Loading summary
A
Sa. It, Sam. Sa. Good morning, everybody. Hopefully everybody enjoyed that little intro. Figured we'd do a nice little Christmas intro. Have some dmca free Christmas music this morning, start our day off. Everybody. Welcome to the Daily Cyber Threat Brief. I am DJ B Sec, also known as Ben. This morning we'll be going over. It looks like we got about eight. Eight stories. Eight cyber stories. I went through them real quick just to see what the titles were. Looks like we've got cyber stories this morning. So this morning will be. Will be fun. We'll be able to go through everything, see if we can't understand what's going on in each story. I'll give my take on it. Some of them may be good, some of them may be bad, depending on what story is. But yeah, let's go ahead and get started. Today. I, unlike Jerry, I run pretty quick. I run through these things. We go. Go faster unless I get on a, on a soapbox. But for the most part we go through. I'll give you my straightforward what I think about the individual story that, that we're looking at or listening to, how it may affect you or if it doesn't affect you in any way, shape or form. But yeah, so these. December 23rd, 2025, if you don't know, we. With, with everything we do here, we're able to give out CPEs. So we say that each episode is worth half a cpe. The episode goes about an hour long, but with all the chatting and going on and different shenanigans that go on throughout the hour, we cut it back and say, hey, this is only about 30 minutes worth of. Worth of information. But let's go. Let me pull and get everything ready here. Hopefully I have everything squared away and ready for today. Yesterday was kind of all over the place. All right, let me move over here. Let's go ahead and get started for the day. I've got it pulled down and we can start with our CISO series. If anybody doesn't know all these stories come from the CISO series, it is. Let me put this in chat real quick before we start. You can follow along on the stories if you want to. Here's today's. Oh, that's not the days. The 19th. There we go. See if it allows me to put this in here. There you go. There's today's link. So let's go ahead and get started with today's. Today's top news stories of the day from the CISO series.
B
It's cybersecurity headlines. These are the Cyber security Headlines for Tuesday, December 23, 2025 SARAH I'm Sarah Lane. Spotify Music Library scraped A pirate activist group called Anna's Archive scraped Spotify's Music library, collecting 256 million rows of track metadata and 86 million audio files totaling around 300 terabytes of data. It says it plans to distribute it as a preservation archive. Anna's Archive describes this as a mission to safeguard human, humanity's musical heritage. But this violates copyright and Spotify's terms. The company confirmed the unauthorized access to scrape public metadata and bypass DRM to access some audio files, but says it's disabled the accounts involved added safeguards and there's no indication that user account Data was compromised. CESA's ASUS Live update CVE update update.
A
Oh, come on. It's got to stop. All right, so first of all, we've got multiple different, we have different types of actors, right? We have those black hat hackers, we have white hat hackers. This one, they're trying to say they're a hacktivist. Whether or not that's true or not, they're trying to imply that that's what, what they're doing. And hacktivism is like hacking for a cause, right? So, you know, political cause or whatever cause you have out there to take down the man or, or do something maybe nefarious to the websites or something along those lines. What it sounds like here is that somebody with a full on Spotify account was able to figure out how to scrape Spotify download metadata for songs as well as download the songs themselves. And I think, I think in here it said something about 86 million songs. See, did I miss that? I could have swore I saw somewhere in here that said 86 million songs. And there it is. So we got right here 86 million audio files and 256 million rows of track metadata. So, and they're saying that they're going to distribute it with a peer to peer network like old School Napster or something like that. That's pretty funny. Torrent files. So they say they fix this and they not necessarily mitigated it, but they put, they put, they put things in place that will stop this and is apparently from one specific account. In all reality, this is just, this is hacktivism in itself. Interestingly enough, I'd like to see if it happens again, because if it's happened once, even though Spotify is saying that they have put safeguards in place for it, I'm not necessarily sure that that's going to Stop somebody from doing it again. And what this means is somebody had full access or was able to figure out how to download their whole bank of information. So in all reality, you know what you could do? You could, with all the metadata and all of the, all the audio files, you could pretty much spin up your own and create your own little Spotify. Did they say they knew who it was? Got points of entry? This is funny. They're preserving humanity's knowledge of, in culture. It's like, get out of here. Hey, I'm gonna steal all this stuff because of humanity. We need to preserve our knowledge and culture. That's just crazy. All right, let's move on to the next one. Not a lot here, but it is interesting that somebody was able to get around and find a way to, to download all the music and all the metadata. Metadata.
B
Last week we told you that CISA added a new vulnerability to its known exploited vulnerabilities list. But the issue appears to document the 2018-2019 shadow hammer supply chain attack against ASUS Live Update, which wouldn't be a new or active threat. The compromised software is end of life fixes were issued years ago and no supported ASUS devices appear to be affected. With the recent activity reflecting retrospective documentation rather than new exploitation. DDoS disrupts France's.
A
All right, this is interesting here. So CESA decided to go ahead and put a, a new KVE in into their known vulnerability. But apparently this thing is years and years old. I'm not sure why all of a sudden it's in here, other than the fact, I mean, we could say government works very slowly. This says the Live update Vulnerability track is CVE2025 has been making the rounds of the info. So. Okay, wait a second. What's. What's old about this? Maybe they just now gave it a CVE number because this is a. If you don't know how CVEs work. Right, so it's CVE. So you have your, your CVE here. Let me back out. Your CVE is there. And then that is the year that it happened, so 2025. So they're saying that this is part of an old document from 2018, but the CVE in here is for 2025. Do they have an older CVE in here? The CVE entry is for compromise. So maybe this was reported in 2018, 2019, but nothing was ever actually get. Maybe it was never given a CVE number. That's what it looks like. And maybe it's never given to CV here. Let's I'm gonna pull this up real quick. Let's see what our results are on this. Oh, good Lord. Okay, so this is a big one. If you're, if, if you're using it now. Granted. Let's. We'll. We'll look at this. Look at these numbers here. So we've got 30% for your EPSs score and then the ranking is in. Is 96%. Right. So the 96 percentile in our ranking here, this is a bad one. But let's go back to the story real quick because in the story, where is it at? I remember they said something about it's not even being like. Even though they're adding this in here, it's not actually being done in the wild because it's already been patched. Let's see. Archive pages. Kind of reading through this to see if I can find where this is at. Because I heard him say, I mean, in all reality, it's make sure. Make sure. If you're running asus, like the moral of this story is you're patching it. So you're gonna patch. Make sure everything's patched. And what they said is if you've already patched it, then you're fine. Like, they're not even seeing this in the wild right now as it is. So I'm not sure why all of a sudden this is a big deal or why it's been. Why it was added to there, other than the fact that it just wasn't in there and they made it a 2025 CVE release versus putting a 2018 or 2019 marker on it. Be mindful in treating Ceases CVE is urgent, particularly for. Yeah, there you go. Security team should therefore be mindful. Let's see what this is here. Formalized documentation. Yeah, it doesn't address a new exploit. It's just make sure you patch your stuff is basically all it's saying. Oh, here we go. This is even better. So right here, according to the CVE entry, the effective software for Asus Live update reached end of support in 2021. So we're talking about software that was into support five years ago, almost six years ago. Well, five years ago, almost five years ago, with no currently supported devices or products that are affected by the issue. So you're putting out a CVE for something that no longer really exists. Right. So these devices are those devices that are in all of our bins in the corner that we don't use anymore. Your Lynxes WRT old blue router that's sitting in there, just it was in place and you're like, oh, nope, I get rid of it. Now, as a rule of thumb when it comes to it, when it comes to cybersecurity, mainly when it comes to the IT infrastructure and things like that, your devices should be pulled out within four years, Right? Usually if you buy something in year one, it's good. And they say that that technology is good for probably about four to five years. So in, in year four, you should probably be looking to see maybe upgrade. Right. This device is probably. Does this say it's a wireless router? I think it's wireless. I think this is like a wireless device. But basically those type of devices, like this is probably like Wi Fi 4, Wi Fi 3 device, get rid of it, upgrade to Wi Fi 6, Wi Fi 7. Yeah. And like they said in here, these devices aren't even in the wild anymore. So for the most part, and if they are, I mean, more than likely have been patched. All right, let's move on.
