Podcasts about encrypt

Episode 220: Latest US government funding cuts directly impact important FOSS projects like Tor, Let's Encrypt, F-Droid, and more; Android takes development behind closed doors; Proton & Vivaldi team up; "Signalgate" (of course); and more!Welcome to the Surveillance Report - featuring Techlore & The New Oil to keep you updated on the newest security & privacy news.

Mozilla, F-Droid, Let's Encrypt, Tor, & more receive huge amounts of money from US taxes. Should they? More from The Lunduke Journal: https://lunduke.com/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe

Vulnerability in golang.org/x/netYou can't parse [X]HTML with regex.

The US tax payer funded Open Technology Fund has lost Federal funding and is taking the Trump administration to court. Plus: The shady connection to Firefox maker Mozilla. More from The Lunduke Journal: https://lunduke.com/ This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit lunduke.substack.com/subscribe

Si eres un usuario de Let's Encrypt ya sabrás que dejarán de enviar los correos que te notifican cuando un certificado SSL va a expirar. Pero puedes seguir recibiendo estas notificaciones con Red Sift. https://app.redsift.cloud/sift/ Por cierto, en este episodio menciono brevemente a Apple Invites. Te invito a debatir sobre este tema en el Foro de Como Pienso Digo https://foro.comopiensodigo.com Y otras formas de contacto las encuentran en: https://ernestoacosta.me/contacto.html Todos los medios donde publico contenido los encuentras en: https://ernestoacosta.me/ Si quieres comprar productos de RØDE, este es mi link de afiliados: https://brandstore.rode.com/?sca_ref=5066237.YwvTR4eCu1

TechCraft, votre émission de divertissement Technologique & vidéo-ludique. Nos liens: Site TechCraft: www.techcraft.fr Live: http://live.techcraft.fr Flux rss: http://techcraft.podcloud.fr/rss E-Mail: podcast@techcraft.fr Twitter : @TechCraftPDC BlueSky : @techcraft.fr Discord: http://discord.techcraft.fr PodCloud : https://techcraft.lepodcast.fr/ News High-tech Quenton: Apple invite Jacky: Vous prendrez bien une salade d'impressions 3D Lien: https://www.printables.com/contest/467-dj-design-contest Lien: https://help.prusa3d.com/fr/materials Bigaston: TailwindCSS arrive en version 4.0! Lien: https://tailwindcss.com/blog/tailwindcss-v4 Jacky: Si on parlait solidité des impressions 3D Lien: https://www.youtube.com/watch?v=EqRdQOoK5hc Draven: DeepSeek secoue la Silicon Valley, OpenAI réagit Lien: https://www.mac4ever.com/ia/186947-ce-que-vous-ignorez-sur-l-ia-chinoise-deepseek-qui-a-ebranle-la-bourse Lien: https://www.mac4ever.com/divers/186978-tapestry-l-appli-qui-regroupe-tous-vos-flux-en-un-seul-endroit Quenton: DUCU sur la pomme Les News Gaming Bigaston: Steam prévient quand un Early Access est mort Lien: https://www.actugaming.net/steam-va-maintenant-vous-prevenir-si-un-jeu-en-acces-anticipe-na-pas-ete-mis-a-jour-depuis-longtemps-701591/ Bigaston: Quelques news de la Nintendo Switch Lien: https://www.actugaming.net/nintendo-ne-veut-pas-afficher-sa-switch-2-a-un-prix-qui-ne-serait-pas-abordable-mais-tiendra-compte-de-linflation-701733/ Lien: https://www.frandroid.com/marques/2494796_nintendo-prend-des-mesures-pour-eviter-les-penuries-de-switch-2-au-lancement Le coup de coeur de la semaine Bigaston: Forgejo et Woodpecker CI Lien: https://forgejo.org/ Lien: https://woodpecker-ci.org/ Les news en bref Quenton: Let's Encrypt met fin aux courriels de notification d'expiration de certificat pour des raison de coût et de sécurité Quenton: Le Chat, l'IA de chez Mistral débarque sur l'App Store et le Play Store Quenton: ChatGPT Search, le moteur de recherche, ne nécessite plus de compte pour être utilisé, il suffit d'aller sur chat.com CONCLUSION Site TechCraft: www.techcraft.fr E-Mail: podcast@techcraft.fr Twitter : @TechCraftPDC Discord: http://discord.techcraft.fr PodCloud : https://techcraft.lepodcast.fr/

Some Updates to Our Data Feeds We made some updates to the documentation for our data feeds, and added the neat Rosti Feed to our list as well as to our ipinfo page. https://isc.sans.edu/diary/Some%20updates%20to%20our%20data%20feeds/31650 8 Million Request Later We Meade the Solarwindws Supply Chain Attack Look Amateur While the title is a bit of watchTowr hyperbole, the problem of resurrecting dead S3 buckets back to live is real and needs to be addressed. Boring solutions will help not becoming an exciting headline. https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/ Let's Encrypt Ending Expiration Emails Let's Encrypt will no longer send emails for expiring certificates. They suggest other free services to send these emails for you https://letsencrypt.org/2025/01/22/ending-expiration-emails/ Guidance and Strategies Protect Network Edge Edvices CISA and other agencies created a guidance document outlining how to protect edge devices like firewalls, vpn concentrators and other similar devices. https://www.cisa.gov/resources-tools/resources/guidance-and-strategies-protect-network-edge-devices

