Podcasts about rce

  • 178PODCASTS
  • 643EPISODES
  • 40mAVG DURATION
  • 1WEEKLY EPISODE
  • Jun 18, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about rce

Show all podcasts related to rce

Latest podcast episodes about rce

The CyberWire
Typhoon on the line.

The CyberWire

Play Episode Listen Later Jun 18, 2025 28:35


Viasat confirms it was breached by Salt Typhoon. Microsoft's June 2025 security update giveth, and Microsoft's June 2025 security update taketh away. Local privilege escalation flaws grant root access on major Linux distributions. BeyondTrust patches a critical remote code execution flaw. SMS low cost routing exposes users to serious risks. Erie Insurance says their ongoing outage isn't ransomware. Backups are no good if you can't find them. Veeam patches a critical vulnerability in its Backup software. SuperCard malware steals payment card data for ATM fraud and direct bank transfers. We preview our Juneteenth special edition. Backing up humanity.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are sharing an excerpt of our Juneteenth Special Edition conversation between Dave Bittner, T-Minus Space Daily's Maria Varmazis, and CISO Perspectives podcast's Kim Jones. Enjoy this discussion on the eve of Juneteenth and tune into your CyberWire Daily feed tomorrow on your favorite podcast app to hear the full conversation. Selected Reading Viasat hacked by China-backed Salt Typhoon in 2024 US telecom attacks (Cybernews) Microsoft's June Patches Unleash a Cascade of Critical Failures (WinBuzzer) New Linux udisks flaw lets attackers get root on major Linux distros (Bleeping Computer) BeyondTrust warns of pre-auth RCE in Remote Support software (Bleeping Computer) Two Factor Insecurity (Lighthouse Reports) Erie Insurance: ‘No Evidence' of Ransomware in Network Outage (Insurance Journal) Half of organizations struggle to locate backup data, report finds (SC Media) New Veeam RCE flaw lets domain users hack backup servers (Bleeping Computer) Russia detects first SuperCard malware attacks skimming bank data via NFC (The Record) Why one man is archiving human-made content from before the AI explosion (Ars Technica) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
Can't DOGE the inquiry.

The CyberWire

Play Episode Listen Later Jun 17, 2025 33:09


A House oversight committee requests DOGE documents from Microsoft. Predatory Sparrow claims a cyberattack on an Iranian bank. Microsoft says data that happens in Europe will stay in Europe. A complex malware campaign is using heavily obfuscated Visual Basic files to deploy RATs. A widely used CMS platform suffers potential RCE bugs.  North Korea's Kimsuky targets academic institutions using password-protected research documents. Asus patches a high-severity vulnerability in its Armoury Crate software. CISA's new leader remains in confirmation limbo. Our guest is Brian Downey, VP of Product Management from Barracuda, talking about how security sprawl increases risk. Operation Fluffy Narwhal thinks it's time to rethink adversary naming. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.  CyberWire Guest We are joined by Brian Downey, VP of Product Marketing and Product Management from Barracuda, talking about how security sprawl increases risk. You can find more information about what Brian discussed here. Selected Reading Following Whistleblower Reports, Acting Ranking Member Lynch Demands Microsoft Hand Over Information on DOGE's Misconduct at NLRB | The Committee on Oversight and Accountability Democrats (House Committee on Oversight and Government Reform) Pro-Israel hackers claim breach of Iranian bank amid military escalation (The Record) Microsoft lays out data protection plans for European cloud customers (Reuters) New Sophisticated Multi-Stage Malware Campaign Weaponizes VBS Files to Execute PowerShell Script (Cyber Security News) Chained Flaws in Enterprise CMS Provider Sitecore Could Allow RCE (Infosecurity Magazine) Beware of Weaponized Research Papers That Delivers Malware Via Password-Protected Documents (Cyber Security News) Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers (SecurityWeek) Asus Armoury Crate Vulnerability Leads to Full System Compromise (SecurityWeek) Trump's Pick to Lead CISA is Stuck in Confirmation Limbo (Gov Infosecurity) Call Them What They Are: Time to Fix Cyber Threat Actor Naming (Just Security) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dental A Team w/ Kiera Dent and Dr. Mark Costes
#1,004: How to Actually Implement That CE You're So Jazzed About

