Podcasts about rce

Referências do EpisódioEarth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in TaiwanMarbled Dust leverages zero-day in Output Messenger for regional espionageResearchers found one-click RCE in ASUS's pre-installed software DriverHubModern Incident Response: Tackling Malicious ML Artifacts/bin/live - programa da Mente Binária que ocorre hoje às 20hsRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Sans 13 will be releasing after 12, and we're now all caught up.Welcome to Sans, episode 13. This">https://view.email.sans.org/?qs=6dc4120f1b77a95c7cf4ce4cd833f7454db9893d83c0674e789006dd8cd6812ed7fca17eaacce81bdd8dd2995972b696348c261f745add4e84cbc846682d8a7ee877e6dced0706bf45e756ebdaaf3091">This is the link you'll use to go to the newsletter. If you use windows, look for the story dealing with remote desktop and their use and acceptance of old passwords that may have been changed. Apple has an RCE dealing with airplay, more breaches and two more British companies hit with a cyberattack.

A critical vulnerability in Erlang/OTP SSH allows unauthenticated remote code execution. There's a bipartisan effort to renew a key cybersecurity info sharing law. A newly discovered Linux kernel vulnerability allows local attackers to escalate privileges. A researcher uncovers 57 risky Chrome extensions with a combined 6 million users. AttackIQ shares StrelaStealer simulations. A major live events service provider notifies employees and customers of a data breach. CISA warns of an actively exploited SonicWall vulnerability. An airport retailer agrees to a multi-million dollar settlement stemming from a ransomware attack. A preview of RSAC 2025 with Linda Gray Martin and Britta Glade. Zoom-a-zoom zoom, it's always DNS.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Dave sits down with Linda Gray Martin, Chief of Staff, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2025. Selected Reading Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (Bleeping Computer) Bipartisan duo wants to renew 10-year-old cyberthreat information sharing law (The Record) Linux Kernel Vulnerability Let Attackers Escalate Privilege – PoC Released (Cyber Security News) Chrome extensions with 6 million installs have hidden tracking code (Bleeping Computer) Emulating the Stealthy StrelaStealer Malware (AttackIQ) Live Events Giant Legends International Hacked (SecurityWeek) CISA tags SonicWall VPN flaw as actively exploited in attacks (Bleeping Computer) Airport retailer agrees to $6.9 million settlement over ransomware data breach (The Record) Global Zoom Outage Caused by Server Block Imposed from GoDaddy Registry (Cyber Security News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The duo are back for a discussion on securing machine learning models using Sigstore, based on a recent blog post from Google Security. Followed by some spicy takes on opinions on vibe coding and its effects on application and product security. Finally, short-lived tokens used to exploit RCE against the GitHub CodeQL Action.

Python Bot Delivered Through DLL Side-Loading A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Side-Loading/31778 Tomcat RCE Correction To exploit the Tomcat RCE I mentioned yesterday, two non-default configuration options must be selected by the victim. https://x.com/dkx02668274/status/1901893656316969308 SAML Roulette: The Hacker Always Wins This Portswigger blog explains in detail how to exploit the ruby-saml vulnerablity against GitLab. https://portswigger.net/research/saml-roulette-the-hacker-always-wins Windows Shortcut Zero Day Exploit Attackers are currently taking advantage of an unpatched vulnerability in how Windows displays Shortcut (.lnk file) details. Trendmicro explains how the attack works and provides PoC code. Microsoft is not planning to fix this issue https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html

Static Analysis of GUID Encoded Shellcode Didier explains how to decode shell code embeded as GUIDs in malware, and how to feed the result to his tool 1768.py which will extract Cobal Strike configuration information from the code. https://isc.sans.edu/diary/Static%20Analysis%20of%20GUID%20Encoded%20Shellcode/31774 SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries xml-crypto, a library use in Node.js applications to decode XML and support SAML, has found to parse comments incorrectly leading to several SAML vulnerabilities. https://workos.com/blog/samlstorm One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild A just made public deserialization vulnerablity in Tomcat is already being exploited. Contributing to the rapid exploit release is the similarity of this vulnerability to other Java deserializtion vulnerabilities. https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/ CVE-2025-24813 CSS Abuse for Evasion and Tracking Attackers are using cascading stylesheets to evade detection and enable more stealthy tracking of users https://blog.talosintelligence.com/css-abuse-for-evasion-and-tracking/

A very technical episode this week, featuring some posts on hacking the xbox 360 hypervisor as well as AMD microcode hacking.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/276.html[00:00:00] Introduction[00:00:15] Reversing Samsung's H-Arx Hypervisor Framework - Part 1[00:10:34] Hacking the Xbox 360 Hypervisor Part 1: System Overview[00:21:18] Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit[00:30:48] Zen and the Art of Microcode Hacking[00:41:51] A very fancy way to obtain RCE on a Solr server[01:03:49] Cellebrite zero-day exploit used to target phone of Serbian student activist[01:16:03] When NULL isn't null: mapping memory at 0x0 on LinuxPodcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9

New guidelines for health care privacy and consent, extending data sharing to new types of organizations, ensuring the clinical usability of data, and just lots and lots of growth—these are on the agenda of The Sequoia Project in the upcoming year. In this video, CEO Mariann Yeager concisely explains in this interview their recent achievements, how they work with the ONC and other stakeholders on TEFCA and QHINs, and some of their upcoming plans.Yeager has been CEO of The Sequoia Project since it began in 2012. It is Assistant Secretary for Technology Policy's (ASTP – Formerly ONC) recognized coordinating entity (RCE) to implement the government's Trusted Exchange Framework and Common Agreement (TEFCA), which went live a year ago. While they have gotten a lot of attention for being the TEFCA RCE, The Sequoia Project has almost a dozen healthcare interoperability projects they are working on.Learn more about The Sequoia Project:https://sequoiaproject.org/Health IT Community:https://www.healthcareittoday.com/

Credential theft puts sensitive corporate and military networks at risk. A federal judge refuses to block DOGE from accessing sensitive federal data. New York-based Insight Partners confirms a cyber-attack. BlackLock ransomware group is on the rise. OpenSSH patches a pair of vulnerabilities. Russian threat actors are exploiting Signal's “Linked Devices” feature. Over 12,000 GFI KerioControl firewalls remain exposed to a critical remote code execution (RCE) vulnerability.CISA issued two ICS security advisories. Federal contractors pay $11 million in cybersecurity noncompliance fines. In our CertByte segment, Chris Hare is joined by Steven Burnley to break down a question targeting the ISC2® SSCP - Systems Security Certified Practitioner exam.Sweeping cybercrime reforms are unveiled by…Russia? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources, for the past 25 years, N2K's practice tests have helped more than half a million IT and cyber security professionals reach certification success. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isc2.org/certifications/sscp    Selected Reading Hundreds of US Military and Defense Credentials Compromised (Infosecurity Magazine) DOGE Team Wins Legal Battle, Retains Access to Federal Data (GovInfo Security) Musk Ally Demands Admin Access to System That Lets Government Text the Public (404 Media) Cyber Investor Insight Partners Suffers Security Breach (Infosecurity Magazine) BlackLock On Track to Be 2025's Most Prolific Ransomware Group (Infosecurity Magazine) Qualys reports two flaws in OpenSSH, one critical DDoS (Beyond Machines) Russian phishing campaigns exploit Signal's device-linking feature (Bleeping Computer) Over 12,000 KerioControl firewalls exposed to exploited RCE flaw (Bleeping Computer) CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities (Cyber Security News) Managed healthcare defense contractor to pay $11 million over alleged cyber failings (The Record) Russian Government Proposes Stricter Penalties to Tackle Cybercrime (GB Hackers)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's episode of Exploit Brokers, we dive deep into two major security threats making waves across the digital world. A critical Remote Code Execution (RCE) vulnerability in Microsoft Outlook is putting millions of users at risk, with hackers exploiting it through spear phishing emails and malicious links. Not only that, but we're also uncovering the stealthy tactics of the notorious North Korean hacking group, Kimsuky. They're evolving their methods with custom RDP wrappers and proxy tools to evade detection while gaining unauthorized access to systems. Stay informed about the latest threats, learn how to keep your systems secure, and protect yourself from the growing wave of cyberattacks that are more dangerous than ever.  #OutlookRCE #Cybersecurity #Hacking #ExploitBrokers #CyberThreats #Phishing #RDPWrapper #Kimsuky #RemoteCodeExecution #MicrosoftSecurity #TechNews #Malware #DataBreach #EmailSecurity #Hackers #InfoSec #SecurityUpdates #cyberdefense

