Episodios

  • WUKY: Two-factor authentication could have prevented AT&T data breach

    WUKY: Two-factor authentication could have prevented AT&T data breach
    Jul 19 2024
    Show Notes

    In this episode of WUKY News, host Clay Wallace sits down with cybersecurity expert Colin to discuss a recent breach affecting AT&T customers. Earlier this year, cybercriminals accessed metadata from AT&T customers, detailing the numbers they interacted with, the frequency of texts, and call durations. Although the breach did not include message content or personal information, it highlights significant vulnerabilities in cloud security.

    AT&T recently informed customers that while the data breach occurred, there is no evidence of the data being publicly released or used illegally. The compromised metadata includes phone numbers and interaction records from May 1st to October 31st, 2022.

    Colin, a security software developer and host of the Daily Decrypt podcast, explains that this breach is part of a larger issue stemming from increased reliance on cloud storage. He emphasizes that while the cloud is often considered cheaper, more flexible, and more secure, storing data with third-party cloud services shifts the responsibility for data security.

    Companies like AT&T, Advanced Auto Parts, and Ticketmaster, which also faced breaches, stored data on the cloud service provider Snowflake. Many organizations created accounts with just usernames and passwords, neglecting additional security measures. Cybercriminals exploited this by purchasing stolen login credentials from the dark web and using them to access Snowflake accounts.

    details how phishing attacks can lead to info-stealer malware, which captures login credentials. Without multi-factor authentication (MFA), these credentials can be easily misused. He stresses that if MFA had been enabled, the breaches could have been prevented as unauthorized login attempts would have been flagged.

    For over 160 companies using Snowflake, the lack of MFA led to significant data breaches, including customer records from AT&T, Taylor Swift tickets from Ticketmaster, and social security numbers from Advance Auto Parts. Snowflake has since mandated MFA for all new customers.

    Colin offers advice on basic data protection steps, such as using end-to-end encrypted messaging services and being cautious about the amount of personal information shared with companies. Ultimately, he advocates for stricter regulations to protect user data, calling for legislative action and involvement from bodies like the SEC to ensure companies implement robust security measures, including multiple forms of authentication and physical encryption keys.

    https://www.wuky.org/local-regional-news/2024-07-18/two-factor-authentication-could-have-prevented-at-t-data-breach-affecting-110-million-customers

    Tags

    metadata breach, AT&T data breach, cybersecurity, cloud security, multi-factor authentication, data protection, regulatory measures, Snowflake compromise, data breach prevention

    Search Phrases
    1. AT&T metadata breach 2024
    2. Snowflake cloud security breach
    3. Multi-factor authentication importance
    4. Cybercriminals accessing metadata
    5. Cloud storage security risks
    6. Protecting user data in the cloud
    7. Regulatory measures for data protection
    8. Steps to prevent data breaches
    Más Menos
    Menos de 1 minuto
  • CyberSecurity News: Trump Allies Draft AI ‘Manhattan Projects’ Order

    CyberSecurity News: Trump Allies Draft AI ‘Manhattan Projects’ Order
    Jul 18 2024

    In today's episode, we discuss Kaspersky's exit from the U.S. market and their six-month free security software offer amidst regulatory challenges, Trump's allies drafting an AI-focused executive order for potential military tech advancements, and North Korean hackers updating their BeaverTail malware to target macOS users. For more details, visit the original articles at the following links:

    1. https://www.bleepingcomputer.com/news/security/kaspersky-offers-free-security-software-for-six-months-in-us-goodbye/
    2. https://arstechnica.com/information-technology/2024/07/trump-allies-want-to-make-america-first-in-ai-with-sweeping-executive-order/
    3. https://thehackernews.com/2024/07/north-korean-hackers-update-beavertail.html

    00:00 - Intro

    01:00 - Kaspersky Exits U.S., Offers Free Security

    02:34 - Trump Allies Draft AI 'Manhattan Projects' Order

    05:21 - North Korean Hackers Target MacOS with BeaverTail

    Video Episode: https://youtu.be/gnlxZhcVIUI

    Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

    Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

    Logo Design by https://www.zackgraber.com/

    Tags

    Kaspersky, US market, national security concerns, ban, Trump, AI, military, regulations, North Korean, BeaverTail malware, macOS, hackers

