Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Player FM - Internet Radio Done Right
Checked 13h ago
Added twenty-two weeks ago
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
Similar to Daily Security Review
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k
200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
))
Daily Deals
Malware-as-Code: The Rise of DaaS on GitHub and the Collapse of Open-Source Trust
Manage episode 487303170 series 3645080
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
In this episode, we dissect one of the most sophisticated ongoing cybercrime trends—malware campaigns weaponizing GitHub repositories to compromise developers, gamers, and even rival hackers. By abusing GitHub’s search functionality and reputation signals, threat actors are pushing backdoored code under the guise of popular tools, game cheats, and exploit kits. These malicious repositories often look legitimate, complete with automated commits, fake contributors, and modest star counts to avoid suspicion.
We explore how Distribution-as-a-Service (DaaS) operations are driving these attacks, significantly lowering the barrier to entry for cybercriminals. Notable actors like “ischhfd83” and the “Stargazer Goblin” group have maintained thousands of malicious repositories, many embedding backdoors via PreBuild events, Python obfuscation, and Unicode deception techniques. Their payloads include info-stealers like Lumma and RATs like Remcos, with command-and-control often running through Telegram.
We also examine the implications of the Coinbase-linked cascading supply chain attack, how even cybercriminals are falling victim, and what developers and security teams need to do now to detect red flags, verify source code, and stop blindly trusting stars and search rankings. If you’re relying on open-source tools, this episode could save you from compiling your next compromise.
196 episodes
ShareManage episode 487303170 series 3645080
Content provided by Daily Security Review. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Daily Security Review or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.
In this episode, we dissect one of the most sophisticated ongoing cybercrime trends—malware campaigns weaponizing GitHub repositories to compromise developers, gamers, and even rival hackers. By abusing GitHub’s search functionality and reputation signals, threat actors are pushing backdoored code under the guise of popular tools, game cheats, and exploit kits. These malicious repositories often look legitimate, complete with automated commits, fake contributors, and modest star counts to avoid suspicion.
We explore how Distribution-as-a-Service (DaaS) operations are driving these attacks, significantly lowering the barrier to entry for cybercriminals. Notable actors like “ischhfd83” and the “Stargazer Goblin” group have maintained thousands of malicious repositories, many embedding backdoors via PreBuild events, Python obfuscation, and Unicode deception techniques. Their payloads include info-stealers like Lumma and RATs like Remcos, with command-and-control often running through Telegram.
We also examine the implications of the Coinbase-linked cascading supply chain attack, how even cybercriminals are falling victim, and what developers and security teams need to do now to detect red flags, verify source code, and stop blindly trusting stars and search rankings. If you’re relying on open-source tools, this episode could save you from compiling your next compromise.
196 episodes
All episodes
×
D
Daily Security Review
1 106GB Exposed? Telefónica, HellCat, and the Silent Data Breach 50:33
50:33 
Play Later 
Play Later 
Lists 
Like 
Liked50:33
Play Later Play Later Lists Like LikedIn this episode, we explore a shadowy and unconfirmed—but highly consequential—data breach at Spanish telecommunications giant Telefónica. Allegedly orchestrated by the HellCat ransomware group, the breach involves a staggering 106GB of exfiltrated data, including internal communications, customer records, and employee information. Telefónica has yet to acknowledge the breach publicly, while the threat actor “Rey” released a 5GB sample to support their claim, pointing to a Jira server misconfiguration as the entry point. We unpack the evolving tactics of HellCat—a ransomware gang known for targeting Atlassian’s Jira platform—and examine how such misconfigurations continue to expose sensitive data across major organizations like NASA, Google, and Yahoo. Telefónica is no stranger to HellCat; a similar attack occurred in January, making this latest breach appear not only credible but also indicative of ongoing remediation failures. But this isn’t just a story about technical lapses—it’s also a warning shot for every organization subject to the GDPR and Spain’s national data protection laws. We dig into the regulatory implications, potential fines, and legal obligations that Telefónica could face if the breach is confirmed. You'll also hear why Atlassian’s Jira platform has become a soft target for threat actors, and what companies need to do to harden their SaaS deployments against similar threats. Finally, we explore frameworks for responsible breach response—from immediate containment to post-incident review—and what every enterprise should learn from this growing wave of misconfiguration-fueled cyberattacks. Key discussion points include: The anatomy of the Telefónica breach and the leaked data How HellCat exploits Jira misconfigurations and infostealer-compromised credentials The broader trend of Atlassian-based intrusions across multiple industries GDPR and NLOPD obligations: What counts as a notifiable breach? Regulatory fines, reputational risks, and the right to compensation Best practices for SaaS security and breach response in 2025 This episode is a must-listen for CISOs, privacy officers, IT security professionals, and legal teams navigating the intersection of cybersecurity failures and regulatory exposure.…
D
Daily Security Review
1 Ingram Micro’s SafePay Ransomware Breach: Human-Operated Threats and Supply Chain Fallout 59:56
59:56 Play Later Play Later Lists Like Liked59:56