B
Postal and banking services. France's national postal service, La Poste, says a suspected DDoS attack disrupted its websites and mobile apps, slowing deliveries and knocking some digital services offline. The outage also affected Lebanc Postal's online banking and mobile app. Though card payments, ATMs and in store transactions continued to work, there's no evidence that customer data was compromised. Some post offices operated at reduced capacity as teams worked to restore services.
A
All right, this is interesting. So another day that ends in why we have a DDoS attack. So this attack apparently disrupted France's postal service and banking services right ahead of Christmas. It says that it, it disrupted their websites and their mobile applications. My question to this would be, why are these things not behind a service, especially as a government service, why are these things not behind some type of DDoS system? Like maybe Cloudflare Azure has DDoS capabilities on it to disrupt DDoS. Would it have stopped it? It's not going to stop it, but it's going to help mitigate these issues. It looks like, although it was like most DDoS is, although it was a pain in the butt when it comes to getting services running and so forth, it didn't necessarily affect specific things. Like they were still able to. Still able to use ATMs, they were still able to make payments. I think somewhere in here. Let's read through. Some post offices were operating and reduced capacity. So it slowed stuff down. Maybe because the application that the post office or the French post Office uses, they were having issues trying to get into it because of all of the traffic going there, our teams are fully mobilized to restore services quickly. So here's, here's something interesting here. The incident follows a separate attack or a separate data breach disclosed last week of France's Ministry Interior. So kind of sounds like somebody is going against French government services. The French France Interior Ministry. Now you're going against the, the public Postal service, banking services. Sounds like somebody, I'm sure they, they have an idea of who's doing this. Let's see the disruption. I mean, the worst part about this is it happened a couple of days before Christmas, right? Because everybody's trying to get their cards out, trying to get their gifts sent. This, this causes some, some issues when it comes to postal services in themselves. Just check chat, see if we got anything on here. Wait, I'm the. No, I'm not the first one. Marcus Seiler saying I'm the first, first one that he's heard say DDoS. Jerry says it. Yeah, maybe. There we go, a DDoS. And that's my French accent. So, yeah, I mean, these, these DDoS things, they're a pain in the butt, right? When it comes to this. Basically what they're doing is they're, they're stopping, they're flooding whatever it is, the application, the, the website, they're flooding it with traffic and overwhelming the server itself. If you actually put mitigations in place like a Cloudflare, like Azure's front door or their DDoS infrastructure in front of it, it helps stop that. And the way that it helps stop that is it takes all the traffic in and ingests that traffic and decides if it's good or bad before it actually sends it over to your server or to your application. So having that in between mitigates all of that hitting and destroying your server. And the service in itself helps keep that traffic away, right? So now even though that specific IP address or those, those endpoints in Cloudflare, which those are distributed all over the world, right? So I don't know if everybody understands how Cloudflare works, how the networking of Cloudflare works, but depending on where you're at in the world, depends on what you're going to hit. When it comes to Cloudflare, it's a cdn, so it's a content delivery network. So if I'm in France, it's going to hit French, it's going to hit a French endpoint before it gets into where I'm at. So it's going to hit a French Cloudflare endpoint. If I'M in the United States trying to get to that same spot. It's going to hit a United States endpoint before it gets passed over. If I'm in Africa, it's going to do so forth and so on. So that's how that helped mitigate that. Trap the traffic and keep it from basically blowing up your server or taking down your server, your, your infrastructure, your server, your product, your, your applications are still up and running. It's just the traffic getting to them is where, where you have the issues.
B
Side Next, fake delivery websites hit holiday shoppers. Cyber criminals ramped up fake Delivery websites by 86% in the past month, targeting holiday shoppers with phishing texts and emails posing as postal alerts. That's according to NordVPN data. DHL was the most impersonated carrier. While fake USPS sites surged 850% month over month, exploiting urgency around delayed packages to steal personal and financial information. Losses from text message fraud continue to climb with FTC data showing $470 million lost in 2024.
A
All right, hey, you know what? A new holiday, a new phishing scam. We see this happen during any holiday, right? And we see it happening especially here in the States. We see it happen during tax season. So we've got 86% increase in malicious traffic or malicious postals postal going more, more on the postal services here. So malicious postal service websites have been exploded at 86%. So more increased malicious postal service websites over the past month. There was something else in here. Oh, 206. So we've got fraudulent websites, 206. Over 206% month to month. There was something else in here. There it is. The malicious websites imitating rise 850% in the last month. So since October, November, they've seen an explosion in websites being spun up for phishing attempts. And this is something that we see all the time. So as practitioners, what do we have to do anytime we get to holiday season, anytime we get to tax season, we have to be cognizant. We have to let our employees know. Everybody out there knows that this happens. We just have to remind everybody that hey, we're in the holiday season. If a deal is too good to be true, more than likely it is. Make sure that you don't go clicking around, like stop clicking before you click on a link. Put your mouse over the top of it, make sure that it's going to where it say it says it's going. If it's going to target, you know, it's an ad For Target that's coming in, make sure that it shows that it's going to target.com. if not, then go to Target directly. Before you actually click on the link, I say target. This is for any vendor in there. Is there anything else? Text based delivery scams, smishing so people send an SMS text are a major driver behind the trend. So I guess people sending fake text messages with links in it and people clicking. So that's where a lot of people are getting got now, right? Because most of us now are no longer on a computer when it comes to these type of scams. We're on our phones, we're getting a text message, we're seeing something and we're clicking on it just to click and see what's going on. And we're using our devices, we're using our iPads, our iPhones, our Android phones, whatever phone we have. And that in itself is an issue, but it could cause bigger issues, right? You have the single clicks where somebody sends you a text message, you click on that. Now you've downloaded malware into your phone where they can now see everything in your phone or pull down your contacts or whatnot. So there. When it comes to getting those types of messages, what do we tell our, what do we tell everybody? Don't click on them, right? You get, if you get something from somebody you don't know, you get it from a number you don't know. More than likely scam, stop, move on. If it's not and it's something important, is what I tell everybody the first message that comes through, if it looks weird, get rid of it, don't worry about it. Because you know what, if it is important and it's important enough to the person on the other end, they're going to send it again. They're going to call you, they're going to get in touch with you. If it's that big of a deal. If it's not, when it comes to these scammers, they're sending tens of thousands of messages and they could, they couldn't care less whether or not you clicked on it or not. They just want someone to click on it. That's it. They're looking for one person to be the guinea pig. Don't make it you.
