN service. Installing and signing up for this free VPN service. Not only put your computer in part of this botnet, but gave. The botnet operators access to your computer. So, how can you check if your computer is infected by this botnet? Well, first of all, have you downloaded any free VPN services? In the last few years, if you can't remember. The FBI. Has created a webpage to help identify compromise systems. Which essentially just gives you steps to check if your computer has been infected such as checking for the running services. Such as mask VPN, do VPN proxy, gate shield, VPN shine, VPN and pallet and VPN. It gives you the step-by-step on how to do that on your own computer. It then gives you the steps you'll need to follow, to remove. The malicious free VPN service. And then also to confirm that that service has been removed. If you. We're compromised by this botnet. Please go check out the link. To the FBI site at the end, they're trying to collect a little bit of data to see what your experience was so that they can help. Detect and prevent this type of thing from happening again. And finally there has been a new malicious Python package. Found in the Python package index. This package is named PI Toya. It looks a little French. P Y T O Y L E U R. And it was designed to facilitate cryptocurrency theft. This package had only 316 downloads before the Python package index removed it. But. The developer of this package quickly uploaded a new version with the identical malicious functionality. So it will continue to go back and forth. And what's interesting about this is that. This package is being promoted by. Users. Across stack overflow. Which is a very popular. Platform where developers turn to get their questions answered. Or to provide tips for other developers to follow. So if you go on there and you are seeking. A specific package that might do something. Another stack overflow user can then suggest this malicious package. And maybe in turn, they will be rewarded or something like that. So, It seems like the whole internet at this point is a SEO. Competition doing what you can to get your search results up. And as a developer myself, I know the influence that stack overflow has on many developers. If you're a contributor to stack overflow, you have so much sway, especially if the questions you're answering are common questions, which often involve Python packages or Python coding. Tactics. You have a lot of influence on that platform. So, yeah, it makes sense that malicious actors would go on there. And maybe they buy a reputable stack overflow account for a lot of money. And then use it to promote malicious tools and packages. If you are a developer and you are out there looking for new packages to use for your organization. Especially for your organization, make sure you check out the documentation, check out the website, look for anything fishy in the metadata of that package. And look for. Reviews from verified developers. And trust me. I know the temptation as a developer, especially for personal projects at home to just get the job done as quickly as you can. If you find a stack overflow post. That might work. You tend to just copy the code, copy the imports, try it out. And see if it works, because at that point you're essentially just. Troubleshooting. In production, right. You're seeing if that code will work on your, on your little personal projects. So. No, that some of those Python packages can install malicious malware on your computer and be used to hijack your cryptocurrency. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.
In the fourth and final part of “Debunking Assumptions Through the Asian American Perspective”, our guests share inspirational stories of support, solidarity and growth. This special series is brought to you by the ELFA Equity Committee in celebration of Asian American, Native Hawaiian and Pacific Islander (AANHPI) Heritage Month. Featuring: Debbie Devassy-Babu, Moderator, Equity Committee Member, Shareholder at Darcy & Devassy https://www.linkedin.com/in/debbie-devassy-babu-377937/ Moto Tohda, Moderator, Equity Committee Member, VP of Information Systems at Tokyo Century USA https://www.linkedin.com/in/moto-tohda-emba-clfp-a520521/ Xiang Ji, Senior Manager, Commercial and Vendor Risk Management, Toyota Industries Commercial Finance https://www.linkedin.com/in/jixiang/ Kyin Lok, CEO, Dext Capital https://www.linkedin.com/in/kyin-lok-19a6504/ Kinna Pattani, Equity Committee Member, Associate Director, Alfa https://www.linkedin.com/in/kinnapattani/ Camtu Vo, Manager, Product Development - N.A., Food & Agriculture, DLL https://www.linkedin.com/in/camtu-vo-3143806b/ Resources mentioned in this episode: Advocacy organization: Asian Americans Advancing Justice https://www.advancingjustice-aajc.org/
In the fourth and final part of “Debunking Assumptions Through the Asian American Perspective”, our guests share inspirational stories of support, solidarity and growth. This special series is brought to you by the ELFA Equity Committee in celebration of Asian American, Native Hawaiian and Pacific Islander (AANHPI) Heritage Month. Featuring: Debbie Devassy-Babu, Moderator, Equity Committee Member, Shareholder at Darcy & Devassy https://www.linkedin.com/in/debbie-devassy-babu-377937/ Moto Tohda, Moderator, Equity Committee Member, VP of Information Systems at Tokyo Century USA https://www.linkedin.com/in/moto-tohda-emba-clfp-a520521/ Xiang Ji, Senior Manager, Commercial and Vendor Risk Management, Toyota Industries Commercial Finance https://www.linkedin.com/in/jixiang/ Kyin Lok, CEO, Dext Capital https://www.linkedin.com/in/kyin-lok-19a6504/ Kinna Pattani, Equity Committee Member, Associate Director, Alfa https://www.linkedin.com/in/kinnapattani/ Camtu Vo, Manager, Product Development - N.A., Food & Agriculture, DLL https://www.linkedin.com/in/camtu-vo-3143806b/ Resources mentioned in this episode: Advocacy organization: Asian Americans Advancing Justice https://www.advancingjustice-aajc.org/
In Part 3 of Voices United: Debunking Assumptions Through the Asian American Perspective, guests share their personal experiences facing adversity and talk about the impact of unconscious bias. This podcast is part of the ELFA Equity Committee's celebration of Asian American, Native Hawaiian and Pacific Islander (AANHPI) Heritage Month, which recognizes the contributions and influence of Asian Americans, Native Hawaiians and Pacific Islander Americans to the history, culture, and achievements of the United States. Featuring: Debbie Devassy-Babu, Moderator, Equity Committee Member, Shareholder at Darcy & Devassy https://www.linkedin.com/in/debbie-devassy-babu-377937/ Moto Tohda, Moderator, Equity Committee Member, VP of Information Systems at Tokyo Century USA https://www.linkedin.com/in/moto-tohda-emba-clfp-a520521/ Xiang Ji, Senior Manager, Commercial and Vendor Risk Management, Toyota Industries Commercial Finance https://www.linkedin.com/in/jixiang/ Kyin Lok, CEO, Dext Capital https://www.linkedin.com/in/kyin-lok-19a6504/ Kinna Pattani, Equity Committee Member, Associate Director, Alfa https://www.linkedin.com/in/kinnapattani/ Camtu Vo, Manager, Product Development - N.A., Food & Agriculture, DLL https://www.linkedin.com/in/camtu-vo-3143806b/ Resources mentioned in this episode:Report: Asian Americans' experiences with discrimination in their daily lives, Pew Research Center https://www.pewresearch.org/race-ethnicity/2023/11/30/asian-americans-experiences-with-discrimination-in-their-daily-lives/
In Part 3 of Voices United: Debunking Assumptions Through the Asian American Perspective, guests share their personal experiences facing adversity and talk about the impact of unconscious bias. This podcast is part of the ELFA Equity Committee's celebration of Asian American, Native Hawaiian and Pacific Islander (AANHPI) Heritage Month, which recognizes the contributions and influence of Asian Americans, Native Hawaiians and Pacific Islander Americans to the history, culture, and achievements of the United States. Featuring: Debbie Devassy-Babu, Moderator, Equity Committee Member, Shareholder at Darcy & Devassy https://www.linkedin.com/in/debbie-devassy-babu-377937/ Moto Tohda, Moderator, Equity Committee Member, VP of Information Systems at Tokyo Century USA https://www.linkedin.com/in/moto-tohda-emba-clfp-a520521/ Xiang Ji, Senior Manager, Commercial and Vendor Risk Management, Toyota Industries Commercial Finance https://www.linkedin.com/in/jixiang/ Kyin Lok, CEO, Dext Capital https://www.linkedin.com/in/kyin-lok-19a6504/ Kinna Pattani, Equity Committee Member, Associate Director, Alfa https://www.linkedin.com/in/kinnapattani/ Camtu Vo, Manager, Product Development - N.A., Food & Agriculture, DLL https://www.linkedin.com/in/camtu-vo-3143806b/ Resources mentioned in this episode:Report: Asian Americans' experiences with discrimination in their daily lives, Pew Research Center https://www.pewresearch.org/race-ethnicity/2023/11/30/asian-americans-experiences-with-discrimination-in-their-daily-lives/
In this episode of 'Lessons I Learned in Law', host Scott Brown speaks with Francisca Comiche, General Counsel at Rabobank.In her current role at Rabobank (the 2nd largest Bank in the Netherlands), Francisca is responsible for a global legal function of over 400 people.This is a far cry from her beginnings with the group. Francisca shares her journey of joining DLL (a Subsidiary of Rabobank) over 26 years ago as only the 2nd lawyer in the team. During her 26 years, she has witnessed and driven significant change across the function. Her role has been constantly varied and where she has started to get itchy feet, she has sought out discomfort to keep herself challenged...this has been the key success to the lasting career at Rabobank.We also discuss the importance of working internationally and hear how she has built the ability to connect the dots across jurisdictions. This is a really interesting conversation with a top European General Counsel...don't miss out!