Play Later Play Later Lists Like LikedThe recent ransomware attack on Ingram Micro , a global technology distribution giant, reveals not only a sophisticated human-operated cyber assault—but also the fragile state of modern supply chain cybersecurity. In this episode, we break down how attackers, believed to be affiliated with the SafePay ransomware group , penetrated Ingram Micro’s infrastructure, reportedly by exploiting a Palo Alto GlobalProtect VPN vulnerability and leveraging stolen credentials. The breach disrupted the company’s website and order systems, impacting partners and resellers worldwide. This case is a microcosm of a much larger threat: ransomware groups are evolving, using targeted, manual operations rather than automated malware blasts. And when a company like Ingram Micro gets hit, the downstream effects ripple through entire IT ecosystems. This episode explores the deeper story behind the headlines, including: Human-operated ransomware tactics , including credential theft, privilege escalation, lateral movement, and double extortion. The critical vulnerability CVE-2024-3400 in GlobalProtect , which is being actively exploited in real-world ransomware campaigns. SafePay’s emergence in 2025 as a serious actor, using stolen VPN credentials and backdoor persistence methods to deploy ransomware discreetly. How human-operated ransomware attacks differ from commodity malware—and why they're more dangerous. The risks of supply chain dependence , as illustrated by partners experiencing delays and business interruptions from Ingram Micro’s outage. The importance of adopting a Cybersecurity Supply Chain Risk Management (C-SCRM) strategy using NIST’s framework . Key mitigation steps, including enforcing multi-factor authentication (MFA) , hardening remote access tools, implementing network segmentation , and maintaining robust offline backups . Best practices for incident response and recovery , based on guidance from CrowdStrike, Microsoft, and NCSC. How ransomware threat actors are becoming increasingly selective, strategic, and efficient—often targeting misconfigured enterprise platforms as initial entry points. The Ingram Micro attack is a reminder that resilience isn’t just about stopping the ransomware—it’s about preparing for its inevitable arrival . For organizations operating in the cloud, distributing hardware, or serving as a linchpin in digital ecosystems, the lessons from this breach are urgent and universal.…
D
Daily Security Review
1 The Illusion of Shutdowns: What Hunters International's Closure Really Means 42:41
42:41 Play Later Play Later Lists Like Liked42:41
Play Later Play Later Lists Like LikedIn a sudden and cryptic announcement, the notorious ransomware group Hunters International has declared its shutdown, citing “recent developments” and pledging to release decryption keys to victims. Active since late 2022 and suspected to be a rebrand of the earlier Hive ransomware gang , Hunters International has been responsible for attacks on nearly 300 organizations across various industries. Yet, cybersecurity experts believe this announcement is less about remorse—and more about reinvention. In this episode, we dissect what this “shutdown” really means. Far from disappearing, the group may already be operating under a new name: World Leaks . This episode explores the lifecycle of ransomware gangs and how rebranding, splintering, and strategic pauses are common tactics used to throw off law enforcement and improve operational resilience. Key discussion points include: The lifecycle of ransomware groups, from emergent to established , using the GRIT taxonomy. How rebranding is used to evade law enforcement pressure and manage public perception, especially after high-profile disruptions. The Hive–Hunters–World Leaks lineage , and what indicators point to continuity rather than closure. Why law enforcement actions rarely shut down ransomware permanently, often leading to splinter or successor groups . The business model of ransomware , including double extortion, data leak sites, and Ransomware-as-a-Service (RaaS). Which sectors remain most vulnerable—including manufacturing, professional services, finance, and education —and how victim selection is increasingly based on financial footprint and data value . The significance of public communications and tactics like apologies, targeting rules, and ethics messaging used to shape ransomware groups' public image. The importance of ransomware payment tracking via blockchain , with insights into Bitcoin-based laundering operations and the transparency paradox of public ledgers. The value of Ransomware Susceptibility Index™ (RSI) metrics to help organizations prioritize defenses and understand their exposure. This case study of Hunters International exemplifies the strategic fluidity of modern ransomware operations —where shutting down may simply mean rebooting under a different brand. For defenders, staying ahead means recognizing these patterns, maintaining continuity in threat intelligence, and preparing for the next iteration before it strikes.…
D
Daily Security Review
1 CISA Flags CVE-2025-6554: Patching Chrome’s Critical Flaw Before It’s Too Late 40:49
40:49 Play Later Play Later Lists Like Liked40:49
Play Later Play Later Lists Like LikedA newly discovered and actively exploited zero-day vulnerability in Google Chrome has sent ripples through the cybersecurity community. Known as CVE-2025-6554 , this critical type confusion flaw in Chrome’s V8 JavaScript and WebAssembly engine enables remote attackers to perform arbitrary read/write operations or execute code via a single malicious webpage. With active exploitation confirmed and inclusion in CISA’s Known Exploited Vulnerabilities catalog , organizations are under urgent pressure to patch all affected systems—immediately. In this episode, we break down what makes this vulnerability especially dangerous, why Google’s Threat Analysis Group (TAG) is paying close attention, and what this incident tells us about the state of browser security, enterprise patch management, and memory safety technologies . Though Google has released patches for Chrome and other Chromium-based browsers—including Microsoft Edge, Brave, and Vivaldi—the scale of