A

Cybersecurity Today we'd like to thank Material Security for sponsoring this podcast. Material Security provides faster, more complete detection and response for email identity and data threats inside Google Workspace and Microsoft 365. You can contact them at Material Security

B

Microsoft blinks in Researcher Showdown Carnival Cruise Breach effects SA 6 million people Dashlane Brute force locks users out and new Miasma Worm makes the rounds thanks to Team PCP source Code. This is Cybersecurity Today and I'm your host David Shipley. Let's get started. Microsoft has walked back threats against security researchers days after dramatically escalating a fight in a blog post many felt was a step backward when it came to vulnerability disclosure. On Monday, the company said it has no plans to go after researchers who find software flaws and publish them. That's a sharp reversal. Days earlier, an official Microsoft blog post had called a recent run of Windows flaws that were released never justifiable and warned that its digital crimes unit would keep bringing cases against people who may be helping criminals. Here's a quick catch up for anyone new to this story. A researcher who goes by the name Nightmare Eclipse, or Chaotic Eclipse has been releasing Windows 0 days immediately after recent patch Tuesdays. Nightmare Eclipse says Microsoft pushed them into it. They deleted their researcher account, withheld bug bounty payments and stripped their names off of an advisory. Microsoft's blog post never named the researcher last week, but the security community reacted strongly to the threats and pushed back hard. So Microsoft tried again on Monday, this time on social media, not its official blog. It says it won't pursue anyone doing or publishing legitimate research, with one caveat. If someone breaks the law and harms customers, it'll still call in law enforcement. The company admitted it had mishandled some researcher relationships. Did Microsoft's walkback work? Not exactly. Nightmare Eclipse says other researchers have started handing them additional fresh bugs, and they've promised to release a new one in June. A flaw they claim fully bypasses BitLocker, the encryption that's supposed to lock down Windows device hard drives. Our next story goes from a walked back threat to rough seas for some cruise ship passengers. Carnival, the world's largest cruise company, says hackers stole the personal data of nearly 6 million people in an attack this past April. It began notifying victims last Wednesday. The stolen data contains sensitive fields, names, addresses, phone numbers, dates of birth, driver's license numbers and passport numbers. The breach notice filed with Maine's Attorney General lays out the timeline attackers got in April 10th by tricking a single employee using a social engineering scam. Carnival caught the unusual activity on April 14 and shut it down, but by then the data was gone. The notice puts the count at 6 million people. Carnival is offering affected US customers two years of free credit monitoring. By the number of people exposed, this appears to be the largest cruise line breach on record. Carnival's own 2019 breach hit about 180,000 people. A 2020 Norwegian incident exposed around 30,000 travel agents. This one is a much bigger boatload of trouble. The extortion group Shiny Hunters claimed the attack, according to the record. It says it grabbed more than 8.7 million records and dumped them online after Carnival didn't pay. Carnival itself has not named the group responsible. Shiny Hunters has been tied to hundreds of breaches, by some estimates as many as a thousand organizations and well over a billion records stolen, much of it pulled straight from companies Salesforce systems Sometimes security can have unintended consequences, like in our next story. Password manager Dashlane locked some users out of their accounts this past Sunday after hackers tried to break in by guessing passwords at scale. According to Bleeping Computer, the lockouts were Dashlane Security doing its job. When an outside party hammered accounts with login attempts from far off locations and unfamiliar devices, the system suspended those accounts to shut the attackers out. The user confusion started on the weekend on Reddit. People reported getting emails about suspicious access requests coming from foreign countries, complete with verification codes. Many assumed they were phishing scams, the kind of messages they'd been told to ignore. This time, the alerts were real. Dashlane says there's no sign its own systems were breached. The suspended accounts have been restored, and the company says it's adding even more protections. According to its status page, Dashlane opened an investigation Sunday afternoon and marked it resolved by Sunday night. But not everyone is back in. Some users are still reporting some login trouble and say support has gone quiet. Dashlane hasn't said how many accounts were hit and locked. Our final story covers the predictable fallout from Team PCP's move to make some of its best malware code public. A new supply chain attack has compromised popular Red Hat NPM packages, according to researchers at security firm Wiz. Malicious updates were found in 32 packages under the Redhat Cloud Services namespace, which collectively sees approximately 80,000 downloads per week. The malware, dubbed Miasma, is an evolution of the mini Shai Hulud malware. This tool was originally created by the hacking group Team PCP and made public to others in May. That move raised alarms across the cybersecurity community as it opened the door for other threat actors to adopt and modify their highly successful tools. In this case, it's unclear whether Team PCP is directly involved or if it's a copycat actor who has weaponized their open source techniques. Miasma introduces several dangerous updates to Minishai Hulud. It uses pre install scripts to execute obfuscated code during installation. Unlike previous versions, this variant focuses on stealing cloud identities, specifically targeting Google Cloud and Azure credentials. Additionally, it encrypts payloads uniquely for each infection, making detection and tracking significantly more difficult. Wiz researchers trace the attack to a compromised GitHub account belonging to a Red Hat employee. The attackers use this account to inject malicious code into repositories without triggering code reviews. Two waves of activity were observed on June 1, marking a well coordinated attack. Security experts recommend organizations immediately audit their own systems for affected packages, review GitHub activity for unauthorized changes, and rotate critical credentials like tokens, cloud secrets, and SSH keys. And that's our show for Wednesday, June 3rd. Thanks for listening. We appreciate all your feedback. You can leave us a comment under the YouTube video or on technewsday.com or CA. We'll be back on Friday with more of the latest cybersecurity headlines. Until then, stay safe.

A

Here's a question worth asking. What happens after a phishing email slips past your filters? Most email security tools only guard the front door, but attackers are already inside. Material security is different. It's a unified detection and response platform, purpose built for Google Workspace and Microsoft 365, protecting email files and accounts all in one place. We're talking automated phishing, remediation, account takeover containment and sensitive data protection without alert fatigue. Find out why companies like Figma, Reddit, and Lyft trust material to stop the threats. Other tools Ms. See Workspace security in Action at Material Security. That's material Security. And if you do contact them, take a second and say thanks for sponsoring cybersecurity today.