May is Asian American, Native Hawaiian and Pacific Islander (AANHPI) Heritage Month, recognizing the contributions and influence of Asian Americans, Native Hawaiians and Pacific Islander Americans to the history, culture, and achievements of the United States. This four-part series is brought to you by the ELFA Equity Committee and moderated by Debbie Devassy-Babu, Shareholder at Darcy & Devassy, and Moto Tohda, VP of Information Systems at Tokyo Century USA. Part 1 of the AANHPI Heritage Month series introduces listeners to our four guests as they talk about their unique backgrounds and what brought them to the U.S. Join us each Tuesday in May for a new episode. Featuring: Xiang Ji, Senior Manager, Commercial and Vendor Risk Management, Toyota Industries Commercial Financehttps://www.linkedin.com/in/jixiang/ Kyin Lok, CEO, Dext Capital https://www.linkedin.com/in/kyin-lok-19a6504/ Kinna Pattani, Associate Director, Alfa https://www.linkedin.com/in/kinnapattani/ Camtu Vo, Manager, Product Development - N.A., Food & Agriculture, DLL https://www.linkedin.com/in/camtu-vo-3143806b/ Resources mentioned in this episode: Article: What does Asian American Pacific Islander Really Mean?: https://www.morningsidecenter.org/teachable-moment/lessons/what-does-asian-american-pacific-islander-really-mean Book: The Making of Asian America: A History by Erika Lee https://www.goodreads.com/book/show/23492717-the-making-of-asian-america Additional resources: The Library of Congress, National Archives and Records Administration, National Endowment for the Humanities, National Gallery of Art, National Park Service, Smithsonian Institution and United States Holocaust Memorial Museum join in paying tribute to the generations of Asian and Pacific Islanders who have enriched America's history and are instrumental in its future success. https://www.asianpacificheritage.gov/
Compliance is difficult enough in an air-conditioned data center; taking this essential concept to an austere geography that has spotty communications with the potential of bullets flying makes it almost impossible. This disruption of communication has a new term, Denied Disconnected Latent, or DLL. When communications are restored, they still must maintain compliance standards. Today we get some perspectives on how to manage this arduous task. From a design perspective, an agency may have a process where the developers who deploy the application may not be the ones who make end points secure. As a result, a process must be worked out where the apps are updated and the security process for the end points are systematized as well. Jay Bonci from the U.S. Air Force describes how compliance can be checked during a regular maintenance process where central compliance information can be transferred to the field. Nigel Hughes from Steel Cloud shares that today, many systems administrators are executing this update through a set of tools. This manual process may have been tolerated with a few end points, today there is such a profusion that automation is needed. In a perfect world, one can scan assets, determine policy posture, examine apps, browsers, databases, baseline. If there is a drift – they can be snapped back into compliance. For more details, listen to the discussion because it delves into federated vs. centralized compliance and the theoretical debate over defining an end point in a world of platform-as-a-service.
Eine fundierte Entscheidung bei der Finanzierung zu treffen ist entscheidend für den Erfolg in der Intralogistik. Dieser Grundsatz leitet die Experten von DLL. In Folge #225 begrüßt Jörg gleich zwei dieser Fachleute: Marco Wagner, den Global Head of Intralogistics, und Markus Handorfer, den Account Manager für DACH und Polen. Zusammen haben sie die folgenden Fragen erörtert: - Wie unterstützt man bei der Finanzierung in der Intralogistik? - Wird bei der Finanzierung Eigen- oder Fremdkapital genutzt? - Welche Finanzierungskonzepte gibt es und worin liegen die Unterschiede? - Inwiefern werden Flexibilitätsaspekte in die bereitgestellten Finanzierungslösungen integriert? - Wie werde die Finanzierungslösungen angepasst, um betriebliche Prozesse effizienter zu gestalten? - Warum könnte ein spezialisierter Finanzdienstleister wie DLL eine bessere Option, als die Hausbank, sein? - Warum ist es in wirtschaftlich angespannten Zeiten wichtig, in moderne Technologie zu investieren? - Warum ist es in wirtschaftlich angespannten Zeiten wichtig, in moderne Technologie zu investieren? Hört einfach mal rein! Bezahlte Partnerschaft.
Today we unravel the second ransomware extortion of Change Healthcare by RansomHub, the cunning malvertising campaign targeting IT pros with malware-laden ads for PuTTY and FileZilla, and the deceptive tactics on GitHub fooling developers into downloading malware. Discover protective strategies and engage with expert insights on bolstering defenses against these evolving cyber threats. Original URLs: https://www.securityweek.com/second-ransomware-group-extorting-change-healthcare/ https://www.helpnetsecurity.com/2024/04/10/malvertising-putty-filezilla/ https://thehackernews.com/2024/04/beware-githubs-fake-popularity-scam.html https://www.bleepingcomputer.com/news/security/malicious-visual-studio-projects-on-github-push-keyzetsu-malware/ Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: cybersecurity, ransomware, malvertising, GitHub scams, Change Healthcare, IT professionals, data protection, cybercrime, malware, software development Search Phrases: How to protect against ransomware attacks Strategies to combat malvertising campaigns Tips for IT professionals on avoiding malicious ads Safeguarding software development from GitHub scams Change Healthcare ransomware extortion case study Cybersecurity advice for IT administrators Dealing with malware in system utilities ads Best practices for data protection in healthcare Understanding cybercrime tactics on GitHub Preventing repeated ransomware extortions Transcript: Transition (Long) 2 Welcome back to the Daily Decrypt. Change Healthcare falls victim to a second ransomware extortion in just a month, now at the hands of the Emergent Ransom Hub Group, wielding over 4 terabytes of sensitive data stolen in the February 2024 cyberattack. Which comes as a result from the Black Cat Exit Scam. Next, we're turning over to a new malvertising campaign where searching for essential utilities for IT professionals like Putty and Filezilla leads to malware laden ads, and you all know what I'm going to say about this. Don't click Google Ads. And finally, GitHub becomes a battlefield as cybercriminals exploit its search functionality to trick developers into downloading repositories full of malware. How can developers ensure the repositories they download from GitHub are safe and not just traps set by cybercriminals? All right, so at the end of February of this year, you may remember that Change Healthcare, which is a subsidiary of UnitedHealthcare, was the victim of a ransomware attack by the notorious and since disbanded ransomware group named Black Cat. Well, Change Healthcare finds itself in the crosshairs of a ransomware extortion scheme for the second time in just over a month, coming from a new ransomware group called Ransom Hub. There hasn't been a second attack. But this is believed to be a result of the exit scam that Black Cat pulled, where they kept all of the ransom payment that Change Healthcare had made. Allegedly, Optum, which is a subsidiary of Change Healthcare, paid Black Cat 22 million in ransom after the attack. Black Cat then pulled an apparent exit scam and disappeared without paying the affiliate who carried out the attack. And according to Qualys Cyber Threat Director Ken Dunham, it's not uncommon for companies that give in and pay these ransoms to quickly become additional targets or soft targets where their information is extorted again and again and again. Paying and giving into these ransomware artists might seem like a quick fix to your problems, but once you've proven that you will and can pay, they're gonna come after you again. The data doesn't just disappear or get deleted. It's very valuable, and in this case it's worth 22 million dollars, so even if the attackers say they're gonna delete it, maybe they won't and maybe they'll come hit you again. So even though Black Cat has disbanded, whether or not they were taken down by the FBI or performed an exit scam, The data that they pillaged from Change Healthcare is now in the hands, or supposedly in the hands, of a group called Ransomhub, which is extorting Change Healthcare all over again. IT professionals have found themselves at the crosshairs of an ongoing malvertising campaign. These attackers are using malicious Google Ads to disguise malware as popular system utilities, like Putty, which is a free SSH IntelNet client. And FileZilla, which is a FTP application. This research comes from Malwarebytes researcher Jerome Segura, and he points out that even after alerting Google about these malicious ads, the campaign continues unabated. This sophisticated scheme begins when IT administrators search for these utilities on Google. The top search results, or sponsored ads, lead them through a series of cloaking pages. These pages are designed to filter out non target traffic such as bots or security researchers, directing only potential victims to imitation sites. Unwittingly, when these IT administrators download what they believe to be legitimate software, they instead receive nitrogen malware, which is a dangerous software for cybercriminals, enabling them to infiltrate private networks or steal data, deploy ransomware attacks, and was used by the notorious Black Cat from the previous story. The method of infiltration is known as DLL sideloading, which involves the malware masquerading as a legitimate and signed executable to launch a DLL, thereby avoiding detection. So what this essentially means is these IT professionals are probably getting the tool, FileZilla, Putty, that they're looking for, The functionality might remain exactly the same, which only serves to benefit the attackers because once the IT professionals download the software, there's no indicators that it's incorrect or fake, but this software such as Putty or FileZilla will then launch a separate DLL, which is just an executable that contains the malware. So one way you can prevent this as someone downloading software from the web, is to find what's called an MD5 hash, which is essentially a signature of sorts that verifies the integrity of the file you've downloaded. Now, hashing isn't necessarily something we need to get into, Right now on this podcast, but all you need to know is it's sort of like math where you multiply the data from within this piece of software or do algebra or something to create this long string of characters. that can't be replicated if the files have been altered. So as soon as the files are altered, the mathematical equation puts out a different set of characters, right? So the creators of the software release this hash, they display it on their website, and then when you download the software, you run the same algorithm against that software to see if those two hashes match. Now I personally am guilty of Not always checking the hash for softwares. And I know a lot of other IT professionals are guilty of that as well, but it's time to set up a new good habit and consistently check these hashes, maybe even develop a web scraper that will go grab the hash and also run the software through it, comparing it, reducing the amount of work you have to do on the other end, but in summary, as I always say, do not click Google ads unless you absolutely have to, unless the thing you're searching for down below. Unless the thing you're specifically searching for is not in the search results below, and is only present in the advertisement, which will probably only be for things like thedailydecrypt. com, where I haven't been around long enough to boost my search result ranking naturally, so eventually maybe I'll start buying ad space, trying to get to people who are looking for the content that we're providing. But if you're going to download some software, there's no need to click the ads, especially something as popular as FileZilla or PuTTY, VS Code, whatever you're trying to download, go find it in the search results. Do not click the ad. And in a similar vein, let's talk about a scam on GitHub that's fooling developers into downloading dangerous malware. Cybercriminals are exploiting GitHub's search features, luring users into downloading fake yet seemingly popular repositories. This scheme has been identified to distribute malware hidden within Microsoft Visual Studio Code project files, which are cunningly designed to fetch further malicious payloads from remote URLs, as reported by checkmarks. So the attackers are mimicking popular repositories and employing automated updates and fake stars to climb GitHub's search rankings. So unlike Google, I don't believe there are ads you can buy in GitHub search to boost your search rankings. So attackers are becoming a little more creative. Making the repository look like it's consistently updated, helps boost the search rankings, and then naming the repositories, things that developers are constantly searching for will also help boost its rankings in its SEO. So since many of these repositories are disguised legitimate projects, it can be pretty tricky to identify them, but among the discoveries, some repositories were found downloading an encrypted file named feedbackapi. exe. which is an executable and is notably large at 750 megabytes. This executable is designed to bypass antivirus detection and deploy malware, similar to the Kizetsu Clipper, a notorious tool known for hijacking cryptocurrency transactions. And unlike softwares downloaded from the internet by clicking on Google ads in the previous story, there may or may not be hashes for these repositories. Most likely not. Sometimes if they're an executable or a package, they'll provide a hash. But if you're on the GitHub repository, you think it's legit, they might list the hash, but that's just the hash to their malware, giving you a false sense of security, just be extra vigilant when you're downloading anything to your computer, especially open source things that are generally found on GitHub, it can't be that hard to create. A thousand GitHub accounts, or maybe even you can buy them online. And that immediately gives your repo a thousand stars, making it look legitimate. So if you're looking for a tool, it's best to find it on the web within, from within a reputable website. GitHub search feature is not the most reliable. And that's all I've got for you today. Thanks so much for tuning in. Today I'll be traveling to Florida to Participate in the Hackspace conference where I'm really excited to learn a little bit more about how cybersecurity and satellites and other spacecraft intertwine. I'll also be meeting up with dogespan where we'll hopefully do a joint episode, our first ever one in person. So be sure to tune in tomorrow for that episode.