exposure across platforms is massive. Key topics we explore include: Technical breakdown of CVE-2025-6554 : How type confusion in the V8 engine leads to total compromise. Sandboxing in V8 : How Chrome's V8 Sandbox mitigates memory corruption—and what this exploit bypassed. Indicators of nation-state exploitation : The role of Google’s TAG and what it implies about the attackers. Patching priorities : Why immediate updates to versions 138.0.7204.96/.97 (Windows/Linux) and .92/.93 (macOS) are non-negotiable. Beyond Chrome : The ripple effect on all Chromium-based browsers and Electron-based applications. Patch management best practices : From realistic testing environments and system categorization to rollback procedures, KPIs, and automation. With CVE-2025-6554 being the fourth zero-day in Chrome this year , this isn’t just a browser issue—it’s a litmus test for security readiness . As attackers grow faster and more sophisticated, your ability to rapidly detect, prioritize, and patch vulnerabilities is more crucial than ever. Whether you're managing an enterprise IT infrastructure, leading an AppSec team, or securing a fleet of endpoints, this episode will arm you with both the technical insight and operational perspective needed to respond decisively to this threat—and to the next one.…
D
Daily Security Review
1 ANSSI vs. Houken: France Battles Advanced Chinese Hacking Threat 33:16
33:16 Play Later Play Later Lists Like Liked33:16
Play Later Play Later Lists Like LikedIn this episode, we uncover a high-stakes cyber campaign targeting the heart of French digital infrastructure. ANSSI , France’s national cybersecurity agency, has exposed a Chinese-linked hacking group known as Houken (UNC5174 or Uteus) responsible for a widespread espionage operation since late 2024. This state-adjacent threat actor infiltrated critical sectors including government, media, transport, telecom, and finance using an arsenal of sophisticated tactics—blending zero-day exploits, rootkits, and stealthy post-exploitation tools. The Houken group leveraged multiple zero-day vulnerabilities in Ivanti Cloud Service Appliances (CSA) —CVE-2024-8190, CVE-2024-8963, and CVE-2024-9380—to gain initial access. But this wasn’t just about intrusion; Houken’s operators dug in deep: stealing credentials, moving laterally , and deploying a rare Linux kernel-mode rootkit capable of hijacking any inbound TCP traffic while remaining virtually invisible to traditional defenses. What sets this campaign apart isn’t just its technical sophistication—it’s the hybrid nature of the threat. ANSSI suggests Houken may be a cyber mercenary group , simultaneously working in the service of China’s Ministry of State Security (MSS) and pursuing financial gains , such as cryptocurrency mining and reselling system access. This “multiparty approach” signifies a dangerous evolution in cybercrime—where espionage and monetization coexist within a single operational framework. We delve into: The attack chain : from zero-day exploitation to credential harvesting and stealth persistence. The rootkit sysinitd.ko : a kernel module granting root-level command execution while avoiding detection. Defense evasion tactics : including timestomping , log deletion , and self-patching vulnerabilities to lock out rival threat actors. Houken’s toolkit : a mix of commodity utilities (Nmap, Netcat, Fscan) and custom implants (PHP webshells, SparkRAT, Neo-reGeorg). Operational clues that tie activity to China Standard Time (UTC+8) and highlight probable MSS alignment. This is more than a breach. It’s a signal that cyber mercenary operations are maturing , and European states are squarely in the crosshairs. The Houken campaign forces a reconsideration of perimeter defenses, zero-day management, and detection strategies for advanced persistent threats. Whether you’re a security architect, CISO, or public sector technologist, this episode provides a deep and essential briefing on one of the most sophisticated cyber espionage efforts uncovered in 2025.…
D
Daily Security Review
1 Psychological Manipulation and AI Fraud: How Spain Exposed a $12M Scam 17:21
17:21 Play Later Play Later Lists Like Liked17:21
Play Later Play Later Lists Like LikedIn this episode, we examine a growing threat reshaping financial crime in Europe: sophisticated, technology-driven investment fraud. Spanish law enforcement has recently dismantled a fraud operation that spanned multiple years, deceived over 300 victims, and resulted in more than $11.8 million in losses. What made this case particularly notable was the use of high-pressure call centers inside Spain , supported by strategic psychological manipulation , to drive fraudulent investments advertised across social media platforms. The scheme, launched in 2022, mimicked the playbook of larger international fraud networks—slick branding, convincing digital ads, and seemingly personalized pitches to lure in unsuspecting investors. Behind the scenes, victims were connected to well-trained fraud agents posing as investment advisors who used scripted tactics to manipulate emotional trust and urgency. This case, however, is just one node in a much broader web of financial crime being actively investigated across Spain: Authorities arrested 21 individuals and seized luxury vehicles, stacks of cash, and other high-value assets linked to the scheme. In a separate crackdown, Spanish police disrupted a ring that laundered over €500 million , highlighting the scale and integration of illicit finance operations within legitimate economic channels. Another scam exploited AI-generated advertisements and deepfakes to lure cryptocurrency investors into fake opportunities, netting €19 million. We unpack the evolving tactics used by fraudsters , including: Social engineering techniques that exploit emotional triggers and authority bias. The use of AI and deepfakes to create authentic-looking investment platforms and personalities. Affinity fraud , where scammers target members of specific communities or shared identity groups to exploit trust. The integration of cryptocurrency and decentralized finance (DeFi) to obscure money trails and enable rapid laundering. This episode also dives into the regulatory landscape , including how the EU’s Anti-Money Laundering Directive (AMLD) and organizations like FATF and Moneyval are attempting to curb these activities through stricter oversight, risk-based frameworks, and obligations for financial and non-financial intermediaries to report suspicious transactions. As these fraud rings adopt increasingly advanced tools—ranging from Telegram social engineering to metaverse impersonations—Spain’s efforts signal a broader shift: financial crime is becoming cybercrime , and law enforcement must keep pace. Whether you’re a financial compliance professional, cybersecurity lead, or simply someone navigating digital investments, this episode is your briefing on where the threat landscape is heading—and what can be done to stay one step ahead.…
