Trust Exploited: Unpacking the macOS Malware Attacking Ledger Wallets

Daily Security Review

Player FM - Internet Radio Done Right

הוסף לפני nineteen שבועות

תוכן מסופק על ידי Daily Security Review. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Daily Security Review או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

Species Unite

1
Reuven Bank and Andrew Kim: When the Ocean Lost Its Stars 30:54

לפני 9 ימים30:54

הפעל מאוחר יותר

רשימות

לייק

אהבתי

30:54

לפני 28 ימים 25:57

MP3•בית הפרקים

A growing cyber threat is targeting macOS users who rely on Ledger cold wallets to secure their cryptocurrency. In this episode, we dissect the anti-Ledger malware campaign—an increasingly sophisticated phishing operation that impersonates the trusted Ledger Live application to trick users into revealing their 24-word recovery phrases. Once entered, these phrases give attackers full access to empty the victims’ wallets.

We examine how this threat evolved from simple data-stealing to focused seed phrase phishing. From the "Odyssey" stealer introduced by the threat actor Rodrigo to the infamous Atomic macOS Stealer (AMOS), this malware ecosystem now includes advanced evasion tactics, realistic UI clones, and deceptive error messages designed to lure users into handing over their credentials.

We also discuss the techniques these malware variants use—such as fake DMG installers, malvertising, Terminal-based execution bypasses, and phishing overlays—and highlight how cybercriminals are exploiting trust in cold wallet systems to bypass traditional defenses. Plus, we spotlight emerging threats like "mentalpositive" and the dark web chatter about an evolving anti-Ledger market.

Whether you're a crypto enthusiast or just concerned about digital hygiene, this episode offers critical insight and actionable advice to help you avoid becoming the next victim of this dangerous campaign.

149 פרקים

#Tech #News #Tech News #Daily Security Review

Trust Exploited: Unpacking the macOS Malware Attacking Ledger Wallets

Daily Security Review

published לפני 28 ימים

שתפו

MP3•בית הפרקים

149 פרקים

#Tech #News #Tech News #Daily Security Review

כל הפרקים

Daily Security Review

1
Over 1,500 Minecraft Users Infected in Stargazers Ghost Malware Campaign 55:17

לפני 1 hour55:17

55:17

A malware distribution network hiding in plain sight — on GitHub. This episode unpacks the Stargazers Ghost Network , a massive Distribution-as-a-Service (DaaS) infrastructure run by a threat actor known as Stargazer Goblin . Using over 3,000 GitHub accounts , this operation pushes dangerous information-stealing malware disguised as legitimate game mods and cracked software, particularly targeting communities like Minecraft players . At the center of the campaign are well-known infostealers such as Atlantida , Rhadamanthys , RisePro , Lumma , and RedLine . The delivery mechanism? Sophisticated Java-based loaders , GitHub phishing repositories , and links embedded across platforms like Twitch, TikTok, YouTube, and Discord . Key insights we explore: 🎯 Targeted deception: Modded Minecraft downloads hiding Java loaders that drop multiple stealers 💸 Financial motivation: An estimated $100,000 earned by Stargazer Goblin through stolen data 🧠 Social engineering: Repository stars, forks, and watchers used to appear trustworthy 🧪 Anti-analysis: Malware designed to evade detection with anti-VM and anti-sandbox techniques 🔐 Data exfiltration: Passwords, cookies, crypto wallets, VPN credentials, Discord tokens, and more 🌍 Attribution: Russian-language artifacts and UTC+3 activity suggest a Russian-based operator We also explore how GitHub’s platform was exploited , the use of password-protected archives to bypass scans, and the tiered account structure that allows malicious repositories to reappear even after bans. With GitHub being abused at this scale — and over 1,500 Minecraft users already infected — this case is a wake-up call for both platforms and end users. The combination of malware-as-a-service (MaaS) and DaaS delivery is lowering the bar for cybercriminals and increasing the risk for everyone online. #StargazersGhost #GitHubMalware #Infostealers #StargazerGoblin #MinecraftMalware #RedLine #Rhadamanthys #LummaStealer #AtlantidaStealer #JavaMalware #MalwareCampaign #CybersecurityPodcast #DaaS #MaaS #InfoSec #GamingCyberThreats #DiscordMalware…