ChatGPT goes off-script with Shakespearean flair, and cybersecurity becomes the beacon in guarding our maritime and water utility infrastructures. We unravel the complexities of software supply chain threats with a focus on the Python Package Index, and spotlight the latest vulnerabilities in ConnectWise's ScreenConnect. It's a journey through the cyber squalls and the efforts to anchor down our digital defenses. Featured Stories: ChatGPT's Shakespearean Spiral - Delving into the reasons behind ChatGPT's unexpected dive into nonsensical outputs. Read more on Ars Technica and Reddit. Bolstering Maritime Cybersecurity - How the Biden administration is strengthening America's maritime defenses against cyber threats. Cybersecurity at Sea: Strengthening America's Maritime Defenses. Protecting Water Utilities from Cyber Threats - A look into the new wave of cybersecurity measures for water utilities by CISA, the FBI, and the Environmental Protection Agency. The Stealthy Expansion of Software Supply Chain Threats - Unpacking a sophisticated cyber-attack via the Python Package Index. Discover more at ReversingLabs. Patch and Protect: ConnectWise ScreenConnect Update - Addressing the vulnerabilities reported in ScreenConnect and the steps for remediation. ConnectWise Security Bulletins. Join us as we dissect these pivotal moments in digital security and AI quirks, ensuring you stay informed and ahead of the curve in the ever-evolving world of technology. Only on Spotify. For the best listening experience, follow us on Spotify and dive into the digital depths with our insightful episodes on technology, cybersecurity, and the unexpected turns of AI. Transcript: Feb 22 [00:00:00] All right. Good morning listeners. And welcome back to the daily decrypt. Huge shout out to Jared Jones for his brand new release song played under the. Super sophisticated AI announcer. If you're looking for some music, if you're working hard all day in front of the computer and you're looking for some [00:01:00] music that doesn't have words and isn't too distracting, highly recommend looking up Jared Jones. J E R E D. You're going to find lots of sick bangers like that one. All right. But let's get into the news today. We're going to dive into a digital pandemonium as chat GPT, seemingly takes a Shakespearian swerve. Leaving user's puzzled with it's nonsensical Jabber. Meanwhile, the us government makes waves in cybersecurity. Anchoring down on maritime defenses against the rising tide of cyber threats, proving that when it comes to securing our ports, It's not just about the web. It's about the water. Speaking of water. We are also going to explore how America's water utilities are fortifying, their cyber defenses. Ensuring that the only things flowing through our pipes, our water and wifi. In the realm of software and vulnerabilities, we're gonna be talking about the Python package index or PI as I call it. And how it becomes a Trojan horse for cyber attackers highlighting the stealthy expansion of [00:02:00] threats within our digital supply chains. And lastly, if you stick around this long, we're going to just touch base on connect Wise's screen connect vulnerabilities. All right. So yesterday, Users on Reddit started reporting that chat GPT. What's going absolutely insane. The responses from techy, PT would start out pretty normal and then quickly devolve into what I would describe as someone with a dementia or Verna keys, aphasia. Thanks to all the Reddit users who posted their chats. They're very fun to read through. Various journalists have reached out to open AI, the makers of chatty Beatty. For comment and we're met just with direction to their status page. So no comment at this time has been released. But I have an example here of what ChatGPT was spitting out. And you can see by looking at the. Output. It's just [00:03:00] going through how it formulates its responses. It's creating noise and then refining that noise. So here. Is. An example of what it was doing yesterday. "The high, the high or the heart where the hair. The his, or the Howell hones, a hill, a heel or a hand where all the Astor and any, and all, or an ACE or a story or a strain at grok stands for, of you a visit or the verb there site. Is a stand, a state or a story the in or the in wit makes a must a may or a most." Part of that sounded kind of like the monologue from V for vendetta, which I'm not going to even try. To repeat, but if you haven't seen me for vendetta, highly recommended, Given the help the chat should. The T made composing this episode, it seems to be back to normal. But. It is a reminder at how. These quote, artificial intelligent. Chat bots are not perfect [00:04:00] and they can quickly devolve. So did, do you know that. Our planet is made up of mostly water. And so our, our bodies. Though these facts may seem startling. They're starting. To get the attention of government officials such as the Biden administration who yesterday released an executive order aimed at bolstering cybersecurity measures across the United States port facilities. This is sparked by increasing concerns over cyber threats, particularly from nation state actors like China. Who could cripple a lot of our infrastructure. By just taking down a few maritime ports. In an era where cybersecurity incidents can ripple through the global supply chain with devastating effect, the executive order represents a significant pivot towards enhancing the resilience of [00:05:00] maritime infrastructure. The us coast guard is now endowed with explicit authority to counter malicious cyber activities. Targeting the nation's Marine transportation system. This includes a mandate for the immediate reporting of any cyber threats or incidents that could compromise vessels, harbors, ports, or waterfront facilities. Part of the executive order involved reallocating over $20 billion towards port infrastructure over the next five years. And this is an aim to repatriate crane manufacturing, eh, which is a sector currently dominated by China, which manufacturers approximately 80% of the cranes used in us ports. So if you're wondering why focus on ports? Well, consider this America's ports are not just points of entry for goods. They're bustling hubs that can support 31 million American jobs and contribute $5.4 trillion to the economy. They're smooth operation is pivotal to our national security and economic prosperity. The threat of cyber attacks, particularly those that could be orchestrated by foreign adversaries. So as it [00:06:00] turns out, network ports, aren't the only ports cybercriminals are sneaking into. In the world of port. Cybersecurity, it looks like we're moving from pirate, infested waters. To cyber secure harbors. Ari a feeling safe yet. Speaking of water and making waves in the world of cybersecurity. The FBI SISA and the EPA. Released tips targeted specifically to water plants and water managing agencies. At an age where hackers seem to have the thirst for infiltrating our critical infrastructures. The spotlight has turned to our water utilities. This isn't just about keeping the water flowing. It's about ensuring that the only thing going down the drain is well water. And not our security. In recent years, several water treatment companies have been the target of ransomware attacks, which has led to significant disruptions. Such events compromise the safety and availability of drinking water, which is a serious risk to public health and [00:07:00] safety. These agencies. Are aiming to prevent such outcomes by helping utilities, bolster their defenses against malicious cyber activity. The article in our show notes, outlines eight top notch strategies to keep cyber threats at bay. From hiding key assets to changing passwords, as often as we're supposed to change our water filters. It seems like water utilities are being prepped for a stormy season in cyberspace. So what kind of attacks are they trying to prevent? Often hackers exploit vulnerabilities in the software and hardware that control water treatment processes. And by gaining unauthorized access, they can disrupt operations, demand, ransom, or even tamper with water quality. The guidance provided by SISA the EPA and FBI emphasizes the importance of regular updates and patches to address these vulnerabilities. Alongside training for staff to recognize and respond to cyber threats. Well, no system can be made completely invulnerable. The adoption of these recommended practices significantly reduces the risks [00:08:00] of successful cyber attacks, which is what we're going for. It is a lofty goal to completely eliminate cyber risk, but. The goal is to just do what we can. To make ourselves more secure. Alrighty, we're going to turn this a little bit more technical and talk about some recent vulnerabilities that have been discovered. Reversing labs. Released an article that discusses. A sophisticated cyber attack that leverages the Python package index or PI as I like to call it. To distribute malicious software through a technique known as DLL sideloading. In January of 2024. Carlos janky, a reverse engineer at reversing labs discovered two suspicious packages on PI. Named helper and NP six helper HTTP or. These packages were found to exploit DLL sideloading, which is a method where attackers execute malicious code on a computer without being detected by security [00:09:00] software. This technique was used to target legitimate pie packages, revealing a concerning trend in the misuse of open source platforms for cyber attacks. DLL sideloading typically involves replacement or of a dynamic link library or DLL with a malicious one. The attacker's goal is to trick the application into loading this malicious DLL. Thereby executing the harmful code. It contains. In this case, the malicious packages were designed to mimic legitimate ones, very closely, which fooled developers into incorporating them into their projects. So, this is pretty significant. It affects not just individual developers, but potentially the entire supply chain. As compromised packages could be integrated into a wide array of applications. The attackers utilized Typosquatting, which is a tactic where malicious packages are named similarly to legitimate ones. In an effort to deceive users into downloading them. Reversing labs investigation further revealed that these malicious packages downloaded additional payloads, including a legitimate [00:10:00] file from king soft core. And a malicious DLL designed to execute a second stage payload. For those interested in diving deeper into the specifics of this breach, including the technical details and indicators of compromise. We encourage you to check out the full article in our show notes for a comprehensive understanding of the attack, vectors and protective measures. And before we finish up for the day. We're just going to quickly circle back to the recent ConnectWise ScreenConnect vulnerabilities that were reported on February 13th. If you're running ScreenConnect on premises, you're going to need to update your servers to version 23.9 0.8 immediately. If you're in the cloud, there are no actions needed at this time. And ConnectWise is saying that there's no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken by on-premise partners to address these identified security risks. All right. That's all we've got for today. I hope you enjoyed Water puns as well as the new music by [00:11:00] Jared Jones. Today was probably my favorite episode I've done so far. So if you have any feedback Uh, please shoot me a message on Instagram. Shoot us a tweet on Twitter. Uh, We'd love to hear from you. We understand your feedback is an honor. And so we'd be honored to receive And I believe we were taking tomorrow off. So we will talk to you more next week. [00:12:00] [00:13:00]