Dental A Team w/ Kiera Dent and Dr. Mark Costes

Play Episode Listen Later Jun 10, 2025 26:32


Tiff and Britt dive into the nitty-gritty details of turning all that CE energy you have into an implementable system in your practice. They give insight on establishing a point person, training the team, identifying patients, and more. Episode resources: Subscribe to The Dental A-Team podcast Schedule a Practice Assessment Leave us a review Transcript: The Dental A Team (00:01) Hello, Dental A Team listeners. Thank you for being back here with me and I have Miss Brittany Stone. What is it? No BS Brit. Miss BS Brit. I don't remember what Carrie calls you. This is one of them, right? One of them. But also soon to be Grand Canyon champion. If you didn't listen to our case acceptance one, go listen and hopefully soon we will have some results from Brit killing it. Yeah, you will be a survivor.   Britt (00:10) What fun of them!   Winner survivor. One of the two. At least one.   The Dental A Team (00:29) but then I wanna know how much you sleep on Saturday when you're done. So that'll be the big question. Exactly, yeah, how long does it take for you to get back on the bike once you're done? But thank you for being here with us today, Britt. I think we've gotten, I love podcasting with you, your hygiene brain, like Dana's hygiene brain, you guys just kind of come at it from a different angle. I know the rest of us all have dental assisting backgrounds and.   Britt (00:32) Yeah, like that. I if I can reach my legs or not.   The Dental A Team (00:55) you know, hygiene assisting, but that hygienist brain just shares a different section. ⁓ And I think you do really well relating with the doctors and kind of that support team space like we spoke to on the case acceptance one. So I'm excited for today, Brett. Thank you for being here. ⁓ You've got the Grand Canyon, but like, gosh, what else is what else is new and exciting? You just went to one of our favorite Mexican restaurants not too long ago. So that's true.   Britt (01:21) conferences, I went to PNDC, that   was a good time. Luckily it was gorgeous weather there. mean, podcasting today is special. I wear my tooth earrings for us today since we're podcasting, know, just lots of fun things.   The Dental A Team (01:35) Getting a little fancy. I like it. And you guys, so you just went to that conference, you went to the Arizona Dental Convention that was in March, right? I think that one's always March for like the last, I don't know, 50 years. It's always been in March. ⁓ And then you just went to the other one and then you're heading out again in a couple weeks to dentist advisors. Yeah.   Britt (01:55) Yeah, Dentist Money Summit   is by Dentist Advisors, which will be in gorgeous Park City, Utah. So, you know, it's a rough life over here.   The Dental A Team (02:01) Yeah, I   know, right? And actually it's perfect timing because they, I think we've all like our, our seasons were a little bit off this year. So we are barely getting hot, which normally we're at like 110 already, um, which has been fantastic in Arizona, but that meant that Nevada and, um, Salt Lake area, both Reno and Salt Lake area have had snow longer. So I think you're going to hit Salt Lake for Dentist Money Summit right as the like peak.   summer season starts. So you're gonna get some beautiful weather and I'm a little jealous. I will be in California or something like that. But anyways, somewhere.   Britt (02:36) somewhere else. It'll be great.   And my second, my nephew, second of my nieces and nephews graduate. So I won't go to graduation, but I'll get to go. I'm like, I'll be coming like a couple weeks later to see you. So I'll go get to see them while I'm up there too.   The Dental A Team (02:50) Okay.   Okay, good, good. I was like, wait a second, how do we get you there? That's good.   Britt (02:55) I'm not fighting the crowd up there for graduation,   which he's like, mom, everybody graduates. I'm like, no, it's still a big deal. We'll just celebrate when I come see you on my own instead of along with everybody else.   The Dental A Team (03:06) gosh,   that's funny. I was just talking over the weekend, we had a graduation party that we had to drop in on yesterday. So was like, gosh, I'm gonna have to, which is, I don't like thinking about it, but I have to start thinking about it that Brody's in a year. So was like, Aaron's like, is he gonna want a party? And he, said, no, he's gonna be the kid that's like, everybody graduates. It's fine. Like it's no big deal. But it is a big deal. same, Exactly.   Britt (03:26) But they still want it, even though you know it, even though they're like, they're   disappointed, it's like, oh, come on. But like, they want it.   The Dental A Team (03:33) Exactly. It's like my birthday where I was like, it's fine. Like just a dinner, but like, had they not done a big deal for my 40th, I probably would have, you know, been in shambles. So when it comes, he's surely going to want it, but graduation season is upon us and it's wild that we are in the space of life that we're experiencing it with them. think that's crazy. And anyways, you've got some fun travels. if you guys aren't heading CE events, make sure that you do and make sure that you check out.   a lot of RCE events. So if you're a listener, if you're a client, whatever, you're a listener and a client, like whatever you guys want, we have, what is it? Every third Wednesday, we have a CE webinar. We've got a really cool webinar coming up in August that we do. ⁓ Every year the content shifts and changes, but.   Britt (04:20) to like check out our Instagram if you don't follow us. If I'm there, come find me. Let me know, message us. I got at PNUC to see a few clients which is really fun. It's always nice when we get to meet up in person. So, whether you're a client or just a listener, come find me.   The Dental A Team (04:22) Yeah.   Yeah.   Yeah,   especially in Brits position because you have a handful of your own clients, but you oversee a lot of the company. So you know all of the client names, but you don't get to see them and meet them. So I know I have a few clients that are asking if I was going to be there and I'm not. I was like, you got to go find, seek out Brit, like go meet Brit. So definitely, definitely follow the Instagram, make sure that you reach out to Brit.   If you're there, look for her, say hello, take a little picture with her, and then make sure you're hitting those CEs and make sure you're hitting all the free ones, you guys. We put out a ton of free CE and why not? Because I know you need to stack those hygienists and doctors. You guys need to stack those CE credits. So do it for free wherever you can. And then, like I tell one of my prized clients, set up a CE bucket so that you're saving money for the CE that's not free. And on that note...   I think, ⁓ we were actually just talking and I think it's funny because I do think this was like super high thing and right now it's like, I think it's kind of stabilized. It's not quite as sought after as heavily as it was, but for the clients that are doing it or still trying to implement it, there are still some really great CE avenues out there. Today we wanted to talk a little bit on the sleep apnea avenue, systems wise, not to sleep apnea. That's not our genre. You can go take CE for that, Britt can probably tell you a ton.   medically, but you know, that's not our genre, but our genre, our space, our niche is the systems behind it. And so on the note of CE and implementing, do think even if you're not doing sleep apnea, or you're not considering sleep apnea, a lot of what we talk about today is copy pasteable, like systems are systems, you guys, and we we overcomplicate it in life. And what we say for one thing can easily be duplicated and slightly altered for something else. So if there's CE that you're doing, which doctors we love you.   so much. And when you go to CE, you come back just like ecstatic. And if you didn't take team with you, you're the only one. And it's so hard sometimes to get that generating. Typically, it's that there's not, it's just all a fun idea. There's not a really good system behind it to get that momentum. So taking these systems, even what we talked about for sleep apnea, whatever CE you do, apply it to that. And like you said with the sleep apnea, if they're not taking team members, like it can be really hard to implement. And that's a space too.   if you can bring team members to any of that CE or sign them up for the webinar and get them included in it, I think that's a great space too. anyhow, sleep apnea side and system side, Britt, you've worked out the hygienist. So I know that this is some of the stuff like the questionnaire style and that stuff. Like what do you see and what you've actually helped practices implement the systems for sleep apnea. So what do you see as?   Britt (07:10) Thank   The Dental A Team (07:24) the biggest ticket items of implementing sleep apnea or just CE style in general that is easy, that's duplicatable like that.   Britt (07:34) And I think sleep and my yo that's coming in pretty strong for a lot of people too. I think you can similar areas when it comes to looking to implement something successfully. I think that you would look for. So if you're doing one or the other, ⁓ number one, I think is making sure that our team knows what it is. Like Tiff said, doc, you can go to a CE and you get all excited and you understand all the things behind it to see all the dots connect and why this is so important.   because it is, but the team often is behind. So whenever you're looking to do something, you might just take a course as like an exploratory, right? And then you're like, no, this is something I really want to do. When you start to get into that phase of like, no, I really want to work on implementing this. I want you to look for things that are going to help train your team because your team is going to be needing to have 90 % of these conversations with patients and you're going to   Goal is for you not to have all of the conversations with all of the patients. The goal is for the team to be able to help support you, identify patients and start to educate patients and warm them up to the idea. Because just like for your team, it's kind of a newer thing or a different thing or something they don't know all the details about, it doesn't come easily to them. Patients even more so. So that's why our team needs to be really confident in knowing what it is, the reasons why, and being able to talk about it.   I think is number one place to start. Along with that, would say have someone call it your champion, call it your lead of that thing, whatever title you want to give them of someone who is going to be that person who is going to make sure the team has all the things. We educate the team on all the things and they're going to be the one to really ⁓ kind of take point on implementation and keeping this going and getting it to where it becomes a program that's ingrained within our practice.   we need someone to be that person. So from the get-go, education, someone who's gonna be a point person before we even start on implementing anything with our patients. So that would be my number one thing, Tiff, to start with is education and identify as someone who's gonna be the point person, because they're gonna start thinking of implementation, what are all the things we need in our practice to get this program going.   The Dental A Team (09:54) Yeah, and even like ortho, I have like the same I'm thinking the same thought process because anything that you're trying to grow that doesn't you don't put attention on isn't going to grow. So to your champion conversation there, whether it's sleep, my ortho implants, like anything that's not crowns, fillings, bridges, you know, and even I do have a lot of practices that even do it for crowns, whatever that champion making sure there's a   Britt (09:57) Hmm. Yeah.   The Dental A Team (10:22) a job description. And I love that you said the education piece because that I think even when I've seen practices implement the champion space, it's still the education piece falls back to the doctor. But putting that I think that's brilliant putting that on the champion of scheduling out the lunch and learns making sure that they're doing the role playing with the with the team and that they're having these meetings with the team on the education and the why behind it, so that they can take that information and   and tackle it with the patients. And then it made me think too, like KPI is their key performance indicator. So that champion is responsible for seeing, how many times, how many patients do we need to talk to about this to get our case acceptance where we want it or to get that many cases? I know like for ortho, we might do, we want five starts this month or 10 starts this month. So then you look at how many patients do we need to talk to about ortho in order to get.   that because your case acceptance might be like 25%. So you're doing the math for that. then, Brett, I'm thinking that champion is then responsible for collecting the data from the team on how many patients do we talk to, how many patients signed up, and kind of championing all of the results and then looking at how do I control and manipulate the results based on the education implementations, all of those pieces.   Britt (11:46) agreed and that's I think probably you Tiff right with clients. Like you said, the new thing, right? Name the new thing that we're doing within the office and you know, they want to do more of that thing and I'm like, alright, well, what's going on? Why aren't we even getting it presented to patients? What's happening? Well, we're just not talking about it, right? Like it really comes back to that. That's one of the biggest hurdles to get over is just talking about it and making sure patients know what it is.   The Dental A Team (12:05) Yeah.   Britt (12:16) what benefit it would be to them if they're a candidate, if this is something that they need. So that's why I say, make sure we've got that foundation first. And then we go into, okay, we've got a team more comfortable talking about it. How do we identify opportunities with patients? And then that's where we move into what kind of screening do we want for this specific treatment for sleep apnea? Then all right, what kind of screening do we wanna incorporate?   across the board. So it's not reliant on a human thinking, this one would be a candidate. Like, no, what are you screening to where we know when these things are checked or we get this answer to this question, they are someone then that we are going to talk to about a sleep appliance or sleep apnea, we're working on getting them tested, whatever it may be.   The Dental A Team (13:01) Yeah. And within that, asking those leading questions so that the patient starts thinking, because I think like back to, I think a lot of people do ortho. So back to ortho, you come in and you're hot and heavy. Like I got to get, I'm getting ortho cases and the patient has not had any like leading questions to make them start thinking that there's a problem or a solution needed for a problem. And then you come in and you're like, have you ever thought about ortho? And they're like, no, I haven't.   Right? Because we didn't make them think about ortho kind of the same. Like, do you, you know, ⁓ I hear you might be a snorer, right? Or just coming in and being like, Hey, you've got these weird scallops on your tongue and I think you might need this. And then we just go on this tangent of sleep apnea and they're like, I have no issue sleeping. But if we start asking those leading questions of, do you find yourself tired in the middle of the day? does your partner, you know, do you wake your partner up a lot? Do you toss and turn a lot?   night? Like, are you getting up to use the restroom a lot at night? Like different things that are preheating and leading into there might be something going on there, I think is a space that we kind of overlook sometimes. And we just jump into this is the solution. And it kind of gets lost in translation. And then right on to like layering on top of that, you've got your questionnaire, you've got your team, they're ready to go. You've got all of these pieces.   there, you know what your lead and lag measures are, then you set like identifying the patients, we're identifying the patients and then that layer, like it never stops, there's always the next layer. And that next layer is okay, if we can identify the patients, now we get to track and see, are we getting those patients? So then we say, okay, well, most of my patient base is 18 to 26 years old.   might not be getting like that might not be the patient base you need for sleep apnea or for implants or whatever it is that you want to specialize in. then you've got to look and see, do I need to determine something different in my patient avatar to fit what I'm trying to implement what I'm trying to get because there's only so much you can do with the patients that you're getting in. So it just like keeps layering but comes down to I love like step one it feels like Brit from what you're saying is   Find that champion and make sure that champion is thoroughly educated in what their job is and what the procedure is so then they can, step two, help you to train the team, get the team on board, figure out the why. Step three, find the patients. Step four, how do we get more of those patients?   Britt (15:42) Yeah, which I think then plays into marketing, right? Marketing at the end of the day is the number of times of exposure. So, right, when it comes down to it, then what are we putting out there? What do we have around our office? What, even if it's peripherally, are our patients seeing to know that this is a thing and that it exists? Because then it won't be as much of a surprise to them when we have a conversation or they're like, well, why aren't you know, I don't even know what that is. They at least, oh, I've seen XYZ about that.   thing in your office or on the TV out in the waiting room, whatever it may be, to start warming them up to it as well. And then depending on how much you want to grow that and be known for that thing, mean, Tiff is the marketing queen. Then there's like a lot more marketing that goes behind it.   The Dental A Team (16:29) Yeah, I do love marketing. don't know why, but I really do. ⁓ But you're making me think of, because it's subliminal. I think that's why I love it. Because it's like, what can I do to make someone think this way, right? Like I love, I love the way the brain works. I love communication. That's why. So I'm thinking as you're speaking to that, like you're saying like have it off to the side and have it on a TV like 100 % because most of the time we're just being again, preheated.   to the possibility of needing something. So if you think of like a Doritos commercial, right? Like they don't just in the beginning come out with the, like they're not like Doritos, right? It's like, hey, we're grabbing some Doritos out of a chip bowl and all of the like tortilla chips, the unnamed tortilla chips over there is full, but the Doritos are like empty, but we're having conversation, we're having fun, we're in a party because now you're thinking about Doritos associated to fun. So that's how marketing works. It's like little snippets of   this thing and how it's going to benefit your life. Not just like, hey, have some Doritos. Because if somebody came by and they're like, hey, Doritos are amazing, have Doritos. They're just, they're so tasty, you're gonna love them. You're like, I'm okay actually, like, I don't need a Dorito, right? But if they're like, hey, like, let's have fun, let's have a party, let's get people talking, it's gonna be so amazing and you can have these Doritos over here that's gonna, everybody's gonna stand around the bowl and they're gonna socialize.   then you're like, yeah, let me try these Doritos. So it's kind of that same thing. Like how is this thing, this sleep apnea, this ortho, this Botox, these injectors, the fillables, how is this going to benefit the patient's life and speak to the benefits and the problem, not the solution? Because being like, Botox, Botox, Botox, Botox, right? Like Botox is cool, but like why do I want Botox? Because I wanna look 30 when I'm 45.   That's why I Botox. And when do I need to start? When I'm 28. Like, how do we get this subliminal messaging into different aspects of our practice and our speaking? And then what it also does is gets your team speaking that language too, because they're constantly seeing it. So they're constantly being reminded. And as you guys are checking on...   Britt (18:23) Perfect.   The Dental A Team (18:44) KPI is and how is it working and how is it growing? We're constantly coming back to this space that you're trying to implement and grow. Caveat of one at a time. Botox and color is fine. Sleep apnea.   Britt (18:56) I was thinking the same exact thing.   The Dental A Team (19:01) you can't come home and be like we're doing sleep apnea we're gonna ramp up our ortho and guess what guys I need five more implants and it's like I don't know which one to focus on so one major change at a time and let it sit let it ruminate and see how it goes I like six months at least for like a big implementation like that ⁓ but   Britt (19:22) Be   good at that thing, right? I think that's when we do too much at once. You and your team, right? And the bigger the team, the more people you're trying to move. You're not gonna get good at it. And then let's be honest, if I'm not good at it, I'm not gonna do it as much. Let's just welcome to human nature again. Like it's a harder thing to do. It takes more effort. But if we focus on one and that one thing we get really good at and it becomes really easy, then that will stick and then we can move on to the next thing.   The Dental A Team (19:52) Yep. Yep. And always come back again to everything else too, because I've had clients that I've done, you know, let's focus in on implants. we're getting we're talking about it this many times, we're getting this many, we're looking for this many, you know, whatever all the pieces so   we're speaking to implants, we get really good at that. And they're like, cool, like, I want to do more ortho. It's like, okay, well, now we're laying on ortho. But then they're like, hey, wait, I haven't done an implant. I'm like, well, why? Because you lost focus on the implants, because you're so focused on the ortho. So you've got to just layer it in there and be like, on top of like being good at this, we also need to become good at this. So don't lose sight of it or stop tracking the one because you layered on something else, you literally just layering another level to it. And now you're doing both because   honestly, just those two, right? Implants and ortho go hand in hand, you know, do ortho before you place the implants or do ortho so that you can place an implant because the space is too small. Like how are you, how can your team help layer those together and support you in getting those things done? And firstly, Baphne, it's exactly the same. How can your team support you in getting it done? Because you've got what? 1500 to 3000 patients. You've got a team of five to   25 30 you cannot do it all you've got to have at least one champion who is helping you and when you do have those spaces to Britt's point of not doing too many and losing sight if you have a champion of each your phone you they are focused on that thing and so they're ensuring their thing their needle is moving so you've got your   champion of sleep apnea that's like, hey guys, nope, we lost focus, don't forget. And you got your champion of ortho that's like, cool, I've got my metrics over here and making sure that those are staying in line.   Britt (21:41) And I think once you start doing some cases, especially things where there's more of a knowledge gap, even in Visalign, right? Make sure you're getting results. So like you're getting testimonials, you're getting pictures at the end. Whenever there's a big investment, people want to know like what that means for them. Like what can that be for me? And so that's where   Having something to look at to see before and after and having testimonials for people goes a long ways, especially on things where there's more of a knowledge gap like sleep apnea. Because those patients are gonna really highlight what is important to them, which then is gonna be most likely what's important to all of your people that are in their same seat.   The Dental A Team (22:22) Yeah, I love it. love it. one, step one, figure out what you're going to do. If it's sleep apnea, it's sleep apnea. One thing, choose the one that you're gonna focus on right now. Step two, figure out what your champion's position looks like or lead or whatever you wanna call it. Quarterback, I don't care what you call it. That position, what's that job description? What are the metrics? Like what does that person need to do? So step one, figure out what you're gonna do. Step two, find your champion.   Britt (22:26) One thing, one thing.   The Dental A Team (22:52) figure out what that champion's gonna do. Step three, train your team. Step four, do the thing and track the results every time. I think really easy duplicatable systems that we tagged here as like Sleepapnea, Myo, whatever you wanna focus it on, but literally this system can be duplicated for any major change you're trying to make in procedures within your practice. And then I think the last layer is   within your metrics, watch your marketing and figure out what needs to shift and change there. Brit, brilliant. Brilliant Brit. That's the one. Brilliant Brit. Brilliant Brit.   Britt (23:27) That's the one I like   more. That's the better one.   The Dental A Team (23:32) one   I'm gonna use. Brilliant Brit. ⁓ thank you or brainy Brit right but anyways thank you ⁓ for being here with me today for doing this. I knew ⁓ with the implementations you've done before with Sleep Apnea and Mayo you've worked with the you've worked with that before so I knew that you would have some great ideas so thank you so much for being here. I can't wait to hear from you on Saturday that you survived the Grand Canyon Rim to Rim happily and you're still smiling and you're just sleeping.   Britt (24:02) Maybe I'll stream my before and after. We'll see. Maybe even with Dental A Team. We'll see. It depends on how bad it is afterwards.   The Dental A Team (24:08) Yeah.   Oh my gosh, that's fair. Yeah, that's fair. You can at least share with me and then we can decide. everyone, go find your thing. What's your one thing right now? What are you going to put? This is something I've been living by. You guys, we can talk about the book. can Hello@TheDentalATeam.com and ask me for it. But what are you putting a 10x effort into? What's your 10x problem that you're putting 10x effort into? Choose that thing. Focus there. Go do it. Duplicate.   create a system that can be duplicated and have so much fun doing it. Again, if you need help with it, you have questions, you want recommendations, Hello@TheDentalATeam.com. We are all here to help. We all help answer those questions. So reach out and as always drop us a five star review below. We love to hear that this was implementable for you, that it was helpful and any ideas you guys have for future ones, we're always open to those. So Britt, thank you for being here. Listeners, thank you for being here and we'll catch you next time.

