Video Episode: https://youtu.be/wJO-8X_Wvww

In today's episode, we discuss critical security updates from Adobe that address severe vulnerabilities in Acrobat and Reader, specifically CVE-2024-41869 and CVE-2024-45112, as well as the implications of a newly discovered PoC exploit. We also explore the rise of Vo1d malware, which has infected 1.3 million Android TV boxes globally, compromising outdated systems from various brands. Lastly, we cover GitLab's urgent advisory regarding a significant pipeline execution vulnerability, CVE-2024-6678, urging users to update to secure versions immediately.

00:00 - Intro

00:55 - Adobe Patches

01:56 - GitLab

03:00 - Android TV Vulnerabilities

Resources:

1. https://www.helpnetsecurity.com/2024/09/12/cve-2024-41869/
2. https://thehackernews.com/2024/09/beware-new-vo1d-malware-infects-13.html
3. https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-pipeline-execution-vulnerability/

Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

Adobe, CVE-2024-41869, vulnerabilities, zero-day, Vo1d, Android TV box, malware, Doctor Web, GitLab, CVE-2024-6678, execute

What are today's top cybersecurity news stories?, Adobe security updates, CVE-2024-41869 zero-day, Vo1d malware Android TV box, protect Android TV box Vo1d malware, GitLab critical vulnerability, CVE-2024-6678, vulnerabilities in software updates, implications of delaying updates, securing GitLab installations

Video Episode: https://youtu.be/otdn468NX9Y

In today's episode, we explore the alarming implications of a rogue WHOIS server exploited by Benjamin Harris, the CEO of watchTowr, enabling him to generate counterfeit HTTPS certificates and potentially manipulate thousands of servers. We also discuss new malicious tactics employed by the Lazarus Group, including fake coding tests for software developers to disseminate malware, and Microsoft's recent patch release addressing 79 vulnerabilities, including three actively exploited flaws. Additionally, we touch on Ivanti's urgent updates for critical vulnerabilities in its Endpoint Manager software.

00:00 - Intro

01:07 - Ivanti Vulnerability

02:30 - Microsoft Patch Tuesday

04:00 - Lazarus Fake Code Challenges

07:00 - Researcher Exposes WHOIS Server Vulnerabilities

Articles referenced in this episode:

1. https://arstechnica.com/security/2024/09/rogue-whois-server-gives-researcher-superpowers-no-one-should-ever-have/
2. https://thehackernews.com/2024/09/developers-beware-lazarus-group-uses.html
3. https://thehackernews.com/2024/09/microsoft-issues-patches-for-79-flaws.html
4. https://thehackernews.com/2024/09/ivanti-releases-urgent-security-updates.html

Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

Tags: Benjamin Harris, WHOIS server, HTTPS certificates, vulnerabilities, Lazarus Group, Malware, VMConnect, Cybersecurity, Microsoft, Endpoint Manager, remote code execution

Search Phrases: What are today's top cybersecurity news stories?, Benjamin Harris WHOIS server exploit, fake HTTPS certificates tracking, vulnerabilities in internet security, Lazarus Group malware campaign, VMConnect software developer scams, Microsoft security patch urgency, critical vulnerabilities in Windows, Ivanti Endpoint Manager updates, remote code execution risks

In today's episode, we explore the alarming rise of sextortion and its devastating impact on individuals, families, and communities. We discuss recent cases involving Nigerian brothers sentenced for their role in the tragic death of a Michigan teenager, the emergence of sadistic sextortion targeting children in Australia, and new scams using personal information to exploit victims. Together, we shine a light on this critical issue, emphasize the importance of online safety, and share resources for those affected.

Those worried their intimate images will be shared can use a tool such as StopNCII, which creates a digital hash, or fingerprint, of images that is shared with companies such as Instagram, Snapchat, OnlyFans and Pornhub so they can block them from being posted to the platform.

