![](/assets/artwork/1x1-42817eea7ade52607a760cbee00d1495.gif)
10 episodes
![](/assets/artwork/1x1-42817eea7ade52607a760cbee00d1495.gif)
The Daily Decrypt The Digital Security Collective
-
- News
“The Daily Decrypt”, hosted by offsetkeyz and d0gesp4n, offers an insightful and approachable take on cybersecurity. Their discussions cover a range of topics, from specific software vulnerabilities to broader issues like mobile security and ransomware trends. They delve into technical details while maintaining accessibility for a general audience, emphasizing practical advice and current developments in the cybersecurity field. The podcast strikes a balance between in-depth analysis and user-friendly content, with a focus on high-quality audio and production.
-
Microsoft President Takes Full Accountability, YouTube Ad Injections, Sleepy Pickle Cyber Attack
In today's episode, we discuss Microsoft's commitment to take full responsibility for security failures, as detailed in Brad Smith's House testimony (https://www.cybersecuritydive.com/news/microsoft--security-failures-house-testimony/718853/), YouTube's testing of harder-to-block server-side ad injections affecting ad blockers like SponsorBlock, along with the potential solutions (https://www.bleepingcomputer.com/news/google/youtube-tests-harder-to-block-server-side-ad-injection-in-videos/), and the new "Sleepy Pickle" attack technique that targets machine learning models, posing severe supply chain risks (https://thehackernews.com/2024/06/new-attack-technique-sleepy-pickle.html). Tune in for a detailed analysis of these pressing cybersecurity issues and their broader implications.
Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/
Logo Design by https://www.zackgraber.com/
Tags: Microsoft, President, Security, Cybersecurity, Brad Smith, House testimony, Security failures, State-linked cyberattacks, U.S. federal agencies, Cyber attack, Machine learning, Sleepy Pickle, Pickle format, Supply chain risk
Search Phrases: Microsoft security failures, Brad Smith House testimony, U.S. federal agencies cyber attack, State-linked cyberattack Microsoft, Measures to improve Microsoft cybersecurity, Sleepy Pickle machine learning, Protecting machine learning models, Cybersecurity in Pickle format, Supply chain risks in cybersecurity, Advanced server-side ad injection YouTube
Microsoft will take full ownership for security failures in House testimony
https://www.cybersecuritydive.com/news/microsoft--security-failures-house-testimony/718853/ ---`- Microsoft's Accountability: Brad Smith, Microsoft’s vice chair and president, commits to taking full responsibility for recent security failures in his written testimony to the U.S. House Committee on Homeland Security. This is a critical move for transparency and accountability in the cybersecurity sector.
State-Linked Cyberattacks: The testimony follows two significant state-linked cyberattacks on Microsoft. Hackers from the People's Republic of China targeted Microsoft Exchange Online, compromising 22 organizations and 500 individuals, including high-profile figures like U.S. Commerce Secretary Gina Raimondo. Another attack from the Russia-linked Midnight Blizzard group compromised senior executives' credentials, impacting federal agency security.
Preventable Breaches: A report by the U.S. Cyber Safety Review Board criticized Microsoft for prioritizing speed to market and new features over security, labeling the attacks as preventable. This highlights the importance for cybersecurity professionals to balance innovation with robust security measures.
Security Recommendations: The Cyber Safety Review Board issued 25 recommendations to improve security, 16 specifically for Microsoft. These recommendations are essential for Microsoft and the broader cloud security industry to address vulnerabilities and prevent future breaches.
Phishing Attack Surge: Nation-state cyber activity has intensified, with Microsoft experiencing 47 million phishing attacks against its employees and 345 million daily attacks against its customers. This underscores the importance of phishing awareness and training for all cybersecurity professionals.
Enhanced Security Measures: To bolster internal security, Microsoft plans to link senior executive compensation to meeting security goals, demonstrating a commitment to accountability. Additionally, the company has invited the Cybersecurity and Infrastructure Security Agency (CISA) to its headquarters for a detailed briefing on their security strategy.
Industry Implications: Critics argue that Microsoft's dominant position in federal systems should be re-evaluated given its security lapses. This raises questions about the broader implications for vendor accountability and the need for stringent se -
Key Takeaways from the Ticketmaster breach and Amazon re:Inforce in Philadelphia
In today's episode, we explore recent major cybersecurity upgrades aimed at safeguarding the American healthcare system, including a new initiative by Microsoft to provide critical cybersecurity resources to rural hospitals. Additionally, we delve into the Ticketmaster-Snowflake data breach perpetrated by ShinyHunters, targeting 560 million users and exposing key vulnerabilities in cloud environments. Lastly, we cover AWS’s new and improved security features announced at the re:Inforce conference, which include added multi-factor authentication options, expanded malware protection for Amazon S3, and updated AI apps governance.
