Video Episode: https://youtu.be/Lw7MiiRsuk0In today's episode, we discuss critical vulnerabilities in Progress Software's WhatsUp Gold requiring urgent patches, alongside freshly reported exploits in Linux's Common Unix Printing System. We also explore Meta's hefty €91 million fine for improperly storing plaintext passwords, and Microsoft’s revisions to the Copilot+ Recall feature after security concerns. Stay informed on these significant developments in software security and data...

Video Episode: https://youtu.be/LyKMiecH2Ms In today’s episode, we discuss critical vulnerabilities addressed by HPE Aruba Networking in its Access Points, which could allow remote code execution by unauthenticated attackers. We also cover alarming discoveries about Kia vehicles where hackers could take control using just license plates, and how Google’s shift to using memory-safe programming in Android has significantly reduced security vulnerabilities. Lastly, be informed about the ongoing...

Video Episode: https://youtu.be/gSEirErEqCs In today’s episode, we explore critical topics in cybersecurity, including expert tips for spotting phishing links leveraging tools like ANY.RUN’s Safebrowsing, the release of a proof-of-concept exploit for the critical SolarWinds Web Help Desk CVE-2024-28987 vulnerability, and Mozilla’s privacy complaint over its new tracking feature in Firefox. We also discuss CrowdStrike’s recent testimony regarding a major IT outage caused by a faulty update,...

Video Episode: https://youtu.be/_DKTFyP1bOM In today’s episode, we discuss Microsoft’s recent cybersecurity initiatives, including the appointment of deputy CISOs and the launch of the Cybersecurity Governance Council as part of their Secure Future Initiative to enhance internal security measures and reduce risks. We also explore the implications of ‘never expire’ passwords in cybersecurity, highlighting the potential risks while considering the practicality of password policies....

Video Episode: https://www.youtube.com/watch?v=-sAsXlXZixs In today’s episode, we discuss critical updates affecting cybersecurity and networking, including significant issues with macOS 15 ‘Sequoia’ impacting VPN and antivirus functionalities such as CrowdStrike Falcon and ESET Endpoint Security. We also cover Microsoft’s new Hotpatching feature in Windows Server 2025, enabling seamless security updates without restarts, and LinkedIn’s halting of AI data processing in the U.K. due to privacy...

Video Episode: https://youtu.be/wJO-8X_Wvww In today's episode, we discuss critical security updates from Adobe that address severe vulnerabilities in Acrobat and Reader, specifically CVE-2024-41869 and CVE-2024-45112, as well as the implications of a newly discovered PoC exploit. We also explore the rise of Vo1d malware, which has infected 1.3 million Android TV boxes globally, compromising outdated systems from various brands. Lastly, we cover GitLab's urgent advisory regarding a...

Video Episode: https://youtu.be/otdn468NX9Y In today's episode, we explore the alarming implications of a rogue WHOIS server exploited by Benjamin Harris, the CEO of watchTowr, enabling him to generate counterfeit HTTPS certificates and potentially manipulate thousands of servers. We also discuss new malicious tactics employed by the Lazarus Group, including fake coding tests for software developers to disseminate malware, and Microsoft's recent patch release addressing 79 vulnerabilities,...

In today's episode, we explore the alarming rise of sextortion and its devastating impact on individuals, families, and communities. We discuss recent cases involving Nigerian brothers sentenced for their role in the tragic death of a Michigan teenager, the emergence of sadistic sextortion targeting children in Australia, and new scams using personal information to exploit victims. Together, we shine a light on this critical issue, emphasize the importance of online safety, and share...

Video Episode: https://youtu.be/ECOVSA0MIyY In today's episode, we delve into the newly discovered EUCLEAK attack affecting YubiKey FIDO devices, emphasizing the potential for state-sponsored actors to exploit vulnerabilities in the Infineon SLE78 microcontroller. We also discuss Cisco's response to a backdoor found in the Smart Licensing Utility, a critical flaw that allows unauthorized admin access, and highlight the Revival Hijack supply-chain attack endangering over 22,000 PyPI...

Video Episode: https://youtu.be/oMptm-Oi1R4 In today’s episode of The Daily Decrypt, we tackle a high-profile case involving the City of Columbus and security researcher David Leroy Ross. Ross is facing a lawsuit and restraining order after revealing the true extent of a ransomware attack that the city had downplayed. Despite claims by Mayor Andrew Ginther that the stolen 6.5 terabytes of sensitive data were unusable due to encryption, Ross proved otherwise—highlighting that personal...

Video Episode: https://youtu.be/sUwjbJ_Uzm0 In today's episode, we explore the alarming rise of sophisticated cyber threats, starting with the exploitation of a 5-year-old zero-day vulnerability (CVE-2024-7029) affecting AVTECH IP cameras by the Corona Mirai-based malware botnet. We also analyze the tactics of the Russian APT29 group, which has been leveraging zero-day exploits against Mongolian government websites, using techniques akin to commercial spyware vendors. Finally, we explore...

Video Episode: https://youtu.be/3xUukOuwAV8 In today's episode, we explore the major cyber threats facing organizations, including the exploitation of a zero-day vulnerability (CVE-2024-39717) in Versa Director by state-sponsored actors, particularly focusing on its implications for managed service providers and ISPs. We also discuss the ongoing cyberattack at Seattle-Tacoma International Airport that has led to significant service outages and delays, and the alarming rise in a QR code...

