The Daily Decrypt The Digital Security Collective

In today's episode, we discuss Microsoft's commitment to take full responsibility for security failures, as detailed in Brad Smith's House testimony (https://www.cybersecuritydive.com/news/microsoft--security-failures-house-testimony/718853/), YouTube's testing of harder-to-block server-side ad injections affecting ad blockers like SponsorBlock, along with the potential solutions (https://www.bleepingcomputer.com/news/google/youtube-tests-harder-to-block-server-side-ad-injection-in-videos/), and the new "Sleepy Pickle" attack technique that targets machine learning models, posing severe supply chain risks (https://thehackernews.com/2024/06/new-attack-technique-sleepy-pickle.html). Tune in for a detailed analysis of these pressing cybersecurity issues and their broader implications.



Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/



Logo Design by https://www.zackgraber.com/



Tags: Microsoft, President, Security, Cybersecurity, Brad Smith, House testimony, Security failures, State-linked cyberattacks, U.S. federal agencies, Cyber attack, Machine learning, Sleepy Pickle, Pickle format, Supply chain risk



Search Phrases: Microsoft security failures, Brad Smith House testimony, U.S. federal agencies cyber attack, State-linked cyberattack Microsoft, Measures to improve Microsoft cybersecurity, Sleepy Pickle machine learning, Protecting machine learning models, Cybersecurity in Pickle format, Supply chain risks in cybersecurity, Advanced server-side ad injection YouTube



Microsoft will take full ownership for security failures in House testimony



https://www.cybersecuritydive.com/news/microsoft--security-failures-house-testimony/718853/ ---`- Microsoft's Accountability: Brad Smith, Microsoft’s vice chair and president, commits to taking full responsibility for recent security failures in his written testimony to the U.S. House Committee on Homeland Security. This is a critical move for transparency and accountability in the cybersecurity sector.




State-Linked Cyberattacks: The testimony follows two significant state-linked cyberattacks on Microsoft. Hackers from the People's Republic of China targeted Microsoft Exchange Online, compromising 22 organizations and 500 individuals, including high-profile figures like U.S. Commerce Secretary Gina Raimondo. Another attack from the Russia-linked Midnight Blizzard group compromised senior executives' credentials, impacting federal agency security.



Preventable Breaches: A report by the U.S. Cyber Safety Review Board criticized Microsoft for prioritizing speed to market and new features over security, labeling the attacks as preventable. This highlights the importance for cybersecurity professionals to balance innovation with robust security measures.



Security Recommendations: The Cyber Safety Review Board issued 25 recommendations to improve security, 16 specifically for Microsoft. These recommendations are essential for Microsoft and the broader cloud security industry to address vulnerabilities and prevent future breaches.



Phishing Attack Surge: Nation-state cyber activity has intensified, with Microsoft experiencing 47 million phishing attacks against its employees and 345 million daily attacks against its customers. This underscores the importance of phishing awareness and training for all cybersecurity professionals.



Enhanced Security Measures: To bolster internal security, Microsoft plans to link senior executive compensation to meeting security goals, demonstrating a commitment to accountability. Additionally, the company has invited the Cybersecurity and Infrastructure Security Agency (CISA) to its headquarters for a detailed briefing on their security strategy.



Industry Implications: Critics argue that Microsoft's dominant position in federal systems should be re-evaluated given its security lapses. This raises questions about the broader implications for vendor accountability and the need for stringent se

In today's episode, we explore recent major cybersecurity upgrades aimed at safeguarding the American healthcare system, including a new initiative by Microsoft to provide critical cybersecurity resources to rural hospitals. Additionally, we delve into the Ticketmaster-Snowflake data breach perpetrated by ShinyHunters, targeting 560 million users and exposing key vulnerabilities in cloud environments. Lastly, we cover AWS’s new and improved security features announced at the re:Inforce conference, which include added multi-factor authentication options, expanded malware protection for Amazon S3, and updated AI apps governance.



