Podcasts about rce

Register for FREE Infosec Webcasts, Anti-casts & Summits – https://poweredbybhis.com00:00 - PreShow Banter™ — Pre Stream Appropriate03:39 - N. Korean Remote Workers are at it Again! – BHIS - Talkin' Bout [infosec] News 2025-07-0705:41 - Story # 1: Fortune 500 Cyber Spending Pays Off: Large Enterprise Risk Falls 33% Despite Rising Threats20:01 - Story # 2: Jasper Sleet: North Korean remote IT workers' evolving tactics to infiltrate organizations25:49 - Story # 2b: Engineer caught juggling multiple startup jobs is a cautionary tale of ‘extreme' hustle culture, experts say34:47 - Story # 3: Taking SHELLTER: a commercial evasion framework abused in- the- wild42:15 - Story # 3b: Statement Regarding Recent Misuse of Shellter Elite and Elastic Security Labs' Handling46:58 - Story # 4: Ingram Micro outage caused by SafePay ransomware attack49:45 - Story # 5: Germany asks Google, Apple to remove DeepSeek AI from app stores53:13 - Story # 6: This Call of Duty game just hit Xbox Game Pass, but it's infested with RCE hackers — I'd take cover and avoid playing until there's a fix

Researchers release proof-of-concept exploits for CitrixBleed2. Grafana patches four high-severity vulnerabilities. A hacker claims to have breached Spanish telecom giant Telefónica. Italian police arrest a Chinese man wanted by U.S. authorities for alleged industrial espionage. Beware of a new ransomware group called Bert. Call of Duty goes offline after reports of RCE vulnerabilities. President Trump's spending bill allocates hundreds of millions for cybersecurity. Nearly 26 million job seekers' resumes and personal data are leaked. CISA adds four actively exploited vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog. Outsmarting AI scraper bots with math. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment Cyber attackers are increasingly targeting the very tools developers trust—integrated development environments (IDEs), low-code platforms, and public code repositories. In this segment of Threat Vector, host ⁠David Moulton⁠ speaks with ⁠Daniel Frank⁠ and ⁠Tom Fakterman⁠ from Palo Alto Networks' threat research team about “Hunting Threats in Developer Environments.” You can hear David and Tyler's full discussion on Threat Vector ⁠⁠here⁠⁠ and catch new episodes every Thursday on your favorite podcast app. Selected Reading Public exploits released for Citrix Bleed 2 NetScaler flaw, patch now (Bleeping Computer) Grafana Patches Chromium Bugs, Including Zero-Day Exploited in the Wild (SecurityWeek) Hacker leaks Telefónica data allegedly stolen in a new breach (Bleeping Computer) Italian police arrest Chinese national wanted by FBI for alleged industrial espionage (Reuters) Beware of Bert: New ransomware group targets healthcare, tech firms (The Record) Call of Duty takes PC game offline after multiple reports of RCE attacks on players (CyberScoop) GOP domestic policy bill includes hundreds of millions for military cyber (CyberScoop) TalentHook leaks resumes of 26 Million job seekers (Beyond Machines) CISA Adds Four Known Exploited Vulnerabilities to Catalog (CISA) The Open-Source Software Saving the Internet From AI Bot Scrapers (404 Media) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Kyle Lefton, Security Researcher from Akamai, who is diving into their work on "Two Botnets, One Flaw - Mirai Spreads Through Wazuh Vulnerability." Akamai researchers have observed active exploitation of CVE-2025-24016, a critical RCE vulnerability in Wazuh, by two Mirai-based botnets. The campaigns highlight how quickly attackers are adapting proof-of-concept exploits to spread malware, underscoring the urgency of patching vulnerable systems. One botnet appears to target Italian-speaking users, suggesting regionally tailored operations. The research can be found here: ⁠Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Kyle Lefton, Security Researcher from Akamai, who is diving into their work on "Two Botnets, One Flaw - Mirai Spreads Through Wazuh Vulnerability." Akamai researchers have observed active exploitation of CVE-2025-24016, a critical RCE vulnerability in Wazuh, by two Mirai-based botnets. The campaigns highlight how quickly attackers are adapting proof-of-concept exploits to spread malware, underscoring the urgency of patching vulnerable systems. One botnet appears to target Italian-speaking users, suggesting regionally tailored operations. The research can be found here: ⁠Two Botnets, One Flaw: Mirai Spreads Through Wazuh Vulnerability Learn more about your ad choices. Visit megaphone.fm/adchoices

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: We roll our eyes over the “16 billion credentials” leak hitting mainstream news Some interesting cyber angles emerge from the conflict in Iran Opensource maintainer of libxml2 is fed up with this hacker crap Shockingly, there are yet more ways to trick people into pasting commands into Windows Veeam “patches” its backup software RCE like it's 2002 … by breaking the public PoC This week's episode is sponsored by Internet-wide honeypot reconnaissance platform, Greynoise. Founder Andrew Morris joins to talk about their journey spotting Chinese ORB-builders hacking thousands of ASUS routers, and why they're destined for the woodchipper. This episode is also available on Youtube. Show notes No, the 16 billion credentials leak is not a new data breach Canadian telecom hacked by suspected China state group - Ars Technica Telecom giant Viasat breached by China's Salt Typhoon hackers WarTranslated on X: "Iran's jamming GPS in the Strait of Hormuz, messing with ~970 ships, per Windward. UKMTO confirms the interference. Faulty AIS coordinates are screwing up navigation in the Persian Gulf. The IRGC threatens to shut the strait down in hours. https://t.co/kdMJvshOGC" / X Dmitri Alperovitch on X: "Chairman of the Joint Chiefs Gen. Dan Caine says @US_CYBERCOM supported this strike mission" / X Top Pentagon spy pick rejected by White House - POLITICO DHS warns of heightened cyber threat as US enters Iran conflict | Cybersecurity Dive Exclusive: Early US intel assessment suggests strikes on Iran did not destroy nuclear sites, sources say U.S. braces for Iran's response after overnight strikes on nuclear sites Assessing the Damage to Iran's Nuclear Program Iran Hacks Tirana Municipality in Retaliation Over MEK - Tirana Times Iran's government says it shut down internet to protect against cyberattacks | TechCrunch Aflac discloses cyber intrusion linked to wider crime spree targeting insurance industry | Cybersecurity Dive Tonga Ministry of Health hit with cyberattack affecting website, IT systems | The Record from Recorded Future News Alleged Ryuk ransomware gang member arrested in Ukraine and extradited to US | The Record from Recorded Future News Russia releases REvil members after convictions for payment card fraud | The Record from Recorded Future News OneLogin, Many Issues: How I Pivoted from a Trial Tenant to Compromising Customer Signing Keys - SpecterOps Triaging security issues reported by third parties (#913) · Issue · GNOME/libxml2 README: Set expectations straight (35d04a08) · Commits · GNOME / libxml2 · GitLab What's in an ASP? Creative Phishing Attack on Prominent Academics and Critics of Russia | Google Cloud Blog FileFix - A ClickFix Alternative | mr.d0x Address bar shows hp.com. Browser displays scammers' malicious text anyway. - Ars Technica Researchers urge vigilance as Veeam releases patch to address critical flaw | Cybersecurity Dive ASUSpicious Flaw - Millions of Users' Information Exposed Since 2022 | MrBruh's Epic Blog Perth dad who created ‘evil twin' Wi-Fi did so to access pictures of women GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers

Viasat confirms it was breached by Salt Typhoon. Microsoft's June 2025 security update giveth, and Microsoft's June 2025 security update taketh away. Local privilege escalation flaws grant root access on major Linux distributions. BeyondTrust patches a critical remote code execution flaw. SMS low cost routing exposes users to serious risks. Erie Insurance says their ongoing outage isn't ransomware. Backups are no good if you can't find them. Veeam patches a critical vulnerability in its Backup software. SuperCard malware steals payment card data for ATM fraud and direct bank transfers. We preview our Juneteenth special edition. Backing up humanity.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are sharing an excerpt of our Juneteenth Special Edition conversation between Dave Bittner, T-Minus Space Daily's Maria Varmazis, and CISO Perspectives podcast's Kim Jones. Enjoy this discussion on the eve of Juneteenth and tune into your CyberWire Daily feed tomorrow on your favorite podcast app to hear the full conversation. Selected Reading Viasat hacked by China-backed Salt Typhoon in 2024 US telecom attacks (Cybernews) Microsoft's June Patches Unleash a Cascade of Critical Failures (WinBuzzer) New Linux udisks flaw lets attackers get root on major Linux distros (Bleeping Computer) BeyondTrust warns of pre-auth RCE in Remote Support software (Bleeping Computer) Two Factor Insecurity (Lighthouse Reports) Erie Insurance: ‘No Evidence' of Ransomware in Network Outage (Insurance Journal) Half of organizations struggle to locate backup data, report finds (SC Media) New Veeam RCE flaw lets domain users hack backup servers (Bleeping Computer) Russia detects first SuperCard malware attacks skimming bank data via NFC (The Record) Why one man is archiving human-made content from before the AI explosion (Ars Technica) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Parce que… c'est l'épisode 0x602! Shameless plug 27 et 29 juin 2025 - LeHACK 12 au 17 octobre 2025 - Objective by the sea v8 10 au 12 novembre 2025 - IAQ - Le Rendez-vous IA Québec 17 au 20 novembre 2025 - European Cyber Week 25 et 26 février 2026 - SéQCure 2065 Description Introduction et contexte François Proulx fait son retour pour présenter l'évolution de ses recherches sur la sécurité des chaînes d'approvisionnement (supply chain) depuis sa présentation de l'année précédente. Ses travaux portent sur la détection de vulnérabilités dans les pipelines de construction (build pipelines) des projets open source, un sujet qui avait suscité beaucoup d'intérêt suite à l'incident XZ Utils. Évolution de la méthodologie de recherche Depuis l'année dernière, l'équipe de François a considérablement amélioré ses outils et sa stratégie de détection. Plutôt que de scanner massivement tous les dépôts disponibles, ils ont adopté une approche plus ciblée en se concentrant sur des entités majeures comme Google, Red Hat, Nvidia et Microsoft. Ces organisations sont des contributeurs importants de projets open source critiques et bien maintenus. Cette nouvelle approche leur permet de découvrir des centaines d'organisations GitHub par entité, chacune contenant parfois des milliers de dépôts. L'objectif reste le même : détecter des vulnérabilités zero-day dans les build pipelines qui permettent de compiler, tester et distribuer les projets open source, notamment via GitHub Actions. La problématique fondamentale des CI/CD François présente une analogie frappante pour expliquer la dangerosité des systèmes d'intégration continue : “un CI/CD, c'est juste du RCE as a service” (Remote Code Execution as a Service). Ces systèmes sont des applications web qui attendent de recevoir des déclencheurs sur une interface publique accessible via Internet. Dans le cas de GitHub Actions, il suffit d'ouvrir une pull request pour déclencher automatiquement l'exécution de tests. Cette situation rappelle les vulnérabilités des années 1990-2000 avec les débordements de pointeurs. François utilise une formule percutante : “les build pipelines ressemblent à une application PHP moyenne de 2005 en termes de codage sécurisé”. Cette comparaison souligne que malgré les décennies d'évolution en sécurité informatique, les mêmes erreurs fondamentales se répètent dans de nouveaux contextes. Les mécanismes d'exploitation Les vulnérabilités exploitent principalement les entrées non fiables (untrusted input) provenant des pull requests. Même les brouillons de contributions peuvent déclencher automatiquement l'exécution de tests avant qu'un mainteneur soit notifié. Le problème s'aggrave quand les pipelines nécessitent des secrets pour communiquer avec des systèmes externes (notifications Slack, télémétrie, etc.). Par défaut, GitHub Actions hérite parfois d'anciennes permissions en lecture-écriture, ce qui permet aux tests d'avoir accès à un token avec des droits d'écriture sur le dépôt. Cette configuration peut permettre à un attaquant d'écrire dans le dépôt de manière non visible. Résultats impressionnants des analyses L'équipe a considérablement affiné ses outils de détection. À partir de 200 000 résultats initiaux, ils appliquent des règles plus précises pour identifier environ 10 000 cas intéressants. Ces règles valident non seulement la présence de vulnérabilités, mais aussi les critères d'exploitation et la présence de secrets exploitables. Après validation manuelle, environ 25% de ces 10 000 cas s'avèrent facilement exploitables. Ces chiffres démontrent l'ampleur du problème dans l'écosystème open source, même en reconnaissant l'existence probable de nombreux faux négatifs. Cas concrets : Google et les régressions François rapporte avoir découvert des vulnérabilités dans 22 dépôts appartenant à Google, notamment dans un projet lié à Google Cloud (probablement Data Flow). Après avoir signalé et reçu une récompense pour la correction, une régression est survenue une semaine plus tard dans le même workflow, leur valant une seconde récompense. Cette situation illustre un problème récurrent : même les grandes organisations comme Google peuvent reproduire les mêmes erreurs après correction, souvent par méconnaissance des mécanismes sous-jacents de ces nouvelles techniques d'exploitation. L'affaire Ultralytics : un cas d'école L'incident le plus marquant concerne la bibliothèque Python Ultralytics, très populaire pour la détection d'images par apprentissage automatique. En août, l'équipe avait détecté une vulnérabilité dans ce projet mais s'était concentrée sur les découvertes chez Google, négligeant de signaler cette faille. En décembre, Ultralytics a été compromis par l'injection d'un crypto-mineur, exploitant précisément la vulnérabilité identifiée quatre mois plus tôt. Cette attaque était particulièrement ingénieuse car elle ciblait des environnements avec des GPU puissants (utilisés pour le machine learning), parfaits pour le minage de cryptomonnaies, tout en restant discrète dans un contexte où une forte consommation GPU est normale. Pivot vers la détection proactive Cet incident a motivé un changement stratégique majeur : passer de la simple détection de vulnérabilités à la détection proactive d'exploitations en cours. L'équipe ingère désormais le “firehose” des événements publics GitHub, soit environ 5,5 millions d'événements quotidiens. Après filtrage sur les projets critiques avec des build pipelines, ils analysent environ 500 000 événements intéressants par jour. En appliquant leurs analyses sophistiquées et en croisant avec leurs connaissances des vulnérabilités, ils obtiennent environ 45 événements suspects à investiguer quotidiennement. Validation forensique avec Kong Cette nouvelle approche s'est rapidement avérée efficace. Pendant les vacances de Noël, leur système a continué d'ingérer les données automatiquement. Au retour, l'incident Kong (un contrôleur Ingress pour Kubernetes) leur a permis de créer une timeline forensique détaillée grâce aux données accumulées pendant leur absence. Découverte sur les forums cybercriminels La collaboration avec Flare, spécialisée dans l'analyse du dark web, a révélé des informations troublantes. En recherchant “Ultralytics” sur Breach Forum avec un filtrage temporel précis, François a découvert qu'un utilisateur avait créé un compte 24 heures avant l'attaque, publié exactement la vulnérabilité du pipeline Ultralytics en mentionnant l'utilisation de “Poutine” (leur outil), puis confirmé 24 heures après l'exploitation avoir gagné des Monero grâce à cette attaque. Cette découverte confirme que les cybercriminels utilisent activement les outils de recherche en sécurité pour identifier et exploiter des vulnérabilités, transformant ces outils défensifs en armes offensives. Implications et recommandations Cette situation soulève des questions importantes sur la responsabilité des chercheurs en sécurité. François insiste sur le fait que Poutine, leur outil de détection, devrait devenir le minimum absolu pour tout projet open source. Il compare cette nécessité à l'interdiction d'avoir des dépôts Git pour ceux qui n'implementent pas ces vérifications de base. L'analogie avec PHP 2005 reste pertinente : il a fallu des années pour que la communauté PHP matûrisse ses pratiques de sécurité. Les build pipelines traversent actuellement la même phase d'évolution, avec des erreurs fondamentales répétées massivement dans l'écosystème. Défis techniques et limites François reconnaît honnêtement les limitations de leur approche. Leur système ne détecte que les attaques les moins sophistiquées - des “low hanging fruits”. Des attaques complexes comme celle de XZ Utils ne seraient probablement pas détectées par leurs outils actuels, car elles sont trop bien camouflées. Le défi principal reste de filtrer efficacement le bruit dans les millions d'événements quotidiens pour obtenir un nombre d'alertes gérable par une petite équipe d'analystes. Ils reconnaissent que la majorité des incidents leur échappe probablement encore. Perspective d'avenir François exprime l'espoir que la maturation de l'écosystème des build pipelines sera plus rapide que les 20 ans qu'il a fallu pour sécuriser PHP. Leur travail de pionnier contribue à cette évolution en sensibilisant la communauté et en fournissant des outils concrets. L'angle d'analyse des build pipelines est particulièrement pertinent car il se situe à la croisée des chemins entre le code source et sa distribution, avec des possibilités d'exécution de code qui en font un point critique de la chaîne d'approvisionnement logicielle. Cette présentation illustre parfaitement l'évolution rapide des menaces dans l'écosystème open source moderne et la nécessité d'une vigilance constante pour sécuriser les infrastructures critiques dont dépend l'ensemble de l'industrie logicielle. Notes François Proulx Collaborateurs Nicolas-Loïc Fortin François Proulx Crédits Montage par Intrasecure inc Locaux réels par Northsec

