363: ShinyHunters behind Ticketmaster Breach?! (Half a Billion Customers Exposed!)

Episode 363 June 06, 2024 01:10:35
363: ShinyHunters behind Ticketmaster Breach?! (Half a Billion Customers Exposed!)
Technado
363: ShinyHunters behind Ticketmaster Breach?! (Half a Billion Customers Exposed!)

Jun 06 2024 | 01:10:35

/

Show Notes

Daniel is back and the Technado studio got a makeover! We kick off the show with some breaking news: TikTok accounts are being compromised through a zero-click DM attack, and over 360 million stolen accounts were leaked on Telegram cybercrime channels.

After our breaking news segment, we cover Bring Me The Horizon's hacking-themed website promoting their new album (spoiler alert: the website itself got hacked). Then, over half a million SOHO routers were remotely bricked - but we still don't know who did it or why.

In Linux news, hackers are packing malware with Kiteshield to avoid AV detection. CISA also issued an alert to federal agencies to patch an actively exploited (high-severity!) Linux kernel flaw.

After a quick break, it's time for Deja News! The upcoming Windows AI Recall feature has more haters every day: researchers are now calling it a security "disaster." BreachForums is back online thanks to a threat actor known as ShinyHunters (who also claims to be responsible for this week's Ticketmaster and Santander breaches). To wrap up the segment, Okta is warning (again) about credential-stuffing attacks targeting its CIC authentication offering.

In happier news, the US DoJ led an international operation to take down the world's largest botnet, and the man responsible has been arrested. And to wrap up the show, Cox Communications patched an auth-bypass bug that could have been disastrous - thanks to an independent security researcher.

Check out the stories Daniel and Sophie covered below:
https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.html
https://www.bleepingcomputer.com/news/security/361-million-stolen-accounts-leaked-on-telegram-added-to-hibp/
https://techcrunch.com/2024/05/28/rock-bands-hidden-hacking-themed-website-gets-hacked/
https://www.theregister.com/2024/05/31/pumoking_eclipse_remote_router_attack/
https://gbhackers.com/kite-shield-packer-abused/
https://thehackernews.com/2024/05/cisa-alerts-federal-agencies-to-pat