Read more at:




https://www.helpnetsecurity.com/2024/06/12/american-healthcare-cybersecurity/



https://thehackernews.com/2024/06/lessons-from-ticketmaster-snowflake.html



https://www.helpnetsecurity.com/2024/06/12/aws-security-features/



Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/




Tags



Microsoft, Cyberattacks, Healthcare systems, Rural hospitals, ShinyHunters, Breach, Data, Cybersecurity, AWS, FIDO2 passkeys, Malware protection, Cloud environment



Search Phrases




How Microsoft is protecting rural hospitals from cyberattacks



Cybersecurity initiatives for rural healthcare by Microsoft



ShinyHunters data breach impact on cloud security



Essential measures to prevent cyberattacks in cloud environments



Latest AWS security features from re:Inforce conference



How FIDO2 passkeys enhance cloud environment security



Updated malware protection for AWS S3 buckets



Microsoft and Biden-Harris Administration cybersecurity efforts



Impact of ShinyHunters breach on data security practices



Advanced multi-factor authentication in AWS cloud environments




Major cybersecurity upgrades announced to safeguard American healthcare



https://www.helpnetsecurity.com/2024/06/12/american-healthcare-cybersecurity/




Rising Threats: Cyberattacks on American healthcare systems soared 128% from 2022 to 2023, leading to significant disruptions in hospital operations and payment systems.

Actionable Insight: Healthcare professionals should stay vigilant and ensure their organizations have updated cybersecurity measures to mitigate risks.





Impact of Recent Attacks: In early 2024, a major cyberattack affected one-third of healthcare claims in the U.S., delaying payments and services.

Critical Implication: Entry to mid-level cybersecurity professionals should focus on protecting payment systems and ensuring quick recovery plans are in place.





Government Initiatives: The Biden-Harris Administration launched several initiatives to bolster healthcare cybersecurity, including a new gateway website and voluntary performance goals.

Actionable Insight: Healthcare institutions should leverage these resources to enhance their cybersecurity posture.





Collaboration for Solutions: In May 2024, the White House gathered industry leaders to discuss cybersecurity challenges and promote secure-by-design solutions.

Engagement Suggestion: Ask listeners how their organizations collaborate with other entities to share threat intelligence and improve security.





ARPA-H UPGRADE Program: The Advanced Research Projects Agency for Health introduced the UPGRADE program, investing over $50 million in tools to defend hospital IT environments.

Actionable Insight: IT teams should explore participation in this program to access cutting-edge cybersecurity tools and support.





Rural Hospital Support: Cyber disruptions severely impact rural hospitals. Leading tech companies, including Microsoft and Google, committed to providing free or discounted cybersecurity resources to these institutions.

Critical Implication: Rural hospital IT staff should take advantage of these offers to strengthen their defenses against cyberattacks.





Microsoft’s Cybersecurity Program: Microsoft announced a program offering up

In today's episode, we delve into the latest cybersecurity incidents, including Cylance confirming old data sold by Sp1d3r for $750,000, ongoing disruptions in the NHS due to a Russian Qilin ransomware attack, and Google's takedown of coordinated influence campaigns linked to China, Russia, and Indonesia. We also highlight Snowflake account breaches connected to recent data compromises at Advance Auto Parts, Santander, and Ticketmaster. Join us as we explore the implications of these attacks and the latest reports from BleepingComputer, The Guardian, and The Hacker News.



References:




https://www.bleepingcomputer.com/news/security/cylance-confirms-data-breach-linked-to-third-party-platform/



https://thehackernews.com/2024/06/google-takes-down-influence-campaigns.html



https://www.theguardian.com/society/article/2024/jun/11/cyber-attack-on-london-hospitals-to-take-many-months-to-resolve



Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/




Tags: Sp1d3r, Cylance, Snowflake, UNC5537, Google, YouTube, Blogger, Propaganda, Russian hackers, NHS, Disruption, Mitigate



Search Phrases:




Notorious hacker Sp1d3r data breach



Cylance marketing data dark web



Snowflake cybersecurity vulnerabilities



UNC5537 Snowflake account security



Google influence operation crackdown



YouTube channel shutdown China propaganda



Blogger blog purge misinformation Russia



Russian hackers NHS disruption



NHS cybersecurity breach recovery



Mitigating hacker impact on NHS




Cylance confirms data breach linked to 'third-party' platform



https://www.bleepingcomputer.com/news/security/cylance-confirms-data-breach-linked-to-third-party-platform/ ---`Flash Briefing:




Data Breach Disclosure: Cylance confirmed that data being sold on a hacking forum is legitimate but old, stolen from a third-party platform. The data allegedly includes 34 million customer and employee emails and personally identifiable information. Source: BleepingComputer.