A House oversight committee requests DOGE documents from Microsoft. Predatory Sparrow claims a cyberattack on an Iranian bank. Microsoft says data that happens in Europe will stay in Europe. A complex malware campaign is using heavily obfuscated Visual Basic files to deploy RATs. A widely used CMS platform suffers potential RCE bugs.  North Korea's Kimsuky targets academic institutions using password-protected research documents. Asus patches a high-severity vulnerability in its Armoury Crate software. CISA's new leader remains in confirmation limbo. Our guest is Brian Downey, VP of Product Management from Barracuda, talking about how security sprawl increases risk. Operation Fluffy Narwhal thinks it's time to rethink adversary naming. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.  CyberWire Guest We are joined by Brian Downey, VP of Product Marketing and Product Management from Barracuda, talking about how security sprawl increases risk. You can find more information about what Brian discussed here. Selected Reading Following Whistleblower Reports, Acting Ranking Member Lynch Demands Microsoft Hand Over Information on DOGE's Misconduct at NLRB | The Committee on Oversight and Accountability Democrats (House Committee on Oversight and Government Reform) Pro-Israel hackers claim breach of Iranian bank amid military escalation (The Record) Microsoft lays out data protection plans for European cloud customers (Reuters) New Sophisticated Multi-Stage Malware Campaign Weaponizes VBS Files to Execute PowerShell Script (Cyber Security News) Chained Flaws in Enterprise CMS Provider Sitecore Could Allow RCE (Infosecurity Magazine) Beware of Weaponized Research Papers That Delivers Malware Via Password-Protected Documents (Cyber Security News) Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers (SecurityWeek) Asus Armoury Crate Vulnerability Leads to Full System Compromise (SecurityWeek) Trump's Pick to Lead CISA is Stuck in Confirmation Limbo (Gov Infosecurity) Call Them What They Are: Time to Fix Cyber Threat Actor Naming (Just Security) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Tiff and Britt dive into the nitty-gritty details of turning all that CE energy you have into an implementable system in your practice. They give insight on establishing a point person, training the team, identifying patients, and more. Episode resources: Subscribe to The Dental A-Team podcast Schedule a Practice Assessment Leave us a review Transcript: The Dental A Team (00:01) Hello, Dental A Team listeners. Thank you for being back here with me and I have Miss Brittany Stone. What is it? No BS Brit. Miss BS Brit. I don't remember what Carrie calls you. This is one of them, right? One of them. But also soon to be Grand Canyon champion. If you didn't listen to our case acceptance one, go listen and hopefully soon we will have some results from Brit killing it. Yeah, you will be a survivor.   Britt (00:10) What fun of them!   Winner survivor. One of the two. At least one.   The Dental A Team (00:29) but then I wanna know how much you sleep on Saturday when you're done. So that'll be the big question. Exactly, yeah, how long does it take for you to get back on the bike once you're done? But thank you for being here with us today, Britt. I think we've gotten, I love podcasting with you, your hygiene brain, like Dana's hygiene brain, you guys just kind of come at it from a different angle. I know the rest of us all have dental assisting backgrounds and.   Britt (00:32) Yeah, like that. I if I can reach my legs or not.   The Dental A Team (00:55) you know, hygiene assisting, but that hygienist brain just shares a different section. ⁓ And I think you do really well relating with the doctors and kind of that support team space like we spoke to on the case acceptance one. So I'm excited for today, Brett. Thank you for being here. ⁓ You've got the Grand Canyon, but like, gosh, what else is what else is new and exciting? You just went to one of our favorite Mexican restaurants not too long ago. So that's true.   Britt (01:21) conferences, I went to PNDC, that   was a good time. Luckily it was gorgeous weather there. mean, podcasting today is special. I wear my tooth earrings for us today since we're podcasting, know, just lots of fun things.   The Dental A Team (01:35) Getting a little fancy. I like it. And you guys, so you just went to that conference, you went to the Arizona Dental Convention that was in March, right? I think that one's always March for like the last, I don't know, 50 years. It's always been in March. ⁓ And then you just went to the other one and then you're heading out again in a couple weeks to dentist advisors. Yeah.   Britt (01:55) Yeah, Dentist Money Summit   is by Dentist Advisors, which will be in gorgeous Park City, Utah. So, you know, it's a rough life over here.   The Dental A Team (02:01) Yeah, I   know, right? And actually it's perfect timing because they, I think we've all like our, our seasons were a little bit off this year. So we are barely getting hot, which normally we're at like 110 already, um, which has been fantastic in Arizona, but that meant that Nevada and, um, Salt Lake area, both Reno and Salt Lake area have had snow longer. So I think you're going to hit Salt Lake for Dentist Money Summit right as the like peak.   summer season starts. So you're gonna get some beautiful weather and I'm a little jealous. I will be in California or something like that. But anyways, somewhere.   Britt (02:36) somewhere else. It'll be great.   And my second, my nephew, second of my nieces and nephews graduate. So I won't go to graduation, but I'll get to go. I'm like, I'll be coming like a couple weeks later to see you. So I'll go get to see them while I'm up there too.   The Dental A Team (02:50) Okay.   Okay, good, good. I was like, wait a second, how do we get you there? That's good.   Britt (02:55) I'm not fighting the crowd up there for graduation,   which he's like, mom, everybody graduates. I'm like, no, it's still a big deal. We'll just celebrate when I come see you on my own instead of along with everybody else.   The Dental A Team (03:06) gosh,   that's funny. I was just talking over the weekend, we had a graduation party that we had to drop in on yesterday. So was like, gosh, I'm gonna have to, which is, I don't like thinking about it, but I have to start thinking about it that Brody's in a year. So was like, Aaron's like, is he gonna want a party? And he, said, no, he's gonna be the kid that's like, everybody graduates. It's fine. Like it's no big deal. But it is a big deal. same, Exactly.   Britt (03:26) But they still want it, even though you know it, even though they're like, they're   disappointed, it's like, oh, come on. But like, they want it.   The Dental A Team (03:33) Exactly. It's like my birthday where I was like, it's fine. Like just a dinner, but like, had they not done a big deal for my 40th, I probably would have, you know, been in shambles. So when it comes, he's surely going to want it, but graduation season is upon us and it's wild that we are in the space of life that we're experiencing it with them. think that's crazy. And anyways, you've got some fun travels. if you guys aren't heading CE events, make sure that you do and make sure that you check out.   a lot of RCE events. So if you're a listener, if you're a client, whatever, you're a listener and a client, like whatever you guys want, we have, what is it? Every third Wednesday, we have a CE webinar. We've got a really cool webinar coming up in August that we do. ⁓ Every year the content shifts and changes, but.   Britt (04:20) to like check out our Instagram if you don't follow us. If I'm there, come find me. Let me know, message us. I got at PNUC to see a few clients which is really fun. It's always nice when we get to meet up in person. So, whether you're a client or just a listener, come find me.   The Dental A Team (04:22) Yeah.   Yeah.   Yeah,   especially in Brits position because you have a handful of your own clients, but you oversee a lot of the company. So you know all of the client names, but you don't get to see them and meet them. So I know I have a few clients that are asking if I was going to be there and I'm not. I was like, you got to go find, seek out Brit, like go meet Brit. So definitely, definitely follow the Instagram, make sure that you reach out to Brit.   If you're there, look for her, say hello, take a little picture with her, and then make sure you're hitting those CEs and make sure you're hitting all the free ones, you guys. We put out a ton of free CE and why not? Because I know you need to stack those hygienists and doctors. You guys need to stack those CE credits. So do it for free wherever you can. And then, like I tell one of my prized clients, set up a CE bucket so that you're saving money for the CE that's not free. And on that note...   I think, ⁓ we were actually just talking and I think it's funny because I do think this was like super high thing and right now it's like, I think it's kind of stabilized. It's not quite as sought after as heavily as it was, but for the clients that are doing it or still trying to implement it, there are still some really great CE avenues out there. Today we wanted to talk a little bit on the sleep apnea avenue, systems wise, not to sleep apnea. That's not our genre. You can go take CE for that, Britt can probably tell you a ton.   medically, but you know, that's not our genre, but our genre, our space, our niche is the systems behind it. And so on the note of CE and implementing, do think even if you're not doing sleep apnea, or you're not considering sleep apnea, a lot of what we talk about today is copy pasteable, like systems are systems, you guys, and we we overcomplicate it in life. And what we say for one thing can easily be duplicated and slightly altered for something else. So if there's CE that you're doing, which doctors we love you.   so much. And when you go to CE, you come back just like ecstatic. And if you didn't take team with you, you're the only one. And it's so hard sometimes to get that generating. Typically, it's that there's not, it's just all a fun idea. There's not a really good system behind it to get that momentum. So taking these systems, even what we talked about for sleep apnea, whatever CE you do, apply it to that. And like you said with the sleep apnea, if they're not taking team members, like it can be really hard to implement. And that's a space too.   if you can bring team members to any of that CE or sign them up for the webinar and get them included in it, I think that's a great space too. anyhow, sleep apnea side and system side, Britt, you've worked out the hygienist. So I know that this is some of the stuff like the questionnaire style and that stuff. Like what do you see and what you've actually helped practices implement the systems for sleep apnea. So what do you see as?   Britt (07:10) Thank   The Dental A Team (07:24) the biggest ticket items of implementing sleep apnea or just CE style in general that is easy, that's duplicatable like that.   Britt (07:34) And I think sleep and my yo that's coming in pretty strong for a lot of people too. I think you can similar areas when it comes to looking to implement something successfully. I think that you would look for. So if you're doing one or the other, ⁓ number one, I think is making sure that our team knows what it is. Like Tiff said, doc, you can go to a CE and you get all excited and you understand all the things behind it to see all the dots connect and why this is so important.   because it is, but the team often is behind. So whenever you're looking to do something, you might just take a course as like an exploratory, right? And then you're like, no, this is something I really want to do. When you start to get into that phase of like, no, I really want to work on implementing this. I want you to look for things that are going to help train your team because your team is going to be needing to have 90 % of these conversations with patients and you're going to   Goal is for you not to have all of the conversations with all of the patients. The goal is for the team to be able to help support you, identify patients and start to educate patients and warm them up to the idea. Because just like for your team, it's kind of a newer thing or a different thing or something they don't know all the details about, it doesn't come easily to them. Patients even more so. So that's why our team needs to be really confident in knowing what it is, the reasons why, and being able to talk about it.   I think is number one place to start. Along with that, would say have someone call it your champion, call it your lead of that thing, whatever title you want to give them of someone who is going to be that person who is going to make sure the team has all the things. We educate the team on all the things and they're going to be the one to really ⁓ kind of take point on implementation and keeping this going and getting it to where it becomes a program that's ingrained within our practice.   we need someone to be that person. So from the get-go, education, someone who's gonna be a point person before we even start on implementing anything with our patients. So that would be my number one thing, Tiff, to start with is education and identify as someone who's gonna be the point person, because they're gonna start thinking of implementation, what are all the things we need in our practice to get this program going.   The Dental A Team (09:54) Yeah, and even like ortho, I have like the same I'm thinking the same thought process because anything that you're trying to grow that doesn't you don't put attention on isn't going to grow. So to your champion conversation there, whether it's sleep, my ortho implants, like anything that's not crowns, fillings, bridges, you know, and even I do have a lot of practices that even do it for crowns, whatever that champion making sure there's a   Britt (09:57) Hmm. Yeah.   The Dental A Team (10:22) a job description. And I love that you said the education piece because that I think even when I've seen practices implement the champion space, it's still the education piece falls back to the doctor. But putting that I think that's brilliant putting that on the champion of scheduling out the lunch and learns making sure that they're doing the role playing with the with the team and that they're having these meetings with the team on the education and the why behind it, so that they can take that information and   and tackle it with the patients. And then it made me think too, like KPI is their key performance indicator. So that champion is responsible for seeing, how many times, how many patients do we need to talk to about this to get our case acceptance where we want it or to get that many cases? I know like for ortho, we might do, we want five starts this month or 10 starts this month. So then you look at how many patients do we need to talk to about ortho in order to get.   that because your case acceptance might be like 25%. So you're doing the math for that. then, Brett, I'm thinking that champion is then responsible for collecting the data from the team on how many patients do we talk to, how many patients signed up, and kind of championing all of the results and then looking at how do I control and manipulate the results based on the education implementations, all of those pieces.   Britt (11:46) agreed and that's I think probably you Tiff right with clients. Like you said, the new thing, right? Name the new thing that we're doing within the office and you know, they want to do more of that thing and I'm like, alright, well, what's going on? Why aren't we even getting it presented to patients? What's happening? Well, we're just not talking about it, right? Like it really comes back to that. That's one of the biggest hurdles to get over is just talking about it and making sure patients know what it is.   The Dental A Team (12:05) Yeah.   Britt (12:16) what benefit it would be to them if they're a candidate, if this is something that they need. So that's why I say, make sure we've got that foundation first. And then we go into, okay, we've got a team more comfortable talking about it. How do we identify opportunities with patients? And then that's where we move into what kind of screening do we want for this specific treatment for sleep apnea? Then all right, what kind of screening do we wanna incorporate?   across the board. So it's not reliant on a human thinking, this one would be a candidate. Like, no, what are you screening to where we know when these things are checked or we get this answer to this question, they are someone then that we are going to talk to about a sleep appliance or sleep apnea, we're working on getting them tested, whatever it may be.   The Dental A Team (13:01) Yeah. And within that, asking those leading questions so that the patient starts thinking, because I think like back to, I think a lot of people do ortho. So back to ortho, you come in and you're hot and heavy. Like I got to get, I'm getting ortho cases and the patient has not had any like leading questions to make them start thinking that there's a problem or a solution needed for a problem. And then you come in and you're like, have you ever thought about ortho? And they're like, no, I haven't.   Right? Because we didn't make them think about ortho kind of the same. Like, do you, you know, ⁓ I hear you might be a snorer, right? Or just coming in and being like, Hey, you've got these weird scallops on your tongue and I think you might need this. And then we just go on this tangent of sleep apnea and they're like, I have no issue sleeping. But if we start asking those leading questions of, do you find yourself tired in the middle of the day? does your partner, you know, do you wake your partner up a lot? Do you toss and turn a lot?   night? Like, are you getting up to use the restroom a lot at night? Like different things that are preheating and leading into there might be something going on there, I think is a space that we kind of overlook sometimes. And we just jump into this is the solution. And it kind of gets lost in translation. And then right on to like layering on top of that, you've got your questionnaire, you've got your team, they're ready to go. You've got all of these pieces.   there, you know what your lead and lag measures are, then you set like identifying the patients, we're identifying the patients and then that layer, like it never stops, there's always the next layer. And that next layer is okay, if we can identify the patients, now we get to track and see, are we getting those patients? So then we say, okay, well, most of my patient base is 18 to 26 years old.   might not be getting like that might not be the patient base you need for sleep apnea or for implants or whatever it is that you want to specialize in. then you've got to look and see, do I need to determine something different in my patient avatar to fit what I'm trying to implement what I'm trying to get because there's only so much you can do with the patients that you're getting in. So it just like keeps layering but comes down to I love like step one it feels like Brit from what you're saying is   Find that champion and make sure that champion is thoroughly educated in what their job is and what the procedure is so then they can, step two, help you to train the team, get the team on board, figure out the why. Step three, find the patients. Step four, how do we get more of those patients?   Britt (15:42) Yeah, which I think then plays into marketing, right? Marketing at the end of the day is the number of times of exposure. So, right, when it comes down to it, then what are we putting out there? What do we have around our office? What, even if it's peripherally, are our patients seeing to know that this is a thing and that it exists? Because then it won't be as much of a surprise to them when we have a conversation or they're like, well, why aren't you know, I don't even know what that is. They at least, oh, I've seen XYZ about that.   thing in your office or on the TV out in the waiting room, whatever it may be, to start warming them up to it as well. And then depending on how much you want to grow that and be known for that thing, mean, Tiff is the marketing queen. Then there's like a lot more marketing that goes behind it.   The Dental A Team (16:29) Yeah, I do love marketing. don't know why, but I really do. ⁓ But you're making me think of, because it's subliminal. I think that's why I love it. Because it's like, what can I do to make someone think this way, right? Like I love, I love the way the brain works. I love communication. That's why. So I'm thinking as you're speaking to that, like you're saying like have it off to the side and have it on a TV like 100 % because most of the time we're just being again, preheated.   to the possibility of needing something. So if you think of like a Doritos commercial, right? Like they don't just in the beginning come out with the, like they're not like Doritos, right? It's like, hey, we're grabbing some Doritos out of a chip bowl and all of the like tortilla chips, the unnamed tortilla chips over there is full, but the Doritos are like empty, but we're having conversation, we're having fun, we're in a party because now you're thinking about Doritos associated to fun. So that's how marketing works. It's like little snippets of   this thing and how it's going to benefit your life. Not just like, hey, have some Doritos. Because if somebody came by and they're like, hey, Doritos are amazing, have Doritos. They're just, they're so tasty, you're gonna love them. You're like, I'm okay actually, like, I don't need a Dorito, right? But if they're like, hey, like, let's have fun, let's have a party, let's get people talking, it's gonna be so amazing and you can have these Doritos over here that's gonna, everybody's gonna stand around the bowl and they're gonna socialize.   then you're like, yeah, let me try these Doritos. So it's kind of that same thing. Like how is this thing, this sleep apnea, this ortho, this Botox, these injectors, the fillables, how is this going to benefit the patient's life and speak to the benefits and the problem, not the solution? Because being like, Botox, Botox, Botox, Botox, right? Like Botox is cool, but like why do I want Botox? Because I wanna look 30 when I'm 45.   That's why I Botox. And when do I need to start? When I'm 28. Like, how do we get this subliminal messaging into different aspects of our practice and our speaking? And then what it also does is gets your team speaking that language too, because they're constantly seeing it. So they're constantly being reminded. And as you guys are checking on...   Britt (18:23) Perfect.   The Dental A Team (18:44) KPI is and how is it working and how is it growing? We're constantly coming back to this space that you're trying to implement and grow. Caveat of one at a time. Botox and color is fine. Sleep apnea.   Britt (18:56) I was thinking the same exact thing.   The Dental A Team (19:01) you can't come home and be like we're doing sleep apnea we're gonna ramp up our ortho and guess what guys I need five more implants and it's like I don't know which one to focus on so one major change at a time and let it sit let it ruminate and see how it goes I like six months at least for like a big implementation like that ⁓ but   Britt (19:22) Be   good at that thing, right? I think that's when we do too much at once. You and your team, right? And the bigger the team, the more people you're trying to move. You're not gonna get good at it. And then let's be honest, if I'm not good at it, I'm not gonna do it as much. Let's just welcome to human nature again. Like it's a harder thing to do. It takes more effort. But if we focus on one and that one thing we get really good at and it becomes really easy, then that will stick and then we can move on to the next thing.   The Dental A Team (19:52) Yep. Yep. And always come back again to everything else too, because I've had clients that I've done, you know, let's focus in on implants. we're getting we're talking about it this many times, we're getting this many, we're looking for this many, you know, whatever all the pieces so   we're speaking to implants, we get really good at that. And they're like, cool, like, I want to do more ortho. It's like, okay, well, now we're laying on ortho. But then they're like, hey, wait, I haven't done an implant. I'm like, well, why? Because you lost focus on the implants, because you're so focused on the ortho. So you've got to just layer it in there and be like, on top of like being good at this, we also need to become good at this. So don't lose sight of it or stop tracking the one because you layered on something else, you literally just layering another level to it. And now you're doing both because   honestly, just those two, right? Implants and ortho go hand in hand, you know, do ortho before you place the implants or do ortho so that you can place an implant because the space is too small. Like how are you, how can your team help layer those together and support you in getting those things done? And firstly, Baphne, it's exactly the same. How can your team support you in getting it done? Because you've got what? 1500 to 3000 patients. You've got a team of five to   25 30 you cannot do it all you've got to have at least one champion who is helping you and when you do have those spaces to Britt's point of not doing too many and losing sight if you have a champion of each your phone you they are focused on that thing and so they're ensuring their thing their needle is moving so you've got your   champion of sleep apnea that's like, hey guys, nope, we lost focus, don't forget. And you got your champion of ortho that's like, cool, I've got my metrics over here and making sure that those are staying in line.   Britt (21:41) And I think once you start doing some cases, especially things where there's more of a knowledge gap, even in Visalign, right? Make sure you're getting results. So like you're getting testimonials, you're getting pictures at the end. Whenever there's a big investment, people want to know like what that means for them. Like what can that be for me? And so that's where   Having something to look at to see before and after and having testimonials for people goes a long ways, especially on things where there's more of a knowledge gap like sleep apnea. Because those patients are gonna really highlight what is important to them, which then is gonna be most likely what's important to all of your people that are in their same seat.   The Dental A Team (22:22) Yeah, I love it. love it. one, step one, figure out what you're going to do. If it's sleep apnea, it's sleep apnea. One thing, choose the one that you're gonna focus on right now. Step two, figure out what your champion's position looks like or lead or whatever you wanna call it. Quarterback, I don't care what you call it. That position, what's that job description? What are the metrics? Like what does that person need to do? So step one, figure out what you're gonna do. Step two, find your champion.   Britt (22:26) One thing, one thing.   The Dental A Team (22:52) figure out what that champion's gonna do. Step three, train your team. Step four, do the thing and track the results every time. I think really easy duplicatable systems that we tagged here as like Sleepapnea, Myo, whatever you wanna focus it on, but literally this system can be duplicated for any major change you're trying to make in procedures within your practice. And then I think the last layer is   within your metrics, watch your marketing and figure out what needs to shift and change there. Brit, brilliant. Brilliant Brit. That's the one. Brilliant Brit. Brilliant Brit.   Britt (23:27) That's the one I like   more. That's the better one.   The Dental A Team (23:32) one   I'm gonna use. Brilliant Brit. ⁓ thank you or brainy Brit right but anyways thank you ⁓ for being here with me today for doing this. I knew ⁓ with the implementations you've done before with Sleep Apnea and Mayo you've worked with the you've worked with that before so I knew that you would have some great ideas so thank you so much for being here. I can't wait to hear from you on Saturday that you survived the Grand Canyon Rim to Rim happily and you're still smiling and you're just sleeping.   Britt (24:02) Maybe I'll stream my before and after. We'll see. Maybe even with Dental A Team. We'll see. It depends on how bad it is afterwards.   The Dental A Team (24:08) Yeah.   Oh my gosh, that's fair. Yeah, that's fair. You can at least share with me and then we can decide. everyone, go find your thing. What's your one thing right now? What are you going to put? This is something I've been living by. You guys, we can talk about the book. can Hello@TheDentalATeam.com and ask me for it. But what are you putting a 10x effort into? What's your 10x problem that you're putting 10x effort into? Choose that thing. Focus there. Go do it. Duplicate.   create a system that can be duplicated and have so much fun doing it. Again, if you need help with it, you have questions, you want recommendations, Hello@TheDentalATeam.com. We are all here to help. We all help answer those questions. So reach out and as always drop us a five star review below. We love to hear that this was implementable for you, that it was helpful and any ideas you guys have for future ones, we're always open to those. So Britt, thank you for being here. Listeners, thank you for being here and we'll catch you next time.