Article URLs:

1. Nigerian brothers whose sextortion plot led to death of Michigan teen get 17 years: https://www.theguardian.com/us-news/article/2024/sep/06/sextortion-samuel-samson-ogoshi-jordan-demay?CMP=oth_b-aplnews_d-1
2. Australian police are warning about ‘sadistic sextortion’. Here’s how it works, and the red flags for parents: https://www.theguardian.com/technology/article/2024/sep/07/australia-federal-police-sadistic-child-sextortion-warning
3. Sextortion scam now use your "cheating" spouse’s name as a lure: https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/

• Nigerian brothers Samuel (22) and Samson Ogoshi (20) sentenced to 17 years (210 months) in prison.
• Victim: Jordan DeMay, 17, who died in March 2022.
• Jordan DeMay sent nude photographs after being befriended on social media.
• The brothers demanded $1,000, and Jordan paid $300 before threatening to kill himself.
• Less than 6 hours after the threat, Jordan died.
• FBI tracked communications to the brothers in Nigeria, revealing attempts to extort over 100 individuals.
• Australian police report children as young as 12 being coerced into producing extreme content via 'sadistic sextortion'.
• Increase of reports of image-based abuse in Australia: 117% in 2022-2023, with sextortion being the most frequently reported form.
• RMIT's Prof. Nicola Henry noted that intimate partners are often the perpetrators of sextortion.
• Just under 16% of surveyed adults reported experiencing threats to share intimate images, higher than most surveyed countries except the USA.
• Victim Rohan Cosgriff, age 17, died in 2022 after being pressured into sending intimate photos.
• Recent sextortion emails target spouses, claiming infidelity and demanding payments between $500 to $5,000.
• First appearance of the new sextortion variant noted about three weeks prior to the article's publication.
• Profits from sextortion scams were over $50,000 in the first week of their appearance in 2018.
• Recipients of new sextortion emails reported names used that aren’t commonly associated with them, including maiden names and pet names.

Video Episode: https://youtu.be/ECOVSA0MIyY

In today's episode, we delve into the newly discovered EUCLEAK attack affecting YubiKey FIDO devices, emphasizing the potential for state-sponsored actors to exploit vulnerabilities in the Infineon SLE78 microcontroller. We also discuss Cisco's response to a backdoor found in the Smart Licensing Utility, a critical flaw that allows unauthorized admin access, and highlight the Revival Hijack supply-chain attack endangering over 22,000 PyPI packages. Lastly, we urge Android users to install security updates addressing the actively exploited CVE-2024-32896 vulnerability.

Links to articles discussed:

1. https://www.bleepingcomputer.com/news/security/new-eucleak-attack-lets-threat-actors-clone-yubikey-fido-keys/
2. https://www.bleepingcomputer.com/news/security/cisco-warns-of-backdoor-admin-account-in-smart-licensing-utility/
3. https://www.bleepingcomputer.com/news/security/revival-hijack-supply-chain-attack-threatens-22-000-pypi-packages/
4. https://thehackernews.com/2024/09/google-confirms-cve-2024-32896.html

Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

EUCLEAK, YubiKey, Infineon, microcontroller, Cisco, Smart Licensing Utility, vulnerability, cybersecurity, Revival Hijack, PyPI, JFrog, Hackers, CVE-2024-32896, Google

What are today's top cybersecurity news stories?, EUCLEAK YubiKey vulnerability, Cisco Smart Licensing Utility backdoor, Revival Hijack PyPI package threat, CVE-2024-32896 Android update urgency, cybersecurity measures for YubiKey owners, protecting Cisco systems from vulnerabilities, safeguarding PyPI packages from hackers, critical updates for Android devices, cybersecurity risks in the technology industry

Video Episode: https://youtu.be/oMptm-Oi1R4

In today’s episode of The Daily Decrypt, we tackle a high-profile case involving the City of Columbus and security researcher David Leroy Ross. Ross is facing a lawsuit and restraining order after revealing the true extent of a ransomware attack that the city had downplayed. Despite claims by Mayor Andrew Ginther that the stolen 6.5 terabytes of sensitive data were unusable due to encryption, Ross proved otherwise—highlighting that personal information like Social Security numbers and details from domestic violence cases were fully intact and accessible on the dark web.

