Video Episode: https://youtu.be/eeLKwEsL8Ho In today's episode, we discuss the FTC's recent ban on data brokers Mobilewalla and Gravy Analytics from selling sensitive location data linked to healthcare and religious sites, marking significant changes in data privacy regulations. We also cover the new phishing attack method utilizing corrupted Microsoft Office documents to bypass email security, and the urgent need for updates in Progress Software's WhatsUp Gold following the release of a critical RCE exploit. Additionally, Cisco highlights ongoing exploitation attempts of a decade-old vulnerability in its ASA devices, emphasizing the need for users to secure their systems. **Sources:**1. https://www.bleepingcomputer.com/news/security/ftc-bans-data-brokers-from-selling-americans-sensitive-location-data/2. https://www.helpnetsecurity.com/2024/12/03/phishers-send-corrupted-documents-to-bypass-email-security/3. https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-whatsup-gold-rce-flaw-patch-now/4. https://thehackernews.com/2024/12/cisco-warns-of-exploitation-of-decade.html Music: https://youtu.be/B4gk5tWMvyY?si=q_JjohozMBH7XPNe 1. What are today's top cybersecurity news stories?2. FTC bans data brokers from selling location data—what does it mean?3. How are phishers using corrupted documents to evade email security?4. What is the critical severity flaw in WhatsUp Gold and how to patch it?5. What should I know about the exploitation of a decade-old Cisco ASA vulnerability?6. How do data brokers collect and sell sensitive location data?7. What are the latest tactics used by phishers in email scams?8. Why is it important to patch the WhatsUp Gold RCE flaw immediately?9. What vulnerabilities should federal agencies focus on according to CISA?10. How can organizations protect themselves from network vulnerabilities? FTC, Mobilewalla, Gravy Analytics, consumer privacy, Phishers, MS Office, Any.Run, credentials, WhatsUp Gold, vulnerability, exploit, unauthorized code, Cisco, WebVPN, vulnerability, malware,  

Video Episode: https://youtu.be/rUrdudQf16Y In today’s episode, we discuss the sentencing of U.S. citizen Ping Li for conspiring to act as a spy for China’s Ministry of State Security while working at Verizon and Infosys, as well as the broader implications of cyber espionage within the context of the ongoing tensions with China. We also explore the emergence of the Rockstar 2FA phishing-as-a-service toolkit used in adversary-in-the-middle attacks targeting Microsoft 365 users. Additionally, we cover the release of unofficial patches for a critical zero-day vulnerability in Windows Server 2012, highlighting ongoing cybersecurity threats. Sources: 1. https://thehackernews.com/2024/11/us-citizen-sentenced-for-spying-on.html 2. https://thehackernews.com/2024/11/phishing-as-service-rockstar-2fa.html 3. https://www.bleepingcomputer.com/news/security/new-windows-server-2012-zero-day-gets-free-unofficial-patches/ Music: https://youtu.be/B4gk5tWMvyY?si=q_JjohozMBH7XPNe 1. What are today’s top cybersecurity news stories? 2. What is the latest on U.S. espionage cases linked to China? 3. How does phishing-as-a-service impact Microsoft 365 users? 4. What are the implications of AI-generated disinformation campaigns? 5. What recent vulnerabilities have been discovered in Windows Server? 6. How are Chinese intelligence agencies recruiting U.S. citizens? 7. What strategies are being used in Operation Undercut? 8. How does the Rockstar 2FA toolkit operate in phishing attacks? 9. What are the consequences of cyber espionage on national security? 10. How can businesses protect themselves from emerging cyber threats? espionage, China, national security, intelligence, AI, disinformation, Operation Undercut, Social Design Agency, Rockstar 2FA, phishing-as-a-service, Microsoft 365, credentials, Windows Server 2012, 0patch, vulnerabilities, micropatches,