Arrow Exploration CEO Marshall Abbott joined Steve Darling from Proactive to share the company's robust first-quarter performance, marked by a 36% year-over-year increase in total oil and gas revenue, reaching US$19.51 million. First-quarter earnings rose 15% to US$11.53 million, with net income of US$2.66 million, reflecting the company's continued success in expanding production and operational efficiencies at its Colombian assets. Abbott noted that operating cash flow totaled US$14.43 million, and Arrow exited the quarter with a strong cash position of US$24.95 million, even after US$11.38 million in capital expenditures. These investments supported the drilling of two new horizontal development wells—AB 2 and AB 3—in the Alberta Llanos field, as well as the completion of a 90 km² seismic survey on the southeast Tapir Block. The company has also made significant infrastructure progress, building a new road system linking the Carrizales Norte pad with the Capullo, Mateguafa Oeste, and Mateguafa Attic pads, which will serve as critical hubs for Arrow's 2025 drilling campaign. Importantly, a second rig has been secured, and the first of four planned wells at Rio Cravo Este (RCE) is expected to be spudded in early June. Abbott emphasized that despite global oil price volatility, Arrow maintains “very healthy netbacks”, underscoring the company's resilience and operational efficiency. Looking ahead, Arrow's strategic focus remains on growing production through ongoing development at Carrizales Norte, RCE, and Alberta Llanos, while also pursuing low-risk exploration opportunities across its Tapir Block. #proactiveinvestors #arrowexplorationinc #aim #axl #tsxv #axl #ColombiaEnergy #MarshallAbbott #Q1Results #OilDrilling #EnergyInvestment #SeismicSurvey #WaterDisposal #PrepaymentDeal #ExplorationAndProduction #LlanosBasin #EnergySector #ProactiveInvestors