    Search Phrases
    1. What are today's top cybersecurity news stories?
    2. Why did Kaspersky exit the US market?
    3. National security concerns related to Kaspersky ban
    4. How will the Kaspersky ban affect American users?
    5. Trump's AI military policy 2025
    6. Executive order to boost AI in military
    7. North Korean macOS malware threats
    8. Protecting macOS from BeaverTail malware
    9. New regulations for AI technology under Trump
    10. Updates on North Korean hackers targeting the US
    Más Menos
    Menos de 1 minuto
  • CyberSecurity News: Hacktivists Leak Disney Data Over AI Art

    CyberSecurity News: Hacktivists Leak Disney Data Over AI Art
    Jul 17 2024

    In today's episode, we discuss a 20% rise in ransomware activity in Q2 2023, driven primarily by the ransomware group LockBit and impacting U.S.-based businesses most heavily, as reported by Reliaquest. We also explore Void Banshee APT's exploitation of CVE-2024-38112 to spread Atlantida malware via spear-phishing campaigns, and the NullBulge group's data breach of Disney in protest against AI-generated artwork. Finally, we cover Microsoft's announcement of new checkpoint cumulative updates for Windows to improve update efficiency.

    URLs: https://www.cybersecuritydive.com/news/ransomware-leak-site-increase/721480/ https://www.helpnetsecurity.com/2024/07/16/cve-2024-38112-void-banshee/ https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-new-windows-checkpoint-cumulative-updates/ https://www.theguardian.com/technology/article/2024/jul/16/hackers-claim-disney-data-theft-in-protest-against-ai-generated-artwork

    00:00 - Intro

    01:14 - Hackers Leak Disney Data Over AI Art

    02:58 - Microsoft Unveils Efficient 'Checkpoint' Updates

    04:18 - Void Banshee Exploits Windows Flaw, Microsoft Fumbles

    06:05 - LockBit Surge Drives 20% Ransomware Spike

    Video Episode: https://youtu.be/lRuQiv-KWnQ

    Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

    Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

    Logo Design by https://www.zackgraber.com/

    Tags: Ransomware, attacks, LockBit, organizations, Void Banshee, APT, MSHTML vulnerability, Trend Micro, Microsoft, Checkpoint, cumulative updates, bandwidth, NullBulge, hacktivists, Disney, AI-generated artwork

    Search Phrases:

    1. What are today's top cybersecurity news stories?
    2. How did ransomware group LockBit contribute to the spike in ransomware attacks during May?
    3. Ransomware attacks on organizations in Q2
    4. Void Banshee APT exploits CVE-2024-38112 vulnerability
    5. Trend Micro's Zero Day Initiative findings on MSHTML vulnerability
    6. Microsoft checkpoint cumulative updates for Windows
    7. Benefits of Microsoft's new cumulative updates
    8. NullBulge hacktivists' breach of Disney's network
    9. AI-generated artwork controversy in cybersecurity
    10. Latest trends in hacktivism and digital protests
    Más Menos
    Menos de 1 minuto
  • SEXi ransomware, Squarespace Domains Hijacks, MS Breaks Defender – CyberSecurity News

    SEXi ransomware, Squarespace Domains Hijacks, MS Breaks Defender – CyberSecurity News
    Jul 16 2024

    In today's episode, we discuss how cybercriminals exploit Facebook ads to distribute SYS01 password-stealing malware (https://www.bleepingcomputer.com/news/security/facebook-ads-for-windows-themes-push-sys01-info-stealing-malware/), Microsoft 365 Defender disruptions caused by recent Windows Server updates (https://www.bleepingcomputer.com/news/microsoft/june-windows-server-updates-break-microsoft-365-defender-features/), the SEXi ransomware rebranding to APT INC and targeting VMware ESXi servers (https://www.bleepingcomputer.com/news/security/sexi-ransomware-rebrands-to-apt-inc-continues-vmware-esxi-attacks/), and weaknesses in Squarespace security leading to domain hijacks targeting cryptocurrency businesses (https://krebsonsecurity.com/2024/07/researchers-weak-security-defaults-enabled-squarespace-domains-hijacks/).

