Technado ACI Learning

Daniel is back and the Technado studio got a makeover! We kick off the show with some breaking news: TikTok accounts are being compromised through a zero-click DM attack, and over 360 million stolen accounts were leaked on Telegram cybercrime channels.
After our breaking news segment, we cover Bring Me The Horizon's hacking-themed website promoting their new album (spoiler alert: the website itself got hacked). Then, over half a million SOHO routers were remotely bricked - but we still don't know who did it or why.
In Linux news, hackers are packing malware with Kiteshield to avoid AV detection. CISA also issued an alert to federal agencies to patch an actively exploited (high-severity!) Linux kernel flaw.
After a quick break, it's time for Deja News! The upcoming Windows AI Recall feature has more haters every day: researchers are now calling it a security "disaster." BreachForums is back online thanks to a threat actor known as ShinyHunters (who also claims to be responsible for this week's Ticketmaster and Santander breaches). To wrap up the segment, Okta is warning (again) about credential-stuffing attacks targeting its CIC authentication offering.
In happier news, the US DoJ led an international operation to take down the world's largest botnet, and the man responsible has been arrested. And to wrap up the show, Cox Communications patched an auth-bypass bug that could have been disastrous - thanks to an independent security researcher.
Check out the stories Daniel and Sophie covered below:https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.htmlhttps://www.bleepingcomputer.com/news/security/361-million-stolen-accounts-leaked-on-telegram-added-to-hibp/https://techcrunch.com/2024/05/28/rock-bands-hidden-hacking-themed-website-gets-hacked/https://www.theregister.com/2024/05/31/pumoking_eclipse_remote_router_attack/https://gbhackers.com/kite-shield-packer-abused/https://thehackernews.com/2024/05/cisa-alerts-federal-agencies-to-pat

This week on Technado, Google patched yet ANOTHER 0-day exploit - that's four this month, for those of you counting. Spyware program pcTattletale had their website defaced and database dumped. Several major pharmaceutical companies were affected by Cencora's February data loss. And in other news, hackers are phishing finance orgs using... Minesweeper?
After a quick fact-checking break, we have a packed Behind Bars segment. The man behind a deepfake Joe Biden robocall is facing a $6M fine, while a man who stole $37 million in crypto could face up to 20 years in prison. A courtroom recording platform was hijacked in a supply chain attack, and GitHub issued a fix for a maximum severity flaw (that's a 10.0, folks) in their enterprise server software. Finally, we have an update on last week's Apple bug that was causing deleted photos to resurface.
Want all the details? Check out this week's stories:
https://thehackernews.com/2024/05/google-detects-4th-chrome-zero-day-in.htmlhttps://www.bleepingcomputer.com/news/security/hackers-phish-finance-orgs-using-trojanized-minesweeper-clone/https://www.theregister.com/2024/05/27/security_in_brief/https://www.bleepingcomputer.com/news/security/hacker-defaces-spyware-apps-site-dumps-database-and-source-code/https://techcrunch.com/2024/05/25/spyware-app-pctattletale-was-hacked-and-its-website-defaced/https://www.theregister.com/2024/05/24/biden_robocall_charges/https://www.bleepingcomputer.com/news/security/indian-man-stole-37-million-in-crypto-using-fake-coinbase-pro-site/https://www.darkreading.com/cyberattacks-data-breaches/courtroom-recording-platform-javs-hijacked-for-supply-chain-attackhttps://www.bleepingcomputer.com/news/security/apple-wasnt-storing-deleted-ios-photos-in-icloud-after-all/https://www.infosecurity-magazine.com/news/github-maximum-severity-flaw/

This week on Technado, Dell got pwned: 49 million records were stolen & are up for sale on the dark web. Dan & Soph talk privacy as Proton has turned over more customer info to cops, and we also take a look at MITRE's newest framework, EMB3D. In exploit news, Cinterion cellular modems have some severe vulnerabilities to deal with, and a PoC has been released for a critical PuTTY key vulnerability.
In our Pork Chop Sandwiches segment, ANOTHER malicious Python package has been found in PyPI. A new LLMjacking attack is being used to exploit stolen cloud creds, and Nmap 7.95 is out with new features!
Lastly, in our deep dive, we take a look at Mallox RaaS and how it's being used in MS-SQL exploitation campaigns. And before we sign off, we touch on some of the breaking stories from this week that we couldn't cover in depth.
Want to read more? Check out the stories we covered in this week's episode:
https://www.theregister.com/2024/05/09/dell_data_stolen/https://www.theregister.com/2024/05/13/infosec_in_brief/https://thehackernews.com/2024/05/mitre-unveils-emb3d-threat-modeling.htmlhttps://thehackernews.com/2024/05/severe-vulnerabilities-in-cinterion.htmlhttps://thehackernews.com/2024/05/malicious-python-package-hides-sliver.htmlhttps://www.infosecurity-magazine.com/news/llmjacking-exploits-stolen-cloud/https://cybersecuritynews.com/nmap-7-95-released/https://gbhackers.com/putty-private-key-poc-released/https://blog.sekoia.io/mallox-ransomware-affiliate-leverages-purecrypter-in-microsoft-sql-exploitation-campaigns/#h-mallox-ransomware-deployment