This week features a mix of topics, from polyglot PDF/JSON to android kernel vulnerabilities. Project Zero also publishes a post about excavating an exploit strategy from crash logs of an In-The-Wild campaign. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/269.html [00:00:00] Introduction [00:07:48] Attacking Hypervisors - From KVM to Mobile Security Platforms [00:12:18] Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal [00:19:41] How an obscure PHP footgun led to RCE in Craft CMS [00:34:44] oss-security - RSYNC: 6 vulnerabilities [00:42:13] The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit [00:59:59] security-research/pocs/linux/kernelctf/CVE-2024-50264_lts_cos/docs/exploit.md [01:10:35] GLibc Heap Exploitation Training Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Join Automox's cybersecurity experts as they discuss the latest Patch Tuesday updates, focusing on vulnerabilities in Active Directory, Hyper-V, and macOS 15.2. They highlight the importance of staying updated and the evolving threat landscape, particularly with the rise of phishing attacks and the need for robust security measures in enterprise environments.

In this episode of the SANS Internet Storm Center's Stormcast, we cover critical vulnerabilities affecting OpenSSH, BeyondTrust, and Nuclei, including the newly discovered "RegreSSHion" flaw and a bypass vulnerability in Nuclei. We also discuss how malware evasion techniques can impact analysis environments and highlight the dangers of fake exploits targeting researchers. Tune in for insights on patching, mitigation strategies, and staying ahead of emerging threats. Topics Covered: Make Malware Happy https://isc.sans.edu/diary/Make%20Malware%20Happy/31560 A look at how malware adapts and detects analysis environments, and why replicating operational settings is critical during malware analysis. Nuclei Signature Verification Bypass (CVE-2024-43405) https://www.wiz.io/blog/nuclei-signature-verification-bypass A critical vulnerability in Nuclei allows malicious templates to bypass signature verification, risking arbitrary code execution. Critical Vulnerability in BeyondTrust (CVE-2024-12356) https://censys.com/cve-2024-12356/ A high-risk flaw in BeyondTrust products allows unauthenticated OS command execution, posing a significant threat to privileged access systems. RegreSSHion Code Execution Vulnerability (CVE-2024-6387) https://cybersecuritynews.com/regresshion-code-execution-vulnerability/ OpenSSH vulnerability "RegreSSHion" enables remote code execution, and fake exploits targeting security researchers are in circulation.