Read more at:
https://www.helpnetsecurity.com/2024/06/12/american-healthcare-cybersecurity/
https://thehackernews.com/2024/06/lessons-from-ticketmaster-snowflake.html
https://www.helpnetsecurity.com/2024/06/12/aws-security-features/
Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/
Tags
Microsoft, Cyberattacks, Healthcare systems, Rural hospitals, ShinyHunters, Breach, Data, Cybersecurity, AWS, FIDO2 passkeys, Malware protection, Cloud environment
Search Phrases
How Microsoft is protecting rural hospitals from cyberattacks
Cybersecurity initiatives for rural healthcare by Microsoft
ShinyHunters data breach impact on cloud security
Essential measures to prevent cyberattacks in cloud environments
Latest AWS security features from re:Inforce conference
How FIDO2 passkeys enhance cloud environment security
Updated malware protection for AWS S3 buckets
Microsoft and Biden-Harris Administration cybersecurity efforts
Impact of ShinyHunters breach on data security practices
Advanced multi-factor authentication in AWS cloud environments
Major cybersecurity upgrades announced to safeguard American healthcare
https://www.helpnetsecurity.com/2024/06/12/american-healthcare-cybersecurity/
Rising Threats: Cyberattacks on American healthcare systems soared 128% from 2022 to 2023, leading to significant disruptions in hospital operations and payment systems.
Actionable Insight: Healthcare professionals should stay vigilant and ensure their organizations have updated cybersecurity measures to mitigate risks.
Impact of Recent Attacks: In early 2024, a major cyberattack affected one-third of healthcare claims in the U.S., delaying payments and services.
Critical Implication: Entry to mid-level cybersecurity professionals should focus on protecting payment systems and ensuring quick recovery plans are in place.
Government Initiatives: The Biden-Harris Administration launched several initiatives to bolster healthcare cybersecurity, including a new gateway website and voluntary performance goals.
Actionable Insight: Healthcare institutions should leverage these resources to enhance their cybersecurity posture.
Collaboration for Solutions: In May 2024, the White House gathered industry leaders to discuss cybersecurity challenges and promote secure-by-design solutions.
Engagement Suggestion: Ask listeners how their organizations collaborate with other entities to share threat intelligence and improve security.
ARPA-H UPGRADE Program: The Advanced Research Projects Agency for Health introduced the UPGRADE program, investing over $50 million in tools to defend hospital IT environments.
Actionable Insight: IT teams should explore participation in this program to access cutting-edge cybersecurity tools and support.
Rural Hospital Support: Cyber disruptions severely impact rural hospitals. Leading tech companies, including Microsoft and Google, committed to providing free or discounted cybersecurity resources to these institutions.
Critical Implication: Rural hospital IT staff should take advantage of these offers to strengthen their defenses against cyberattacks.
Microsoft’s Cybersecurity Program: Microsoft announced a program offering up -
Sp1d3r Hacks Cylance, Google Busts Propaganda, NHS Hit by Russian Hackers
In today's episode, we delve into the latest cybersecurity incidents, including Cylance confirming old data sold by Sp1d3r for $750,000, ongoing disruptions in the NHS due to a Russian Qilin ransomware attack, and Google's takedown of coordinated influence campaigns linked to China, Russia, and Indonesia. We also highlight Snowflake account breaches connected to recent data compromises at Advance Auto Parts, Santander, and Ticketmaster. Join us as we explore the implications of these attacks and the latest reports from BleepingComputer, The Guardian, and The Hacker News.