Download Episode 936 – It’s as low energy as we’ve got, so let’s just start.It’s a PartyCast. Pernell Vaughan, Brooke Poole, Chris Taylor, and Andy Sperry are here. We talk about how we’re all tired. Then I mention how I upgraded my Switch memory card. Then Chris talks about Switch sales and his band learning EarthBound music. Andy had a 2 year Streamiversary celebration, Pernell worked out a bunch, and Brooke is excited for new Elden Ring DLC. And we’re all REALLY tired. Plus reviews.0:00 - Intro/Yawns21:03 - Lords of Exile - Squidbit Works, PID Games, PixelHeart (Chris)34:38 - Moonbreaker - Unknown Worlds, KRAFTON (Pernell)44:20 - Bzzzt - KO.DLL, Cinemax Games (Andy)52:14 - Sympathy Kiss - Idea Factory, Design Factory, Idea Factory International (Brooke)1:13:07 - Arzette: The Jewel of Faramore - Seedy Eye Software, Limited Run Games (Chris)1:30:47 - Noxia Somnia - Reframe Games (Pernell)1:39:19 - ASTLIBRA Gaiden: The Cave of Phantom Mist - KEIZO, WhisperGames (Chris)The show ends with some EarthBound goodness from Christian Pacaud because Chris mentioned EarthBound in the episode. It’s a natural reaction at this point. Yay.1:50:50 - Christian Pacaud - ~FATSH-T~ Guitar Arrange Plushttp://www.squidbitworks.com/https://pidgames.com/https://www.pixelheart.eu/https://unknownworlds.com/https://www.krafton.com/https://twitter.com/ko_dllhttps://cinemax.cz/https://www.ideaf.co.jp/https://www.designf.com/https://ifi.games/https://www.seedyeyesoftware.com/https://limitedrungames.com/https://www.reframegames.com/https://www.keizo.games/http://www.whisperinteractive.com/https://christianpacaud.bandcamp.com/https://joecam.net/boundtogether/https://www.keymailer.co/https://itunes.apple.com/us/podcast/the-sml-podcast/id826998112https://open.spotify.com/show/6KQpzHeLsoyVy6Ln2ebNwKhttps://twitter.com/theSMLpodcast/https://www.facebook.com/theSMLpodcast/https://store.streamelements.com/thesmlpodcastALL REVIEWED GAMES HAVE BEEN PROVIDED FOR FREE FOR THE PURPOSE OF ANY COVERAGE ON THE SHOW
In this week's DF Direct, the team catches up with the news about The Last of Us Part 2's remaster and wonders what the fuss is about, while Alex takes another look at Cyberpunk 2077 DLSS 3.5 Ray Reconstruction across its updates and via the Alan Wake 2 DLL. Rich finally gets his hands on a PlayStation 5 'Slim' and unboxes it for your viewing pleasure, and Half-Life's 25th anniversary is celebrated by the team. Also: what is actually going on with Xbox's console sales in Europe? 0:00:00 Introduction and DF merch store! 0:03:13 News 01: The Last of Us Part 2 Remastered announced 0:17:27 News 02: Cyberpunk 2077 gets Ultimate Edition 0:35:16 News 03: Xbox sales down in Europe 0:53:19 News 04: Half-Life hits 25th anniversary, documentary released 1:07:59 News 05: StarEngine graphics update video released 1:19:30 News 06: Rich unboxes a PS5 Slim! 1:33:56 DF Supporter Q1: Have you checked out the Portal port for N64? 1:41:59 DF Supporter Q2: I think TLOU Part 2 looks similar to path traced games, with better image clarity - what do you think? 1:47:44 DF Supporter Q3: Do you worry that you emphasize top-end graphics too much in your game coverage? 1:50:37 DF Supporter Q4: Is there a niche for a powerful, exclusively handheld system in today's market? 1:57:26 DF Supporter Q5: What if the new Switch was actually two consoles - a portable console and a home console? 2:02:07 DF Supporter Q6: Happy Thanksgiving! Do the American expats at DF celebrate Thanksgiving in their new European homes? Learn more about your ad choices. Visit megaphone.fm/adchoices
In this JCO Article Insights episode, Davide Soldato interviews Dr. Jacob Sands, medical oncologist at Dana Farber Cancer Institute (Boston, MA) and Assistant Professor at Harvard Medical School, on their paper “First-in-Human, Phase I Dose-Escalation and Dose-Expansion Study of Trophoblast Cell-Surface Antigen 2-Directed Antibody-Drug Conjugate Datopotamab Deruxtecan in Non-Small-Cell Lung Cancer: TROPION-PanTumor01”. The interview offers a deep dive into the safety and efficacy data of this novel drug and puts these data in the context of the current treatment landscape of NSCLC and of the revolution that ADC are bringing into the oncology world. TRANSCRIPT Davide Soldato: Welcome to this JCO Article Insights episode for the October issue of Journal of Clinical Oncology. This is Davide Soldato, and today I will have the pleasure of interviewing Dr. Jacob Sands, co-author of the manuscript titled, “First-in-Human, Phase I Dose-Escalation and Dose-Expansion Study of Trophoblast Cell-Surface Antigen 2-Directed Antibody-Drug Conjugate Datopotamab Deruxtecan in Non-Small-Cell Lung Cancer: TROPION-PanTumor01.” Dr. Sands is a Medical Oncologist working at Dana-Farber Cancer Institute in Boston and Assistant Professor at Harvard Medical School. His main field of research and clinical interests revolve around improving screening and diagnosis of lung cancer and also on developing novel therapeutic agents for this disease. So, welcome Dr. Sans, and thank you very much for accepting our invitation today. Dr. Jacob Sands: Happy to join. Thanks for having me. Davide Soldato: I just wanted to start with a very general question because I think that we are going to discuss a very important study and the manuscript that you co-authored is going to look at the safety and the efficacy of this novel ADC datopotamab-deruxtecan that is targeting TROP2. But I just wanted to have a little bit of context before starting to discuss the safety and efficacy data. So the population that was included in the study included more or less 60% of patients that received three or more lines of therapy and also 20% of patients who received five or more lines of therapy. So I think that this is a very particular population, especially considering that we are speaking about non-small cell lung cancer. And so I wanted to get from you like a general context, like what are the therapeutic options for these patients normally in clinical practice and what do we expect in terms of outcomes and in terms of toxicity? Dr. Jacob Sands: Yeah, so as you point out, this is a highly pretreated population in general, which is to say that they've really gotten the most effective lines of treatment up to this point. Now, we certainly do see some efficacy from some of the later lines of therapies in some patients, but inherently there is a decreasing response rate and decreasing durability of these responses as patients get further along in their treatment courses as far as lines of therapy. So it's generally considered to be a challenging clinical scenario, which is part of what makes the data that we're going to discuss, I think, so meaningful. Davide Soldato: Yeah, I think that especially if we look at the population that was included first, I think that the very particular thing is that included both oncogene-addicted and non-oncogenic addicted patients, and also the great majority of these patients received the most effective treatments that are available because they all received more or less immunotherapy and platinum-based chemotherapy, if I'm not mistaken. Dr. Jacob Sands: That's right. And that's an important distinction that you're drawing in the patients with oncogenic drivers and, of course, there's plenty of data with this compound with Dato-DXD in that population as well. But broadly speaking, in the non-oncogenic actionable alterations where they've gotten chemo-immunotherapy, those really are the most meaningful. Of course, docetaxel has been a long-standing second line that I'd say there is less and less enthusiasm about that as a line of treatment as we've seen some of these other more novel therapies that have just a better toxicity profile in particular, but also some with really durability that we don't quite see with docetaxel as well. And so once you're getting past that, you're really now reaching a bit deeper to then have something that is well tolerated and has efficacy. That's a setting where we really need it even more. Davide Soldato: So, going back to the results of the study, as we kind of pointed out, this was a very standard classic with a Bayesian design, phase I dose escalation and dose expansion study of this novel ADC datopotamab-deruxtecan. So I just wanted to go over with you and to provide our listeners a little bit with some data regarding the doses that were explored and then what were the doses that were selected for the expansion. And also to discuss a little bit the safety data. We were discussing the tradeoff between risk and benefit, especially in patients that are very pretreated, searching for these kind of sweet spots between the toxicity and the efficacy. So I just wanted to put in context a little bit the data that you reported in the manuscript. Dr. Jacob Sands: Yeah, that's right. So, like phase I's go, we started with a low dose at 0.27 milligrams per kilogram, and dose escalations occurred up to 10 milligrams per kilogram. The 10 milligram per kilogram dose did have toxicities that really made it not considered to be tolerable, and that mostly being mucositis and skin. And so it was then back down to 8 milligrams per kilogram. And then there was a dose expansion at 4, 6, and 8 milligrams per kilogram. The 4 and 6 milligram per kilogram doses had 