significant security breach has been identified within the U.S. Treasury Department, where unauthorized individuals gained administrator-level access to critical financial systems, including the Payment Automation Manager (PAM) and the Secure Payment System (SPS). This breach raises serious concerns about the integrity of the U.S. financial system, as it allows for unauthorized modifications to federal payment workflows and security configurations. The threat actors, linked to a private sector entity, have reportedly acquired elevated privileges without the necessary government vetting or legal authorization, potentially compromising sensitive financial operations and personal data of millions of Americans.The implications of this breach extend beyond the Treasury, as individuals associated with the threat actors have also gained unauthorized access to the National Oceanic and Atmospheric Administration (NOAA). This unauthorized entry raises alarms about the potential compromise of classified environmental data and the integrity of agency operations. Lawmakers are expressing significant concern over the breach, particularly regarding its impact on federal funding mechanisms and the privacy of citizens. Affected customers have filed a lawsuit against the Treasury Department, alleging failures in enforcing access controls that could jeopardize personal and financial information.The discussion highlights the importance of cybersecurity governance, compliance, and access control, emphasizing that security is not solely about defending against external threats. The podcast stresses that insider threats and unauthorized privileged access are equally critical issues that businesses must address. It calls for a shift in how organizations perceive security, advocating for a zero-trust approach and robust identity and access management practices. The need for continuous monitoring and strict auditing of privileged accounts is underscored, as unauthorized access can occur regardless of the actors' intent.In addition to the main story, the episode covers several other cybersecurity-related topics, including the exposure of over one million chat records by DeepSeek, which has raised concerns about data security among AI providers. Microsoft announced the discontinuation of its Defender VPN service due to low usage, while Let's Encrypt plans to end its expiration notification email service. Cloudflare has introduced a feature to enhance online image authenticity, and the Trump administration has eliminated a key framework for AI integration into federal cloud services. These developments reflect broader trends in cybersecurity, privacy, and the evolving landscape of technology governance. Four things to know today 00:00 Cybersecurity 101: If Even the Government Can't Control Access, What About Your Business?  06:39 DeepSeek Leaks a Million Chat Records—And the Pentagon Wants Nothing to Do with It08:58 Microsoft Pulls the Plug on Defender VPN—Was Anyone Using It?10:57 FedRAMP Shake-Up: No Special Treatment for AI as Trump Administration Ends Key Framework  Supported by:  https://www.huntress.com/mspradio/Event: https://nerdiocon.com/ All our Sponsors: https://businessof.tech/sponsors/ Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Looking for a link from the stories? The entire script of the show, with links to articles, are posted in each story on https://www.businessof.tech/ Support the show on Patreon: https://patreon.com/mspradio/ Want to be a guest on Business of Tech: Daily 10-Minute IT Services Insights? Send Dave Sobel a message on PodMatch, here: https://www.podmatch.com/hostdetailpreview/businessoftech Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.com Follow us on:LinkedIn: https://www.linkedin.com/company/28908079/YouTube: https://youtube.com/mspradio/Facebook: https://www.facebook.com/mspradionews/Instagram: https://www.instagram.com/mspradio/TikTok: https://www.tiktok.com/@businessoftechBluesky: https://bsky.app/profile/businessof.tech

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

eM Client CAN be purchased outright. An astonishing 5-year-old typo in MasterCard's DNS. An unwelcome surprise received by 18,459 low-level hackers. DDoS attacks continue growing, seemingly without any end in sight. Let's Encrypt clarifies their plans for 6-day "we barely knew you" certificates. SpinRite uncovers a bad brand new 8TB drive. Listener feedback about TOTP, Syncthing and UDP hole punching, email spam, ValiDrive speed, AI neural nets, DJI geofencing, and advertising in the "New" Outlook. A look into the tradeoffs required to obtain privacy for our DNS lookups Show Notes - https://www.grc.com/sn/SN-1010-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: uscloud.com joindeleteme.com/twit promo code TWIT bitwarden.com/twit zscaler.com/security

Enjoying the content? Let us know your feedback!In this episode we will detail the significant announcement from Let's Encrypt – the trusted nonprofit Certificate Authority that has been at the forefront of making the web more secure.Let's Encrypt has revealed its plans to drastically reduce the lifetime of its TLS certificates from 90 days to just 6 days. This decision, outlined in their 2024 annual report, is aimed at strengthening the security of online communications by minimizing the risks associated with compromised keys. But what does this mean for website owners, IT administrators, and the broader cybersecurity landscape? That's what we'll explore in detail today.- https://community.letsencrypt.org: 2024 ISRG Annual Report- https://www.malwarebytes.com: 7-zip bug could allow a bypass of a windows security feature update now- https://digital.nhs.uk: Proof-of-Concept Exploit Released for CVE-2025-0411 in 7-ZipBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

In this episode, Sarah Gran and Brandon Pitman from the Internet Security Research Group (ISRG) dive into their projects, Divvi Up and Let's Encrypt. They discuss the creation and impact of Divvi Up, a privacy-preserving metrics aggregation service, and its role in protecting individual data while providing valuable insights to organizations. They share the journey from collaborating with Google and Apple on COVID-19 exposure notifications to enhancing privacy for Firefox users. The conversation also explores the importance of TLS certificates provided by Let's Encrypt and the challenges and advancements in the realm of online privacy. 00:00 Introduction and Guest Introductions 01:22 Overview of DivviUp 02:29 Privacy Concerns and Data Security 06:18 Real-World Applications and Examples 11:28 Technical Details and Protocols 19:53 Open Source and Community Involvement 20:39 Conclusion and Final Thoughts   Guests: Sarah Gran is the Vice President of the Brand and Donor Development team at Internet Security Research Group (ISRG), the nonprofit entity behind Let's Encrypt, the world's largest certificate authority. Sarah joined ISRG in early 2016, shortly after the Let's Encrypt launch and has helped it become a household name in software development. Sarah has also helped to shape ISRG's latest projects, one focused on bringing memory-safe code to security-sensitive software, called Prossimo, and a privacy-respecting metrics service, called Divvi Up.Sarah is an independent member of the Tor Project's Board of Directors. Previously, Sarah worked as a Vice President at Edelman SF and Deutsch NY in brand and communications strategy groups. Brandon Pitman is the Senior Software Engineer for Divvi Up and has a Master's in Computer Science from Georgia Tech. Prior to ISRG, they worked at Google on a variety of Security, Privacy, and Green Energy projects. Bran came to ISRG to be a part of improving the privacy stance of the Internet as a whole.