View Full Transcript

Episode Transcript

[00:00:04] Speaker A: You're listening to Technado. Welcome to another episode of Technado. Thanks so much for joining us this week. Quick reminder before we jump in that Technado is sponsored by ACI Learning, the folks behind it pro. If you haven't already, you can use that discount code, Technado 30 for 30% off your membership. I am branded right now. I am sponsor branded. This is very cold in here. And this is my jacket that I keep in the office. So, ACI learning, don't forget the name. I'm Sophie, if you don't already know me, if you're new here, welcome. We'd love it if you'd subscribe so you never miss an episode in the future and you can join us every week for a new Technado. We've got a lot to cover this week, but luckily I don't have to do it alone. There's this guy that wandered in, so he's going to help me out with that. How are you? [00:00:44] Speaker B: I'm doing quite well. I'm back in the studio and such a cool studio. You didn't even mention the new studio. [00:00:50] Speaker A: Oh, yeah. [00:00:50] Speaker B: I mean, this amazing set that we now have. I mean, don't get me wrong, the other set was very charming, had a lot of cool stuff going on in there. But as things go, it's time to mature. It's time to evolve. [00:01:03] Speaker A: Like a beautiful butterfly. [00:01:04] Speaker B: Yeah. And tell me that they didn't do a great job. [00:01:07] Speaker A: They really super cool. I love the lighting's also a lot more flattering, which is like a secondary. You know, it doesn't really. It's not the most important thing, but it is. [00:01:14] Speaker B: Listen, there's no fixing this. I'm sorry. [00:01:18] Speaker A: Well, you are sans sling. In the last couple weeks, you've been remote in your sling, letting your arm heal. So I know it's still a work in progress, but glad to have you back. [00:01:26] Speaker B: Yeah, I'm glad to be back. Thanks for having me. [00:01:28] Speaker A: It's just not the same, you know, without you here. So we're happy to have you here. We do have, like I said, quite a bit that we're going to get into this week. We've got a breaches galore. We've got a rock band that set up a hacking themed website. Sounds weird, right? But we'll get into that. Before we do, though, we have some breaking news that we talked about this morning. So, breaking news. Let's take a look at it. That's so cool, man. That's so cool. [00:01:52] Speaker B: This is the coolest studio in the whole entire world. [00:01:54] Speaker A: Like a PowerPoint effect. So we got a couple articles we want to quickly cover, and this is pretty new to us. We just laid eyes on these couple. [00:02:03] Speaker B: Movies, literally, this morning. [00:02:04] Speaker A: Yeah, this morning. So we'll go through them. This first one, if you are a TikTok user, this one's for you. Don't worry. I am, too. I know it's a badge of shame that I wear. Celebrity TikTok accounts have been compromised using zero click attack v via DM's. You're probably not a celebrity. I'm certainly not. So maybe we're not the target for this one. But it is interesting. Says targets are compromising brand accounts and celebrity accounts, though, they don't even have to click or interact with the thing that's sent to them, which is the scary part. [00:02:31] Speaker B: Just open your DM message. It's like, and done. [00:02:34] Speaker A: Yeah. So that's the scary part. [00:02:36] Speaker B: Yeah. That'll kind of give you the heebie jeebies, won't it? [00:02:40] Speaker A: They did say, I think, that they have taken action to stop it and to stop it from happening again in the future. But this isn't the first time something like this has happened. Back in January 2021, there was a flaw that could have enabled an attacker to build a database of users and phone numbers. And then something similar happened in 2022. It was a one click exploit. So not zero click you did have. [00:03:01] Speaker B: Speaking of evolving, it seems to go that way. Right. Well, first it was this, and then it was a one click, and now it's. You don't even have to click. Just open. Open the lovely DM. And you see it sitting there and, you know, could be really good info. Could be a nice message. I'm sure it's awesome. Let me click. Oh, dang it. [00:03:18] Speaker A: And that is. I wonder, like I said, this is. This is new to us. And I think, I mean, because this article, I think, just came out this morning, it's still relatively new to folks that are reporting on it. Maybe more information will come out. But I'm not like a big, famous TikTok person, but I'll get. As soon as you get over a certain amount of followers and the threshold is not very high, you'll start getting these, like, requests from, oh, do a. Do a partnership with us. And it's usually some random, like, five sponsorships or whatever. Right. But it's. A lot of it is like, that looks fake. [00:03:48] Speaker B: Or we'll give you the item, and if you wear it or play with it or do with it. Yeah. [00:03:53] Speaker A: But it'll just. They'll just come in, and I don't even see them. Cause I don't get the note. I don't have the notifications on, and I don't ever open them. Only because I'm like, I don't really want to deal with that now. I'm like, well, now I'm definitely not touching it with a ten foot pole. [00:04:04] Speaker B: Yeah. [00:04:04] Speaker A: Because I doubt I'm the target for this. But what if. You never know. [00:04:07] Speaker B: What if. What if it's a scary world out there in interwebs? [00:04:10] Speaker A: It is. [00:04:11] Speaker B: That's right. [00:04:11] Speaker A: You mentioned something before the show. Cause Daniel's a bit smarter than I am in that he's not on TikTok, and that's good. I really shouldn't be, but, you know, it's. [00:04:20] Speaker B: What? Do I have a drug? Do I look like a fool to you? Don't answer that. [00:04:23] Speaker A: A clown. Yeah, but you said something about. You were talking about the celebrity accounts and what that means, so. [00:04:31] Speaker B: Yeah, because I'm not a TikTok user. Right. I wasn't sure whether or not they were saying that they were TikTok celebrities or they were celebrities on TikTok. [00:04:41] Speaker A: Right. [00:04:42] Speaker B: Any clarification on that? [00:04:43] Speaker A: I think the line has just been blurred so much, because, like, you've maybe heard of Charlie D'Amelio. Okay. [00:04:49] Speaker B: Oh, maybe I have. [00:04:50] Speaker A: Who? She did the renegade dance. We're gonna get so many hate comments for this. It's gonna be like, don't talk about that crap. [00:04:56] Speaker B: I do not know this. [00:04:58] Speaker A: I mean, she was like. She's probably, like, 18 or 19 now, but when she got famous, she was a teenager, and she was TikTok famous. That was this term. You're TikTok famous. You're famous on TikTok. But outside of it, nobody knows who knows you are. But now her family's got their own tv show. Show on Hulu. Like, she's at award shows, and, like, she gets invited to Mount Galas. [00:05:16] Speaker B: It became the springboard for her to become actually famous. [00:05:19] Speaker A: So now she's just like. She's got brand deals. I think she was. She's. She was dating Travis Barker's son for a while. Like, she's enmeshed in that culture. They're, like, friends with the Kardashians and stuff. Okay, so now they're just like your. [00:05:31] Speaker B: Daily pop culture fix right here. [00:05:33] Speaker A: There you go. This is the one thing that I can. [00:05:35] Speaker B: That she can contribute to. [00:05:38] Speaker A: I'm not helping my image here at all. But point being, it's kind of, there are some people that are still, if you're not on TikTok, you don't know who they are. But some of them, like, I've got family members that are not active on TikTok, but they know who she is because they see her. And she's just in media now. So it could go either way. It could be celebrity accounts, like, Sabrina Carpenter's a popular singer. She's on TikTok. If her account got compromised, yeah, it's a big deal. She's got a big following, but she's famous for other stuff. She's an actor. She's a singer. [00:06:05] Speaker B: Gotcha. [00:06:05] Speaker A: And then you've got the Charlie D'Amelio's of the world that are famous for something. What exactly? We'll find out in the future. Okay. So, yeah, it'll be interesting to see what more comes out on this. The zero click part, though, is absolutely pretty scary. [00:06:19] Speaker B: I can't wait to see the autopsy of that, how that works. Like, how are they getting zero click exploitability out of tick tock? So I really look forward to following this down the rabbit hole. [00:06:32] Speaker A: And this is not the only piece of breaking news that we have in other controversial social media app news. 361 million stolen accounts leaked on Telegram added to hibp, which. I didn't know what that was at first. It's have I been phoned? I'm just not using it abbreviated like that. I was like, what, what organization is that? Have I been phoned? So 361 million, that's no small potatoes. [00:06:53] Speaker B: No, that's a lot. And these are, these are new to have I been pwned? So have I been pwned? If you're not familiar with that, it's a lovely service that you can go to the have I been pwned website and check your email account to see, has that been a part of any known breaches. So have I been pwned? What they do is they kind of, they kind of collates all the known breach data that they can find from the dark web and other sources, and they put it in one spot so that you can use them as a service to say, hey, cool, let me check my email. Has that been, if it has been a part of any breaches, what breaches were they a part of? And they give you all this cool information on what goes along with that. Not only that, but you could check passwords. So if I want to put my password in there, I know that seems kind of sketchy, right? Because you're putting your password into a website. [00:07:36] Speaker A: Yeah, right. [00:07:37] Speaker B: That seems a little weird. So there's a buyer beware, right? Use with caution. Your mileage may vary, that kind of stuff. Check the warranty for more details. But you put your password in, can say, is this a part of any known breaches? Is this a known password? Because if it is, well, then, you know, you might want to change it because somebody out there has breached that password and if you're using it, you might be a victim of something like credential stuffing and that kind of thing. So it's a great service. They now just increased their, their tally of emails, usernames and passwords by 361 million new, new, new things. Yeah, I think that's crazy. [00:08:23] Speaker A: That is crazy. That's pretty wild. When I read this, my reading comprehension's not great. It's early for us, you know, but I read this and skipped over some words. So it's just now registering. This stuff was leaked on. It's not like it's telegram login information. This is stuff that, there are like cybercrime channels on telegram where this stuff circulates. [00:08:42] Speaker B: Correct. [00:08:43] Speaker A: And I did not, I guess, any, any place where there's a forum or anything. [00:08:46] Speaker B: Right. Because you can make a channel, anybody can make a telegram channel and then anybody that wants to have access, you can give them access to it. And. Yeah, so it's a great place. And of course, I think they use and then encryption and stuff like that. Telegram is meant to be a secure platform, so it's a great, again, tools can be used for good or evil. [00:09:04] Speaker A: Yeah, yeah. [00:09:06] Speaker B: It seems like the bad guys have found a sufficient use for telegram. [00:09:10] Speaker A: And I guess even the article that we're pulling here is from bleeping computer and they talk about towards the bottom of this article that they were also affected. They basically said no site could be unaffected with a data set this large. And that includes us. A list of credentials stolen by information stealing malware. Let's see. They did say that they've started the process of like figuring out who's been affected and resetting passwords and such username, password and URL that a member used to log into our forums. So it was the believing computer forums that there was some information that was affected there. [00:09:40] Speaker B: Yeah. They also have some confirmation on some of these things as well. They reached out to some people and tried some of these username and password combinations and were able to, I think there's a. Yeah. Screenshot of them logging into like Nike. [00:09:53] Speaker A: Yeah. [00:09:53] Speaker B: And they can see that they would use one of the emails that they had that was new to have I been pwned? They go to nike.com because they could see that it was a Nike login and just put in the email with no password and it'll say hey, have you forgot your password? Otherwise it would have said there's no such account. This is bad Opsec on Nike's website account. It should not be informing you of whether or not that