B
Huge thanks to our sponsor Threat Locker. Want real Zero trust training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement and maintain zero trust in real environments. Join us March 4th through the 6th in Orlando. Plus a live CISO series episode on March 6th, get 200 off with ZTW CISO 26@ZTW.com.
A
All right, I am not going to play our normal. I'm gonna play some Christmas music because it's that time of the season. So we're gonna. We're gonna play this. Oh, hopefully it's not too loud. Let me pull this down while I talk for a minute. Let me switch. Whoa. That's not where I wanted to be. This is where I wanted to be. So you see my face. I don't need you to see Jerry's face. So Today is Tuesday, December 23rd. I was about to say December 24th, man. I don't want to jump ahead. I want to take this time slowly. What this. Want this time to last off time. You have to. Have to have it last. Usually Jerry does a tidbits Tuesday. I'll do a little tidbits Tuesday and tell you guys what I usually do. And some of you may have heard me say this before, but what I do around Christmas and what my family does is we've got both. Both my wife and my parents are still around, thank God. But what we do is we spend time with both sides of the family. We do a big old fish boil, fish fry with her side of the family Christmas Eve, and then we go hang out with my parents Christmas Day. Fun family stuff. But I think from our conversations yesterday, this year, we're gonna all be watching that, watching the clock for 7 o' clock to be running home so we can watch Stranger Things. So little. Little bit about me, I gave y' all some of that yesterday. A little bit about me is I'm deeply into Stranger Things right now. And I'm. I'm, like, waiting to find out how this thing ends. Let me go through chat real quick, see if anybody's got anything on here. I did see something in here which caught my eye. I don't remember who it was or where it was at. Yeah, Phil. So Phil Stafford, as. As we talked about the other story, another thing is, is Phil Stafford puts. Let me throw this up here real quick. Phil Stafford puts. Don't forget about poisoned AI results. So just kind of following on that with that story. When it comes to. When it comes to all the phishing sites and all that stuff with AI, they have become very good at creating AI emails, AI sites and so forth to be able to create these messages that look 100% legit. Right? And when it comes to OSINT, they can oent your. Your company and find out who you do business with and send over different types of phishing messages whether the invoices and so forth that look like they come from a legit company. So we've got to be cognizant of what's going on, especially as it comes around the holidays and so forth. Space tacos with a 2$2 super chat. Happy festive festivus for the rest of us. Oh throwing in some Seinfeld here. We are. So everybody we're at the mid roll. We're close to 7:30. I want to go ahead and get through. I think we've got 1, 2, 3, 4 more stories before we hit Jawjack and I want to get through these because some of these are are interesting just from the the headlines that we've got. Let's go ahead and pop over and finish this out for today. Then we can get get Jawjacking and and have a good time.
B
Uzbek Users attacked by SMS Steelers security researchers at Group IB say Android users in Uzbekistan are facing a new wave of SMS stealer malware attacks spread via telegram with multiple threat groups. Using sophisticated droppers, obfuscation and social engineering, the malware steals banking credentials and funds. It quietly persists on devices and spreads by hijacking victims telegram accounts to to target their contacts. Group IB says the campaign marks a significant jump in operational maturity since October.
A
Fake WhatsApp all right, so I literally was just talking about this on the other one. Oh, I lost my mouse. There we go. So users in Ubekistan are being targeted with Android SMS stealer. This sucks. Basically they're getting, they're getting sent an SMS message that is instantly installing malware and basically infecting their phones. This becomes a bigger issue just because it's Android, which is the largest phone software out there or device software out there, according to the research coming out from Cybersecurity vendor said its research observed a new wave of malware attacks targeting the users in Ubekistan starting in October. The wave attacks involve multiple threat groups it added, including tricky wonders. Blaze Fang. That's a cool name. Blaze. Blaze Fang. Welcome to Blaze Fang and Gia. Not sure what if I said that right. So the malware, which is used to steal money and credentials are attached to an infected phone distributed as an APK file. This one's, this one's a little nasty. It's pretty crazy when we read into this. So once the attacker has access to the target's Android device and phone number, the threat actor attempts to log into the victim's Telegram account and trick users on the devices Contact list to install. Hey, well what if you don't use telegram? So they, they have, basically, it looks like if they get with this malware, they get full rights. Do they have anything on here? Examples of threat. Well alive. All right. Inside the campaign, The I Group IB's research pointed out SMS dealers like Wonderland are. The attackers stopped distributing the malware directly inside. Kind of going through all of this. Okay, let's see how cyber defenders can protect themselves. The report also highlighted a rapid rate in which the actors were adapting to defenders. The new wave of malware developed in the region clearly demonstrates that the methods of compromising Android devices is not becoming more sophisticated, but they are evolving at a rapid pace. Attackers are actively adapting their tools, implementing new approaches to the distribution concealment of activity. I mean, this one's kind of dirty. So in here it says that they get full access to your phone and they have persistent access. Even if you remove it, they reach out to all of your contacts to try and distribute it more. And the whole goal in here is to be able to try and gain some type of foothold and be able to steal money or, you know, just like any other thing. Still, still money, still contacts, still logins and so forth. This one's, it's pretty ingenious, but it's also very disturbing, like kilogram base methods. Wow. So attackers were observed using sms, Steeler, Wonderland, Dropper. Yeah. So, man, when it comes to this, I'm sitting here just in my mind, just going round and round around because you see this so much when it comes to Android devices. Android device, it's easy to sideload stuff on an Android. It's easy like you have full control of an Android device as a, as an individual that owns one, you have the ability to do whatever you want to that device. It's kind of where you have the yin and yang of Android versus Apple. Right. With an iPhone, you don't necessarily have full control. You've got to jailbreak it. You got to find something to do to get back end credentials or backend information in an iPhone. But with Android it's quick and easy. You drop an ap, they're dropping an APK file on this device that then gives them full access, probably like damn near root access to this phone into the operating system for them to be able to do whatever they want. And on top of that you do, you delete it. It doesn't do anything because they have persistence on your phone like this one's. At that point you're, you're trying to, you might as well wipe your phone. And the fact is that you don't even know that it's there. The only way you're going to know that is there is if all these telegram messages start getting sent out. If you're a telegram user start getting sent out to your friends or family or whomever is using Telegram with you asking if you're sending these messages. Yeah, it kind of looks, it's. So that's a, that's a good point. It sounds, it looks like Pegasus. It's not necessarily Pegasus, but it in some way shape or form, it's sent via a text message, it's downloaded, put on the phone and then they have full on full blown access. Now granted, right now, I think they just said, this is just in Uzbekistan. They're the ones being targeted. But if they're being targeted and it's working, make for damn sure that that's going to be, it's going to be all over the place. This is something to watch for in the coming months to see what's going on. So put a, put a bookmark on this one and let's see what happens over the next couple of months. Because if this is getting the traction that it is and they're able to get information off these phones, they're able to take over these devices again. If they can take over these devices and they have this type of access, guess what they can do? They can turn these devices into, into IoT bots. Right. They can use these devices for another botnet for more denial of service tax. Interesting.