* Ransomware Gang Exploits AWS Feature to Encrypt and Hold Data Hostage* Phishing Texts Trick iMessage Users into Disabling Security* Fake CrowdStrike Job Offers Used to Distribute Cryptominer* Stealthy WordPress Skimmers Infiltrate Database Tables* A New AI-Driven Ransomware Group Blurs the Lines Between Hacktivism and CybercrimeRansomware Gang Exploits AWS Feature to Encrypt and Hold Data Hostagehttps://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-cA new ransomware campaign leverages Amazon Web Services' (AWS) Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt victims' data stored in S3 buckets. This tactic, discovered by cybersecurity firm Halcyon, sees threat actors, such as the group dubbed "Codefinger," infiltrate AWS accounts and utilize the SSE-C feature with their own encryption keys.The campaign hinges on the fact that AWS does not store these customer-provided keys. This makes data recovery impossible for victims even if they report the incident to Amazon. After encrypting the data, attackers set a seven-day file deletion policy and leave ransom notes demanding Bitcoin payments in exchange for the decryption key.Halcyon advises AWS customers to implement strict security protocols, including disabling unused keys, regularly rotating active keys, and minimizing account permissions. They also recommend setting policies that restrict the use of SSE-C on S3 buckets where possible.This incident highlights the critical need for robust security measures within cloud environments, emphasizing the importance of secure key management and vigilant monitoring for unauthorized activity.Phishing Texts Trick iMessage Users into Disabling Securityhttps://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection/Cybercriminals are employing a new tactic in their smishing (SMS phishing) campaigns: tricking Apple iMessage users into replying to texts, thereby disabling the platform's built-in phishing protection.iMessage automatically disables links in messages from unknown senders as a security measure. However, replying to such a message or adding the sender to your contacts list will enable these links.Recent smishing attacks, such as those mimicking USPS shipping issues or unpaid road tolls, instruct recipients to reply with "Y" to enable a disabled link. This plays on the common user behavior of replying to texts to confirm appointments or opt-out of services.By replying, users inadvertently disable iMessage's security for that specific text, potentially exposing themselves to malicious links and scams. Even if the user doesn't click the enabled link, their response signals to attackers that they are susceptible to phishing attempts.Security experts advise against replying to texts with disabled links from unknown senders. Instead, users should contact the purported sender directly to verify the message's legitimacy.Fake CrowdStrike Job Offers Used to Distribute Cryptominerhttps://www.crowdstrike.com/en-us/blog/recruitment-phishing-scam-imitates-crowdstrike-hiring-process/Cybercriminals are targeting developers with a new phishing campaign that impersonates CrowdStrike, a cybersecurity company. The campaign tricks victims into downloading a malicious application that installs a cryptominer on their devices.Here's how the scam works:* Phishing Email: The attacker sends a phishing email that appears to be from a CrowdStrike recruiter. The email congratulates the recipient on being shortlisted for a junior developer position and asks them to schedule an interview.* Malicious Link: The email contains a link that takes the victim to a fake website that looks like a legitimate CrowdStrike domain.* Fake CRM Application: The website prompts the victim to download a "customer relationship management (CRM)" application to schedule the interview. However, this application is actually malware.* Cryptominer Download: Once downloaded and installed, the malware downloads and installs a cryptominer on the victim's device. Cryptominers use the victim's device to mine cryptocurrency for the attacker.This is a sophisticated phishing campaign that leverages the credibility of a well-known company. Here are some tips to avoid falling victim to this scam:* Be wary of unsolicited emails: Don't click on links or download attachments from emails from unknown senders.* Verify the sender's email address: If you receive an email from a recruiter, carefully check the email address to make sure it's legitimate.* Don't download software from untrusted sources: Only download software from the official website of the company.* Be suspicious of urgent requests: If an email asks you to take immediate action, it's probably a scam.Stealthy WordPress Skimmers Infiltrate Database Tableshttps://blog.sucuri.net/2025/01/stealthy-credit-card-skimmer-targets-wordpress-checkout-pages-via-database-injection.htmlCybersecurity researchers have uncovered a new wave of credit card skimmers targeting WordPress e-commerce sites. This campaign injects malicious JavaScript into the wp_options table of the WordPress database, making it difficult to detect with traditional scanning tools.How the Skimmer Works* Database Injection: The skimmer code is injected into the wp_options table disguised as a widget block.* Checkout Page Activation: The malicious code springs into action only on checkout pages.* Fake Payment Form: The skimmer either hijacks existing payment fields or injects a fraudulent payment form that mimics legitimate processors like Stripe.* Data Theft: The form captures credit card details, including numbers, expiration dates, CVV codes, and billing information. The stolen data is then encoded to evade detection and sent to attacker-controlled servers.Campaign Similarities to Previous AttacksThis campaign shares similarities with a previous attack discovered by Sucuri in December 2024. That attack also used JavaScript to create fake payment forms or steal data from legitimate forms on checkout pages. However, the stolen data was obfuscated differently, using a combination of JSON encoding, XOR encryption, and Base64 encoding.These recent discoveries highlight the evolving tactics of cybercriminals. E-commerce website owners should stay updated on the latest threats and implement robust security measures, including regular vulnerability scanning and database backups. Also users should be cautious about entering payment information on unfamiliar websites and look for signs of a secure connection (HTTPS).A New AI-Driven Ransomware Group Blurs the Lines Between Hacktivism and Cybercrimehttps://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/FunkSec, a recently emerged ransomware group, has taken the cybersecurity world by storm with its aggressive tactics and claims of over 85 victims in just a month. However, a closer look reveals a more complex story.Key Points:* Rapid Rise: FunkSec emerged in late 2024 and quickly gained notoriety for its high number of claimed victims.* Low Expertise: Despite their claims, FunkSec appears to be run by inexperienced actors, with the malware riddled with redundancies and the group recycling leaked data from other sources.* AI-Assisted Development: The group leverages AI tools to enhance their capabilities, including generating code comments and potentially aiding in ransomware development.* Hacktivist Leanings: FunkSec aligns itself with hacktivist causes and targets specific countries, but the legitimacy of these connections remains unclear.* Blurred Lines: FunkSec's activities blur the line between hacktivism and cybercrime, raising questions about their true motivations.Motives and MethodsFunkSec uses a combination of data theft and encryption (double extortion) to pressure victims into paying ransoms. They offer their custom ransomware, DDoS tools, and password generation utilities. Interestingly, their ransomware demands are unusually low, sometimes as little as $10,000, and they also sell stolen data to third parties.Technical AnalysisThe FunkSec ransomware is written in Rust and exhibits several peculiarities. The code contains redundancies, with functions being called repeatedly. Additionally, the malware leverages AI-generated comments, suggesting a reliance on AI tools for development.Uncertainties and ChallengesFunkSec's true expertise and motivations remain unclear. Their use of recycled data casts doubt on the authenticity of their leaks, and their connection to hacktivism is questionable. This case highlights the evolving threat landscape where even less-skilled actors can leverage AI and readily available tools to cause significant disruption.The FutureFunkSec serves as a wake-up call for the cybersecurity community. We need to develop better methods for assessing ransomware threats and be wary of groups that rely on self-promotion and manipulation. As AI becomes more accessible, it's crucial to stay ahead of its potential misuse by malicious actors. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com