D
Daily Security Review
1 CVE-2025-20309: Critical Cisco Root Access Flaw Threatens VoIP Security 41:32
41:32 Play Later Play Later Lists Like Liked41:32
Play Later Play Later Lists Like LikedA devastating vulnerability— CVE-2025-20309 —has been discovered in Cisco’s Unified Communications Manager (Unified CM) and its Session Management Edition (SME), threatening the security of over a thousand internet-exposed VoIP systems globally. In this episode, we break down this critical flaw , which scores a perfect CVSS 10.0 , and explore why it's one of the most dangerous telecom vulnerabilities in recent memory. The vulnerability stems from unchangeable hardcoded SSH root credentials inadvertently left in production code during development. Exploitable without authentication, this flaw grants remote attackers full root access to affected systems—an open door to full system takeover , VoIP eavesdropping , lateral movement , and even ransomware deployment . We discuss: What is CVE-2025-20309? A look at the hardcoded credential flaw impacting versions 15.0.1.13010-1 to 15.0.1.13017-1 of Cisco Unified CM. How bad is it? Full root access, unauthenticated, with over 1,000 vulnerable instances publicly exposed—especially in critical sectors across the U.S. and Asia. Threat actor implications : APT groups like APT28, APT41, and MuddyWater are known to exploit similar flaws. CloudSEK warns that access brokers may soon target and monetize these systems on darknet forums. What’s at stake : VoIP traffic manipulation : Intercept SIP/RTP streams for surveillance or disruption. Call log and voicemail exfiltration . Deployment of persistent malware and ransomware . Lateral movement to other enterprise systems . Mitigation roadmap : Patch immediately using Cisco’s released patch file: ciscocm.CSCwp27755_D0247-1.cop.sha512. Upgrade to 15SU3 when released. Monitor logs for root access attempts (/var/log/active/syslog/secure). Restrict administrative access , isolate Unified CM systems, and enforce VPN/firewall segmentation. No workarounds : This is not a flaw you can firewall away. Cisco has confirmed that there are no viable workarounds—patching is the only fix. The bigger picture : This incident also highlights the ongoing risks of default credentials , poor credential hygiene , and overreliance on perimeter defenses in VoIP and UC systems. It’s a reminder that VoIP isn’t just about call quality—it’s a core part of your network infrastructure that demands zero-trust scrutiny . Additional Cisco vulnerabilities : We also briefly touch on two related medium-severity flaws—CVE-2025-20308 (Spaces Connector privilege escalation) and CVE-2025-20310 (stored XSS in Cisco Enterprise Chat)—which, while not yet exploited, reinforce the need for robust Cisco infrastructure hygiene. This episode is essential listening for VoIP admins, network engineers, CISOs , and anyone managing unified communication platforms. Don’t wait for signs of compromise— patch now and audit your exposed assets . Security for voice systems is no longer optional; it’s foundational.…
D
Daily Security Review
1 macOS Under Siege: NimDoor Malware Targets Telegram, Wallets, and Keychains 43:09
43:09 Play Later Play Later Lists Like Liked43:09
Play Later Play Later Lists Like LikedA new, highly advanced malware strain— NimDoor —has emerged as the latest cyber weapon in the arsenal of North Korean state-sponsored hackers, specifically targeting macOS systems used by cryptocurrency and Web3 organizations. This episode explores the complex tactics and alarming capabilities of NimDoor, a malware family showcasing a blend of C++ and Nim programming , stealthy persistence mechanisms, and an intense focus on stealing digital assets . First identified in early 2025, NimDoor marks a significant evolution in North Korean cyber operations. Delivered through social engineering on Telegram , the attack chain begins with a deceptive fake Zoom SDK update. Once executed, the malware installs multiple payloads—including GoogIe LLC and CoreKitAgent —designed to establish persistence, exfiltrate data, and communicate with command-and-control servers using TLS-encrypted WebSocket connections and layered RC4 encryption . This episode covers: Anatomy of the NimDoor Infection Chain : How Telegram lures and fake SDKs lead to multi-stage infections on macOS. Advanced Persistence via Signals : A rare signal-based persistence mechanism enables NimDoor to reinstall itself if terminated—an unusually resilient feature for macOS malware. Targeted Data Theft : NimDoor steals sensitive browser data, cryptocurrency wallet credentials, Telegram's encrypted databases, macOS Keychain items, and even command histories. Why Nim Matters : The use of Nim , a lesser-known and rarely detected language in malware development, allows attackers to evade traditional antivirus and EDR solutions while enabling sophisticated binary construction. North Korea’s Cyber Objectives : The Lazarus Group and its affiliated APTs are not just stealing information—they are funneling stolen cryptocurrency to fund the North Korean regime , bypassing sanctions. macOS as a Target : This attack busts the myth of Apple’s invincibility, illustrating how macOS is now firmly in the crosshairs of nation-state threat actors. Modular Payloads and Exfiltration Tools : From C++ loaders to Nim-compiled components and Bash scripts like upl and tlgrm, the malware’s design is optimized for flexibility and maximum data theft. How to Defend : Don’t trust third-party cryptocurrency tools—especially if shared via chat platforms like Telegram. Train teams to recognize fake software prompts and suspicious update requests. Apply the principle of least privilege, and implement strict application allowlists. Patch aggressively and monitor for unexpected outbound connections over wss (WebSocket over TLS). Understand that malware written in Nim is no longer exotic—it's active and dangerous . The NimDoor campaign represents a convergence of nation-state strategy, programming innovation, and cryptocurrency exploitation . For Web3 builders, crypto investors, and cybersecurity professionals, it’s a wake-up call that threat actors are not just evolving—they're innovating faster than ever.…