B
API package steals data. Researchers from Coy Security say a malicious NPM package called Lotus Bail, posing as a legitimate WhatsApp API, has been downloaded more than 56,000 times and can steal messages, contacts, media and authentication tokens while silently linking an attacker's device to a victim's WhatsApp account for persistent access. The malware mimics the Bailey's WhatsApp web library, intercepts web socket traffic, exfiltrates encrypted data, and remains active even after removal unless the linked device is manually revoked. Inter.
A
Good Lord, another one. All right, fake. What's up? API package on NPM steals messages, contacts and login tokens. Sounds like another. So we were just doing Telegram, now we're doing WhatsApp. So we had SMS and then they get a hold of your Telegram and try to do stuff with Telegram. Now we've got somebody that has created an API, a functional API for wet for WhatsApp. Oh boy. All right, gotta read through this real quick. They Just disclose details on the new malicious package. It's been downloaded over 56, 000 times since it was first uploaded in 2025. The 711 downloads that took place over the last week, the library is still available for. Oh, well, okay. If you know it's there, why don't we get rid of this thing? Delete it under the COVID of functional tools. So this thing is saying that this tool is actually. It is a functional tool. So you download it, it works as you expected, as you intend it, but then the malware comes in and steals your WhatsApp credentials, intercepts every message. Good lord. It's every message. Harvests your contacts, installs a persistent backdoor, and encrypts everything before sending it to the threat actor server. Good lord. All right, this is what I was talking about on the other one. So in this one, the un. The tool is functional. You download the tool. First off, why are we downloading this tool? What are we doing? Okay, so we're using WhatsApp API. All right, I guess the question here is, why are we using an API for WhatsApp? What are we doing with WhatsApp as an API? We're pulling the data. Like, if I have WhatsApp, which I don't use WhatsApp, but if I had WhatsApp, what am I? What's my goal into installing an API to connect into my WhatsApp account and pull the information out? Why would I be installing an API for a chat? Maybe you've got a website that we're doing this on. Maybe somebody up there in chat can. Can enlighten me on why they would be using WhatsApp as their chat. But other than the fact that they say it's encrypted, why somebody be using WhatsApp as their. As their actual chat platform on a website or pulling APIs. I digress. So they have an API, they're pulling in. They. They have hooked it into their account, thinking that it's a good API. Which it works, right? It does everything that you're asking for it to do. But what you. What you don't realize that it's doing is it's doing bad things on the other side. It's gathering all of your data. What the. What do they say? It's gathering all your data, getting your credentials. It's intercepting every single message. So if you. If you're a company, let's. Let's take this on a broader scale. Say you're a company and you're sending out text messages and You've got contacts, and for whatever reason, your contacts are using WhatsApp. So say your sales team is using WhatsApp to talk to. This is a very hypothetical because I don't know of anybody that's using WhatsApp as a sales group to do this, but your sales group is using this now. They have all the information. They're intercepting all of the messages. They have harvested all of your contacts, right? So everybody you're doing business with has now been harvested. It installs a persistent backdoor. So even if you go into your application and you're like, nope, found this, let's get rid of it, they now install a persistent backdoor. Even if you remove it from your code and it encrypts everything and sends it to the threat actor server. So when they actually send the file, if you're monitoring the traffic, it's encrypted traffic. You can't see what's being sent. This is a big deal. I'd like to dig in more to find out who's actually using or what people are using WhatsApp for with web APIs. Like, what are you. I'm kind of hung up on that. I know. I'm hung up on that. Yeah, here we go. Hint of the day. Oh, nope, that's not the one I wanted. This one. Hint of the day. Never use Telegram, WhatsApp or Signal anymore. Thank you. Please come again. Let's see. This is accomplished by malicious websocket wrappers through which authentication information, when you use the library to authenticate, you're not just linking your application, you're also linking in the threat actors device. So think about this. When you log into something, so say we all. Most people use Spotify. A lot of people use Spotify. When you go to add your device to Spotify, you can go into your account, you can see what devices are connected to it, right? You can revoke your device from Spotify or whatnot. That's what they're talking about. So this API connects, connects your account to the device. So number one, if you are using WhatsApp, go and look at your settings and find out if there's devices that are connected to it that you have no clue about. Like, hey, this doesn't make any sense. We don't have this device and revoke access to that device. That's number one. That's first off. Right away, that's something you go do. Check your, check your settings to get to revoke that out. See, by linking their device to the target's WhatsApp, it not only continued access to their contacts and their conversations, but it also enables a persistent access. So, yeah, get, get rid of that. You need to check your accounts. That's. That's called being due diligent or doing an assessment on yourself doing assessment on your accounts, which in all reality, we should all, as individuals be doing an assessment on our accounts to make sure that the devices that are connected to it are the ones that should be connected to it. Are we doing that? No. And we know we're not. But every. I will say this every now and again, I look just to see what's going on, see how. Because we all get new phones or new devices, and then all of a sudden it pops and it's like, hey, this device has been added. And you're just like, okay, whatever. Yep, I know, I know, I know. In fact, I had one pop up on mine a couple of weeks ago, says, new device added. I'm like, what new device? There's no, we don't have any new devices. I'm like, no, no, no. New device. The malware wraps the WebSocket client. So once authenticated and starts sending receiving messages at intercepts and kicks, no special function is needed beyond normal use of API. The backdoor pairing code also activates during the authentication flow. So the attacker's device gets linked the moment you connect your WhatsApp, your app to your WhatsApp. This is a, this right here. This is great. Supply chains, supply chain attacks are not slowing down. They're getting better. And that is, for me, that's going to be the crux of everything, right? We're all, and I think we talked about this yesterday, where Everybody's moving to SaaS applications, everybody's using APIs to connect in between these device, in between these applications and devices. When it comes to these, these attacks now, it's going to be all over the supply chain, right? If you hit this guy up top, guess what you're going to get everybody underneath, right? So you install that API up top and it gets pushed out, or you install that code up top and it gets pushed out to everybody that is using your library or whatnot. Now, you've infected hundreds, thousands, tens of thousands, millions of people, millions of devices. To me, it's supply chain is, is, is the big thing. Now, let's see. Traditional security systems don't catch this. Static analysis sees this is. Oh, this is critical here. So traditional security doesn't catch this, right? But static analysis sees the working WhatsApp code and approves it reputation systems have seen 56,000 downloads and they trust it. The malware hides in the gap between the code works and the code only does what it claims. So you have all of this in a wrapper and when you're static analysis, so those that don't know, those that aren't in programming or don't do any, any coding or anything, you can go program all this stuff. You can go code things and just push it out. Right. Well now as security has become more of integrated into coding, you've got two different ways you can do a static analysis of your code which basically you take all your code and you just dump it into something like Vera code or some other static analysis and it looks at all the code and goes a. Is everything in here what it says it is? Right. And what this is saying right here is that once you run a static analysis on it, it comes back and goes, everything's clean, you're good. It doesn't see that there's anything malicious in the code, which is crazy. So it those, they don't find it. The malware hides between the gap of the code works and this code only does what it claims. That is amazing. So even if you scan the code to say, hey, is this bad code? It'd be like, nope, it's good, go ahead, push it on out. I think we saw this a while back. Malicious NOUGAT PACKAGES TARGET so this is just kind of going into everything that's going on with all these, with all these packages. I'm not sure if that, I mean it's part of this story, but it doesn't really go into what this is. So yeah, this one, this one's nasty and I don't know how you would get around it other than monitoring your, you've got to monitor your account. It sounds like the only way you can actually get around this or know that it's happening is as you monitor your account to see that there's a, there's a device now that is hooked up to your account that you're unaware of.