Daily Security Review

1
Weaponized GitHub Repositories: How Banana Squad and Water Curse Are Hitting Devs 45:59

לפני 4 hours45:59

45:59

Cybercriminals are increasingly turning GitHub into a malware distribution network. In this episode, we unpack two of the most alarming recent campaigns: Water Curse and Banana Squad — both targeting developers, red teams, and security professionals through poisoned open-source projects. Water Curse, a financially motivated group, used at least 76 GitHub accounts to deliver multistage malware hidden inside project configuration files of tools like Sakura-RAT. These payloads deploy obfuscated VBS and PowerShell scripts , perform system reconnaissance , and disable recovery mechanisms like shadow copies. The malware, tracked as Backdoor.JS.DULLRAT.EF25 , allows long-term remote access and data exfiltration via services like Telegram. Banana Squad, meanwhile, deployed over 60 fake repositories containing trojanized Python scripts masked as ethical hacking tools. Using visual obfuscation tricks, they pushed malicious code off-screen in the GitHub UI to avoid detection — a tactic that worked until automated tools caught the behavior. Both groups are part of a broader trend: cybercriminals leveraging Malware-as-a-Service (MaaS) platforms to outsource infrastructure, scale their operations, and target critical parts of the software supply chain . Developers, security teams, and even gamers are now at risk — not through phishing emails, but by trusting what they download from legitimate platforms. We also explore how MaaS lowers the technical barrier for attackers and discuss the critical need for secure software development, SBOM transparency , and active code validation. This isn’t a theoretical threat. It’s a shift in the way malware is built, delivered, and scaled — and it’s already compromising environments in plain sight. #GitHubMalware #WaterCurse #BananaSquad #SoftwareSupplyChain #MaaS #OpenSourceSecurity #PythonMalware #BackdoorJS #Cybersecurity #DeveloperSecurity #Infosec #VisualStudioMalware #TrojanizedCode #GitHubSecurity #CodeTrustCrisis…

Daily Security Review

1
Chain IQ Breach Exposes UBS & Pictet Employee Data: A Supply Chain Failure 1:05:22

לפני 4 hours1:05:22

1:05:22

A single vendor was compromised — and suddenly, internal records from UBS, Pictet, Manor, and Implenia were leaked. The Chain IQ cyberattack is a textbook example of how fragile the digital supply chain has become. This episode dissects the breach that exposed names, roles, phone numbers, even CEO contact details of over 137,000 UBS employees, and 230,000 lines of internal billing data from Pictet, including expenses ranging from hotel stays to pottery purchases. While client data remained untouched, the exposure of employee and operational data is alarming. The attack was carried out by World Leaks — formerly known as Hunters International — a group known for data theft and public extortion, not encryption. Their tactics reflect the evolving nature of supply chain threats, where trust in vendors is weaponized and internal data becomes a high-value target. We go beyond the breach and explore: 🔹 How 62% of supply chain attacks exploit trust in third-party providers 🔹 Why 66% of suppliers don't even know how they were compromised 🔹 The massive industry ripple effect, with Chain IQ’s clients including FedEx, IBM, Swiss Life, AXA, Swisscom, and KPMG 🔹 What organizations should be doing now — from vendor due diligence and access minimization to continuous risk monitoring 🔹 Why employee data security must be treated as business-critical We also break down essential defense and recovery strategies — including zero trust access, contractual audit clauses, IAM, vulnerability patching, and a Plan-Do-Check-Act cycle for full-spectrum supply chain security. The Chain IQ breach isn’t just a warning — it’s a case study in what happens when your cybersecurity depends on someone else's. #ChainIQBreach #UBSLeak #SupplyChainAttack #PictetBreach #WorldLeaks #Cybersecurity #VendorRisk #DataLeak #ThirdPartySecurity #CyberAttack #EmployeeDataExposure #InfoSec #IncidentResponse #FinancialSectorSecurity #DigitalTrust…