Our city had the worst air quality in the world at the time of recording, with an Air Quality Index of 446 (that's like smoking over 60 cigarettes a day). We explore what led to these hazardous conditions, how wildfires are affecting our communities and even reaching Europe, and why Canada's air quality reporting system needs a 21st-century overhaul. Join The Clean Energy Show's CLEAN CLUB on Patreon for exciting perks! Our monthly bonus podcast is coming up this week! The Clean Energy Show received two sustainability awards from the Regional Centre of Expertise (RCE), a United Nations University network promoting Education for Sustainable Development.  The fast fashion industry gets a sustainability report card. H&M tops the chart with a B+ thanks to its real investment in decarbonization. But most brands are still failing. Read more from Bloomberg: https://www.bloomberg.com/news/articles/2025-06-03/h-m-outperforms-zara-and-shein-on-green-report-card-for-fashion Swiss authorities averted disaster by evacuating the town of Blatten before a monitored glacier collapsed. But such preventative infrastructure is rare globally. More from Bloomberg: https://www.bloomberg.com/news/articles/2025-06-03/swiss-glacier-collapse-is-a-lesson-on-climate-disaster-management Jason Cook-Studer of the Lac La Ronge Indian Band is building microgrids and district heating with salvaged wood while fighting fires threatening his traplines. We share his inspiring work in a featured clip. Andrew Johnson from One School, One Farm—building bridges between classrooms and climate resilience: We play a clip from his RCE presentation! ⚡ In the Lightning Round: Used solar panels get second life through Search4solar http://dlvr.it/TL6xmA Port of L.A. cuts ship emissions 24% with OpenTable-style scheduling https://www.bloomberg.com/news/articles/2025-06-03/how-to-cut-shipping-pollution-quickly-and-cheaply

Referências do EpisódioThe Sharp Taste of Mimo'lette: Analyzing Mimo's Latest Campaign targeting Craft CMSUsage statistics and market share of Craft CMSHow Craft CMS built Craft CloudInvestigating an in-the-wild campaign using RCE in CraftCMSRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Episode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we're joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! Then, we sit down with Lupin and Monke for a winners roundtable and retrospective of the event.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Check out the CTBB Job Board: https://jobs.ctbb.show/Today's Guests:Zak Bennett : https://www.linkedin.com/in/zak-bennett/Ciarán Cotter: https://x.com/monkehackRoni Carta: https://x.com/0xLupin====== Resources ======We hacked Google's A.I Gemini and leaked its source codehttps://www.landh.tech/blog/20250327-we-hacked-gemini-source-code====== Timestamps ======(00:00:00) Introduction(00:03:02) An RCE via memory corruption(00:07:45) Zak's role at Google and Google's AI LHE(00:15:25) Different Components of AI Vulnerabilities(00:24:58) MHV Winner Debrief(01:08:47) Technical Takeaways And Team Strategies(01:28:49) LHE Experience and Google VRP & Abuse VRP

Referências do EpisódioEarth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in TaiwanMarbled Dust leverages zero-day in Output Messenger for regional espionageResearchers found one-click RCE in ASUS's pre-installed software DriverHubModern Incident Response: Tackling Malicious ML Artifacts/bin/live - programa da Mente Binária que ocorre hoje às 20hsRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Sans 13 will be releasing after 12, and we're now all caught up.Welcome to Sans, episode 13. This">https://view.email.sans.org/?qs=6dc4120f1b77a95c7cf4ce4cd833f7454db9893d83c0674e789006dd8cd6812ed7fca17eaacce81bdd8dd2995972b696348c261f745add4e84cbc846682d8a7ee877e6dced0706bf45e756ebdaaf3091">This is the link you'll use to go to the newsletter. If you use windows, look for the story dealing with remote desktop and their use and acceptance of old passwords that may have been changed. Apple has an RCE dealing with airplay, more breaches and two more British companies hit with a cyberattack.

A critical vulnerability in Erlang/OTP SSH allows unauthenticated remote code execution. There's a bipartisan effort to renew a key cybersecurity info sharing law. A newly discovered Linux kernel vulnerability allows local attackers to escalate privileges. A researcher uncovers 57 risky Chrome extensions with a combined 6 million users. AttackIQ shares StrelaStealer simulations. A major live events service provider notifies employees and customers of a data breach. CISA warns of an actively exploited SonicWall vulnerability. An airport retailer agrees to a multi-million dollar settlement stemming from a ransomware attack. A preview of RSAC 2025 with Linda Gray Martin and Britta Glade. Zoom-a-zoom zoom, it's always DNS.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Dave sits down with Linda Gray Martin, Chief of Staff, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2025. Selected Reading Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (Bleeping Computer) Bipartisan duo wants to renew 10-year-old cyberthreat information sharing law (The Record) Linux Kernel Vulnerability Let Attackers Escalate Privilege – PoC Released (Cyber Security News) Chrome extensions with 6 million installs have hidden tracking code (Bleeping Computer) Emulating the Stealthy StrelaStealer Malware (AttackIQ) Live Events Giant Legends International Hacked (SecurityWeek) CISA tags SonicWall VPN flaw as actively exploited in attacks (Bleeping Computer) Airport retailer agrees to $6.9 million settlement over ransomware data breach (The Record) Global Zoom Outage Caused by Server Block Imposed from GoDaddy Registry (Cyber Security News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The duo are back for a discussion on securing machine learning models using Sigstore, based on a recent blog post from Google Security. Followed by some spicy takes on opinions on vibe coding and its effects on application and product security. Finally, short-lived tokens used to exploit RCE against the GitHub CodeQL Action.

Python Bot Delivered Through DLL Side-Loading A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Side-Loading/31778 Tomcat RCE Correction To exploit the Tomcat RCE I mentioned yesterday, two non-default configuration options must be selected by the victim. https://x.com/dkx02668274/status/1901893656316969308 SAML Roulette: The Hacker Always Wins This Portswigger blog explains in detail how to exploit the ruby-saml vulnerablity against GitLab. https://portswigger.net/research/saml-roulette-the-hacker-always-wins Windows Shortcut Zero Day Exploit Attackers are currently taking advantage of an unpatched vulnerability in how Windows displays Shortcut (.lnk file) details. Trendmicro explains how the attack works and provides PoC code. Microsoft is not planning to fix this issue https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html

Static Analysis of GUID Encoded Shellcode Didier explains how to decode shell code embeded as GUIDs in malware, and how to feed the result to his tool 1768.py which will extract Cobal Strike configuration information from the code. https://isc.sans.edu/diary/Static%20Analysis%20of%20GUID%20Encoded%20Shellcode/31774 SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries xml-crypto, a library use in Node.js applications to decode XML and support SAML, has found to parse comments incorrectly leading to several SAML vulnerabilities. https://workos.com/blog/samlstorm One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild A just made public deserialization vulnerablity in Tomcat is already being exploited. Contributing to the rapid exploit release is the similarity of this vulnerability to other Java deserializtion vulnerabilities. https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/ CVE-2025-24813 CSS Abuse for Evasion and Tracking Attackers are using cascading stylesheets to evade detection and enable more stealthy tracking of users https://blog.talosintelligence.com/css-abuse-for-evasion-and-tracking/

A very technical episode this week, featuring some posts on hacking the xbox 360 hypervisor as well as AMD microcode hacking.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/276.html[00:00:00] Introduction[00:00:15] Reversing Samsung's H-Arx Hypervisor Framework - Part 1[00:10:34] Hacking the Xbox 360 Hypervisor Part 1: System Overview[00:21:18] Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit[00:30:48] Zen and the Art of Microcode Hacking[00:41:51] A very fancy way to obtain RCE on a Solr server[01:03:49] Cellebrite zero-day exploit used to target phone of Serbian student activist[01:16:03] When NULL isn't null: mapping memory at 0x0 on LinuxPodcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9

New guidelines for health care privacy and consent, extending data sharing to new types of organizations, ensuring the clinical usability of data, and just lots and lots of growth—these are on the agenda of The Sequoia Project in the upcoming year. In this video, CEO Mariann Yeager concisely explains in this interview their recent achievements, how they work with the ONC and other stakeholders on TEFCA and QHINs, and some of their upcoming plans.Yeager has been CEO of The Sequoia Project since it began in 2012. It is Assistant Secretary for Technology Policy's (ASTP – Formerly ONC) recognized coordinating entity (RCE) to implement the government's Trusted Exchange Framework and Common Agreement (TEFCA), which went live a year ago. While they have gotten a lot of attention for being the TEFCA RCE, The Sequoia Project has almost a dozen healthcare interoperability projects they are working on.Learn more about The Sequoia Project:https://sequoiaproject.org/Health IT Community:https://www.healthcareittoday.com/

Credential theft puts sensitive corporate and military networks at risk. A federal judge refuses to block DOGE from accessing sensitive federal data. New York-based Insight Partners confirms a cyber-attack. BlackLock ransomware group is on the rise. OpenSSH patches a pair of vulnerabilities. Russian threat actors are exploiting Signal's “Linked Devices” feature. Over 12,000 GFI KerioControl firewalls remain exposed to a critical remote code execution (RCE) vulnerability.CISA issued two ICS security advisories. Federal contractors pay $11 million in cybersecurity noncompliance fines. In our CertByte segment, Chris Hare is joined by Steven Burnley to break down a question targeting the ISC2® SSCP - Systems Security Certified Practitioner exam.Sweeping cybercrime reforms are unveiled by…Russia? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources, for the past 25 years, N2K's practice tests have helped more than half a million IT and cyber security professionals reach certification success. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isc2.org/certifications/sscp    Selected Reading Hundreds of US Military and Defense Credentials Compromised (Infosecurity Magazine) DOGE Team Wins Legal Battle, Retains Access to Federal Data (GovInfo Security) Musk Ally Demands Admin Access to System That Lets Government Text the Public (404 Media) Cyber Investor Insight Partners Suffers Security Breach (Infosecurity Magazine) BlackLock On Track to Be 2025's Most Prolific Ransomware Group (Infosecurity Magazine) Qualys reports two flaws in OpenSSH, one critical DDoS (Beyond Machines) Russian phishing campaigns exploit Signal's device-linking feature (Bleeping Computer) Over 12,000 KerioControl firewalls exposed to exploited RCE flaw (Bleeping Computer) CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities (Cyber Security News) Managed healthcare defense contractor to pay $11 million over alleged cyber failings (The Record) Russian Government Proposes Stricter Penalties to Tackle Cybercrime (GB Hackers)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's episode of Exploit Brokers, we dive deep into two major security threats making waves across the digital world. A critical Remote Code Execution (RCE) vulnerability in Microsoft Outlook is putting millions of users at risk, with hackers exploiting it through spear phishing emails and malicious links. Not only that, but we're also uncovering the stealthy tactics of the notorious North Korean hacking group, Kimsuky. They're evolving their methods with custom RDP wrappers and proxy tools to evade detection while gaining unauthorized access to systems. Stay informed about the latest threats, learn how to keep your systems secure, and protect yourself from the growing wave of cyberattacks that are more dangerous than ever.  #OutlookRCE #Cybersecurity #Hacking #ExploitBrokers #CyberThreats #Phishing #RDPWrapper #Kimsuky #RemoteCodeExecution #MicrosoftSecurity #TechNews #Malware #DataBreach #EmailSecurity #Hackers #InfoSec #SecurityUpdates #cyberdefense