Meta winds down 3rd-party content filtering. Is encryption soon to follow? Taking over abandoned Command & Control server domains (strictly for research purposes only). IoT devices to get the "Cyber Trust Mark" — Will anyone notice or care? "SyncThing" receives a (blessedly infrequent) update. Government email is not using encryption? Really? Email relaying prevents point-to-point end-to-end encryption and authentication. Just because Let's Encrypt doesn't support email doesn't mean it's impossible. What Sci-Fi does ChatGPT think I (Steve) should start reading next? To auto-update or not to auto-update? — is that one question or two? And, until today, we've never taken a deep dive into the technology of time-varying 6-digit one time tokens. Show Notes - https://www.grc.com/sn/SN-1008-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Meta winds down 3rd-party content filtering. Is encryption soon to follow? Taking over abandoned Command & Control server domains (strictly for research purposes only). IoT devices to get the "Cyber Trust Mark" — Will anyone notice or care? "SyncThing" receives a (blessedly infrequent) update. Government email is not using encryption? Really? Email relaying prevents point-to-point end-to-end encryption and authentication. Just because Let's Encrypt doesn't support email doesn't mean it's impossible. What Sci-Fi does ChatGPT think I (Steve) should start reading next? To auto-update or not to auto-update? — is that one question or two? And, until today, we've never taken a deep dive into the technology of time-varying 6-digit one time tokens. Show Notes - https://www.grc.com/sn/SN-1008-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT uscloud.com joindeleteme.com/twit promo code TWIT 1password.com/securitynow zscaler.com/security

Meta winds down 3rd-party content filtering. Is encryption soon to follow? Taking over abandoned Command & Control server domains (strictly for research purposes only). IoT devices to get the "Cyber Trust Mark" — Will anyone notice or care? "SyncThing" receives a (blessedly infrequent) update. Government email is not using encryption? Really? Email relaying prevents point-to-point end-to-end encryption and authentication. Just because Let's Encrypt doesn't support email doesn't mean it's impossible. What Sci-Fi does ChatGPT think I (Steve) should start reading next? To auto-update or not to auto-update? — is that one question or two? And, until today, we've never taken a deep dive into the technology of time-varying 6-digit one time tokens. Show Notes - https://www.grc.com/sn/SN-1008-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Meta winds down 3rd-party content filtering. Is encryption soon to follow? Taking over abandoned Command & Control server domains (strictly for research purposes only). IoT devices to get the "Cyber Trust Mark" — Will anyone notice or care? "SyncThing" receives a (blessedly infrequent) update. Government email is not using encryption? Really? Email relaying prevents point-to-point end-to-end encryption and authentication. Just because Let's Encrypt doesn't support email doesn't mean it's impossible. What Sci-Fi does ChatGPT think I (Steve) should start reading next? To auto-update or not to auto-update? — is that one question or two? And, until today, we've never taken a deep dive into the technology of time-varying 6-digit one time tokens. Show Notes - https://www.grc.com/sn/SN-1008-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Meta winds down 3rd-party content filtering. Is encryption soon to follow? Taking over abandoned Command & Control server domains (strictly for research purposes only). IoT devices to get the "Cyber Trust Mark" — Will anyone notice or care? "SyncThing" receives a (blessedly infrequent) update. Government email is not using encryption? Really? Email relaying prevents point-to-point end-to-end encryption and authentication. Just because Let's Encrypt doesn't support email doesn't mean it's impossible. What Sci-Fi does ChatGPT think I (Steve) should start reading next? To auto-update or not to auto-update? — is that one question or two? And, until today, we've never taken a deep dive into the technology of time-varying 6-digit one time tokens. Show Notes - https://www.grc.com/sn/SN-1008-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT uscloud.com joindeleteme.com/twit promo code TWIT 1password.com/securitynow zscaler.com/security