Daily Security Review

1
Oxford City Council Breach Exposes 21 Years of Data 35:51

לפני 7 hours35:51

35:51

State and local governments are under cyber siege. In this episode, we break down how and why these public institutions have become top targets for attackers — and why the threats are getting worse. Digitization is expanding public access to services, but it's also opening new doors for threat actors. Many local authorities still rely on legacy IT systems, outdated operating systems, and unsupported software — leaving them vulnerable to ransomware, phishing, impersonation, and supply chain exploits. The rise in attacks isn’t hypothetical: cyber data breaches in UK local councils have surged by nearly 400% in just three years. We examine key reasons for the surge: 🔸 Outdated infrastructure and tight budgets 🔸 Rampant phishing and email impersonation 🔸 Ransomware that paralyzes city services and steals citizen data 🔸 Weak oversight of third-party vendors and digital service providers 🔸 A lack of board-level responsibility and incident response planning The consequences aren’t just operational. Citizens are losing jobs, facing housing instability, and experiencing long-term harm due to the exposure of sensitive personal data. In the case of Oxford City Council, 21 years of historical data were compromised — impacting both current and former council employees. Although no large-scale data extraction has been confirmed, investigations are ongoing. Across the UK, councils have reported more than 12,700 breaches in three years, with over £260,000 paid in legal claims and compensation. High-profile incidents, such as the Capita breach and the Metropolitan Police supplier compromise, highlight a growing trend: third-party vendors are becoming major points of failure. We also discuss the lack of proactive cybersecurity measures. Most public bodies don’t regularly assess supply chain risks or re-evaluate vendor contracts. In many cases, cybersecurity is still not a board-level priority, especially for smaller agencies operating with limited resources. This episode explores what needs to change — from upgrading legacy systems to enforcing third-party risk management and creating a culture of privacy and accountability. Cybersecurity isn’t just a technical issue anymore. It’s public safety, trust, and governance at stake. #CyberSecurity #DataBreach #PublicSectorSecurity #Ransomware #OxfordDataBreach #CapitaBreach #LocalGovernment #InfoSec #DigitalTrust #PrivacyMatters #CyberAttack #SupplyChainRisk…

Daily Security Review

1
Citrix NetScaler Flaws Expose Enterprise Networks: CVE-2025-5349 & CVE-2025-5777 38:12

לפני 22 hours38:12

38:12

Two newly disclosed critical vulnerabilities— CVE-2025-5349 and CVE-2025-5777 —have put Citrix NetScaler ADC and Gateway deployments at serious risk, exposing enterprise environments to potential data breaches and service disruptions. These flaws underscore the persistent challenges facing infrastructure teams, especially when balancing security patching with service availability. We dive deep into: 🔍 The technical mechanisms behind the NetScaler vulnerabilities and why they’re considered high risk ⚙️ The real-world difficulties of patching Citrix environments , including long installation times, session disruption concerns, and HA strategy failures 🛠️ Staged patching techniques , including gold image refresh for MCS, traffic redirection using VIP isolation, and Citrix’s official upgrade flow 🔒 A breakdown of the AAA (Authentication, Authorization, Accounting) model and its relevance for secure VPN access 🧠 Broader lessons from CWE-125 (Out-of-Bounds Read) and how SAST, SCA, and code reviews help developers catch software vulnerabilities before they reach production This episode ties together software security principles with enterprise infrastructure reality , highlighting how missteps in either domain can leave organizations exposed. Whether you're managing Citrix infrastructure or building secure software, this conversation bridges the gap between theory and practice.…

Daily Security Review

1
GerriScary: How CVE-2025-1568 Threatened Google’s Open-Source Supply Chain 35:21

לפני 1 day35:21

35:21

CVE-2025-1568, dubbed "GerriScary" , has shaken the open-source ecosystem by exposing a fundamental weakness in Google’s Gerrit code review system—one that could have enabled attackers to infiltrate 18 of Google’s most widely used open-source projects, including Chromium, ChromiumOS, Dart , and Bazel . This episode breaks down how the vulnerability was discovered by researchers at Tenable using a subtle but powerful HTTP status code fingerprinting technique . A simple 209 response exposed whether a user had the “addPatchSet” permission on a given project. That small indicator opened the door to a potentially massive software supply chain compromise , allowing malicious patchsets to be injected silently into production workflows. We also explore the broader threat landscape with critical and actively exploited vulnerabilities , such as: 🔓 CVE-2023-0386 – A Linux kernel flaw exploited for root access 🧨 CVE-2025-23121 – Remote code execution on Veeam Backup Server 💣 CVE-2025-2783 – A Google Chrome zero-day used by the Trinper backdoor 📡 CVE-2023-33538 – Command injection in TP-Link routers, actively exploited 🔥 CVE-2024-1086 – Use-after-free in Linux netfilter, leading to system takeover From hardcoded keys in enterprise tools to command injections in home routers, we highlight how poor development practices continue to fuel real-world threats. But this isn't just about reacting to flaws. We dissect the NIST Secure Software Development Framework (SSDF) , now more relevant than ever. You’ll learn how the SSDF’s four core areas— Prepare, Protect, Produce, and Respond —provide a practical roadmap to building secure software, preventing flaws like GerriScary, and rapidly responding when the next critical CVE emerges. Whether you’re a software engineer, CISO, or security architect, this episode offers a grounded and urgent look at the real-world risks of unpatched systems, insecure third-party dependencies, and weak DevSecOps discipline —and how to fix them.…

