Episoder
-
Thank you so much for your support and tuning in. Our full show notes can be found here: https://thecybersecuritydigest.tech/p/cybersecurity-digest-podcast-week-review-2630-aug-2024 Please do not forget to share this show out with someone you know as well as leave this show a rating in your platform of choice! Thank you so much for your continued support!
-
Show notes for this week's show can be found here:https://thecybersecuritydigest.tech/p/the-cybersecurity-digest-podcast-week-in-review-19-23-august-2024As stated in the show, comments are turned on for the website. I would love to hear from you regarding your feedback! Please also feel free to leave feedback on Spotify or YouTube and I will review those comments ASAP! If you are interested in subscribing to our newsletter you can do so here: https://thecybersecuritydigest.tech/subscribe
If you would like to see all the platforms our show is available on you can review our podcast here: https://www.thecybersecuritydigest.com/
-
Mangler du episoder?
-
This an announcement for the upcoming Cybersercurity Digest Newsletter that is launching on Aug 19 2024. If you are interested in subscribing or viewing the newsletter you can do so here: https://thecybersecuritydigest.tech/
-
Security Digest for 6 August 2024:
Podcast Requested Feedback: https://forms.gle/w2RB5DRzbbvu3ziS7 Notable News: Over 20,000 Ubiquiti Cameras and Routers are Vulnerable to Amplification Attacks and Privacy Risks - Check Point Blog
BITS and Bytes: Analyzing BITSLOTH, a newly identified backdoor — Elastic Security Labs
Panamorfi: A New Discord DDoS Campaign (aquasec.com)
4.6 Million Voter and Election Documents Exposed Online by Technology Contractor (vpnmentor.com)
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms | Volexity
Israeli hacker group takes responsibility for collapse of Wi-Fi in Ira - The Jerusalem Post (jpost.com)
TgRAT malware returns with a Linux variant (broadcom.com)
Linux kernel impacted by new SLUBStick cross-cache attack (bleepingcomputer.com)
Fighting Ursa Luring Targets With Car for Sale (paloaltonetworks.com)
Keytronic reports losses of over $17 million after ransomware attack (bleepingcomputer.com)
Justice Department sues TikTok for alleged violations of children’s privacy (therecord.media)
Prevalent Patches: Critical Bitdefender Patch for GravityZone Update Server: CVE-2024-6980 Could Lead to SSRF Attacks - SOCRadar® Cyber Intelligence Inc.SonicWall Discovers Second Critical Apache OFBiz Zero-Day Vulnerability | SonicWallCISA Corner: CISA Adds One Known Exploited Vulnerability to Catalog | CISA
NVD - CVE-2018-0824 (nist.gov)
-
Security Digest for 2 August 2024:
Podcast Requested Feedback: https://forms.gle/w2RB5DRzbbvu3ziS7 Notable News: Certificate Revocation Incident | DigiCert1910322 - DigiCert: Random value in CNAME without underscore prefix (mozilla.org)DigiCert Status - DigiCert Revocation Incident (CNAME-Based Domain Validation)Azure status history | Microsoft AzureUnmasking the SMS Stealer: Targeting Several Countries with Deceptive Apps - ZimperiumZscaler ThreatLabz 2024 Ransomware Report I Threat ResearchCost of a data breach 2024 | IBMOneDrive Pastejacking (trellix.com)Threat actor impersonates Google via fake ad for Authenticator | MalwarebytesBingoMod: The new android RAT that steals money and wipes data | Cleafy LabsWho Knew? Domain Hijacking is So Easy | InfobloxDucks Now Sitting (DNS): Internet Infrastructure Insecurity - Eclypsium | Supply Chain Security for the Modern Enterprise
Threat Actor Abuses Cloudflare Tunnels to Deliver RATs | Proofpoint US
Ransomware Details | OneBloodPrevalent Patches: Security notices | UbuntuRed Hat Product Errata - Red Hat Customer PortalCISA Corner:
CISA Adds One Known Exploited Vulnerability to Catalog | CISACISA Releases Nine Industrial Control Systems Advisories | CISACISA Names First Chief Artificial Intelligence Officer | CISA