References:
https://www.bleepingcomputer.com/news/security/cylance-confirms-data-breach-linked-to-third-party-platform/
https://thehackernews.com/2024/06/google-takes-down-influence-campaigns.html
https://www.theguardian.com/society/article/2024/jun/11/cyber-attack-on-london-hospitals-to-take-many-months-to-resolve
Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/
Tags: Sp1d3r, Cylance, Snowflake, UNC5537, Google, YouTube, Blogger, Propaganda, Russian hackers, NHS, Disruption, Mitigate
Search Phrases:
Notorious hacker Sp1d3r data breach
Cylance marketing data dark web
Snowflake cybersecurity vulnerabilities
UNC5537 Snowflake account security
Google influence operation crackdown
YouTube channel shutdown China propaganda
Blogger blog purge misinformation Russia
Russian hackers NHS disruption
NHS cybersecurity breach recovery
Mitigating hacker impact on NHS
Cylance confirms data breach linked to 'third-party' platform
https://www.bleepingcomputer.com/news/security/cylance-confirms-data-breach-linked-to-third-party-platform/ ---`Flash Briefing:
Data Breach Disclosure: Cylance confirmed that data being sold on a hacking forum is legitimate but old, stolen from a third-party platform. The data allegedly includes 34 million customer and employee emails and personally identifiable information. Source: BleepingComputer.
Threat Actor Activity: A hacker known as Sp1d3r is selling the stolen data for $750,000. Researchers indicated this data seems to be old marketing information. BlackBerry Cylance stated no current customers or sensitive data are impacted. Source: Dark Web Informer.
Snowflake Links: The same threat actor, Sp1d3r, is also selling 3TB of data from Advance Auto Parts, allegedly breached through a Snowflake account. Other recent breaches at Santander, Ticketmaster, and QuoteWizard also link to Snowflake attacks. Source: BleepingComputer.
Credential Theft: Attackers used stolen customer credentials to target Snowflake accounts without multi-factor authentication (MFA). Mandiant linked these attacks to a financially motivated threat actor, UNC5537, who has been active since at least 2020. Source: Mandiant.
Recommendations: Ensure all accounts, particularly those related to third-party platforms, have MFA enabled. Regularly update and rotate credentials, and implement network allow lists to restrict access to trusted locations. Source: CrowdStrike, Mandiant.
Ongoing Notifications: Snowflake and Mandiant have notified around 165 organizations about potential exposure to these attacks, emphasizing the importance of cybersecurity hygiene and proactive measures. Source: Snowflake.
Google Takes Down Influence Campaigns Tied to China, Indonesia, and Russia
https://thehackernews.com/2024/06/google-takes-down-influence-campaigns.html ---`- Google Takes Down Inauthentic Channels: Google dismantled a coordinated influence operation connected to the People's Republic of China, removing 1,320 YouTube channels and 1,177 Blogger blogs spreading content about China and U.S. foreign affairs. (Source: Google Threat Analysis Group)
Influence Operations Linked to Indonesia: Google also terminated accounts linked to two influence operations from Indonesia that supported the ruling party, further showcasin -
Windows Recall Updates, London NHS Ransomware Crisis, VSCode Darcula Typosquatting Research
In today's episode, we discuss the NHS's urgent appeal for O-type blood donations following a ransomware attack on Synnovis, the security risks uncovered in the Visual Studio Code Marketplace with malicious extensions such as the fake 'Darcula' theme, and Microsoft's decision to make its controversial Windows Recall feature opt-in by default. Learn about the cyber-attack's impact on London hospitals, the widespread vulnerabilities in VSCode extensions, and the privacy concerns surrounding Windows Recall. Stay updated with the latest developments in cybersecurity and how organizations and individuals are responding to these challenges.
Article URLs:
https://www.theguardian.com/society/article/2024/jun/10/nhs-appeals-for-o-type-blood-donations-after-cyber-attack-delays-transfusions
https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-with-millions-of-installs-discovered/
https://www.helpnetsecurity.com/2024/06/07/windows-recall-changes/
00:00 Introduction
01:07 Deep Dive into Windows Recall Feature
03:57 Impact of Ransomware on Healthcare
06:01 Israeli Researchers' Findings on Malicious Extensions
Tags:
Ransomware, London hospitals, NHS, O-type blood, Israeli researchers, typosquatting, VSCode extension, Visual Studio Code Marketplace, Microsoft, AI-powered, Security, Screenshots, Windows Recall, cyber-attack, O-positive, O-negative
Search Phrases:
Ransomware attack on London hospitals, NHS blood donation cyber-attack, O-type blood donations needed in London, impact of ransomware on NHS, Israeli researchers typosquatting VSCode, malicious VSCode extensions uncovered, Visual Studio Code Marketplace security, Microsoft AI screenshot concerns, Windows Recall feature controversy, how to protect against malicious VSCode extensions
Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/
NHS appeals for O-type blood donations after cyber-attack delays transfusion
https://www.theguardian.com/society/article/2024/jun/10/nhs-appeals-for-o-type-blood-donations-after-cyber-attack-delays-transfusions ---`Flash Briefing: NHS Appeals for O-type Blood Donations After Cyber-attack
Critical Incident Declared:
Several major London hospitals declared a critical incident following a ransomware attack on the pathology firm Synnovis.