Daily Security Review

1
Cisco & Atlassian Under Fire: High-Severity Flaws and What’s at Risk 53:38

לפני 1 day53:38

53:38

Cisco and Atlassian have both released urgent security advisories in response to newly discovered high-severity vulnerabilities—and the implications are serious. Cisco’s firmware flaws impact Meraki MX and Z Series devices running AnyConnect VPN. A bug in the SSL VPN process allows authenticated attackers to crash the VPN server, causing repeated denial-of-service conditions. Cisco ClamAV also contains heap-based buffer overflow vulnerabilities that could crash antivirus defenses simply by scanning a malicious file. Proof-of-concept exploit code is already circulating—making exploitation only a matter of time. Atlassian isn’t faring much better. Their June 2025 bulletin disclosed 13 high-severity vulnerabilities across Bamboo, Bitbucket, Confluence, Jira, Crowd, and Service Management. Many of these are rooted in third-party dependencies like Netty, Apache Tomcat, and Spring Framework. From improper authorization to remote code execution and denial of service, the risks span multiple vectors. This episode breaks down: 🔧 Cisco CVEs (2025-20212, 2025-20271, 2025-20128, 2025-20234) 🛑 How malformed VPN attributes trigger a system crash 🧪 The risk of crashing ClamAV with OLE2 content 📦 Atlassian’s dependency-driven vulnerabilities (CVE-2025-22228, CVE-2024-47561, CVE-2024-39338 and more) 🔁 The challenges of managing firmware updates across Meraki networks 💣 The broader danger of unpatched systems and third-party bloat 📉 Real-world fallout: from Equifax to ProxyShell ☁️ Shared responsibility in cloud environments and how institutions often misinterpret it If you're running Cisco hardware, using Atlassian platforms, or relying on open-source libraries, this episode shows why you must have a clear patching strategy, strong third-party oversight, and internal security validation—before attackers find the gaps for you.…

Daily Security Review

1
Double Extortion, Biometric Data, and Donuts: How Play Ransomware Hit Krispy Kreme 50:51

לפני 1 day50:51

50:51

A deep dive into one of the most aggressive ransomware groups operating today— Play —and their latest high-profile target: Krispy Kreme . Operating since 2022, the Play ransomware group has become notorious for its double extortion model , where sensitive data is exfiltrated before systems are encrypted. Victims are pressured not just by digital ransom notes but also through direct phone calls to company lines, creating a highly aggressive and disruptive extortion cycle. Play has targeted over 900 entities globally , from government institutions to media outlets and, most recently, the food industry. In November 2024, Krispy Kreme was forced to shut down online ordering in parts of the U.S. after detecting unauthorized access to its systems. The Play group claimed responsibility. Stolen data reportedly included names, Social Security numbers, banking credentials, biometrics , and even military IDs —a scale and sensitivity that elevates this attack far beyond typical retail breaches. We break down: 📛 The origins and global targeting footprint of Play ransomware 📤 Their TTPs: dynamic compilation, intermittent encryption, WinRAR compression, and data exfiltration via WinSCP ☎️ Their use of direct communication, including threatening phone calls to corporate numbers 🧠 Their links to Russian-affiliated cyber actors and similarities to other ransomware variants like Hive and Nokoyawa 🧬 The specific operational and reputational damage inflicted on Krispy Kreme 💥 The unique risks of biometric data exposure in ransomware cases 🛡️ Critical cybersecurity recommendations from CISA, including segmentation, offline backups, EDR, and least-privilege access 🧪 How businesses—regardless of industry—must rethink cybersecurity resilience in the face of industrialized extortion models Whether you're in tech, retail, or public infrastructure, this is a wake-up call: ransomware doesn’t discriminate by sector—it hunts for scale, pressure points, and poor preparation . #Ransomware #PlayRansomware #KrispyKremeHack #CyberSecurity #DoubleExtortion #DataBreach #InfoSec #CISA #HunterInternational #BiometricDataBreach #RetailSecurity #PodcastCybersecurity #CyberAttack #RansomwareTTPs #MITREATTACK…