00:00 - Intro

00:37 - Updates from The Daily Decrypt

01:45 - Columbus, OH vs Security Researcher

09:23 - More News

We dive into the legal and ethical complexities that arise when a researcher discloses illegally obtained data in the name of public interest. What happens when the desire to protect people’s privacy clashes with responsible disclosure protocols? Ross bypassed these procedures, opting instead to expose the city’s misinformation by going directly to the media, leading to legal consequences that reflect a challenging gray area for security researchers.

In the second half, we discuss how Columbus's reaction—suing the very person who pointed out the severity of their data breach—sends a chilling message to those working in cybersecurity. Are they discouraging future researchers from revealing vulnerabilities, even when it’s for the public good?

We also explore:

• How Columbus mishandled the attack.
• The city's controversial decision to sue Ross.
• The broader implications for security researchers who choose to challenge powerful organizations.

Stick around for our lightning round of cybersecurity headlines, including a busted one-time password fraud service in the UK, a former engineer’s attempt to extort Bitcoin, and new vulnerabilities in Microsoft’s macOS applications.

Links to the articles discussed:

1. https://thehackernews.com/2024/09/new-flaws-in-microsoft-macos-apps-could.html
2. https://thehackernews.com/2024/09/ex-engineer-charged-in-missouri-for.html
3. https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/
4. https://arstechnica.com/security/2024/08/city-of-columbus-sues-man-after-he-discloses-severity-of-ransomware-attack/

Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

vulnerabilities, Microsoft, Cisco Talos, macOS, Bitcoin, extortion, insider, Missouri, OTP Agency, interception, passcodes, scammers, ransomware, Columbus, dark web, restraining order

What are today's top cybersecurity news stories, how can macOS users safeguard their devices from vulnerabilities, what tactics did the ex-employee use for Bitcoin extortion, what precautions can individuals take against OTP interception scams, what legal implications arise from disclosing ransomware attack details, what are the latest threats in cybersecurity, how does insider knowledge contribute to cyber crimes, what are the impacts of ransomware on local governments, how can companies protect themselves from extortion, what measures can be taken to enhance online security against scams

Video Episode: https://youtu.be/sUwjbJ_Uzm0

In today's episode, we explore the alarming rise of sophisticated cyber threats, starting with the exploitation of a 5-year-old zero-day vulnerability (CVE-2024-7029) affecting AVTECH IP cameras by the Corona Mirai-based malware botnet. We also analyze the tactics of the Russian APT29 group, which has been leveraging zero-day exploits against Mongolian government websites, using techniques akin to commercial spyware vendors. Finally, we explore how the Iranian hacking group Pioneer Kitten is collaborating with ransomware affiliates to extort various sectors in the U.S., highlighting the importance of proactive cybersecurity measures.

Links to articles:

1. https://www.bleepingcomputer.com/news/security/malware-exploits-5-year-old-zero-day-to-infect-end-of-life-ip-cameras/
2. https://www.bleepingcomputer.com/news/security/russian-apt29-hackers-use-ios-chrome-exploits-created-by-spyware-vendors/
3. https://www.bleepingcomputer.com/news/security/iranian-hackers-work-with-ransomware-gangs-to-extort-breached-orgs/

Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

Akamai, Corona Mirai, vulnerability, AVTECH, APT29, exploits, cyberattacks, spyware, Pioneer Kitten, Ransomware, Infiltrate, Extort

What are today's top cybersecurity news stories?, How can we defend against malware like Corona Mirai?, What vulnerabilities exist in AVTECH IP cameras?, Who are the Russian hackers known as APT29?, How do state-sponsored hackers exploit devices?, What measures can protect against iOS exploits?, How is ransomware being used by Pioneer Kitten?, What tactics are used in cyber extortion?, How can organizations defend against ransomware attacks?, What are the risks of outdated IP camera systems?