-
Security Digest for 30 July 2024:
Podcast Requested Feedback: https://forms.gle/w2RB5DRzbbvu3ziS7 Notable News: WhatsApp for Windows lets Python, PHP scripts execute with no warning (bleepingcomputer.com)
PKfail: Untrusted Platform Keys Undermine Secure Boot on UEFI Ecosystem (binarly.io)SupplyChainAttacks/PKfail/ImpactedDevices.md at main · binarly-io/SupplyChainAttacks · GitHubMalicious Python Package Targets macOS Developers (checkmarx.com)
SeleniumGreed Cryptomining Campaign Exploiting Grid Services | Wiz BlogScammer Abuses Microsoft 365 Tenants, Relaying Through Proofpoint Servers to Deliver Spam Campaigns | Proofpoint USHealthEquity says data breach impacts 4.3 million people (bleepingcomputer.com)Two-Step Phishing Campaign Exploits Microsoft Office Forms (perception-point.io)Over 1 Million websites are at risk of sensitive information leakage (salt.security)TrustedSec | Specula - Turning Outlook Into a C2 With One Registry…Ransomware operators exploit ESXi hypervisor vulnerability for mass encryption | Microsoft Security BlogSupport Content Notification - Support Portal - Broadcom support portalPrevalent Patches: Security Bulletin: NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, Jetson TX1, Jetson TX2 Series (including Jetson TX2 NX), and Jetson Nano (including Jetson Nano 2GB) - July 2024 | NVIDIA (custhelp.com)Apple security releases - Apple Support
CISA Corner: NVD - CVE-2024-4879 (nist.gov)NVD - CVE-2024-5217 (nist.gov)NVD - CVE-2023-45249 (nist.gov)Siemens SICAM Products | CISAPositron Broadcast Signal Processor | CISA
-
Cybersecurity Digest for 26 July 2024
Today we discuss the following items:Notable NewsCrowdstrike Post Incident Report: Falcon Content Update Remediation and Guidance Hub | CrowdStrikeCrowdstrike Phishing Campaigns: Malicious Inauthentic Falcon Crash Reporter Installer Distributed to German Entity (crowdstrike.com)Malware Distributed Using Falcon Sensor Update Phishing Lure | CrowdStrikeThreat Actor Distributes Python-Based Info Stealer Using Fake Update (crowdstrike.com)Apparent CrowdStrike Threat Actor List Leak: Hacktivist Entity USDoD Claims to Have Leaked CrowdStrike’s Threat Actor ListMeta Ousts 63,000 accounts linked to Sextortion :Combating Financial Sextortion Scams From Nigeria | Meta (fb.com)Darknet Diaries Episode related to the Sextortion Scams: The Pig Butcher – Darknet DiariesRapid7 Malware Campaign using Fake W2: Malware Campaign Lures Users With Fake W2 Form | Rapid7 BlogGitHub Deleted and Private Repo Access: Anyone can Access Deleted and Private Repository Data on GitHub ◆ Truffle Security Co.GitHub Accounts Distributing Malware: Over 3,000 GitHub accounts used by malware distribution service (bleepingcomputer.com)Windows SmartScreen Flaw: Windows SmartScreen Flaw Enabling Data Theft in Major Stealer Attack (hackread.com)
Apt45 Shifts from Espionage to Ransomware: APT45: North Korea’s Digital Military Machine | Google Cloud BlogRelated CISA Advisory: North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA
Prevalent PatchesGoogle Chrome Fixes Vulnerabilities:Chrome Releases: Stable Channel Update for Desktop (googleblog.com)Docker Fixes Authentication Bypass: Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine | DockerSiemens Fixes Closes Backdoors: SSA-071402 (siemens.com)Progress Telerik Vulnerability: Insecure Deserialization Vulnerability - Telerik Report Server
CISA Alert: BIND 9: ISC Releases Security Advisories for BIND 9 | CISARelated news: BIND DNS Server Vulnerability Lets Attackers Flood Server (cybersecuritynews.com)
-