that's a good password or uh, email address. It's just say your email address or password is incorrect. Be very vague. Shouldn't be, should not be giving it out. The fact that hey, you used a good email but you didn't use a good password. Did you forget your password? That's not what you do. You can hit that change password link or forgot password link. It should be both of those things. Like hey, one of those things did not work. I'm not going to tell you which one it was. So if you think you are using the correct email address then hit the forgot password link because you know whether or not you use the right email address because you can see it, you typed it in, you can retype it in and retype in your password and if you know you did it correctly and it still doesn't work, it's obviously a password issue. [00:11:00] Speaker A: Right. [00:11:00] Speaker B: So reset your password. I, as the end user know these things, the site doesn't need to be telling me you used the, you have the right email, use the wrong password. Well now I have one of the two things I need to log in. [00:11:12] Speaker A: Right. Because if you're just guessing, if you're just throwing stuff at the wall, seeing what sticks now, you know, okay, well I'm halfway there, right? [00:11:17] Speaker B: You just, you just decreased that by 50% for me. [00:11:20] Speaker A: Yeah. [00:11:20] Speaker B: Right. And now I can probably write a script in Python or whatever to verify all these usernames or email addresses for the site. Right, there you go. [00:11:31] Speaker A: That's a good point because as an end user, like when I was a kid and you know, you're on webkins and stuff. [00:11:35] Speaker B: Yeah. [00:11:35] Speaker A: Sometimes I get annoyed because I had like an email address that I've had since I was young so I could log into barbie.com and play games. Cause you had to have an email address seven years old, no need for that. But then eventually I had a different email address that I used and sometimes I'd be like, crap, I can't remember which email I used. So I'd put it in and it would be like, well it might be your email or your password just for any given site, and I would get kind of irritated. Cause I'm like, well, I don't. Maybe I added a number to the end of this password, or maybe I didn't. And maybe it's a different email. I would get a little irritated, like, why can't you just tell me? But from a security perspective, it absolutely makes sense. Yep. [00:12:06] Speaker B: It's a security thing. [00:12:07] Speaker A: Okay. I thought they were just trying to make my life harder. Well, the me problem. [00:12:12] Speaker B: They're trying to make your life harder. They're trying to make threat actors life harder. [00:12:16] Speaker A: Well, the two are not necessarily mutually exclusive. You never know. You don't know what my future holds. I'm kidding. [00:12:21] Speaker B: That was a joke. [00:12:22] Speaker A: I'd like to keep my job. [00:12:23] Speaker B: Your honor, I'd like to submit exhibit a. [00:12:27] Speaker A: He will turn on me in 2 seconds. He will testify. Absolutely. [00:12:31] Speaker B: Oh, she's a horrible person, judge. I saw her kick puppies. [00:12:34] Speaker A: Well, there's a line. [00:12:38] Speaker B: It was kittens. [00:12:40] Speaker A: Yeah, that's true. Cats are totally different story. But those are the things we saw this morning that, you know, we didn't quite have enough information to really go. [00:12:47] Speaker B: And we didn't see them until literally about an hour ago. [00:12:50] Speaker A: Right. But I mean, we want to stay. [00:12:52] Speaker B: On top of things. [00:12:52] Speaker A: She was pretty relevant. I figured we would jump into it. [00:12:54] Speaker B: That's right. [00:12:55] Speaker A: Well, we do have some fun stuff this week. A couple of these articles are things maybe you've heard about, but. But this next one might be a little bit off your radar. Rock band's hidden hacking themed website got hacked. So the theme was hacking. But this was not in their plans. So if you are a fan of certain genres of music, this band is bring me the horizon. [00:13:15] Speaker B: Are we gonna victim shame these people? Yeah. [00:13:17] Speaker A: Well, I mean. [00:13:18] Speaker B: I mean, you said hacked the site. [00:13:20] Speaker A: You wanted to get hacked. [00:13:21] Speaker B: Yeah. You set it up to. [00:13:23] Speaker A: You kinda asked for it. [00:13:24] Speaker B: Yeah. [00:13:25] Speaker A: But it was supposed to be kind of a fun little thing. The way they set this up, I thought was pretty neat. So I do listen to some of bring me the horizons stuff. I'm a casual enjoyer, but I kind of missed the boat on this one. So somebody was listening to their new album, and one of the last tracks had some kind of a weird sound at the end when he put it into, I think a spectrogram. Or he put it into an audio editing app and there was a spectrogram. [00:13:45] Speaker B: Audacity. [00:13:47] Speaker A: I think you're right. Audacity. And it was a QR code. A scannable QR code. So this guy got excited posted on the bring me the horizon subreddit. Hey, look at this. And when you scan it, it takes you to a hidden website protected by a passcode. [00:14:00] Speaker B: So their album and their website is basically a CTF. [00:14:04] Speaker A: Yeah, yeah, I guess. Yeah. They probably, I guess, wouldn't call it that. [00:14:07] Speaker B: But that's ultimately what it will say. You find a clue, you follow the clue, you go to the next clue, you follow that clue. [00:14:13] Speaker A: And then when you get. [00:14:14] Speaker B: There's like a prize at the end. [00:14:15] Speaker A: Yeah. And then even flag. Yeah, a flag. If you will. [00:14:18] Speaker B: If you will. [00:14:19] Speaker A: Even. Once you get into the website and you use the number that's hidden on the album art to log in, there's more stuff within the websites. They call it an alternate reality game. And I guess bands have done this before. It's not like a new thing, but somebody got a little carried away, or maybe more than one person. They were playing along with the website and doing the little games that they had set up and somebody took a little too far and did some actual hacking on the hacking themed website. They ended up having to take the website down. They weren't super specific with what went wrong, but somebody got access to something they weren't supposed to, so they took the website down. And now there is a little message that appears with this creepy little guy. I guess this is a character from their album art or something. He looks like Yoda if he was horribly deformed. So I don't really. [00:15:01] Speaker B: Mate, apparently. [00:15:02] Speaker A: Mate. [00:15:03] Speaker B: Yeah, mate. [00:15:04] Speaker A: I don't like it. But they put this kind of creepy little note about like, oh, you've been. [00:15:09] Speaker B: Illicitly hacking something out of dark crystal. [00:15:14] Speaker A: It's just a little. It's a little. It gave me the chills when I read it the first time. It was just a little creepy, but. But basically says, come on, don't ruin the game for everybody else. Play it the way you're supposed to play it. You know? I mean, it's not like they hacked in and stole information, you know? [00:15:27] Speaker B: Not that we know of. [00:15:28] Speaker A: That's true. I think it was just stuff that hadn't been revealed yet. [00:15:31] Speaker B: Like they were kind of like giving up the ghost on the game. [00:15:34] Speaker A: Yeah. Yeah. So not like, oh, my God. Usernames and passwords. It was nothing like that. But just, you know, you're kind of ruined in the fun. [00:15:40] Speaker B: Don't be that guy. [00:15:41] Speaker A: Don't be that guy. [00:15:42] Speaker B: You know, it's funny. Back in. Back in my day, first time I came into something like this was with Green Day, their Dookie album had a secret song. I think it was the Dookie album. It had a secret song at the end of it. And so if you put the cd in and you just, you know, you hit play, right? You let it go. Well, the last song stops and it's just dead air, but it's still playing. But most people think, oh, I got to go back and start the first. If I want to listen to it again, I gotta hit that first one. Especially if you had the tape, right? The tape is like, let's just stop. Okay. Flip the tape over. Oh, I gotta rewind it a little bit weird, because there, you had to just let that play, and there was like a little secret song at the end. I'm not gonna sing it because it's inappropriate. But. But it was a lot of fun for us, as, you know, teenagers during that time to have that going on. So I applaud. Bring me the horizon for continuing the legacy of having some fun with their music and. And things of that nature. [00:16:41] Speaker A: It's fun. It's neat to see bands like this, like, branch out with their stuff. You know, you see it on social media sometimes where they'll hint at things. Taylor Swift is, like, famous for this, where she'll, like, hide Easter eggs in her posts and stuff. But this is cool because it just. [00:16:52] Speaker B: Makes the experience more interactive. [00:16:53] Speaker A: There's a little more effort. This is more in depth. [00:16:55] Speaker B: That is totally. [00:16:56] Speaker A: You had to try. That's not just. [00:16:57] Speaker B: I'm gonna go out and purchase the entirety of bring me the horizons discography. Yeah. [00:17:03] Speaker A: You support this band. [00:17:04] Speaker B: Show my support. That's right. [00:17:06] Speaker A: You've got new fans here. [00:17:07] Speaker B: Bring me. I've heard them before. I like them. [00:17:08] Speaker A: Yeah, I like some of their stuff. But like I said, casual, enjoyer. So I missed the boat on this one. I'll go back and see if I can't figure out how to get into that website in a long time. [00:17:17] Speaker B: Actually, I want to do the. I'm going to do the. I'm going to do the game. [00:17:19] Speaker A: Yeah. [00:17:20] Speaker B: Yeah, why not? It'll be fun. [00:17:21] Speaker A: You've got the QR code already. It's in the article, but I'm still. [00:17:23] Speaker B: Going to do that. I'm still going to get the song loaded into the. [00:17:25] Speaker A: Oh, you'll do the full process. [00:17:26] Speaker B: I want to do the full process. Just. It's all about the experience. [00:17:30] Speaker A: He's an ethical hacker, right? [00:17:31] Speaker B: Well, it has nothing to do with ethics. It's just I want the experience more than I want the flag. [00:17:36] Speaker A: Yeah, but you're not skipping steps. You're doing it the way it was intended. We appreciate that. So I just thought that was a little fun one to start off with. A little bit less fun. [00:17:44] Speaker B: Less fun. This next, start moving on to less fun. [00:17:46] Speaker A: Moving on to less fun things. A mystery miscreant, which is fun to say, remotely bricked 600,000 soho routers with malicious firmware. Update. Now, this happened back in October, hence why it is called, I believe, pumpkin eclipse. [00:17:59] Speaker B: Pumpkin eclipse. [00:18:00] Speaker A: Pumpkin eclipse. That's fun. Sounds like a level in sonic adventure battle. [00:18:03] Speaker B: I was thinking of nightmare before Christmas. [00:18:06] Speaker A: Oh, yeah, that too. That too. [00:18:07] Speaker B: This is where my mind went. [00:18:08] Speaker A: This is three eleven's newest song, pumpkin Eclipse. [00:18:10] Speaker B: Pumpkin eclipse. [00:18:11] Speaker A: But this happened back in October. But it was only just disclosed, I think, publicly this past week. So that's why we're hearing about it now. One thing that's interesting, though, is obviously they still don't know who did it. They haven't attributed this to anybody, but they don't have any information, I don't think, on who was actually impacted. Like the ISP that was impacted. [00:18:31] Speaker B: Oh, right, right. If they do, that's not being disclosed or I think they think it's windstream. Right? Is that what it was think? Yeah, we had a lot of. Spoiler alert. There's a lot of stuff going on this week in our tech NATO articles with home routers and IoT devices and botnets and things of that nature. So if I get the effects mixed up, it's because they're kind of cross pollinating. [00:18:53] Speaker A: Yeah. [00:18:53] Speaker B: But regardless, this was a bricking of these devices. Like they, the fix for this was, here's your new router. Enjoy. Right. That's. That's kind of crazy to me. What I start thinking of is, why did they want to brick all these routers? What was the purpose behind this type of attack? Was it just to say, I did it? Which is totally possible, you know, bragging rights to say, look what I did. I downed 600,000 routers. [00:19:23] Speaker A: Yeah. Disgruntled employee of an island. [00:19:26] Speaker B: Yeah, could be. Could be, right. Who knows? We don't have a lot of information on this except that it happened. [00:19:33] Speaker A: It's a lot, like you said, of speculation. And they did mention that there's only this type of attack where it's just like, they just break a bunch of stuff has only been seen once before, and it was the, they said the acid rain wiper case attributed to sandworm and used to take out modems used in Ukraine as a prelude to Russia's invasion. [00:19:49] Speaker B: Yes. [00:19:50] Speaker A: So I guess that makes sense. You're just trying to make it so that you can't use these devices. [00:19:55] Speaker B: Yeah, well, it said before that, though, so it was like bricking the device was kind of the last. The last effort. Right before that, they got. So they found a way to gain control over the device and then uploaded some malware, which I believe was the chalubo rat, a remote access trojan. So they get the chalubo rat installed for. Not for very long. It didn't seem like. Because I think it was in the span of. Did they tell us the time frame? 