B
POLL LED ACTION DECRYPTS RANSOMWARE STRAINS Interpol says Operation Sentinel led to 574 arrests, the takedown of more than 6,000 malicious links and the decryption of six ransomware strains across 19 countries, mainly in Africa. Authorities also recovered $3 million with cases tied to more than $20 million in losses in including business email, compromise, ransomware and large scale fraud with private sector help from firms including Trend Micro and Shadow Server. Interpol says cyber attacks targeting sectors like Finance and energy in Africa are accelerating.
A
All right, here we go. Regulators. It was a clear black night, a clear white moon. Warmer G was on the streets trying to. All right, so Interpol's going gangbusters right now. So Interpol coordinated an initiative called Operation Sentinel that led to the rest of 574 individuals. And they recovered about $3 million linked to business email compromise, extortion, and ransomware. As we dig into the story, it gets even better if we look at what's gone on throughout the year between October 27 and November 27, the investigation, which involved law enforcement in 19 countries, took down more than 6,000 malicious links. And on top of that, not only did they take them down, they were able to decrypt six distinct ransomware variants. That in itself is amazing. So they were able to decrypt the ransomware variants. So they were able to send. Now that they have been able to figure out how to decrypt it, they can probably. Anybody that's got that, they can send the decryption codes to them and get their data back for them. Interpol says that the crime cases investigated are connected to more than $21 million in financial losses. It's not a huge number, but, I mean, it's a huge number for me. Let's see. This kind of breaks it down. So the Interpol agency highlights the success of the following operation of Sentinel. So in sengal, authorities stopped $7.9 million in business email compromise, wire transfers. That's in. That's impressive. They were targeting a petroleum company by freezing the accounts before funds were withdrawn. That's awesome. So they got it looks like they had stuff in Ghana for 120,000 with 30 terabytes of data. Ghana, Nigeria. 20 or 400. 200. 200 plus victims for 400,000. A hundred devices were seized, 30 servers taken offline. I don't know where Benin is. I'm assuming it's in Africa. It seems like all this is in Africa. 106 arrests. 43 malicious domains removed. 4300 scam linked social media accounts shut down. They are on a tear. Cameroon. Rapid response to an online vehicle sales scam. Man, I'm guessing these. Yeah, they look like they're all handcuffed. These are the individuals. The scale and sophistication of the cyber attacks across Africa are accelerating, especially against critical sectors like finance and energy. The outcomes from Operation Sentinel reflection. In August, Interpol. Okay, so here we here kind of break. So in August, Interpol coordinated another African focused operation called Serengeti 2.0. That resulted in the arrest of 1200 suspects, $94 million of illicit funds, and dismantled 11,000 malicious infrastructures linked to the test. So that's infrastructures, that's just not links. That's infrastructures. That's a lot linked to attacks on 87,000 victims and then again in March. So yeah, Interpol is going gangbusters. Big, big claps to Interpol for that one. I have a clapping sound. I used to have clapping sound. I don't think I do. Yeah, I don't have anything on the board right now. So in march, another one. So 80, 1800 devices. Big props. We got to give it to Interpol for that one. That, that right there. After what we've already read, that kind of gives you a little bit of hope. Like we've got people creating APIs that are connecting to everything and stealing everything. And Interpol is in the back going, don't worry, we got you. It's going to take a while. But it looks like we've got Shadow Server Foundation, Trend Micro and a couple of others. TRM Labs and Uppsala Security, they help. They traced IP addresses and ransomware and sextortion attacks. This, this is a feel good story for us. Had see somebody from Interpol pat him on the back. That's awesome.
B
South Korea to require facial recognition for mobile numbers South Korea will require facial recognition when registering new mobile phone numbers starting March 23 following a pilot program. This is part of a broader push to curb identity theft and voice phishing scams. The policy applies to major carriers and MVNOs and comes after more than 21,000 phishing cases this year and a major breach at SK Telecom that exposed SIM data from nearly 27 million users. If you have.
A
All right, I'm not sure how I feel about this. I see it as being good, but I also see it as a. I'll up in on somebody's privacy of facial recognition. So I'll take the good first. So when it comes to mobile numbers and these mobile farms that we hear about, the one that got taken down in, in New York a while back, they're big problems, right, because they use, they gather all this information, they gather all these phone numbers and they create SIM farms where they're able to just use number after number after number after number to get your number and send stuff out. And you don't know who's behind that phone number. Right. So for instance, the, we talked about earlier, the, the SMS messaging, you don't know who's behind that number. That number could be on Google, it could be sent over. And you have no clue who's behind that number. You create fake accounts and put them on there. The good thing to this would be that everybody would be attached to that number. Your name, your face. You have to prove that you are who you are before you get a phone number. So then if you actually start using it maliciously, guess what? We can come after you. That's the good side of it. The bad side of it is it's kind of like impeding on privacy. Right. Because now, like, I use Verizon, Verizon knows that I'm the one that. That called or that that has this specific phone number. They know that my wife has this number or those numbers are attached to our accounts. Right. So we know that I can see and I don't because I don't live in South Korea. North Korea. I don't live in South Korea. So it sounds like maybe they don't actually require you to show who you are, which, I mean, when we go pay for stuff in, in the United States, when you go pay for a phone, not necessarily. Well, I guess not necessarily a burner phone, but if you go into a bigger, a bigger company like AT&T or Verizon or T Mobile or something like that, usually when you go in, they ask for your driver's license so you, they see who you are to make sure that your payment card that you're giving them is, is your card and so forth. That's great. You know what? Now that I think about this more and more that I'm talking about it, this is great. But, you know, your bigger companies are doing this, but your Walmarts, your places that are selling these burner phones aren't going to do that. Now, we're talking United States here. We're not talking about South Korea, but it says that South Korea is it just for the bigger companies. And if that's the case, do they sell those type of phones in South Korea, which I'm assuming they would, they would just sell burner phones in there. So in April, South Korea's SK Telecom was hacked and the SIM card data. And SIM card data belonging to nearly 27 million subscribers was stolen. Privacy regulators determined the telecom did not even implement basic access control. Well, there's your problem. Allowing hackers to take authenticate authentication data and subscriber information from a mass. Well, well, that's. I mean, that's in a problem in itself. Yeah, See, so here it is right here. The reported plan applies to the country's three major Mobile carriers and mobile virtual network operators. So that's great if it's just the three majors, but anybody else that had that's running a mobile carrier, mobile, like Mint Mobile or something like that, that's over there. It's not going to do anything. They just still get those same sims. I guess it's a step in the right direction. But it's also a little sketchy when it comes to privacy, especially if I'm having to. You're scanning my face to get my identity to make sure. I don't know. What do you all think? Yeah. All right, let's see. I think that's the end thoughts on.