Proactive - Interviews for investors
Arrow Exploration reports strong Q1 results with 36% revenue growth as development accelerates

Proactive - Interviews for investors

Play Episode Listen Later Jun 5, 2025 4:31


Arrow Exploration CEO Marshall Abbott joined Steve Darling from Proactive to share the company's robust first-quarter performance, marked by a 36% year-over-year increase in total oil and gas revenue, reaching US$19.51 million. First-quarter earnings rose 15% to US$11.53 million, with net income of US$2.66 million, reflecting the company's continued success in expanding production and operational efficiencies at its Colombian assets. Abbott noted that operating cash flow totaled US$14.43 million, and Arrow exited the quarter with a strong cash position of US$24.95 million, even after US$11.38 million in capital expenditures. These investments supported the drilling of two new horizontal development wells—AB 2 and AB 3—in the Alberta Llanos field, as well as the completion of a 90 km² seismic survey on the southeast Tapir Block. The company has also made significant infrastructure progress, building a new road system linking the Carrizales Norte pad with the Capullo, Mateguafa Oeste, and Mateguafa Attic pads, which will serve as critical hubs for Arrow's 2025 drilling campaign. Importantly, a second rig has been secured, and the first of four planned wells at Rio Cravo Este (RCE) is expected to be spudded in early June. Abbott emphasized that despite global oil price volatility, Arrow maintains “very healthy netbacks”, underscoring the company's resilience and operational efficiency. Looking ahead, Arrow's strategic focus remains on growing production through ongoing development at Carrizales Norte, RCE, and Alberta Llanos, while also pursuing low-risk exploration opportunities across its Tapir Block. #proactiveinvestors #arrowexplorationinc #aim #axl #tsxv #axl #ColombiaEnergy #MarshallAbbott #Q1Results #OilDrilling #EnergyInvestment #SeismicSurvey #WaterDisposal #PrepaymentDeal #ExplorationAndProduction #LlanosBasin #EnergySector #ProactiveInvestors

The Clean Energy Show
Canada Burns While We Win Sustainability Awards

The Clean Energy Show

Play Episode Listen Later Jun 4, 2025 60:28


Our city had the worst air quality in the world at the time of recording, with an Air Quality Index of 446 (that's like smoking over 60 cigarettes a day). We explore what led to these hazardous conditions, how wildfires are affecting our communities and even reaching Europe, and why Canada's air quality reporting system needs a 21st-century overhaul. Join The Clean Energy Show's CLEAN CLUB on Patreon for exciting perks! Our monthly bonus podcast is coming up this week! The Clean Energy Show received two sustainability awards from the Regional Centre of Expertise (RCE), a United Nations University network promoting Education for Sustainable Development.  The fast fashion industry gets a sustainability report card. H&M tops the chart with a B+ thanks to its real investment in decarbonization. But most brands are still failing. Read more from Bloomberg: https://www.bloomberg.com/news/articles/2025-06-03/h-m-outperforms-zara-and-shein-on-green-report-card-for-fashion Swiss authorities averted disaster by evacuating the town of Blatten before a monitored glacier collapsed. But such preventative infrastructure is rare globally. More from Bloomberg: https://www.bloomberg.com/news/articles/2025-06-03/swiss-glacier-collapse-is-a-lesson-on-climate-disaster-management Jason Cook-Studer of the Lac La Ronge Indian Band is building microgrids and district heating with salvaged wood while fighting fires threatening his traplines. We share his inspiring work in a featured clip. Andrew Johnson from One School, One Farm—building bridges between classrooms and climate resilience: We play a clip from his RCE presentation! ⚡ In the Lightning Round: Used solar panels get second life through Search4solar http://dlvr.it/TL6xmA Port of L.A. cuts ship emissions 24% with OpenTable-style scheduling https://www.bloomberg.com/news/articles/2025-06-03/how-to-cut-shipping-pollution-quickly-and-cheaply

Cyber Morning Call
791 - Campanha afeta instâncias Craft CMS com 0-day CVSS 10

Cyber Morning Call

Play Episode Listen Later May 27, 2025 3:20


Referências do EpisódioThe Sharp Taste of Mimo'lette: Analyzing Mimo's Latest Campaign targeting Craft CMSUsage statistics and market share of Craft CMSHow Craft CMS built Craft CloudInvestigating an in-the-wild campaign using RCE in CraftCMSRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Critical Thinking - Bug Bounty Podcast
Episode 122: We Won Google's AI Hacking Event in Tokyo - Main Takeaways

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later May 15, 2025 105:30


Episode 122: In this episode of Critical Thinking - Bug Bounty Podcast your boys are MVH winners! First we're joined by Zak, to discuss the Google LHE as well as surprising us with a bug of his own! Then, we sit down with Lupin and Monke for a winners roundtable and retrospective of the event.Follow us on twitter at: https://x.com/ctbbpodcastGot any ideas and suggestions? Feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!====== Links ======Follow your hosts Rhynorater and Rez0 on Twitter:https://x.com/Rhynoraterhttps://x.com/rez0__====== Ways to Support CTBBPodcast ======Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.You can also find some hacker swag at https://ctbb.show/merch!Check out the CTBB Job Board: https://jobs.ctbb.show/Today's Guests:Zak Bennett : https://www.linkedin.com/in/zak-bennett/Ciarán Cotter: https://x.com/monkehackRoni Carta: https://x.com/0xLupin====== Resources ======We hacked Google's A.I Gemini and leaked its source codehttps://www.landh.tech/blog/20250327-we-hacked-gemini-source-code====== Timestamps ======(00:00:00) Introduction(00:03:02) An RCE via memory corruption(00:07:45) Zak's role at Google and Google's AI LHE(00:15:25) Different Components of AI Vulnerabilities(00:24:58) MHV Winner Debrief(01:08:47) Technical Takeaways And Team Strategies(01:28:49) LHE Experience and Google VRP & Abuse VRP

Cyber Morning Call
781 - APT abusa de cadeia de suprimentos de drones

Cyber Morning Call

Play Episode Listen Later May 13, 2025 5:13


Referências do EpisódioEarth Ammit Disrupts Drone Supply Chains Through Coordinated Multi-Wave Attacks in TaiwanMarbled Dust leverages zero-day in Output Messenger for regional espionageResearchers found one-click RCE in ASUS's pre-installed software DriverHubModern Incident Response: Tackling Malicious ML Artifacts/bin/live - programa da Mente Binária que ocorre hoje às 20hsRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

The technology blog and podcast
Sans episode 13: More vulns and some good out of the bad

The technology blog and podcast

Play Episode Listen Later May 6, 2025 58:04


Sans 13 will be releasing after 12, and we're now all caught up.Welcome to Sans, episode 13. This">https://view.email.sans.org/?qs=6dc4120f1b77a95c7cf4ce4cd833f7454db9893d83c0674e789006dd8cd6812ed7fca17eaacce81bdd8dd2995972b696348c261f745add4e84cbc846682d8a7ee877e6dced0706bf45e756ebdaaf3091">This is the link you'll use to go to the newsletter. If you use windows, look for the story dealing with remote desktop and their use and acceptance of old passwords that may have been changed. Apple has an RCE dealing with airplay, more breaches and two more British companies hit with a cyberattack.

The CyberWire
SSH-attered trust.

The CyberWire

Play Episode Listen Later Apr 18, 2025 33:01


A critical vulnerability in Erlang/OTP SSH allows unauthenticated remote code execution. There's a bipartisan effort to renew a key cybersecurity info sharing law. A newly discovered Linux kernel vulnerability allows local attackers to escalate privileges. A researcher uncovers 57 risky Chrome extensions with a combined 6 million users. AttackIQ shares StrelaStealer simulations. A major live events service provider notifies employees and customers of a data breach. CISA warns of an actively exploited SonicWall vulnerability. An airport retailer agrees to a multi-million dollar settlement stemming from a ransomware attack. A preview of RSAC 2025 with Linda Gray Martin and Britta Glade. Zoom-a-zoom zoom, it's always DNS.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Dave sits down with Linda Gray Martin, Chief of Staff, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2025. Selected Reading Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (Bleeping Computer) Bipartisan duo wants to renew 10-year-old cyberthreat information sharing law (The Record) Linux Kernel Vulnerability Let Attackers Escalate Privilege – PoC Released (Cyber Security News) Chrome extensions with 6 million installs have hidden tracking code (Bleeping Computer) Emulating the Stealthy StrelaStealer Malware (AttackIQ) Live Events Giant Legends International Hacked (SecurityWeek) CISA tags SonicWall VPN flaw as actively exploited in attacks (Bleeping Computer) Airport retailer agrees to $6.9 million settlement over ransomware data breach (The Record) Global Zoom Outage Caused by Server Block Imposed from GoDaddy Registry (Cyber Security News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Absolute AppSec
Episode 281 - Signing Models, Vibe Coding, GitHub Action Abuse

Absolute AppSec

Play Episode Listen Later Apr 8, 2025


The duo are back for a discussion on securing machine learning models using Sigstore, based on a recent blog post from Google Security. Followed by some spicy takes on opinions on vibe coding and its effects on application and product security. Finally, short-lived tokens used to exploit RCE against the GitHub CodeQL Action.

Crying Out Cloud
Ingress Nightmare: How a Single Request Could Take Over Your K8s Cluster

Crying Out Cloud

Play Episode Listen Later Mar 25, 2025 22:26


SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Wednesday Mar 19th 2025: Python DLL Side Loading; Tomcast RCE Correction; SAML Roulette; Windows Shortcut 0-Day

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Mar 19, 2025 7:18


Python Bot Delivered Through DLL Side-Loading A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Side-Loading/31778 Tomcat RCE Correction To exploit the Tomcat RCE I mentioned yesterday, two non-default configuration options must be selected by the victim. https://x.com/dkx02668274/status/1901893656316969308 SAML Roulette: The Hacker Always Wins This Portswigger blog explains in detail how to exploit the ruby-saml vulnerablity against GitLab. https://portswigger.net/research/saml-roulette-the-hacker-always-wins Windows Shortcut Zero Day Exploit Attackers are currently taking advantage of an unpatched vulnerability in how Windows displays Shortcut (.lnk file) details. Trendmicro explains how the attack works and provides PoC code. Microsoft is not planning to fix this issue https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Monday Mar 17th 2025: Analyzing GUID Encoded Shellcode; Node.js SAML Vuln; Tomcat RCE in the Wild; CSS e-mail obfuscation

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Mar 18, 2025 7:03


Static Analysis of GUID Encoded Shellcode Didier explains how to decode shell code embeded as GUIDs in malware, and how to feed the result to his tool 1768.py which will extract Cobal Strike configuration information from the code. https://isc.sans.edu/diary/Static%20Analysis%20of%20GUID%20Encoded%20Shellcode/31774 SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries xml-crypto, a library use in Node.js applications to decode XML and support SAML, has found to parse comments incorrectly leading to several SAML vulnerabilities. https://workos.com/blog/samlstorm One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild A just made public deserialization vulnerablity in Tomcat is already being exploited. Contributing to the rapid exploit release is the similarity of this vulnerability to other Java deserializtion vulnerabilities. https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/ CVE-2025-24813 CSS Abuse for Evasion and Tracking Attackers are using cascading stylesheets to evade detection and enable more stealthy tracking of users https://blog.talosintelligence.com/css-abuse-for-evasion-and-tracking/

Day[0] - Zero Days for Day Zero
Exploiting Xbox 360 Hypervisor and Microcode Hacking

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Mar 12, 2025 79:05


A very technical episode this week, featuring some posts on hacking the xbox 360 hypervisor as well as AMD microcode hacking.Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/276.html[00:00:00] Introduction[00:00:15] Reversing Samsung's H-Arx Hypervisor Framework - Part 1[00:10:34] Hacking the Xbox 360 Hypervisor Part 1: System Overview[00:21:18] Hacking the Xbox 360 Hypervisor Part 2: The Bad Update Exploit[00:30:48] Zen and the Art of Microcode Hacking[00:41:51] A very fancy way to obtain RCE on a Solr server[01:03:49] Cellebrite zero-day exploit used to target phone of Serbian student activist[01:16:03] When NULL isn't null: mapping memory at 0x0 on LinuxPodcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosecYou can also join our discord: https://discord.gg/daTxTK9

Healthcare IT Today Interviews
Pushing Forward Healthcare Interoperability Efforts by The Sequoia Project in 2025

Healthcare IT Today Interviews

Play Episode Listen Later Feb 21, 2025 14:47


New guidelines for health care privacy and consent, extending data sharing to new types of organizations, ensuring the clinical usability of data, and just lots and lots of growth—these are on the agenda of The Sequoia Project in the upcoming year. In this video, CEO Mariann Yeager concisely explains in this interview their recent achievements, how they work with the ONC and other stakeholders on TEFCA and QHINs, and some of their upcoming plans.Yeager has been CEO of The Sequoia Project since it began in 2012. It is Assistant Secretary for Technology Policy's (ASTP – Formerly ONC) recognized coordinating entity (RCE) to implement the government's Trusted Exchange Framework and Common Agreement (TEFCA), which went live a year ago. While they have gotten a lot of attention for being the TEFCA RCE, The Sequoia Project has almost a dozen healthcare interoperability projects they are working on.Learn more about The Sequoia Project:https://sequoiaproject.org/Health IT Community:https://www.healthcareittoday.com/

The CyberWire
Pennies for access.

