Technado

Join Don and Daniel as they discuss all things happening in the tech and cybersecurity world this week! Article Links: Rapid Fire https://www.tomshardware.com/pc-components/cpus/rising-metal-prices-could-mean-more-expensive-laptops-pc-parts-and-other-electronics-in-the-near-future https://arstechnica.com/apple/2024/05/apple-must-open-ipados-to-sideloading-within-6-months-eu-says/ https://arstechnica.com/gadgets/2024/05/wear-os-will-soon-be-at-50-percent-of-apple-watch-sales/ https://www.darkreading.com/cloud-security/dprks-kimsuky-apt-abuses-weak-dmarc-policies-feds-warn https://gbhackers.com/cybersecurity-consultant-jailed/ https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.html https://www.securitynewspaper.com/2024/05/06/how-safe-is-your-tinyproxy-step-by-step-guide-to-exploiting-tinyproxys-zero-day-vulnerability/ Deep Dive https://blog.kandji.io/malware-cuckoo-infostealer-spyware

Patches abound on this week's Technado! In our Rapid Fire segment, we kick things off with the UK ban on weak default passwords. Then, a warning from Okta on cred-stuffing attacks, and a critical bug in R that exposes orgs to supply chain risks. Collection agency FBCS got pwned this week, with millions of records being exposed - but in happier news, the Japanese police are starting a new effort to keep elderly citizens from falling prey to payment card scams. The ArcaneDoor was a big story this week, as was yet anothrer WordPress plugin vulnerability - and in this week's D'oh! segment, the popular iSharing app was found to be sharing users locations (even when services were disabled). FInally, in our deep dive, we take a look at new Android banking malware Brokewell. Like what you heard? Take a look at this week's articles: https://www.theregister.com/2024/04/29/uk_lays_password_legislation/ https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.html https://www.darkreading.com/application-security/r-programming-language-exposes-orgs-to-supply-chain-risk https://techcrunch.com/2024/04/24/security-flaws-isharing-tracking-app-exposed-millions-precise-locations/ https://www.techradar.com/pro/security/collection-agency-data-breach-affects-millions-of-users https://www.bleepingcomputer.com/news/security/japanese-police-create-fake-support-scam-payment-cards-to-warn-victims/ https://www.msspalert.com/news/cyber-spies-burrow-into-cisco-firewall-platforms-in-zero-day-exploits https://arstechnica.com/security/2024/04/hackers-make-millions-of-attempts-to-exploit-wordpress-plugin-vulnerability/ https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware

Cheats, breaches, and weaknesses abound on this week's Technado! Cybercriminals are threatening to leak millions of records from the World-Check database, and millions more were affected by this week's Frontier Communications broadband shutdown. In our biggest story of the week, MITRE got pwned by nation-state hackers via our old friends, the Ivanti zero-days. CrushFTP is dealing with a vuln that lets attackers download system files, and our Don't Make No Sense feature is a twofer: fake game cheats are being used to spread malware, and it all started with...Microsoft's GitHub repo? Of course, it wouldn't be Technado without a deep dive, and this one's a doozy: a SafeBreach researcher uncovered FOUR CVEs by exploiting a long-standing issue that supports Windows backwards-compatibility. Like what you heard? Check this episode's stories below: https://www.theregister.com/2024/04/19/cybercriminals_threaten_to_leak_all/ https://www.itpro.com/security/cyber-attack-takes-frontier-communications-systems-offline-affecting-millions-of-broadband-customers https://www.helpnetsecurity.com/2024/04/22/mitre-breached/ https://www.infosecurity-magazine.com/news/crushftp-file-transfer/ https://thehackernews.com/2024/04/new-redline-stealer-variant-disguised.html https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/ https://www.safebreach.com/blog/magicdot-a-hackers-magic-show-of-disappearing-dots-and-spaces/

This week on Technado, we start off strong with some breaking news: geospatial intelligence firm Space-Eyes has allegedly been breached by IntelBroker. From there, we cover TWO 10.0 command injection vulnerabilities - one affecting Windows, one affecting Palo Alto. Apple has issued warnings to more than 90 countries concerning Mercenary spyware attacks. We've got updates on the most recent Microsoft and AT&T breaches, as well as a new breach involving Sisense. And of course, we can't forget this week's Behind Bars subject: an ex-Amazon engineer who stole millions in cryptocurrency is facing prison time. In our deep dive segment, it's a double whammy: we return to one of our Rapid Fire articles to get into the details of Palo Alto's 10.0 vulnerability. Then, we unpack Blackjack's newest venture, Fuxnet malware. Want to know more? Check out the stories we covered this week: https://www.hackread.com/windows-batbadbut-vulnerability-comment-injection/ https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html https://www.theregister.com/2024/04/12/microsoft_cisa_order/ https://www.bleepingcomputer.com/news/security/att-now-says-data-breach-impacted-51-million-customers/amp/ https://www.hackread.com/iphone-users-mercenary-spyware-attacks/ https://www.securityweek.com/former-security-engineer-sentenced-to-prison-for-hacking-crypto-exchanges/ https://www.infosecurity-magazine.com/news/cisa-urges-reset-sisense-breach/ https://thehackernews.com/2024/04/palo-alto-networks-releases-urgent.html https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/ https://unit42.paloaltonetworks.com/cve-2024-3400/ https://claroty.com/team82/research/unpacking-the-blackjack-groups-fuxnet-malware

Live from HackSpaceCon, it's Technado! This week, malware takes center stage: beware of bogus NordVPN downloads and YouTube videos promising Fortnite cheats. If you use a D-Link NAS device that's reached its EoL, you might want to check for a backdoor account. In the return of the beloved Tinfoil Hat segment, Five Eyes data has allegedly been stolen & exposed during a breach. Keeping with our space theme, NASA has finally cracked the case of Voyager 1 sending gibberish data. We wrap up our Rapid Fire articles with a critical flaw affecting one million WordPress websites, an update on the Ivanti debacle (four more vulns!), and a special "Crow" segment featuring million-dollar rewards for zero-days. After a quick break, we dive deep into a new malware variant called Latrodectus - and it's just as dangerous as the venomous spiders it's named after. (Stick around to see Dan and Soph mewing for the camera.) Want to read further? Take a look at the stories we covered this week: https://www.malwarebytes.com/blog/thr... https://www.bleepingcomputer.com/news... https://gbhackers.com/hackers-deliver... https://www.scmagazine.com/brief/alle...

It's a packed week on Technado! First up in Rapid Fire, we talk about the Linux backdoor that's got everyone fired up - but all is not as it seems. Then, our Pork Chop Sandwiches segment stars Hot Topic in their latest credential stuffing dilemma (and a brief cybergoth appearance thanks to Christian). Activision is looking into some password-stealing malware affecting some of its players (read: cheaters). We wrap up Rapid Fire by discussing the recent MFA bombing attacks plaguing iPhone users, along with a special Deja News double feature: we have updates on the PyPI and AT&T situations! After a quick break, it's time for our deep dive! Daniel gets into the details of the new and improved (?) Android malware Vultur. Finally, we finish up this week's episode with a mini-dive into Imperva Secure Sphere's WAF bypass. Want more details? Check out this week's references: https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.html https://www.bleepingcomputer.com/news/security/retail-chain-hot-topic-hit-by-new-credential-stuffing-attacks/ https://techcrunch.com/2024/03/28/activision-says-its-investigating-password-stealing-malware-targeting-game-players/ https://www.techopedia.com/news/call-of-duty-hack-alert-malware-drains-bitcoin-from-gamers-wallets https://www.bleepingcomputer.com/news/security/owasp-discloses-data-breach-caused-by-wiki-misconfiguration/ https://www.darkreading.com/cloud-security/mfa-bombing-attacks-target-apple-iphone-users https://securityboulevard.com/2024/03/pypi-suspended-500-fakes-richixbw/ https://techcrunch.com/2024/03/30/att-reset-account-passcodes-customer-data/ https://blog.fox-it.com/2024/03/28/android-malware-vultur-expands-its-wingspan/ https://www.hoyahaxa.com/2024/03/imperva-waf-bypass-cve-2023-50969.html

This week on Technado, Daniel and Sophie kick off Rapid Fire with some highlights from Pwn2Own Vancouver. Then, we jump into a novel cred-harvesting phishing campaign, CozyBear's latest attack on German politicos, and a special Pork Chop Sandwiches segment: millions of hotel door locks are impacted by a 36-year-old flaw. We wrap up the Rapid Fire with the Nemesis Market takedown, yet another update on CISA's Ivanti troubles, and the "unpatchable" exploit affecting Apple M-series chips. In another Python-focused Deep Dive, Daniel takes us through a supply chain cyberattack that's impacting thousands of GitHub users and developers. To close the segment, we take a quick look at a new Loop DoS attack that targets app-layer protocols. Want to keep reading? Check out the articles the Technado crew covered this week! Rapid Fire: Pwn2Own https://www.zerodayinitiative.com/blog/2024/3/21/pwn2own-vancouver-2024-day-two-results Conversation Overflow Attack https://www.darkreading.com/cloud-security/conversation-overflow-cyberattacks-bypass-ai-security CozyBear Phishing for Dinner https://www.theregister.com/2024/03/23/russia_cozy_bear_german_politicians_phishing/ Unsaflok Flaw https://www.bleepingcomputer.com/news/security/unsaflok-flaw-can-let-hackers-unlock-millions-of-hotel-doors/ Nemesis Takedown https://www.bitdefender.com/blog/hotforsecurity/german-authorities-take-down-darknet-marketplace-nemesis-market/ CISA Ivanti Notice https://www.crn.com/news/security/2024/cisa-urges-patching-for-critical-ivanti-vulnerability?itc=refresh Apple M-Series Vulnerability https://www.itpro.com/security/a-vulnerability-in-apple-m-series-chips-could-expose-encryption-keys-and-harm-performance-and-the-flaw-is-unpatchable Deep Dive: GitHub Python Supply Chain Attack https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/ Loop DoS Summary https://cispa.de/en/loop-dos Loop DoS Advisory https://cispa.saarland/group/rossow/Loop-DoS

It's all about RCE this week on Technado! First up, in our Rapid Fire segment, the new "GhostRace" attack can bypass security checks to access sensitive info. In the ongoing WordPress saga, some miniOrange plugins have a critical flaw - including its malware scanner. Over 130k Fortinent boxes are still susceptible to a month old (already patched!) flaw, and AT&T suffered a breach exposing 70 million customers' data - or did they? For fans of Esports and Apex Legends, an RCE flaw forced ALGS finals to shut down - but no one seems to know whose fault it really is. And in our Behind Bars segment, a Moldovan national will serve 42 months in a US prison for selling 350k+ stolen creds. After a quick break to discuss Robocop (Sophie's latest movie assignment), it's time for a Deep Dive! Daniel takes us through a breakdown of an attack campaign designed to use Captchas, HTML, and other legitimate services to steal information. Finally, Fortra FileCatalyst has a flaw in its file uploading feature. Patch now! Want to read further? Check out the articles Soph and Dan covered today: https://www.darkreading.com/cyber-risk/ghostrace-speculative-execution-attack-cpu-os-vendors https://thehackernews.com/2024/03/wordpress-admins-urged-to-remove.html https://www.theregister.com/2024/03/18/more_than_133000_fortinet_appliances/ https://www.bleepingcomputer.com/news/security/att-says-leaked-data-of-70-million-people-is-not-from-its-systems/ https://www.bleepingcomputer.com/news/security/apex-legends-players-worried-about-rce-flaw-after-algs-hacks/ https://thehackernews.com/2024/03/e-root-marketplace-admin-sentenced-to.html https://www.netskope.com/blog/from-delivery-to-execution-an-evasive-azorult-campaign-smuggled-through-google-sites https://labs.nettitude.com/blog/cve-2024-25153-remote-code-execution-in-fortra-filecatalyst/ https://www.imdb.com/title/tt0093870/

Daniel and Sophie jump right into this week's episode with the return of favorite segments like D'oh, Behind Bars, and Who Got Pwned. They cover a VMWare patch so urgent, it's even being issued to EOL software. Roku had some trouble this week with angry customers and breached accounts (which, by the way, are barely worth 50 cents). We saw some sour news from the US government this week: CISA fell victim to a breach, and the FBI announced record losses to cybercrime in 2023. The Technado team covers all this and more in this week's Rapid Fire segment. In today's Deep Dive, Daniel gives us a detailed look at MagnetGoblin (the threat behind Ivanti, Magento, and more hacks). We take a look at some of the threat group's favorite tools and tactics, as well as the 1-day vulnerabilities they've been exploiting recently. In a bonus Deep Dive, there's a Python Infostealer lurking in messaging services - and thanks to the researchers at Cybereason, we have the latest on each variant and how this attack works.

This week on Technado, Daniel and Sophie welcome special guest Mike Saunders of Red Siege! In our new Rapid Fire segment, the team covers the top security news of the week with fast-paced commentary and hot takes. Kali Linux has a new release, NSO Group and Meta are still locked in a lawsuit, CISA’s issuing a new warning re: ransomware, and thousands of ChatGPT creds are up for sale on the black market. And as always, there are plenty of vulnerabilities to be found: the team talks a zero-day exploited by Lazarus, three severe vulnerabilities in a Zeek plugin, and the recent AMEX 3rd-party breach. After a short break, it’s another new segment: Deep Dive! With Mike’s help, Dan and Soph get into the details of a new Linux variant of BIFROSE remote access trojan, featuring some visuals and demos courtesy of Daniel. Finally, the trio covers the nitty-gritty of TA577’s novel attack chain involving phishing to steal NTLM authentication hashes.

Happy Leap Day from the Technado team! This week, we have some big feature updates in the Windows world - some exciting, some annoying - as well as a new autofill feature coming soon to Bitwarden. In security news, Don and Dan break down the latest installment in the LockBit saga. Then, the crew covers last week's major AT&T cellular outage (with some personal commentary from Sophie). Finally, Ubiquiti got pwned by a Russian military hacking group - also known as APT28 or "Fancy Bear."

On this week's Technado, Wi-fi QR codes are coming to Windows 11, and older Windows 10 PCs might have to migrate to ChromeOS. In other news, Linux is now a CVE numbering authority, joining ranks with the likes of Curl and Python. In the world of cybersecurity, it's all flaws, all the time: there's a new critical Microsoft Outlook RCE bug that's "trivial" to exploit. ConnectWise ScreenConnect also fell victim to some critical flaws. And finally, WordPress got pwned - a critical flaw impacted over 25k sites using the "Bricks" theme.

This week on Technado, the team is feeling the love: Happy Valentine's Day! In Linux news, Ubuntu Core Desktop's debut has been pushed back indefinitely. Then, Broadcom is ending support for their free ESXi Vmware Hypervisor effective immediately, and old systems won't be able to update to newer versions of Windows due to an arcane CPU instruction (don't worry, it's not what it sounds like). After a quick break and a moment of silence for our fallen bird friend, Authy is shutting down its desktop app, forcing movement to the mobile version or a different provider altogether. In the return of the Pork Chop Sandwiches segment, BitLocker's encryption was broken in 43 seconds...with a device that took MUCH longer to create. And finally, Fortinet got PWNED yet again - this time, with a flaw in SSL VPN that's likely already being exploited.

This week on Technado, Microsoft confirms the impending arrival of Windows Server 2025 (and the inevitable death of WordPad). In other "way of the dodo" news, Apple declared the last MacBook Pro with an optical drive (read: CD player) obsolete. And in Linux news, GRUB2 has some things in the works, including TPM2 automatic disk unlock. In the world of cybersecurity, the FBI issued some covert commands to remove Chinese malware from routers - but is this anything more than a Band-Aid solution? Then, AnyDesk fell victim to a breach - but exactly how bad the breach was (or when it happened) no one seems to know for sure. Finally, the return of the TinFoil Hat segment: hackers can still spy on you even if you tape over your webcam - or don't have a webcam at all.

This week, ICANN is preparing to introduce a new TLD: .INTERNAL. Overseas, a German railway is still running on Windows 3.11 - an operating system that's older than Sophie. And in hardware news, we break down the pros and cons of Framework's Laptop 16 (and whether it's any good for gaming). In security news, look out for a dangerous bug in a popular file transfer software. Then, HPE falls victim to a Midnight Blizzard attack. And finally, we revisit a recent story about an overprivileged MS test account: new developments are unfolding.

Today on Technado, Don, Dan and Sophie are joined by a lizard (yes, really) to bring you the latest in tech news. Google is cracking down on 2FA requirements - even revoking support for certain third-party apps. In Microsoft news, the company is setting a 16-gig default for RAM for so-called "AI PCs." Finally, for fans of Linux, Ubuntu is working on installer support for NVMe-over-TCP. After a quick break (and a hunt for a lizard), the team jumps into this week's security news: first up, a German court convicted a "hacker" for...warning the public about a security vulnerability. Then, Microsoft's network got pwned through a password-spraying attack. And to wrap up the show, the Technado crew breaks down "the mother of all breaches": is it as scary as it sounds?

This week on Technado, the team is feeling cynical: who wants a laptop that runs Windows AND Android? Then, Chicago public schools lose over $20M in electronics in just ONE year. And to wrap up the tech segment, someone's washing machine is sending gigs of data every day...and no one knows why. In security news, Framework fell victim to a data breach due to a contractor slip-up. Then, Don and Dan break down the 0-days that are letting hackers backdoor networks in Ivanti VPNs. And to close out the show, we revisit a long-running saga involving eBay, a Massachusetts couple, and some questionable (read: terrifying) packages.

This week on Technado, Microsoft makes waves by adding a new key to PC keyboards. Then, the team covers the latest from ASUS since its Intel takeover: the ROG NUC. In Apple News, Macs can now detect liquid in ports - but it won’t alert the end user. After a short break (and a shoutout to Sophie’s grandma), Daniel breaks down a technical hack involving Google session tokens. A California-based law firm that handles data breaches got pwned and fell victim to…a data breach. And in this week’s D’oh! segment, a “harmless” registry prank wreaked havoc on NPM.

It's the first Technado of 2024, and we have some catching up to do! The Technado team jumps right in with a conversation about some Gentoo Linux news. Then, let's talk VR, AR, and...Don's Google Glass? And of course, Don and Daniel cover something that's a little before Sophie's time: the oldest known version of DOS that was recently unearthed. After the break, the crew covers some serious cybersecurity news: US water utilities got hacked and millions of Xfinity customers got pwned while we were away. Finally, the Lapsus$ hacker behind the GTA 6 leak was tried and sentenced...to an indefinite hospital stay.

Happy Holidays, Technado fans! Don, Dan, and Sophie are spending time with loved ones, and we hope you are too. But in their absence, they left a special (abridged) Technado under the tree for you to unwrap! In this episode, the team breaks down their favorite holiday films. From Home Alone to Gremlins to...First Blood (?), the Technado crew has some holiday homework for you: a Christmas movie marathon! Our director, Christian, even jumps in on the fun. We hope you enjoy the last few days of the year, and we look forward to delivering even more tech and cybersecurity news in 2024!