50 patients enrolled within those cohorts and 80 patients within the 8 milligram per kilogram cohort to then get much more data, of course, for efficacy and tolerability within those levels. Ultimately, each of them really demonstrated some efficacy as well as general tolerability. The 6 milligram per kilogram dose was really the one selected overall for further testing and future trials based upon the data out of this one that we're going to discuss further. Davide Soldato: What were the main side effects that you observed in the trial? And particularly, do you think that there is some kind of special toxicity that should be looked at when using this novel type of ADC? Dr. Jacob Sands: Certainly there are some novel toxicities to really pay attention to. And maybe I'll just point out before diving into the toxicities, that this is in many ways chemotherapy. The antibody drug conjugates, as listeners probably know, are an antibody that has a linker bound to chemotherapy, what's called the payload. And in this case, it's a topoisomerase I inhibitor with the antibody, the TROP2. So the cells on the surface, when there's TROP2 expression, the drug binds to that, gets pulled into the cell and releases that chemotherapy intracellular, but it is still chemotherapy. And so some of the toxicities are things that we commonly see with chemotherapy drugs. Although, broadly speaking, I would say we're able to deliver higher doses of that chemo to the cells in this kind of targeted dosing of chemotherapy to give the chemo intracellular. Now, that being said, some of the toxicities that we see from this drug in particular that are a bit different is the stomatitis, mucositis. That is something that has occurred. Now, I've found that if it's really severe, then with a dose reduction that has really substantially improved any toxicities with future dosing. And at a 6 milligram per kilogram dose, a dose reduction to 4 milligram per kilogram is still within a dose range where we saw plenty of efficacy within the trial that we're discussing. That being said, if one can help patients tolerate it better, if it's more mild symptoms, if it's not severe, then that's better in maintaining that dose. And interesting things like ice chips at the time of infusion, so cold within the mouth, kind of like the cold caps to try to reduce alopecia at the time of infusion of the chemo may help some steroid rinses also can be helpful. But really these are things to help prevent stomatitis from being severe. It's harder when that occurs, then the treatment for improving it is a bit different. We do know, though, that that does improve with time. So even when it was severe with that infusion, it does improve as patients get further out from those doses. Of course, another one is dry eyes or irritation within the eyes. And if that is severe, then or even mild actually, I'd say when there's any known toxicity like this is to involve ophthalmology. Now, within this trial, ophthalmology was involved and patients had to get a baseline eye exam and they would get checked at different time points throughout the course of the trial. And so they were being monitored. I did not have anyone who needed to stop the drug because of this. The patient I had with the longest standing response to therapy did have some dry eye. It was not bothering him so much. And he had this real aversion to using eyedrops. It was very hard for him to make himself use these. But when I told him, “Look, if this gets worse, you might have to come off the trial, that it might not be our decision just by the way the trial describes it, if this gets worse.” And so for him, the fear of having to come off the drug was really the thing that helped him to then start using his eyedrops, which really helped to control that a bit more. And so that is something to monitor for. But the biggest thing really is interstitial lung disease. This is something that is a complex topic, I think because it's something that we need to be very aware of and monitor for. At the same time, a diagnosis of interstitial lung disease can be challenging. There really were not cases where we had pathologic confirmation of this diagnosis. These are clinical diagnoses in the cases on this. Now there was an adjudication committee that would review all of the data and come to a determination of whether this looked like drug related ILD or not. But for clinicians, when you see a patient whose scan shows some inflammatory markings or inflammatory appearing markings on a scan, we see that all the time with other drugs too. And so determining what is potentially incidental versus drug related, I think in most cases on a trial when we're unsure, we lean toward drug related. And in some cases there are reported out severe cases of drug related ILD. I think the really difficult thing that I'd want people to take away from all of this, though, the bottom line is, yes, we need to be very aware of the potential for drug related ILD while at the same time, we need to not reflex, just call things drug related ILD and really make sure that we're doing a workup when feasible rather than just that bottom line conclusion. We see it at a rate related to the drug, and I do think it's real. But we also need to, when treating individuals, try to identify any other potential etiology. I did have one patient that really looked absolutely classic for this diffuse drug related ILD that ended up ultimately really being what looked more like tumor progression in just a radiographic pattern that looked more like an inflammatory process than it did the way we would typically see cancer progression. And so this has really, for me, I think, highlighted this as a topic where I'm diving a bit more into that description. Davide Soldato: And I also think that in the population of lung cancer patients, as you were saying, this is even more complicated because frequently these are patients who had a history of smoking, who can have concomitant infections where progression is easier in the lung. If I think, for example, other ADC that have already been tested, for example, in breast cancer, it might be far easier to detect and to adjudicate an ILD to the drug that we are using compared to what could be, for example, for lung cancer patients. So if I understood correctly, the toxicity that in your opinion as a clinician, they are more complicated to treat, let's say on a more daily basis, are more stomatitis and inflammation, but maybe the one that you experience as potentially more severe are always related to lung toxicity. Dr. Jacob Sands: Well, I think the scary thing about the ILD is that we have higher grades of ILD, and this is a toxicity that then can become life threatening. When we see a grade I or a grade II ILD reported in numbers, where we see, okay, this looks like it's really happening, and then see some really higher grade toxicities, I think the concern amongst clinicians then is if they're seeing lower grade, which of those can potentially progress to those higher grade, which then becomes life threatening toxicities. Whereas dry eyes certainly can become a nuisance, we didn't see any blindness or something like this, and the stomatitis resolves as you hold the drug, and in some cases, really before the next cycle even comes, it's just more a matter of controlling the discomfort, which can be severe. I'm not minimizing that. I think that's why ILD stands out so much, is that that becomes a potentially life threatening thing. And to your point exactly, these patients with a smoking history on other drugs, we see these inflammatory findings. Now, in some cases, we know it can be from the drug. In other cases, we see it and know that it's essentially incidental. And I'll say to patients, “Hey, we see this. It's something we'll monitor on future scans, and these can wax and wane.” When you have a patient on a drug with a high attention towards something like ILD, there can be- what I'm cautioning against is a reflex attribution to that drug. In all cases. I'd urge clinicians to individually assess each of these patients to get a sense of whether they think that that's going on for that person, knowing that it's often not possible to say with 100% certainty in any of these cases. But we often see waxing and waning inflammatory findings. And in many of these patients with heavier smoking histories, in particular, there can be waxing and waning respiratory symptoms. So the question is, are there instances where there is what really is an incidental inflammatory findings and incidental respiratory waxing and waning that then suddenly we call a grade II? At the same time on the other part of that, if there is something that seems like it really may be drug related ILD, is doing that work up and really evaluating and diagnosing that before it progresses to a point that really there are severe symptoms. And it's kind of trying to do both of those things on the opposite ends of the spectrum that I'm speaking toward at the same time. Davide Soldato: Just on a personal note, do you think that, as we continue the development of these drugs that are associated potentially with lung toxicity, do you think that we also need to pay attention to the drugs that were immediately previously received by the patients? What I mean is, do you have the feeling that the previous treatment could potentially impact on the risk of developing this type of toxicity in the lung? Dr. Jacob Sands: I don't know that we yet have data to draw any real conclusions around that. But you raise an important question within this, and what potential toxicities could be related to prior treatments or synergy across those. Of course, we see inflammatory findings within the lungs and pneumonitis with prior immune-related therapies, and that it would be a good prompt to the question you're asking. And that in particular, we also see this in some of the targeted treatments, although not nearly to the same percentages. I don't know that we can draw conclusions from this. I would speculate that the mechanisms of action of each of these drugs are so different that I would not hypothesize real synergy in those toxicities. But it is certainly something to be aware of and an important question that you're raising. Davide Soldato: I think that, apart from the safety data that I think we dissected, the other end of the spectrum would be finding a drug that this very pre-treated population could still give us some efficacy data. So you already mentioned that, in the dose expansion cohorts, so 