Una revisión sistemática y metanálisis reciente publicada en Resuscitation nos ofrece nueva información que impacta directamente en cómo enseñamos y practicamos en entornos prehospitalarios y hospitalarios el acceso vascular intraóseo (IO) versus el intravenoso (IV). ¿Qué significa esto para los protocolos como ACLS, PALS y PHTLS? El Estudio: ¿Qué se Investigó y Por Qué Importa? En entornos de paro cardíaco, el acceso vascular rápido y eficaz es esencial para administrar medicamentos que pueden salvar vidas, como epinefrina y antiarrítmicos. La vía intravenosa (IV) ha sido el estándar de oro, pero puede ser difícil de obtener, especialmente en circunstancias prehospitalarias. Aquí es donde entra la vía intraósea (IO), una técnica que ofrece acceso rápido en huesos largos como la tibia proximal o el húmero proximal. Un reciente metanálisis evaluó la efectividad clínica del acceso IO frente al IV en adultos con paro cardíaco prehospitalario (OHCA). El análisis incluyó tres ensayos clínicos aleatorizados con más de 9,300 pacientes y examinó desenlaces críticos como la supervivencia a 30 días, el retorno de circulación espontánea (ROSC) y los resultados neurológicos. Resultados clave: La vía IO no mejoró la supervivencia a 30 días frente al acceso IV (OR 0.99). Tampoco mostró superioridad en desenlaces neurológicos favorables. El acceso IO tuvo menos probabilidades de lograr ROSC sostenido (OR 0.89). Sin embargo, ofreció tiempos de administración de medicamentos comparables, especialmente útil cuando el acceso IV no es posible. Esto plantea preguntas importantes: ¿Deberíamos priorizar siempre el acceso IV? ¿Qué rol tiene la vía IO en el manejo prehospitalario e intrahospitalario? Conexión con ACLS, PALS y PHTLS Los cursos de ACLS (Advanced Cardiovascular Life Support), PALS (Pediatric Advanced Life Support) y PHTLS (Prehospital Trauma Life Support) son pilares en la educación de profesionales de emergencias. Cada uno aborda el acceso vascular en sus respectivos contextos, pero las recomendaciones del estudio aportan matices que pueden enriquecer nuestra práctica clínica. ACLS: Perspectiva en Adultos ACLS enfatiza la importancia de establecer acceso vascular rápidamente para administrar medicamentos como la epinefrina durante el manejo avanzado del paro cardíaco. La guía de la AHA (American Heart Association) señala que: El acceso IV es preferido debido a su eficacia. Si el acceso IV no puede lograrse en 90 segundos, la vía IO es la mejor alternativa. Correlación con el estudio: Los hallazgos refuerzan la preferencia por el acceso IV, particularmente porque está asociado con mejores tasas de ROSC sostenido. Sin embargo, el IO sigue siendo fundamental en situaciones donde el acceso venoso periférico es difícil o inviable, especialmente en sistemas prehospitalarios con limitaciones de tiempo o recursos. PALS: Niños y Acceso Vascular En PALS, el acceso vascular rápido es igualmente crítico, pero los desafíos técnicos se amplifican en pacientes pediátricos debido al tamaño de las venas y el estado hemodinámico comprometido. Las guías recomiendan: Priorizar el acceso IV, pero no dudar en usar IO si es necesario. Relevancia del estudio: Aunque el metanálisis se centró en adultos, los resultados pueden extrapolarse parcialmente a niños mayores o adolescentes. Esto resalta la importancia de entrenar a los equipos pediátricos en ambas técnicas y asegurar que el acceso IO sea ejecutado con competencia cuando sea necesario. PHTLS: Soporte Vital en Trauma Prehospitalario En el entorno prehospitalario, como lo aborda PHTLS, el acceso vascular rápido puede ser aún más desafiante debido a condiciones como trauma severo, hipovolemia y paro prolongado. Aquí, el acceso IO es una herramienta crítica, particularmente en pacientes con colapso venoso. Impacto en PHTLS: El acceso IO demuestra su utilidad en situaciones de trauma donde el acceso IV no es factible. Por ejemplo, en pacientes con hemorragia masiva, el IO puede ser la única opción viable para administrar fluidos y medicamentos. El estudio subraya que, aunque la vía IV es ideal, la IO sigue siendo una técnica esencial en el arsenal prehospitalario, especialmente cuando cada segundo cuenta. ¿Por qué el acceso IO estuvo asociado a menor RCE? Los autores del metanálisis sugieren varias hipótesis que podrían explicar por qué el acceso intraóseo (IO) mostró una menor probabilidad de retorno de circulación espontánea (ROSC) sostenido en comparación con el acceso intravenoso (IV). Estas teorías están basadas en factores técnicos, fisiológicos y logísticos relacionados con el uso del IO en el contexto del paro cardíaco. A continuación, se detallan los puntos clave mencionados o inferidos: 1. Distribución subóptima de medicamentos Una de las hipótesis principales es que la administración de medicamentos a través de la vía IO puede resultar en una distribución menos eficiente en comparación con el acceso IV. Esto se debe a que los medicamentos administrados por IO deben pasar primero por la médula ósea, lo que podría ralentizar su absorción y disminuye la biodisponibilidad en el sistema circulatorio central. En particular, en el paro cardíaco, donde la perfusión tisular está gravemente comprometida, es posible que la circulación central no sea adecuada para transportar rápidamente los medicamentos desde el sitio IO hacia el corazón y el cerebro​​. 2. Diferencias en las presiones del flujo sanguíneo El acceso IO implica inyectar medicamentos en la médula ósea, donde la presión local puede variar significativamente dependiendo de factores como el sitio de inserción (p. ej., tibia proximal vs. húmero proximal). Si la presión dentro de la médula ósea no es suficiente para permitir un flujo eficiente hacia la circulación central, esto podría comprometer la eficacia de los medicamentos administrados​. 3. Posibles complicaciones técnicas Aunque la tasa de éxito inicial de colocación de IO fue alta (~94%), existe el riesgo de problemas técnicos, como: Mal posicionamiento de la aguja, lo que podría causar infiltración de medicamentos en los tejidos circundantes en lugar de ingresar a la médula ósea. Fallas en la confirmación del flujo libre (un paso crítico para verificar la correcta colocación del dispositivo IO). Interrupciones mecánicas o flujo restringido debido a la posición del paciente o a movimientos durante el transporte​. 4. Diferencias en los sitios de inserción Los estudios incluidos en el metanálisis utilizaron diferentes sitios de inserción para el acceso IO, como el húmero proximal o la tibia proximal. El acceso a través del húmero proximal generalmente proporciona un flujo más rápido hacia el corazón debido a la proximidad anatómica, pero no siempre fue el sitio elegido. Esto podría haber afectado los resultados observados en términos de ROSC sostenido​​. 5. Fisiopatología del paro cardíaco Durante el paro cardíaco, el flujo sanguíneo general está gravemente reducido, lo que limita la capacidad del sistema circulatorio para transportar medicamentos desde el sitio IO hacia los órganos diana, como el corazón y el cerebro. En este contexto, la vía IV, que administra directamente a las venas periféricas, podría ser más efectiva para proporcionar un acceso más directo y rápido​. 6. Impacto del tiempo de colocación y administración Aunque el tiempo de administración fue comparable entre IO e IV en los estudios analizados, cualquier retraso adicional en confirmar la correcta colocación o en administrar medicamentos a través del IO podría haber influido negativamente en la eficacia de los tratamientos, reduciendo las tasas de ROSC sostenido​. Implicaciones para la práctica clínica Los hallazgos resaltan la importancia de: Priorizar el acceso IV siempre que sea posible, dado su mejor desempeño en términos de ROSC sostenido. Entrenar al personal en el uso óptimo de dispositivos IO, incluyendo la elección adecuada del sitio de inserción (p. ej., húmero proximal) y la confirmación del flujo libre. Considerar las limitaciones fisiológicas del acceso IO al administrar medicamentos críticos durante el paro cardíaco. En resumen, la menor probabilidad de ROSC sostenido asociada al acceso IO parece deberse a una combinación de factores técnicos y fisiológicos. A pesar de esto, el acceso IO sigue siendo una herramienta crucial en situaciones donde el acceso IV no es factible o está significativamente retrasado. Fortaleciendo la Educación y el Entrenamiento Una de las lecciones clave de este análisis es la necesidad de entrenar a los equipos médicos en ambas técnicas para garantizar una ejecución precisa y rápida. Tanto ACLS como PHTLS ya incluyen módulos prácticos sobre el acceso IO, pero los resultados del estudio sugieren varias áreas de mejora: Competencia en la Identificación de Sitios IO: La tibia proximal y el húmero proximal fueron los sitios más utilizados en los estudios. Entrenar a los proveedores para seleccionar rápidamente el sitio óptimo según la anatomía del paciente y la situación clínica puede mejorar la eficacia. Minimización de Errores en IO: Aunque la tasa de éxito inicial de colocación IO fue alta en el estudio (~94%), esto no garantiza una administración efectiva de medicamentos. Por lo tanto, el entrenamiento debe incluir estrategias para verificar la colocación correcta y solucionar problemas comunes. Integración de Protocolos Locales: Los sistemas de emergencias médicas deben adaptar las recomendaciones a su contexto. Por ejemplo, en áreas rurales donde el acceso IV puede ser más difícil, la vía IO puede ser priorizada. Simulaciones Realistas: La incorporación de simuladores avanzados en los cursos de ACLS y PHTLS puede ayudar a los equipos a practicar en escenarios que imiten la complejidad de los entornos prehospitalarios e intrahospitalarios. Consideraciones Operacionales para Entornos Prehospitalarios Los sistemas de emergencias médicas varían significativamente en recursos y capacitación. Algunos factores clave para considerar al implementar estas recomendaciones incluyen: Tiempo vs. Eficiencia: En el estudio, el acceso IO tuvo tiempos de administración comparables al IV (~15 minutos). Sin embargo, la efectividad del IO para lograr ROSC sostenido fue menor. Esto resalta la importancia de evaluar cuidadosamente las circunstancias antes de decidir qué vía utilizar. Capacitación Universal: La disponibilidad de dispositivos IO varía entre sistemas. Asegurarse de que todos los equipos prehospitalarios estén capacitados en el uso de dispositivos IO, puede reducir las disparidades en el cuidado. Uso de Checklists: Protocolos estandarizados y listas de verificación pueden garantizar que los pasos críticos, como la confirmación de flujo libre en dispositivos IO, no se pasen por alto. Conclusión El metanálisis confirma que la vía intravenosa sigue siendo la opción preferida para el acceso vascular durante un paro cardíaco, pero destaca el valor del acceso intraóseo en entornos prehospitalarios o cuando el acceso IV no es posible. La integración de estas recomendaciones en cursos como ACLS, PALS y PHTLS refuerza la necesidad de entrenar a los proveedores para manejar con competencia ambas técnicas. Referencias K. Couper, L.W. Andersen, I.R. Drennan, B.E. Grunau, P.J. Kudenchuk, R. Lall, E.J. Lavonas, G.D. Perkins, M.F. Vallentin, A. Granfeldt, On behalf of the International Liaison Committee on Resuscitation Advanced Life Support Task Force, Intraosseous and intravenous vascular access during adult cardiac arrest: a systematic review and meta-ana

Join us for a special bonus episode of Patch [FIX] Tuesday, an hour-long compilation of the vulnerabilities that help shaped the cybersecurity landscape in 2024. This episode recaps some the most critical and interesting exploits, from supply chain compromises to elevation of privilege threats targeting widely used platforms. Whether you're an IT administrator, security professional, or tech enthusiast, this episode provides valuable insights to stay ahead of evolving threats.Here's a list of vulnerabilities discussed in this episode, and be sure to tune into the Patch [FIX] Tuesday podcast on the second Tuesday of every month. Operation Triangulation (00:13)CVE-2024-21401: Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability (5:00)CVE-2024-21400: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability (11:00)CVE-2024-3094: XZ/Liblzma Supply Chain Backdoor (17:08)CVE-2024-4671: Google Chrome Use-After-Free Vulnerability (30:00)CVE-2024-30078: Windows WiFi Driver Remote Code Execution Vulnerability(35:03)CVE-2024-38053: Windows Layer Two Bridge Network RCE (47:14)CVE-2024-38180: SmartScreen Prompt Remote Code Execution Vulnerability (53:12)CVE-2024-43491: Microsoft Windows Update Remote Code Execution Vulnerability (1:00:00)CVE-2024-43533: Remote Desktop Client Remote Code Execution Vulnerability (1:04:24)CVE-2024-5535: Microsoft Defender for Endpoint Remote Code Execution Vulnerability (1:07:35)CVE-2024-49093: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability (1:09:36)