B
The news from today or about our show in general?
A
All right, that is the end. Woohoo. Yay. All right, everybody, if that is the end of the stories for today, good ones. If you were here just for the news, great. Have a great day. See you tomorrow. I will be here tomorrow morning on the eve of Christmas and we'll go through any stories that they've got out tomorrow. If you are gonna hang around for Jawjacking, we will hop over there in just a minute. But like I said, if you're here just for the news, we'll see you and see you tomorrow. Tomorrow. So let's go ahead and jump in and drop over a jump over. Let's go ahead and jump over to. To jawjacking.
C
Ever wonder what it takes to break into cyber security? Join us every weekday for Jawjacking, where industry experts answer your burning questions about the cyber security field live, unfiltered and totally free. Let's level up together. It's time for some jawjacking.
B
Yeah.
A
All right, so I want to go through. That last story was good. I like it. I'm kind of iffy on each side. Not sure I want to know how you guys feel about it when it comes to. When it comes to facial recognition to get a phone like I I 100. Understand. Let's tie somebody to this number so we know what they're doing, right? I mean a lot of this stuff, I don't know if you guys out there depending on, I guess how old you are. Remember Demolition man with Wesley Snipes and Sylvester Stallone? When I hear a lot of this stuff, it kind of reminds me of that just about how everything. Like when they said a cuss word and they got a ticket. Like they know exactly who you are, what you're doing all over the place. It's. I don't know, you go back and look at stuff, you look At Back to the Future and things like that. We are like, we're not as futuristic as those shows show, but we do have a lot of those things in place now. Yeah, that's me. I'm sitting. I'm like sitting on the fence on that one. Like, I get it. Because, yeah, if you send me a bad message, I want you to get got. But I also know that I'm not a bad person. I'm not gonna be sending it. So why do you need my face? Right? So. And s. Oh, yes, Andre Bullock was in that one, wasn't it? We don't talk about the three seashells Airfish. We. What do we do? We stand in front of it. We scream at the. Scream at it. So it gives us paper. Oh, all right, let me. Let's find some music here. I'll turn on some music. We got something in my ear going. Y' all let me know if that's too loud. In fact, I'm gonna. I'm gonna turn this down. I don't want to like blow y'. All. Y' all right. Y' all let me know if that's too loud. Yes, FedEx. We do. We want our privacy. We want to keep our privacy intact. And that, that's the 64, 69, whatever. $69,000 question, right? How do we keep our privacy intact but also still deal with that type of stuff? And I don't have a good answer. I mean, if somebody out there has a good answer, let me know. But I mean, it sounds great on this side of the fence. It sounds great because now we know who's going to be doing that. But on the other hand, it doesn't. And if you're only doing it for the top three, what about the other eight that are sitting in there that are. That are sale services that are using it? I don't know. You tell me. How do we. How do we make sure that that doesn't happen? All right, you guys, this is jawjacking. So in here, anything and everything. Send me your questions. Let's talk about anything you want to talk about. We've got about 30 minutes or so. We have a great discussion. Maybe we can solve some problems that somebody's got out there, give some good answers. Zmf, you know what? So mass surveillance is already here. We've already talked about it. I don't know if we talked about it here. I was talking with my brother in law about this. Anybody. Everybody know about Flock, like Flock Security? There's massive surveillance there. I think we actually Talked about it here on. On the daily cyber threat brief one morning. But you have Flock security. If you're in the UK, you already have mass surveillance because there is cam. There are cameras everywhere. They watch, and they watch everything you do over there. But you now have Flock security in place. The Flock cameras, those cameras are supposed to be license plate readers. I'm sure they can gather a lot more data than just license plates. But it's here. Let's see. I mean, I guess. It's just. How many eggs do you have to break before you get that omelette? Oh, there you go. Yeah. With inflation, it's now the 69, 000 pyramid. There you go. FedEx is asking how I celebrated Christmas. So apparently you were not here at the mid roll, because I did talk about this. We go to both sides of the family. We spend Christmas Eve with my. With my wife's side of the family. We have a fish fry, fish boil, do all. All that stuff and have a good time. Just family together, talking, yapping, catching up for what's gone on over the last year. And then on Christmas Day, we go to my parents, my side of the family, and spend it with my side. Let's see. Flocks, if so weird, and that was a story earlier, right, Is flocks are hackable. We actually saw those. We saw those. There was a story about that. We saw where they were talking about flocks were hackable. The interesting thing, though, I think what they were talking about is flocks being hackable physically. I didn't think they. They said stuff about it being, like, getting in the system, but they were actually hacking them physically to be able to connect to the wi fi and be able to look at the cameras and be able to look at the dashboards and so forth. I'm gonna have to look at this Dennis. So he says flocks now track people in condor. Ptz Nai. So cyber guy, defense. Here's what I have to say. And this is another one of those, like, defenses right here. And I'm sitting on it. I don't know where to go, right? So I have seen the good on the Flock side and what it does. I am also on the side of the bad of what Flock does as well, right? Because those Flock cameras help find bad individuals that are driving around doing something, right? So, for instance, if you have flock in your neighborhood at the. At all the ingress and egress spots of your neighborhood, when that car comes in, guess what? Boom. That license plate gets hit. When the car goes out. Boom. That License plate gets hit. I have seen, and I think I said it on. On here one day is I have seen where there was an. A vehicle that was on the south side of Houston that got hit on a flock camera that had been, you know, there was an APB out or something. And because it got hit, the police departments were able to track that all the way through the city and up to the north side. I think they ended up getting the person on the north side. And it was a bad dude, whoever it was. I don't remember exactly what it was, but I remember it was something pretty bad. That's the good part of it. Right? But the bad part of it is they do take a lot of data in. And if it does get hacked, which we've already seen that it has, where is that data going? People can see that now. I'll say this Flock was put in my name without us noticing or knowing that it was going to happen. Flock cameras were put up on. In at the edges of my neighborhood. When that happened, we actually got an email from our homeowners association from Flock telling us to go to Flock's website and put in all of our information, put in our first name, last name, put in the vehicles that we drive, give all of our information. And the purpose behind that, the purpose that they wanted that information was to say that, oh, when this car actually enters the. Enters into the neighborhood, it's a car that's supposed to be there. And I saw that email, I said, hell, no, I'm not giving you all my information. You know what? You're gonna see my car go in and out every single day, every single morning. And you should realize that I live in this neighborhood. And you. And if you need all that information, guess what, My name is attached to my license plate. Go get that from the state. Let's see. China watches you like you like it, watches your grandmother. Yeah, with all. With all the Chinese cameras and everything that's put out there, it's all over the place. We could have played that. In other words, cameras everywhere and social credits. Oh, man, there you go. That's exactly it. So I don't know if everybody in here knows how that stuff works. It's crazy how it works in. In China. My understanding, just like Pocket Pixie's talking about here. In other words, cameras everywhere in social credit scores. You mess up, guess what, Your credit score goes down. That's some crazy stuff. If you don't know, go look up credit scores like