Daily Security Review

1
Archetyp Market Seized: €250M Drug Empire Toppled by Operation Deep Sentinel 54:53

לפני 3 ימים54:53

54:53

In this episode, we unpack the dramatic takedown of Archetyp Market , a darknet marketplace that dominated the online drug trade since its launch in May 2020. With over €250 million ($290 million) in drug transactions, more than 600,000 users , and 17,000 listings , Archetyp wasn’t just another darknet forum—it was the largest dedicated drug market on the Tor network by 2024. The operation that brought it down, Operation Deep Sentinel , was a five-nation law enforcement effort led by Germany’s BKA , coordinated by Europol and Eurojust , and supported by the United States. Between June 11–13, 2025, authorities arrested the alleged German administrator in Barcelona , one moderator, and six top vendors. They also seized €7.8 million in assets , including crypto wallets, luxury vehicles, and the market’s backend infrastructure hosted in the Netherlands. This was the culmination of years of cyber-forensics, financial tracing, and cross-border intelligence work . But the story doesn’t stop with the arrests. We explore the deeper implications: how digital drug markets continue to evolve, why users easily migrate after shutdowns, and how operations like this shape law enforcement’s long-term cybercrime strategy. We’ll also touch on the philosophical roots of Archetyp’s founder—who modeled the site after Silk Road , with the aim of supporting drug liberalization in Europe—and why this ideological undertone didn't stop the authorities from dismantling the platform piece by piece. Tune in as we analyze the fall of Archetyp, the future of darknet markets, and the growing role of international cybersecurity cooperation in this high-stakes game of cat and mouse.…

Daily Security Review

1
KillSec Exploits Zero-Day to Breach Ocuco: 241K Patients Exposed 1:07:13

לפני 3 ימים1:07:13

1:07:13

In this episode, we break down one of 2025’s most significant healthcare cybersecurity incidents: the ransomware attack on Ocuco, a global eyecare software provider. On April 1st, 2025, threat actors from the KillSec ransomware group exploited CVE-2024-41197 — a critical authentication bypass in Ocuco’s INVCLIENT.EXE — to gain Administrator-level access and exfiltrate over 340GB of sensitive data , including patient names, SSNs, driver’s license numbers, and financial records. KillSec, a group known for combining ransomware with ideological messaging, claimed responsibility via their dark web leak site. Despite positioning themselves as hacktivists, their modus operandi follows a double extortion model , typical of financially motivated groups. Their tactics reflect a larger 2024–2025 trend: politically charged language masking ransom demands. We dive into the technical details of CVE-2024-41197, a zero-day (or possibly N-day) vulnerability with a CVSS score of 9.8 that allowed unauthenticated remote code execution. Ocuco learned of the breach the same day KillSec publicized it, and the company later reported the incident to the U.S. HHS and Ireland’s DPC under GDPR obligations. This episode also connects the dots across broader healthcare cybersecurity trends. With 458 ransomware attacks tracked in healthcare in 2024, and groups like LockBit 3.0, RansomHub, and BianLian still active, this incident reflects the sector's growing exposure to zero-day exploits, supply chain flaws, and AI-augmented social engineering. We end with a focused discussion on prevention: how organizations can strengthen software supply chain defenses, implement DevSecOps practices, and prepare breach response plans that comply with GDPR and HIPAA alike.…

Daily Security Review

1
DragonForce Ransomware: The Evolving Threat to Healthcare Data 39:12

לפני 3 ימים39:12

39:12

In this episode, we dive deep into the current state of cybersecurity in healthcare, where the growing sophistication of cyber threats has led to increasingly devastating breaches. We begin with a close look at the rise of Ransomware-as-a-Service (RaaS), focusing on DragonForce, a ransomware group that has transitioned from politically motivated attacks to financially-driven extortion campaigns. With their dual-extortion tactics, DragonForce is not just locking data but threatening to release stolen information, significantly amplifying the risk to healthcare organizations. The conversation then shifts to the real-world impact of cybercrime on healthcare. Data breaches do more than cause financial losses—they erode patient trust, which is crucial for effective healthcare delivery. Patients often experience fear and anxiety after their personal information is exposed, which can lead to a reluctance to share vital health details, ultimately impacting patient outcomes. We’ll also explore critical preventive measures and response strategies that healthcare organizations must adopt to safeguard sensitive data. From multi-layered phishing prevention tactics to robust incident response plans, these best practices are essential for maintaining the integrity and confidentiality of patient information. Finally, we discuss the importance of rebuilding trust in the wake of a breach, with practical recommendations for transparent breach reporting and fostering a culture of cybersecurity awareness. Tune in for expert insights on how healthcare can defend against these persistent threats and recover swiftly when the inevitable happens.…