    Video Episode: https://youtu.be/feJqlYfCHZw

    Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

    Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

    Logo Design by https://www.zackgraber.com/

    Tags

    Trustwave, Cybercriminals, Facebook Ads, Malware, Windows Server 2022, Microsoft 365 Defender, Network Detection and Response, Patch Tuesday, Ransomware, VMware ESXi, APT INC, Encryptors, Babuk, LockBit 3, Squarespace, Security Flaws, Domain Hijacks, Cryptocurrency Websites

    Search Phrases
    1. What are today's top cybersecurity news stories?
    2. How are cybercriminals using Facebook ads to distribute malware?
    3. Protecting against info-stealing malware in Facebook ads
    4. June Patch Tuesday updates Windows Server 2022 issues
    5. Microsoft 365 Defender affected by Windows updates
    6. Ransomware attacks on VMware ESXi servers
    7. APT INC ransomware and its impact on businesses
    8. How to mitigate ransomware attacks using Babuk and LockBit 3 encryptors
    9. Squarespace security flaws and domain hijacking incidents
    10. Securing your domain during migration from Google Domains to Squarespace
    Más Menos
    Menos de 1 minuto
  • Cyber News: AT&T Message Locations Breached, Critical Exim Flaw, Hackers Exploit PoCs in 22 Minutes

    Cyber News: AT&T Message Locations Breached, Critical Exim Flaw, Hackers Exploit PoCs in 22 Minutes
    Jul 15 2024

    In today's episode, we dive into the critical vulnerability in the Exim mail server, tracked as CVE-2024-39929, exposing millions to malicious attachments (https://thehackernews.com/2024/07/critical-exim-mail-server-vulnerability.html). We also discuss the massive data breach at AT&T Corp., exposing phone and SMS records for nearly 110 million customers (https://krebsonsecurity.com/2024/07/hackers-steal-phone-sms-records-for-nearly-all-att-customers/). Lastly, we review Cloudflare's Application Security report detailing how threat actors weaponize proof-of-concept exploits within minutes of their release (https://www.bleepingcomputer.com/news/security/hackers-use-poc-exploits-in-attacks-22-minutes-after-release/).

    00:00 - Intro

    00:53 - Exim Mail Servers Vulnerable to Malicious Attachments

    02:04 - AT&T Data Breach Exposes 110M Call Records

    03:23 - Hackers Exploit PoCs in 22 Minutes

    Video Episode: https://youtu.be/Fe0YXWRxxyM

    Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

    Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

    Logo Design by https://www.zackgraber.com/

    Tags

    Exim, CVE, Vulnerable, Attackers, Malware, Security, Cybersecurity News, Exploits, AT&T Breach, Data Exposure, Customer Data, Cloudflare, Security Report, Hackers, Cyber Threats, Proof-of-Concept Exploits, Security Measures

    Search Phrases
    1. What are today's top cybersecurity news stories?
    2. Latest Exim mail server vulnerabilities
    3. CVE-2024-39929 critical flaw details
    4. How to protect against Exim server attacks
    5. AT&T data breach 2023 impact
    6. Cloudflare security report highlights
    7. Real-world proof-of-concept exploits timeline
    8. Preventing breaches in cloud databases
    9. Security measures for mitigating cyber threats
    10. How hackers exploit vulnerabilities quickly
    Más Menos
    Menos de 1 minuto
  • 100th Episode: Digital Safety and Security Panel (feat. Bill and Trae)

    100th Episode: Digital Safety and Security Panel (feat. Bill and Trae)
    Jul 12 2024

    In today's episode of The Daily Decrypt, we celebrate our 100th episode with a special panel discussion on personal privacy and security. Hosts Trae, Colin, and Bill dive into real-life scenarios of phishing attacks, SIM swapping, and data breaches involving brands like PayPal, Navy Federal, Ticketmaster, and Neiman Marcus. The panel also shares actionable tips on password management, using canary tokens, and enhancing cybersecurity awareness to protect against evolving threats. Video Episode: https://youtu.be/0pNmZ3QfUWk