On this week's show, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: The SEC's cyber incident reporting isn't very exciting after all China Telecom on the way to being thrown out of the US The NSA/Cybercom might get two separate hats The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks (Yet another) File upload bug in Struts makes Java admins weep And much, much more. This episode is sponsored by SpecterOps, who run a pretty top notch offsec/pentest team when they're not busy making the Bloodhound Enterprise identity attack path enumeration software. SpecterOps' Robby Winchester joins to talk about how pentest has changed, and how their customers get value from their testing. This episode is also available Youtube. Show notes SEC cyber incident reporting rule generates 71 filings in 11 months | Cybersecurity Dive US senators, green groups call for accountability over hacking of Exxon critics | Reuters Biden Administration Takes First Step to Retaliate Against China Over Hack - The New York Times Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' | The Record from Recorded Future News EU opens investigation into TikTok and the Romanian election – POLITICO Clop ransomware claims responsibility for Cleo data theft attacks CISA warns of ransomware gangs exploiting Cleo, CyberPanel bugs | The Record from Recorded Future News CVE-2024-55956 | AttackerKB Apache issues patches for critical Struts 2 RCE bug • The Register Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers | The Record from Recorded Future News Israeli spyware firm Paragon acquired by US investment group, report says | Reuters How Cryptocurrency Turns to Cash in Russian Banks – Krebs on Security Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop Russia bans Viber, claiming app facilitates terrorism and drug trafficking | The Record from Recorded Future News

ChatGPT and Meta face widespread outages. Trump advisors explore splitting NSA and CyberCom leadership roles. A critical vulnerability in Apache Struts 2 has been disclosed. “AuthQuake” allowed attackers to bypass Microsoft MFA protections. Researchers identify Nova, a sophisticated variant of the Snake Keylogger malware. Adobe addresses critical vulnerabilities across their product line. Chinese law enforcement has been using spyware to collect data from Android devices since 2017. A new report highlights the gaps in hardware and firmware security management. A Krispy Kreme cyberattack creates a sticky situation. N2K's Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. Do Not Track bids a fond farewell.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K's Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. You can learn more in their new white paper "Building Cryptographic Agility in the Financial Sector." We will share the extended version of this conversation over our winter break. Stay tuned.  Selected Reading ChatGPT Down Globally, Services Restored After Hours Of Outage (Cyber Security News) Facebook, Instagram and other Meta apps go down due to 'technical issue' (CNBC) Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' (The Record) Apache issues patches for critical Struts 2 RCE bug (The Register) Microsoft MFA Bypassed via AuthQuake Attack (SecurityWeek) Nova Keylogger – A Snake Malware Steal Credentials and Capture Screenshorts From Windows (Cyber Security News) Adobe releases December 2024 patches for flaws in multiple products, including critical (Beyond Machines) Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement (SecurityWeek) Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge (Infosecurity Magazine) Krispy Kreme cyberattack impacts online orders and operations (Bleeping Computer) Firefox, one of the first “Do Not Track” supporters, no longer offers it (Ars Technica)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft confirms a critical Windows zero-day vulnerability. Global law enforcement agencies dismantle 27 DDoS platforms. Researchers compromise memory in AMD virtual machines. Ivanti reports multiple critical vulnerabilities in its Cloud Services Application. Group-IB researchers expose a sophisticated global phishing campaign. A zero-day vulnerability in Cleo's managed file transfer software is under active exploitation. The U.S. sanctions a Chinese firm for a 2020 firewall exploit. Congress looks to require the FCC to regulate telecom cybersecurity. Our guest is Malachi Walker, Security Strategist at DomainTools, discussing their role in ODNI's newly established Sentinel Horizon Program. SpartanWarriorz dodge a Telegram crackdown.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Malachi Walker, Security Strategist at DomainTools, about their role in ODNI's newly established Sentinel Horizon Program. Selected Reading New Windows 0Day Attack Confirmed—Homeland Security Says Update Now (Forbes) Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day (Infosecurity Magazine) Atlassian, Splunk Patch High-Severity Vulnerabilities (SecurityWeek) Chrome Security Update, Patch for 3 High-severity Vulnerabilities (Cyber Security News) ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others (SecurityWeek) Operation PowerOFF Takes Down DDoS Boosters (Infosecurity Magazine) AMD Chip VM Memory Protections Broken by BadRAM (Security Boulevard) Three more vulns spotted in Ivanti CSA, all critical, one 10/10 (The Register) Global Ongoing Phishing Campaign Targets Employees Across 12 Industries (Hackread) New Cleo zero-day RCE flaw exploited in data theft attacks (Bleeping Computer)  US Sanctions Chinese Firm at Center of Global Firewall Hack (Infosecurity Magazine) Wyden legislation would mandate FCC cybersecurity rules for telecoms (CyberScoop) Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down (Security Boulevard)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, the hosts discuss various cybersecurity vulnerabilities, particularly focusing on recent CVEs, including CVE-2024-49093, CVE-2024-49132, and CVE-2024-49138. They emphasize the importance of patching systems, especially during the holiday season when companies may be more vulnerable. The conversation highlights the need for awareness around phishing scams and other security threats that tend to increase during this time of year.

00:00:00 - PreShow Banter™ — Discordgate00:09:24 - BHIS - Talkin' Bout [infosec] News 2024-11-2500:10:46 - Story # 1: DOJ says Google must sell Chrome to crack open its search monopoly00:12:08 - Story # 1b: DOJ's staggering proposal would hurt consumers and America's global technological leadership00:19:16 - Story # 2: The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access00:24:37 - Story # 3: Palo Alto Networks tackles firewall-busting zero-days with critical patches00:25:46 - Discordgate Follow Up00:26:26 - Story # 4: Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization00:31:08 - Story # 5: Fintech giant Finastra investigates data breach after SFTP hack00:34:01 - Story # 6: CFPB Finalizes Rule on Federal Oversight of Popular Digital Payment Apps to Protect Personal Data, Reduce Fraud, and Stop Illegal “Debanking”00:38:49 - Story # 7: T-Mobile finally managed to thwart a data breach before it occured00:40:22 - Story # 8: D-Link urges users to retire VPN routers impacted by unfixed RCE flaw00:43:07 - Story # 9: US seizes PopeyeTools cybercrime marketplace, charges administrators00:46:19 - Story # 10: Razzlekhan, crypto's most embarrassing rapper, is going to prison00:48:31 - Story # 10b: Netflix has a perfectly timed Razzlekhan doc coming out in December00:50:10 - Story # 11: Microsoft Defender Is Not Enough Anymore—This Malware Gets Around It00:55:11 - Story # 12: Microsoft president asks Trump to “push harder” against Russian hacks00:57:02 - Story # 13: Hackers Breach Andrew Tate's Online ‘University,' Exposing 800,000 Users01:00:36 - Story # 14: 7-Zip affected by dangerous vulnerability: users must update the app manually01:01:31 - Story # 15: Microsoft disrupts ONNX phishing-as-a-service infrastructure01:03:07 - Story # 16: US charges five linked to Scattered Spider cybercrime gang01:04:25 - Plug: Secure Code Summit 2024

Linux userspace is still a mess and has some bad bugs in root utilities, and Vaultwarden has an interesting auth bypass attack. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/264.html [00:00:00] Introduction [00:00:29] LPEs in needrestart [Ubuntu] [00:18:41] Vulnerability Disclosure: Authentication Bypass in Vaultwarden versions < 1.32.5 [00:31:50] From an Android Hook to RCE [00:43:34] Simple macOS kernel extension fuzzing in userspace with IDA and TinyInst Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