The CyberWire

Play Episode Listen Later Feb 19, 2025 35:20


Credential theft puts sensitive corporate and military networks at risk. A federal judge refuses to block DOGE from accessing sensitive federal data. New York-based Insight Partners confirms a cyber-attack. BlackLock ransomware group is on the rise. OpenSSH patches a pair of vulnerabilities. Russian threat actors are exploiting Signal's “Linked Devices” feature. Over 12,000 GFI KerioControl firewalls remain exposed to a critical remote code execution (RCE) vulnerability.CISA issued two ICS security advisories. Federal contractors pay $11 million in cybersecurity noncompliance fines. In our CertByte segment, Chris Hare is joined by Steven Burnley to break down a question targeting the ISC2® SSCP - Systems Security Certified Practitioner exam.Sweeping cybercrime reforms are unveiled by…Russia? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K's suite of industry-leading certification resources, for the past 25 years, N2K's practice tests have helped more than half a million IT and cyber security professionals reach certification success. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isc2.org/certifications/sscp    Selected Reading Hundreds of US Military and Defense Credentials Compromised (Infosecurity Magazine) DOGE Team Wins Legal Battle, Retains Access to Federal Data (GovInfo Security) Musk Ally Demands Admin Access to System That Lets Government Text the Public (404 Media) Cyber Investor Insight Partners Suffers Security Breach (Infosecurity Magazine) BlackLock On Track to Be 2025's Most Prolific Ransomware Group (Infosecurity Magazine) Qualys reports two flaws in OpenSSH, one critical DDoS (Beyond Machines) Russian phishing campaigns exploit Signal's device-linking feature (Bleeping Computer) Over 12,000 KerioControl firewalls exposed to exploited RCE flaw (Bleeping Computer) CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities (Cyber Security News) Managed healthcare defense contractor to pay $11 million over alleged cyber failings (The Record) Russian Government Proposes Stricter Penalties to Tackle Cybercrime (GB Hackers)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Exploit Brokers - Hacking News
HN56 - Massive Bug Puts Outlook Users at Risk | Kimsuky gets RDPWrapper

Exploit Brokers - Hacking News

Play Episode Listen Later Feb 13, 2025 27:03


In today's episode of Exploit Brokers, we dive deep into two major security threats making waves across the digital world. A critical Remote Code Execution (RCE) vulnerability in Microsoft Outlook is putting millions of users at risk, with hackers exploiting it through spear phishing emails and malicious links. Not only that, but we're also uncovering the stealthy tactics of the notorious North Korean hacking group, Kimsuky. They're evolving their methods with custom RDP wrappers and proxy tools to evade detection while gaining unauthorized access to systems. Stay informed about the latest threats, learn how to keep your systems secure, and protect yourself from the growing wave of cyberattacks that are more dangerous than ever.  #OutlookRCE #Cybersecurity #Hacking #ExploitBrokers #CyberThreats #Phishing #RDPWrapper #Kimsuky #RemoteCodeExecution #MicrosoftSecurity #TechNews #Malware #DataBreach #EmailSecurity #Hackers #InfoSec #SecurityUpdates #cyberdefense

Day[0] - Zero Days for Day Zero
Excavating Exploits and PHP Footguns

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Jan 20, 2025 72:18


This week features a mix of topics, from polyglot PDF/JSON to android kernel vulnerabilities. Project Zero also publishes a post about excavating an exploit strategy from crash logs of an In-The-Wild campaign. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/269.html [00:00:00] Introduction [00:07:48] Attacking Hypervisors - From KVM to Mobile Security Platforms [00:12:18] Bypassing File Upload Restrictions To Exploit Client-Side Path Traversal [00:19:41] How an obscure PHP footgun led to RCE in Craft CMS [00:34:44] oss-security - RSYNC: 6 vulnerabilities [00:42:13] The Qualcomm DSP Driver - Unexpectedly Excavating an Exploit [00:59:59] security-research/pocs/linux/kernelctf/CVE-2024-50264_lts_cos/docs/exploit.md [01:10:35] GLibc Heap Exploitation Training Podcast episodes are available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Autonomous IT
Patch [FIX] Tuesday – January 2025 [Experts Analyze New Hyper-V, Active Directory, and macOS Vulnerabilities], E15

Autonomous IT

Play Episode Listen Later Jan 14, 2025 14:09


Join Automox's cybersecurity experts as they discuss the latest Patch Tuesday updates, focusing on vulnerabilities in Active Directory, Hyper-V, and macOS 15.2. They highlight the importance of staying updated and the evolving threat landscape, particularly with the rise of phishing attacks and the need for robust security measures in enterprise environments.

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

In this episode of the SANS Internet Storm Center's Stormcast, we cover critical vulnerabilities affecting OpenSSH, BeyondTrust, and Nuclei, including the newly discovered "RegreSSHion" flaw and a bypass vulnerability in Nuclei. We also discuss how malware evasion techniques can impact analysis environments and highlight the dangers of fake exploits targeting researchers. Tune in for insights on patching, mitigation strategies, and staying ahead of emerging threats. Topics Covered: Make Malware Happy https://isc.sans.edu/diary/Make%20Malware%20Happy/31560 A look at how malware adapts and detects analysis environments, and why replicating operational settings is critical during malware analysis. Nuclei Signature Verification Bypass (CVE-2024-43405) https://www.wiz.io/blog/nuclei-signature-verification-bypass A critical vulnerability in Nuclei allows malicious templates to bypass signature verification, risking arbitrary code execution. Critical Vulnerability in BeyondTrust (CVE-2024-12356) https://censys.com/cve-2024-12356/ A high-risk flaw in BeyondTrust products allows unauthenticated OS command execution, posing a significant threat to privileged access systems. RegreSSHion Code Execution Vulnerability (CVE-2024-6387) https://cybersecuritynews.com/regresshion-code-execution-vulnerability/ OpenSSH vulnerability "RegreSSHion" enables remote code execution, and fake exploits targeting security researchers are in circulation.

ECCPodcast: Emergencias y Cuidado Crítico
138: Acceso Intraóseo vs. Intravenoso en el Paro Cardíaco Adulto: ¿Qué nos dice la evidencia?