4, 6, and 8 milligrams, we had more or less signals of activity and of efficacy of these novel drugs. So the therapeutic options, as you were mentioning, are potentially docetaxel or other types of mono chemotherapy. But we know that the objective response rate is not that high, and that progression-free survival is not that long with these types of drugs. And potentially the safety profile could also be complicated in patients that are also pre-treated. So I just wanted to discuss a little bit the efficacy data and to see if there is really promise in this type of delivery of chemotherapy as you were saying with the ADC. Dr. Jacob Sands: We saw response rates of about 25% across all three of those cohorts. The manuscript outlines the 4, 6, and 8 milligram cohorts within a chart showing the efficacy outcomes. And really it's around 25% across the three of those, which in this patient population, as we've discussed, heavily pre-treated, to have a response rate of 25% is really quite promising that there really is a substantial treatment effect. On top of that, we also see a duration of response of really around 10 months. So, in the patients that are having a response, there really is some durability. Now, it's tragic that 10 months is considered durable within this population and it really highlights the ongoing need for further drug development because I don't think anyone would say that 10 months is enough, we need dramatically better. But within the context of what we currently have, a 10-month duration of response is really quite meaningful and a response rate of 25%. Now, it also describes a disease control rate. And I always have to put a little asterisk to this. I think we see this increasingly - the disease control rate being reported - and it always looks quite a bit better than the response rate. And that's essentially incorporating stable disease. And although I would never claim that everybody with stable disease is truly benefiting from a drug, across all of the studies where this is reported out, there is a spider plot which really highlights a number of patients that are not considered responders, but with responses, a handful of them beyond six months of disease control, even though they're not considered responders, and one of them beyond a year with still ongoing disease control. So, even within that stable disease group, I'd say there are some who are really clinically benefiting from the drug, which is to say that really, even beyond the 25% response rate, we are seeing some others that are truly benefiting from this. Davide Soldato: Yes, and I also think that for these patients, especially when they can develop very rapidly symptoms that can potentially also impact quality of life, having a drug that achieves this level of stability - with maybe no deterioration in clinical symptoms - I think that it's still probably a very meaningful objective to obtain for this type of population. Of course, I think that with future studies we will also have probably health-related quality of life data that will tell us more about the impact of this type of drug in this setting. But I still think that this could be potentially a relevant endpoint, even if we don't achieve what we officially consider as a response as per resistor criteria. So I think that we have talked a little bit about the efficacy data. So, we are kind of entering a novel area where more and more ADCs are being tested, are being included in clinical practice. For example, if I think about breast cancer, we already have two that are approved that can be used, the same in bladder cancer. So, as you participated in this phase one trial, I just wanted to have your opinion: if you think that, in the future, we are going to evolve completely towards this type of delivery of chemotherapy, using what we call now "smart drugs" in terms of delivery of these cytotoxic agents. Dr. Jacob Sands: It'll be interesting to see. We certainly will see other generations of ADCs. I mean, I think we're really just at the beginning with this technology. We certainly have now a very solid foundation to build upon, where we have effective targets and effective payloads. We've highlighted some of the toxicities we're seeing from that. Also, I'd highlight within this drug with TROP2, the amount of expression has not seemed to really be a driver in this. And some of that may be the bystander effect, which I'd call a real benefit of the drug, where the payload as a drug goes through apoptosis and lysis, that payload that releases then into the surrounding- toward the surrounding cells is membrane permeable and crosses into other cells, leading to potentially more efficacy. That technology in itself, I'd say, is something that we may see incorporated further into next generations of ADCs. Whether there can be improvements in preventing toxic drug in other sites like the stomatitis, for example, with newer generations that evolve from this, we'll see. I don't know that I would anticipate all chemotherapy ultimately going through ADC technology, but I certainly believe that this is the beginning of what I would call a whole new class. But would future cytotoxic treatment happen more so through ADC than just broad circulating payloads? If we can call it that. And I certainly think we'll see a lot more development like that. But you know, we may see other ways of developing the cytotoxic drugs in other forms of delivery as well. It'll be exciting to see as we go forward. Davide Soldato: I also think that one of the major challenges that we probably will have to deal with, in probably not so long, is also the sequencing of these types of agents. We are starting to have, as I was saying, accumulating data regarding the efficacy of these drugs. And some of them share either the same payload or they target the same antigen on the cell. And so, do you think that we will need as a new line of research to really go into the field of cross resistance when we are using and trying to sequence these types of novel agents? Dr. Jacob Sands: We're seeing that across various tumor types. I mean, to stick with lung in particular and small cell lung cancer, we've seen DLL 3 really be a demonstrated target for small cell lung cancer. And now we have a handful of drugs being developed that target DLL 3. How would we potentially utilize those drugs? In what orders and which ones over others is going to be an area for discussion, much like the area you're raising here, where we see TROP2 directed treatments. And so which one would you choose? On top of the fact that there are other targets, in this case, we're talking about TROP2, but of course, there's HER3 that we've seen, and especially when we're talking about an EGFR population, EGFR mutation population, we've seen good efficacy with this TROP2 antibody drug conjugate, as well as the HER3. And so how would we order those? And they both are using the same payload. If we're talking about both of the deruxtecan compounds, this is going to take some sorting out. I think with time, it'll be tough. I don't know if we'll end up seeing head to head studies in this or if this is going to end up being shaped more by expert committees and their descriptions. But I imagine we'll see some heterogeneity in the treatment pathways at different centers just based upon preferences and familiarity with these different drugs. Of course, assuming that they all end up ultimately being approved and then that efficacy and tolerability that we're seeing continues to pan out in future trials. Davide Soldato: So we were mentioning before that there is a very big line of development for this novel ADC. And I think that there are also some trials that are exploring the role of data DXD so the datopotamab-deruxtecan in lines where patients have received less therapy or in combination with other agents. So I wanted to ask you if you could give us some insights regarding the ongoing trials, if you know about them. And also what do you think could be the area of a met need where this drug could potentially give the most effect? Dr. Jacob Sands: It'll be interesting to see. In the first line setting we have TROPION-Lung07 and TROPION-Lung08. These are studies with PDL-1 expression of less than 50% or greater than or equal to 50%, the greater than equal to 50% being plus pembrolizumab versus pembrolizumab alone. The less than 50% essentially being an incorporation with or instead of chemotherapy along with the platinum-based therapy plus pembro. And so that one is a more complicated three-arm study. Now, essentially what this is looking at is incorporating this antibody drug conjugate in place of chemotherapy for potential tolerability when given concurrently with the platinum and pembro. Whether or not we'll see some synergy with the chemo and the pembro, I guess I would hypothesize that we would likely see at least similar to when giving the chemotherapy, or at least that's the hypothesis driving the trial design. If anything, whether we note improved tolerability relative to those getting, I'd say the carboplatin component, because certainly within non-squamous, non-small cell, pemetrexed is generally very well tolerated. And so that's a bit tougher to beat out from a toxicity standpoint. The trials are really designed based upon the efficacy that we've seen from this trial you're pointing out. I think by the time that this podcast is heard, we'll have the data from TROPION-Lung01 that'll be reported out as well in the second line setting versus docetaxel as that data is near release. These are areas for ongoing attention, certainly. Davide Soldato: Thank you, Dr. Sands, for being with us today. This concludes our episode of JCO Article Insights. We discussed with Dr. Sands the results of the manuscript titled, “First-in-Human, Phase I Dose-Escalation and Dose-Expansion Study of Trophoblast Cell-Surface Antigen 2-Directed Antibody-Drug Conjugate Datopotamab Deruxtecan in Non-Small-Cell Lung Cancer: TROPION-PanTumor01.” This is Davide Soldato. Thank you for your attention and stay tuned for the next episode. The purpose of this podcast is to educate and to inform. This is not a substitute for professional medical care and is not intended for use in the diagnosis or treatment of individual conditions. Guests on this podcast express their own opinions, experience and conclusions. Guest statements on the podcast do not express the opinions of ASCO. The mention of any product, service, organization, activity, or therapy should not be construed as an ASCO endorsement.