72 hours, period. Yeah, like, yeah, that's not very long time. You got the rat on. What are you doing with the rat? Like, there's a lot that doesn't seem to make sense with this. [00:20:34] Speaker A: Yeah, that. [00:20:35] Speaker B: At least not for me. I'm not putting the puzzle pieces together. And apparently neither is the register or the people that are working on this so far. We. We probably just don't have enough information quite yet. So. Another one of these stories that I'm going to have to put on my keep following that. [00:20:48] Speaker A: Yeah. Maybe it'll come back up in the future and maybe it's just stuff that's not being disclosed. Like you said, maybe there's more information than we're aware of. [00:20:54] Speaker B: We don't talk about an ongoing investigation. [00:20:56] Speaker A: Right, exactly. We cannot speak on that, unfortunately. [00:20:59] Speaker B: We cannot reveal the details. [00:21:00] Speaker A: But it is. Even though it's like, okay, well, there's only a couple days. It doesn't seem like they really did what you would think somebody would do when they gain access to a device like this. That, to me, is like coming home and finding your door unlocked and it's open and it's like somebody's been in your house, but it seems like nothing's missing. All they did was like, I don't know, break one of your windows or something, and it's like, well, everything else seems to be fine, but that makes me more suspicious. [00:21:21] Speaker B: Well, it was. No, it was more like they walked into your house and used all your appliances and then set the building on fire. [00:21:29] Speaker A: Yeah. [00:21:29] Speaker B: Like, why? [00:21:32] Speaker A: That seems so pointless that. What? Okay, what am I missing? What did you do? [00:21:35] Speaker B: If you were able to break into my house so easily and, like, raid my refrigerator and watch my tv and wash all your clothes, it seemed like that was a good deal for you. And then you set the house on fire for what doesn't seem to be a very good reason. [00:21:50] Speaker A: So very strange. It does seem like there's some pieces missing. So maybe that'll come back up and we'll get more information on it in the future. Now this next one, I'm curious if there's maybe some more information for us to work with. Kite shield packers being abused by Linux cyber threat actors. The thing that I was kind of stuck on reading through this is I understand that this kite shield is basically being used to help malware evade detection, right? [00:22:14] Speaker B: That's correct, yes. [00:22:15] Speaker A: Does Kite shield have a legitimate use? [00:22:17] Speaker B: Yes. [00:22:17] Speaker A: Okay. What does it usually use? [00:22:19] Speaker B: Most of the packers are. So if you're a programmer, you're developing an application, right. That could be in the order of a lot of lines of code, especially when you compile that code. If it's a compiled application, which is where packers come into play. When you compile it, the compiler, depending on whether it's in C or C or Java or go or rust or whatever the case is, is they can put in more information that that needs. So if you're importing libraries and things, oh, I got to grab that and put it into one file. So it starts to build this thing and becomes a lot larger than your original file because it's all packed now into one file to make everything work. It's huge. Well, I don't want a huge file to give to someone. Have to download two gigs of one thing executable. Maybe I can shrink that down. That's where packers come into play. Okay, let me pack that in. It uses things like encryption and compression and all this other like, techniques to kind of squeeze that down into a smaller file. Not only that, but let's say I've built this application and I'm selling it to you out there. Cool. You love my app. It's great. My competitors are going to want to reverse engineer my application so that they can build something like it or crack it and then make it freely available to the Internet. And it's like, I don't want to have that happen. That dips into my wallet, that takes food off my table because you're taking money out of my pocket by making it freely available because you cracked it and did all these things. Right. So we want to avoid this. So packers can help with that. They obfuscate the ability to see what's going on inside that. And I think, uh, kite shield specifically had a lot of really good functionality for detecting whether or not it's in a debug, uh, system detect or seeing, uh, protecting memory dumps. Protecting it had a lot of protections built into it. So again, going back to there are tools out there they can be used for good or evil. [00:24:19] Speaker A: Yeah. [00:24:20] Speaker B: And the bad guys got together and said, well, if you can hide all these things and sandbox. Sandbox detection and memory dump protection and all this stuff, I can build malware and things that want to look at it and see what it does. Won't be able to do that because kite Shield will put the kibosh on that. And they, in this article, they took, they saw three known variants of malware that if you just put that on a system, any virus is going to go, oh, that bad. That no good. We don't like it is. Yeah. [00:24:50] Speaker A: They're familiar with the signature, I guess, right? [00:24:52] Speaker B: Because it's signature, you. You pack it with kite Packer, and it flies right by, like, putting a. [00:24:57] Speaker A: Fake mustache on it. [00:24:58] Speaker B: That's exactly as little. Pay no attention. These aren't the droids you're looking for. [00:25:02] Speaker A: Yeah, exactly like, oh, yeah, these are. [00:25:04] Speaker B: Not the droids we're looking for. Yeah. [00:25:05] Speaker A: Move along now. [00:25:06] Speaker B: Move along now. Yeah. [00:25:07] Speaker A: Okay, so I guess I'm curious, because one of the things that's brought up is, okay, maybe now, antivirus engines need to be improved so that they can detect this stuff. So does that mean that anything that's packed in kite shield is then going to raise a red flag for an antivirus engine? [00:25:21] Speaker B: In my experience, antivirus usually is very knee jerk reactionary. Right. Yeah, we'll just flag anything with Kite Packer as malicious, and it's like, well, I write legitimate software, and now it's getting flagged as malicious, which gives me a bad reputation, which takes money off out of my pocket, which food off my table. So, yeah, it's not great that these things happen. I used to play around with the Nim programming language. Anything I built with Windows Defender would flag the Nim programming language as a malicious thing. And you had to play this whack a mole with versioning to get it. [00:26:01] Speaker A: To work because it's just commonly used. [00:26:03] Speaker B: For that, because it's commonly used by malware devs to create malware. So it would, all these lovely antivirus systems out there would just go, well, we'll just make Nim a malicious entity. Anything built by Nim, even Nim itself. [00:26:19] Speaker A: Is there a way around that? [00:26:21] Speaker B: Yes, but it's like, you have to use things like packers or there's a lot of techniques that you'd have to do. A lot of it came down to, like I said, playing whack a mole with versioning. This version would get detected, but that version would not. Okay, but now I lose functionality or I have to use older functionality that's been deprecated because I'm in a different, it just becomes a real pain in the a to deal with that. So I jumped at go, guess what? Same thing, right? Because go became popular for malware devs. They started going, hey, it's written in go. It's malware. It's literally hello world. No, no, no, that's malware player. And then here's the. You ready? You're ready for that? If so, I used a packer. I was like, well maybe if I pack it right now you can't see what's going on. Does weird string obfuscations, like I said, uses encryption mechanisms. I think our kite shield, I keep saying kite packer, kite Shield uses rc four like an art, a variation of the rc four algorithm to encrypt zora encryptions. All these things, by the nature that you have those things in, it goes, well, obviously you're trying to obfuscate, therefore you are a malicious entity. It's hello world. I hate you so much. So it can be very frustrating to deal with. And that's why security is really hard, right? It's really difficult to do security well because there's so many complex entities that are trying to work hand in hand and yet they're not in symbiosis with each other. Right? They're not a part of each other. So I have to do my best and they have to do their best to protect and allow for functionality. So it becomes really difficult. And I would expect to see AV systems to start to just flag anything used with kite shield. [00:27:59] Speaker A: So that's a pain. I mean, for people that are using it legitimately that, that just sucks for folks that are doing the right thing. Why you got to ruin it for everybody else? That's going to be a theme today I think. [00:28:09] Speaker B: Yeah, why, why guy, the bad apple's. [00:28:12] Speaker A: Got to spoil the bunch. [00:28:13] Speaker B: Come on, player. [00:28:14] Speaker A: It's just not fair. Well, we are going to take a break in just a second, but real quick let's, let's cover this next one. [00:28:18] Speaker B: Okay. [00:28:19] Speaker A: I feel like it's, we were talking about, you know, kind of had to do with Linux this last article and so does this next one. Sisa, Sisa, Sisa, however you choose to. [00:28:26] Speaker B: Pronounce it. [00:28:28] Speaker A: Alerts federal agencies to patch actively exploited Linux kernel flaw actively exploited is always a fun little buzzword. [00:28:35] Speaker B: That's always bad, right? [00:28:37] Speaker A: It's always interesting to see in a headline. [00:28:39] Speaker B: Yeah. [00:28:39] Speaker A: Says it's a high severity issue 7.8 CVSS score relates to a use after free bug that permits priv escalation. Priv esque privas, we love that. And possibly arbitrary code execution. Possibly, maybe, perhaps. [00:28:52] Speaker B: Probably. [00:28:53] Speaker A: Probably. You think it's likely? [00:28:54] Speaker B: It probably is. I mean if they have the ability to do the old privacy, I would assume at this point that it's probably just trivial to tack on. Hey, well now that you got those privs, so go ahead and do this. [00:29:07] Speaker A: It is actively exploited, but there's, there is a fix for it and that typically happens. [00:29:12] Speaker B: So this affects the net filter piece of the Linux kernel which is used for things like iptables to control and view and monitor the flow of network information that goes through the Linux operating system. It's a really handy thing to have. They found a flaw in it. Like you say, use after free. Basically some memory got freed up but it didn't get deallocated. If you have control you can put your own code there and go yeah, use that code and it'll go okay, I'll use that because it's still allocated memory for me and move on. So that's, that's where the problem comes in. And then once you have that ability it's just what they like to do with that. Especially this is obviously going to be some post exploitation. I would already have access to the system at this point through maybe abused SSH credentials or I have credentials. I'm an insider threat and I just want to elevate to administrator. I could download the proof of concept code for this and run it and I would now be a root user. Okay, so that's the problem. And then once I'm a root user I can create backdoors and all that and happy goodness and give myself persistence and move on from there. So these things get found all the time. I remember one of the more famous ones was the dirty cow. I think they call this one dirty something, right? [00:30:31] Speaker A: That's a good question. [00:30:32] Speaker B: I don't know, I think there is a name for this one. [00:30:35] Speaker A: Dirty cow. [00:30:36] Speaker B: That's a dirty cow was a very popular one. I think it came out in like 20, 1620, 1426, somewhere in there. [00:30:42] Speaker A: Okay. [00:30:42] Speaker B: And it was