Meta winds down 3rd-party content filtering. Is encryption soon to follow? Taking over abandoned Command & Control server domains (strictly for research purposes only). IoT devices to get the "Cyber Trust Mark" — Will anyone notice or care? "SyncThing" receives a (blessedly infrequent) update. Government email is not using encryption? Really? Email relaying prevents point-to-point end-to-end encryption and authentication. Just because Let's Encrypt doesn't support email doesn't mean it's impossible. What Sci-Fi does ChatGPT think I (Steve) should start reading next? To auto-update or not to auto-update? — is that one question or two? And, until today, we've never taken a deep dive into the technology of time-varying 6-digit one time tokens. Show Notes - https://www.grc.com/sn/SN-1008-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6.

Meta winds down 3rd-party content filtering. Is encryption soon to follow? Taking over abandoned Command & Control server domains (strictly for research purposes only). IoT devices to get the "Cyber Trust Mark" — Will anyone notice or care? "SyncThing" receives a (blessedly infrequent) update. Government email is not using encryption? Really? Email relaying prevents point-to-point end-to-end encryption and authentication. Just because Let's Encrypt doesn't support email doesn't mean it's impossible. What Sci-Fi does ChatGPT think I (Steve) should start reading next? To auto-update or not to auto-update? — is that one question or two? And, until today, we've never taken a deep dive into the technology of time-varying 6-digit one time tokens. Show Notes - https://www.grc.com/sn/SN-1008-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT uscloud.com joindeleteme.com/twit promo code TWIT 1password.com/securitynow zscaler.com/security

Meta winds down 3rd-party content filtering. Is encryption soon to follow? Taking over abandoned Command & Control server domains (strictly for research purposes only). IoT devices to get the "Cyber Trust Mark" — Will anyone notice or care? "SyncThing" receives a (blessedly infrequent) update. Government email is not using encryption? Really? Email relaying prevents point-to-point end-to-end encryption and authentication. Just because Let's Encrypt doesn't support email doesn't mean it's impossible. What Sci-Fi does ChatGPT think I (Steve) should start reading next? To auto-update or not to auto-update? — is that one question or two? And, until today, we've never taken a deep dive into the technology of time-varying 6-digit one time tokens. Show Notes - https://www.grc.com/sn/SN-1008-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT uscloud.com joindeleteme.com/twit promo code TWIT 1password.com/securitynow zscaler.com/security

Windows ssh is sending more telemetry than you might think, Let's Encrypt will offer 6 days certificates, a PSA about domains that don't send emails, and performance issues in a Synology NAS.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Winter 2024 Roundup: Storage and Network Diagnostics […]

Windows ssh is sending more telemetry than you might think, Let's Encrypt will offer 6 days certificates, a PSA about domains that don't send emails, and performance issues in a Synology NAS.   Plugs Support us on patreon and get an ad-free RSS feed with early episodes sometimes Winter 2024 Roundup: Storage and Network Diagnostics... Read More

Jetstack's cert-manager, a leading open-source project in Kubernetes certificate management, began as a job interview challenge. Co-founder Matt Barker recalls asking a prospective engineer to automate Let's Encrypt within Kubernetes. By Monday, the candidate had created kube-lego, which evolved into cert-manager, now downloaded over 500 million times monthly.Cert-manager's journey to CNCF graduation, achieved in September, began with its donation to the foundation four years ago. Relaunched as cert-manager, the project grew under engineer James Munnelly, becoming the de facto standard for certificate lifecycle management. The thriving community and ecosystem around cert-manager highlighted its suitability for CNCF stewardship. However, maintainers, including Ashley Davis, noted challenges in navigating differing opinions within its vast user base.With graduation achieved, cert-manager's roadmap includes sub-projects like trust-manager, addressing TLS trust bundle management and Istio integration. Barker aims to streamline enterprise-scale deployments and educate security teams on cert-manager's impact. Cert-manager has become integral to cloud-native workflows, promising to simplify hybrid, multicloud, and edge deployments.Learn more from The New Stack about cert-manager:Jetstack's cert-manager Joins the CNCF Sandbox of Cloud Native TechnologiesJetstack Secure Promises to Ease Kubernetes TLS SecurityJoin our community of newsletter subscribers to stay on top of the news and at the top of your game. 