Chinese credit scores. It's crazy. You do something Wrong. Your credit score. And it's not your credit scores, like, I think it's their social credit score goes down. So if you have a low social credit score because you. You did something or you messed up, like you jaywalked or something, like, you're not allowed to buy bread for the day or, I don't know, something like that. I don't know. It's interesting. I think haircut fish is trying to troll us. I think we. Jerry already talked about this last week, man. Eggnog is disgusting. I'm not sure which one we're talking. Are we still talking about the flock cameras and battery? So the. I mean, it's got a battery inside. All the flock cameras that I know are running off of solar. They all have solar panels on them. And if you have good advice for someone who's burnt out, let me know. Look, the best advice I can give you on burnout is you. You have to figure out how to disassociate with everything there's got. You have to come up with a way, whether it is turn everything off, don't look at stuff, get offline. Honestly, that's the biggest thing, right, is get offline. Because we're all so connected with work, with everything. You've gotta. You gotta put it away, and you gotta take some downtime. Because if you don't like. Burnout is a true thing, and we've been talking about this for years upon years upon years. Burnout. Burnout is not good for your health at all, in any way, shape, or form. Causes more stress. Like, you're stressed about this, you're stressed about that. You. I deal with it all the time, too. Like, it's not. It's not something to play with. Get rid of. To get rid of burnout, to get rid of the stress, you've got to take these devices. You got to take the devices you're connected to. You gotta, I don't know, put it in a Faraday cage or whatever. Get away from the stuff, walk away from the computer, go outside, touch grass, get with your family, sit down on the couch and watch Netflix. Do something that will clear your mind. You have to figure out what is going to allow you to clear your mind. For me, listening to music clears my mind. Hanging out with the family, sitting on the couch, playing board games. Like, do something that's not going to make you think about all the stuff that you have to think about on a daily basis. Hopefully that helps because it. Burnout is a it. We should. We should stop. Really. We should Stop calling it burnout. We should just call it stress, because that's what it ends up being. It's stress. Everything is stressful. There's so much going on in the world today, and everybody's required to be on their toes 247 and be at everybody's beck and call. And we've got. I mean, it reminds me of. I guess the best way to describe this is go be a child again. Go be a kid again. Go have fun and don't care about things. Like, for one day, don't care about what's going on. Just go have fun. Oh, Space tacos wants to know. Everybody raise your hand if you are celebrating anything in addition to. Or instead of Christmas. Yeah. If you're celebrating Hanukkah or what's it, Kwanzaa, there's something else. There's a lot of different things. Festivus. There's a lot of different celebrations now, this time of year. And to me, they're. They're one in the same. Because all it is is everybody getting together to see each other, see family. It's a family event. That. That's. To me, I mean, that's how I see it. Fedex. I actually. I was messing with that last night, and then I realized, hey, you know what? I'm on Jerry's channel, so it's not gonna work. So I didn't do it. I actually rebuilt this last night just so we can have some snow and have it. Have it be a little festive. Zmif, what are you talking about? Who's using show? They're using Shodan to find. What are we talking about, the cameras? Yes, but they might not see. Just going through chat, Man. Jay Gold is. Is kind of on point right here with all this stuff. Do you want to prioritize privacy or do you want to prioritize security? And in all reality, that's the question we, as practitioners, we ask ourselves every day. When it comes to. When it comes to the corporations that we work for, the companies that we work for. Right. What are we prioritizing? Are we prioritizing not necessarily privacy, but are we prioritizing functionality? Or. You're prioritizing security because they're, you know, you're on that scale. If you get security, they're going to. It's going to kind of come in, right? So on each end, they're going to kind of come in. So the. The more security, or I guess go this way, the more security that you have, the less functionality you kind of end up having, which it Seems like the more secure that we're going to become, the less private we're going to become, right? The, the privacy acts are put in place to try and mitigate that, but you got to have all the information to be able to say somebody's secure. Pocket Pixie's on it today. I tell this to people all the time. Keep personal matters private. If you don't want people knowing about stuff, you should not put it out there. You've got to be able to, you got to have a private life. Unless you're one that just doesn't care and you know, it is what it is. Code Brew saying, did they, did those cameras need to be hacked that they thought and just left them exposed? I don't think they were exposed. I think it has to do with the physical wi fi stuff that's on there. I don't remember the, the whole crux of the story. I just remember that they did get hack and it. And realize that this hack was like, this guy bought one and got the camera and they like opened the camera up. It's on YouTube. They go through on YouTube. I think it's like a 22 hour YouTube thing where they like break it down and they do different things to it, but they can't. I mean they're physically exposed, right? Anybody can just walk up to those poles and do something to those cameras. So here, here's what I'll say. There's a, there's a ton of websites that have cameras and stuff on them. There are using Shodan. You can see a lot of those cameras. I, I'll give y' all a, a funny story kind of funny. So about, I don't know, 15, 20 years ago. That's old. That's a long time. This shows you how old I am. We had somebody out at our office whose email got hacked, right? I'm putting quotes because it wasn't necessarily hacked. The email got hacked, the email account got hacked and emails were sent out throughout the company and they were derogatory emails, right? Pointed at people. And when it happened, everybody's like, what is going on? What is this person doing? And this person was, was a manager, was higher, was, was higher up the, the food chain. I was like, what is going on with this? Well, of course they came to me and they said, hey, what, what's going on? You know, the, the person's like, I think my email's been hacked. So I started looking at it and I get into the person's account and I find out that the account was accessed from a specific IP address. So to start off, what do you do? Where, where's that IP address? So I look at that IP address, search for the IP address, find the IP address. Is there anything associated with this IP address that can tell me where this is coming from? Put the IP address in, put just the, I put just the IP address HTTPs in front of it. Guess what comes up? Camera system. Camera system comes online. All right, so this company has a camera or this, this IP address has a camera system on it. So apparently the company that was running the camera system Admin admin, right to get into the camera system. So I tested admin admin, Boom, I'm in. And I can see everything that's going on within this company. Now this isn't hacking, right? Nothing malicious. I, it's open to the world, right? Has a default credentials on there. But I find, I, I find out that this, you know, through the camera system by looking at the cameras that you can see the company name on there. And I got the company name and went over to the, to the manager and said hey, this is where it's coming from. Do you know anybody that's at this place? Yeah, my girlfriend works there. His girlfriend had his username and password logged into his email account, I guess thought he was doing whatever he was doing within their relationship and decided to try and, you know, make him look like a bad person by sending all these different emails out. Very interesting scenario that happened. We were able to block it all and let everybody know internally what was going on. But yeah, Zmif, I see what you're saying here. It isn't it, I mean it's a gray area, right? Didn't do anything to, to be bad. I wasn't, I, all I did was type in admin admin just to test, I guess you call it a