    00:00 - Intro / Thanks for Listening

    01:51 - Trae just ignores his emails

    05:10 - Trae hangs up on scammers (and legit people too)

    15:54 - Bill uses aliased emails

    20:01 - Trae keeps up with data breaches

    24:49 - Bill uses a password manager

    27:20 - Trae changes his SIM pin

    31:45 - Colin uses deception to detect intruders

    Tags: cybersecurity, phishing, SIM swapping, data breaches, PayPal, Navy Federal, Ticketmaster, Neiman Marcus, password management, canary tokens

    Search Phrases:

    1. How to protect against phishing attacks
    2. Best practices for password management in 2024
    3. How to secure your SIM card from swapping attacks
    4. Latest data breaches: PayPal, Ticketmaster, Neiman Marcus
    5. Cybersecurity tips from The Daily Decrypt podcast
    6. How to use canary tokens for cybersecurity
    7. Real-life examples of phishing scams
    8. How to enhance personal privacy and security
    9. Strategies for cybersecurity awareness training
    Más Menos
    Menos de 1 minuto
  • Russian AI Disinformation, ViperSoftX eBook Malware, EstateRansomware Exploits Veeam

    Russian AI Disinformation, ViperSoftX eBook Malware, EstateRansomware Exploits Veeam
    Jul 11 2024

    In today's episode, we delve into how AI-enhanced software Meliorator was used to spread Russian disinformation on X (formerly Twitter), as detailed by the US Justice Department (DoJ). We also discuss the ViperSoftX malware disguising as eBooks on torrents, uncovered by Trellix security researchers, and examine how the new EstateRansomware group exploited a Veeam Backup Software vulnerability to launch attacks. Lastly, we cover Check Point and Morphisec's findings on zero-day vulnerabilities CVE-2024-38112 and CVE-2024-38021, and the urgency of applying Microsoft's recent patches.

    Video Episode: https://youtu.be/ZeL8oo0HRBY

    Original URLs:

    • https://www.helpnetsecurity.com/2024/07/10/russian-disinformation-x/
    • https://thehackernews.com/2024/07/vipersoftx-malware-disguises-as-ebooks.html
    • https://thehackernews.com/2024/07/new-ransomware-group-exploiting-veeam.html
    • https://www.helpnetsecurity.com/2024/07/10/cve-2024-38112-cve-2024-38021/

    Sign up for digestible cyber news delivered to your inbox: news.thedailydecrypt.com

    Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

    Logo Design by https://www.zackgraber.com/

    Tags: Russian disinformation, AI-enhanced software, Meliorator, social media bot farms, US Justice Department, domain seizure, digital army, fake personas, propaganda, ViperSoftX, malware, eBooks, torrent sites, Common Language Runtime, AutoIt, PowerShell commands, EstateRansomware, Veeam Backup & Replication, FortiGate firewall, vulnerability, ransomware attack, Check Point Research, Windows, CVE-2024-38112, Microsoft, patch, remote code execution, deceptive .url files, cyber threats.

    Search Phrases:

    1. Russian disinformation bot farms
    2. AI-enhanced software in social media
    3. How Meliorator spreads fake news
    4. Protect against ViperSoftX malware
    5. Ransomware exploiting Veeam vulnerability
    6. FortiGate firewall security flaw
    7. Latest cyber threats Check Point Research
    8. CVE-2024-38112 vulnerability details
    9. Microsoft's latest security patch
    10. Prevent remote code execution attacks
    Más Menos
    Menos de 1 minuto
  • New Ransomware Group Eldorado, Ghostscript RCE Vulnerability, CDK Fallout – Cybersecurity News

