Cybersecurity News Byte with Jim Guckin Jim Guckin

This week we talk about [00:36] how a major player in the website protection game, get's hacked, [09:13] A Russian hacker group is using vulnerabilites from December to gain access to your account, [16:20] Mastadon has a critical vulnerability, can the admins patch their servers in time and finally [22:50] A popular remote access tool had their systems breach, and you should reset your account anyway.
[00:36]    Cloudflare Hacked
[09:13]    Russian Hackers using NTLM Relay Attacks
[16:20]    Critical vulnerability in Mastodon
[22:50]    AnyDesk breached, reset passwords

This week we talk about [00:36]    an Outlook vulnebility that leaks a hashed password to places it shouldn't, then [06:32] The US government doesn't need warrants for your information they just pay data brokers, [13:58] The NoName Ransomware group take target at industries around the work, and finally [20:31] the Trello data breach that wasn't really a data breach and why that doesn't make us feel any better.

On my return for 2024, we talk about [00:36] how a Russia backed group hacked Microsoft's top leaders email account, [09:25] VMWare sounds the alarm about their latest critical vCenter vulnerability that's currently being used in attacks, [16:00] How a popular IT remote access tool is being exploited back hackers and what not to do, and finally [23:11] a long dormant group wakes back up and using email to create havoc.

This week we talk about [00:36] ownCloud let's it users know it's found 3 critical vulnerabilites in some of it's software, [06:57] A school app based in India was leaking personal student data due to misconfiguration, [12:15] Microsoft takes a sucessful attack again it's Windows Hello service to break into computers and [18:49] BlackCat is back at it again, by claiming to hack a fortune 500 company.

This week we talk about [00:36] We talk about how some security researchers were able to extract a RSA key from signing errors, [07:27] How a now defunt shadowy hack-for-hire group was behind a bunch of attacks, [15:11] Vulnerabilities in some AL and ML tools should they give you something to think about, [22:59] and an old tactic being used to extract money from those who care and reminder how it's the season for social engineering.

This week we talk about [00:36] The Lace Tempest group seen exploiting a vulnerability in a popular IT Support Software, [06:46] Then we talk about how a company suffered a compromise, paid the attacker and the data was still leaked, [13:38] We talk about the new vulnerability that CISA is warning about, and finally [17:34] Sumo Logic urges it's users to change their credentials.