356: Russian Spies Stole US Emails?! (Microsoft Breach Update!)

360: Dell Got Pwned?! (49 MILLION Records Stolen!)

This week on Technado, Dell got pwned: 49 million records were stolen & are up for sale on the dark web. Dan & Soph talk privacy as Proton has turned over more customer info to cops, and we also take a look at MITRE's newest framework, EMB3D. In exploit news, Cinterion cellular modems have some severe vulnerabilities to deal with, and a PoC has been released for a critical PuTTY key vulnerability.

In our Pork Chop Sandwiches segment, ANOTHER malicious Python package has been found in PyPI. A new LLMjacking attack is being used to exploit stolen cloud creds, and Nmap 7.95 is out with new features!

Lastly, in our deep dive, we take a look at Mallox RaaS and how it's being used in MS-SQL exploitation campaigns. And before we sign off, we touch on some of the breaking stories from this week that we couldn't cover in depth.

Want to read more? Check out the stories we covered in this week's episode:

https://www.theregister.com/2024/05/09/dell_data_stolen/
https://www.theregister.com/2024/05/13/infosec_in_brief/
https://thehackernews.com/2024/05/mitre-unveils-emb3d-threat-modeling.html
https://thehackernews.com/2024/05/severe-vulnerabilities-in-cinterion.html
https://thehackernews.com/2024/05/malicious-python-package-hides-sliver.html
https://www.infosecurity-magazine.com/news/llmjacking-exploits-stolen-cloud/
https://cybersecuritynews.com/nmap-7-95-released/
https://gbhackers.com/putty-private-key-poc-released/
https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/#h-mallox-ransomware-deployment

359: NEW IPadOS Changes Incoming! (Also, Don Is Back!) |

Join Don and Daniel as they discuss all things happening in the tech and cybersecurity world this week!

Article Links:

Rapid Fire
https://www.tomshardware.com/pc-components/cpus/rising-metal-prices-could-mean-more-expensive-laptops-pc-parts-and-other-electronics-in-the-near-future
https://arstechnica.com/apple/2024/05/apple-must-open-ipados-to-sideloading-within-6-months-eu-says/
https://arstechnica.com/gadgets/2024/05/wear-os-will-soon-be-at-50-percent-of-apple-watch-sales/
https://www.darkreading.com/cloud-security/dprks-kimsuky-apt-abuses-weak-dmarc-policies-feds-warn
https://gbhackers.com/cybersecurity-consultant-jailed/
https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html
https://www.securitynewspaper.com/2024/05/06/how-safe-is-your-tinyproxy-step-by-step-guide-to-exploiting-tinyproxys-zero-day-vulnerability/

Deep Dive
https://blog.kandji.io/malware-cuckoo-infostealer-spyware

358: New Android Banking Malware! (It Tracks EVERYTHING)

Patches abound on this week's Technado! In our Rapid Fire segment, we kick things off with the UK ban on weak default passwords. Then, a warning from Okta on cred-stuffing attacks, and a critical bug in R that exposes orgs to supply chain risks. Collection agency FBCS got pwned this week, with millions of records being exposed - but in happier news, the Japanese police are starting a new effort to keep elderly citizens from falling prey to payment card scams.

The ArcaneDoor was a big story this week, as was yet anothrer WordPress plugin vulnerability - and in this week's D'oh! segment, the popular iSharing app was found to be sharing users locations (even when services were disabled). FInally, in our deep dive, we take a look at new Android banking malware Brokewell.

Like what you heard? Take a look at this week's articles:

https://www.theregister.com/2024/04/29/uk_lays_password_legislation/
https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html
https://www.darkreading.com/application-security/r-programming-language-exposes-orgs-to-supply-chain-risk
https://techcrunch.com/2024/04/24/security-flaws-isharing-tracking-app-exposed-millions-precise-locations/
https://www.techradar.com/pro/security/collection-agency-data-breach-affects-millions-of-users
https://www.bleepingcomputer.com/news/security/japanese-police-create-fake-support-scam-payment-cards-to-warn-victims/
https://www.msspalert.com/news/cyber-spies-burrow-into-cisco-firewall-platforms-in-zero-day-exploits
https://arstechnica.com/security/2024/04/hackers-make-millions-of-attempts-to-exploit-wordpress-plugin-vulnerability/
https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware

357: Malware in Microsoft's GitHub Repo?!

Cheats, breaches, and weaknesses abound on this week's Technado! Cybercriminals are threatening to leak millions of records from the World-Check database, and millions more were affected by this week's Frontier Communications broadband shutdown. In our biggest story of the week, MITRE got pwned by nation-state hackers via our old friends, the Ivanti zero-days. CrushFTP is dealing with a vuln that lets attackers download system files, and our Don't Make No Sense feature is a twofer: fake game cheats are being used to spread malware, and it all started with...Microsoft's GitHub repo?

Of course, it wouldn't be Technado without a deep dive, and this one's a doozy: a SafeBreach researcher uncovered FOUR CVEs by exploiting a long-standing issue that supports Windows backwards-compatibility.

Like what you heard? Check this episode's stories below:

https://www.theregister.com/2024/04/19/cybercriminals_threaten_to_leak_all/
https://www.itpro.com/security/cyber-attack-takes-frontier-communications-systems-offline-affecting-millions-of-broadband-customers
https://www.helpnetsecurity.com/2024/04/22/mitre-breached/
https://www.infosecurity-magazine.com/news/crushftp-file-transfer/
https://thehackernews.com/2024/04/new-redline-stealer-variant-disguised.html
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
https://www.safebreach.com/blog/magicdot-a-hackers-magic-show-of-disappearing-dots-and-spaces/

356: Russian Spies Stole US Emails?! (Microsoft Breach Update!)

This week on Technado, we start off strong with some breaking news: geospatial intelligence firm Space-Eyes has allegedly been breached by IntelBroker. From there, we cover TWO 10.0 command injection vulnerabilities - one affecting Windows, one affecting Palo Alto. Apple has issued warnings to more than 90 countries concerning Mercenary spyware attacks. We've got updates on the most recent Microsoft and AT&T breaches, as well as a new breach involving Sisense. And of course, we can't forget this week's Behind Bars subject: an ex-Amazon engineer who stole millions in cryptocurrency is facing prison time.

In our deep dive segment, it's a double whammy: we return to one of our Rapid Fire articles to get into the details of Palo Alto's 10.0 vulnerability. Then, we unpack Blackjack's newest venture, Fuxnet malware.

Want to know more? Check out the stories we covered this week:

https://www.hackread.com/windows-batbadbut-vulnerability-comment-injection/
https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
https://www.theregister.com/2024/04/12/microsoft_cisa_order/
https://www.bleepingcomputer.com/news/security/att-now-says-data-breach-impacted-51-million-customers/amp/
https://www.hackread.com/iphone-users-mercenary-spyware-attacks/
https://www.securityweek.com/former-security-engineer-sentenced-to-prison-for-hacking-crypto-exchanges/
https://www.infosecurity-magazine.com/news/cisa-urges-reset-sisense-breach/
https://thehackernews.com/2024/04/palo-alto-networks-releases-urgent.html
https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/
https://unit42.paloaltonetworks.com/cve-2024-3400/
https://claroty.com/team82/research/unpacking-the-blackjack-groups-fuxnet-malware