ECCPodcast: Emergencias y Cuidado Crítico

Play Episode Listen Later Jan 2, 2025 21:44


Una revisión sistemática y metanálisis reciente publicada en Resuscitation nos ofrece nueva información que impacta directamente en cómo enseñamos y practicamos en entornos prehospitalarios y hospitalarios el acceso vascular intraóseo (IO) versus el intravenoso (IV). ¿Qué significa esto para los protocolos como ACLS, PALS y PHTLS? El Estudio: ¿Qué se Investigó y Por Qué Importa? En entornos de paro cardíaco, el acceso vascular rápido y eficaz es esencial para administrar medicamentos que pueden salvar vidas, como epinefrina y antiarrítmicos. La vía intravenosa (IV) ha sido el estándar de oro, pero puede ser difícil de obtener, especialmente en circunstancias prehospitalarias. Aquí es donde entra la vía intraósea (IO), una técnica que ofrece acceso rápido en huesos largos como la tibia proximal o el húmero proximal. Un reciente metanálisis evaluó la efectividad clínica del acceso IO frente al IV en adultos con paro cardíaco prehospitalario (OHCA). El análisis incluyó tres ensayos clínicos aleatorizados con más de 9,300 pacientes y examinó desenlaces críticos como la supervivencia a 30 días, el retorno de circulación espontánea (ROSC) y los resultados neurológicos. Resultados clave: La vía IO no mejoró la supervivencia a 30 días frente al acceso IV (OR 0.99). Tampoco mostró superioridad en desenlaces neurológicos favorables. El acceso IO tuvo menos probabilidades de lograr ROSC sostenido (OR 0.89). Sin embargo, ofreció tiempos de administración de medicamentos comparables, especialmente útil cuando el acceso IV no es posible. Esto plantea preguntas importantes: ¿Deberíamos priorizar siempre el acceso IV? ¿Qué rol tiene la vía IO en el manejo prehospitalario e intrahospitalario? Conexión con ACLS, PALS y PHTLS Los cursos de ACLS (Advanced Cardiovascular Life Support), PALS (Pediatric Advanced Life Support) y PHTLS (Prehospital Trauma Life Support) son pilares en la educación de profesionales de emergencias. Cada uno aborda el acceso vascular en sus respectivos contextos, pero las recomendaciones del estudio aportan matices que pueden enriquecer nuestra práctica clínica. ACLS: Perspectiva en Adultos ACLS enfatiza la importancia de establecer acceso vascular rápidamente para administrar medicamentos como la epinefrina durante el manejo avanzado del paro cardíaco. La guía de la AHA (American Heart Association) señala que: El acceso IV es preferido debido a su eficacia. Si el acceso IV no puede lograrse en 90 segundos, la vía IO es la mejor alternativa. Correlación con el estudio: Los hallazgos refuerzan la preferencia por el acceso IV, particularmente porque está asociado con mejores tasas de ROSC sostenido. Sin embargo, el IO sigue siendo fundamental en situaciones donde el acceso venoso periférico es difícil o inviable, especialmente en sistemas prehospitalarios con limitaciones de tiempo o recursos. PALS: Niños y Acceso Vascular En PALS, el acceso vascular rápido es igualmente crítico, pero los desafíos técnicos se amplifican en pacientes pediátricos debido al tamaño de las venas y el estado hemodinámico comprometido. Las guías recomiendan: Priorizar el acceso IV, pero no dudar en usar IO si es necesario. Relevancia del estudio: Aunque el metanálisis se centró en adultos, los resultados pueden extrapolarse parcialmente a niños mayores o adolescentes. Esto resalta la importancia de entrenar a los equipos pediátricos en ambas técnicas y asegurar que el acceso IO sea ejecutado con competencia cuando sea necesario. PHTLS: Soporte Vital en Trauma Prehospitalario En el entorno prehospitalario, como lo aborda PHTLS, el acceso vascular rápido puede ser aún más desafiante debido a condiciones como trauma severo, hipovolemia y paro prolongado. Aquí, el acceso IO es una herramienta crítica, particularmente en pacientes con colapso venoso. Impacto en PHTLS: El acceso IO demuestra su utilidad en situaciones de trauma donde el acceso IV no es factible. Por ejemplo, en pacientes con hemorragia masiva, el IO puede ser la única opción viable para administrar fluidos y medicamentos. El estudio subraya que, aunque la vía IV es ideal, la IO sigue siendo una técnica esencial en el arsenal prehospitalario, especialmente cuando cada segundo cuenta. ¿Por qué el acceso IO estuvo asociado a menor RCE? Los autores del metanálisis sugieren varias hipótesis que podrían explicar por qué el acceso intraóseo (IO) mostró una menor probabilidad de retorno de circulación espontánea (ROSC) sostenido en comparación con el acceso intravenoso (IV). Estas teorías están basadas en factores técnicos, fisiológicos y logísticos relacionados con el uso del IO en el contexto del paro cardíaco. A continuación, se detallan los puntos clave mencionados o inferidos: 1. Distribución subóptima de medicamentos Una de las hipótesis principales es que la administración de medicamentos a través de la vía IO puede resultar en una distribución menos eficiente en comparación con el acceso IV. Esto se debe a que los medicamentos administrados por IO deben pasar primero por la médula ósea, lo que podría ralentizar su absorción y disminuye la biodisponibilidad en el sistema circulatorio central. En particular, en el paro cardíaco, donde la perfusión tisular está gravemente comprometida, es posible que la circulación central no sea adecuada para transportar rápidamente los medicamentos desde el sitio IO hacia el corazón y el cerebro​​. 2. Diferencias en las presiones del flujo sanguíneo El acceso IO implica inyectar medicamentos en la médula ósea, donde la presión local puede variar significativamente dependiendo de factores como el sitio de inserción (p. ej., tibia proximal vs. húmero proximal). Si la presión dentro de la médula ósea no es suficiente para permitir un flujo eficiente hacia la circulación central, esto podría comprometer la eficacia de los medicamentos administrados​. 3. Posibles complicaciones técnicas Aunque la tasa de éxito inicial de colocación de IO fue alta (~94%), existe el riesgo de problemas técnicos, como: Mal posicionamiento de la aguja, lo que podría causar infiltración de medicamentos en los tejidos circundantes en lugar de ingresar a la médula ósea. Fallas en la confirmación del flujo libre (un paso crítico para verificar la correcta colocación del dispositivo IO). Interrupciones mecánicas o flujo restringido debido a la posición del paciente o a movimientos durante el transporte​. 4. Diferencias en los sitios de inserción Los estudios incluidos en el metanálisis utilizaron diferentes sitios de inserción para el acceso IO, como el húmero proximal o la tibia proximal. El acceso a través del húmero proximal generalmente proporciona un flujo más rápido hacia el corazón debido a la proximidad anatómica, pero no siempre fue el sitio elegido. Esto podría haber afectado los resultados observados en términos de ROSC sostenido​​. 5. Fisiopatología del paro cardíaco Durante el paro cardíaco, el flujo sanguíneo general está gravemente reducido, lo que limita la capacidad del sistema circulatorio para transportar medicamentos desde el sitio IO hacia los órganos diana, como el corazón y el cerebro. En este contexto, la vía IV, que administra directamente a las venas periféricas, podría ser más efectiva para proporcionar un acceso más directo y rápido​. 6. Impacto del tiempo de colocación y administración Aunque el tiempo de administración fue comparable entre IO e IV en los estudios analizados, cualquier retraso adicional en confirmar la correcta colocación o en administrar medicamentos a través del IO podría haber influido negativamente en la eficacia de los tratamientos, reduciendo las tasas de ROSC sostenido​. Implicaciones para la práctica clínica Los hallazgos resaltan la importancia de: Priorizar el acceso IV siempre que sea posible, dado su mejor desempeño en términos de ROSC sostenido. Entrenar al personal en el uso óptimo de dispositivos IO, incluyendo la elección adecuada del sitio de inserción (p. ej., húmero proximal) y la confirmación del flujo libre. Considerar las limitaciones fisiológicas del acceso IO al administrar medicamentos críticos durante el paro cardíaco. En resumen, la menor probabilidad de ROSC sostenido asociada al acceso IO parece deberse a una combinación de factores técnicos y fisiológicos. A pesar de esto, el acceso IO sigue siendo una herramienta crucial en situaciones donde el acceso IV no es factible o está significativamente retrasado. Fortaleciendo la Educación y el Entrenamiento Una de las lecciones clave de este análisis es la necesidad de entrenar a los equipos médicos en ambas técnicas para garantizar una ejecución precisa y rápida. Tanto ACLS como PHTLS ya incluyen módulos prácticos sobre el acceso IO, pero los resultados del estudio sugieren varias áreas de mejora: Competencia en la Identificación de Sitios IO: La tibia proximal y el húmero proximal fueron los sitios más utilizados en los estudios. Entrenar a los proveedores para seleccionar rápidamente el sitio óptimo según la anatomía del paciente y la situación clínica puede mejorar la eficacia. Minimización de Errores en IO: Aunque la tasa de éxito inicial de colocación IO fue alta en el estudio (~94%), esto no garantiza una administración efectiva de medicamentos. Por lo tanto, el entrenamiento debe incluir estrategias para verificar la colocación correcta y solucionar problemas comunes. Integración de Protocolos Locales: Los sistemas de emergencias médicas deben adaptar las recomendaciones a su contexto. Por ejemplo, en áreas rurales donde el acceso IV puede ser más difícil, la vía IO puede ser priorizada. Simulaciones Realistas: La incorporación de simuladores avanzados en los cursos de ACLS y PHTLS puede ayudar a los equipos a practicar en escenarios que imiten la complejidad de los entornos prehospitalarios e intrahospitalarios. Consideraciones Operacionales para Entornos Prehospitalarios Los sistemas de emergencias médicas varían significativamente en recursos y capacitación. Algunos factores clave para considerar al implementar estas recomendaciones incluyen: Tiempo vs. Eficiencia: En el estudio, el acceso IO tuvo tiempos de administración comparables al IV (~15 minutos). Sin embargo, la efectividad del IO para lograr ROSC sostenido fue menor. Esto resalta la importancia de evaluar cuidadosamente las circunstancias antes de decidir qué vía utilizar. Capacitación Universal: La disponibilidad de dispositivos IO varía entre sistemas. Asegurarse de que todos los equipos prehospitalarios estén capacitados en el uso de dispositivos IO, puede reducir las disparidades en el cuidado. Uso de Checklists: Protocolos estandarizados y listas de verificación pueden garantizar que los pasos críticos, como la confirmación de flujo libre en dispositivos IO, no se pasen por alto. Conclusión El metanálisis confirma que la vía intravenosa sigue siendo la opción preferida para el acceso vascular durante un paro cardíaco, pero destaca el valor del acceso intraóseo en entornos prehospitalarios o cuando el acceso IV no es posible. La integración de estas recomendaciones en cursos como ACLS, PALS y PHTLS refuerza la necesidad de entrenar a los proveedores para manejar con competencia ambas técnicas. Referencias K. Couper, L.W. Andersen, I.R. Drennan, B.E. Grunau, P.J. Kudenchuk, R. Lall, E.J. Lavonas, G.D. Perkins, M.F. Vallentin, A. Granfeldt, On behalf of the International Liaison Committee on Resuscitation Advanced Life Support Task Force, Intraosseous and intravenous vascular access during adult cardiac arrest: a systematic review and meta-ana

Autonomous IT
Patch [FIXED] Tuesday: The Vulnerabilities That Defined 2024

Autonomous IT

Play Episode Listen Later Dec 31, 2024 73:19


Join us for a special bonus episode of Patch [FIX] Tuesday, an hour-long compilation of the vulnerabilities that help shaped the cybersecurity landscape in 2024. This episode recaps some the most critical and interesting exploits, from supply chain compromises to elevation of privilege threats targeting widely used platforms. Whether you're an IT administrator, security professional, or tech enthusiast, this episode provides valuable insights to stay ahead of evolving threats.Here's a list of vulnerabilities discussed in this episode, and be sure to tune into the Patch [FIX] Tuesday podcast on the second Tuesday of every month. Operation Triangulation (00:13)CVE-2024-21401: Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability (5:00)CVE-2024-21400: Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability (11:00)CVE-2024-3094: XZ/Liblzma Supply Chain Backdoor (17:08)CVE-2024-4671: Google Chrome Use-After-Free Vulnerability (30:00)CVE-2024-30078: Windows WiFi Driver Remote Code Execution Vulnerability(35:03)CVE-2024-38053: Windows Layer Two Bridge Network RCE (47:14)CVE-2024-38180: SmartScreen Prompt Remote Code Execution Vulnerability (53:12)CVE-2024-43491: Microsoft Windows Update Remote Code Execution Vulnerability (1:00:00)CVE-2024-43533: Remote Desktop Client Remote Code Execution Vulnerability (1:04:24)CVE-2024-5535: Microsoft Defender for Endpoint Remote Code Execution Vulnerability (1:07:35)CVE-2024-49093: Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability (1:09:36)

Risky Business
Risky Business #775 -- Cl0p is back, SEC hack disclosures disappoint

Risky Business

Play Episode Listen Later Dec 18, 2024


On this week's show, Patrick Gray and Adam Boileau discuss the week's cybersecurity news, including: The SEC's cyber incident reporting isn't very exciting after all China Telecom on the way to being thrown out of the US The NSA/Cybercom might get two separate hats The Cl0p ransomware crew are back and taking responsibility for the Cleo hacks (Yet another) File upload bug in Struts makes Java admins weep And much, much more. This episode is sponsored by SpecterOps, who run a pretty top notch offsec/pentest team when they're not busy making the Bloodhound Enterprise identity attack path enumeration software. SpecterOps' Robby Winchester joins to talk about how pentest has changed, and how their customers get value from their testing. This episode is also available Youtube. Show notes SEC cyber incident reporting rule generates 71 filings in 11 months | Cybersecurity Dive US senators, green groups call for accountability over hacking of Exxon critics | Reuters Biden Administration Takes First Step to Retaliate Against China Over Hack - The New York Times Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' | The Record from Recorded Future News EU opens investigation into TikTok and the Romanian election – POLITICO Clop ransomware claims responsibility for Cleo data theft attacks CISA warns of ransomware gangs exploiting Cleo, CyberPanel bugs | The Record from Recorded Future News CVE-2024-55956 | AttackerKB Apache issues patches for critical Struts 2 RCE bug • The Register Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers | The Record from Recorded Future News Israeli spyware firm Paragon acquired by US investment group, report says | Reuters How Cryptocurrency Turns to Cash in Russian Banks – Krebs on Security Arizona man arrested for alleged involvement in violent online terror networks | CyberScoop Russia bans Viber, claiming app facilitates terrorism and drug trafficking | The Record from Recorded Future News

The CyberWire
When AI goes offline.

The CyberWire

Play Episode Listen Later Dec 12, 2024 33:10


ChatGPT and Meta face widespread outages. Trump advisors explore splitting NSA and CyberCom leadership roles. A critical vulnerability in Apache Struts 2 has been disclosed. “AuthQuake” allowed attackers to bypass Microsoft MFA protections. Researchers identify Nova, a sophisticated variant of the Snake Keylogger malware. Adobe addresses critical vulnerabilities across their product line. Chinese law enforcement has been using spyware to collect data from Android devices since 2017. A new report highlights the gaps in hardware and firmware security management. A Krispy Kreme cyberattack creates a sticky situation. N2K's Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. Do Not Track bids a fond farewell.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K's Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. You can learn more in their new white paper "Building Cryptographic Agility in the Financial Sector." We will share the extended version of this conversation over our winter break. Stay tuned.  Selected Reading ChatGPT Down Globally, Services Restored After Hours Of Outage (Cyber Security News) Facebook, Instagram and other Meta apps go down due to 'technical issue' (CNBC) Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' (The Record) Apache issues patches for critical Struts 2 RCE bug (The Register) Microsoft MFA Bypassed via AuthQuake Attack (SecurityWeek) Nova Keylogger – A Snake Malware Steal Credentials and Capture Screenshorts From Windows (Cyber Security News) Adobe releases December 2024 patches for flaws in multiple products, including critical (Beyond Machines) Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement (SecurityWeek) Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge (Infosecurity Magazine) Krispy Kreme cyberattack impacts online orders and operations (Bleeping Computer) Firefox, one of the first “Do Not Track” supporters, no longer offers it (Ars Technica)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
When exploits go wild and patches race the clock.