Cybersecurity Digest for 24 July 2024Today we discuss the following items:Crowdstrike Stealer: Threat Actor Uses Fake Recovery Manual to Deliver Unidentified Stealer (crowdstrike.com)ESET’s EvilVideo DiscoveryCursed tapes: Exploiting the EvilVideo vulnerability on Telegram for Android (welivesecurity.com)TrendMicro’s Playransomware Targeting ESXi:New Play Ransomware Linux Variant Targets ESXi Shows Ties With Prolific Puma | Trend Micro (US)Magneto Credit Card Theft Malware: Attackers Abuse Swap File to Steal Credit Cards (sucuri.net)Vulnerable Ad Injecting Driver: HotPage: Story of a signed, vulnerable, ad-injecting driver (welivesecurity.com)BreachForums DataLeak Exposes Members: BreachForums v1 hacking forum data leak exposes members’ info (bleepingcomputer.com)KnowBe4 North Korean Insider: How a North Korean Fake IT Worker Tried to Infiltrate Us (knowbe4.com)Vishing Attacks: Whose Voice Is It Anyway? AI-Powered Voice Spoofing for Next-Gen Vishing Attacks | Google Cloud BlogHuntress AsyncRAT Blog:Fake Browser Updates Lead to BOINC Volunteer Computing Software | HuntressCISA KEV Additions: NVD - CVE-2024-39891 (nist.gov)NVD - CVE-2012-4792 (nist.gov)Music in order that it appears licensed via Artlist.io : Lizard by Captain QubzFeel The Air by Ikoliks
-
Cybersecurity Digest for 22 July 2024Today we discuss the following items:Crowdstrike Issue: Falcon Content Update Remediation and Guidance Hub | CrowdStrikeHelping our customers through the CrowdStrike outage - The Official Microsoft BlogNew Recovery Tool to help with CrowdStrike issue impacting Windows endpoints - Microsoft Community HubThreat Actors capitalizing on the CrowdStrike Incident: Falcon Sensor Issue Likely Used to Target CrowdStrike CustomersLikely eCrime Actor Capitalizing on Falcon Sensor Issues | CrowdStrikeFake CrowdStrike fixes target companies with malware, data wipers (bleepingcomputer.com)GTA VI Fake Beta Pushing MalwareGamers Beware: There’s No Such Thing as ‘GTA VI Beta Version’ to Download from Sponsored Facebook Ads. It’s Malware! (bitdefender.com)MediSecureMediSecure cyber security incident (homeaffairs.gov.au)MediSecure – Media / Public Statement (wordpress.com)FractalID Data BreachInfostealer Infection Results in Data Breach of Blockchain Identity Platform, Fractal ID | InfoStealersRecorded Future Report: Security Challenges Rise as QR Code and AI-Generated Phishing Proliferate | Recorded Future
-
Cybersecurity Digest for 19 July 2024: Today we discuss:
Yet Another Chrome VulnerabilityDual Critical Cisco Vulnerabilities; Including A Max Severity VulnerabilityLife360 Data BreachIvanti EMM VulnerabilityNew Novel Email Vulnerabilites\A Report on Fin7SOC Radar’s Global Ransomware ReportCISA Adds 3 new vulns to its KEVArticles Referenced in the Show in the order they appear:Yet Another Chrome VulnerabilityChrome Releases: Stable Channel Update for Desktop (googleblog.com)Dual Critical Cisco Vulnerabilities; Including A Max Severity VulnerabilityCisco Smart Software Manager On-Prem Password Change VulnerabilityCisco Secure Email Gateway Arbitrary File Write VulnerabilityLife360 Data BreachOver 400,000 Life360 user phone numbers leaked via unsecured API (bleepingcomputer.com)Ivanti EMM VulnerabilitySecurity Advisory Ivanti Endpoint Manager for Mobile (EPMM) July 2024New Novel Email Vulnerabilites20 Million Trusted Domains Vulnerable to Email Hosting Exploits (darkreading.com)A Report on Fin7FIN7 Reboot | Cybercrime Gang Enhances Ops with New EDR Bypasses and Automated Attacks - SentinelOneSOC Radar’s Global Ransomware reportSOCRadar’s Global Ransomware Report 2024: Gain Insights Into Worldwide Ransomware Trends - SOCRadar® Cyber Intelligence Inc.CISA Adds 3 new vulns to its KEV
NVD - CVE-2024-34102 (nist.gov)NVD - CVE-2024-28995 (nist.gov)NVD - CVE-2022-22948 (nist.gov)
-
Cybersecurity Digest for 17 July 2024: Today we discuss: MuddyWater’s Latest Cyber Onslaught and a sneaky backdoor!
AT&T Pays Hackers – Was it Worth it?
An Update on RiteAid’s Data Breach
SEXi Ransomware group rebrands…. Meet APT INC!