Operations and tests were canceled, and hospitals struggled to carry out blood transfusions.
Appeal for O-type Blood Donations:
NHS Blood and Transplant urgently calls for O-positive and O-negative blood donors across England.
O-type blood is universally safe for all patients, crucial for maintaining transfusion services during the crisis.
Ransomware Attack Details:
The cyber-attack, attributed to the Russian cybercriminal group Qilin, disrupted the ability to match patients' blood types at normal speeds.
Importance of O-negative Blood:
O-negative blood, known as the universal blood type, can be given to anyone and is vital in emergencies.
Only 8% of the population has O-negative blood, yet it constitutes about 15% of hospital orders.
O-positive Blood Insights:
O-positive blood is the most common type, with 35% of donors having it.
This blood type can be given to anyone with a positive blood type, covering 76% of the population.
National Blood Week and Appointment Availability:
During National Blood Week, it was highlighted that hospitals need three blood donations every minute.
There are 13,000 available appointments in NHS blood donor centers nationwide, including 3,400 in London.
Call to Action:
Dr. Gail Miflin and Prof. Stephen Powis emphasize the urgent need for O-type donors to book appointments to support critical surgeries and patient care.
New donors are also welcomed, as they might have one of these essential blood types.
Sources:
PA Media, "NHS appeals for O-type blood donations afte -
CronUp GitHub Extortions, DuckDuckGo AI Privacy, Muhstik Apache CVE-2023-33246
In today's episode, we discuss the recent Gitloker attacks affecting GitHub repositories, extorting users by wiping repos and demanding communication via Telegram. We also cover DuckDuckGo's new AI Chat service offering anonymous access to chatbots like OpenAI’s GPT-3.5 Turbo and Meta's Llama 3, and how the Muhstik botnet is exploiting a critical Apache RocketMQ flaw to enhance its DDoS capabilities. Check out the full stories here: https://www.bleepingcomputer.com/news/security/new-gitloker-attacks-wipe-github-repos-in-extortion-scheme/, https://arstechnica.com/information-technology/2024/06/duckduckgo-offers-anonymous-access-to-ai-chatbots-through-new-service/, and https://thehackernews.com/2024/06/muhstik-botnet-exploiting-apache.html.Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/
Tags:
GitHub, extortions, Telegram, CronUp, cybersecurity, version control, hacking, ransomware, threat detection, security research, Germán Fernández, DuckDuckGo, AI Chat, privacy, OpenAI, Anthropic, Meta, Mistral, anonymous chat, Muhstik, botnet, Apache RocketMQ, CVE-2023-33246, vulnerability, DDoS, cryptocurrency mining, server security
Search Phrases:
Protect GitHub repositories from extortion attacks
Telegram used in GitHub ransomware extortion
CronUp reveals new GitHub security threat
DuckDuckGo AI Chat service privacy concerns
Muhstik botnet attacking Apache RocketMQ servers
CVE-2023-33246 vulnerability in Apache RocketMQ
Preventing cryptocurrency mining botnet attacks
Cybersecurity for version control systems
Anonymous AI chat services with privacy
Protecting servers from DDoS and botnet attacks
New Gitloker attacks wipe GitHub repos in extortion scheme
https://www.bleepingcomputer.com/news/security/new-gitloker-attacks-wipe-github-repos-in-extortion-scheme/ ---`- GitHub Repositories Under Attack: Attackers are targeting and wiping GitHub repositories, then demanding victims contact them via Telegram. (Source: Sergiu Gatlan, June 6, 2024)
Campaign Origin: Germán Fernández, a security researcher at CronUp, first spotted the ongoing campaign. Attackers use stolen credentials to compromise GitHub accounts and pose as cyber incident analysts.
Modus Operandi: Attackers claim to steal data and create a backup. They rename repositories and add a README file instructing victims to reach out on Telegram for data recovery.
GitHub Response: GitHub advises users to change passwords and enable two-factor authentication to secure their accounts. They recommend additional measures like passkeys for secure, passwordless logins, and reviewing account security logs for suspicious activity.
Preventative Measures:
Enable two-factor authentication.