Threat Actor Activity: A hacker known as Sp1d3r is selling the stolen data for $750,000. Researchers indicated this data seems to be old marketing information. BlackBerry Cylance stated no current customers or sensitive data are impacted. Source: Dark Web Informer.



Snowflake Links: The same threat actor, Sp1d3r, is also selling 3TB of data from Advance Auto Parts, allegedly breached through a Snowflake account. Other recent breaches at Santander, Ticketmaster, and QuoteWizard also link to Snowflake attacks. Source: BleepingComputer.



Credential Theft: Attackers used stolen customer credentials to target Snowflake accounts without multi-factor authentication (MFA). Mandiant linked these attacks to a financially motivated threat actor, UNC5537, who has been active since at least 2020. Source: Mandiant.



Recommendations: Ensure all accounts, particularly those related to third-party platforms, have MFA enabled. Regularly update and rotate credentials, and implement network allow lists to restrict access to trusted locations. Source: CrowdStrike, Mandiant.



Ongoing Notifications: Snowflake and Mandiant have notified around 165 organizations about potential exposure to these attacks, emphasizing the importance of cybersecurity hygiene and proactive measures. Source: Snowflake.




Google Takes Down Influence Campaigns Tied to China, Indonesia, and Russia



https://thehackernews.com/2024/06/google-takes-down-influence-campaigns.html ---`- Google Takes Down Inauthentic Channels: Google dismantled a coordinated influence operation connected to the People's Republic of China, removing 1,320 YouTube channels and 1,177 Blogger blogs spreading content about China and U.S. foreign affairs. (Source: Google Threat Analysis Group)




Influence Operations Linked to Indonesia: Google also terminated accounts linked to two influence operations from Indonesia that supported the ruling party, further showcasin

In today's episode, we discuss the NHS's urgent appeal for O-type blood donations following a ransomware attack on Synnovis, the security risks uncovered in the Visual Studio Code Marketplace with malicious extensions such as the fake 'Darcula' theme, and Microsoft's decision to make its controversial Windows Recall feature opt-in by default. Learn about the cyber-attack's impact on London hospitals, the widespread vulnerabilities in VSCode extensions, and the privacy concerns surrounding Windows Recall. Stay updated with the latest developments in cybersecurity and how organizations and individuals are responding to these challenges.



Article URLs:




https://www.theguardian.com/society/article/2024/jun/10/nhs-appeals-for-o-type-blood-donations-after-cyber-attack-delays-transfusions



https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-with-millions-of-installs-discovered/



https://www.helpnetsecurity.com/2024/06/07/windows-recall-changes/




00:00 Introduction



01:07 Deep Dive into Windows Recall Feature



03:57 Impact of Ransomware on Healthcare



06:01 Israeli Researchers' Findings on Malicious Extensions



Tags:
Ransomware, London hospitals, NHS, O-type blood, Israeli researchers, typosquatting, VSCode extension, Visual Studio Code Marketplace, Microsoft, AI-powered, Security, Screenshots, Windows Recall, cyber-attack, O-positive, O-negative



Search Phrases:
Ransomware attack on London hospitals, NHS blood donation cyber-attack, O-type blood donations needed in London, impact of ransomware on NHS, Israeli researchers typosquatting VSCode, malicious VSCode extensions uncovered, Visual Studio Code Marketplace security, Microsoft AI screenshot concerns, Windows Recall feature controversy, how to protect against malicious VSCode extensions



Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/



NHS appeals for O-type blood donations after cyber-attack delays transfusion



https://www.theguardian.com/society/article/2024/jun/10/nhs-appeals-for-o-type-blood-donations-after-cyber-attack-delays-transfusions ---`Flash Briefing: NHS Appeals for O-type Blood Donations After Cyber-attack




Critical Incident Declared:

Several major London hospitals declared a critical incident following a ransomware attack on the pathology firm Synnovis.