Join Don and Daniel as they discuss all things happening in the tech and cybersecurity world this week!
Article Links:
Rapid Firehttps://www.tomshardware.com/pc-components/cpus/rising-metal-prices-could-mean-more-expensive-laptops-pc-parts-and-other-electronics-in-the-near-futurehttps://arstechnica.com/apple/2024/05/apple-must-open-ipados-to-sideloading-within-6-months-eu-says/https://arstechnica.com/gadgets/2024/05/wear-os-will-soon-be-at-50-percent-of-apple-watch-sales/https://www.darkreading.com/cloud-security/dprks-kimsuky-apt-abuses-weak-dmarc-policies-feds-warnhttps://gbhackers.com/cybersecurity-consultant-jailed/ https://thehackernews.com/2024/05/hackers-increasingly-abusing-microsoft.htmlhttps://www.securitynewspaper.com/2024/05/06/how-safe-is-your-tinyproxy-step-by-step-guide-to-exploiting-tinyproxys-zero-day-vulnerability/ Deep Divehttps://blog.kandji.io/malware-cuckoo-infostealer-spyware

Patches abound on this week's Technado! In our Rapid Fire segment, we kick things off with the UK ban on weak default passwords. Then, a warning from Okta on cred-stuffing attacks, and a critical bug in R that exposes orgs to supply chain risks. Collection agency FBCS got pwned this week, with millions of records being exposed - but in happier news, the Japanese police are starting a new effort to keep elderly citizens from falling prey to payment card scams.
The ArcaneDoor was a big story this week, as was yet anothrer WordPress plugin vulnerability - and in this week's D'oh! segment, the popular iSharing app was found to be sharing users locations (even when services were disabled). FInally, in our deep dive, we take a look at new Android banking malware Brokewell.
Like what you heard? Take a look at this week's articles:
https://www.theregister.com/2024/04/29/uk_lays_password_legislation/https://thehackernews.com/2024/04/okta-warns-of-unprecedented-surge-in.htmlhttps://www.darkreading.com/application-security/r-programming-language-exposes-orgs-to-supply-chain-riskhttps://techcrunch.com/2024/04/24/security-flaws-isharing-tracking-app-exposed-millions-precise-locations/https://www.techradar.com/pro/security/collection-agency-data-breach-affects-millions-of-usershttps://www.bleepingcomputer.com/news/security/japanese-police-create-fake-support-scam-payment-cards-to-warn-victims/https://www.msspalert.com/news/cyber-spies-burrow-into-cisco-firewall-platforms-in-zero-day-exploitshttps://arstechnica.com/security/2024/04/hackers-make-millions-of-attempts-to-exploit-wordpress-plugin-vulnerability/https://www.threatfabric.com/blogs/brokewell-do-not-go-broke-by-new-banking-malware

Cheats, breaches, and weaknesses abound on this week's Technado! Cybercriminals are threatening to leak millions of records from the World-Check database, and millions more were affected by this week's Frontier Communications broadband shutdown. In our biggest story of the week, MITRE got pwned by nation-state hackers via our old friends, the Ivanti zero-days. CrushFTP is dealing with a vuln that lets attackers download system files, and our Don't Make No Sense feature is a twofer: fake game cheats are being used to spread malware, and it all started with...Microsoft's GitHub repo?
Of course, it wouldn't be Technado without a deep dive, and this one's a doozy: a SafeBreach researcher uncovered FOUR CVEs by exploiting a long-standing issue that supports Windows backwards-compatibility.
Like what you heard? Check this episode's stories below:
https://www.theregister.com/2024/04/19/cybercriminals_threaten_to_leak_all/https://www.itpro.com/security/cyber-attack-takes-frontier-communications-systems-offline-affecting-millions-of-broadband-customershttps://www.helpnetsecurity.com/2024/04/22/mitre-breached/https://www.infosecurity-magazine.com/news/crushftp-file-transfer/https://thehackernews.com/2024/04/new-redline-stealer-variant-disguised.htmlhttps://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/https://www.safebreach.com/blog/magicdot-a-hackers-magic-show-of-disappearing-dots-and-spaces/