Daily Security Review

1
Google’s $32B Bid for Wiz Faces DOJ Fire: A Cloud Security Power Play or Market Grab? 1:02:01

לפני 3 ימים1:02:01

1:02:01

In this episode, we break down the seismic implications of Google’s proposed $32 billion acquisition of Wiz , the world’s largest cybersecurity unicorn—and why this isn’t just another tech deal. At the core is the U.S. Department of Justice's antitrust investigation , triggered by concerns that the deal could tighten Google’s grip on a critical sector: multi-cloud cybersecurity . With Wiz already serving 40% of the Fortune 100 and boasting $500M in ARR, the acquisition could position Google as a dominant force in cloud-native application protection—potentially squeezing competitors and reshaping the market. We examine what’s driving this mega-deal, from Google’s desire to compete with Microsoft Defender for Cloud, to its push for a unified security stack that spans AWS, Azure, and Oracle Cloud. We also look at the staggering $3.2B breakup fee —10% of the deal value—which suggests that both companies anticipated regulatory roadblocks . This isn’t happening in a vacuum. We contextualize the deal within broader M&A trends in 2025 , including evolving deal structures, regional regulatory crackdowns in Europe and China, and a shifting landscape under the Trump administration in North America. Plus, we explore the booming cloud security market , projected to hit $270B by 2035, and what the DOJ’s actions could mean for future cloud M&A. Finally, we explore counterpoints from the UK's Cloud Services Market Report, which suggests that the cloud landscape remains competitive globally, with price wars, strong buyer power, and plenty of innovation. So is the DOJ overreacting—or is Google really aiming to own the future of cybersecurity? 📌 Topics covered: 🧠 Why Wiz became the crown jewel of cloud security 💰 The motivations behind Google’s biggest acquisition ever ⚖️ The DOJ’s case and the growing wave of antitrust scrutiny 🌍 Regional M&A shifts in the US, Europe, and China 📉 Price wars, competition, and market structure in cloud services 🛡️ The future of multi-cloud security, and who really controls it…

Daily Security Review

1
SimpleHelp Exploit Fallout: Ransomware Hits Utility Billing Platforms 1:03:42

לפני 4 ימים1:03:42

1:03:42

In this critical episode, we dive into the alarming exploitation of CVE-2024-57727, a vulnerability in SimpleHelp Remote Monitoring and Management (RMM) software actively leveraged by ransomware operators since early 2025. This isn't just a theoretical risk—it's already being used to compromise utility billing providers and downstream MSP customers through double extortion tactics. We examine how the trusted capabilities of RMM tools—remote control, patching, and backup—are being weaponized in Living Off the Land (LOTL) attacks, allowing adversaries to maintain persistence, evade detection, and move laterally across networks with ease. With input from CISA, NSA, FBI, MS-ISAC, and INCD, we explore why RMM platforms like SimpleHelp have become high-value targets and what this means for IT, OT, and ICS environments. The discussion covers: 🛠️ What makes RMM software such a potent attack vector ⚠️ The details and real-world impact of CVE-2024-57727 🔐 CISA’s recommended mitigations—from network segmentation to MFA, application controls, and zero-trust policies 📉 Supply chain risk: How MSP compromise can cascade across client networks 🧰 Detection techniques and critical indicators of compromise for SimpleHelp instances 🛡️ Why developers, MSPs, and SaaS providers must adopt security-by-design, auditable logging, and privilege minimization This episode is a must-listen for IT admins, MSPs, SOC teams, software vendors, and cybersecurity professionals tasked with protecting remote infrastructure. If your organization uses or builds RMM software—don’t miss this briefing.…