Video Episode: https://youtu.be/3xUukOuwAV8

In today's episode, we explore the major cyber threats facing organizations, including the exploitation of a zero-day vulnerability (CVE-2024-39717) in Versa Director by state-sponsored actors, particularly focusing on its implications for managed service providers and ISPs. We also discuss the ongoing cyberattack at Seattle-Tacoma International Airport that has led to significant service outages and delays, and the alarming rise in a QR code phishing campaign exploiting Microsoft Sway to steal Microsoft 365 credentials from users. Tune in to understand the sophisticated attack methods and what organizations can do to bolster their defenses against these critical threats.

00:00 - Intro

01:13 - Versa Director Zero Day

02:35 - Seattle Airport Outages

03:37 - 2000% Increase in QR Phishing

05:59 - Microsoft Security Logs

1. https://www.helpnetsecurity.com/2024/08/27/cve-2024-39717-exploited/
2. https://www.cybersecuritydive.com/news/seattle-airport-cyberattack-widespread-outages/725342/
3. https://www.bleepingcomputer.com/news/security/microsoft-sway-abused-in-massive-qr-code-phishing-campaign/
4. https://www.cybersecuritydive.com/news/cisa-microsoft-security-log-expansion/725358/

Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

Tags: Volt Typhoon, Versa Director, VersaMem, cyber threats, cyberattack, Seattle-Tacoma, manual processes, safeguard, QR code phishing, Microsoft Sway, cybercriminals, credentials, security logs, threat detection, CISA

Search phrases: What are today's top cybersecurity news stories? Volt Typhoon hackers exploit Versa Director, Seattle-Tacoma Airport cyberattack, how to protect managed service providers from cyber threats, QR code phishing attacks Microsoft Sway, cybersecurity measures against cybercriminals, improving threat detection with security logs, safeguarding critical systems at airports, latest cybersecurity vulnerabilities, CISA response to cyber threats, protecting against QR code phishing campaigns

In today's episode, we dive into significant cybersecurity developments including CISA's $524 million headquarters construction at the DHS campus, and the implications for infrastructure security. We also discuss the arrest of Telegram's founder Pavel Durov in France amidst rising concerns over content moderation failures, as well as the alarming use of AppDomain Injection in recent attacks deploying CobaltStrike beacons. Finally, we cover critical vulnerabilities identified in SolarWinds’ Web Help Desk that require immediate patching to safeguard against exploitation. Video Episode: https://youtu.be/wCRh9s2XsyQ

00:00 - Intro

01:14 - Telegram's Pavel Durov Arrested for Cybercrime Hub

04:53 - APT 41 Uses AppDomain Manager Injection to Deploy CobaltStrike

06:42 - SolarWinds Web Help Desk: Another Critical Bug Fixed

07:57 - CISA’s $524M HQ

Links to the articles discussed:

1. https://www.gsa.gov/about-us/newsroom/news-releases/gsa-awards-construction-contract-for-cisa-hq-on-the-st-elizabeths-west-campus-08192024
2. https://thehackernews.com/2024/08/telegram-founder-pavel-durov-arrested.html
3. https://www.bleepingcomputer.com/news/security/hackers-now-use-appdomain-injection-to-drop-cobaltstrike-beacons/
4. https://www.helpnetsecurity.com/2024/08/23/cve-2024-28987/

Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com

Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/

Logo Design by https://www.zackgraber.com/

Tags: CISA, Headquarters, Cybersecurity, Infrastructure, Pavel Durov, Telegram, Content moderation, Criminal activity, AppDomain Manager Injection, CobaltStrike, Cyberattacks, APT 41, CVE-2024-28987, SolarWinds, vulnerability, IT systems

Search phrases: What are today's top cybersecurity news stories? CISA headquarters cybersecurity consolidation Telegram founder arrest criminal activity AppDomain Manager Injection cyberattacks CobaltStrike vulnerabilities SolarWinds IT systems security updates