1 hr 16 min
360: Dell Got Pwned?! (49 MILLION Records Stolen!) Technado
-
- Technology
This week on Technado, Dell got pwned: 49 million records were stolen & are up for sale on the dark web. Dan & Soph talk privacy as Proton has turned over more customer info to cops, and we also take a look at MITRE's newest framework, EMB3D. In exploit news, Cinterion cellular modems have some severe vulnerabilities to deal with, and a PoC has been released for a critical PuTTY key vulnerability.
In our Pork Chop Sandwiches segment, ANOTHER malicious Python package has been found in PyPI. A new LLMjacking attack is being used to exploit stolen cloud creds, and Nmap 7.95 is out with new features!
Lastly, in our deep dive, we take a look at Mallox RaaS and how it's being used in MS-SQL exploitation campaigns. And before we sign off, we touch on some of the breaking stories from this week that we couldn't cover in depth.
Want to read more? Check out the stories we covered in this week's episode:
https://www.theregister.com/2024/05/09/dell_data_stolen/https://www.theregister.com/2024/05/13/infosec_in_brief/https://thehackernews.com/2024/05/mitre-unveils-emb3d-threat-modeling.htmlhttps://thehackernews.com/2024/05/severe-vulnerabilities-in-cinterion.htmlhttps://thehackernews.com/2024/05/malicious-python-package-hides-sliver.htmlhttps://www.infosecurity-magazine.com/news/llmjacking-exploits-stolen-cloud/https://cybersecuritynews.com/nmap-7-95-released/https://gbhackers.com/putty-private-key-poc-released/https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/#h-mallox-ransomware-deployment
This week on Technado, Dell got pwned: 49 million records were stolen & are up for sale on the dark web. Dan & Soph talk privacy as Proton has turned over more customer info to cops, and we also take a look at MITRE's newest framework, EMB3D. In exploit news, Cinterion cellular modems have some severe vulnerabilities to deal with, and a PoC has been released for a critical PuTTY key vulnerability.
In our Pork Chop Sandwiches segment, ANOTHER malicious Python package has been found in PyPI. A new LLMjacking attack is being used to exploit stolen cloud creds, and Nmap 7.95 is out with new features!
Lastly, in our deep dive, we take a look at Mallox RaaS and how it's being used in MS-SQL exploitation campaigns. And before we sign off, we touch on some of the breaking stories from this week that we couldn't cover in depth.
Want to read more? Check out the stories we covered in this week's episode:
https://www.theregister.com/2024/05/09/dell_data_stolen/https://www.theregister.com/2024/05/13/infosec_in_brief/https://thehackernews.com/2024/05/mitre-unveils-emb3d-threat-modeling.htmlhttps://thehackernews.com/2024/05/severe-vulnerabilities-in-cinterion.htmlhttps://thehackernews.com/2024/05/malicious-python-package-hides-sliver.htmlhttps://www.infosecurity-magazine.com/news/llmjacking-exploits-stolen-cloud/https://cybersecuritynews.com/nmap-7-95-released/https://gbhackers.com/putty-private-key-poc-released/https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/#h-mallox-ransomware-deployment
1 hr 16 min