The CyberWire

Play Episode Listen Later Dec 11, 2024 31:42


Microsoft confirms a critical Windows zero-day vulnerability. Global law enforcement agencies dismantle 27 DDoS platforms. Researchers compromise memory in AMD virtual machines. Ivanti reports multiple critical vulnerabilities in its Cloud Services Application. Group-IB researchers expose a sophisticated global phishing campaign. A zero-day vulnerability in Cleo's managed file transfer software is under active exploitation. The U.S. sanctions a Chinese firm for a 2020 firewall exploit. Congress looks to require the FCC to regulate telecom cybersecurity. Our guest is Malachi Walker, Security Strategist at DomainTools, discussing their role in ODNI's newly established Sentinel Horizon Program. SpartanWarriorz dodge a Telegram crackdown.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Malachi Walker, Security Strategist at DomainTools, about their role in ODNI's newly established Sentinel Horizon Program. Selected Reading New Windows 0Day Attack Confirmed—Homeland Security Says Update Now (Forbes) Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day (Infosecurity Magazine) Atlassian, Splunk Patch High-Severity Vulnerabilities (SecurityWeek) Chrome Security Update, Patch for 3 High-severity Vulnerabilities (Cyber Security News) ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others (SecurityWeek) Operation PowerOFF Takes Down DDoS Boosters (Infosecurity Magazine) AMD Chip VM Memory Protections Broken by BadRAM (Security Boulevard) Three more vulns spotted in Ivanti CSA, all critical, one 10/10 (The Register) Global Ongoing Phishing Campaign Targets Employees Across 12 Industries (Hackread) New Cleo zero-day RCE flaw exploited in data theft attacks (Bleeping Computer)  US Sanctions Chinese Firm at Center of Global Firewall Hack (Infosecurity Magazine) Wyden legislation would mandate FCC cybersecurity rules for telecoms (CyberScoop) Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down (Security Boulevard)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Autonomous IT
Patch [FIX] Tuesday – December 2024 [Merry FixMas and a Happy Patched Year], E14

Autonomous IT

Play Episode Listen Later Dec 10, 2024 11:11


In this episode, the hosts discuss various cybersecurity vulnerabilities, particularly focusing on recent CVEs, including CVE-2024-49093, CVE-2024-49132, and CVE-2024-49138. They emphasize the importance of patching systems, especially during the holiday season when companies may be more vulnerable. The conversation highlights the need for awareness around phishing scams and other security threats that tend to increase during this time of year.

Black Hills Information Security
2024-11-25 - Discordgate

Black Hills Information Security

Play Episode Listen Later Nov 27, 2024 66:22


00:00:00 - PreShow Banter™ — Discordgate00:09:24 - BHIS - Talkin' Bout [infosec] News 2024-11-2500:10:46 - Story # 1: DOJ says Google must sell Chrome to crack open its search monopoly00:12:08 - Story # 1b: DOJ's staggering proposal would hurt consumers and America's global technological leadership00:19:16 - Story # 2: The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access00:24:37 - Story # 3: Palo Alto Networks tackles firewall-busting zero-days with critical patches00:25:46 - Discordgate Follow Up00:26:26 - Story # 4: Enhancing Cyber Resilience: Insights from CISA Red Team Assessment of a US Critical Infrastructure Sector Organization00:31:08 - Story # 5: Fintech giant Finastra investigates data breach after SFTP hack00:34:01 - Story # 6: CFPB Finalizes Rule on Federal Oversight of Popular Digital Payment Apps to Protect Personal Data, Reduce Fraud, and Stop Illegal “Debanking”00:38:49 - Story # 7: T-Mobile finally managed to thwart a data breach before it occured00:40:22 - Story # 8: D-Link urges users to retire VPN routers impacted by unfixed RCE flaw00:43:07 - Story # 9: US seizes PopeyeTools cybercrime marketplace, charges administrators00:46:19 - Story # 10: Razzlekhan, crypto's most embarrassing rapper, is going to prison00:48:31 - Story # 10b: Netflix has a perfectly timed Razzlekhan doc coming out in December00:50:10 - Story # 11: Microsoft Defender Is Not Enough Anymore—This Malware Gets Around It00:55:11 - Story # 12: Microsoft president asks Trump to “push harder” against Russian hacks00:57:02 - Story # 13: Hackers Breach Andrew Tate's Online ‘University,' Exposing 800,000 Users01:00:36 - Story # 14: 7-Zip affected by dangerous vulnerability: users must update the app manually01:01:31 - Story # 15: Microsoft disrupts ONNX phishing-as-a-service infrastructure01:03:07 - Story # 16: US charges five linked to Scattered Spider cybercrime gang01:04:25 - Plug: Secure Code Summit 2024

Exploit Brokers - Hacking News
HN45 - Malware Madness: How Remcos RAT and Human Error Fuel Cyber Threats

Exploit Brokers - Hacking News

Play Episode Listen Later Nov 14, 2024 33:15


In today's episode, we dive deep into the fascinating yet troubling world of cybersecurity, exploring how even the most advanced antivirus software, firewalls, and endpoint security measures can fall short due to a single factor: human error. Despite the latest tech solutions, hackers continue to exploit one consistent vulnerability—users clicking on suspicious links and files. We'll discuss how phishing emails, malware, and outdated software create an entryway for cybercriminals, even in some of the most secure environments. Using two real-world cases, we'll uncover how modern-day malware such as Remcos RAT and Smoke Loader Trojan bypass standard security protocols. These cyber threats often use a combination of remote code execution (RCE) vulnerabilities, phishing emails disguised as business orders, and cleverly crafted zip files that hide malicious content. What's even more shocking? These vulnerabilities have been known for years, yet are still exploited due to outdated software and a lack of user awareness. Whether you're an individual trying to protect your personal data or part of an organization concerned with cybersecurity, this video is packed with insights on staying safe online. Learn how to spot phishing attempts, recognize the importance of regular software updates, and understand why cybersecurity training is essential to protecting yourself and your organization from potential threats. If you enjoy this breakdown, don't forget to hit the like button, subscribe, and click the notification bell to stay updated with more cybersecurity insights! Your support helps the channel grow and allows us to bring more content your way. Let's keep your digital world safe—one informed click at a time. #Cybersecurity #Malware #DataBreach #Phishing #CyberThreats #RemoteCodeExecution #RemcosRAT #SmokeLoader #UserAwareness #TechNews #CyberAttack #OnlineSafety #DigitalSecurity #Antivirus #CyberHygiene #TechExplained #StaySafeOnline #CybersecurityTips #DataProtection #Infosec

Security Now (MP3)
SN 1000: One Thousand - Windows Server 2025, Malicious Python Typos

Security Now (MP3)

Play Episode Listen Later Nov 13, 2024 137:43


Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

All TWiT.tv Shows (MP3)
Security Now 1000: One Thousand

All TWiT.tv Shows (MP3)

Play Episode Listen Later Nov 13, 2024 137:43


Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Security Now (Video HD)
SN 1000: One Thousand - Windows Server 2025, Malicious Python Typos

Security Now (Video HD)

Play Episode Listen Later Nov 13, 2024 137:43


Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Security Now (Video HI)
SN 1000: One Thousand - Windows Server 2025, Malicious Python Typos

Security Now (Video HI)

Play Episode Listen Later Nov 13, 2024 137:43


Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Radio Leo (Audio)
Security Now 1000: One Thousand

Radio Leo (Audio)

Play Episode Listen Later Nov 13, 2024 137:43


Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Security Now (Video LO)
SN 1000: One Thousand - Windows Server 2025, Malicious Python Typos

Security Now (Video LO)

Play Episode Listen Later Nov 13, 2024 137:43


Did Bitwarden go closed-source? The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

All TWiT.tv Shows (Video LO)
Security Now 1000: One Thousand

All TWiT.tv Shows (Video LO)

Play Episode Listen Later Nov 13, 2024 137:43 Transcription Available


Bitwarden reaffirms it's commitment to open source. The rights of German security researchers are clarified. Australia to impose age limits on social media. Free Windows Server 2025 anyone? UAC wasn't getting in the way enough, so they're fixing that. "From Russia with fines" -- obey or else. South Korea fines Meta over serious user privacy violations. Synology's (very) critical zero-click RCE flaw. Malicious Python packages invoked by typos. Google to enforce full MFA for all cloud service users. Mozilla Foundation lays off 30%? Is Firefox safe? Some feedback from Dave's Garage (https://grc.sc/dave) GRC email CTL: AI Debugging CTL: Chat GPT vs YouTube Shorts CTL: Update on the "Train Tracks" Pic of the Week CTL: DNS Benchmark compatibility CTL: The accuracy of AI CTL: Exposing NAS to the Internet CTL: Congrats on 1000! Show Notes - https://www.grc.com/sn/SN-1000-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit threatlocker.com for Security Now flashpoint.io lookout.com

Autonomous IT
Patch [Fix] Tuesday – November 2024 [Cybersecurity Experts Discuss NTLM Spoofs, RCE Attacks, and Privilege Escalations], E13

Autonomous IT

Play Episode Listen Later Nov 12, 2024 8:15


Automox cybersecurity experts discuss the latest security updates from November's Patch Tuesday, focusing on several critical vulnerabilities, including NTLM Hash Disclosure, Microsoft Defender's RCE vulnerability, and the Windows Task Scheduler Elevation of Privilege Vulnerability. They emphasize the importance of patching and user awareness in combating phishing attacks and other security threats. The conversation highlights the complexities of vulnerabilities in Windows 10 and 11, and the need for proactive measures to protect systems.

Cyber Security Headlines
Interlock targets healthcare, Canada dissolves TikTok, HP critical flaws

Cyber Security Headlines

Play Episode Listen Later Nov 8, 2024 7:33


Interlock ransomware gang aims at U.S. healthcare, IT and government Canada tells TikTok to dissolve its Canadian business Hewlett Packard warns of critical RCE flaws in Aruba Networking software Thanks to today's episode sponsor, Vanta As third-party breaches continue to rise, companies are increasingly vigilant, which means more time spent on manual security reviews. With Vanta Questionnaire Automation, security & compliance teams can complete security reviews up to 5 times faster, giving you time back to focus on running your security & compliance programs. Over 8,000 global companies like ZoomInfo, SmartRecruiters and Noibu use Vanta to save time on security reviews.   Visit vanta.com to learn more about Questionnaire Automation.   Find the stories behind the headlines at CISOseries.com.  

Paul's Security Weekly
Secure By Default - How do we get there? - Andy Syrewicze - PSW #848

Paul's Security Weekly

Play Episode Listen Later Oct 24, 2024 186:32


Andy drops some Microsoft Windows and 365 knowledge as we discuss the details on how we get to secure by default in our Windows and cloud environments. This week: The USB Army Knife that won't break the budget, I don't want to say EDR is useless (but there I said it), Paul's list of excellent hacking tips, FortiJump - an RCE that took a while to become public, do malware care if it's on a hypervisor?, MicroPython for fun and not for hacking?, an unspecified vulnerability, can you exploit speculative execution bugs?, scanning the Internet and creating a botnet by accident. Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-848

Paul's Security Weekly TV
Not The Vulnerabilities You're Looking For - PSW #848

Paul's Security Weekly TV

Play Episode Listen Later Oct 24, 2024 126:29


This week: The USB Army Knife that won't break the budget, I don't want to say EDR is useless (but there I said it), Paul's list of excellent hacking tips, FortiJump - an RCE that took a while to become public, do malware care if it's on a hypervisor?, MicroPython for fun and not for hacking?, an unspecified vulnerability, can you exploit speculative execution bugs?, scanning the Internet and creating a botnet by accident. Show Notes: https://securityweekly.com/psw-848

Patent Pending Made Simple
14. What to Do After Receiving a Notice of Allowance

Patent Pending Made Simple

Play Episode Listen Later Oct 22, 2024 20:32 Transcription Available


In this episode of Patent Pending Made Simple, Jaime and Samar tell you what a notice of allowance is, how it should be treated, and what you need to do after receiving one.SummaryIn this episode, the hosts discuss what to do after receiving a notice of allowance on a patent application. They explain a notice of allowance and how long it typically takes to receive one. They emphasize the importance of reviewing the notice of allowance and any examiner's amendments and paying the issue fee. They also discuss the duty of disclosure, the need to file an information disclosure statement (IDS), and a request for continued examination (RCE) if new relevant references are discovered. The hosts also recommend considering filing a continuation application and discussing the timeline for patent issuance. They mention the importance of patent marking and needing maintenance fees to keep the patent in force. The episode concludes with a reminder that the podcast does not provide legal advice.TakeawaysReview the notice of allowance and any examiner's amendments carefullyPay the issue fee to move forward with the patent applicationDisclose any new relevant references through an information disclosure statement (IDS) and a request for continued examination (RCE)Consider filing a continuation application to capture different claim scopesBe aware of the timeline for patent issuance and the need to pay maintenance feesMark the product as patented to access certain types of damagesRemember that the podcast does not provide legal adviceChapters00:00 Introduction and Overview00:20 Explanation of Notice of Allowance01:33 Timeline for Receiving a Notice of Allowance03:27 What to Do After Receiving a Notice of Allowance04:43 Duty of Disclosure and Information Disclosure Statement (IDS)06:06 Importance of Meeting Duty of Disclosure07:18 Request for Continued Examination (RCE)08:09 Considerations for Filing a Continuation Application10:08 Timeline for Patent Issuance11:22 Importance of Filing a Continuation Application13:48 Patent Marking and Maintenance Fees16:22 Conclusion and Disclaimer

The Daily Decrypt - Cyber News and Discussions
700k DrayTek Routers Vulnerable, Tech Recruiters Targeted with Malware – Cybersecurity News

