Technado ACI Learning

Patches abound on this week's Technado! In our Rapid Fire segment, we kick things off with the UK ban on weak default passwords. Then, a warning from Okta on cred-stuffing attacks, and a critical bug in R that exposes orgs to supply chain risks. Collection agency FBCS got pwned this week, with millions of records being exposed - but in happier news, the Japanese police are starting a new effort to keep elderly citizens from falling prey to payment card scams.
The ArcaneDoor was a big story this week, as was yet anothrer WordPress plugin vulnerability - and in this week's D'oh! segment, the popular iSharing app was found to be sharing users locations (even when services were disabled). FInally, in our deep dive, we take a look at new Android banking malware Brokewell.
Like what you heard? Take a look at this week's articles:
https://www.theregister.com/2024/04/29/uk_lays_password_legislation/https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.htmlhttps://www.darkreading.com/application-security/r-programming-language-exposes-orgs-to-supply-chain-riskhttps://techcrunch.com/2024/04/24/security-flaws-isharing-tracking-app-exposed-millions-precise-locations/https://www.techradar.com/pro/security/collection-agency-data-breach-affects-millions-of-usershttps://www.bleepingcomputer.com/news/security/japanese-police-create-fake-support-scam-payment-cards-to-warn-victims/https://www.msspalert.com/news/cyber-spies-burrow-into-cisco-firewall-platforms-in-zero-day-exploitshttps://arstechnica.com/security/2024/04/hackers-make-millions-of-attempts-to-exploit-wordpress-plugin-vulnerability/https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware

Cheats, breaches, and weaknesses abound on this week's Technado! Cybercriminals are threatening to leak millions of records from the World-Check database, and millions more were affected by this week's Frontier Communications broadband shutdown. In our biggest story of the week, MITRE got pwned by nation-state hackers via our old friends, the Ivanti zero-days. CrushFTP is dealing with a vuln that lets attackers download system files, and our Don't Make No Sense feature is a twofer: fake game cheats are being used to spread malware, and it all started with...Microsoft's GitHub repo?
Of course, it wouldn't be Technado without a deep dive, and this one's a doozy: a SafeBreach researcher uncovered FOUR CVEs by exploiting a long-standing issue that supports Windows backwards-compatibility.
Like what you heard? Check this episode's stories below:
https://www.theregister.com/2024/04/19/cybercriminals_threaten_to_leak_all/https://www.itpro.com/security/cyber-attack-takes-frontier-communications-systems-offline-affecting-millions-of-broadband-customershttps://www.helpnetsecurity.com/2024/04/22/mitre-breached/https://www.infosecurity-magazine.com/news/crushftp-file-transfer/https://thehackernews.com/2024/04/new-redline-stealer-variant-disguised.htmlhttps://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/https://www.safebreach.com/blog/magicdot-a-hackers-magic-show-of-disappearing-dots-and-spaces/

This week on Technado, we start off strong with some breaking news: geospatial intelligence firm Space-Eyes has allegedly been breached by IntelBroker. From there, we cover TWO 10.0 command injection vulnerabilities - one affecting Windows, one affecting Palo Alto. Apple has issued warnings to more than 90 countries concerning Mercenary spyware attacks. We've got updates on the most recent Microsoft and AT&T breaches, as well as a new breach involving Sisense. And of course, we can't forget this week's Behind Bars subject: an ex-Amazon engineer who stole millions in cryptocurrency is facing prison time.
In our deep dive segment, it's a double whammy: we return to one of our Rapid Fire articles to get into the details of Palo Alto's 10.0 vulnerability. Then, we unpack Blackjack's newest venture, Fuxnet malware.
Want to know more? Check out the stories we covered this week:
https://www.hackread.com/windows-batbadbut-vulnerability-comment-injection/https://blog.rust-lang.org/2024/04/09/cve-2024-24576.htmlhttps://www.theregister.com/2024/04/12/microsoft_cisa_order/https://www.bleepingcomputer.com/news/security/att-now-says-data-breach-impacted-51-million-customers/amp/https://www.hackread.com/iphone-users-mercenary-spyware-attacks/https://www.securityweek.com/former-security-engineer-sentenced-to-prison-for-hacking-crypto-exchanges/https://www.infosecurity-magazine.com/news/cisa-urges-reset-sisense-breach/https://thehackernews.com/2024/04/palo-alto-networks-releases-urgent.htmlhttps://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/https://unit42.paloaltonetworks.com/cve-2024-3400/https://claroty.com/team82/research/unpacking-the-blackjack-groups-fuxnet-malware