mSpy Breach
SYS01 Stealer Malware: Malvertising across Social Media
15 Million Trello Email Addresses Leaked
Google’s 23 Billion to acquire Wiz
Octo Tempest, AKA Scattered Spider adds new ransomware payloads
CISA adds one new vulnerability to its Known Exploited Catalog
Articles Referenced in the Show in the order they appear:
CheckPoint Research Bugsleep Backdoor:
New BugSleep Backdoor Deployed in Recent MuddyWater Campaigns - Check Point Research
AT&T Paid Threat Actor:
AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records | WIRED
RiteAid Update: Rite Aid says June data breach impacts 2.2 million people (bleepingcomputer.com)SEXi Rebranding:
SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks (bleepingcomputer.com)
Mspy Data Breach:
Mspy data breach exposes millions of customers' information (candid.technology)
Malvertising in Facebook, LinkedIn, and YoutTube: Facebook Malvertising Epidemic – Unraveling a Persistent Threat: SYS01 (trustwave.com)
Malvertising_Research.pdf (trustwave.com)
Trello Leak:
Email addresses of 15 million Trello users leaked on hacking forum (bleepingcomputer.com)
Wiz Acquisition:
Exclusive | Google Near $23 Billion Deal for Cybersecurity Startup Wiz - WSJ
Microsoft Tweet Thread: Microsoft Threat Intelligence on X
CISA KEV Addition: NVD - CVE-2024-36401 (nist.gov)
-
Today’s Episode Topics for 15 July 2024
AT&T Data Leaks70%+ of public facing servers could be VulnerableApple warns iPhone customers of spyware in certain countriesNetgear patches a Stored XSS VulnerabilityA look at CrystalRayRiteAid hit with a data breachDisney’s Internal Slack possibly leakedIs your organization able to keep up with hackers?Articles Referenced in the Show in the order they appear: AT&T Data Leak:
AT&T 8-K Filing
Exim Vulnerability:
Censys Exim MTA Vulnerability
Apple Warns of Spyware:
Apple warns iPhone users in 98 countries of spyware attacks | TechCrunch
NSO – Darknet Diaries
Netgear Vulnerability:
Netgear Security Advisory
Sysdig Report on CRYSTALRAY:
CRYSTALRAY: Inside the Operations of a Rising Threat Actor Exploiting OSS Tools | Sysdig
RiteAid Data Breach:
Rite Aid confirms data breach after June ransomware attack (bleepingcomputer.com)
Disney Internal Slack possibly leaked: NullBulge's Post
Vx-underground's Post
Cloudfare Applicattion Security Report 2024:
Application Security report: 2024 update (cloudflare.com)
If you like our show, please share it with others who you think would enjoy it. Also feel free to check out www.thecybersecuritydigest.com to find all of the locations you can listen to us. Please leave us a rating if you have found this show helpful, as it helps us out tremendously. Thank you!
-
This week we talk about
Microsoft patches 140+ vulnerabilities including 2 zero days, in Patch Tuesday; Adobe patches critical issues in several of its products,10 Billion Passwords leaked,39,000 Ticket master tickets leaked,Chinese APT 40 hiijack routersHackers are Targeting Wordpress plugins, A new attack bypasses RADIUS authentication CISA adds 3 new CVEs to its KEVand more in this episodeArticles Mentioned In Order they appear in the Show: July 2024 Security Updates - Release Notes - Security Update Guide - Microsoft
Windows MSHTML zero-day used in malware attacks for over a year (bleepingcomputer.com)
Resurrecting Internet Explorer: Threat Actors Using Zero-day Tricks in Internet Shortcut File to Lure Victims (CVE-2024-38112) - Check Point Research
Whispers of Atlantida: Safeguarding Your Digital Treasure | Rapid7 Blog
Adobe Product Security Incident Response Team (PSIRT)RockYou2024: 10 billion passwords leaked in the largest compilation of all time | Cybernews
Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events (bleepingcomputer.com)
Advance Auto Parts data breach impacts 2.3 million people (bleepingcomputer.com)APT40 Advisory | Cyber.gov.au
$3,094 Bounty Awarded and 150,000 WordPress Sites Protected Against Arbitrary File Upload Vulnerability Patched in Modern Events Calendar WordPress Plugin (wordfence.com)
VU#456537 - RADIUS protocol susceptible to forgery attacks. (cert.org)
BLAST RADIUSPalo Alto Networks Patches Critical Flaw in Expedition Migration Tool (thehackernews.com)GitLab Critical Patch Release: 17.1.2, 17.0.4, 16.11.6 | GitLab
Notable CISA KEV Additions:
NVD - CVE-2024-23692 (nist.gov)NVD - CVE-2024-38080 (nist.gov)NVD - CVE-2024-38112 (nist.gov)
-
With the cyber threat landscape ever evolving it can be challenging to stay up to date on the latest cybersecurity developments.There are so many fantastic security news sites and blogs out there. However, due to the sheer number of resources, I found it difficult to read them all and I wished there was a consistent way for me to listen to the latest security news…… that’s where the Cybersecurity Digest comes in. The goal of this show is to bring you a summary of the latest news, trends, and information relevant in the cybersecurity community. The hope is that the information you get from the show will help you stay well-informed and ahead of the adversaries out there.If this sounds like something you are interested in listening to, please give us a follow or subscribe and stay tuned for our upcoming first episode! Until Next time… Stay Informed to Stay Secure!