um, had to do with, I forget, it's, it's escaping me at this point in time. [00:30:49] Speaker A: Dirty cow. Okay. I don't know, I'm not, I was. [00:30:51] Speaker B: Reading a different article about this and. [00:30:54] Speaker A: They gave it like a name, they. [00:30:55] Speaker B: Had an actual name for this. But yeah, you just go out there and download this thing and if you get those privileges escalation into that root user now it's dangerous. So that's why you see that it's being currently exploited in the wild. Because threat actors, it's easy, it's easy to get that initial access. It's a lot more difficult to gain root privileges. So now they've got a really good route to that. Otherwise they would have to look for misconfigurations and stuff like that and just be a little more of an Easter egg hunt where this is a point and click. Thanks for root. Yeah, we like that. In the, in the offensive side of things, if you're trying to gain root privileges, this is just a silver bullet. [00:31:38] Speaker A: It seems like the focus here. Cause a lot of times when we talk about stuff like this, it's like, oh, there's a flaw, it's being exploited. Hey, if you're a Linux user, if you're using whatever product we're talking about, go ahead and patch, make sure you update. But in this case it looks like the target here is like federal agencies, you need to patch your stuff because this is being actively exploited. So that it seems like is the focal point of this article and of the, the alert from. [00:32:01] Speaker B: Yeah, I'm really happy with the CISA program and they do a really good job of putting out good information and staying on top of things. So it should be a part, if you're a cyber security professional, it should be a part of your, your kind of your feed. [00:32:13] Speaker A: Okay. [00:32:14] Speaker B: Your CTI threat intelligence. [00:32:17] Speaker A: Yeah, let me just go subscribe to their email lists. Yeah, let me just go and make sure I'm getting. [00:32:21] Speaker B: There's probably an RSS or feed or something like that. [00:32:22] Speaker A: Oh, okay. Well I'll have to, have to work on that. Yeah, but I thought it was interesting. That's the federal agencies are, it seems like the main concern here. Make sure you patch your stuff because that I guess has bigger implications. If there's a federal agency of some kind that's affected by it, that's going to be worse than if Billy down the street has a problem with it. Not that we don't love Billy down the street. [00:32:39] Speaker B: Yeah. But honestly, like anybody, I mean it told you which Linux kernels were affected, right? Which was five point something to six something. [00:32:47] Speaker A: Yeah, something like that. [00:32:48] Speaker B: Again, I read a different article with a lot more information than this. The hacker news really phoned it in. [00:32:55] Speaker A: We've just had, we've been real disappointed with our sources in the last few weeks, even though we picked the sources. So yeah, we'll have to take a look and see, I think I saw. [00:33:02] Speaker B: Mine in security weekly or something. [00:33:04] Speaker A: Oh, okay. I just. I included the wrong source. [00:33:06] Speaker B: That's okay. [00:33:06] Speaker A: That's my fault. That's my bad. I'll work on that. I'll take my 40 lashings during the break. We are going to take a quick break because we're about at the halfway point here and we still have quite a bit to get through. So don't go away. We'll be back with more here on Tecnado. Tired of trying to schedule your team's time around in person learning? Isn't it a bummer to spend thousands of dollars on travel for professional development? What if we said you can save money and time and still provide your team with the best training possible? The answer to your woes is live online training from ACI learning. With live online training, we provide our top in person courses in private online instructor led formats. You get to provide professional development in a major that fits today's expectations, entertaining, convenient, and effective. Our exam aligned courses inspire the full potential of your team. Visit virtual instructor led training at ACI learning for more info. Welcome back for more Tech NATO, thanks so much for wading through that long, arduous, like, 32nd break. We won't keep you waiting any longer. We got an old favorite segment. It's Deja news. Deja News. Our director, Christian put together that new graphic for us. Literally, like, right before, right before the show, so. And the breaking news one, too. [00:34:18] Speaker B: Yeah. [00:34:18] Speaker A: Shout out to Christian. [00:34:20] Speaker B: He's killing it. [00:34:20] Speaker A: He is making magic behind the scenes. [00:34:22] Speaker B: That's right, Soph. [00:34:23] Speaker A: I'd like more of a tragedy today. [00:34:28] Speaker B: Former president Gerald Ford eating my wolves. [00:34:30] Speaker A: At the senseless age of 83. We'll. We'll get into our deja news segment here. Won't keep you waiting any longer. We talked a little bit, I think, last week or the week before about that new windows AI feature called recall that basically records everything you do and saves screenshots of it. Well, turns out we might have been right to be a little skeptical. Windows AI feature that screenshots everything has been labeled a security disaster in quotes. And this isn't just the idea that it records everything that you do and saves screenshots of it and whatever, which is already a little scary, but it's that it's available. I think it's stored in plain text, right? [00:35:05] Speaker B: Yeah. So the. I mean, basically, here's the details here. Here's the long or the short of the short of the long of it. Right. It's recording everything you do. Red flag number one. And now it's not storing any of that information in any secure fashion. It's just basically a file on your computer. This is concerning for the purposes of, well, let's just say for the sake of an argument, I know this never happens. Let's say some ruffian out there on the Internet gets a hold of your actual computer, either remotely or directly. [00:35:37] Speaker A: Hypothetically. [00:35:38] Speaker B: Hypothetical, right. I know we're in makeling land here, right? Mister Rogers is coming around the corner any second now with Daniel Tiger attached to his hand. Right now. They can look at if you've logged into a website, it was recorded, and there's an easily looked at piece of information that shows them what you did when you were logging in, because maybe that's the date and time which you want to go back. It's recording everything you do. This is a concerning thing. And this is why I believe that the verge is labeling this a disaster. What say? [00:36:11] Speaker A: Yeah, I say, I, I think that is, I think that's a pretty accurate. [00:36:15] Speaker B: Eyes have it, motion passed, accurate assessment. [00:36:17] Speaker A: I think it seems to me like this is intended to be, oh, what a cool feature you can easily find. You know, if you were looking at recipes, if you were looking at pictures of you and your grandma, and you can't remember where you saw it, all you gotta do is go back through your history. [00:36:30] Speaker B: What kills me though, is since we do so much stuff in our browser, I don't know about y'all, I use two browsers. I use brave and I use firefox, and both of them, if, even if I close the browser, I can open the browser back up and go to a place and says, restore previous session. [00:36:48] Speaker A: Yeah. [00:36:49] Speaker B: And I also correct me if I'm wrong, most browsers have this functionality as well. Where I can go bookmark well, yeah, and save this so that I can see it later. [00:36:58] Speaker A: Even just like browser history. If I'm like, oh, I was looking at something yesterday, I was doing a recipe on Pinterest and I can't remember. Okay, I'll just go to my search history from yesterday and maybe I gotta look for a minute, but it's there. [00:37:09] Speaker B: This seems like a hammer looking for a nail. I don't see the purpose behind it. And not only that, even if you could give me some good use cases like, oh, for backup purposes. And, you know, so I think of it in terms of not Microsoft, I'm sorry, Mac time machine, so they have time machine backup system. It's really cool. You can kind of page through, but it's not like screenshots of everything you've been doing and plain text files of information that it is stored. So it's more of a traditional backup solution and it does a really good job of it. That's one of the things that I applaud apple on in their developments. They made a really good backup system. It's easy to use and it works really well. You plug the drive in anytime you log into the device or it's connected to the drive. It is constantly taking basically little backups. So anytime you want to go back, you can just scroll open time machine, scroll back, go. This is where I want to go back to. And it reverts back to that and it is extremely useful. I want to say Windows has a backup feature as well, if I'm not mistaken. Right, ladies and gentlemen, it has backup. I don't know if it's to that extent. And I also have things like volume Shadow copy or I don't know if it's still called volume Shadow copy anymore, but they have ways to recover deleted files. I really just don't see the need for this. And correct me if I'm wrong, it's AI powered, right? [00:38:30] Speaker A: Yes it is. [00:38:32] Speaker B: Now we're hitching the AI wagon to it as well. What's it doing with all that information? Obviously it has to process it in some way, shape or form. Are you comfortable with AI processing everything you do? [00:38:46] Speaker A: I don't want anybody processing any of my stuff, let alone sketcherific. Yeah, sketcherific. Yeah. Yeah. This is not a stellular device or a cellular function at all. It does seem like it's like, oh, it's supposed to be a great convenient thing and make it easy, but all you're really doing, I think, is making it easier and more convenient for the bad guys to get to stuff that they shouldn't have. [00:39:05] Speaker B: I agree. What say you in the comments below? Let us know, how are you feeling about all this ramped up AI? Are you the kind of person that's like, yeah, I love convenience and I'm willing to sacrifice security on the altar of convenience? [00:39:20] Speaker A: Yeah. [00:39:21] Speaker B: Or are you a little more tempered and say, you know, I want to have a reasonable amount of security, I want a reasonable amount of convenience? Or are you a hard rock ribbed security professional that says give me security or give me death? Let us know in the comments. Should be fun little conversation. [00:39:39] Speaker A: I'd be curious to know based on what we've talked about, what I've seen in articles, what people have commented on these articles. I think a lot of people are on that same train of, like, why would you ever want this? And somebody even mentioned, like, okay, even beyond the privacy and security issues, what is the basic pitch of this feature? Why? Who really needs this? I don't see a lot of people being like, hey, you know what? Yeah, this is the future and you need to get on board. You know, like, I don't see a lot of people fighting for this and saying, it's fine the way it is. It needs no changes. Just let Microsoft do their thing. [00:40:09] Speaker B: Yeah. Yeah, I think that's, that's the consensus out there. [00:40:13] Speaker A: We're all on the same page. [00:40:14] Speaker B: Yeah, I think we're all on the same page. I have yet to talk to a single person about this, though they had good things to say. [00:40:19] Speaker A: I'd be more curious if you disagree with us. I would love to know your thoughts. [00:40:22] Speaker B: Yeah. Yeah, actually, yeah. We'd love to understand where you're coming. [00:40:25] Speaker A: From because maybe there's something I'm missing. I miss a lot of things. [00:40:28] Speaker B: I am not a perfect person. [00:40:29] Speaker A: There's a big gap in the back of my brain I just miss so much. So who knows? [00:40:33] Speaker B: It's where you have the water, right? [00:40:35] Speaker A: Yeah, that's where my water is. [00:40:36] Speaker B: He's hydrocephalic. He falls over a lot. It's not funny. It's not anything to joke about. [00:40:41] Speaker A: It's not. Well, yeah, it's okay. I'll just cry about it later. Continuing on with our. That's from the burbs, by the way. Oh, is it really? [00:40:47] Speaker B: Yeah. [00:40:48] Speaker A: Okay, so the burbs reference again, gap in the back of my head I miss so much. Continuing on, kind of with the deja news theme. Some of this information is new. Some of it calls back to stuff we've talked about before. Shiny hunters claims Santander breach, selling data for 30 million customers. You might have heard a little bit this week about Ticketmaster and their parent company, Live Nation, dealing with a bit of an issue, bit of a breach. I believe it was like half a million or half a billion records that were compromised, that