Check out SignalWire at: https://bit.ly/signalwirewan Make compliance easy with Kolide at: https://www.kolide.com/WAN Save time and automate your social media marketing! Check out Tailwind at https://lmg.gg/tailwind and get 50 free bonus Ghostwriter AI credits! Timestamps (Courtesy of NoKi1119) Note: Timing may be off due to sponsor change: 0:00 Chapters. 1:09 Intro. 1:33 Topic #1: CS:GO is no more, long lives CS 2. 2:48 History of CS, Source, Luke's experience. 9:36 Subtick, playing with Joe, volumetric smoke, recoil & shield. 16:00 Twitch & FP on CS recoil, Steam reviews, $40M in 40 minute. 22:06 Steam reviews, discussing CS 2 replacing CS:GO, a negative review. 32:50 BG3, Linus's BG3 review on Discord, BG3's tutorial, games reviews. 48:21 Yvonne's character choice, camera mod, game preference. 56:03 LTTStore's new desk pad. 57:06 Linus recalls a viewer's argument on using YT Superchats. 58:18 Creator's warehouse bread plushies ft. FP poll. 1:01:16 Merch Messages #1. 1:01:22 Would you wipe your controversies if you also wipe what you learnt from them? 1:03:44 Luke disagrees with FP Poll. 1:04:58 Any personal experience dealing with low temperature on tech? 1:07:23 New FP Poll for breads. 1:07:48 How many times has DLL said anything that caused chaos within LMG? 1:11:00 FP Poll result, bread is the meme. 1:12:09 Topic #2: Newegg's GPU trade in program. 1:12:34 Trade in prices, easy process & warranty. 1:20:49 Linus's price take, Luke on working with PayPal, LTT's AMD video, Linus on satire. 1:38:30 Sponsors. 1:42:13 Covering last WAN's supplement sponsorship. 1:45:30 Merch Messages #2. 1:45:36 How bad a monitor would you use for free before spending on one? 1:53:16 Has LTT ever used consultors or contractors? 2:00:56 How do you address technical debt in your projects? 2:06:00 Topic #3: Samsung's Neo G9 monitors cracking. 2:08:10 Luke on the low frequency of curved screens damage, Linus on per-region support. 2:12:08 Linus calls about if the Secret Shopper segment was shot, continues to leak. 2:22:16 Linus recalls Samsung's The Wall, purchases TCL's 115" MiniLED TV. 2:30:22 Linus's theory on why this is Chinese exclusive, LTT shot the Compensator. 2:35:30 Topic #4: Russian zero-day seller offers $20M to hack iOS & Android. 2:39:57 Topic #5: Reddit phases out gold & awards, now pays for karma. 2:42:08 Topic #6: Metaverse's 3D facial scan. 3:02:07 Topic #7: TheFloW teases a PS4/PS5 exploit. 3:03:39 Topic #8: Google will discontinue Podcast next year. 3:04:52 Topic #9: OpenAI's & Meta's new AI. 3:09:28 Topic #10: Getty's library generates images through an ethical database. 3:10:23 Topic #11: Google Search showcases ChatGPT-3's "eggs can be melted" response. 3:11:09 Topic #12: Military AI to sort U.S. intelligence. Cont. Topic #9: OpenAI's & Meta's new AI. 3:13:11 Meta's Ray-Band glasses article. 3:15:04 Luke shows Hotbunlover. 3:15:56 Merch Messages #3 ft. WAN Show After Dark. 3:16:58 How viable do you believe LTT's cleanest setup is? 3:19:48 Difficult challenge for tech that you've come to terms with? 3:20:41 Has Luke looked into aftermarket options for his car's infotainment system? 3:22:27 Has Linus's workload lowered after stepping down? ft. Tech shop sequel, Sea of Stars, cutscenes. 3:39:41 Did Yvonne's medical history help her learn finance better? 3:40:16 Any noticeable LTTStore merch preference per region? 3:40:43 Do you see 12GB VRAM being enough for 2K Ultra settings in the future? 3:45:14 Is it true that Linus can leap over the chair from a standing position? 3:49:16 Arm wrestling on WAN Show? 3:50:18 Have you explored what it'd take to start an ISP? 3:50:52 What is Linus's favorite WAN Show snack? 3:51:22 Do you think you'll see AI reach full sentience in your lifetime? 3:52:32 Why does Luke stream his Starfield gameplay on Twitch and not on FP? 3:54:08 Outro.
Top 5 Threat Hunting Headlines - 21 Aug 2023 Cuba Ransomware Deploys New Tools: Targets Critical Infrastructure Sector in the U.S. and IT Integrator in Latin America https://blogs.blackberry.com/en/2023/08/cuba-ransomware-deploys-new-tools-targets-critical-infrastructure-sector-in-the-usa-and-it-integrator-in-latin-america Hunting Rituals #1: Threat hunting for DLL side-loading https://www.group-ib.com/blog/hunting-rituals-dll-side-loading/ Suspected N. Korean Hackers Target S. Korea-US Drills https://www.securityweek.com/suspected-n-korean-hackers-target-s-korea-us-drills/?web_view=true Ransomware Diaries: Volume 3 – LockBit's Secrets https://analyst1.com/ransomware-diaries-volume-3-lockbits-secrets/ Add 'writing malware' to the list of things generative AI is not very good at doing https://www.theregister.com/2023/08/18/ai_malware_truth/?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Instagram: https://www.instagram.com/cyborgsecinc/ Facebook: https://www.facebook.com/CyborgSecInc
Welcome to another episode of Conscious Revolution Podcast! In this episode, we are diving deep with Amy, a holistic nutritionist, ayurvedic practitioner and HD Reader who is super passionate about supporting women in the reclamation of their healthy relationship with food and movement. Amy helps women heal their relationship with food while supporting their gut health and hormones so they can feel confident and radiant from the inside out. She draws on Holistic Nutrition, Ayurveda and Human Design to empower you to become your own healer. Through her online programs, she offers a taste of holistic rituals, scrumptious plant-based recipes, and a heap of supportive resources to make this nourishing lifestyle easy peasy, lemon squeezy. In this episode, we talk about: Amy's journey to self awareness and healing around her body Food culture, Ayurveda and Nutrition Amy's experience with Human Design How each energy type in HD can use its design to eat right and move right Shivani & Amy's experience as Taste Cognition Amy's health journey as a Generator Shivani''s movement experience as an Emotional Manifesting Generator self love and body positivity And that's all, Hope you enjoy this episode! Please let us know if you do and sharing whatever are you taking away from this episode! . If you are new to Human Design, find out about your energy type, authority and more here- www.bodygraph.com If you want to get into Amy's world, here's her information: Website: namatastenutrition.com Instagram: https://www.instagram.com/amyactivates/ Follow our podcast on IG: @consciousrevolutionpodcast Find Shivani on IG https://instagram.com/shivaanibaghel Shivani is a HD /astrology analyst with a desire to help women reclaim their self through spiritual healing and self development tools. Apart from hosting this podcast, she is the founder of Dream Life Lounge, a beautiful heaven where she teaches workshops, courses and meditations. Check out Jewel, a cosmic library which houses her life's work to give women an easy, affordable way to start their self healing journey. The DLL shop has recently re-opened, shop for money mindset workshop, your own customized HD/astrology guidebooks, and more - here.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.FortiGaurd Labs encounters a kernel driver that makes use of the open-source donut tool.Checkpoint researchers observe Iranian threat actor Agrius operating against Israeli targets.SentielOne notes changes in the ongoing campaign by Kimsuky.Microsoft uncovers stealthy malicious activity aimed at critical infrastructure in the United States.ZScaler Threatlabz reporting on Pikabot, a new malware trojan.Bleeping Computer reporting that the QBot malware operation has started to abuse a DLL hijacking flaw in the Windows 10 WordPad program.eSentire launches a multi-pronged offensive against a growing cyberthreat: the Gootloader Initial Access-as-a-Service Operation.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.