D
Daily Security Review
1 Cisco Unified CM Vulnerability: Root Access Risk for Enterprise VoIP Networks 56:02
56:02 Play Later Play Later Lists Like Liked56:02
Play Later Play Later Lists Like LikedA newly disclosed vulnerability— CVE-2025-20309 —in Cisco's Unified Communications Manager (Unified CM) and Session Management Edition has sent shockwaves through enterprise VoIP and IT security teams. The flaw stems from hardcoded root SSH credentials that could allow unauthenticated remote attackers to gain full control of affected systems. In this episode, we unpack the gravity of this vulnerability and its broader implications for VoIP security. Cisco has issued a patch to remove the backdoor account from affected versions, but the vulnerability’s CVSS score of 10.0 underscores the risk to organizations still running unpatched systems. A successful exploit could enable attackers to manipulate network topology, execute denial-of-service attacks, intercept VoIP traffic via port mirroring, or even erase logs and implant persistence mechanisms. While no active exploitation has been reported, the risk is far from theoretical. This episode explores both the technical and strategic dimensions of VoIP security, including: Understanding CVE-2025-20309 : How static root credentials opened the door to full system compromise and why this vulnerability is especially dangerous in a Unified CM context. VoIP-Specific Security Risks : The inherent architectural vulnerabilities of VoIP, including its tight QoS constraints, encryption-induced latency, NAT complications, and its integration with dynamic, open networks. Protocol-Level Complexity : Challenges introduced by SIP, H.323, and NAT traversal protocols like STUN, TURN, and ICE—and how attackers can exploit these for interception or disruption. Encryption Dilemmas : Why SRTP, IPsec, and key management schemes like MIKEY offer needed protection but also introduce latency, jitter, and crypto-engine bottlenecks that VoIP networks struggle to absorb. Hardening VoIP Systems : Change default device passwords and audit all endpoints, including phones and switches. Separate voice and data networks where possible to reduce attack surface. Apply VoIP-aware firewalls and intrusion detection tools. Encrypt both signaling and media streams with SRTP or H.235 where feasible. Use Session Border Controllers (SBCs) or Application Layer Gateways (ALGs) to manage NAT traversal securely. Legal and Compliance Considerations : Interception laws, call record retention, and regulatory requirements differ for VoIP—organizations must consult legal counsel to avoid unintended violations. What Cisco Admins Must Do Now : Guidance for patching, log review for potential indicators of compromise, and securing remote access to Unified CM environments going forward. VoIP systems are increasingly integral to enterprise communications—and increasingly targeted. This episode stresses that security must evolve with functionality , and that modern communications infrastructure cannot afford to overlook foundational flaws like hardcoded credentials.…
D
Daily Security Review
1 Forminator Flaw Exposes WordPress Sites to Takeover Attacks: Vulnerability Threatens 600,000+ Sites 50:32
50:32 Play Later Play Later Lists Like Liked50:32
Play Later Play Later Lists Like LikedA critical new WordPress vulnerability— CVE-2025-6463 —has been discovered in the widely used Forminator plugin , affecting over 600,000 active installations and putting hundreds of thousands of websites at risk of full compromise. In this episode, we dive deep into the mechanics, risks, and remediation of this arbitrary file deletion flaw and explain what every WordPress administrator, developer, and security professional needs to know. At the heart of this issue is improper validation in how the Forminator plugin handles file paths when deleting form entries. This allows unauthenticated attackers to inject file paths into form submissions—even in fields not meant to accept files—and trick the system into deleting critical WordPress files like wp-config.php. The result? A full site reset , granting attackers an opportunity to seize control of the site . Here’s what we unpack in this episode: The CVE-2025-6463 Vulnerability : How the exploit works, which function is flawed (entry_delete_upload_files), and why unsanitized file arrays in form fields make this so dangerous. Real-World Impact : Deleting wp-config.php can reset a WordPress site, giving an attacker a window to install a fresh site under their control . Scope of Exposure : Over 400,000 sites remain unpatched , and many administrators may not even be aware they’re running outdated versions of the Forminator plugin. The Fix in Version 1.44.3 : We discuss how the patch restricts deletions to specific field types, limits file deletions to safe directories, and enforces path normalization and filename sanitization. Why WordPress Sites Are Frequent Targets : A broader look at WordPress security—including why abandoned plugins, weak file permissions, brute force attacks, and poor update hygiene continue to lead to compromises. Best Practices to Secure WordPress : Always keep core, themes, and plugins up to date Remove unused plugins and themes completely—not just deactivate them Set secure file permissions (755 for directories, 644 for files, and 400 or 440 for wp-config.php) Use activity logs , 2FA , and limit login attempts Disable file editing in wp-config.php Turn off PHP error reporting in production environments Use reputable security plugins like Jetpack or Wordfence for real-time protection The Role of Hosting Providers : Why choosing a secure hosting platform with automatic backups, patching, and server-level firewalls makes a huge difference in your site’s security posture. Mitigating Plugin-Related Risks : We explain how to monitor plugins using services like WPScan and how to respond swiftly to new CVEs. This is a wake-up call for the WordPress community: A single vulnerable plugin can bring down an entire website . Whether you manage one site or hundreds, understanding this threat and acting fast can be the difference between a minor maintenance task and a full-blown compromise.…