were breached. But these guys are the ones claiming that saying, yep, that was us. In addition to the Santander breach, which is a bank that I believe is based in Spain, but they've got locations here in the states as well. And shiny hunters is also known, being the owner of breach forums. [00:41:29] Speaker B: Oh, breach forums. [00:41:30] Speaker A: And we just talked not too long ago about how breach forums supposedly went down. [00:41:33] Speaker B: It was then they came back up. [00:41:34] Speaker A: And then now it's back up as of this week. So that's kind of lots of stuff kind of going on in this story. [00:41:39] Speaker B: I think a lot of people are saying that this is kind of their, hey, just because we got taken down by law enforcement doesn't mean you can't trust us. Look, we still have great stuff to buy here at breach forums, and I do love that they have. I've got the screenshot of the breach forums sale here. Is it Santander? Santander. That's a fun word. Santander bank data. Spain, Chile, Uruguay. Customers, credit cards, bank and more. Right? And this is what it looks like. So if you've never seen what a dark web forum looks like where they sell these things, this is what it looks like. We've got all sorts of fun stuff. Data contains 30 million customers data, 6 million account numbers and balances, 28 million credit card numbers, hr, employee list, consumer citizenship information, many more informations. Price, a low, low $2 million for one time sale. Oh, man, let me get out my pocketbook. [00:42:36] Speaker A: But I guess if it is all of that stuff, that is a lot. [00:42:39] Speaker B: That is a lot. Those credit card numbers alone, man, what you could do with that. And we know that this stuff only gets used to buy, like, flowers for sick little old ladies, right? Never anything bad. [00:42:50] Speaker A: These people are the Robin hoods of. [00:42:52] Speaker B: Cybercrime, doing us a favor. [00:42:54] Speaker A: Do us a favor. I wonder if. Because, I mean, 2 million is also a lot. I wonder if there's, like, crowdfund situations where it's, like, a bunch of cybercriminals get together, and they're like, hey, man, I can't afford the 2 million, but I can contribute this much if you can kick in some money. [00:43:05] Speaker B: Oh, yeah. [00:43:06] Speaker A: They all get together to buy this data, and then they'll share it amongst each other. I just imagine them having, like, a tea party, and they're, we'll split it even more. [00:43:13] Speaker B: Do the cybercrime bosses get together like the mafia and have a meeting? Like, okay, you're over to Ukraine. You're in Russia. We got North Korea here, and there's China bringing it in. All right, now let's get together. We got this 30 million at the breach forums, right? Gotta get our hands on this. We could all profit, but it's cybercrime. [00:43:33] Speaker A: So it's all over Zoom, and, like, one of the guys is muted the whole time, and he just can't figure it out. [00:43:37] Speaker B: You're muted. [00:43:39] Speaker A: Damn it. Yeah, that's. That's. That's the image I'm gonna have in my head now from now on the. [00:43:43] Speaker B: Chat just says muted. Muted. [00:43:45] Speaker A: We gotta make it fun, because otherwise we'll cry at all this data that's for sale. [00:43:49] Speaker B: That's indeed. [00:43:50] Speaker A: No, nothing comes without a price. So these. These shiny hunters, guy. Which makes me think of Pokemon because. [00:43:57] Speaker B: They have, like, one of the eevees or whatever, right? Isn't that what that. [00:43:59] Speaker A: Is that actually why they're called that? [00:44:00] Speaker B: I don't know. But that. That picture. [00:44:03] Speaker A: Oh, you know what? You're right. That's an Eevee, right? That might be Umbreon. I don't. I don't remember. Off the top of my head. [00:44:07] Speaker B: My daughter was here. She could tell us. [00:44:09] Speaker A: Look at that. That's the one good thing about this. [00:44:11] Speaker B: You can't. [00:44:12] Speaker A: Okay. [00:44:12] Speaker B: Christian just said, getting it in my ear. Christian can confirm it is Umbreon. [00:44:17] Speaker A: I was right. [00:44:18] Speaker B: Yeah. [00:44:19] Speaker A: I'm gonna. I'm gonna treat myself later today for having that knowledge on me. [00:44:22] Speaker B: Yeah. [00:44:23] Speaker A: But, yeah, so this was a big one this week and a lot of different things. I felt like that kind of, this article touched on a lot of intertwining stories. The Ticketmaster stuff, the Santander stuff, the breach forms coming back online. The shiny hunters have been busy. They've been busy bees. [00:44:36] Speaker B: I do love their name, though. Shiny hunters. It reminds me of the crab in Moana. [00:44:41] Speaker A: Oh, yeah. [00:44:42] Speaker B: Because he sings the shiny song. He likes shiny stuff. [00:44:44] Speaker A: Good song. [00:44:45] Speaker B: And all he wanted to do was gather up shiny things. Objectively, it would seem that they are following suit. [00:44:51] Speaker A: Objectively. [00:44:52] Speaker B: They took his philosophy as a real way of life. [00:44:55] Speaker A: Yeah. Hopefully Santander is not impacted too heavily by this, because, I mean, it's a bank, and so customers of that bank have to be a little worried. Santander, I feel like, is what your deep south uncle says. When the song smooth comes on the radio, he goes, that's Santander. [00:45:09] Speaker B: That's that santander, ain't it? [00:45:10] Speaker A: Rob Thomas. [00:45:11] Speaker B: I like that. [00:45:12] Speaker A: Love them. That's a good song, too. [00:45:13] Speaker B: That guitar. Boy can play, boy can play, boy can play. Little feller in his mustache. [00:45:20] Speaker A: You might have noticed we. [00:45:21] Speaker B: Cute hat. [00:45:23] Speaker A: We're big fans of niche jokes and accents here on tech NATO. [00:45:26] Speaker B: We do. [00:45:27] Speaker A: Well, we'll jump onto the next article here before I get carried away too much further. This could also count as a deja news, I guess. Okta warns once again of credential stuffing attacks. And this is, I believe, the second time in just over a month that Okta has said, hey, credential stuffing. You might want to be on the lookout for that. Yeah. Second time in just more than a month, they are warning of these attacks, this time against the cross origin authentication feature of its customer identity cloud offering. So start on April 15. And this has been, I guess, an ongoing thing that they keep seeing pop up and they're like, hey, you might want to be careful. So how concerned, I guess, should Okta customers be? [00:46:03] Speaker B: So Okta is a huge organization, right? They're very liable because they provide single sign on for a lot of different people. So it allows you to have a little bit more of an easy time when it comes to logging into things. Oh, just log in with your blank account and. Okay, yeah, I don't need to create another one. Awesome. So a lot of people really like single sign on, octave being one of the major players and that if not the major player in that space if these credential stuffing attacks are working. And here we go again. Right? So, ladies and gents, come. Come in close to me. Listen, real quick. I'm gonna give you a nickel's worth of free advice right now. Do not reuse a password. Just don't do it. It's a bad idea. And that's a good way to get the rolled up newspaper your way, because that it would stop credential stuffing from working. It becomes a non issue if you just use a password manager. Make sure you got MFA enabled and that you're not reusing passwords at all, ever. A password manager should give you the ability to make that a reality in your life. It's a reality in my life. Pretty sure it's a reality in Sophia's life. We got the thumbs up. You listen. I'm not saying it's going to happen today. Rome wasn't built in the day. Right? But start working on that. Find a password manager works for you. Figure out how to use it, spend the time, invest in doing it. But once you get that in your workflow, it's absolutely worth it because it's just going to make you go, huh. I ain't worried about this. It's those other fools in Octa that are going to have a problem, not this cat. [00:47:41] Speaker A: And then it makes it a lot easier, I feel like, to change passwords when you do have to, when you want to. Because if, especially if you're using, like, the random password generation that comes with a lot of these password managers, you only have to really remember the password that gets you into your vault or whatever. [00:47:54] Speaker B: Yep. [00:47:54] Speaker A: Uh, and as long as you make that pretty complex, but something that you can remember, you know, then. Then you're set and if you do have to go in and I'll change my email password. I'm a little worried about that. You just randomly generate a new one. Save it in your password manager. I feel like I'm. I'm an advertisement for password managers right now, but it truly is. I'm trying to get, like, my friends and family on the train. [00:48:11] Speaker B: Yeah, me too. [00:48:11] Speaker A: Like this. I promise you, it'll make your life so much easier. You don't have to deal with a little book Scott or put them in your notes app on the phone. Like, you don't have to worry about any of that. Easier for you and more secure. It's the one time that security and convenience I feel like are on the same side of the scale. [00:48:24] Speaker B: I gotta be honest with you. I agree totally. It's. They're so convenient, they're so easy, and yet they offer so much more security than you trying to do any of the things that your parents and friends were doing, writing them down, putting them in a notepad, you know, that that's a bad idea. Someone gains access to that system, now they got. Listen, as an ethical hacker, one of the first things I do when I gain access into a system is to start to pilfer the pockets looking for shiny gold. Right? Oh, what's this. What's this folder called? You know, 2019 budget. Because people think they're funny, they think that they're crafty, and that I won't look at 2019 budget or my favorite Bible verses, and that's where they store their. Their password list. Okay. I'm going to look at everything. I'm going. I have scripts to automate these things for me. I'm not. And that's what they don't understand. I have a concept of those things. So just. Just do the good security thing. We've got it out there. Like Sophia said, just make it a part of it in your life. [00:49:26] Speaker A: Yeah. Yeah. You might as well. It takes some time to get it set up sometimes, but once it's done, it saves you so much time in the future. So in this case, if, you know, credential stuffing is going on and you have been reusing passwords, or maybe you've got a weak password or something like that, I guess the way to try to protect yourself against this would be going and change your password at this point. [00:49:42] Speaker B: Yeah, you should totally do that. Change your password. Especially if, you know, you use that password in other places. Yeah, you absolutely should stop right now and go change that password. [00:49:53] Speaker A: Pause it. We'll be here when you come back, it's recorded. So in a slightly. I don't know if I call it happier news, but I guess better news. Big, big win. Big numbers on the board for the FBI this week, world's largest botnet seized in federal bust. Chinese national arrested. I feel like that headline is a little bit misleading, only in that I see, like, oh, they seized this botnet. It was a federal thing, and a chinese national was arrested. There was no nation state aspect to this, as far as they can tell. [00:50:17] Speaker B: It just was a guy that was. [00:50:18] Speaker A: He was responsible for this. It was, like, financial motivation. There was no, like, oh, my God, he's working for the chinese government. There was nothing like that going on. But the FBI, I guess, led this not crusade, but, like, this expedition to take this thing. [00:50:31] Speaker B: Don't you try to search for words when you're, like, not reading off a script. It's not as easy as you might think. [00:50:37] Speaker A: All improv off the dome, folks. So if I say something stupid, I mean, it's still my fault. Yeah, but be nicer to me. [00:50:43] Speaker B: Give me a little more grace. [00:50:44] Speaker A: Give me some mercy. [00:50:45] Speaker B: That's right. [00:50:46] Speaker A: But this was an international law enforcement operation, so this was teamwork. But, I mean, proud to be an american. It was led by. [00:50:52] Speaker B: We were spearheading it. [00:50:54] Speaker A: That's. Hence my top gun shirt today. I'm totally intentional. Yeah, absolutely. [00:51:00] Speaker B: Where's the screaming eagle? [00:51:02] Speaker A: We need it. We need it. We're going to drink the sound. [00:51:04] Speaker B: It's coming. Don't worry. [00:51:08] Speaker A: Christian. [00:51:09] Speaker B: Oh, my stupid chair did it again. [00:51:10] Speaker A: Can we. Can we, like, put that