The Daily Decrypt - Cyber News and Discussions

Play Episode Listen Later Oct 3, 2024


Video Episode: https://youtu.be/7et_7YkwAHs In today’s episode, we dive into the alarming rise of malware delivery through fake job applications targeting HR professionals, specifically focusing on the More_eggs backdoor. We also discuss critical gaming performance issues in Windows 11 24H2 and the vulnerabilities in DrayTek routers that expose over 700,000 devices to potential hacking. Lastly, we address the urgent exploitation of a remote code execution flaw in Zimbra email servers, emphasizing the need for immediate updates to safeguard against evolving threats. Links to articles: 1. https://thehackernews.com/2024/10/fake-job-applications-deliver-dangerous.html 2. https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-11-24h2-gaming-performance-issues/ 3. https://thehackernews.com/2024/10/alert-over-700000-draytek-routers.html 4. https://www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-exploited-to-backdoor-servers-using-emails/ Timestamps 00:00 – Introduction 01:14 – Zimbra RCE Vulnerability 02:17 – 700k DrayTek Routers Vulnerable 04:36 – Recruiters Targeted with Malware 06:14 – Microsoft blocks updates for gamers 1. What are today’s top cybersecurity news stories? 2. How is More_eggs malware targeting HR professionals? 3. What vulnerabilities exist in DrayTek routers? 4. Why did Microsoft block Windows 11 24H2 upgrades? 5. What is the impact of the Zimbra RCE flaw? 6. How do fake job applications spread malware? 7. What security measures can protect against More_eggs malware? 8. What are the latest gaming issues with Windows 11? 9. How can DrayTek router vulnerabilities be mitigated? 10. What are the latest tactics used by cybercriminals in email attacks? More_eggs, Golden Chickens, spear-phishing, credential theft, Microsoft, Windows 11, Asphalt 8, Intel Alder Lake+, DrayTek, vulnerabilities, exploits, cyber attackers, Zimbra, RCE, vulnerability, exploitation, # Intro HR professionals are under siege as a spear-phishing campaign disguised as fake job applications delivers the lethal More_eggs malware, leading to potentially devastating credential theft. Powered by the notorious Golden Chickens group, this malware-as-a-service targets recruiters with chilling precision. **How are recruitment officers unknowingly downloading malicious files, and what methods are threat actors using to bypass security measures?** “Microsoft is blocking Windows 11 24H2 upgrades on some systems due to critical gaming performance issues like Asphalt 8 crashes and Easy Anti-Cheat blue screens. The company is scrambling to resolve these problems that uniquely impact devices with Intel Alder Lake+ processors.” How can gamers with affected systems work around these issues until Microsoft releases a fix? Over 700,000 DrayTek routers are currently vulnerable to 14 newly discovered security flaws, with some critical exploits that could be used to take full control of the devices and infiltrate enterprise networks. Despite patches being released, many routers remain exposed, creating a lucrative target for cyber attackers. How can these vulnerabilities impact businesses that rely on DrayTek routers for network security? Hackers are leveraging a critical Zimbra RCE vulnerability to backdoor servers through specially crafted emails that execute malicious commands, revealing widespread exploitation just days after a proof-of-concept was published. Notable security experts warn of attackers embedding harmful code in the email’s CC field, which the Zimbra server inadvertently executes. How are attackers camouflaging their malicious emails to slip through security measures unnoticed? # Stories Welcome back to our podcast. Today, we’re talking about a new cyber threat targeting HR professionals. Researchers at Trend Micro have uncovered a spear-phishing campaign where fake job applications deliver a JavaScript backdoor called More_eggs to recruiters. This malware, sold as malware-as-a-service by a group known as Golden Chickens, can steal credentials for online banking, email accounts, and IT admin accounts. What’s unique this time is that attackers are using spear-phishing emails to build trust, as observed in a case targeting a talent search lead in engineering. The attack sequence involves downloading a ZIP file from a deceptive URL, leading to the execution of the More_eggs backdoor. This malware probes the host system, connects to a command-and-control server, and can download additional malicious payloads. Trend Micro’s findings highlight the persistent and evolving nature of these attacks, which are difficult to attribute because multiple threat actors can use the same toolkits. The latest insights also connect these activities to known cybercrime groups like FIN6. Stay vigilant, especially if you work in HR or recruitment. 1. **Spear-Phishing**: – **Definition**: A targeted phishing attack aiming at specific individuals or companies, typically using information about the victim to make fraudulent messages more convincing. – **Importance**: This method is specifically dangerous because it can trick even tech-savvy users by exploiting personalized details, leading to significant security breaches like credential theft. 2. **More_eggs**: – **Definition**: A JavaScript backdoor malware sold as a malware-as-a-service (MaaS) with capabilities to siphon credentials and provide unauthorized access to infected systems. – **Importance**: Due to its ability to latently steal sensitive information and its widespread use by various e-crime groups, More_eggs represents a significant threat to corporate cybersecurity. 3. **Malware-as-a-Service (MaaS)**: – **Definition**: A business model where malicious software is developed and sold to cybercriminals who can then use it to conduct attacks. – **Importance**: This model lowers the barrier of entry for cybercriminals, allowing even those with limited technical skills to launch sophisticated attacks using pre-made malware. 4. **Golden Chickens**: – **Definition**: A cybercriminal group (also known as Venom Spider) attributed with developing and distributing the More_eggs malware. – **Importance**: Understanding threat actors like Golden Chickens can help cybersecurity professionals anticipate and defend against specific threat tactics. 5. **Command-and-Control (C2) Server**: – **Definition**: A server used by threat actors to maintain communications with compromised systems within a target network to execute commands and control malware. – **Importance**: Disrupting C2 servers is crucial because it can cut off the attacker's control over their malware, mitigating the threat. 6. **LNK File**: – **Definition**: A shortcut file in Windows that points to another file or executable. – **Importance**: Misuse of LNK files in phishing campaigns can lead to automated execution of malicious payloads, making them an effective vector for malware distribution. 7. **PowerShell**: – **Definition**: A task automation framework from Microsoft consisting of a command-line shell and scripting language. – **Importance**: PowerShell is often used by attackers to execute and conceal malicious scripts due to its powerful capabilities and integration with Windows. 8. **Tactics, Techniques, and Procedures (TTPs)**: – **Definition**: The behavior patterns or methodologies used by cyber threat actors to achieve their goals. – **Importance**: Identifying TTPs helps security professionals understand, detect, and mitigate specific attack strategies used by threat actors. 9. **Obfuscation**: – **Definition**: The process of deliberately making code or data difficult to understand or interpret. – **Importance**: Obfuscation is commonly used by malware developers to conceal malicious activities and bypass security mechanisms. 10. **Cryptocurrency Miner**: – **Definition**: Software used to perform the computational work required to validate and add transactions to a blockchain ledger in exchange for cryptocurrency rewards. – **Importance**: Unauthorized cryptocurrency mining (cryptojacking) can misuse system resources for financial gain, leading to performance degradation and security vulnerabilities. — On today’s tech update: Microsoft has blocked upgrades to Windows 11 version 24H2 on certain systems due to gaming performance issues. Players of Asphalt 8 may encounter game crashes, while some systems running Easy Anti-Cheat might experience blue screens. These problems mainly affect devices with Intel Alder Lake+ processors. Until Microsoft resolves these issues, impacted users are advised not to manually upgrade using tools like the Media Creation Tool. Microsoft is working on fixes and will include them in upcoming updates. 1. **Windows 11 24H2**: A version of Microsoft’s Windows 11 operating system, released in the second half (H2) of 2024. It is significant because it represents Microsoft’s ongoing update cycle aimed at improving system performance and user experience, though it also highlights the challenges of software compatibility and stability. 2. **Asphalt 8 (Airborne)**: A popular racing video game often used for showcasing graphical and processing capabilities of devices. Its relevance lies in exposing potential software and hardware compatibility issues when new operating systems are released. 3. **Easy Anti-Cheat**: A software tool designed to detect and prevent cheating in multiplayer games. It is crucial for maintaining fair play and integrity in online gaming environments but can pose compatibility challenges with system updates. 4. **Blue Screen of Death (BSoD)**: An error screen displayed on Windows computers following a system crash. It is important as it signals serious software or hardware issues that could affect system stability and data integrity. 5. **Intel Alder Lake+ processors**: A generation of Intel’s microprocessors known for their hybrid architecture design. Understanding these chips is important for recognizing which systems might be more susceptible to the reported compatibility issues. 6. **vPro platform**: A set of Intel technologies aimed at enhancing business security and manageability. It’s critical to cybersecurity professionals because it allows for hardware-level encryption and more robust security management, but compatibility with OS updates can be problematic. 7. **MEMORY_MANAGEMENT error**: A specific type of error indicating system memory management problems, often leading to system crashes. It is crucial for cybersecurity and IT professionals as it affects the stability and reliability of a system. 8. **Compatibility holds (Safeguard IDs)**: Mechanisms employed by Microsoft to prevent system upgrades when known issues are detected. These are essential for protecting users from potential system failures and ensuring a stable computing environment. 9. **Media Creation Tool**: A Microsoft utility used for installing or upgrading Windows OS. It's important for IT professionals as it provides a means to manually deploy Windows updates, though it highlights the risks of bypassing automatic update safeguards. 10. **KB5043145 (Preview Update)**: A specific Windows update known to cause issues such as reboot loops and connection failures. Understanding these updates is crucial for maintaining system stability and ensuring that deployed systems are free from vulnerabilities and bugs. — In a recent cybersecurity alert, over 700,000 DrayTek routers have been identified as vulnerable to hacking due to 14 newly discovered security flaws. These vulnerabilities, found in both residential and enterprise routers, include two rated critical, with one receiving the maximum CVSS score of 10.0. This critical flaw involves a buffer overflow in the Web UI, potentially allowing remote code execution. Another significant vulnerability is OS command injection via communication binaries. The report highlights the widespread exposure of these routers’ web interfaces online, creating a tempting target for attackers, particularly in the U.S. DrayTek has released patches to address these vulnerabilities, urging users to apply updates, disable unnecessary remote access, and utilize security measures like ACLs and two-factor authentication. This development coincides with international cybersecurity agencies offering guidance to secure critical infrastructure, emphasizing the importance of safety, protecting valuable OT data, secure supply chains, and the role of people in cybersecurity. 1. **Vulnerability**: A weakness in a system or software that can be exploited by hackers. – **Importance**: Identifying vulnerabilities is crucial in cyber security because it helps protect systems from attacks. 2. **Router**: A device that routes data from one network to another, directing traffic on the internet. – **Importance**: Routers are essential for internet connectivity and their security is vital to prevent unauthorized access to networks. 3. **Buffer Overflow**: A coding error where a program writes more data to a buffer than it can hold, potentially leading to system crashes or unauthorized code execution. – **Importance**: Buffer overflows are common vulnerabilities that can be exploited to gain control of a system. 4. **Remote Code Execution (RCE)**: A type of vulnerability that allows an attacker to execute code on a remote system without authorization. – **Importance**: RCE vulnerabilities are highly critical as they enable attackers to take over affected systems. 5. **Cross-site Scripting (XSS)**: A web security vulnerability that allows attackers to inject malicious scripts into content from otherwise trusted websites. – **Importance**: XSS can be used to steal information, deface websites, and spread malware. 6. **Adversary-in-the-Middle (AitM) Attack**: An attack where the attacker secretly intercepts and possibly alters the communication between two parties who believe they are directly communicating with each other. – **Importance**: AitM attacks can lead to data theft, man-in-the-middle proxy attacks, and unauthorized access to sensitive information. 7. **Denial-of-Service (DoS)**: An attack intended to shut down a machine or network, making it inaccessible to its intended users. – **Importance**: DoS attacks disrupt the availability of services and can cause significant downtime and financial loss. 8. **Access Control List (ACL)**: A list of permissions attached to an object that specifies which users or system processes can access the object and what operations they can perform. – **Importance**: ACLs are crucial for implementing security policies to control access to resources. 9. **Two-Factor Authentication (2FA)**: A security process in which the user provides two different authentication factors to verify themselves. – **Importance**: 2FA improves security by adding an additional layer of verification, making it harder for attackers to gain unauthorized access. 10. **Operational Technology (OT)**: Hardware and software that detects or causes changes through direct monitoring and control of physical devices, processes, and events in an enterprise. – **Importance**: OT security is critical for the functioning and safety of critical infrastructure systems, such as those in manufacturing, power generation, and transportation. — Today, we’re discussing a critical remote code execution (RCE) vulnerability in Zimbra email servers, tracked as CVE-2024-45519, which hackers are actively exploiting. This flaw allows attackers to trigger malicious commands simply by sending specially crafted emails, which are processed by Zimbra’s post journal service. First flagged by Ivan Kwiatkowski of HarfangLab and confirmed by Proofpoint, the exploit involves spoofed emails with commands hidden in the “CC” field. Once processed, these emails deliver a webshell to the server, giving attackers full access for data theft or further network infiltration. A proof-of-concept exploit was released by Project Discovery on September 27, prompting immediate malicious activity. Administrators are urged to apply security updates released in Zimbra’s latest versions—9.0.0 Patch 41 and later—or disable the vulnerable postjournal service and ensure secure network configurations to mitigate the threat. Stay vigilant and update your Zimbra servers immediately to protect against this critical vulnerability. 1. **Remote Code Execution (RCE)** – **Definition**: A type of security vulnerability that enables attackers to run arbitrary code on a targeted server or computer. – **Importance**: This flaw can be exploited to gain full control over the affected machine, leading to data theft, unauthorized access, and further network penetration. 2. **Zimbra** – **Definition**: An open-source email, calendaring, and collaboration platform. – **Importance**: Popular among organizations for its integrated communication tools, making it a significant target for cyberattacks due to the sensitive data it handles. 3. **SMTP (Simple Mail Transfer Protocol)** – **Definition**: A protocol used to send and route emails across networks. – **Importance**: Integral to email services, its exploitation can deliver malicious content to servers and users, forming a vector for cyber-attacks. 4. **Postjournal Service** – **Definition**: A service within Zimbra used to parse incoming emails over SMTP. – **Importance**: Its vulnerability can be leveraged to execute arbitrary commands, making it a crucial attack point for hackers. 5. **Proof-of-Concept (PoC)** – **Definition**: A demonstration exploit showing that a vulnerability can be successfully taken advantage of. – **Importance**: PoC exploits serve as proof that theoretical vulnerabilities are practical and dangerous, necessitating urgent security responses. 6. **Base64 Encoding** – **Definition**: A method of encoding binary data into an ASCII string format. – **Importance**: Often used to encode commands within emails or other data streams to evade basic security detections. 7. **Webshell** – **Definition**: A type of malicious script that provides attackers with remote access to a compromised server. – **Importance**: Webshells afford attackers sustained control over a server, allowing for ongoing data theft, disruptions, and further exploits. 8. **CVE (Common Vulnerabilities and Exposures)** – **Definition**: A list of publicly known cybersecurity vulnerabilities and exposures, identified by unique CVE IDs. – **Importance**: Helps standardize and track security issues, facilitating communication and management of vulnerabilities across the cybersecurity community. 9. **Patch** – **Definition**: An update to software aimed at fixing security vulnerabilities or bugs. – **Importance**: Patching vulnerabilities is critical for protecting systems from attacks exploiting known security flaws. 10. **Execvp Function** – **Definition**: A function in Unix-like operating systems that executes commands with an argument vector, featuring improved input sanitization. – **Importance**: By replacing vulnerable functions like ‘popen,’ ‘execvp’ helps prevent the execution of malicious code, thus enhancing system security. —