D
Daily Security Review
1 Kelly Benefits Breach: Over 550,000 Victims and the Rising Identity Theft Crisis 1:08:04
1:08:04 Play Later Play Later Lists Like Liked1:08:04
Play Later Play Later Lists Like LikedIn one of the latest large-scale data breaches to hit the U.S. private sector, Kelly Benefits , a provider of payroll and benefits administration services, disclosed a significant cybersecurity incident impacting over 553,000 individuals . The breach, which occurred in December 2024 but was only revealed in April 2025 , exposed sensitive personal information—including names, Social Security numbers, financial data, and even medical records —of employees linked to over 40 partner organizations , such as Aetna Life Insurance and United Healthcare . This episode explores what really happened, why this breach matters, and how it fits into the growing wave of identity theft driven by third-party vendor compromises. We take you through: The Scope of the Kelly Benefits Breach : What data was stolen, how many entities were affected, and why the delayed disclosure has legal and ethical ramifications. The Invisible Cost of Vendor Vulnerabilities : How breaches at service providers can cascade downstream, exposing thousands of individuals tied to organizations with no direct involvement in the original breach. The Growing Identity Theft Epidemic : With over 500,000 individuals exposed in this incident alone, we look at how breaches like this contribute to financial fraud, medical identity theft , and long-term privacy violations. Common Identity Theft Tactics : From phishing and spoofing to malware and physical document theft, threat actors exploit every avenue to steal and monetize personal information. Warning Signs of Identity Theft : Unfamiliar accounts, strange billing activity, and credit applications you didn’t submit—learn what to look for and when to act. What Victims Can Do Now : We provide a step-by-step recovery roadmap: Freeze your credit at all three bureaus Monitor all financial and health accounts Use the FTC's IdentityTheft.gov to file official reports Replace compromised IDs and secure your digital identity Organizational Responsibilities : What companies like Kelly Benefits (and those they serve) should have in place: risk assessments, vendor security audits, encryption policies, and phishing-resistant multi-factor authentication (MFA). Best Practices for Prevention : Use strong, unique passwords and MFA Keep devices patched and software up to date Secure personal Wi-Fi and avoid public networks for sensitive access Beware of phishing, spoofing, and suspicious attachments Periodically check your credit reports for unfamiliar activity We also spotlight the legal rights of breach victims , including placing fraud alerts, disputing fraudulent accounts, and demanding removal of bad information from credit reports. The episode underscores a critical point: identity theft is no longer a matter of “if,” but “when” —and preparation is your best defense. Whether you're an affected individual, an employer relying on third-party benefit providers, or a cybersecurity professional tasked with securing sensitive PII, this episode offers critical insights and practical takeaways .…
D
Daily Security Review
1 FileFix, HTA, and MotW Bypass—The Alarming Evolution of HTML-Based Attacks 46:04
46:04 Play Later Play Later Lists Like Liked46:04
Play Later Play Later Lists Like LikedA newly disclosed exploit dubbed FileFix is redefining how attackers bypass Microsoft Windows' built-in security protections—specifically the Mark-of-the-Web (MotW) mechanism. Developed and detailed by security researcher mr.d0x , this attack takes advantage of how browsers save HTML files and how Windows handles HTA (HTML Application) files . The result? Malicious scripts can execute without warning, bypassing the very safeguards designed to flag untrusted code. In this episode, we break down how FileFix works, why it’s effective, and what makes it uniquely dangerous. Unlike many malware campaigns, FileFix doesn’t rely on zero-day exploits or complex payloads—instead, it exploits the weakest link in the chain: human behavior. Key topics include: Understanding FileFix Mechanics : How a simple rename from .html to .hta can convert a saved webpage into a launchpad for malicious code execution— without triggering MotW protections . Social Engineering at the Core : FileFix depends on user interaction. By designing convincing phishing lures, attackers guide users to unknowingly bypass their own defenses— a modern twist on old tricks . The Role of mshta.exe : This deprecated Windows binary remains powerful and dangerous. We examine how attackers use it to execute scripts and why defenders should consider disabling or removing it entirely. MotW Bypass Techniques : Beyond FileFix, we dive into container-based bypasses (.iso, .img), and how utilities and encoding tricks (e.g., RLO, double extensions, invisible Unicode) help malware evade detection. Masquerading and Human Blind Spots : From fake filenames like Invoice.pdf.exe to Unicode manipulation, attackers exploit user assumptions and default system behaviors to hide malware in plain sight. Detection and Mitigation Strategies : We offer a practical set of defenses: Disable or restrict mshta.exe through AppLocker or WDAC Block or quarantine .html, .htm, and .hta email attachments Enable file extension visibility