in? Can, like, is that heard in the studio? Like, on the actual. [00:51:16] Speaker B: If it got picked up. I don't know if Mike's picked it up. [00:51:18] Speaker A: I hope it got picked up. [00:51:18] Speaker B: That would be awesome. [00:51:19] Speaker A: That was beautiful. Otherwise, we need to edit that in after. Cause that was wonderful. Getting back to the topic, this is a multimillion botnet network linked to a lot of large scale cyber attacks, fraudulent child exploitation, harassment, bomb threats, export violations, a whole host of bad things. [00:51:34] Speaker B: You said my two most hated words. Child exploitation. [00:51:37] Speaker A: That's exactly what I was thinking. [00:51:38] Speaker B: Like, I hope they burn this guy. [00:51:40] Speaker A: Soon as I see that, I'm like, uh, uh. Up against the wall. [00:51:43] Speaker B: Yeah. [00:51:43] Speaker A: Jail immediately. [00:51:44] Speaker B: Yeah. [00:51:44] Speaker A: Straight to trial. [00:51:45] Speaker B: Electric chair and the worst jail we can find. [00:51:48] Speaker A: Yes, exactly. [00:51:49] Speaker B: Like, the jail where, like, there's not really guards and stuff. [00:51:54] Speaker A: Self governed jail. [00:51:55] Speaker B: Yeah, like, it was. Just let the nature of the beast handle this problem. [00:52:00] Speaker A: Now, something that's a term that I had not seen before. This this guy that they arrested says that he was a saint. Kitts and Nevis, Nevis, Nevis. Citizen by investment. What does that mean? Citizen by investment. [00:52:12] Speaker B: So that must mean, I'm guessing, that it means that he's got investments in other countries and therefore he has, like, some citizen type rights because he has organizations that are in those countries. [00:52:27] Speaker A: Oh, there's like, whole programs. They provide families with the privilege of acquiring an alternative citizenship, which gives them the right to travel freely to various destinations and settle in another country. Interesting, huh? Okay, well, I didn't know that, but apparently this guy was a citizen by investment. So fun fact about this dude. He was arrested. [00:52:44] Speaker B: Does it mean he's like, invested in their. Their country? Like, personally, where he loves it. He's invested emotionally. Like, I just love Uruguay. It is my favorite thing. And I would love citizenship. [00:52:58] Speaker A: He's got a st. Kid's flag on his laptop. [00:53:00] Speaker B: I mean, I am representing. [00:53:03] Speaker A: I don't know, maybe we'll find out more about him as things start to come out. But what he was doing, it looks like he was using VPN's services, like Mask VPN and do VPN to deliver this malware. And he operated something called a pay per install model. So he had like a whole system going well. [00:53:20] Speaker B: So he actually did this pretty. No wonder it's the world's largest botnet, because what did he do? He created a VPN application and provided VPN service that you could, if you down, if you bought and downloaded this thing, or it was, I'm sorry, it was free. That was the other thing. He made it free. Free 99. Just go ahead and download. Enjoy. Get that VPN going. You gotta be safe, player. Right? So there's the guys. Unfortunately, within that application to get your VPN access also contained malware. So it, by nature is then malware itself. So you install that, and not only do you connect to that VPN and allows you to tunnel out, but guess what? That traffic goes the other way, too. So now you're a part of his network, and now he can gain access to your device through his own VPN system and remotely control it, do the command and control thing, and basically make you a zombie in his botnet doing all the lovely things he wants it to do. And he's probably, you know, stealing money, obviously, maybe renting it out as a service as well. There's lots of different fun things he could be doing. I say fun, I mean horrible. [00:54:36] Speaker A: Yeah, we got to be careful saying that because at one point in episode, I said some. You said something about, like, talking about like, the abilities of a hacker that had done something. [00:54:46] Speaker B: Yeah. [00:54:46] Speaker A: And you were like, well, there's no way that this happened. Like, either these hackers are just awesome, or. And you meant like awesome at what they do. Like, really skilled. [00:54:53] Speaker B: They have high level skills. [00:54:54] Speaker A: Somebody was like, you said hackers are awesome. How dare you? [00:54:58] Speaker B: Like, gotta love quotes taken out of context. Yeah. [00:55:00] Speaker A: Like, and the context was in the clip. [00:55:02] Speaker B: I was like, how did you leave that part out? It's more fun to lambast somebody that's true and character assassinate than it is. [00:55:09] Speaker A: Daniel Lowry supports unethical hackers. [00:55:12] Speaker B: Yeah. Goodness gracious. [00:55:14] Speaker A: So this, like you said, this botnet office was used for. The guy seemed financially motivated. It says that he targeted a lot of pandemic relief programs. So when they were offering, like, unemployment, like, you know, that was, that was. [00:55:27] Speaker B: The impetus of this. Right? [00:55:28] Speaker A: I think so. [00:55:29] Speaker B: Right. Was that the FBI saw that there was a lot of fraudulence. Right. The pandemic relief. What? There is a word for it. [00:55:37] Speaker A: You're right, it wasn't, it's not unemployment. It's something else. There was like relief checks that people. [00:55:41] Speaker B: Were getting before the unemployment pandemic relief programs. [00:55:44] Speaker A: Okay, that's. [00:55:45] Speaker B: It says several of the customers allegedly targeted many pandemic relief programs. According to the court documents, they use the IP address purchased from the conceal their true originating locations. So that was that. And then one such offense includes filing 560,000 fraudulent unemployment insurance claims during the pandemic. What the heck? You wonder why the system doesn't work. Oh, whoa. This resulted in the confirmed fraudulent loss exceeding $5.9 billion. [00:56:19] Speaker A: With a b. [00:56:20] Speaker B: With a b, right. I gotta take this thing. I just gotta. [00:56:28] Speaker A: Anywho, and that was just part of what? Like there were other, I think, you know, charges. [00:56:34] Speaker B: Yeah, that was just one of the things they did. And. But that was the, that was kind of the, the trail of breadcrumbs that led them to here and say, oh, well, what's going on with this? And now they're on them and they finally have taken this thing down. Thank goodness, because this is probably one of the worst things I've heard of in a while. [00:56:54] Speaker A: Yeah. [00:56:54] Speaker B: And like I said, I hope they find a brand new prison to put this dude in. That is going to be a show of horrors. [00:57:05] Speaker A: The FBI says they got a webpage to help potential victims check if their devices were compromised and were part of this. So you can go check that out. We'll include the links for all these stories in the description. [00:57:14] Speaker B: Are we supposed to have a functioning society when we've got people out there that are willing to hurt their fellow man over some money. [00:57:22] Speaker A: Yeah. [00:57:23] Speaker B: Right. [00:57:23] Speaker A: They say money is the root of all evil. Right. Or the love of money. [00:57:25] Speaker B: It is the. The love of. Money is the root of all kinds of evil. [00:57:28] Speaker A: All kinds of people. Okay. So, you know, I had the gist of it. [00:57:31] Speaker B: You were close. [00:57:32] Speaker A: I was a little confused, but I got the spirit. The other thing that, to me, maybe I'm off on this, and maybe I just don't understand the capabilities of some of these people. Says he was managing about 150 dedicated servers worldwide. That, to me, is a lot to manage. [00:57:45] Speaker B: Yeah. Boy had boyhead. It was a job, like, I guess. [00:57:47] Speaker A: If it's your full time job, maybe. But that just makes me wonder, like, was he the only one involved? Did he have people helping him with this and he's just kind of taking the fall? [00:57:54] Speaker B: He did. But maybe he was really good at automation, and he. That's a good point. He figured out a way to really easily set it and forget it kind of thing, and then just orchestrate from a dashboard that he built. It just depends on his skill level, on his ability to be able to basically control these devices in the spot. [00:58:09] Speaker A: Net definitely requires some talent. But why use it for bad? [00:58:12] Speaker B: I know, because he wanted that money. It was all about that. That Chang. That's right. [00:58:18] Speaker A: Some people just want to watch the world burn. Yeah, that's the quote. [00:58:21] Speaker B: My cocaine. [00:58:24] Speaker A: That's too good. I'm never gonna YouTube. [00:58:26] Speaker B: I said, michael Kane. Not the other thing. Don't get it wrong. [00:58:30] Speaker A: You can't. You can't strike us for that. [00:58:32] Speaker B: As I slyly stared at the camera. [00:58:36] Speaker A: Well, we got one more story we wanted to touch on. There are a couple others that I might mention here at the end that I just kind of forgot to include. But this one Cox biz off bypass bug exposes millions of devices to takeover. I don't blame you if you didn't understand the first half of that sentence. It took me a second to Cox Bizoth bypass. That doesn't sound right. Doesn't sound real, but it is. So, you're probably familiar with, you know, Cox cable, Cox Internet, all that stuff. [00:58:57] Speaker B: I know you are. Unfortunately, I used to have Cox, but not any longer. [00:59:01] Speaker A: Oh, they've brought me to tears many a time, but that's okay. [00:59:04] Speaker B: Oh, I had a stronger whole rip. Very interesting conversation with one of their customer service representer. Yeah, they tried to triple bill me one time. No. [00:59:15] Speaker A: Yeah. I'm the kind of person that, like, I'll just start crying. But I feel like Daniel, if I was. If I was trying to pull that. [00:59:20] Speaker B: On him, it was the other way around. I personally, the other end was doing the crying. I was like, these are some shady business practices you got going on here. [00:59:27] Speaker A: Yeah. Well, if that's the case, it seems like maybe Cox is getting their just desserts here. Their muppets, if you will. They have fixed. [00:59:34] Speaker B: No, no. That's a two quoque argument. You know, two wrongs don't make a right. [00:59:38] Speaker A: That's true. [00:59:38] Speaker B: Right? [00:59:39] Speaker A: It's true. [00:59:39] Speaker B: So they do not deserve to be. [00:59:41] Speaker A: No, no, no. Of course not. Of course not. [00:59:43] Speaker B: Just putting it out there. I know that's not what you meant. [00:59:46] Speaker A: Right. [00:59:46] Speaker B: But it could have been construed that way. [00:59:47] Speaker A: That's true. Don't put that in a YouTube short. Somebody will comment and get mad at me. [00:59:51] Speaker B: That's right. [00:59:52] Speaker A: They have fixed it. This was an API authorization bypass flaw. Cox has fixed the flaw since they've. They've been able to release a patch or fix for it. [01:00:00] Speaker B: Well, that's good. [01:00:01] Speaker A: But had this gone unchecked, could have spelled some trouble for. For cox customers, right? [01:00:07] Speaker B: Absolutely. Because author. So, authorization. Bypass. You have authorization. So I want to access something. Okay. Are you authorized to access that thing? I have a system in place that checks whether or not that's true. If it is true, you get access. If it's not true, you don't. Simple, right? Problem is that sometimes we don't account for everything or ways in which to access those things. And I think that's what's happening through the API. There were quite a few endpoints in this API or calls that could be made through the API that allowed for no authentic authentication at all or authorization at all. It just did. It just went, hey, cool, I got the. I got the right magic incantation. I don't care that it wasn't authorized. Doesn't matter to me. You said the right thing. I do the right thing. And I think that's, if I'm reading it correctly, that was what was happening with the API. That's why API security is like, a very good niche to get into right now, is because everybody's got an API, but not everybody's security testing their APIs. That is just now really starting to get some good momentum. So it's a really good place if you're. If you're, like, an ethical hacker, you're doing some pen testing or whatever, it would be a really good place to kind of silo yourself. Into being great at API testing because we need good API testers right now. [01:01:29] Speaker A: Yeah, absolutely. Well, and this guy, the. I think his name is Sam Curry, he's an independent bug researcher. He was the guy that identified this just a couple of years ago on. [01:01:36] Speaker B: His own stuff, right, wasn't it? [01:01:37] Speaker