    New Ransomware Group Eldorado, Ghostscript RCE Vulnerability, CDK Fallout – Cybersecurity News
    Jul 9 2024
    In today's episode, we explore a critical remote code execution vulnerability in the Ghostscript library (CVE-2024-29510) exploited in the wild (https://www.bleepingcomputer.com/news/security/rce-bug-in-widely-used-ghostscript-library-now-exploited-in-attacks/), the significant impact of the CDK Global cyberattack on Sonic Automotive's sales and operations (https://www.cybersecuritydive.com/news/sonic-automotive-sales-decline-cdk-attack/720722/), and the rise of the Eldorado ransomware-as-a-service targeting Windows and Linux systems (https://thehackernews.com/2024/07/new-ransomware-as-service-eldorado.html). Tune in to get the latest insights and expert opinions on these pressing cybersecurity issues. Video Episode: https://youtu.be/dGMbjah4Gho Sign up for digestible cyber news delivered to your inbox: news.thedailydecrypt.com 00:00 - Intro 01:00 - Eldorado RaaS Encrypts Windows, Linux Files 03:50 - CDK Cyberattack Cripples Sonic Automotive Sales 05:42 - Ghostscript RCE Bug Exploited in Active Attacks Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Episode Tags Ghostscript, CVE-2024-29510, vulnerability, EPS, remote code execution, Linux systems, high-risk attacks, document conversion, protection, Sonic Automotive, CDK Global, cyberattack, financial performance, Ransomware-as-a-Service, Eldorado, encryption, cross-platform technologies Search Phrases How to protect against Ghostscript CVE-2024-29510 vulnerabilitySonic Automotive cyberattack newsImpact of CDK Global cyberattack on Sonic AutomotiveEldorado ransomware encryption techniquesGhostscript EPS files exploitRansomware-as-a-Service latest threatsFinancial impact of cyberattacks on automotive industryAdvanced cross-platform ransomwareGhostscript remote code execution vulnerability 2024Eldorado ransomware victims 2024 Jul9 There is a new ransomware as a service named Eldorado that is now encrypting files on both windows and Linux systems using advanced cross-platform technologies. And it's already targeted 16 victims across multiple industries since its debut in March of 2024. How does Eldorados ransomware encryption method differ from the other well-known strains, like lock bit or baboon? The effects of the CDK global ransomware attack. A few weeks ago, still remain as Sonic automotive vehicle sales have plummeted. How are CDK customers recovering and what are the longterm impacts? It might have on their financial performance. And finally. Thursday, remote code execution, vulnerability in ghost script that comes pre-installed on many Linux systems. That's now being exploited. Through EPS files disguised as JPEGs. How can you protect? The document conversion services against this go scrip, vulnerability. You're listening to the daily decrypt. It's both a sad and exciting day when we get to announce a new ransomware as a service operation. This time it's named Eldorado. And it targets both windows and Linux systems with specialized locker variants. It's specific strain of malware surfaced on March 16th, 2024. As of late June Eldorado has claimed 16 victims with 13 in the U S two in Italy and one in Croatia. And specifically it's targeting industries, including real estate education, professional services, healthcare and manufacturing. So it seems like they don't really have a type they're just looking to get their foot in the door. Eldorado. Is similar to all of the major names in ransomware as a service as it is a double extortion ransomware service which is a devilish tactic that builds on the traditional form of ransomware where threat actors. Would gain access to a network. Encrypt all the files. And then sell you the decryption key for an exorbitant amount of money. So that you can decrypt the files and carry on with your business. Well, it's now evolved to that. Plus they exfiltrate all your data and threatened to sell it on the dark web. If you don't pay. Which is much more effective because standard practices to back up your data. So you can get back up online. And if you do that correctly, Encrypting your data. It doesn't do anything because you'll be able to back it up. Oftentimes it's not done correctly. And your backups are also encrypted. But in the case, We're backups are appropriately implemented. These ransomware artists use double extortion. And this service has all the indicators that is very organized. As the affiliate program was advertised on the ransomware forum ramp, which. Indicates a level of professionalism and organization. You'd see in the top ransomware as a service groups. A security research firm was able to infiltrate this ransomware group and identified the representative as a Russian speaker. And noted that Eldorado does not share any sort of code with the previously. Leaked ransomware like locked bit or Bebout. And like mentioned before. This Target's primarily windows and Linux environments. And the encrypter comes in four ...
    Más Menos
    Menos de 1 minuto