Operations and tests were canceled, and hospitals struggled to carry out blood transfusions.





Appeal for O-type Blood Donations:

NHS Blood and Transplant urgently calls for O-positive and O-negative blood donors across England.



O-type blood is universally safe for all patients, crucial for maintaining transfusion services during the crisis.





Ransomware Attack Details:

The cyber-attack, attributed to the Russian cybercriminal group Qilin, disrupted the ability to match patients' blood types at normal speeds.





Importance of O-negative Blood:

O-negative blood, known as the universal blood type, can be given to anyone and is vital in emergencies.



Only 8% of the population has O-negative blood, yet it constitutes about 15% of hospital orders.





O-positive Blood Insights:

O-positive blood is the most common type, with 35% of donors having it.



This blood type can be given to anyone with a positive blood type, covering 76% of the population.





National Blood Week and Appointment Availability:

During National Blood Week, it was highlighted that hospitals need three blood donations every minute.



There are 13,000 available appointments in NHS blood donor centers nationwide, including 3,400 in London.





Call to Action:

Dr. Gail Miflin and Prof. Stephen Powis emphasize the urgent need for O-type donors to book appointments to support critical surgeries and patient care.



New donors are also welcomed, as they might have one of these essential blood types.






Sources:




PA Media, "NHS appeals for O-type blood donations afte

In today's episode, we discuss the recent Gitloker attacks affecting GitHub repositories, extorting users by wiping repos and demanding communication via Telegram. We also cover DuckDuckGo's new AI Chat service offering anonymous access to chatbots like OpenAI’s GPT-3.5 Turbo and Meta's Llama 3, and how the Muhstik botnet is exploiting a critical Apache RocketMQ flaw to enhance its DDoS capabilities. Check out the full stories here: https://www.bleepingcomputer.com/news/security/new-gitloker-attacks-wipe-github-repos-in-extortion-scheme/, https://arstechnica.com/information-technology/2024/06/duckduckgo-offers-anonymous-access-to-ai-chatbots-through-new-service/, and https://thehackernews.com/2024/06/muhstik-botnet-exploiting-apache.html.Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/



Tags:



GitHub, extortions, Telegram, CronUp, cybersecurity, version control, hacking, ransomware, threat detection, security research, Germán Fernández, DuckDuckGo, AI Chat, privacy, OpenAI, Anthropic, Meta, Mistral, anonymous chat, Muhstik, botnet, Apache RocketMQ, CVE-2023-33246, vulnerability, DDoS, cryptocurrency mining, server security



Search Phrases:




Protect GitHub repositories from extortion attacks



Telegram used in GitHub ransomware extortion



CronUp reveals new GitHub security threat



DuckDuckGo AI Chat service privacy concerns



Muhstik botnet attacking Apache RocketMQ servers



CVE-2023-33246 vulnerability in Apache RocketMQ



Preventing cryptocurrency mining botnet attacks



Cybersecurity for version control systems



Anonymous AI chat services with privacy



Protecting servers from DDoS and botnet attacks




New Gitloker attacks wipe GitHub repos in extortion scheme



https://www.bleepingcomputer.com/news/security/new-gitloker-attacks-wipe-github-repos-in-extortion-scheme/ ---`- GitHub Repositories Under Attack: Attackers are targeting and wiping GitHub repositories, then demanding victims contact them via Telegram. (Source: Sergiu Gatlan, June 6, 2024)




Campaign Origin: Germán Fernández, a security researcher at CronUp, first spotted the ongoing campaign. Attackers use stolen credentials to compromise GitHub accounts and pose as cyber incident analysts.



Modus Operandi: Attackers claim to steal data and create a backup. They rename repositories and add a README file instructing victims to reach out on Telegram for data recovery.



GitHub Response: GitHub advises users to change passwords and enable two-factor authentication to secure their accounts. They recommend additional measures like passkeys for secure, passwordless logins, and reviewing account security logs for suspicious activity.



Preventative Measures:

Enable two-factor authentication.



Add a passkey for secure, passwordless login.



Review and revoke unauthorized access to SSH keys, deploy keys, and authorized integrations.



Verify all email addresses associated with your account.