A: I think so, yeah. He said he found the root of vulnerability in 700 exposed APIs on Cox's back end infrastructure. And like you said, if exploited attackers could have gained access to Pii, Wi Fi passwords, maybe taken over accounts. So, good on Sam. [01:01:52] Speaker B: With many of these infrastructures giving administrative functionality. Ooh, see, that's a problem. [01:01:59] Speaker A: That's a fun buzzword. [01:02:00] Speaker B: Yeah, it's an issue. [01:02:01] Speaker A: Anytime you have any kind of admin rights or admin functionality, that's always scary, uh, when, when it's somebody that shouldn't have it, you know. Um, so each of these API suffered from the same issues. And as of now, like I said, it's been fixed. So good on this guy for finding it, and he's doing the. See, this is the kind of stuff that balances out all the other stories talking about like, oh, why these bad. [01:02:20] Speaker B: Apples end on a high note. [01:02:22] Speaker A: Yeah, this is the kind of person that like, you know, they're putting balance. [01:02:25] Speaker B: Back in the system, back in the. [01:02:26] Speaker A: Force, going to find them, these bugs, out of the good of their hearts. Maybe you got paid. I don't know, maybe it was like a bug banner thing. But independent bug researcher that tells me he was just, this is stuff he does on his own time, so good for him. [01:02:36] Speaker B: Received an email from a g. Lucas cease and desist. Weird. [01:02:41] Speaker A: You were saying like, live update. You got like a phishing email. I was like, okay, new segment. Maybe it's just Sam, but Sam is, I guess a pretty, pretty unisex name. So maybe it's a she. [01:02:52] Speaker B: Yeah, could be. [01:02:52] Speaker A: Maybe it's a they. Anyway, good on them for doing that, but I'm glad to see that it's been fixed because as a, you know, a cox customer. [01:03:01] Speaker B: Well, you know, and it brings up, I mean, this is API for them, so this is, this is kind of their system. They kind of fix it. You just had access through his devices to make those calls. But it does also, and from some of the other articles we covered today, it's as important for us to think of security on our home routers. Are. Are you out there? Yeah, I'm talking to you. Are you doing your firmware updates? Are those set and they automatically happen, or must you be responsible for that as the end user, especially if you purchased your own equipment and you're not renting it from the ISP, then the onus is definitely on you to make sure that you are performing any firmware updates and system configuration for security. So there's a lot that could go wrong with these things. And then once someone finds one of these devices that has the right kind of vulnerability, they exploit it and they have access to your entire network, inside of your house, inside of your home, your small business, wherever. So you got to be doing your due diligence on these things. It could be as simple as making sure you're using strong passwords, MFA if possible, as well as, you know, looking at those configurations and saying, do I have a firmware update ready? If so, how? How? You know, what do I got to do to make sure that it happens and move on about your day? It's. It's probably not going to take up a lot of your time of your life, but it's time well spent. Just like the password managers and just like the other things we recommend, these things will only make your life better and more safe. [01:04:28] Speaker A: Ounce of prevention, pound of cure. You know, you know, the thing. [01:04:31] Speaker B: Nailed it. [01:04:32] Speaker A: The other thing is, I guess when he, when this researcher figured this out and it was kind of an accident, I guess he was investigating something else. There was some kind of issue he had with his own personal modem. [01:04:41] Speaker B: Yeah, an XXE. [01:04:42] Speaker A: Yeah. And he was. Couldn't figure it out and it was like years ago. And then he went to look into it again. [01:04:46] Speaker B: He was working on his home network to explore exploit a blind XML external entities injection and XXE vulnerability that required an external HTTP server to exfiltrate files. In the course of his research, he ran a simple python web server to receive the traffic from the vulnerable server, then sent a curl request from his home computer to make sure that it could receive external HTTP requests. So obviously this cat knows his thing or two about a thing or two, and has, because of his wondrous skills, we are all better off. [01:05:16] Speaker A: Yeah, he encountered something weird. He ended up switching his modem out for a different one because he thought he'd been hacked. There was like some traffic that got intercepted. But this issue that he uncovered that Cox then patched, he reported it back in March and they fixed it like a day later. So props to them for getting on that super quick. [01:05:28] Speaker B: Absolutely. [01:05:29] Speaker A: But it was a totally separate thing. So he did mention he was like, I still never figured out what caused the initial issue. So even though this issue's fixed and Cox said there was no evidence that it had been exploited, so everything should be good. He was like, I still never figured out what was wrong. So this might not be the end of the story. He might come out with some new stuff. Oh, there's totally different issue. [01:05:46] Speaker B: That's in the follow up list, right? [01:05:48] Speaker A: Yes, I'll add it. I'll add it to my list. Well, that was the last one we had on our docket for the day. There was one that we talked about that had to do with the cracked versions of Microsoft that were being promoted on torrent sites. [01:05:59] Speaker B: It's just good OpSec for us out there. Do not download cracked versions of things. Hey, it's illegal. [01:06:08] Speaker A: Yes. [01:06:09] Speaker B: We do not promote the illegal things. Don't do that. It's bad. Where's my rolled up newspaper? Plus, if you do, you very well may get you just desserts and the fact that it's malware. And that does happen quite a bit. We have reported on that kind of story more than once. So here it is again. If you downloaded a cracked version of Microsoft Office or any other software, Adobe products or whatever the case may be, be prepared that you may now be a part of somebody's command and control network and could be not fun for you. [01:06:47] Speaker A: That was the only other thing I realized that when put it in the list, and I couldn't remember if I just forgot. [01:06:52] Speaker B: Important safety tip. [01:06:53] Speaker A: Yeah, important safety tip. Just don't download cracked stuff. [01:06:56] Speaker B: You know, it just, that juice is not worth the squeeze. [01:06:59] Speaker A: It's in your best interest to, you know, just. Just go about it the right way. Right. That's easy for me to say. I'm not looking to buy Microsoft office, so what do I know? But, yeah, you take that risk when you download something like that. So wanted to mention that before we wrap up here, was there anything else that. That came up this week that we didn't cover that seemed like it needed to be? I feel like we covered. [01:07:16] Speaker B: We. We cut. [01:07:16] Speaker A: We. [01:07:17] Speaker B: There was a lot of stuff this week. [01:07:19] Speaker A: It was a lot. [01:07:20] Speaker B: It started off slow, and then it just went crazy. [01:07:22] Speaker A: So nuts. Oh, you know what I forgot to mention, and I was going to mention it, last week we got a webinar. [01:07:27] Speaker B: This week we do. [01:07:28] Speaker A: It's crazy. Time flies. [01:07:30] Speaker B: Oh, man. [01:07:30] Speaker A: We got an all things cybersecurity webinar. Seems like it's been forever since our. [01:07:33] Speaker B: Last one, even though it's like, what, three or four weeks almost. [01:07:37] Speaker A: Yes. Yeah, it's crazy. Time flies. But we had Jerry on the show last month. Jerry Ozure that was a lot of fun. You can check that out if you missed it. But this Thursday, it's with Jacob Swinsinski of Dark Wolf. I believe his company that he's with. [01:07:50] Speaker B: He'S new blood on all things cyber. [01:07:52] Speaker A: Yeah. And he's closer to my age, I think. [01:07:54] Speaker B: Yeah, I think he's like 25, which. [01:07:56] Speaker A: Is kind of neat because we don't see a lot of guests in that age range, I feel like, because there's just not a lot of folks that are super well established in the cybersecurity space that are of that age. [01:08:03] Speaker B: Yeah. And he's a super cool guy. Has a really cool job. He's an exploit developer for Android systems. [01:08:10] Speaker A: Yeah, yeah. [01:08:11] Speaker B: So he basically looks into the Android operating system and Android based applications and looks for ways to create zero days. [01:08:20] Speaker A: Yeah. [01:08:21] Speaker B: And, yeah, so he's super smart kid. I was very impressed with him. And we got to talk at b sides. [01:08:28] Speaker A: There you go. [01:08:30] Speaker B: We met up, he was giving a talk. I was like, this is a great talk. This is really good. And we got to talk. And he told me he had watched my stuff when he was coming up, and he hasn't been in cybersecurity for very long. For him to go from, like, basically high school to now and get that cybersecurity career as far as he's coming, he's a real inspiration to a lot of people that are trying to get into. So I was like, I can't wait to. I want to have you on. He was like, I'd love to be on. So he's coming. He's going to be here. [01:08:57] Speaker A: Is he going to be remote or is he going to be in the studio? [01:08:59] Speaker B: Yeah, he'll be remote. [01:08:59] Speaker A: Okay. That's what I thought. Because I know we saw him at hacks base con because he's, like, not terribly far from. From that region, so. [01:09:06] Speaker B: Yeah. Which is right across the state from b sides, right? [01:09:09] Speaker A: Yeah. So it's Florida. [01:09:11] Speaker B: I talked him into Hackspacecon. He wasn't going to hack spacecon. [01:09:14] Speaker A: Oh, really? [01:09:14] Speaker B: You should totally go. [01:09:15] Speaker A: And that was like, just the week before hacks base, just the week before last minute. [01:09:18] Speaker B: So he got authorization from Dark Wolf. They were like, heck yeah, go. [01:09:21] Speaker A: Okay. [01:09:21] Speaker B: So Dark Wolf sent him. [01:09:23] Speaker A: Good on them. [01:09:24] Speaker B: Yeah. [01:09:24] Speaker A: Happy for him. [01:09:25] Speaker B: Dark Wolf has a lot of really great resources, by the way. [01:09:27] Speaker A: Yeah, I think they did like a talk at bsides, didn't they? Or I could be wrong, but yeah, I wouldn't follow some of their stuff on LinkedIn and pretty cool stuff. So that's going to be the day this episode is released. It's going to be the afternoon, 02:00 p.m. eastern time. And that'll be here on the YouTube channel. So, you know, you might as well just subscribe if you haven't already so that you don't miss it. [01:09:45] Speaker B: I mean, it's not difficult. [01:09:46] Speaker A: What do they say, hit the bell or something? [01:09:48] Speaker B: It doesn't cost you nothing. [01:09:49] Speaker A: Doesn't cost you nothing. And it brings a smile to our faces and in our hearts. [01:09:52] Speaker B: Angel gets his wings. [01:09:53] Speaker A: And every time you hit the notification bell. That's right, we hit one hundred fifty three k I think this past week. So it's cool to see more folks coming in and hopefully enjoying the news and being part of the community. Feel free to comment. Let us know what you liked about this episode, what you want to see in the future. We really hope you'll join us for that webinar. Thursday, 02:00 p.m. don't want to miss it. That's going to do it for this episode of Technado. Thank you so much, Daniel, for being back here in the studio with us. [01:10:16] Speaker B: Can't wait to do it again next week. [01:10:18] Speaker A: Can't wait to do it again next week. Same bad time, same bad channel. [01:10:20] Speaker B: Absolutely. [01:10:21] Speaker A: Thank you, of course, for joining us. And we'll see you next week. Thanks for watching. If you enjoyed today's show, consider subscribing so you'll never miss a new episode.

Other Episodes

Episode 362

May 29, 2024 01:10:21
Episode Cover

362: Biden Deepfake Robocaller Indicted! ($6 Million Fine?!)

This week on Technado, Google patched yet ANOTHER 0-day exploit - that's four this month, for those of you counting. Spyware program pcTattletale had...

Listen

Episode

January 22, 2018 00:59:20
Episode Cover

ITProTV Podcast 32: Week 3 in Review

Things have calmed down from the holidays and CES, allowing Peter and Don to get deeper into some cloud news, Apple ‘text bombs,’ and...

Listen

Episode 306

May 04, 2023 00:46:55
Episode Cover

Technado, Ep. 306: The Current Version of Windows 10 Will Be the Last

This week on Technado Sophie, Don, and special guest Anthony start off the show with an article about Microsoft ending support for Windows 10...

Listen