Daily Security Review

1
TeamFiltration and Token Theft: The Cyber Campaign Microsoft Never Saw Coming 1:01:04

לפני 4 ימים1:01:04

1:01:04

In this episode, we dissect UNK_SneakyStrike—a major account takeover campaign targeting Microsoft Entra ID users with precision and scale. Tracked by Proofpoint, this campaign began in December 2024 and has since escalated, leveraging TeamFiltration, a legitimate penetration testing tool, to enumerate users and launch password spraying attacks that have compromised over 80,000 accounts across 100+ cloud tenants. We explore how attackers are weaponizing red team tools, abusing Microsoft Teams and OneDrive APIs, and even exploiting refresh tokens for persistent access—turning standard identity infrastructure into their playground. With origins traced to AWS infrastructure in the U.S., Ireland, and the UK, the campaign represents a dangerous convergence of identity-based threats, cloud misconfigurations, and cross-cloud attack surfaces. Join us as we walk through: 🔹 The operational characteristics and attack patterns of UNK_SneakyStrike 🔹 Why password spraying remains effective—and undetected—in the cloud 🔹 How Microsoft Entra’s gaps, like token handling and user enumeration exposure, played a role 🔹 Real-world risks: unauthorized access, lateral movement, and long-term persistence 🔹 The importance of multi-factor authentication, Zero Trust, real-time threat intelligence from AWS's MadPot and Mithra, and security hygiene 🔹 Concrete mitigation strategies to reduce exposure to identity-focused attacks This is a must-listen for IT admins, CISOs, cloud security professionals, and anyone responsible for protecting digital identities in Microsoft and hybrid cloud environments.…

Daily Security Review

1
Three CVEs, One Risk: Arbitrary Code Execution in Nessus Agent for Windows 44:04

לפני 4 ימים44:04

44:04

In this episode, we dive deep into one of the most critical attack techniques in modern cyber warfare: privilege escalation—and how it recently hit center stage with three high-severity vulnerabilities discovered in Tenable’s Nessus Agent for Windows. We break down CVE-2025-36631, CVE-2025-36632, and CVE-2025-36633, which, when exploited, allow a non-administrative user to gain SYSTEM-level access, execute arbitrary code, delete critical files, or overwrite system content. These vulnerabilities, patched in version 10.8.5 of Nessus Agent, represent a textbook example of how privilege escalation paves the way for arbitrary code execution (ACE) and potential ransomware deployment. In the second half of the episode, we unpack: 🛠️ What privilege escalation is, including vertical and horizontal types 📊 Real-world exploitation paths on Windows systems 🔐 Why tools like BloodHound, winPEAS, and PowerUp are favorites among threat actors 📉 The security impact of misconfigured services, overprivileged accounts, and weak registry settings ✅ And most importantly: what your organization can do to detect, prevent, and mitigate privilege escalation attacks before they spiral out of control With privilege escalation playing a central role in everything from data breaches to ransomware infections, this episode is a must-listen for IT admins, security professionals, and anyone responsible for hardening their organization’s defenses. 🔄 Don't forget to patch your Nessus Agents, enforce least privilege, and audit your environments regularly.…

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.

תקשיבו ל-500+ נושאים

דומה לDaily Security Review

Amazon eGift Card - Amazon Logo (Animated)

Dr. Elsey's Ultra UnScented Clumping Clay Cat Litter 40 lb. Bag

Amazon Basics Multipurpose Copy Printer Paper, 8.5 x 11 inches, 20 lb, 1 Ream, 500 Sheets, 92 Bright, White

פודקאסטים ששווה להאזין

Daily Security Review « » Trust Exploited: Unpacking the macOS Malware Attacking Ledger Wallets

Trust Exploited: Unpacking the macOS Malware Attacking Ledger Wallets

פודקאסטים ששווה להאזין

ברוכים הבאים אל Player FM!

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

Command 20 lb XL Heavyweight Picture Hanging Strips 16 Pairs (32 Command Strips), Damage Free Hanging Picture Hangers, Heavy Duty Wall Hanging Strips for Home Decor, White Adhesive Strips

Clean Skin Club Clean Towels XL™, 100% USDA Biobased Face Towel, Disposable Face Towelette, Eczema Association Accepted, Makeup Remover Dry Wipes, Ultra Soft, 50 Ct, 1 Pack

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

דומה לDaily Security Review

מדריך עזר מהיר

Daily Security Review « »
Trust Exploited: Unpacking the macOS Malware Attacking Ledger Wallets