FAQ: IT Privacy and Security Weekly Update (Week Ending December 17th, 2024) 1. What is the main takeaway from the recent US Telecom breach? The breach linked to Chinese hackers highlights the dangers of government backdoors in encryption systems. The 1994 CALEA law, intended to assist law enforcement, created vulnerabilities exploited in this incident. Experts emphasize that backdoors weaken security for everyone and make systems susceptible to both good and bad actors. 2. What security concerns arose with UnitedHealthcare's Optum AI chatbot? Optum's AI chatbot, used internally for managing health insurance claims, was left publicly accessible without a password. Although it didn't contain sensitive health data, its exposure raises concerns about the responsible management of AI, particularly given UnitedHealthcare's alleged use of AI to deny patient claims. 3. Despite improvements, why should users still be cautious with Microsoft's Recall feature? While Microsoft's Recall screen capture tool now includes encryption and sensitive information filtering, tests reveal inconsistencies in its performance. It struggles to identify private data in non-standard formats or situations, potentially leading to unintended exposure of sensitive details. 4. What is the significance of Meta's recent €251 million fine by the EU? The fine stems from a 2018 security breach exposing data of millions of EU users. It underscores the EU's strong enforcement of the GDPR and emphasizes the importance of companies prioritizing data protection. For users, it serves as a reminder that their personal information may not always be secure. 5. How is the US-China trade conflict impacting the Ukraine war effort? China is limiting sales of drone components critical to Ukraine's defense as part of the escalating trade conflict with the US. This move is expected to expand to broader export restrictions, hindering Ukraine's access to vital drone technology. 6. Why is the EU investing in its own satellite constellation, IRIS²? The EU aims to reduce reliance on non-European networks like Starlink by developing IRIS². This sovereign satellite constellation will provide secure internet access across Europe, enhancing strategic autonomy and fostering public-private collaboration in the space sector. 7. What benefits will Let's Encrypt's new six-day certificates offer? The shift to shorter certificate lifespans significantly reduces security risks associated with compromised keys. While this means issuing more certificates, Let's Encrypt's automated systems will ensure a smooth transition for users, resulting in a safer and more secure internet experience. 8. How is United Airlines using Apple technology to improve its baggage handling? United Airlines is integrating Apple's "Share Item Location" feature into its mobile app. Passengers can now share real-time locations of AirTags attached to their luggage, enabling United's customer service team to track and retrieve misplaced baggage more efficiently.

Is AI the Wizard of Oz? Or is it more? Microsoft's long standing effective MFA login bypass. Is TPM 2.0 not required after all for Windows 11? Meet 14 North Korean IT workers who made $88 million from the West. Android updates its Bluetooth tracking with anti-tracking. The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight. The AskWoody site remains alive, well, and terrific. My iPhone is linked to Windows and it's wonderful. Yay. How has email been finding logos before BIMI? If we use Him and Her for people, how about Hal for AI? Another very disturbing conversation with ChatGPT. What's going on with the new ChatGPT o1 model? It wants to escape? What?? Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world? And all the best holiday wishes. See you in January Show Notes - https://www.grc.com/sn/SN-1005-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT 1password.com/securitynow bigid.com/securitynow canary.tools/twit - use code: TWIT

Is AI the Wizard of Oz? Or is it more? Microsoft's long standing effective MFA login bypass. Is TPM 2.0 not required after all for Windows 11? Meet 14 North Korean IT workers who made $88 million from the West. Android updates its Bluetooth tracking with anti-tracking. The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight. The AskWoody site remains alive, well, and terrific. My iPhone is linked to Windows and it's wonderful. Yay. How has email been finding logos before BIMI? If we use Him and Her for people, how about Hal for AI? Another very disturbing conversation with ChatGPT. What's going on with the new ChatGPT o1 model? It wants to escape? What?? Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world? And all the best holiday wishes. See you in January Show Notes - https://www.grc.com/sn/SN-1005-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT 1password.com/securitynow bigid.com/securitynow canary.tools/twit - use code: TWIT

Is AI the Wizard of Oz? Or is it more? Microsoft's long standing effective MFA login bypass. Is TPM 2.0 not required after all for Windows 11? Meet 14 North Korean IT workers who made $88 million from the West. Android updates its Bluetooth tracking with anti-tracking. The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight. The AskWoody site remains alive, well, and terrific. My iPhone is linked to Windows and it's wonderful. Yay. How has email been finding logos before BIMI? If we use Him and Her for people, how about Hal for AI? Another very disturbing conversation with ChatGPT. What's going on with the new ChatGPT o1 model? It wants to escape? What?? Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world? And all the best holiday wishes. See you in January Show Notes - https://www.grc.com/sn/SN-1005-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT 1password.com/securitynow bigid.com/securitynow canary.tools/twit - use code: TWIT

Is AI the Wizard of Oz? Or is it more? Microsoft's long standing effective MFA login bypass. Is TPM 2.0 not required after all for Windows 11? Meet 14 North Korean IT workers who made $88 million from the West. Android updates its Bluetooth tracking with anti-tracking. The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight. The AskWoody site remains alive, well, and terrific. My iPhone is linked to Windows and it's wonderful. Yay. How has email been finding logos before BIMI? If we use Him and Her for people, how about Hal for AI? Another very disturbing conversation with ChatGPT. What's going on with the new ChatGPT o1 model? It wants to escape? What?? Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world? And all the best holiday wishes. See you in January Show Notes - https://www.grc.com/sn/SN-1005-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT 1password.com/securitynow bigid.com/securitynow canary.tools/twit - use code: TWIT

Is AI the Wizard of Oz? Or is it more? Microsoft's long standing effective MFA login bypass. Is TPM 2.0 not required after all for Windows 11? Meet 14 North Korean IT workers who made $88 million from the West. Android updates its Bluetooth tracking with anti-tracking. The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight. The AskWoody site remains alive, well, and terrific. My iPhone is linked to Windows and it's wonderful. Yay. How has email been finding logos before BIMI? If we use Him and Her for people, how about Hal for AI? Another very disturbing conversation with ChatGPT. What's going on with the new ChatGPT o1 model? It wants to escape? What?? Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world? And all the best holiday wishes. See you in January Show Notes - https://www.grc.com/sn/SN-1005-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT 1password.com/securitynow bigid.com/securitynow canary.tools/twit - use code: TWIT