In today's episode, we dive deep into the fascinating yet troubling world of cybersecurity, exploring how even the most advanced antivirus software, firewalls, and endpoint security measures can fall short due to a single factor: human error. Despite the latest tech solutions, hackers continue to exploit one consistent vulnerability—users clicking on suspicious links and files. We'll discuss how phishing emails, malware, and outdated software create an entryway for cybercriminals, even in some of the most secure environments. Using two real-world cases, we'll uncover how modern-day malware such as Remcos RAT and Smoke Loader Trojan bypass standard security protocols. These cyber threats often use a combination of remote code execution (RCE) vulnerabilities, phishing emails disguised as business orders, and cleverly crafted zip files that hide malicious content. What's even more shocking? These vulnerabilities have been known for years, yet are still exploited due to outdated software and a lack of user awareness. Whether you're an individual trying to protect your personal data or part of an organization concerned with cybersecurity, this video is packed with insights on staying safe online. Learn how to spot phishing attempts, recognize the importance of regular software updates, and understand why cybersecurity training is essential to protecting yourself and your organization from potential threats. If you enjoy this breakdown, don't forget to hit the like button, subscribe, and click the notification bell to stay updated with more cybersecurity insights! Your support helps the channel grow and allows us to bring more content your way. Let's keep your digital world safe—one informed click at a time. #Cybersecurity #Malware #DataBreach #Phishing #CyberThreats #RemoteCodeExecution #RemcosRAT #SmokeLoader #UserAwareness #TechNews #CyberAttack #OnlineSafety #DigitalSecurity #Antivirus #CyberHygiene #TechExplained #StaySafeOnline #CybersecurityTips #DataProtection #Infosec

Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Bitwarden reaffirms it's commitment to open source. The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Automox cybersecurity experts discuss the latest security updates from November's Patch Tuesday, focusing on several critical vulnerabilities, including NTLM Hash Disclosure, Microsoft Defender's RCE vulnerability, and the Windows Task Scheduler Elevation of Privilege Vulnerability. They emphasize the importance of patching and user awareness in combating phishing attacks and other security threats. The conversation highlights the complexities of vulnerabilities in Windows 10 and 11, and the need for proactive measures to protect systems.

Interlock ransomware gang aims at U.S. healthcare, IT and government Canada tells TikTok to dissolve its Canadian business Hewlett Packard warns of critical RCE flaws in Aruba Networking software Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews.   Visit vanta.com to learn more about Questionnaire Automation.   Find the stories behind the headlines at CISOseries.com.  

In this week's episode, we talk a little bit about LLMs and how they can be used with static analysis. We also cover GitHub Security Blog's post on attacking browser extensions, as well as a somewhat controversial CyberPanel Pre-Auth RCE that was disclosed. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/261.html [00:00:00] Introduction [00:01:56] Autonomous Discovery of Critical Zero-Days [00:14:43] Attacking browser extensions [00:25:26] What Are My OPTIONS? CyberPanel v2.3.6 pre-auth RCE [00:52:15] Security research on Private Cloud Compute [01:01:02] Bluetooth Low Energy GATT Fuzzing Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Andy drops some Microsoft Windows and 365 knowledge as we discuss the details on how we get to secure by default in our Windows and cloud environments. This week: The USB Army Knife that won't break the budget, I don't want to say EDR is useless (but there I said it), Paul's list of excellent hacking tips, FortiJump - an RCE that took a while to become public, do malware care if it's on a hypervisor?, MicroPython for fun and not for hacking?, an unspecified vulnerability, can you exploit speculative execution bugs?, scanning the Internet and creating a botnet by accident. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-848

This week: The USB Army Knife that won't break the budget, I don't want to say EDR is useless (but there I said it), Paul's list of excellent hacking tips, FortiJump - an RCE that took a while to become public, do malware care if it's on a hypervisor?, MicroPython for fun and not for hacking?, an unspecified vulnerability, can you exploit speculative execution bugs?, scanning the Internet and creating a botnet by accident. Show Notes: https://securityweekly.com/psw-848

Andy drops some Microsoft Windows and 365 knowledge as we discuss the details on how we get to secure by default in our Windows and cloud environments. This week: The USB Army Knife that won't break the budget, I don't want to say EDR is useless (but there I said it), Paul's list of excellent hacking tips, FortiJump - an RCE that took a while to become public, do malware care if it's on a hypervisor?, MicroPython for fun and not for hacking?, an unspecified vulnerability, can you exploit speculative execution bugs?, scanning the Internet and creating a botnet by accident. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-848

In this episode of Patent Pending Made Simple, Jaime and Samar tell you what a notice of allowance is, how it should be treated, and what you need to do after receiving one.SummaryIn this episode, the hosts discuss what to do after receiving a notice of allowance on a patent application. They explain a notice of allowance and how long it typically takes to receive one. They emphasize the importance of reviewing the notice of allowance and any examiner's amendments and paying the issue fee. They also discuss the duty of disclosure, the need to file an information disclosure statement (IDS), and a request for continued examination (RCE) if new relevant references are discovered. The hosts also recommend considering filing a continuation application and discussing the timeline for patent issuance. They mention the importance of patent marking and needing maintenance fees to keep the patent in force. The episode concludes with a reminder that the podcast does not provide legal advice.TakeawaysReview the notice of allowance and any examiner's amendments carefullyPay the issue fee to move forward with the patent applicationDisclose any new relevant references through an information disclosure statement (IDS) and a request for continued examination (RCE)Consider filing a continuation application to capture different claim scopesBe aware of the timeline for patent issuance and the need to pay maintenance feesMark the product as patented to access certain types of damagesRemember that the podcast does not provide legal adviceChapters00:00 Introduction and Overview00:20 Explanation of Notice of Allowance01:33 Timeline for Receiving a Notice of Allowance03:27 What to Do After Receiving a Notice of Allowance04:43 Duty of Disclosure and Information Disclosure Statement (IDS)06:06 Importance of Meeting Duty of Disclosure07:18 Request for Continued Examination (RCE)08:09 Considerations for Filing a Continuation Application10:08 Timeline for Patent Issuance11:22 Importance of Filing a Continuation Application13:48 Patent Marking and Maintenance Fees16:22 Conclusion and Disclaimer

In this episode, the hosts discuss the critical vulnerabilities released in October's Patch Tuesday, focusing on notable CVEs, including a Windows netlogon elevation of privilege vulnerability and an RCE in the remote desktop client. They also address the CUPS vulnerability affecting Linux servers and the implications of Apple's recent updates that have disrupted security tools. The conversation emphasizes the importance of patching and maintaining security in the face of evolving threats.