Video Episode: https://youtu.be/EO95sU1Ux28 In today’s episode, we discuss the recent cyber exploits by the Russian RomCom hackers, who utilized two zero-day vulnerabilities in Firefox and Windows, impacting users across North America and Europe. We also cover New York’s $11.3 million fines against Geico and Travelers for data breaches affecting 120,000 individuals, highlighting the importance of robust cybersecurity practices. Finally, we explore the Earth Estries group’s use of the GHOSTSPIDER malware to target telecommunications across over 12 countries, showcasing the evolving threat landscape of cyber espionage. References: 1. https://www.bleepingcomputer.com/news/security/firefox-and-windows-zero-days-exploited-by-russian-romcom-hackers/ 2. https://www.cybersecuritydive.com/news/new-york-fines-geico-travelers/734045/ 3. https://thehackernews.com/2024/11/chinese-hackers-use-ghostspider-malware.html Music: https://youtu.be/B4gk5tWMvyY?si=q_JjohozMBH7XPNe 1. What are today’s top cybersecurity news stories? 2. How have Russian hackers exploited Firefox and Windows vulnerabilities? 3. What penalties have Geico and Travelers faced for data breaches? 4. What is GHOSTSPIDER malware and how is it impacting telecoms globally? 5. Which zero-day vulnerabilities are currently being exploited in cyberattacks? 6. What measures are being taken by companies after cybersecurity breaches? 7. How do hackers use zero-day exploits to gain unauthorized access? 8. What are the recent trends in cyber espionage from Chinese threat actors? 9. How has the cybercrime landscape changed due to recent attacks? 10. What steps can organizations take to improve their cybersecurity defenses? —

Video Episode: https://youtu.be/sBkirh8aLIs In today’s episode, we explore recent cyber threats, including the innovative attack methods used by the Russian hacker group Forest Blizzard to breach US organizations by exploiting less secure Wi-Fi networks. We also discuss Meta’s removal of over 2 million accounts linked to pig butchering scams and Microsoft’s controversial Recall feature for Windows Insiders amidst ongoing service outages affecting Microsoft 365. Stay informed about the latest in cybersecurity and digital safety as organizations strive to protect their systems. Links to articles mentioned in this episode: 1. https://www.helpnetsecurity.com/2024/11/25/enterprise-wi-fi-compromised/ 2. https://www.bleepingcomputer.com/news/security/meta-removes-over-2-million-accounts-pushing-pig-butchering-scams/ 3. https://www.helpnetsecurity.com/2024/11/25/microsoft-windows-insiders-try-out-windows-recall/ 4. https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-impacts-exchange-online-teams-sharepoint/ Music: https://youtu.be/B4gk5tWMvyY?si=q_JjohozMBH7XPNe 1. What are today’s top cybersecurity news stories? 2. How did Russian hackers breach a US organization via Wi-Fi? 3. What is the “Neares Neighbor Attack” method used by cyber attackers? 4. What measures is Meta taking against pig butchering scams? 5. How many accounts has Meta removed related to scams in 2024? 6. What new features are in Microsoft’s Windows Recall for Insiders? 7. How does Microsoft ensure the security of the Recall feature? 8. What caused the Microsoft 365 outage impacting multiple services? 9. What are the latest updates on Microsoft 365 service recovery efforts? 10. How does pig butchering differ from other online scams? GRU, Volexity, Nearest Neighbor Attack, Wi-Fi vulnerabilities, Meta, pig butchering, scams, law enforcement, Recall, Microsoft, encryption, privacy, Microsoft 365, outage, Exchange Online, Teams,

Video Episode: https://youtu.be/2Axl9hycFN4 In today’s episode, we explore the ongoing attack campaign that has compromised over 2,000 Palo Alto Networks devices due to new security vulnerabilities (CVE-2024-0012 and CVE-2024-9474) and implications for enterprises. We also discuss a critical design flaw in Fortinet’s VPN that allows successful brute-force attacks to go undetected and the emergence of crypto scams on the rapidly growing BlueSky platform. Finally, ESET researchers reveal two newly discovered Linux backdoors, WolfsBane and FireWood, associated with the China-aligned APT group Gelsemium, highlighting the increasing focus on Linux malware. Article Links: 1. https://www.cybersecuritydive.com/news/palo-alto-networks-consolidation-momentum/733612/ 2. https://www.bleepingcomputer.com/news/security/fortinet-vpn-design-flaw-hides-successful-brute-force-attacks/ 3. https://www.bleepingcomputer.com/news/security/now-bluesky-hit-with-crypto-scams-as-it-crosses-20-million-users/ 4. https://www.helpnetsecurity.com/2024/11/21/linux-backdoors-wolfsbane-firewood/ Music: https://youtu.be/B4gk5tWMvyY?si=q_JjohozMBH7XPNe Timestamps 00:00 – Introduction 01:04 – Palo Alto 02:01 – Fortinet 03:28 – Bluesky 05:05 – Linux Backdoors 1. What are today’s top cybersecurity news stories? 2. How many Palo Alto Networks devices have been compromised in recent attacks? 3. What vulnerabilities have been exploited in the Palo Alto Networks attack campaign? 4. What issue has been identified in Fortinet’s VPN server logging mechanism? 5. How are scams proliferating on the BlueSky social media platform? 6. What are the characteristics of the newly discovered Linux backdoors, WolfsBane and FireWood? 7. What actions are being taken by BlueSky’s safety team to combat increased scams? 8. How is Palo Alto Networks responding to the recent security flaws and attacks? 9. What are the potential risks posed by Fortinet’s VPN design flaw? 10. What trends are emerging in the cybersecurity landscape regarding Linux malware? Palo Alto Networks, vulnerabilities, unauthorized access, platformization, Fortinet, VPN, vulnerability, brute-force, BlueSky, scammers, decentralized, crypto, WolfsBane, FireWood, Gelsemium, cyberespionage,