Regularly review recent commits and collaborators for each repository.



Manage webhooks on your repositories.



Check for and revoke any new deploy keys.





History of Attacks: This isn't the first time GitHub accounts have been compromised. In March 2020, hackers stole over 500GB of files from Microsoft's private repositories. In September 2020, a phishing campaign targeted GitHub users with fake CircleCI notifications to steal credentials and 2FA codes.



Engagement Opportunity: Are you using all the recommended security measures for your GitHub account? Check your settings today and share your experience with us!



Call to Action: Stay vigilant and regularly update your security practices. If you experience any suspicious activity, report it immediately to GitHub support.








DuckDuckGo offers “anonymous” access to AI chatbots through new service



https://arstechnica.com/information-technology/2024/06/duckduckgo-offers-anonymous-access-t

In today's episode, we look into the recent compromise of celebrity TikTok accounts through a zero-click attack and discuss the exploited vulnerabilities. We then explore the potential security pitfalls of Microsoft's Windows Recall feature, highlighting totalrecall.py by ethical hacker Alexander Hagenah. Finally, we examine the ransomware attacks executed by the Russian-speaking Qilin group on NHS medical services in London.



For more details, check out these sources:




https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.html



https://github.com/xaitax/TotalRecall



https://www.group-ib.com/blog/qilin-ransomware/



https://www.google.com/search?q=why+should+people+delete+tiktok&oq=why+should+people+delete+tiktok




Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/



Logo Design by https://www.zackgraber.com/



00:00 Introduction



01:18 TikTok's Troubling History of Security Flaws



04:58 Exploring Microsoft's Controversial Recall Feature



07:46 Quillin Ransomware: A Deep Dive



Tags: Zero-click attack, TikTok, hackers, vulnerability, ethical hacker, TotalRecall, Windows Recall, vulnerabilities, Qilin, ransomware, defend, security measures, sensitive data, critical sectors, Russian-speaking gang, NHS hospitals, cybersecurity, celebrity accounts, platform security



Search Phrases:




How TikTok handles zero-click attacks



Vulnerabilities in TikTok security



Protecting TikTok accounts from hackers



Ethical hacking and TotalRecall demonstration



Securing data against Windows Recall threats



Defending against Qilin ransomware



Russian ransomware gang Qilin explained



Health sector ransomware attacks prevention



Cybersecurity tips for TikTok users



Windows Recall vulnerabilities and precautions








https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.html ---`Flash Briefing: Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs




Zero-Click Attack on TikTok: Threat actors have exploited a zero-click vulnerability in TikTok, allowing them to take over high-profile accounts via direct messages without user interaction. (Source: Semafor, Forbes)

Actionable Insight: Stay vigilant even if you don’t interact with suspicious messages. Update your app regularly to ensure you have the latest security patches.





Scope of the Compromise: TikTok has not disclosed the exact number of affected users but claims that only a "very small" number of accounts were compromised.

Engagement: Ask listeners, “Have you noticed any unusual activity on your social media accounts lately? Share your experiences with us.”





Response and Mitigation: TikTok has implemented preventive measures to stop the attack and is working directly with impacted users to restore account access.

Actionable Insight: If you suspect your account has been compromised, contact TikTok support immediately and follow their guidance for recovery.





Historical Context of TikTok Security Issues:

January 2021: Check Point identified a flaw allowing attackers to build a user database with associated phone numbers. (Source: Check Point)



September 2022: Microsoft found a one-click exploit in TikTok’s Android app that could take over accounts via a crafted link. (Source: Microsoft)



Turkey Compromise: 700,000 accounts were compromised via intercepted SMS messages. (Source: Report)



Invisible Challenge: Attackers used a viral challenge to spread information-stealing malware.





Global Concerns and Actions:

China Ties: Concerns about TikTok’s Chinese ownership have led to proposed and enacted bans in several countries, including the U.S., U.K., Canada, and Australia on government devices.



Legal Actions: TikTok has filed a lawsuit in the U.S. challenging a proposed ban,`






TotalRecall shows how easily data collected by Windows Recall can be stolen



https://github.com/xaitax/TotalRecall ---`- TotalRecall Tool: Et