Is AI the Wizard of Oz? Or is it more? Microsoft's long standing effective MFA login bypass. Is TPM 2.0 not required after all for Windows 11? Meet 14 North Korean IT workers who made $88 million from the West. Android updates its Bluetooth tracking with anti-tracking. The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight. The AskWoody site remains alive, well, and terrific. My iPhone is linked to Windows and it's wonderful. Yay. How has email been finding logos before BIMI? If we use Him and Her for people, how about Hal for AI? Another very disturbing conversation with ChatGPT. What's going on with the new ChatGPT o1 model? It wants to escape? What?? Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world? And all the best holiday wishes. See you in January Show Notes - https://www.grc.com/sn/SN-1005-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT 1password.com/securitynow bigid.com/securitynow canary.tools/twit - use code: TWIT

Is AI the Wizard of Oz? Or is it more? Microsoft's long standing effective MFA login bypass. Is TPM 2.0 not required after all for Windows 11? Meet 14 North Korean IT workers who made $88 million from the West. Android updates its Bluetooth tracking with anti-tracking. The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight. The AskWoody site remains alive, well, and terrific. My iPhone is linked to Windows and it's wonderful. Yay. How has email been finding logos before BIMI? If we use Him and Her for people, how about Hal for AI? Another very disturbing conversation with ChatGPT. What's going on with the new ChatGPT o1 model? It wants to escape? What?? Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world? And all the best holiday wishes. See you in January Show Notes - https://www.grc.com/sn/SN-1005-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT 1password.com/securitynow bigid.com/securitynow canary.tools/twit - use code: TWIT

Is AI the Wizard of Oz? Or is it more? Microsoft's long standing effective MFA login bypass. Is TPM 2.0 not required after all for Windows 11? Meet 14 North Korean IT workers who made $88 million from the West. Android updates its Bluetooth tracking with anti-tracking. The NPM package manager repository has had 540,000 malicious packages discovered hiding in plain sight. The AskWoody site remains alive, well, and terrific. My iPhone is linked to Windows and it's wonderful. Yay. How has email been finding logos before BIMI? If we use Him and Her for people, how about Hal for AI? Another very disturbing conversation with ChatGPT. What's going on with the new ChatGPT o1 model? It wants to escape? What?? Let's Encrypt plans to reduce its certificate lifetime from 90 to just 6 days. Why in the world? And all the best holiday wishes. See you in January Show Notes - https://www.grc.com/sn/SN-1005-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT 1password.com/securitynow bigid.com/securitynow canary.tools/twit - use code: TWIT

השבוע בתוכנית:

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

Yan Zhu, Chief Information Security Officer at Brave Software, discusses ways to reduce your risk of getting compromised when browsing the Internet. She also explains how Brave's policy of only collecting the bare necessities not only boosts security but also simplifies legal compliance and keeps your data truly private. Key Takeaways:   Security challenges that are unique to browsers, and how Brave builds your user profile differently using user-first principles How security and policy work together for establishing company culture and best practices that ultimately protect both users and the company The potential of AI in automating security tasks, and the critical importance of user education in this evolving landscape The evolution of HTTPS, passkeys, two-factor authentication, and SIM swapping Guest Bio: Yan Zhu has been the Chief Information Security Officer at Brave Software since 2015. Prior to Brave, Yan was a Senior Security Engineer at Yahoo working on end-to-end email encryption, and a Staff Technologist at the Electronic Frontier Foundation, where she worked on open source projects such as HTTPS Everywhere and Let's Encrypt. She has also served on the W3C Technical Architecture Group and DEF CON talks review board. ------------------------------------------------------------------------------------ About this Show: The Brave Technologist is here to shed light on the opportunities and challenges of emerging tech. To make it digestible, less scary, and more approachable for all! Join us as we embark on a mission to demystify artificial intelligence, challenge the status quo, and empower everyday people to embrace the digital revolution. Whether you're a tech enthusiast, a curious mind, or an industry professional, this podcast invites you to join the conversation and explore the future of AI together. The Brave Technologist Podcast is hosted by Luke Mulks, VP Business Operations at Brave Software—makers of the privacy-respecting Brave browser and Search engine, and now powering AI everywhere with the Brave Search API. Music by: Ari Dvorin Produced by: Sam Laliberte  