This week features a mix of topics, from polyglot PDF/JSON to android kernel vulnerabilities. Project Zero also publishes a post about excavating an exploit strategy from crash logs of an In-The-Wild campaign. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/269.html [00:00:00] Introduction [00:07:48] Attacking Hypervisors - From KVM to Mobile Security Platforms [00:12:18] Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal [00:19:41] How an obscure PHP footgun led to RCE in Craft CMS [00:34:44] oss-security - RSYNC: 6 vulnerabilities [00:42:13] The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit [00:59:59] security-research/pocs/linux/kernelctf/CVE-2024-50264_lts_cos/docs/exploit.md [01:10:35] GLibc Heap Exploitation Training Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Join Automox's cybersecurity experts as they discuss the latest Patch Tuesday updates, focusing on vulnerabilities in Active Directory, Hyper-V, and macOS 15.2. They highlight the importance of staying updated and the evolving threat landscape, particularly with the rise of phishing attacks and the need for robust security measures in enterprise environments.

In this episode of the SANS Internet Storm Center's Stormcast, we cover critical vulnerabilities affecting OpenSSH, BeyondTrust, and Nuclei, including the newly discovered "RegreSSHion" flaw and a bypass vulnerability in Nuclei. We also discuss how malware evasion techniques can impact analysis environments and highlight the dangers of fake exploits targeting researchers. Tune in for insights on patching, mitigation strategies, and staying ahead of emerging threats. Topics Covered: Make Malware Happy https://isc.sans.edu/diary/Make%20Malware%20Happy/31560 A look at how malware adapts and detects analysis environments, and why replicating operational settings is critical during malware analysis. Nuclei Signature Verification Bypass (CVE-2024-43405) https://www.wiz.io/blog/nuclei-signature-verification-bypass A critical vulnerability in Nuclei allows malicious templates to bypass signature verification, risking arbitrary code execution. Critical Vulnerability in BeyondTrust (CVE-2024-12356) https://censys.com/cve-2024-12356/ A high-risk flaw in BeyondTrust products allows unauthenticated OS command execution, posing a significant threat to privileged access systems. RegreSSHion Code Execution Vulnerability (CVE-2024-6387) https://cybersecuritynews.com/regresshion-code-execution-vulnerability/ OpenSSH vulnerability "RegreSSHion" enables remote code execution, and fake exploits targeting security researchers are in circulation.

Una revisión sistemática y metanálisis reciente publicada en Resuscitation nos ofrece nueva información que impacta directamente en cómo enseñamos y practicamos en entornos prehospitalarios y hospitalarios el acceso vascular intraóseo (IO) versus el intravenoso (IV). ¿Qué significa esto para los protocolos como ACLS, PALS y PHTLS? El Estudio: ¿Qué se Investigó y Por Qué Importa? En entornos de paro cardíaco, el acceso vascular rápido y eficaz es esencial para administrar medicamentos que pueden salvar vidas, como epinefrina y antiarrítmicos. La vía intravenosa (IV) ha sido el estándar de oro, pero puede ser difícil de obtener, especialmente en circunstancias prehospitalarias. Aquí es donde entra la vía intraósea (IO), una técnica que ofrece acceso rápido en huesos largos como la tibia proximal o el húmero proximal. Un reciente metanálisis evaluó la efectividad clínica del acceso IO frente al IV en adultos con paro cardíaco prehospitalario (OHCA). El análisis incluyó tres ensayos clínicos aleatorizados con más de 9,300 pacientes y examinó desenlaces críticos como la supervivencia a 30 días, el retorno de circulación espontánea (ROSC) y los resultados neurológicos. Resultados clave: La vía IO no mejoró la supervivencia a 30 días frente al acceso IV (OR 0.99). Tampoco mostró superioridad en desenlaces neurológicos favorables. El acceso IO tuvo menos probabilidades de lograr ROSC sostenido (OR 0.89). Sin embargo, ofreció tiempos de administración de medicamentos comparables, especialmente útil cuando el acceso IV no es posible. Esto plantea preguntas importantes: ¿Deberíamos priorizar siempre el acceso IV? ¿Qué rol tiene la vía IO en el manejo prehospitalario e intrahospitalario? Conexión con ACLS, PALS y PHTLS Los cursos de ACLS (Advanced Cardiovascular Life Support), PALS (Pediatric Advanced Life Support) y PHTLS (Prehospital Trauma Life Support) son pilares en la educación de profesionales de emergencias. Cada uno aborda el acceso vascular en sus respectivos contextos, pero las recomendaciones del estudio aportan matices que pueden enriquecer nuestra práctica clínica. ACLS: Perspectiva en Adultos ACLS enfatiza la importancia de establecer acceso vascular rápidamente para administrar medicamentos como la epinefrina durante el manejo avanzado del paro cardíaco. La guía de la AHA (American Heart Association) señala que: El acceso IV es preferido debido a su eficacia. Si el acceso IV no puede lograrse en 90 segundos, la vía IO es la mejor alternativa. Correlación con el estudio: Los hallazgos refuerzan la preferencia por el acceso IV, particularmente porque está asociado con mejores tasas de ROSC sostenido. Sin embargo, el IO sigue siendo fundamental en situaciones donde el acceso venoso periférico es difícil o inviable, especialmente en sistemas prehospitalarios con limitaciones de tiempo o recursos. PALS: Niños y Acceso Vascular En PALS, el acceso vascular rápido es igualmente crítico, pero los desafíos técnicos se amplifican en pacientes pediátricos debido al tamaño de las venas y el estado hemodinámico comprometido. Las guías recomiendan: Priorizar el acceso IV, pero no dudar en usar IO si es necesario. Relevancia del estudio: Aunque el metanálisis se centró en adultos, los resultados pueden extrapolarse parcialmente a niños mayores o adolescentes. Esto resalta la importancia de entrenar a los equipos pediátricos en ambas técnicas y asegurar que el acceso IO sea ejecutado con competencia cuando sea necesario. PHTLS: Soporte Vital en Trauma Prehospitalario En el entorno prehospitalario, como lo aborda PHTLS, el acceso vascular rápido puede ser aún más desafiante debido a condiciones como trauma severo, hipovolemia y paro prolongado. Aquí, el acceso IO es una herramienta crítica, particularmente en pacientes con colapso venoso. Impacto en PHTLS: El acceso IO demuestra su utilidad en situaciones de trauma donde el acceso IV no es factible. Por ejemplo, en pacientes con hemorragia masiva, el IO puede ser la única opción viable para administrar fluidos y medicamentos. El estudio subraya que, aunque la vía IV es ideal, la IO sigue siendo una técnica esencial en el arsenal prehospitalario, especialmente cuando cada segundo cuenta. ¿Por qué el acceso IO estuvo asociado a menor RCE? Los autores del metanálisis sugieren varias hipótesis que podrían explicar por qué el acceso intraóseo (IO) mostró una menor probabilidad de retorno de circulación espontánea (ROSC) sostenido en comparación con el acceso intravenoso (IV). Estas teorías están basadas en factores técnicos, fisiológicos y logísticos relacionados con el uso del IO en el contexto del paro cardíaco. A continuación, se detallan los puntos clave mencionados o inferidos: 1. Distribución subóptima de medicamentos Una de las hipótesis principales es que la administración de medicamentos a través de la vía IO puede resultar en una distribución menos eficiente en comparación con el acceso IV. Esto se debe a que los medicamentos administrados por IO deben pasar primero por la médula ósea, lo que podría ralentizar su absorción y disminuye la biodisponibilidad en el sistema circulatorio central. En particular, en el paro cardíaco, donde la perfusión tisular está gravemente comprometida, es posible que la circulación central no sea adecuada para transportar rápidamente los medicamentos desde el sitio IO hacia el corazón y el cerebro​​. 2. Diferencias en las presiones del flujo sanguíneo El acceso IO implica inyectar medicamentos en la médula ósea, donde la presión local puede variar significativamente dependiendo de factores como el sitio de inserción (p. ej., tibia proximal vs. húmero proximal). Si la presión dentro de la médula ósea no es suficiente para permitir un flujo eficiente hacia la circulación central, esto podría comprometer la eficacia de los medicamentos administrados​. 3. Posibles complicaciones técnicas Aunque la tasa de éxito inicial de colocación de IO fue alta (~94%), existe el riesgo de problemas técnicos, como: Mal posicionamiento de la aguja, lo que podría causar infiltración de medicamentos en los tejidos circundantes en lugar de ingresar a la médula ósea. Fallas en la confirmación del flujo libre (un paso crítico para verificar la correcta colocación del dispositivo IO). Interrupciones mecánicas o flujo restringido debido a la posición del paciente o a movimientos durante el transporte​. 4. Diferencias en los sitios de inserción Los estudios incluidos en el metanálisis utilizaron diferentes sitios de inserción para el acceso IO, como el húmero proximal o la tibia proximal. El acceso a través del húmero proximal generalmente proporciona un flujo más rápido hacia el corazón debido a la proximidad anatómica, pero no siempre fue el sitio elegido. Esto podría haber afectado los resultados observados en términos de ROSC sostenido​​. 5. Fisiopatología del paro cardíaco Durante el paro cardíaco, el flujo sanguíneo general está gravemente reducido, lo que limita la capacidad del sistema circulatorio para transportar medicamentos desde el sitio IO hacia los órganos diana, como el corazón y el cerebro. En este contexto, la vía IV, que administra directamente a las venas periféricas, podría ser más efectiva para proporcionar un acceso más directo y rápido​. 6. Impacto del tiempo de colocación y administración Aunque el tiempo de administración fue comparable entre IO e IV en los estudios analizados, cualquier retraso adicional en confirmar la correcta colocación o en administrar medicamentos a través del IO podría haber influido negativamente en la eficacia de los tratamientos, reduciendo las tasas de ROSC sostenido​. Implicaciones para la práctica clínica Los hallazgos resaltan la importancia de: Priorizar el acceso IV siempre que sea posible, dado su mejor desempeño en términos de ROSC sostenido. Entrenar al personal en el uso óptimo de dispositivos IO, incluyendo la elección adecuada del sitio de inserción (p. ej., húmero proximal) y la confirmación del flujo libre. Considerar las limitaciones fisiológicas del acceso IO al administrar medicamentos críticos durante el paro cardíaco. En resumen, la menor probabilidad de ROSC sostenido asociada al acceso IO parece deberse a una combinación de factores técnicos y fisiológicos. A pesar de esto, el acceso IO sigue siendo una herramienta crucial en situaciones donde el acceso IV no es factible o está significativamente retrasado. Fortaleciendo la Educación y el Entrenamiento Una de las lecciones clave de este análisis es la necesidad de entrenar a los equipos médicos en ambas técnicas para garantizar una ejecución precisa y rápida. Tanto ACLS como PHTLS ya incluyen módulos prácticos sobre el acceso IO, pero los resultados del estudio sugieren varias áreas de mejora: Competencia en la Identificación de Sitios IO: La tibia proximal y el húmero proximal fueron los sitios más utilizados en los estudios. Entrenar a los proveedores para seleccionar rápidamente el sitio óptimo según la anatomía del paciente y la situación clínica puede mejorar la eficacia. Minimización de Errores en IO: Aunque la tasa de éxito inicial de colocación IO fue alta en el estudio (~94%), esto no garantiza una administración efectiva de medicamentos. Por lo tanto, el entrenamiento debe incluir estrategias para verificar la colocación correcta y solucionar problemas comunes. Integración de Protocolos Locales: Los sistemas de emergencias médicas deben adaptar las recomendaciones a su contexto. Por ejemplo, en áreas rurales donde el acceso IV puede ser más difícil, la vía IO puede ser priorizada. Simulaciones Realistas: La incorporación de simuladores avanzados en los cursos de ACLS y PHTLS puede ayudar a los equipos a practicar en escenarios que imiten la complejidad de los entornos prehospitalarios e intrahospitalarios. Consideraciones Operacionales para Entornos Prehospitalarios Los sistemas de emergencias médicas varían significativamente en recursos y capacitación. Algunos factores clave para considerar al implementar estas recomendaciones incluyen: Tiempo vs. Eficiencia: En el estudio, el acceso IO tuvo tiempos de administración comparables al IV (~15 minutos). Sin embargo, la efectividad del IO para lograr ROSC sostenido fue menor. Esto resalta la importancia de evaluar cuidadosamente las circunstancias antes de decidir qué vía utilizar. Capacitación Universal: La disponibilidad de dispositivos IO varía entre sistemas. Asegurarse de que todos los equipos prehospitalarios estén capacitados en el uso de dispositivos IO, puede reducir las disparidades en el cuidado. Uso de Checklists: Protocolos estandarizados y listas de verificación pueden garantizar que los pasos críticos, como la confirmación de flujo libre en dispositivos IO, no se pasen por alto. Conclusión El metanálisis confirma que la vía intravenosa sigue siendo la opción preferida para el acceso vascular durante un paro cardíaco, pero destaca el valor del acceso intraóseo en entornos prehospitalarios o cuando el acceso IV no es posible. La integración de estas recomendaciones en cursos como ACLS, PALS y PHTLS refuerza la necesidad de entrenar a los proveedores para manejar con competencia ambas técnicas. Referencias K. Couper, L.W. Andersen, I.R. Drennan, B.E. Grunau, P.J. Kudenchuk, R. Lall, E.J. Lavonas, G.D. Perkins, M.F. Vallentin, A. Granfeldt, On behalf of the International Liaison Committee on Resuscitation Advanced Life Support Task Force, Intraosseous and intravenous vascular access during adult cardiac arrest: a systematic review and meta-ana