across endpoints Train users to recognize suspicious file behaviors and social engineering lures Implement behavioral detection—e.g., alert when mshta.exe spawns powershell.exe Why FileFix Matters Now : With the rise of AI-generated content and increasingly polished phishing infrastructure, low-tech, high-impact attacks like FileFix are gaining new relevance . The simpler the technique, the broader its reach. As Windows continues to harden its systems, attackers are shifting focus to user-driven execution paths . FileFix exemplifies this shift—blending psychological manipulation with deep technical understanding of system behaviors. For defenders, the challenge is clear: technical controls must be matched by human-aware defenses . This is a must-listen for enterprise defenders, SOC analysts, and red teamers tracking the latest in Windows exploitation tactics. If your security strategy still assumes technical exploitation is the biggest threat, FileFix is your wake-up call .…
D
Daily Security Review
1 Sophisticated Cyberattack on the International Criminal Court: Justice in the Crosshairs 19:37
19:37 Play Later Play Later Lists Like Liked19:37
Play Later Play Later Lists Like LikedThe International Criminal Court (ICC), the world’s foremost tribunal for prosecuting war crimes, genocide, and crimes against humanity, has confirmed yet another sophisticated cyberattack , highlighting the persistent threat facing high-profile global institutions. This marks the second targeted intrusion against the ICC in recent years , and although the organization successfully detected and contained the attack, critical questions remain—who was behind it, what data may have been compromised, and how can institutions like the ICC defend against increasingly complex threats? In this episode, we examine the June 2025 cyber incident targeting the ICC’s internal systems. While the technical specifics remain undisclosed, the context is telling: mounting geopolitical tensions, high-profile arrest warrants for global leaders, and a growing wave of politically motivated cyber intrusions. Key insights include: The strategic targeting of international justice institutions and how the ICC’s sensitive caseload (including cases involving heads of state) may drive cyber interest from state-aligned actors. A review of the ICC’s cyber resilience measures and how their swift containment of the breach reflects a mature security posture—but also underscores the limits of transparency in cyber disclosures. The critical need for integrated resilience strategies , merging business continuity, disaster recovery, cybersecurity, and incident response into a unified framework. The lifecycle of a well-structured incident response: from identification and containment to post-incident forensics and recovery. Lessons for international organizations and government agencies , particularly those engaged in politically sensitive or human rights-related work. A discussion on common organizational gaps —such as siloed planning, inadequate testing, or lack of senior leadership engagement—that can weaken cyber preparedness even in highly secure institutions. The escalating geopolitical risk of cyber conflict, where disinformation, sabotage, and espionage become tools of statecraft targeting justice systems, election infrastructures, and human rights advocates. This incident reinforces the reality that even the most globally respected institutions must constantly evolve their cyber defenses. As the line between geopolitics and cyberspace continues to blur, organizations like the ICC are not just administering justice—they're operating on the front lines of global cyber warfare. For CISOs, risk leaders, and those in public international service, this episode is a call to action: build resilience not just for business continuity, but for mission continuity in a world where digital systems are both your greatest strength—and your greatest vulnerability.…
D
Daily Security Review
1 Critical Flaws in Microsens NMP Web+ Threaten Industrial Network Security 43:40
43:40 Play Later Play Later Lists Like Liked43:40
Play Later Play Later Lists Like LikedIn a major red flag for the industrial cybersecurity community, three newly disclosed vulnerabilities in Microsens NMP Web+ , a popular network management solution used across critical infrastructure, have revealed just how fragile many ICS environments remain. The flaws—two rated critical and one high—allow unauthenticated attackers to bypass authentication , generate forged JWTs , and execute arbitrary code , potentially enabling full system compromise with no credentials required. Discovered by security researcher Noam Moshe, the vulnerabilities demonstrate how a combination of weak authentication mechanisms and insecure file handling can open the door to devastating attacks. While patches have now been released, some vulnerable systems remain internet-exposed , prompting urgent warnings from CISA—especially for those in the critical manufacturing sector . In this episode, we dive into what went wrong, why these bugs are so dangerous, and how this incident reflects a deeper and systemic challenge in ICS security. Topics covered include: The technical anatomy of the vulnerabilities (CVE-2025-49151, CVE-2025-49153, CVE-2025-49152) and how attackers can chain them for full remote access. Why ICS systems—unlike traditional IT—face unique challenges around patching, downtime tolerance, and legacy software dependencies. The dangerous rise of internet-exposed ICS systems , with over 145,000 devices globally found accessible via public scans. The critical role of vendor patching , network segmentation, and compensating controls when downtime prevents immediate updates. Strategic best practices like: Building dedicated ICS test environments for patch validation Using firewalls and virtual patching to buy time when updates can’t be applied Adopting zero-trust architecture and isolating OT from business IT networks The persistent convergence of IT and OT networks , creating new attack surfaces if not tightly managed Real-world consequences of ICS vulnerabilities: from ransomware shutting down production lines to malware causing device malfunction and downtime Microsens isn’t the only vendor in the spotlight—this episode sheds light on an industry-wide problem where security is often deprioritized in favor of uptime , and vendors may still use outdated design practices like hardcoded credentials or unexpired tokens. For CISOs, OT engineers, and asset owners in manufacturing, energy, and industrial sectors , this is a critical wake-up call. Patching can’t be reactive—it must be strategic, tested, and integrated with operational priorities. Because when ICS systems go down, it’s not just data at risk—it’s the infrastructure behind national economies and physical safety.…