Live from HackSpaceCon, it's Technado! This week, malware takes center stage: beware of bogus NordVPN downloads and YouTube videos promising Fortnite cheats. If you use a D-Link NAS device that's reached its EoL, you might want to check for a backdoor account. In the return of the beloved Tinfoil Hat segment, Five Eyes data has allegedly been stolen & exposed during a breach. Keeping with our space theme, NASA has finally cracked the case of Voyager 1 sending gibberish data. We wrap up our Rapid Fire articles with a critical flaw affecting one million WordPress websites, an update on the Ivanti debacle (four more vulns!), and a special "Crow" segment featuring million-dollar rewards for zero-days. After a quick break, we dive deep into a new malware variant called Latrodectus - and it's just as dangerous as the venomous spiders it's named after. (Stick around to see Dan and Soph mewing for the camera.) Want to read further? Take a look at the stories we covered this week: https://www.malwarebytes.com/blog/thr... https://www.bleepingcomputer.com/news... https://gbhackers.com/hackers-deliver... https://www.scmagazine.com/brief/alle...

It's a packed week on Technado! First up in Rapid Fire, we talk about the Linux backdoor that's got everyone fired up - but all is not as it seems. Then, our Pork Chop Sandwiches segment stars Hot Topic in their latest credential stuffing dilemma (and a brief cybergoth appearance thanks to Christian). Activision is looking into some password-stealing malware affecting some of its players (read: cheaters).
We wrap up Rapid Fire by discussing the recent MFA bombing attacks plaguing iPhone users, along with a special Deja News double feature: we have updates on the PyPI and AT&T situations!
After a quick break, it's time for our deep dive! Daniel gets into the details of the new and improved (?) Android malware Vultur. Finally, we finish up this week's episode with a mini-dive into Imperva Secure Sphere's WAF bypass.
Want more details? Check out this week's references:
https://thehackernews.com/2024/03/urgent-secret-backdoor-found-in-xz.htmlhttps://www.bleepingcomputer.com/news/security/retail-chain-hot-topic-hit-by-new-credential-stuffing-attacks/https://techcrunch.com/2024/03/28/activision-says-its-investigating-password-stealing-malware-targeting-game-players/https://www.techopedia.com/news/call-of-duty-hack-alert-malware-drains-bitcoin-from-gamers-walletshttps://www.bleepingcomputer.com/news/security/owasp-discloses-data-breach-caused-by-wiki-misconfiguration/https://www.darkreading.com/cloud-security/mfa-bombing-attacks-target-apple-iphone-usershttps://securityboulevard.com/2024/03/pypi-suspended-500-fakes-richixbw/https://techcrunch.com/2024/03/30/att-reset-account-passcodes-customer-data/https://blog.fox-it.com/2024/03/28/android-malware-vultur-expands-its-wingspan/https://www.hoyahaxa.com/2024/03/imperva-waf-bypass-cve-2023-50969.html

This week on Technado, Daniel and Sophie kick off Rapid Fire with some highlights from Pwn2Own Vancouver. Then, we jump into a novel cred-harvesting phishing campaign, CozyBear's latest attack on German politicos, and a special Pork Chop Sandwiches segment: millions of hotel door locks are impacted by a 36-year-old flaw. We wrap up the Rapid Fire with the Nemesis Market takedown, yet another update on CISA's Ivanti troubles, and the "unpatchable" exploit affecting Apple M-series chips.
In another Python-focused Deep Dive, Daniel takes us through a supply chain cyberattack that's impacting thousands of GitHub users and developers. To close the segment, we take a quick look at a new Loop DoS attack that targets app-layer protocols.
Want to keep reading? Check out the articles the Technado crew covered this week!
Rapid Fire:
Pwn2Own https://www.zerodayinitiative.com/blog/2024/3/21/pwn2own-vancouver-2024-day-two-resultsConversation Overflow Attack https://www.darkreading.com/cloud-security/conversation-overflow-cyberattacks-bypass-ai-securityCozyBear Phishing for Dinner https://www.theregister.com/2024/03/23/russia_cozy_bear_german_politicians_phishing/Unsaflok Flaw https://www.bleepingcomputer.com/news/security/unsaflok-flaw-can-let-hackers-unlock-millions-of-hotel-doors/Nemesis Takedown https://www.bitdefender.com/blog/hotforsecurity/german-authorities-take-down-darknet-marketplace-nemesis-market/CISA Ivanti Notice https://www.crn.com/news/security/2024/cisa-urges-patching-for-critical-ivanti-vulnerability?itc=refreshApple M-Series Vulnerability https://www.itpro.com/security/a-vulnerability-in-apple-m-series-chips-could-expose-encryption-keys-and-harm-performance-and-the-flaw-is-unpatchable
Deep Dive:
GitHub Python Supply Chain Attack https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/Loop DoS Summary https://cispa.de/en/loop-dosLoop DoS Advisory https://cispa.saarland/group/rossow/Loop-DoS