Paul's Security Weekly
More Car Hacks, CUPS Vulns, Microsoft's SFI, Memory Safety, Password Complexity - Farshad Abasi - ASW #301

Paul's Security Weekly

Play Episode Listen Later Oct 2, 2024 45:57


More remote car control via web interfaces, an RCE in CUPS, Microsoft reduces attack surface, migrating to memory safety, dealing with dependency confusion, getting rid of password strength calculators, and more! Visit https://www.securityweekly.com/asw for all the latest episodes! Show Notes: https://securityweekly.com/asw-301

The CyberWire
One small step for scammers.

The CyberWire

Play Episode Listen Later Sep 17, 2024 30:59


The US charges a Chinese national for spear-phishing government employees. The feds impose new sanctions on the makers of Predator spyware. Dealing with fake data breaches. Researchers discover a critical vulnerability in Google Cloud Platform. D-Link has patched critical vulnerabilities in three popular wireless router models. Snowflake ups their authentication game. A US mining company confirms a cyberattack. Researchers identify critical threats targeting construction industry accounting software. Tim Starks from CyberScoop joins us with his reporting on the US Postal Service's ability to meet the challenges of the upcoming election. Cisco's second round of layoffs hit hard.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Tim Starks, Senior Reporter from CyberScoop, joining us to discuss his piece on "Election officials say U.S. Postal Service woes place election mail at risk."  Selected Reading DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military (SecurityWeek) US Ramps Up Sanctions on Spyware-Maker Intellexa (Infosecurity Magazine) All Smoke, no Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them (Security Boulevard) Google Cloud Platform RCE Flaw Let Attackers Execute Code on Millions of Google Servers (Cyber Security News)  D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (Bleeping Computer) Breach-Weary Snowflake Moves to MFA, 14-Character Passwords (GovInfo Security) Owner of only US platinum mine confirms data breach after ransomware claims (The Record) Cracks in the Foundation: Intrusions of FOUNDATION Accounting Software (Huntress) Cisco's second layoff of 2024 affects thousands of employees (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Critical Thinking - Bug Bounty Podcast
Episode 88: News, Tools, and Writeups

Critical Thinking - Bug Bounty Podcast

Play Episode Listen Later Sep 12, 2024 66:08


Episode 88: In this episode of Critical Thinking - Bug Bounty Podcast Justin and Joel tackle a whole slate of new research including a new cheat sheet for URL validation bypass from Portswigger, the introduction of Sanic DNS as a high-speed DNS resolver, xsstools, and the Dockerization of Orange Confusion Attacks. Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Find the Hackernotes: https://blog.criticalthinkingpodcast.io/ Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Shop our new swag store at ctbb.show/swagResourcesURL Validation Bypass cheat sheetSanicDNSOrange Confusion AttacksWordPress GiveWP POP to RCEXsstoolsBypassing browser tracking protectionAdvanced iframe MagicDOM Clobberinghttps://www.ruhrsec.de/downloads/slides/Everything-You-Wanted-to-Know-About-DOM-Clobbering-But-Were-Afraid-to-Ask-Soheil-Khodayari-RuhrSec.pdfAndhttps://domclob.xyz/domc_payload_generator/Timestamps:(00:00:00) Introduction(00:02:00) URL validation bypass(00:07:41) SanicDNS and Orange confusion attacks(00:20:06) WordPress GiveWP POP to RCE(00:31:29) Xsstools(00:43:56) Bypassing browser tracking protection(00:52:06) DOM Clobbering and mixing up your approach

The CyberWire
A Patch Tuesday overload.

The CyberWire

Play Episode Listen Later Sep 11, 2024 28:45


Patch Tuesday rundown. Microsoft integrates post-quantum cryptography (PQC) algorithms into its SymCrypt cryptographic library.The FTC finalizes rules to combat fake reviews and testimonials. A payment card thief pleads guilty. On our latest CertByte segment, N2K's Chris Hare and George Monsalvatge share questions and study tips from the Microsoft Azure Fundamentals (AZ-900) Practice Test.  Hard Drive Heaven: How Iconic Music Sessions Are Disappearing.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Fundamentals (AZ-900) Practice Test. Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Reference: What is public cloud? (RedHat) Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Remembering 9/11 In today's episode, we pause to honor and remember the lives lost on September 11, 2001. We pay tribute to the courageous first responders, the resilient survivors, and the families whose lives were forever altered by that tragic day. Amidst the profound loss, the spirit of unity and compassion shone brightly, reminding us of our shared humanity. Additionally, you can check out our special segment featuring personal remembrances from N2K CyberWire's very own Rick Howard, who was in the Pentagon on that fateful day. His reflections provide a heartfelt perspective on the events and are well worth your time. Tune in to hear his poignant insights. Special Edition Podcast In today's special edition of Solution Spotlight, we welcome Mary Haigh, Global CISO of BAE Systems, as she sits down with N2K's Simone Petrella. Together, they discuss moving beyond the technical aspects of cybersecurity to build and lead a high-performing security team. Selected Reading Microsoft Fixes Four Actively Exploited Zero-Days (Infosecurity Magazine) Adobe releases september 2024 patches for flaws in multiple products, including critical (Beyond Machines) Chrome 128 Update Resolves High-Severity Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Advisories Published by Siemens, Schneider, ABB, CISA (SecurityWeek) Ivanti fixes maximum severity RCE bug in Endpoint Management software (Bleeping Computer) Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library (SecurityWeek) Federal Trade Commission Announces Final Rule Banning Fake Reviews and Testimonials (Federal Trade Commission) Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details (Bitdefender) Inside Iron Mountain: It's Time to Talk About Hard Drives (Mixonline) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach top security leaders. Explore our network sponsorship opportunities and build your brand where industry leaders get their daily news. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
A ticking clock to exploitation.

The CyberWire

Play Episode Listen Later Sep 9, 2024 32:55


Patch Now alerts come from Progress Software and Veeam Backup & Restoration. Car rental giant Avis notifies nearly 300,000 customers of a data breach. The UK's National Crime Agency struggles to retain top cyber talent. Two Nigerian brothers get prison time for their roles in a deadly sextortion scheme. SpyAgent malware uses OCR to steal cryptocurrency. A Seattle area school district suffers a cybercrime snow day. Our guest is Amer Deeba, CEO of Normalyze, discussing data's version of hide and go seek -  the emergence of shadow data. A crypto leader resigns after being held at gunpoint.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Amer Deeba, CEO of Normalyze, discussing data's version of hide and go seek, or the emergence of shadow data. Selected Reading Progress LoadMaster vulnerable to 10/10 severity RCE flaw (Bleeping Computer) New Veeam Vulnerability Puts Thousands of Backup Servers at Risk – PATCH NOW! (HACKREAD) Thousands of Avis car rental customers had personal data stolen in cyberattack (TechCrunch) UK National Crime Agency, responsible for fighting cybercrime, ‘on its knees,' warns report (The Record) 2 Brothers Sentenced to More Than 17 Years in Prison in Sextortion Scheme (The New York Times) SpyAgent Android malware steals your crypto recovery phrases from images (Bleeping Computer) Highline schools closing Monday because of cyberattack (Seattle Times) Crypto Firm CEO Resigns Following Armed Robbery of Company Funds (Blockonomi) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The CyberWire
From secure to clone-tastic.

The CyberWire

Play Episode Listen Later Sep 4, 2024 31:16


Researchers find Yubikeys vulnerable to cloning. Google warns of a serious zero-day Android vulnerability. Zyxel releases patches for multiple vulnerabilities. D-Link urges customers to retire unsupported vulnerable routers. Hackers linked to Russia and Belarus target Latvian websites. The Federal Trade Commission (FTC) reports a sharp rise in Bitcoin ATM-related scams. Dutch authorities fine Clearview AI over thirty million Euros over GDPR violations. Threat actors are misusing the MacroPack red team tool to deploy malware. CISA shies away from influencing content moderation. Our guest is George Barnes, Cyber Practice President at Red Cell Partners and Fmr. Deputy Director of NSA discussing his experience at the agency and now in the VC world. Unauthorized Wi-Fi on a Navy warship Leads to Court-Martial.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is George Barnes, Cyber Practice President and Partner at Red Cell Partners and judge at the 2024 DataTribe Challenge, discussing his experience on both sides, having been at NSA and now in the VC world. Submit your startup to potentially be selected to be part of a startup competition like no other by September 27, 2024. Selected Reading YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (Ars Technica) Google Issues Android Under Attack Warning As 0-Day Threat Hits Users (Forbes) Zyxel Patches Critical Vulnerabilities in Networking Devices (SecurityWeek) D-Link says it is not fixing four RCE flaws in DIR-846W routers (Bleeping Computer) Hackers linked to Russia and Belarus increasingly target Latvian websites, officials say (The Record) New FTC Data Shows Massive Increase in Losses to Bitcoin ATM Scams (FTC) Dutch DPA imposes a fine on Clearview because of illegal data collection for facial recognition | Autoriteit Persoonsgegevens (Autoriteit Persoonsgegevens) Red Teaming Tool Abused for Malware Deployment (Infosecurity Magazine) CISA moves away from trying to influence content moderation decisions on election disinformation (CyberScoop) How Navy chiefs conspired to get themselves illegal warship Wi-Fi (Navy Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Wireshark 4.4: Converting Display Filters to BPF Capture Filters https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224 GitHub Comments Used to Spread Malware https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/ Voldemort Malware Curses Orgs Using Global Tax Authorities https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Wireshark 4.4: Converting Display Filters to BPF Capture Filters https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224 GitHub Comments Used to Spread Malware https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/ Voldemort Malware Curses Orgs Using Global Tax Authorities https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/