In today's episode, we explore a critical remote code execution vulnerability in the Ghostscript library (CVE-2024-29510) exploited in the wild (https://www.bleepingcomputer.com/news/security/rce-bug-in-widely-used-ghostscript-library-now-exploited-in-attacks/), the significant impact of the CDK Global cyberattack on Sonic Automotive's sales and operations (https://www.cybersecuritydive.com/news/sonic-automotive-sales-decline-cdk-attack/720722/), and the rise of the Eldorado ransomware-as-a-service targeting Windows and Linux systems (https://thehackernews.com/2024/07/new-ransomware-as-service-eldorado.html). Tune in to get the latest insights and expert opinions on these pressing cybersecurity issues. Video Episode: https://youtu.be/dGMbjah4Gho Sign up for digestible cyber news delivered to your inbox: news.thedailydecrypt.com 00:00 - Intro 01:00 - Eldorado RaaS Encrypts Windows, Linux Files 03:50 - CDK Cyberattack Cripples Sonic Automotive Sales 05:42 - Ghostscript RCE Bug Exploited in Active Attacks Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Episode Tags Ghostscript, CVE-2024-29510, vulnerability, EPS, remote code execution, Linux systems, high-risk attacks, document conversion, protection, Sonic Automotive, CDK Global, cyberattack, financial performance, Ransomware-as-a-Service, Eldorado, encryption, cross-platform technologies Search Phrases How to protect against Ghostscript CVE-2024-29510 vulnerability Sonic Automotive cyberattack news Impact of CDK Global cyberattack on Sonic Automotive Eldorado ransomware encryption techniques Ghostscript EPS files exploit Ransomware-as-a-Service latest threats Financial impact of cyberattacks on automotive industry Advanced cross-platform ransomware Ghostscript remote code execution vulnerability 2024 Eldorado ransomware victims 2024 Jul9 There is a new ransomware as a service named Eldorado that is now encrypting files on both windows and Linux systems using advanced cross-platform technologies. And it's already targeted 16 victims across multiple industries since its debut in March of 2024. How does Eldorados ransomware encryption method differ from the other well-known strains, like lock bit or baboon? The effects of the CDK global ransomware attack. A few weeks ago, still remain as Sonic automotive vehicle sales have plummeted. How are CDK customers recovering and what are the longterm impacts? It might have on their financial performance. And finally. Thursday, remote code execution, vulnerability in ghost script that comes pre-installed on many Linux systems. That's now being exploited. Through EPS files disguised as JPEGs. How can you protect? The document conversion services against this go scrip, vulnerability. You're listening to the daily decrypt. It's both a sad and exciting day when we get to announce a new ransomware as a service operation. This time it's named Eldorado. And it targets both windows and Linux systems with specialized locker variants. It's specific strain of malware surfaced on March 16th, 2024. As of late June Eldorado has claimed 16 victims with 13 in the U S two in Italy and one in Croatia. And specifically it's targeting industries, including real estate education, professional services, healthcare and manufacturing. So it seems like they don't really have a type they're just looking to get their foot in the door. Eldorado. Is similar to all of the major names in ransomware as a service as it is a double extortion ransomware service which is a devilish tactic that builds on the traditional form of ransomware where threat actors. Would gain access to a network. Encrypt all the files. And then sell you the decryption key for an exorbitant amount of money. So that you can decrypt the files and carry on with your business. Well, it's now evolved to that. Plus they exfiltrate all your data and threatened to sell it on the dark web. If you don't pay. Which is much more effective because standard practices to back up your data. So you can get back up online. And if you do that correctly, Encrypting your data. It doesn't do anything because you'll be able to back it up. Oftentimes it's not done correctly. And your backups are also encrypted. But in the case, We're backups are appropriately implemented. These ransomware artists use double extortion. And this service has all the indicators that is very organized. As the affiliate program was advertised on the ransomware forum ramp, which. Indicates a level of professionalism and organization. You'd see in the top ransomware as a service groups. A security research firm was able to infiltrate this ransomware group and identified the representative as a Russian speaker. And noted that Eldorado does not share any sort of code with the previously. Leaked ransomware like locked bit or Bebout. And like mentioned before. This Target's primarily windows and Linux environments. And the encrypter comes in four different formats. ESX PSI. Yes. 6 64 when and when 64. Which enhances the flexibility and increases its threat potential across different system architectures. Eldorado uses Golang for its cross-platform capabilities. Cha-cha 20 for filing encryption and RSA. Oh, AEP for key encryption, it can also encrypt files. On shared networks using SMB. The windows variant employs a PowerShell command to overwrite the locker file with random bites before deleting it. Uh, aiming to erase the trace. Of the threat actor. And for more key indicators of compromise. Check out the article by the hacker news in our show notes. And I'm hopeful that we won't hear much more about this ransomware as a service. But given its capabilities, we probably will. This next story hits a little close to home, which is why I chose to include it in this episode as my car. Stopped working last night. And I got to spend an hour and a half on the phone with the technicians. Just trying to find me an appointment because all of the scheduling was still down due to the ransomware attack. Needless to say. I couldn't get an appointment at the dealership for. Over a month and a half. Which is in line with what the news is reporting. As an effect of the CDK global ransomware attack that happened three or four weeks ago. So Sonic automotive, which is a fortune 500 company has reported a significant drop in car sales. Since June 19th. Which is due to the fact that all their systems were down. So they weren't able to process these car sales at the same speed people. People still want to buy cars. They just can't. You know, it's kind of like fast food. Is a process that changed the market completely. As far as restaurants go. Because they're just able to serve more and more customers. Faster, thus making more money. But it's like if the stove got ransomwared and we had to take the stove down, right. There are alternate methods. Like maybe they go get some hot plates from target or whatever, but it just slows down the process. Which is exactly what ransomware can do. In fact, over 15,000 car dealerships across north America, rely on CDKs cloud-based services. And in the past couple of weeks, CDK was actually able to fully recover, bringing their core services back online. But the trickle down effect is that. These individual dealers still have to keep their services offline. Or we're unable to fully restore their services. So, yeah, this is just one example of how long it takes to recover. From a ransomware attack. And how helpless you can be if the ransomware attack happened earlier on in the supply chain, like it did here. And finally the hottest new vulnerability being exploited in the wild. Is there a remote code execution vulnerability found in the ghost script document conversion toolkit. That is widely used on Linux systems. And often integrated with software, like. Image magic Libra office. Inkscape scribe us. And all kinds of other softwares. This vulnerability affects all installations of ghost script 10. Point zero 3.0 and earlier it allows attackers to escape the dash D safer sandbox, enabling dangerous operations, such as command execution. And file IO. Attackers are exploiting this vulnerability in the wild. Using EPS files disguised as JPEG images to gain shell access to these vulnerable systems. If you work in it. And either no, or unsure. If your systems are vulnerable. Cody and labs has developed and released a postscript file. That can be used to detect these vulnerable systems. So make sure to check out the link by bleeping computer in the show notes below. So you can keep your system safe. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.