Video Episode: https://youtu.be/7et_7YkwAHs In today’s episode, we dive into the alarming rise of malware delivery through fake job applications targeting HR professionals, specifically focusing on the More_eggs backdoor. We also discuss critical gaming performance issues in Windows 11 24H2 and the vulnerabilities in DrayTek routers that expose over 700,000 devices to potential hacking. Lastly, we address the urgent exploitation of a remote code execution flaw in Zimbra email servers, emphasizing the need for immediate updates to safeguard against evolving threats. Links to articles: 1. https://thehackernews.com/2024/10/fake-job-applications-deliver-dangerous.html 2. https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-11-24h2-gaming-performance-issues/ 3. https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html 4. https://www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-exploited-to-backdoor-servers-using-emails/ Timestamps 00:00 – Introduction 01:14 – Zimbra RCE Vulnerability 02:17 – 700k DrayTek Routers Vulnerable 04:36 – Recruiters Targeted with Malware 06:14 – Microsoft blocks updates for gamers 1. What are today’s top cybersecurity news stories? 2. How is More_eggs malware targeting HR professionals? 3. What vulnerabilities exist in DrayTek routers? 4. Why did Microsoft block Windows 11 24H2 upgrades? 5. What is the impact of the Zimbra RCE flaw? 6. How do fake job applications spread malware? 7. What security measures can protect against More_eggs malware? 8. What are the latest gaming issues with Windows 11? 9. How can DrayTek router vulnerabilities be mitigated? 10. What are the latest tactics used by cybercriminals in email attacks? More_eggs, Golden Chickens, spear-phishing, credential theft, Microsoft, Windows 11, Asphalt 8, Intel Alder Lake+, DrayTek, vulnerabilities, exploits, cyber attackers, Zimbra, RCE, vulnerability, exploitation, # Intro HR professionals are under siege as a spear-phishing campaign disguised as fake job applications delivers the lethal More_eggs malware, leading to potentially devastating credential theft. Powered by the notorious Golden Chickens group, this malware-as-a-service targets recruiters with chilling precision. **How are recruitment officers unknowingly downloading malicious files, and what methods are threat actors using to bypass security measures?** “Microsoft is blocking Windows 11 24H2 upgrades on some systems due to critical gaming performance issues like Asphalt 8 crashes and Easy Anti-Cheat blue screens. The company is scrambling to resolve these problems that uniquely impact devices with Intel Alder Lake+ processors.” How can gamers with affected systems work around these issues until Microsoft releases a fix? Over 700,000 DrayTek routers are currently vulnerable to 14 newly discovered security flaws, with some critical exploits that could be used to take full control of the devices and infiltrate enterprise networks. Despite patches being released, many routers remain exposed, creating a lucrative target for cyber attackers. How can these vulnerabilities impact businesses that rely on DrayTek routers for network security? Hackers are leveraging a critical Zimbra RCE vulnerability to backdoor servers through specially crafted emails that execute malicious commands, revealing widespread exploitation just days after a proof-of-concept was published. Notable security experts warn of attackers embedding harmful code in the email’s CC field, which the Zimbra server inadvertently executes. How are attackers camouflaging their malicious emails to slip through security measures unnoticed? # Stories Welcome back to our podcast. Today, we’re talking about a new cyber threat targeting HR professionals. Researchers at Trend Micro have uncovered a spear-phishing campaign where fake job applications deliver a JavaScript backdoor called More_eggs to recruiters. This malware, sold as malware-as-a-service by a group known as Golden Chickens, can steal credentials for online banking, email accounts, and IT admin accounts. What’s unique this time is that attackers are using spear-phishing emails to build trust, as observed in a case targeting a talent search lead in engineering. The attack sequence involves downloading a ZIP file from a deceptive URL, leading to the execution of the More_eggs backdoor. This malware probes the host system, connects to a command-and-control server, and can download additional malicious payloads. Trend Micro’s findings highlight the persistent and evolving nature of these attacks, which are difficult to attribute because multiple threat actors can use the same toolkits. The latest insights also connect these activities to known cybercrime groups like FIN6. Stay vigilant, especially if you work in HR or recruitment. 1. **Spear-Phishing**: – **Definition**: A targeted phishing attack aiming at specific individuals or companies, typically using information about the victim to make fraudulent messages more convincing. – **Importance**: This method is specifically dangerous because it can trick even tech-savvy users by exploiting personalized details, leading to significant security breaches like credential theft. 2. **More_eggs**: – **Definition**: A JavaScript backdoor malware sold as a malware-as-a-service (MaaS) with capabilities to siphon credentials and provide unauthorized access to infected systems. – **Importance**: Due to its ability to latently steal sensitive information and its widespread use by various e-crime groups, More_eggs represents a significant threat to corporate cybersecurity. 3. **Malware-as-a-Service (MaaS)**: – **Definition**: A business model where malicious software is developed and sold to cybercriminals who can then use it to conduct attacks. – **Importance**: This model lowers the barrier of entry for cybercriminals, allowing even those with limited technical skills to launch sophisticated attacks using pre-made malware. 4. **Golden Chickens**: – **Definition**: A cybercriminal group (also known as Venom Spider) attributed with developing and distributing the More_eggs malware. – **Importance**: Understanding threat actors like Golden Chickens can help cybersecurity professionals anticipate and defend against specific threat tactics. 5. **Command-and-Control (C2) Server**: – **Definition**: A server used by threat actors to maintain communications with compromised systems within a target network to execute commands and control malware. – **Importance**: Disrupting C2 servers is crucial because it can cut off the attacker's control over their malware, mitigating the threat. 6. **LNK File**: – **Definition**: A shortcut file in Windows that points to another file or executable. – **Importance**: Misuse of LNK files in phishing campaigns can lead to automated execution of malicious payloads, making them an effective vector for malware distribution. 7. **PowerShell**: – **Definition**: A task automation framework from Microsoft consisting of a command-line shell and scripting language. – **Importance**: PowerShell is often used by attackers to execute and conceal malicious scripts due to its powerful capabilities and integration with Windows. 8. **Tactics, Techniques, and Procedures (TTPs)**: – **Definition**: The behavior patterns or methodologies used by cyber threat actors to achieve their goals. – **Importance**: Identifying TTPs helps security professionals understand, detect, and mitigate specific attack strategies used by threat actors. 9. **Obfuscation**: – **Definition**: The process of deliberately making code or data difficult to understand or interpret. – **Importance**: Obfuscation is commonly used by malware developers to conceal malicious activities and bypass security mechanisms. 10. **Cryptocurrency Miner**: – **Definition**: Software used to perform the computational work required to validate and add transactions to a blockchain ledger in exchange for cryptocurrency rewards. – **Importance**: Unauthorized cryptocurrency mining (cryptojacking) can misuse system resources for financial gain, leading to performance degradation and security vulnerabilities. — On today’s tech update: Microsoft has blocked upgrades to Windows 11 version 24H2 on certain systems due to gaming performance issues. Players of Asphalt 8 may encounter game crashes, while some systems running Easy Anti-Cheat might experience blue screens. These problems mainly affect devices with Intel Alder Lake+ processors. Until Microsoft resolves these issues, impacted users are advised not to manually upgrade using tools like the Media Creation Tool. Microsoft is working on fixes and will include them in upcoming updates. 1. **Windows 11 24H2**: A version of Microsoft’s Windows 11 operating system, released in the second half (H2) of 2024. It is significant because it represents Microsoft’s ongoing update cycle aimed at improving system performance and user experience, though it also highlights the challenges of software compatibility and stability. 2. **Asphalt 8 (Airborne)**: A popular racing video game often used for showcasing graphical and processing capabilities of devices. Its relevance lies in exposing potential software and hardware compatibility issues when new operating systems are released. 3. **Easy Anti-Cheat**: A software tool designed to detect and prevent cheating in multiplayer games. It is crucial for maintaining fair play and integrity in online gaming environments but can pose compatibility challenges with system updates. 4. **Blue Screen of Death (BSoD)**: An error screen displayed on Windows computers following a system crash. It is important as it signals serious software or hardware issues that could affect system stability and data integrity. 5. **Intel Alder Lake+ processors**: A generation of Intel’s microprocessors known for their hybrid architecture design. Understanding these chips is important for recognizing which systems might be more susceptible to the reported compatibility issues. 6. **vPro platform**: A set of Intel technologies aimed at enhancing business security and manageability. It’s critical to cybersecurity professionals because it allows for hardware-level encryption and more robust security management, but compatibility with OS updates can be problematic. 7. **MEMORY_MANAGEMENT error**: A specific type of error indicating system memory management problems, often leading to system crashes. It is crucial for cybersecurity and IT professionals as it affects the stability and reliability of a system. 8. **Compatibility holds (Safeguard IDs)**: Mechanisms employed by Microsoft to prevent system upgrades when known issues are detected. These are essential for protecting users from potential system failures and ensuring a stable computing environment. 9. **Media Creation Tool**: A Microsoft utility used for installing or upgrading Windows OS. It's important for IT professionals as it provides a means to manually deploy Windows updates, though it highlights the risks of bypassing automatic update safeguards. 10. **KB5043145 (Preview Update)**: A specific Windows update known to cause issues such as reboot loops and connection failures. Understanding these updates is crucial for maintaining system stability and ensuring that deployed systems are free from vulnerabilities and bugs. — In a recent cybersecurity alert, over 700,000 DrayTek routers have been identified as vulnerable to hacking due to 14 newly discovered security flaws. These vulnerabilities, found in both residential and enterprise routers, include two rated critical, with one receiving the maximum CVSS score of 10.0. This critical flaw involves a buffer overflow in the Web UI, potentially allowing remote code execution. Another significant vulnerability is OS command injection via communication binaries. The report highlights the widespread exposure of these routers’ web interfaces online, creating a tempting target for attackers, particularly in the U.S. DrayTek has released patches to address these vulnerabilities, urging users to apply updates, disable unnecessary remote access, and utilize security measures like ACLs and two-factor authentication. This development coincides with international cybersecurity agencies offering guidance to secure critical infrastructure, emphasizing the importance of safety, protecting valuable OT data, secure supply chains, and the role of people in cybersecurity. 1. **Vulnerability**: A weakness in a system or software that can be exploited by hackers. – **Importance**: Identifying vulnerabilities is crucial in cyber security because it helps protect systems from attacks. 2. **Router**: A device that routes data from one network to another, directing traffic on the internet. – **Importance**: Routers are essential for internet connectivity and their security is vital to prevent unauthorized access to networks. 3. **Buffer Overflow**: A coding error where a program writes more data to a buffer than it can hold, potentially leading to system crashes or unauthorized code execution. – **Importance**: Buffer overflows are common vulnerabilities that can be exploited to gain control of a system. 4. **Remote Code Execution (RCE)**: A type of vulnerability that allows an attacker to execute code on a remote system without authorization. – **Importance**: RCE vulnerabilities are highly critical as they enable attackers to take over affected systems. 5. **Cross-site Scripting (XSS)**: A web security vulnerability that allows attackers to inject malicious scripts into content from otherwise trusted websites. – **Importance**: XSS can be used to steal information, deface websites, and spread malware. 6. **Adversary-in-the-Middle (AitM) Attack**: An attack where the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. – **Importance**: AitM attacks can lead to data theft, man-in-the-middle proxy attacks, and unauthorized access to sensitive information. 7. **Denial-of-Service (DoS)**: An attack intended to shut down a machine or network, making it inaccessible to its intended users. – **Importance**: DoS attacks disrupt the availability of services and can cause significant downtime and financial loss. 8. **Access Control List (ACL)**: A list of permissions attached to an object that specifies which users or system processes can access the object and what operations they can perform. – **Importance**: ACLs are crucial for implementing security policies to control access to resources. 9. **Two-Factor Authentication (2FA)**: A security process in which the user provides two different authentication factors to verify themselves. – **Importance**: 2FA improves security by adding an additional layer of verification, making it harder for attackers to gain unauthorized access. 10. **Operational Technology (OT)**: Hardware and software that detects or causes changes through direct monitoring and control of physical devices, processes, and events in an enterprise. – **Importance**: OT security is critical for the functioning and safety of critical infrastructure systems, such as those in manufacturing, power generation, and transportation. — Today, we’re discussing a critical remote code execution (RCE) vulnerability in Zimbra email servers, tracked as CVE-2024-45519, which hackers are actively exploiting. This flaw allows attackers to trigger malicious commands simply by sending specially crafted emails, which are processed by Zimbra’s post journal service. First flagged by Ivan Kwiatkowski of HarfangLab and confirmed by Proofpoint, the exploit involves spoofed emails with commands hidden in the “CC” field. Once processed, these emails deliver a webshell to the server, giving attackers full access for data theft or further network infiltration. A proof-of-concept exploit was released by Project Discovery on September 27, prompting immediate malicious activity. Administrators are urged to apply security updates released in Zimbra’s latest versions—9.0.0 Patch 41 and later—or disable the vulnerable postjournal service and ensure secure network configurations to mitigate the threat. Stay vigilant and update your Zimbra servers immediately to protect against this critical vulnerability. 1. **Remote Code Execution (RCE)** – **Definition**: A type of security vulnerability that enables attackers to run arbitrary code on a targeted server or computer. – **Importance**: This flaw can be exploited to gain full control over the affected machine, leading to data theft, unauthorized access, and further network penetration. 2. **Zimbra** – **Definition**: An open-source email, calendaring, and collaboration platform. – **Importance**: Popular among organizations for its integrated communication tools, making it a significant target for cyberattacks due to the sensitive data it handles. 3. **SMTP (Simple Mail Transfer Protocol)** – **Definition**: A protocol used to send and route emails across networks. – **Importance**: Integral to email services, its exploitation can deliver malicious content to servers and users, forming a vector for cyber-attacks. 4. **Postjournal Service** – **Definition**: A service within Zimbra used to parse incoming emails over SMTP. – **Importance**: Its vulnerability can be leveraged to execute arbitrary commands, making it a crucial attack point for hackers. 5. **Proof-of-Concept (PoC)** – **Definition**: A demonstration exploit showing that a vulnerability can be successfully taken advantage of. – **Importance**: PoC exploits serve as proof that theoretical vulnerabilities are practical and dangerous, necessitating urgent security responses. 6. **Base64 Encoding** – **Definition**: A method of encoding binary data into an ASCII string format. – **Importance**: Often used to encode commands within emails or other data streams to evade basic security detections. 7. **Webshell** – **Definition**: A type of malicious script that provides attackers with remote access to a compromised server. – **Importance**: Webshells afford attackers sustained control over a server, allowing for ongoing data theft, disruptions, and further exploits. 8. **CVE (Common Vulnerabilities and Exposures)** – **Definition**: A list of publicly known cybersecurity vulnerabilities and exposures, identified by unique CVE IDs. – **Importance**: Helps standardize and track security issues, facilitating communication and management of vulnerabilities across the cybersecurity community. 9. **Patch** – **Definition**: An update to software aimed at fixing security vulnerabilities or bugs. – **Importance**: Patching vulnerabilities is critical for protecting systems from attacks exploiting known security flaws. 10. **Execvp Function** – **Definition**: A function in Unix-like operating systems that executes commands with an argument vector, featuring improved input sanitization. – **Importance**: By replacing vulnerable functions like ‘popen,’ ‘execvp’ helps prevent the execution of malicious code, thus enhancing system security. —