Video Episode: https://youtu.be/bcD3H13J3-I In today’s episode, we discuss the emerging threat of Cross-IdP impersonation, a method enabling attackers to hijack single sign-on (SSO) processes without compromising primary identity providers. We also cover the recent disruption of the Ngioweb botnet, a major player in supplying residential proxies, and the alarming findings from a federal probe into vulnerabilities in U.S. water systems. Finally, we look at Microsoft’s new recovery tool that allows administrators to remotely fix unbootable Windows 11 devices, highlighting the need for improved security measures in software infrastructure. Links to articles: 1. https://www.helpnetsecurity.com/2024/11/19/cross-idp-impersonation/ 2. https://www.bleepingcomputer.com/news/security/ngioweb-botnet-fueling-residential-proxies-disrupted-in-cybercrime-crackdown/ 3. https://www.cybersecuritydive.com/news/federal-probe-vulnerabilities-us-water-systems/733331/ 4. https://www.bleepingcomputer.com/news/microsoft/windows-quick-machine-recovery-lets-admins-remotely-fix-unbootable-devices/ Music: https://youtu.be/B4gk5tWMvyY?si=q_JjohozMBH7XPNe 1. What are today’s top cybersecurity news stories? 2. What is cross-IdP impersonation in cybersecurity? 3. How does cross-IdP impersonation bypass SSO protections? 4. What vulnerabilities were found in US water systems by the EPA? 5. What happened with the Ngioweb botnet and NSOCKS proxy service? 6. How can organizations mitigate cross-IdP impersonation risks? 7. What is Microsoft’s new Quick Machine Recovery feature for Windows 11? 8. What impact did the CrowdStrike Falcon update have on Windows devices? 9. How are cybersecurity threats affecting utility companies in the US? 10. What are recommended security measures for protecting SSO configurations? Cross-IdP impersonation, SSO protections, Slack, security measures, Ngioweb, botnet, cybercrime, infrastructure, cybersecurity, vulnerabilities, Environmental Protection Agency, CISA, Microsoft, Quick Machine Recovery, IT troubleshooting, unbootable, — —

Video Episode: https://youtu.be/VVdEzbN-v4c In today’s episode, we discuss alarming cyber threats including fake Bitwarden ads on Facebook that lead users to a malicious Chrome extension designed to steal sensitive data. We also cover a phishing campaign exploiting Black Friday, with threat actors using fraudulent e-commerce sites to harvest customer information, and the growing use of SVG attachments in phishing emails to evade detection. Additionally, we highlight a critical vulnerability in the Really Simple Security plugin for WordPress that could expose over 4 million sites to attacks. Articles referenced in this episode: 1. Fake Bitwarden ads: https://www.bleepingcomputer.com/news/security/fake-bitwarden-ads-on-facebook-push-info-stealing-chrome-extension/ 2. Fake Discount Sites: https://thehackernews.com/2024/11/fake-discount-sites-exploit-black.html 3. Phishing emails using SVG: https://www.bleepingcomputer.com/news/security/phishing-emails-increasingly-use-svg-attachments-to-evade-detection/ 4. Critical WordPress Plugin Vulnerability: https://thehackernews.com/2024/11/urgent-critical-wordpress-plugin.html Music: https://youtu.be/B4gk5tWMvyY?si=q_JjohozMBH7XPNe 1. What are today’s top cybersecurity news stories? 2. How are fake Bitwarden ads spreading malware on Facebook? 3. What vulnerabilities were found in the Really Simple Security WordPress plugin? 4. How can scammers exploit Black Friday shopping using phishing tactics? 5. What are the risks of SVG attachments in phishing emails? 6. How has malware evolved to use Chrome extensions for data theft? 7. What impact does Black Friday fraud have on online shoppers? 8. Which WordPress plugins have critical security vulnerabilities? 9. How can consumers protect themselves from online shopping scams? 10. What measures can be taken to evade phishing tactics in email communications? Bitwarden, Chrome extension, malicious, Bitdefender Labs, SilkSpecter, phishing, e-commerce, data theft, SVG, phishing, cybercriminals, security, WordPress, Really Simple Security, vulnerability, patch,