In today's episode, we dive into significant cybersecurity developments including CISA's $524 million headquarters construction at the DHS campus, and the implications for infrastructure security. We also discuss the arrest of Telegram's founder Pavel Durov in France amidst rising concerns over content moderation failures, as well as the alarming use of AppDomain Injection in recent attacks deploying CobaltStrike beacons. Finally, we cover critical vulnerabilities identified in SolarWinds’...

In today's episode, we explore the alarming rise of NGate Android malware, which employs NFC technology to facilitate unauthorized ATM withdrawals from victims' bank accounts. We also discuss Google's urgent patch for the ninth Chrome zero-day vulnerability of 2024, addressing serious security flaws that could allow attackers to exploit devices. Plus, we cover the sentencing of Jesse Kipf, who faked his death through cyber intrusions to evade child support obligations. Video Episode:...

In today's episode, we discuss CrowdStrike's response to "shady commentary" from competitors following a significant IT outage that affected millions of devices and led to a loss of market value. We also explore the repercussions of a recent Microsoft update that malfunctioned in dual-boot systems, causing failure to boot for many Linux users, and uncover new macOS malware, TodoSwift, linked to North Korean hacking groups. Additionally, we highlight a critical vulnerability in the GiveWP...

In today's episode, we explore the critical challenges to AI adoption revealed by CISOs, including data privacy concerns, insufficient staff skills, and misaligned organizational priorities, as highlighted in a new survey by Tines. We also discuss how security leaders can address these blockers by leveraging automation, strategic alignment, and continuous training. Additionally, we delve into the rise of malware such as FakeBat, recent data breaches affecting FlightAware and National Public...

In today's episode, we explore the latest cybersecurity issues, including Sophos' discovery of the new EDRKillShifter utility used in RansomHub ransomware attacks, vulnerabilities in Microsoft's Azure Health Bot Service, and the implications of the recent CrowdStrike outage. We also discuss the White House's $11M plan to enhance open-source security, emphasizing the importance of robust protective measures and collaboration. Tune in to stay informed on the evolving landscape of cybersecurity...

In today's episode, we explore the rapid adaptation of phishing attacks driven by AI and Phishing as a Service, examine the vulnerabilities in Solarman and Deye solar systems that could lead to power disruptions, and analyze the recent hack targeting the Trump 2024 campaign. We discuss how phishing attacks are leveraging events like the CrowdStrike BSOD, the 2024 Olympics, and UEFA Euro 2024, threatening businesses and individuals alike. Understand how threat actors exploit technological...

In today's episode, we dive into security vulnerabilities affecting Roundcube Webmail, Progress WhatsUp Gold, and Microsoft 365, discussing how flaws such as CVE-2024-42008, CVE-2024-4885, and a bypass method using CSS could allow attackers to steal sensitive information or execute remote code. We also explore the innovative Linux kernel exploitation technique "SLUBStick," which elevates limited heap vulnerabilities to arbitrary memory read-and-write capabilities, potentially leading to...

In today's episode, we dive into CrowdStrike's refutation of Delta Air Lines' claims over the recent IT failure, the recent surge of Magniber ransomware attacks targeting home users worldwide; we explore how Chinese APT group StormBamboo compromised an ISP to deliver malware, and discuss newly uncovered vulnerabilities in Microsoft Windows Smart App Control and SmartScreen. Join us for this deep dive into current cybersecurity threats and incidents. Video Episode:...

In today's episode, we uncover the CrowdStrike outage's silver linings, delve into Microsoft’s warning about VMware ESXi authentication bypass exploits, expose the Proofpoint email routing flaw used in massive spoofed phishing campaigns, and explore the creation of 3,000 fake GitHub accounts by Stargazer Goblin for malware distribution. 00:00 - Intro 01:14 - Ransomware gangs exploit VMware ESXi 03:02 - Proofpoint Flaw Exploited for EchoSpoofing Phishing Campaign 05:12 - Stargazer...

In today's episode, we delve into a security flaw in WhatsApp for Windows that allows Python and PHP scripts to execute without warning, a new malicious PyPI package targeting macOS for stealing Google Cloud credentials, and how cybercriminals bypassed Google's email verification to exploit Google Workspace accounts. Additionally, we explore the controversial use of AI surveillance at the Paris 2024 Olympics, examining its possible long-term impacts on privacy and security. Stay tuned as we...

In today's episode, we discuss Google Chrome's new download warnings for risky password-protected archives, the incident involving KnowBe4 mistakenly hiring a North Korean hacker leading to an infostealer attack, and CrowdStrike's software crash attributed to an undetected error in their testing infrastructure. Video Episode: https://youtu.be/G5tlyuMPFVw 00:00 - Intro 01:28 - CrowdStrike Testing Errors 04:17 - KnowBe4 Hires North Korean Spy 06:19 - Chrome's New AI-Powered...

In today's episode, we explore US sanctions on Russian hacktivists from the Cyber Army of Russia Reborn (CARR) for cyberattacks on critical infrastructure and Google's surprising decision to halt phasing out third-party cookies in Chrome. We also explore the emergence of the new ICS malware 'FrostyGoop' targeting critical infrastructure and a Telegram zero-day vulnerability dubbed 'EvilVideo' that enabled attackers to disguise malicious Android APKs as video files. 00:00 - Intro 01:14 -...

In today's episode, we dissect CrowdStrike's recent Falcon platform update for Windows that inadvertently triggered system crashes, impacting customers globally (https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/). We also explore how cybercriminals exploited this mishap to distribute Remcos RAT malware in LATAM (https://thehackernews.com/2024/07/cybercriminals-exploit-crowdstrike.html) and discuss the UK arrest of a suspected Scattered Spider hacker linked to...