More remote car control via web interfaces, an RCE in CUPS, Microsoft reduces attack surface, migrating to memory safety, dealing with dependency confusion, getting rid of password strength calculators, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-301

More remote car control via web interfaces, an RCE in CUPS, Microsoft reduces attack surface, migrating to memory safety, dealing with dependency confusion, getting rid of password strength calculators, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-301

The US charges a Chinese national for spear-phishing government employees. The feds impose new sanctions on the makers of Predator spyware. Dealing with fake data breaches. Researchers discover a critical vulnerability in Google Cloud Platform. D-Link has patched critical vulnerabilities in three popular wireless router models. Snowflake ups their authentication game. A US mining company confirms a cyberattack. Researchers identify critical threats targeting construction industry accounting software. Tim Starks from CyberScoop joins us with his reporting on the US Postal Service's ability to meet the challenges of the upcoming election. Cisco's second round of layoffs hit hard.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Tim Starks, Senior Reporter from CyberScoop, joining us to discuss his piece on "Election officials say U.S. Postal Service woes place election mail at risk."  Selected Reading DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military (SecurityWeek) US Ramps Up Sanctions on Spyware-Maker Intellexa (Infosecurity Magazine) All Smoke, no Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them (Security Boulevard) Google Cloud Platform RCE Flaw Let Attackers Execute Code on Millions of Google Servers (Cyber Security News)  D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (Bleeping Computer) Breach-Weary Snowflake Moves to MFA, 14-Character Passwords (GovInfo Security) Owner of only US platinum mine confirms data breach after ransomware claims (The Record) Cracks in the Foundation: Intrusions of FOUNDATION Accounting Software (Huntress) Cisco's second layoff of 2024 affects thousands of employees (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Shop our new swag store at ctbb.show/swagResourcesURL Validation Bypass cheat sheetSanicDNSOrange Confusion AttacksWordPress GiveWP POP to RCEXsstoolsBypassing browser tracking protectionAdvanced iframe MagicDOM Clobberinghttps://www.ruhrsec.de/downloads/slides/Everything-You-Wanted-to-Know-About-DOM-Clobbering-But-Were-Afraid-to-Ask-Soheil-Khodayari-RuhrSec.pdfAndhttps://domclob.xyz/domc_payload_generator/Timestamps:(00:00:00) Introduction(00:02:00) URL validation bypass(00:07:41) SanicDNS and Orange confusion attacks(00:20:06) WordPress GiveWP POP to RCE(00:31:29) Xsstools(00:43:56) Bypassing browser tracking protection(00:52:06) DOM Clobbering and mixing up your approach