Join us for a special bonus episode of Patch [FIX] Tuesday, an hour-long compilation of the vulnerabilities that help shaped the cybersecurity landscape in 2024. This episode recaps some the most critical and interesting exploits, from supply chain compromises to elevation of privilege threats targeting widely used platforms. Whether you're an IT administrator, security professional, or tech enthusiast, this episode provides valuable insights to stay ahead of evolving threats.Here's a list of vulnerabilities discussed in this episode, and be sure to tune into the Patch [FIX] Tuesday podcast on the second Tuesday of every month. Operation Triangulation (00:13)CVE-2024-21401: Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability (5:00)CVE-2024-21400: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability (11:00)CVE-2024-3094: XZ/Liblzma Supply Chain Backdoor (17:08)CVE-2024-4671: Google Chrome Use-After-Free Vulnerability (30:00)CVE-2024-30078: Windows WiFi Driver Remote Code Execution Vulnerability(35:03)CVE-2024-38053: Windows Layer Two Bridge Network RCE (47:14)CVE-2024-38180: SmartScreen Prompt Remote Code Execution Vulnerability (53:12)CVE-2024-43491: Microsoft Windows Update Remote Code Execution Vulnerability (1:00:00)CVE-2024-43533: Remote Desktop Client Remote Code Execution Vulnerability (1:04:24)CVE-2024-5535: Microsoft Defender for Endpoint Remote Code Execution Vulnerability (1:07:35)CVE-2024-49093: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability (1:09:36)

On this week's show, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: The SEC's cyber incident reporting isn't very exciting after all China Telecom on the way to being thrown out of the US The NSA/Cybercom might get two separate hats The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks (Yet another) File upload bug in Struts makes Java admins weep And much, much more. This episode is sponsored by SpecterOps, who run a pretty top notch offsec/pentest team when they're not busy making the Bloodhound Enterprise identity attack path enumeration software. SpecterOps' Robby Winchester joins to talk about how pentest has changed, and how their customers get value from their testing. This episode is also available Youtube. Show notes SEC cyber incident reporting rule generates 71 filings in 11 months | Cybersecurity Dive US senators, green groups call for accountability over hacking of Exxon critics | Reuters Biden Administration Takes First Step to Retaliate Against China Over Hack - The New York Times Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' | The Record from Recorded Future News EU opens investigation into TikTok and the Romanian election – POLITICO Clop ransomware claims responsibility for Cleo data theft attacks CISA warns of ransomware gangs exploiting Cleo, CyberPanel bugs | The Record from Recorded Future News CVE-2024-55956 | AttackerKB Apache issues patches for critical Struts 2 RCE bug • The Register Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers | The Record from Recorded Future News Israeli spyware firm Paragon acquired by US investment group, report says | Reuters How Cryptocurrency Turns to Cash in Russian Banks – Krebs on Security Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop Russia bans Viber, claiming app facilitates terrorism and drug trafficking | The Record from Recorded Future News

ChatGPT and Meta face widespread outages. Trump advisors explore splitting NSA and CyberCom leadership roles. A critical vulnerability in Apache Struts 2 has been disclosed. “AuthQuake” allowed attackers to bypass Microsoft MFA protections. Researchers identify Nova, a sophisticated variant of the Snake Keylogger malware. Adobe addresses critical vulnerabilities across their product line. Chinese law enforcement has been using spyware to collect data from Android devices since 2017. A new report highlights the gaps in hardware and firmware security management. A Krispy Kreme cyberattack creates a sticky situation. N2K's Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. Do Not Track bids a fond farewell.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K's Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. You can learn more in their new white paper "Building Cryptographic Agility in the Financial Sector." We will share the extended version of this conversation over our winter break. Stay tuned.  Selected Reading ChatGPT Down Globally, Services Restored After Hours Of Outage (Cyber Security News) Facebook, Instagram and other Meta apps go down due to 'technical issue' (CNBC) Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' (The Record) Apache issues patches for critical Struts 2 RCE bug (The Register) Microsoft MFA Bypassed via AuthQuake Attack (SecurityWeek) Nova Keylogger – A Snake Malware Steal Credentials and Capture Screenshorts From Windows (Cyber Security News) Adobe releases December 2024 patches for flaws in multiple products, including critical (Beyond Machines) Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement (SecurityWeek) Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge (Infosecurity Magazine) Krispy Kreme cyberattack impacts online orders and operations (Bleeping Computer) Firefox, one of the first “Do Not Track” supporters, no longer offers it (Ars Technica)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft confirms a critical Windows zero-day vulnerability. Global law enforcement agencies dismantle 27 DDoS platforms. Researchers compromise memory in AMD virtual machines. Ivanti reports multiple critical vulnerabilities in its Cloud Services Application. Group-IB researchers expose a sophisticated global phishing campaign. A zero-day vulnerability in Cleo's managed file transfer software is under active exploitation. The U.S. sanctions a Chinese firm for a 2020 firewall exploit. Congress looks to require the FCC to regulate telecom cybersecurity. Our guest is Malachi Walker, Security Strategist at DomainTools, discussing their role in ODNI's newly established Sentinel Horizon Program. SpartanWarriorz dodge a Telegram crackdown.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Malachi Walker, Security Strategist at DomainTools, about their role in ODNI's newly established Sentinel Horizon Program. Selected Reading New Windows 0Day Attack Confirmed—Homeland Security Says Update Now (Forbes) Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day (Infosecurity Magazine) Atlassian, Splunk Patch High-Severity Vulnerabilities (SecurityWeek) Chrome Security Update, Patch for 3 High-severity Vulnerabilities (Cyber Security News) ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others (SecurityWeek) Operation PowerOFF Takes Down DDoS Boosters (Infosecurity Magazine) AMD Chip VM Memory Protections Broken by BadRAM (Security Boulevard) Three more vulns spotted in Ivanti CSA, all critical, one 10/10 (The Register) Global Ongoing Phishing Campaign Targets Employees Across 12 Industries (Hackread) New Cleo zero-day RCE flaw exploited in data theft attacks (Bleeping Computer)  US Sanctions Chinese Firm at Center of Global Firewall Hack (Infosecurity Magazine) Wyden legislation would mandate FCC cybersecurity rules for telecoms (CyberScoop) Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down (Security Boulevard)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, the hosts discuss various cybersecurity vulnerabilities, particularly focusing on recent CVEs, including CVE-2024-49093, CVE-2024-49132, and CVE-2024-49138. They emphasize the importance of patching systems, especially during the holiday season when companies may be more vulnerable. The conversation highlights the need for awareness around phishing scams and other security threats that tend to increase during this time of year.