D
Daily Security Review
1 Qantas Data Breach: Third-Party Hack Exposes Millions of Frequent Flyers 24:36
24:36 Play Later Play Later Lists Like Liked24:36
Play Later Play Later Lists Like LikedIn a stark reminder of the aviation industry's growing exposure to cyber threats, Australian airline Qantas recently confirmed a serious data breach—this time not from its own systems, but from a third-party platform used by one of its customer contact centers. The breach exposed personal data for up to six million customers , including names, dates of birth, contact details, and frequent flyer numbers. Although financial and passport information were not affected , the scale and nature of the compromise have sent shockwaves through the sector. This episode unpacks what happened, why it matters, and what the broader aviation and cybersecurity communities can learn from this breach. We examine: The anatomy of the Qantas breach —how attackers infiltrated a call center platform, bypassing internal security safeguards. The suspected involvement of Scattered Spider , a notorious cybercrime group adept at vishing, MFA bypass, and social engineering tactics. Why third-party risk is the aviation industry’s Achilles’ heel , with many airline vendors holding poor cybersecurity ratings and limited defenses. The rising tide of ransomware, DDoS attacks, and nation-state aggression aimed at aviation networks. How the aviation industry’s focus on physical security has historically come at the expense of digital resilience—and why that must change. The Qantas breach also surfaces urgent regulatory, reputational, and operational questions: Under Australia’s updated Privacy Principle 11 , what constitutes “reasonable steps” to protect customer data? Are airlines truly ready for evolving mandates from regulators like the U.S. TSA, the EU, and ICAO? How do communication failures during cyber incidents amplify public distrust, and what does Qantas’s response tell us about effective crisis management? With billions flowing into aviation cybersecurity and cyber insurance costs climbing , industry stakeholders must address the weakest links—especially vendor ecosystems and human-centric attack vectors. That includes upgrading to phishing-resistant MFA, simulating real-world social engineering attacks, and implementing rigorous access controls across third-party platforms. Whether you're a CISO at an airline, a cybersecurity leader in transportation, or a vendor in the aviation supply chain , this episode offers critical insights into managing cyber risk in one of the world’s most high-stakes industries.…
Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.
Daily Deals
Daily Deals
Similar to Daily Security Review
Android Backstage, a podcast by and for Android developers. Hosted by developers from the Android engineering team, this show covers topics of interest to Android programmers, with in-depth discussions and interviews with engineers on the Android team at Google. Subscribe to Android Developers YouTube → https://goo.gle/AndroidDevs
…
continue reading
Welcome to the Security Weekly Podcast Network, your all-in-one source for the latest in cybersecurity! This feed features a diverse lineup of shows, including Application Security Weekly, Business Security Weekly, Paul's Security Weekly, Enterprise Security Weekly, and Security Weekly News. Whether you're a cybersecurity professional, business leader, or tech enthusiast, we cover all angles of the cybersecurity landscape. Tune in for in-depth panel discussions, expert guest interviews, and ...
…
continue reading
Download This Show is your weekly guide to the world of media, culture, and technology. From social media to gadgets, streaming services to privacy issues. Each week Rae Johnston and guests take a fun, deep dive into how technology is reshaping our lives.
…
continue reading
Python Bytes is a weekly podcast hosted by Michael Kennedy and Brian Okken. The show is a short discussion on the headlines and noteworthy news in the Python, developer, and data science space.
…
continue reading
Africa-focused technology, digital and innovation ecosystem insight and commentary.
…
continue reading
On The Bike Shed, hosts Joël Quenneville and Stephanie Minn discuss development experiences and challenges at thoughtbot with Ruby, Rails, JavaScript, and whatever else is drawing their attention, admiration, or ire this week.
…
continue reading
An open show powered by community LINUX Unplugged takes the best attributes of open collaboration and turns it into a weekly show about Linux.
…
continue reading
1
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
Jerry Bell and Andrew Kalat
5k200
Defensive Security is a weekly information security podcast which reviews recent high profile cyber security breaches, data breaches, malware infections and intrusions to identify lessons that we can learn and apply to the organizations we protect.
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Tech Life discovers and explains the ways technology is changing our lives, wherever we are in the world. We meet the people with bright ideas for rethinking the way we work, learn and play, and get hands-on with the products they dream up. We hold tech giants to account for their huge power to affect our lives, and ask who wins, and who loses, in the technology transformation. Tech Life is your guide to a future being made, and remade, at lightning speed in front of our eyes.
…
continue reading
Player FM - Podcast App
Go offline with the Player FM app!
Go offline with the Player FM app!