Video Episode: https://youtu.be/zgabkAvM5QI In today’s episode, we explore the alarming rise of cybercriminal techniques, including the widespread Hijacked Domains attacks termed ‘Sitting Ducks,’ affecting reputable brands and organizations. We also discuss OpenAI’s ChatGPT sandbox vulnerabilities, which allow excessive access to its internal systems, and examine the RustyAttr trojan’s use of macOS extended file attributes to hide malicious code. Additionally, we cover the sentencing of Robert Purbeck, a hacker who extorted personal data from healthcare providers, reflecting on the broader implications for cybersecurity. Article URLs: 1. https://thehackernews.com/2024/11/experts-uncover-70000-hijacked-domains.html 2. https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-allows-access-to-underlying-sandbox-os-playbook-data/ 3. https://www.bleepingcomputer.com/news/security/hackers-use-macos-extended-file-attributes-to-hide-malicious-code/ 4. https://www.bleepingcomputer.com/news/legal/hacker-gets-10-years-in-prison-for-extorting-us-healthcare-provider/ Music: https://youtu.be/B4gk5tWMvyY?si=q_JjohozMBH7XPNe Timestamps 00:00 – Introduction 01:12 – Sitting Ducks 02:33 – macOS RustyAttr 03:18 – OpenAI ChatGPT security risks 05:00 – Robert Purbeck Sentenced 1. What are today’s top cybersecurity news stories? 2. How are hackers hijacking domains in the Sitting Ducks attack? 3. What vulnerabilities are present in the ChatGPT sandbox environment? 4. What new techniques are hackers using to hide malicious code on macOS? 5. What is the story behind the extortion case of hacker Robert Purbeck? 6. How did threat actors exploit extended file attributes in macOS? 7. What are the implications of the Sitting Ducks attack scheme on businesses? 8. What measures can organizations take to protect against domain hijacking? 9. How did hackers manage to remain undetected with RustyAttr malware? 10. What are the potential risks associated with accessing the ChatGPT playbook? hijacked domains, Sitting Ducks, phishing, DNS settings, Mozilla, OpenAI, ChatGPT, security, macOS, Trojan, Lazarus, cybersecurity, Robert Purbeck, data theft, extortion, privacy, # Intro In a stunning revelation, experts have uncovered 70,000 hijacked domains being exploited in a stealthy ‘Sitting Ducks’ attack scheme, manipulating well-known brands, nonprofits, and even government entities for phishing and investment frauds. This massive domain hijacking operation, ongoing since 2018, exposes significant vulnerabilities in DNS settings that many organizations remain unaware of. Question: How do attackers leverage misconfigurations in DNS settings to execute these sophisticated domain hijackings without immediate detection? Mozilla’s 0-day detective Marco Figueroa exposes how OpenAI’s ChatGPT playground allows extensive access to its sandbox, letting users run Python scripts and access behind-the-scenes playbook data. Despite potential security concerns, OpenAI remains indifferent to curbing this unexpected access to its AI tool. How could accessing ChatGPT’s underlying sandbox and playbook data pose risks to its user security and functionality? Hackers are slyly exploiting macOS extended file attributes to conceal Trojan code in a stealthy attack linked to the infamous North Korean Lazarus group. This innovative evasion technique has successfully sidestepped detection, challenging cybersecurity defenses and pushing the boundaries of malware deployment. How do hackers manage to hide and execute malicious code on macOS devices without triggering alarms? Hacker Robert Purbeck, known online as “Lifelock” and “Studmaster,” has been sentenced to ten years in prison for a series of brazen data thefts and extortion attempts impacting over 132,000 individuals across the United States. His audacious crimes included threatening to expose sensitive personal informati

Video Episode: https://youtu.be/iMuZnfLK6Yk In today's episode, we discuss a significant data breach involving Alltech Consulting Services, where 2 million records containing sensitive personal information of job seekers were exposed online, raising concerns about cybersecurity risks. We also cover Bitdefender's release of a free decryptor for victims of the ShrinkLocker ransomware, alongside Microsoft's recent Patch Tuesday addressing 90 vulnerabilities, specifically highlighting actively exploited flaws in NTLM and Task Scheduler. Finally, we examine security vulnerabilities in Citrix Session Recording that could allow hackers to take control of affected systems, emphasizing the need for immediate user upgrades. URLs of the original articles:1. https://www.websiteplanet.com/news/alltechconsultinginc-breach-report/?utm_source=tldrinfosec2. https://thehackernews.com/2024/11/free-decryptor-released-for-bitlocker.html3. https://thehackernews.com/2024/11/microsoft-fixes-90-new-vulnerabilities.html4. https://www.cybersecuritydive.com/news/citrix-session-recording-cves-hackers/732794/ Music: https://youtu.be/B4gk5tWMvyY?si=q_JjohozMBH7XPNe Timestamps 00:00 - Introduction 01:00 - Hiring Firm Breach 02:58 - Ransomware Decryptor 04:17 - Patch Tuesday 04:47 - Citrix Vuln 1. What are today's top cybersecurity news stories?2. How did a tech recruitment service expose 2 million records of job seekers?3. What issues did Bitdefender address regarding ShrinkLocker ransomware?4. What vulnerabilities did Microsoft fix in its November Patch Tuesday update?5. What are the implications of the Citrix Session Recording vulnerabilities discovered by watchTowr?6. Why is the exposure of PII in recruitment databases concerning for job seekers?7. How can organizations protect themselves from BitLocker-based ransomware attacks?8. What strategies should job seekers employ to avoid employment scams?9. What recent trends are seen in job and employment-related scams?10. Why are NTLM and Task Scheduler vulnerabilities considered severe by Microsoft? data breach, Jeremiah Fowler, cybersecurity, H-1B visa, Bitdefender, ShrinkLocker, decryptor, ransomware, Microsoft, vulnerabilities, remote code execution, Patch Tuesday, watchTowr, Citrix, vulnerabilities, authentication, # Intro A shocking discovery by cybersecurity researcher Jeremiah Fowler reveals that a tech recruitment service exposed over 2 million records, including sensitive details of 200,000 job seekers, in an unprotected database. The compromised data, which includes partial Social Security numbers and passport information, highlights severe risks in data security and the rising threat of employment scams targeting high earners. Why might H-1B visa holders be particularly vulnerable in the wake of such a data breach? Romanian cybersecurity firm Bitdefender has launched a free decryptor to rescue victims of ShrinkLocker ransomware, which cunningly exploits post-removal flaws in BitLocker-encrypted systems. This tool shines a spotlight on the increasing trend of threat actors leveraging trusted relationships for supply chain intrusions, demonstrated in attacks on key international targets. How does the ShrinkLocker ransomware manage to execute its encryption strategy so quickly across multiple systems within a network? Microsoft has urgently patched 90 security vulnerabilities, including two actively exploited threats that could escalate privileges or expose user credentials, in its November 2024 Patch Tuesday update. This crucial update includes a total of 52 remote code execution flaws, highlighting the growing security risks in the digital landscape. How do these new vulnerabilities impact the security of cloud-based applications and services? Security researchers at watchTowr have uncovered critical vulnerabilities in Citrix Session Recording that could let attackers seize control of systems, without needing authentication—a claim Citrix disputes, urging users to update their software immediately.

Video Episode: https://www.youtube.com/watch?v=BFFQvTA12sk In today’s episode, we discuss Apple’s new “inactivity reboot” feature in iOS 18.1 that enhances security by automatically restarting iPhones after periods of idleness, making it more difficult for law enforcement and cybercriminals to access encrypted data. We also cover the emergence of GoIssue, a sophisticated phishing tool targeting GitHub developers, and North Korean hackers using trojanized Flutter apps to bypass macOS security measures. Lastly, we review the FBI and CISA’s advisory revealing the most exploited vulnerabilities of 2023, highlighting crucial security concerns for organizations. Sources: 1. https://www.bleepingcomputer.com/news/security/iphones-now-auto-restart-to-block-access-to-encrypted-data-after-long-idle-times/ 2. https://thehackernews.com/2024/11/new-phishing-tool-goissue-targets.html 3. https://www.bleepingcomputer.com/news/security/north-korean-hackers-create-flutter-apps-to-bypass-macos-security/ 4. https://www.bleepingcomputer.com/news/security/fbi-cisa-and-nsa-reveal-most-exploited-vulnerabilities-of-2023/ Music: https://youtu.be/B4gk5tWMvyY?si=q_JjohozMBH7XPNe 1. What are today’s top cybersecurity news stories? 2. How do iPhones auto-restart to protect encrypted data? 3. What is the GoIssue phishing tool and how does it target GitHub developers? 4. How are North Korean hackers using Flutter apps to bypass macOS security? 5. What vulnerabilities were most exploited in 2023 according to the FBI and NSA? 6. What new security features were introduced in iOS 18.1? 7. What impact does GoIssue have on developer security? 8. How do North Korean threat actors disguise malware in legitimate applications? 9. What steps can organizations take to mitigate top exploited vulnerabilities? 10. What trends are emerging in cybersecurity threats for developers and organizations?