00:00:00 - PreShow Banter™ — Discordgate00:09:24 - BHIS - Talkin' Bout [infosec] News 2024-11-2500:10:46 - Story # 1: DOJ says Google must sell Chrome to crack open its search monopoly00:12:08 - Story # 1b: DOJ's staggering proposal would hurt consumers and America's global technological leadership00:19:16 - Story # 2: The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access00:24:37 - Story # 3: Palo Alto Networks tackles firewall-busting zero-days with critical patches00:25:46 - Discordgate Follow Up00:26:26 - Story # 4: Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization00:31:08 - Story # 5: Fintech giant Finastra investigates data breach after SFTP hack00:34:01 - Story # 6: CFPB Finalizes Rule on Federal Oversight of Popular Digital Payment Apps to Protect Personal Data, Reduce Fraud, and Stop Illegal “Debanking”00:38:49 - Story # 7: T-Mobile finally managed to thwart a data breach before it occured00:40:22 - Story # 8: D-Link urges users to retire VPN routers impacted by unfixed RCE flaw00:43:07 - Story # 9: US seizes PopeyeTools cybercrime marketplace, charges administrators00:46:19 - Story # 10: Razzlekhan, crypto's most embarrassing rapper, is going to prison00:48:31 - Story # 10b: Netflix has a perfectly timed Razzlekhan doc coming out in December00:50:10 - Story # 11: Microsoft Defender Is Not Enough Anymore—This Malware Gets Around It00:55:11 - Story # 12: Microsoft president asks Trump to “push harder” against Russian hacks00:57:02 - Story # 13: Hackers Breach Andrew Tate's Online ‘University,' Exposing 800,000 Users01:00:36 - Story # 14: 7-Zip affected by dangerous vulnerability: users must update the app manually01:01:31 - Story # 15: Microsoft disrupts ONNX phishing-as-a-service infrastructure01:03:07 - Story # 16: US charges five linked to Scattered Spider cybercrime gang01:04:25 - Plug: Secure Code Summit 2024

Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Automox cybersecurity experts discuss the latest security updates from November's Patch Tuesday, focusing on several critical vulnerabilities, including NTLM Hash Disclosure, Microsoft Defender's RCE vulnerability, and the Windows Task Scheduler Elevation of Privilege Vulnerability. They emphasize the importance of patching and user awareness in combating phishing attacks and other security threats. The conversation highlights the complexities of vulnerabilities in Windows 10 and 11, and the need for proactive measures to protect systems.

Interlock ransomware gang aims at U.S. healthcare, IT and government Canada tells TikTok to dissolve its Canadian business Hewlett Packard warns of critical RCE flaws in Aruba Networking software Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews.   Visit vanta.com to learn more about Questionnaire Automation.   Find the stories behind the headlines at CISOseries.com.  

Andy drops some Microsoft Windows and 365 knowledge as we discuss the details on how we get to secure by default in our Windows and cloud environments. This week: The USB Army Knife that won't break the budget, I don't want to say EDR is useless (but there I said it), Paul's list of excellent hacking tips, FortiJump - an RCE that took a while to become public, do malware care if it's on a hypervisor?, MicroPython for fun and not for hacking?, an unspecified vulnerability, can you exploit speculative execution bugs?, scanning the Internet and creating a botnet by accident. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-848

More remote car control via web interfaces, an RCE in CUPS, Microsoft reduces attack surface, migrating to memory safety, dealing with dependency confusion, getting rid of password strength calculators, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-301

The US charges a Chinese national for spear-phishing government employees. The feds impose new sanctions on the makers of Predator spyware. Dealing with fake data breaches. Researchers discover a critical vulnerability in Google Cloud Platform. D-Link has patched critical vulnerabilities in three popular wireless router models. Snowflake ups their authentication game. A US mining company confirms a cyberattack. Researchers identify critical threats targeting construction industry accounting software. Tim Starks from CyberScoop joins us with his reporting on the US Postal Service's ability to meet the challenges of the upcoming election. Cisco's second round of layoffs hit hard.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Tim Starks, Senior Reporter from CyberScoop, joining us to discuss his piece on "Election officials say U.S. Postal Service woes place election mail at risk."  Selected Reading DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military (SecurityWeek) US Ramps Up Sanctions on Spyware-Maker Intellexa (Infosecurity Magazine) All Smoke, no Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them (Security Boulevard) Google Cloud Platform RCE Flaw Let Attackers Execute Code on Millions of Google Servers (Cyber Security News)  D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (Bleeping Computer) Breach-Weary Snowflake Moves to MFA, 14-Character Passwords (GovInfo Security) Owner of only US platinum mine confirms data breach after ransomware claims (The Record) Cracks in the Foundation: Intrusions of FOUNDATION Accounting Software (Huntress) Cisco's second layoff of 2024 affects thousands of employees (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday rundown. Microsoft integrates post-quantum cryptography (PQC) algorithms into its SymCrypt cryptographic library.The FTC finalizes rules to combat fake reviews and testimonials. A payment card thief pleads guilty. On our latest CertByte segment, N2K's Chris Hare and George Monsalvatge share questions and study tips from the Microsoft Azure Fundamentals (AZ-900) Practice Test.  Hard Drive Heaven: How Iconic Music Sessions Are Disappearing.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Fundamentals (AZ-900) Practice Test. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Reference: What is public cloud? (RedHat) Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Remembering 9/11 In today's episode, we pause to honor and remember the lives lost on September 11, 2001. We pay tribute to the courageous first responders, the resilient survivors, and the families whose lives were forever altered by that tragic day. Amidst the profound loss, the spirit of unity and compassion shone brightly, reminding us of our shared humanity. Additionally, you can check out our special segment featuring personal remembrances from N2K CyberWire's very own Rick Howard, who was in the Pentagon on that fateful day. His reflections provide a heartfelt perspective on the events and are well worth your time. Tune in to hear his poignant insights. Special Edition Podcast In today's special edition of Solution Spotlight, we welcome Mary Haigh, Global CISO of BAE Systems, as she sits down with N2K's Simone Petrella. Together, they discuss moving beyond the technical aspects of cybersecurity to build and lead a high-performing security team. Selected Reading Microsoft Fixes Four Actively Exploited Zero-Days (Infosecurity Magazine) Adobe releases september 2024 patches for flaws in multiple products, including critical (Beyond Machines) Chrome 128 Update Resolves High-Severity Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Advisories Published by Siemens, Schneider, ABB, CISA (SecurityWeek) Ivanti fixes maximum severity RCE bug in Endpoint Management software (Bleeping Computer) Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library (SecurityWeek) Federal Trade Commission Announces Final Rule Banning Fake Reviews and Testimonials (Federal Trade Commission) Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details (Bitdefender) Inside Iron Mountain: It's Time to Talk About Hard Drives (Mixonline) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach top security leaders. Explore our network sponsorship opportunities and build your brand where industry leaders get their daily news. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Now alerts come from Progress Software and Veeam Backup & Restoration. Car rental giant Avis notifies nearly 300,000 customers of a data breach. The UK's National Crime Agency struggles to retain top cyber talent. Two Nigerian brothers get prison time for their roles in a deadly sextortion scheme. SpyAgent malware uses OCR to steal cryptocurrency. A Seattle area school district suffers a cybercrime snow day. Our guest is Amer Deeba, CEO of Normalyze, discussing data's version of hide and go seek -  the emergence of shadow data. A crypto leader resigns after being held at gunpoint.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Amer Deeba, CEO of Normalyze, discussing data's version of hide and go seek, or the emergence of shadow data. Selected Reading Progress LoadMaster vulnerable to 10/10 severity RCE flaw (Bleeping Computer) New Veeam Vulnerability Puts Thousands of Backup Servers at Risk – PATCH NOW! (HACKREAD) Thousands of Avis car rental customers had personal data stolen in cyberattack (TechCrunch) UK National Crime Agency, responsible for fighting cybercrime, ‘on its knees,' warns report (The Record) 2 Brothers Sentenced to More Than 17 Years in Prison in Sextortion Scheme (The New York Times) SpyAgent Android malware steals your crypto recovery phrases from images (Bleeping Computer) Highline schools closing Monday because of cyberattack (Seattle Times) Crypto Firm CEO Resigns Following Armed Robbery of Company Funds (Blockonomi) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers find Yubikeys vulnerable to cloning. Google warns of a serious zero-day Android vulnerability. Zyxel releases patches for multiple vulnerabilities. D-Link urges customers to retire unsupported vulnerable routers. Hackers linked to Russia and Belarus target Latvian websites. The Federal Trade Commission (FTC) reports a sharp rise in Bitcoin ATM-related scams. Dutch authorities fine Clearview AI over thirty million Euros over GDPR violations. Threat actors are misusing the MacroPack red team tool to deploy malware. CISA shies away from influencing content moderation. Our guest is George Barnes, Cyber Practice President at Red Cell Partners and Fmr. Deputy Director of NSA discussing his experience at the agency and now in the VC world. Unauthorized Wi-Fi on a Navy warship Leads to Court-Martial.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is George Barnes, Cyber Practice President and Partner at Red Cell Partners and judge at the 2024 DataTribe Challenge, discussing his experience on both sides, having been at NSA and now in the VC world. Submit your startup to potentially be selected to be part of a startup competition like no other by September 27, 2024. Selected Reading YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (Ars Technica) Google Issues Android Under Attack Warning As 0-Day Threat Hits Users (Forbes) Zyxel Patches Critical Vulnerabilities in Networking Devices (SecurityWeek) D-Link says it is not fixing four RCE flaws in DIR-846W routers (Bleeping Computer) Hackers linked to Russia and Belarus increasingly target Latvian websites, officials say (The Record) New FTC Data Shows Massive Increase in Losses to Bitcoin ATM Scams (FTC) Dutch DPA imposes a fine on Clearview because of illegal data collection for facial recognition | Autoriteit Persoonsgegevens (Autoriteit Persoonsgegevens) Red Teaming Tool Abused for Malware Deployment (Infosecurity Magazine) CISA moves away from trying to influence content moderation decisions on election disinformation (CyberScoop) How Navy chiefs conspired to get themselves illegal warship Wi-Fi (Navy Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Wireshark 4.4: Converting Display Filters to BPF Capture Filters https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224 GitHub Comments Used to Spread Malware https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/ Voldemort Malware Curses Orgs Using Global Tax Authorities https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/

Wireshark 4.4: Converting Display Filters to BPF Capture Filters https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224 GitHub Comments Used to Spread Malware https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/ Voldemort Malware Curses Orgs Using Global Tax Authorities https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/