Picture of the Week So... Not an attack, then? AI Overlord Hysteria Italy says NO to ChatGPT It's illegal... How much will that be? The U.S. FDA & medical device security Hack the Pentagon Firefox 3dr-party DLL check-up Microsoft's Extortion? The Silver Ships Zombie Software Show Notes: https://www.grc.com/sn/sn-917-notes.pdf Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT meraki.cisco.com/twit
Genesis Market gets taken down. Proxyjackers exploit Log4j vulnerabilities. Fast-encrypting Rorschach ransomware uses DLL sideloading. Killnet attempts DDoS attacks against the German ministry. Carole Theriault ponders AI assisted cheating. Johannes Ullrich tracks malware injected in a popular tax filing website. Soft power and Russia's hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/65 Selected reading. 'Operation Cookie Monster': International police action seizes dark web market (Reuters) Stolen credential warehouse Genesis Market seized by FBI (Register) FBI Seizes Bot Shop ‘Genesis Market' Amid Arrests Targeting Operators, Suppliers (KrebsOnSecurity) Genesis Market, one of world's largest platforms for cyber fraud, seized by police (Record) 'Operation Cookie Monster': FBI seizes popular cybercrime forum used for large-scale identity theft (CNN) Cybercrime marketplace Genesis Market shut by FBI, international law enforcement (CNBC) FBI seizes stolen credentials market Genesis in Operation Cookie Monster (BleepingComputer) Notorious Genesis Market cybercrime forum seized in international law enforcement operation (CyberScoop) Proxyjacking has Entered the Chat (Sysdig) Rorschach – A New Sophisticated and Fast Ransomware (Check Point Research) Russian hackers attack German ministry's website (TVP World) Zimbra Flaw Exploited by Russia Against NATO Countries Added to CISA 'Must Patch' List (SecurityWeek) Zimbra vulnerability exploited by Russian hackers targeting Nato countries - CISA (Tech Monitor) CISA Adds One Known Exploited Vulnerability to Catalog (Cybersecurity and Infrastructure Security Agency CISA) NVD - CVE-2022-27926 (National Vulnerability Database) The Interview - Russian cyber weapons 'could do a lot of damage' in the US: Former counterterrorism czar (France 24) Biden cybersecurity chief 'surprised' Russia has not hit US targets amid Ukraine war (Washington Examiner) Ukrainian Cyber War Confirms the Lesson: Cyber Power Requires Soft Power (Council on Foreign Relations)
Picture of the Week So... Not an attack, then? AI Overlord Hysteria Italy says NO to ChatGPT It's illegal... How much will that be? The U.S. FDA & medical device security Hack the Pentagon Firefox 3dr-party DLL check-up Microsoft's Extortion? The Silver Ships Zombie Software Show Notes: https://www.grc.com/sn/sn-917-notes.pdf Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT meraki.cisco.com/twit
Picture of the Week So... Not an attack, then? AI Overlord Hysteria Italy says NO to ChatGPT It's illegal... How much will that be? The U.S. FDA & medical device security Hack the Pentagon Firefox 3dr-party DLL check-up Microsoft's Extortion? The Silver Ships Zombie Software Show Notes: https://www.grc.com/sn/sn-917-notes.pdf Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT meraki.cisco.com/twit
Picture of the Week So... Not an attack, then? AI Overlord Hysteria Italy says NO to ChatGPT It's illegal... How much will that be? The U.S. FDA & medical device security Hack the Pentagon Firefox 3dr-party DLL check-up Microsoft's Extortion? The Silver Ships Zombie Software Show Notes: https://www.grc.com/sn/sn-917-notes.pdf Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT meraki.cisco.com/twit
Picture of the Week So... Not an attack, then? AI Overlord Hysteria Italy says NO to ChatGPT It's illegal... How much will that be? The U.S. FDA & medical device security Hack the Pentagon Firefox 3dr-party DLL check-up Microsoft's Extortion? The Silver Ships Zombie Software Show Notes: https://www.grc.com/sn/sn-917-notes.pdf Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT meraki.cisco.com/twit
Picture of the Week So... Not an attack, then? AI Overlord Hysteria Italy says NO to ChatGPT It's illegal... How much will that be? The U.S. FDA & medical device security Hack the Pentagon Firefox 3dr-party DLL check-up Microsoft's Extortion? The Silver Ships Zombie Software Show Notes: https://www.grc.com/sn/sn-917-notes.pdf Hosts: Steve Gibson and Ant Pruitt Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: kolide.com/securitynow canary.tools/twit - use code: TWIT meraki.cisco.com/twit
Black History Month is a time to celebrate and honor Black Culture as well as examine the Black experience in the United States. In this episode, our guests talk about what they and their companies are doing not only to recognize and celebrate Black History Month, but to reach BEYOND to create real change in black communities and progress in the equipment finance industry. Join me and my co-host Eboni Preston-Laurent, ELFA's Director of Diversity, Equity and Inclusion as we talk to Tanisha Gordon-Flowers from Cisco, Joshua Dickens from Arvest Equipment Finance, Lovern Gordon of the Black Equipment Finance Network, and Jene Hill from DLL. We hope you walk away inspired to join the movement to push the industry forward! To contact today's guests: Tanisha Gordon-Flowers tangordo@cisco.com Jene Hill HillJM@delagelanden.com Joshua Dickens jdickens@arvest.com Lovern Gordon info@lovelifenow.org Eboni Preston-Laurent epreston@elfaonline.org Resources mentioned in this episode Black Equipment Finance Network (BEFN) www.befn.org Jené Hill Professional Black Girl Instagram @professionalblkgirl Additional Resources National Museum of African American History and Culture https://nmaahc.si.edu/learn/adults NMAAHC adult programs are exceptional for providing immersive and experiential learning. These programs provide broad, intense, and respectful exchanges among presenters, the audience, and museum staff that expand, and refresh our overall knowledge about important figures or moments in African American history. Code Switch Podcast from NPR https://www.npr.org/podcasts/510312/codeswitch Hosted by journalists of color, our podcast tackles the subject of race with empathy and humor. We explore how race affects every part of society — from politics and pop culture to history, food and everything in between. This podcast makes all of us part of the conversation — because we're all part of the story. Code Switch was named Apple Podcasts' first-ever Show of the Year in 2020.
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Conti's war against Costa Rica DoJ revises CFAA guidance Naughty kids get access to DEA portal A look at a Russian disinfo tool PyPI and PHP supply chain drama Much, much more This week's show is brought to you by Thinkst Canary. Its founder Haroon Meer will join us in this week's sponsor interview to talk about what might happen to infosec programs now the world economy is getting all funky. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes President Rodrigo Chaves says Costa Rica is at war with Conti hackers - BBC News Costa Ricans scrambled to pay taxes by hand after cyberattack took down country's collection system Costa Rican president claims collaborators are aiding Conti's ransomware extortion efforts K-12 school districts in New Mexico, Ohio crippled by cyberattacks - The Record by Recorded Future Greenland says health services 'severely limited' after cyberattack - The Record by Recorded Future Notorious cybercrime gang Conti 'shuts down,' but its influence and talent are still out there - The Record by Recorded Future 'Multi-tasking doctor' was mastermind behind 'Thanos' ransomware builder, DOJ says - The Record by Recorded Future Researchers warn of REvil return after January arrests in Russia - The Record by Recorded Future Researcher stops REvil ransomware in its tracks with DLL-hijacking exploit | The Daily Swig Bank refuses to pay ransom to hackers, sends dick pics instead • Graham Cluley GoodWill ransomware forces victims to donate to the poor and provides financial assistance to patients in need - CloudSEK Catalin Cimpanu on Twitter: "Report on a new ransomware strain named GoodWill that forces victims to perform acts of kindness to recover their files https://t.co/T0rhj5wjyC https://t.co/T92KPUJe61" / Twitter Water companies are increasingly uninsurable due to ransomware, industry execs say Department of Justice Announces New Policy for Charging Cases under the Computer Fraud and Abuse Act | OPA | Department of Justice download DEA Investigating Breach of Law Enforcement Data Portal – Krebs on Security Intelligence Update. A question of timing: examining the circumstances surrounding the Nauru Police Force hack and leak FSB's Fronton DDoS tool was actually designed for 'massive' fake info campaigns, researchers say Sonatype PiPI blog post Dvuln Labs - ServiceNSW's Digital Drivers Licence Security appears to be Super Bad New Bluetooth hack can unlock your Tesla—and all kinds of other devices | Ars Technica Researchers devise iPhone malware that runs even when device is turned off | Ars Technica New Research Paper: Pre-hijacking Attacks on Web User Accounts – Microsoft Security Response Center CISA issues directive for exploited VMware bug after IR team deployed to ‘large' org - The Record by Recorded Future Hackers are actively exploiting BIG-IP vulnerability with a 9.8 severity rating | Ars Technica Google, Apple, Microsoft Commit to Eliminating Passwords - Security Boulevard Thinkst Canary
Enjoy this sample of CSO Perspectives, a CyberWire Pro podcast. Like what you hear? Consider subscribing to CyberWire Pro for $99/year. Learn more. On this episode, host Rick Howard discusses if the first principles theories prevent material impact in the real world, such as the latest SolarWinds attack. Previous episodes referenced: S1E6: 11 MAY: Cybersecurity First Principles S1E7: 18 MAY: Cybersecurity first principles: zero trust S1E8: 26 MAY: Cybersecurity first principles: intrusion kill chains. S1E9: 01 JUN: Cybersecurity first principles - resilience S1E11: 15 JUN: Cybersecurity first principles - risk S2E3: 03 AUG: Incident response: a first principle idea. S2E4: 10 AUG: Incident response: around the Hash Table. S2E7: 31 AUG: Identity Management: a first principle idea. S2E8: 07 SEP: Identity Management: around the Hash Table. Other resources: “A BRIEF HISTORY OF SUPPLY CHAIN ATTACKS,” by Secarma, 1 September 2018. “Analyzing Solorigate, the compromised DLL file that started a sophisticated cyberattack, and how Microsoft Defender helps protect customers,” by 365 Defender Research Team and the Threat Intelligence Center (MSTIC), Microsoft, 18 December 2020. “A Timeline Perspective of the SolarStorm Supply-Chain Attack,” by Unit 42, Palo Alto Networks, 23 December 2020. “Cobalt Strike,” by MALPEDIA. “Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon,” by Kim Zetter, Published by Crown, 3 June 2014. “Cybersecurity Canon,” by Ohio State University. “FireEye shares jump back to pre-hack levels,” Melissa Lee, CNBC, 23 December 2020. "Implementing Intrusion Kill Chain Strategies by Creating Defensive Campaign Adversary Playbooks," by Rick Howard, Ryan Olson, and Deirdre Beard (Editor), The Cyber Defense Review, Fall 2020. “Orion Platform,” by SolarWinds. “Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers,” by Andy Greenberg, Published by Doubleday, 7 May 2019. “Solarstorm,” by Unit 42, Palo Alto Networks, 23 December 2020. “The Cybersecurity Canon: Countdown to Zero Day: Stuxnet and the Launch of the World's First Digital Weapon,” by Rick Howard, The Cybersecurity Canon Project, 28 January 2015. “Using Microsoft 365 Defender to protect against Solorigate,” by the Microsoft 365 Defender Team, 28 December 2020.