Patch Tuesday rundown. Microsoft integrates post-quantum cryptography (PQC) algorithms into its SymCrypt cryptographic library.The FTC finalizes rules to combat fake reviews and testimonials. A payment card thief pleads guilty. On our latest CertByte segment, N2K's Chris Hare and George Monsalvatge share questions and study tips from the Microsoft Azure Fundamentals (AZ-900) Practice Test.  Hard Drive Heaven: How Iconic Music Sessions Are Disappearing.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Fundamentals (AZ-900) Practice Test. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Reference: What is public cloud? (RedHat) Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Remembering 9/11 In today's episode, we pause to honor and remember the lives lost on September 11, 2001. We pay tribute to the courageous first responders, the resilient survivors, and the families whose lives were forever altered by that tragic day. Amidst the profound loss, the spirit of unity and compassion shone brightly, reminding us of our shared humanity. Additionally, you can check out our special segment featuring personal remembrances from N2K CyberWire's very own Rick Howard, who was in the Pentagon on that fateful day. His reflections provide a heartfelt perspective on the events and are well worth your time. Tune in to hear his poignant insights. Special Edition Podcast In today's special edition of Solution Spotlight, we welcome Mary Haigh, Global CISO of BAE Systems, as she sits down with N2K's Simone Petrella. Together, they discuss moving beyond the technical aspects of cybersecurity to build and lead a high-performing security team. Selected Reading Microsoft Fixes Four Actively Exploited Zero-Days (Infosecurity Magazine) Adobe releases september 2024 patches for flaws in multiple products, including critical (Beyond Machines) Chrome 128 Update Resolves High-Severity Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Advisories Published by Siemens, Schneider, ABB, CISA (SecurityWeek) Ivanti fixes maximum severity RCE bug in Endpoint Management software (Bleeping Computer) Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library (SecurityWeek) Federal Trade Commission Announces Final Rule Banning Fake Reviews and Testimonials (Federal Trade Commission) Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details (Bitdefender) Inside Iron Mountain: It's Time to Talk About Hard Drives (Mixonline) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach top security leaders. Explore our network sponsorship opportunities and build your brand where industry leaders get their daily news. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Now alerts come from Progress Software and Veeam Backup & Restoration. Car rental giant Avis notifies nearly 300,000 customers of a data breach. The UK's National Crime Agency struggles to retain top cyber talent. Two Nigerian brothers get prison time for their roles in a deadly sextortion scheme. SpyAgent malware uses OCR to steal cryptocurrency. A Seattle area school district suffers a cybercrime snow day. Our guest is Amer Deeba, CEO of Normalyze, discussing data's version of hide and go seek -  the emergence of shadow data. A crypto leader resigns after being held at gunpoint.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Amer Deeba, CEO of Normalyze, discussing data's version of hide and go seek, or the emergence of shadow data. Selected Reading Progress LoadMaster vulnerable to 10/10 severity RCE flaw (Bleeping Computer) New Veeam Vulnerability Puts Thousands of Backup Servers at Risk – PATCH NOW! (HACKREAD) Thousands of Avis car rental customers had personal data stolen in cyberattack (TechCrunch) UK National Crime Agency, responsible for fighting cybercrime, ‘on its knees,' warns report (The Record) 2 Brothers Sentenced to More Than 17 Years in Prison in Sextortion Scheme (The New York Times) SpyAgent Android malware steals your crypto recovery phrases from images (Bleeping Computer) Highline schools closing Monday because of cyberattack (Seattle Times) Crypto Firm CEO Resigns Following Armed Robbery of Company Funds (Blockonomi) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers find Yubikeys vulnerable to cloning. Google warns of a serious zero-day Android vulnerability. Zyxel releases patches for multiple vulnerabilities. D-Link urges customers to retire unsupported vulnerable routers. Hackers linked to Russia and Belarus target Latvian websites. The Federal Trade Commission (FTC) reports a sharp rise in Bitcoin ATM-related scams. Dutch authorities fine Clearview AI over thirty million Euros over GDPR violations. Threat actors are misusing the MacroPack red team tool to deploy malware. CISA shies away from influencing content moderation. Our guest is George Barnes, Cyber Practice President at Red Cell Partners and Fmr. Deputy Director of NSA discussing his experience at the agency and now in the VC world. Unauthorized Wi-Fi on a Navy warship Leads to Court-Martial.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is George Barnes, Cyber Practice President and Partner at Red Cell Partners and judge at the 2024 DataTribe Challenge, discussing his experience on both sides, having been at NSA and now in the VC world. Submit your startup to potentially be selected to be part of a startup competition like no other by September 27, 2024. Selected Reading YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (Ars Technica) Google Issues Android Under Attack Warning As 0-Day Threat Hits Users (Forbes) Zyxel Patches Critical Vulnerabilities in Networking Devices (SecurityWeek) D-Link says it is not fixing four RCE flaws in DIR-846W routers (Bleeping Computer) Hackers linked to Russia and Belarus increasingly target Latvian websites, officials say (The Record) New FTC Data Shows Massive Increase in Losses to Bitcoin ATM Scams (FTC) Dutch DPA imposes a fine on Clearview because of illegal data collection for facial recognition | Autoriteit Persoonsgegevens (Autoriteit Persoonsgegevens) Red Teaming Tool Abused for Malware Deployment (Infosecurity Magazine) CISA moves away from trying to influence content moderation decisions on election disinformation (CyberScoop) How Navy chiefs conspired to get themselves illegal warship Wi-Fi (Navy Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Wireshark 4.4: Converting Display Filters to BPF Capture Filters https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224 GitHub Comments Used to Spread Malware https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/ Voldemort Malware Curses Orgs Using Global Tax Authorities https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/

Wireshark 4.4: Converting Display Filters to BPF Capture Filters https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224 GitHub Comments Used to Spread Malware https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/ Voldemort Malware Curses Orgs Using Global Tax Authorities https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Starting in October, all Microsoft Azure customers will be required to have multi-factor authentication (MFA) enabled on their accounts.Documents from a lawsuit revealed that over 2.9 billion records are vulnerable after a massive hack of the Florida-based National Public Data network.Microsoft recently advised of a critical TCP/IP Remote Code Execution Vulnerability dubbed CVE 2024-38063, which is a critical unauthenticated Remote Code Execution - or RCE - vulnerability within the Windows TCP/IP stack. Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level.

We dig into the RegreSSHion bug, debate it's real threat and explore clever tools to build a tasty fried onion around your system.Sponsored By:Core Contributor Membership: Take $1 a month of your membership for a lifetime!Tailscale: Tailscale is a programmable networking software that is private and secure by default - get it free on up to 100 devices! 1Password Extended Access Management: 1Password Extended Access Management is a device trust solution for companies with Okta, and they ensure that if a device isn't trusted and secure, it can't log into your cloud apps. Support LINUX UnpluggedLinks: