The Daily Decrypt The Digital Security Collective

In today's episode, we discuss the White House's call for critical cybersecurity assistance for sectors like healthcare and water utilities (https://www.cybersecuritydive.com/news/white-house-seeks-critical-cyber-assistance-for-water-utilities-healthcare/716942/), analyze the compromise of JAVS Viewer software by loader malware (https://www.helpnetsecurity.com/2024/05/23/javs-viewer-malware/), and explore how rising cyberattacks are driving the growth of the cybersecurity industry, affecting companies like AWS, Cisco, and CrowdStrike (https://www.cybersecuritydive.com/news/attacks-fuel-cyber-business/716782/).



Full Coker Speech: https://www.youtube.com/watch?v=1yR3kfajhk0



00:00 Introduction to the Cybersecurity Boom



01:04 The Economics of Cybersecurity



03:22 National Cyber Director's Keynote Highlights



04:14 The Cost of Cybersecurity Measures



05:19 Teenagers in Cybercrime: A Growing Concern



06:13 JAVS Viewer Malware: What You Need to Know



07:50 Conclusion and Call to Action



Tags: Harry Coker Jr, healthcare, water utilities, ransomware, National Cyber Director, critical infrastructure, cyber threats, innovative strategies, cybersecurity, administration initiatives, Lapsus, teenage cybercrime, JAVS, recording software, loader malware, security risks, courtrooms, prisons, compromised software, cybersecurity vendors, digital threat landscape, market complexity



Search Phrases: Initiatives by Harry Coker Jr in cybersecurity Healthcare cyber threat protection strategies Water utilities ransomware defense National Cyber Director's speech on cyber threats Administration measures against teenage cybercrime Compromised JAVS software security risks Immediate actions for JAVS Viewer users Cybersecurity vendors' role in digital threat evolution Increasing complexity in the cybersecurity market Global spending on cybersecurity in 2023



May24



Cyber attacks are propelling the cybersecurity industry to new Heights with global spending on security projected to hit in astonishing. $215 billion this year.



How are cybersecurity vendors adapting to the constant evolution of cyber threats while also contributing to increased complexity in the market?



National cyber director, Harry Coker Jr.



Announced a sweeping initiative to fortify healthcare and water utilities against cyber threats.



Highlighting a commitment to strengthen America's critical infrastructure. At a keynote speech on Wednesday. What measures is the administration taking to deter teenagers from join me, joining cyber criminal groups. Like Lapsis.



Threat researchers have discovered that legitimate recording software from JAVS has been compromised with loader malware directly from the developers own site.



If you're using the jabs viewer, what actions can you take?



If you suspect your version has been compromised.



You're listening to the daily decrypt.



The cybersecurity industry is thriving.



Thanks to the rise in cyber attacks.



Now this makes sense. Supply and demand is the foundation of capitalism.



And cyber attacks are on the rise. So of course, cybersecurity is booming, but this reminds me sort of eerily of the show fallout, which is on Amazon prime, highly recommend one of my favorite TV shows of all time.



But go ahead and skip the next 15 seconds if you don't want any spoilers, but.



One of the most fascinating aspects of that show is how.



Valtech the maker of these volts.



Was one of the top companies in the country.



Because one, they preyed on citizens, fear of a nuclear war. So they made these vaults.



To keep people safe in the impending nuclear bomb drop. But in order to stay on top in order to stay.



Relevant.



They needed that nuke to drop.



And I don't think we're at that point yet with cybersecurity, I believe.



The volume of cyber attacks is enough to sustain a $200 billion industry. But who knows what will happen in 10, 20, 30 years, maybe in ord

In today's episode, we discuss Microsoft President Brad Smith's upcoming testimony before Congress regarding security shortcomings (source: https://www.cybersecuritydive.com/news/microsoft-president-congressional-hearing/716847/), dive into the privacy concerns surrounding Windows 11's new Recall feature (source: https://www.helpnetsecurity.com/2024/05/22/windows-recall-security-privacy/), and detail Rockwell Automation's advisory on disconnecting internet-facing ICS devices amid rising cyber threats (source: https://thehackernews.com/2024/05/rockwell-advises-disconnecting-internet.html).



00:00 Introducing Windows 11's Recall Feature: A Privacy Concern?



01:11 The Risks and Protections Against Windows 11's Recall Feature



04:44 Microsoft's Response to Security Breaches and Future Plans



06:41 Advisory on Industrial Control SystemsAmid Cyber Threats



07:36 Wrapping Up and How to Stay Connected



Tags List



Microsoft, Brad Smith, Cybersecurity, Congress, Windows, Recall, AI, cybercriminals, Rockwell Automation, Industrial control systems, Cyber threats, Vulnerabilities



Search Phrases




Microsoft cybersecurity measures



Brad Smith congressional testimony



Impact of recent cyberattacks on Microsoft



Security risks of Windows Recall feature



Protecting against cyber intrusions



Rockwell Automation cybersecurity advice



Industrial control systems cyber threats



Geopolitical tensions and cyber vulnerabilities



Scanning for public-facing assets in cybersecurity



Mitigating cyber risks in industrial control systems




may23



Microsoft windows has introduced a new feature in windows 11 powered machines called recall, which takes screenshots of your open applications, every couple of seconds and uses AI to analyze them.



This is obviously stirring fears among security experts who are warning that it could become a goldmine for cybercriminals if misused. How can users protect themselves from these potential security and privacy risks posed by windows. Recall.



Speaking of Microsoft. On June 13th, Microsoft president Brad Smith will face Congress to address a cascade of security failures. That led to their recent cyber intrusions.



And finally Rockwell automation is advising urgent disconnects of internet facing industrial control systems, amid rising cyber threats, linked to geopolitical tensions and exploited vulnerabilities in these ICS devices.



.



What immediate actions can administrators take?



To not only check if their devices are publicly accessible, but also remediate it.



You're listening to the daily decrypt.



Hey, no press is bad. Press.



And today. Microsoft windows is getting a lot of press.



So just recently, Microsoft has introduced a new feature called recall in windows 11. That captures screenshots every few seconds.



And then uses AI.



To search through these screenshots and interact with specific content.



Essentially indexing, everything that you do on your computer.



This could be very useful for those of us like myself who have a terrible memory.



And want to remember what we were just doing. Users can go in and search through the, their history on their computer to see, Hey, what was I doing? 10 minutes ago that I need to continue doing? Sure. Sounds great. You know, who else can search through your whole history? Anyone who's compromised your system. So this feature can be disabled.



Which is great.



You can also specify apps that you want to exclude from this. So if that app is open, it will stop taking screenshots. But what's key to understand is that if you're compromised, an attacker can covertly enable this feature using PowerShell.



And so once they have that enabled, they can just sit back and wait.



For you to do something that jeopardizes your privacy, like entering your social security number.



See what banks you use.



Maybe use those screenshots to extort you, maybe you're doing something you woul

In today's episode, we explore a critical GitHub Enterprise Server vulnerability (CVE-2024-4985) that allows authentication bypass and the necessary updates for protection (https://thehackernews.com/2024/05/critical-github-enterprise-server-flaw.html), EPA's enforcement actions against water utilities lacking cybersecurity measures (https://www.cybersecuritydive.com/news/epa-enforcement-water-utilities-cyber/716719/), and newly discovered security flaws in the Python package llama_cpp_python (CVE-2024-34359) and Firefox's PDF.js library (CVE-2024-4367), highlighting potential risks and the importance of vigilant security practices (https://thehackernews.com/2024/05/researchers-uncover-flaws-in-python.html).



00:00 Cybersecurity Threats to US Water Utilities



01:02 Deep Dive into Water Utility Cybersecurity Flaws



03:26 Strategies for Enhancing Cybersecurity in Water Utilities



04:49 EPA's Enforcement Actions and the Importance of Cybersecurity



06:38 GitHub Enterprise Server's Critical Security Flaw



08:00 Emerging Cybersecurity Threats and Updates



Tags: GitHub, Enterprise Server, CVE, SAML SSO, cybersecurity, vulnerability, GitHub updates, EPA, cyberattacks, water utilities, vulnerabilities, security enforcement, Checkmarx, Llama Drama, Mozilla, PDF.js



Search Phrases:




GitHub Enterprise Server CVE-2024-4985 vulnerability



SAML SSO security breach in GitHub



How to secure GitHub Enterprise Server



EPA cyberattack vulnerabilities in water utilities



Steps to mitigate water utility cyber threats



Llama Drama security flaw in llama_cpp_python



High-severity vulnerability in Mozilla PDF.js



Protecting systems from PDF.js exploits



Checkmarx reports on Llama Drama



Latest cybersecurity vulnerabilities December 2023




May22



The EPA has announced that over 70% of us water utilities inspected are vulnerable to cyber attacks due to outdated security measures like default passwords and single log-ins.



What specific vulnerabilities put major water utilities at risk. And how is the EPA planning to address them?



A high severity vulnerability in Mozilla's PDF dot JS have been uncovered allowing threat actors to execute arbitrary code and. Compromise millions of systems globally. What methods can users implement to help protect their systems from these vulnerabilities?



And finally an alarming get hub enterprise server vulnerability now threatens unauthorized administrative access through.



SAML single sign-on prompting crucial updates. From GitHub to prevent exploitation.



How can organizations secure their get hub enterprise server instances against this vulnerability?



You're listening to the daily decrypt.



The environmental protection agency or EPA announced that the majority of us water utilities.



The inspected are vulnerable to cyber attacks due to using default passwords and single log-ins.



And to get a little more specific over 70% of water utilities that were inspected since September of last year, failed to comply with the safe drinking water act. By commonly using single log-ins for multiple employees. And not revoking access for former employees.



So being a cybersecurity professional, it's really hard for me to even imagine using the same login as somebody else. This is such a terrible idea for many reasons.



Some of which are obvious and some of which might not be like, first of all, multiple people know your password.



Which is kept. Under wraps. Like if it's kept locked down, that's not a huge issue, but it's not being kept locked down. If this is a practice it's not being kept, locked down.



So what if one of the people who's using that log in?



Already has that password memorized and they decide to use it on a different site.



Maybe even with that same email address and that site gets breached.



And the email address is probably water company related.



So any attacker that comes across these credentials will ins

In today's episode, a UK engineering firm Arup was scammed of £20m through a deepfake incident where an employee fell victim to AI-generated video calls. The incident sheds light on the increasing sophistication of cyber attackers and the need for better awareness on deepfake technology. Meanwhile, the Jumio 2024 Online Identity Study reveals consumer concerns over deepfakes, with a call for more governmental regulation of AI to combat cybercrime. The US Justice Department exposed a scheme enabling North Korean IT workers to bypass sanctions, highlighting the risks associated with remote work and the importance of identifying potential threats. Original URLs: 1. https://www.theguardian.com/technology/article/2024/may/17/uk-engineering-arup-deepfake-scam-hong-kong-ai-video.2. https://www.helpnetsecurity.com/2024/05/20/consumers-online-identity-fraud/.3. https://www.helpnetsecurity.com/2024/05/17/north-korean-it-workers/



Arup, Engineering, Deepfake, Cyberattacks, deepfakes, generative AI, digital security, identity fraud



Search Phrases:




Arup deepfake cyber-attacks



How to protect companies from deepfake scams



Consumer awareness about deepfakes and generative AI



Collaborating to enhance digital security measures



Preventing identity fraud with advanced technology



North Korean IT workers evasion scheme



Sanctions evasion by North Korean IT workers



Identifying and protecting organizations from North Korean IT workers



Deceptive employment schemes by North Korean workers



US companies and North Korean IT worker sanctions




May21



The us justice department has uncovered a scheme involving north Korean. It workers evading sanctions by working remotely for us companies under assumed identities, which has resulted in millions of dollars generated for the DPRK.



What signs can help companies identify north Korean it workers posing as us freelancers.



Consumers consistently overestimate their ability to spot deep, fake videos with 60% believing they could detect one. Despite rising concerns over the risks posed by generative AI.



How can businesses and consumers collaborate to enhance digital security measures and prevent identity fraud in the face of increasing deep fake technology.



And in that same realm Arup,



which is a leading UK engineering firm. Fell prey to a 20 million euro, deep fake scam where AI generated video calls, duped a Hong Kong employee into transferring vast sums to criminals.



How can businesses protect themselves from sophisticated schemes?



Involving deep fake videos.



You're listening to the daily decrypt.



The us justice department has uncovered a scheme.



Where individuals from North Korea.



Are posing as us freelancers and getting jobs at us companies under these false identities.



These individuals will utilize us payment platforms, online job sites and proxy computers within the U S to deceive.



The United States employers. They particularly target fortune 500 companies. Like major television networks. Silicon valley tech firms. And they've even attempted infiltration of us government agencies.



So these individuals have been aided by.



A few different us citizens. Including one that would create accounts on us job sites and then sell them to north Koreans.



Or another us woman who operated a quote laptop farm, where she essentially just had a bunch of laptops and let. Adversaries remote in looking like they were in the United States.



This scheme ran from 2020 all the way to 2023. And amassed over $6.8 million for North Korea.



But. Officially both of the individuals who are responsible for all of these fake employments have been apprehended.



And are awaiting extradition to the United States for their trial.



So, obviously this is going to be pretty tough to spot.



Because first of all, resumes for these fraudulent. Applicants are going to look really good. So they're probably going to get the interview based on their resume

In today's episode, researchers unveiled a new security vulnerability dubbed SSID Confusion attack exploiting a flaw in the IEEE 802.11 Wi-Fi standard, allowing malicious actors to manipulate victims into connecting to rogue networks to eavesdrop on their traffic. The breach forum known as BreachForums was seized by law enforcement agencies, marking the second takedown within a year. Also, the Kimsuky hacking group has launched a social engineering attack targeting activists in North Korea and anti-North Korea sectors by impersonating individuals on Facebook Messenger to distribute malware. The episode further delves into the sophisticated malware that infected the Linux kernel.org infrastructure for two years, compromising encrypted password data and providing insights into the propagation tactics employed by the malware. Original URLs:



1. https://thehackernews.com/2024/05/new-wi-fi-vulnerability-enabling.html



2. https://thehackernews.com/2024/05/fbi-seizes-breachforums-again-urges.html



3. https://thehackernews.com/2024/05/north-korean-hackers-exploit-facebook.html



4. https://arstechnica.com/security/2024/05/ssh-backdoor-has-infected-400000-linux-servers-over-15-years-and-keeps-on-spreading/



Search phrases: 1. Preventing SSID Confusion attack 2. Protecting network traffic from Wi-Fi spoofing 3. Law enforcement takedown of cybercrime forums 4. Fate of Baphomet and ShinyHunters 5. Kimsuky hacking group tactics 6. Social engineering attacks on Facebook Messenger 7. Malware targeting North Korean activists 8. Linux malware infection 9. Ebury malware impact on network security 10. Minimizing Ebury malware spread







[00:00:00] A new security vulnerability known as the SSI D confusion attack manipulates devices, and to connecting to a different, less secure network than intended. Potentially exposing users, traffic. How can the SSI D confusion attack be prevented? And what steps should users take to protect their network traffic from being intercepted through wifi spoofing.



 Law enforcement agencies in collaboration with the FBI and international partners from Australia, Iceland, New Zealand, Switzerland, the UK and Ukraine have taken down the cyber crime forum breach forums for the second time.



 The Kim Suki hacking group is leveraging fake Facebook accounts to launch social engineering attacks via messenger. Targeting activists in the north Korean human rights and anti north Korean sectors with malware delivered through decoy documents.



 The Linux operating systems, Colonel infrastructure was infected by malware revealing the theft of encrypted password data from over [00:01:00] 550 system users and allowing attackers to send spam from the servers.



How can organizations minimize the spread and impact of the Ebery malware to prevent disruptions to the network security?



 You're listening to the daily decrypt.



 Imagine connecting to your trusted wifi network only to find out later that an attacker intercepted your traffic.



Wifi is pretty important technology. Allows us to connect our devices to the internet wirelessly. We rely on different.



Coffee shops, vendor locations to connect to the internet and maybe in some areas where we are. Sell services. And to reliable, we'll use local wifi. I often have to use target wifi because the target in my area is in a cellular dead zone. So it's pretty crucial for. Day-to-day lives.



The SSI de confusion attack impacts all operating systems and wifi clients, including home and mesh networks using WEP w P a 3 8 [00:02:00] 0 2 11 X E a P and a M P E protocols. That's a lot of jargon for all the different security standards that come with wifi. The method involves downgrading victims to a less secure network by spoofing a trusted network name or SSI D so attackers can intercept to their traffic to carry out further attacks.



Now the SSI D stands for service set identifier, essentially the name of a wifi network.



It help

In today's episode, we discuss the exploitation of a new zero-day vulnerability (CVE-2024-4761) in Google Chrome, prompting emergency fixes from Google. Users are advised to update to Chrome version 124.0.6367.207/.208 to mitigate potential threats (https://thehackernews.com/2024/05/new-chrome-zero-day-vulnerability-cve.html). Additionally, Apple has backported a patch to iOS 16 branch to fix CVE-2024-23296 and introduced a new Bluetooth tracker alert feature in iOS 17 to warn users about unknown Bluetooth trackers (https://www.helpnetsecurity.com/2024/05/14/ios-bluetooth-tracker-alert/). The impact of return-to-office mandates at tech giants like Apple, Microsoft, and SpaceX on employee retention, particularly among senior talent, is also discussed, shedding light on the potential negative effects of such policies (https://arstechnica.com/information-technology/2024/05/rto-mandates-led-to-pronounced-exodus-of-senior-workers-at-top-tech-firms/).



00:00 The Great Tech Exodus: Navigating Return to Office Mandates



00:55 Deep Dive into Return to Office Policies and Their Impact



04:54 Exploring Apple's Cybersecurity Enhancements



07:15 Navigating the Threat Landscape: Google Chrome's Zero Day Vulnerability



Search Phrases: Apple, Cyber threats, iOS patches, Bluetooth tracker alert, Cybersecurity measures, CVE-2024-23296, MarketplaceKit vulnerability, Return-to-office mandates, Senior-level employees, Remote work, Workforce management, Employee morale, Attrition



may15



Return to office mandates at major tech companies like apple, Microsoft, and space X. Have led to a significant Exodus of senior level employees.



How can these tech companies manage their workforce effectively while avoiding the negative impact of return to office mandates?



On employee morale and attrition. .



In Apple's most recent update they've added.



A Bluetooth tracker alert.



To alert the user, if an unexpected Bluetooth tracker is in their proximity.



How else is apple enhancing cybersecurity measures. For iOS users. And finally an emergency fix has been rolled out by Google to address the new zero day vulnerability in Google Chrome. Which is being actively exploited in the wild posing, a serious threat to compromised hosts.



How can users protect themselves from the zero day vulnerability in Google Chrome?



You're listening to the daily decrypt. All right. Let's talk about return to office or RTO.



If you work in tech. Specifically cybersecurity. You've probably been impacted by this since the Dawn of COVID.



Or at least know somebody who's been impacted by this.



I personally work on a team of developers who were all hired remotely.



With no expectation set that they'll have to return to the office and.



They're all pretty peeved because now they're having to return to the office and we're losing good talent.



And the team's morale is just a little lower.



Because it's one thing to be hired with the expectation of moving to an office, which is actually how I was hired. And I did move closer to an office.



But it's another thing.



To be hired with the expectation of never having to, and then having to.



So a recent study conducted by researchers from the university of Chicago and the university of Michigan revealed that returned to office mandates at tech giants, like apple, Microsoft, and SpaceX have led to a significant Exodus of senior level employees.



And this study did pose a thought that I had never really considered as to why senior level.



Employees would be leaving specifically ones in management. And that's because they prefer not to manage teams that are inherently unhappy about policies at their. Company.



So if their whole team is upset about returning to office, That's going to directly impact their job satisfaction because there's nothing they can do. They can't change company policy. They can just. Make sure their leaders are aware that their teams are upset and