Add a passkey for secure, passwordless login.
Review and revoke unauthorized access to SSH keys, deploy keys, and authorized integrations.
Verify all email addresses associated with your account.
Regularly review recent commits and collaborators for each repository.
Manage webhooks on your repositories.
Check for and revoke any new deploy keys.
History of Attacks: This isn't the first time GitHub accounts have been compromised. In March 2020, hackers stole over 500GB of files from Microsoft's private repositories. In September 2020, a phishing campaign targeted GitHub users with fake CircleCI notifications to steal credentials and 2FA codes.
Engagement Opportunity: Are you using all the recommended security measures for your GitHub account? Check your settings today and share your experience with us!
Call to Action: Stay vigilant and regularly update your security practices. If you experience any suspicious activity, report it immediately to GitHub support.
DuckDuckGo offers “anonymous” access to AI chatbots through new service
https://arstechnica.com/information-technology/2024/06/duckduckgo-offers-anonymous-access-t -
Zero-Click TikTok Hack, Windows Recall Flaws, Qilin Ransomware Group [Updated]
In today's episode, we look into the recent compromise of celebrity TikTok accounts through a zero-click attack and discuss the exploited vulnerabilities. We then explore the potential security pitfalls of Microsoft's Windows Recall feature, highlighting totalrecall.py by ethical hacker Alexander Hagenah. Finally, we examine the ransomware attacks executed by the Russian-speaking Qilin group on NHS medical services in London.
For more details, check out these sources:
https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.html
https://github.com/xaitax/TotalRecall
https://www.group-ib.com/blog/qilin-ransomware/
https://www.google.com/search?q=why+should+people+delete+tiktok&oq=why+should+people+delete+tiktok
Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/
Logo Design by https://www.zackgraber.com/
00:00 Introduction
01:18 TikTok's Troubling History of Security Flaws
04:58 Exploring Microsoft's Controversial Recall Feature
07:46 Quillin Ransomware: A Deep Dive
Tags: Zero-click attack, TikTok, hackers, vulnerability, ethical hacker, TotalRecall, Windows Recall, vulnerabilities, Qilin, ransomware, defend, security measures, sensitive data, critical sectors, Russian-speaking gang, NHS hospitals, cybersecurity, celebrity accounts, platform security
Search Phrases:
How TikTok handles zero-click attacks
Vulnerabilities in TikTok security
Protecting TikTok accounts from hackers
Ethical hacking and TotalRecall demonstration
Securing data against Windows Recall threats
Defending against Qilin ransomware
Russian ransomware gang Qilin explained
Health sector ransomware attacks prevention
Cybersecurity tips for TikTok users
Windows Recall vulnerabilities and precautions
https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.html ---`Flash Briefing: Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs
Zero-Click Attack on TikTok: Threat actors have exploited a zero-click vulnerability in TikTok, allowing them to take over high-profile accounts via direct messages without user interaction. (Source: Semafor, Forbes)
Actionable Insight: Stay vigilant even if you don’t interact with suspicious messages. Update your app regularly to ensure you have the latest security patches.
Scope of the Compromise: TikTok has not disclosed the exact number of affected users but claims that only a "very small" number of accounts were compromised.
Engagement: Ask listeners, “Have you noticed any unusual activity on your social media accounts lately? Share your experiences with us.”
Response and Mitigation: TikTok has implemented preventive measures to stop the attack and is working directly with impacted users to restore account access.
Actionable Insight: If you suspect your account has been compromised, contact TikTok support immediately and follow their guidance for recovery.
Historical Context of TikTok Security Issues:
January 2021: Check Point identified a flaw allowing attackers to build a user database with associated phone numbers. (Source: Check Point)
September 2022: Microsoft found a one-click exploit in TikTok’s Android app that could take over accounts via a crafted link. (Source: Microsoft)
Turkey Compromise: 700,000 accounts were compromised via intercepted SMS messages. (Source: Report)
Invisible Challenge: Attackers used a viral challenge to spread information-stealing malware.
Global Concerns and Actions:
China Ties: Concerns about TikTok’s Chinese ownership have led to proposed and enacted bans in several countries, including the U.S., U.K., Canada, and Australia on government devices.
Legal Actions: TikTok has filed a lawsuit in the U.S. challenging a proposed ban,`
TotalRecall shows how easily data collected by Windows Recall can be stolen
https://github.com/xaitax/TotalRecall ---`- TotalRecall Tool: Et