pen test. Just a test. We did let them know, we said hey guys, you, you've got this wide open so you might want to close this because we can see. And granted it was just, it was just a camera system and it had four cameras on it. It was a small company. But that being said, it did lead us to the right path to find out who was going on or who was doing what. Because in all reality what was happening on our side was worse than what we were doing there. Trying to figure out who's doing was. It was research Zmif, it was research. It wasn't hacking. We were researching to try and find out what was going on. I sent myself a reminder kind of Going through. I'm. I'm behind in chat. Trying to go quickly, see if there's anything in here. So we're talking. Still talking about eggnog. God, it's disgusting. I'm not. Okay, who. So today's the 23rd and for us here in the States we got tons of movies and everybody. We're not even going to go into the whole Die Hard thing because everybody always brings up the Die Hard stuff. What's your one movie or one or two movies that you have to watch this time of year? My kids always want to watch Elf Me A little tidbits Tuesday. Me, I always want to watch this Christmas Story. I feel like it's not Christmas. Out watching the Christmas Story and it's on Run for 20. It's running 24 hours a day. I feel like you have to watch Christmas Story once and then you always have the. The amazing. Christmas. Oh man, I just lost the. What a. My phone went off and I lost thought. National Lampoon's Christmas Vacation. That's a classic. You gotta watch that. Anybody got something crazy for me? It's Die Hard. Oh, Charlie Brown. There you go. Charlie Brown Christmas. That's always a good one. Angular wants to know how's my geography and can I find Uzbekistan on a map? Yes. Uzbekistan I believe is right over by Afghanistan. I will pull it up for you. It is in Central Asian. I do believe it's. Yeah, Yeah, it's actually attached to Afghanistan. So here we go. Come on man, give me some maps. There you go. Uzbekistan is right there. That's not, that's not a good version of this over there. Uzbekistan is right next to Afghanistan. Turkmenistan. So yeah, there you go. My geography is spot on. Boom shakalaka. Boom shakalaga. All right. Home Alone. Oh man, that's a good one. So we, we do always watch Home Alone. Home Alone. Okay, here's another question. What's your favorite Home Alone? Are you a Home Alone one person or a Home Alone two person? For me, I'm gonna tell you mine. Home Alone two. I love Home Alone two. Home Alone one was fantastic. Is great. But I think Home Alone two beats Home Alone one. And I think that's probably one of the few, you know, series that two is better than one. There you go. When we go back to Dennis Keefe is saying this is how he's gonna relax. That's it, man. Find a way to relax. Find a way to just set everything else aside and not have to deal with your day to day tasks. I got. I'm. I'm so far behind on here because of all the talking. Let's see. I know the trick is not working. I'm just kind of scrolling through here real fast. Hope. Somebody apparently had a psycho girlfriend. Oh, yeah. Psycho girlfriend 100. That. That's exactly what it was. I. And I don't know the ins and outs of what was, but, yeah, that was pretty crazy. Oh, bad Santa. That's pretty funny. That's a hilarious movie. Christmas Vacation in Elf. So that one. I love those. Okay, so the Santa Claus. This is gonna show you how old I am. Which Santa Claus movie? So there's a Santa Claus movie that is old, old, old. And it's got John Lithgow in it. I don't even know the kid. The kid's not. But it. Man, it is great. It is a great Santa Claus movie. Then, of course, you've got the ones with Tim Allen. Those are great. Then you had the new one with Kurt Russell on. I think Netflix did that one. That one's a good one. Scrooge. I'm surprised nobody said the Grinch. Oh, yep. There you go. Kyle. Kyle's in the Grinch. Charlie Brown. Been a while. Okay. Saki is saying Home Alone one is always number one. To each his own. Like I said, I. I think Home Alone 2 is. Is better just in the sense of, like, that's. That's my taste. I like the fact that it's all done, like, it's done in a place where he doesn't know type of thing. He's running from him in New York. Let's see. Definitely one. All right, everybody's. Everybody's not with me on this one. Oh, yeah, Trump. Yeah. Trump is in the. It's in, too. I forgot about that at the Waldolf Astoria. All right, everybody seems like one is better. One was great. But two. See this? This is how I feel. So neck beard's kind of with me of this. Like, one was great, but, like, the way two was it. I don't know. It took it up a notch because he was like, he's going to his uncle's house. Who doesn't live there? Isn't there? Because they're renovating and I don't know. It's just. And then he does the good deed for the store. Store owner. I don't know. A Muppet Christmas Carol. I don't know if I've ever seen that. I probably have. Okay. Tim Allen, Santa Claus. I guess we could also do the. Which. Which Tim Allen, Santa Claus. One, two. Or then there are three. Y' all know there's gonna be a Toy Story 5? Oh, that's interesting. Groundhog Day. You watch Groundhog Day? That's a funny movie. Bird lady. Yeah. Oh, hey, there you go, man. That was a. This one was huge for my kids. Polar Express. That's a great movie too. Yeah. FedEx Sam with you. Like it's actually one that didn't suck. That it's good, that may be it. That it's the second part of it and it's just. In all reality it's almost like it. It's just a continuation of one like, hey, a year later. All. We didn't talk about. I mean we talked about a lot of movies today. Polar Express. We talked about a lot of Christmas movies. We did go into flock security and things like that on during Jawjacking the Family. I don't know what that one is. I'm gonna wrap it up. Here we are now at 8:30. Today was Tuesday. I was about to say October. Good Lord. Today was Tuesday, December 23rd. I had a great time. It's always fun coming out here and getting to talk. Especially like when I get to come in on the panels and be able to. To come and see everybody, talk to everybody. Give my opinion, which isn't always the greatest opinion, but it's my opinion. But give my opinion on. On what's going on. Love being able to. To talk about the news and see what's going on. Explain my thoughts on it. Try and get your guys takes on it. Understand how everybody else thinks about something versus what I think about. Because just because I think doesn't mean that it's right. You may have a better understanding of something better than what I do in some. Some way, shape or form. Because I sure as heck don't know everything. And I know that's one thing that a lot of people out there are scared of is that getting into this field, they don't know it all. So they're afraid to speak up. But what you have to understand is just because you don't know it all doesn't mean you shouldn't speak up. Because you speak up on the things that you do know and not necessarily things that you don't know and learn the things that you don't know from the people that do know them. If that makes any sense. But for me, that's going to be it for today. I will see everybody tomorrow morning. Tomorrow morning is Christmas Eve. And see not ZMF, but FedEx. Maybe, just maybe I might try and hook up a snowball fight tomorrow and we can have some fun right before we move on to Christmas Day. Tomorrow is going to be the last day for the daily Cyber threat beef this week. And then Daniel Lowry will take over next week while I head back to work, which let's not talk about. We need. We need time off. Right? Keep that time off. Everybody go outside. If, if you live up north and you have snow, go play in the snow, go touch grass, go have fun, touch de stress over these next couple of weeks before the new year starts. Because when the new year starts, it's going to hit hard. We all know it. But that's going to be it for me for today, everybody. See you guys tomorrow. Have a great day.
C
Hey everybody. I hope you enjoyed that content. Keep the cyber security train going by connecting with the other Simply Cyber community resources. We have the Discord server that's lively and always keeps the conversation going. You can connect with me directly on LinkedIn and also every single weekday morning on the Simply Cyber channel. We're doing live daily cyber threat briefings 8:00am Eastern time as well as Thursday at 4:30pm we're doing live stream interviews with industry experts and we produce videos that we push out every Wednesday morning. I'm Jerry from Simply Cyber. I hope you enjoyed the content and we'll see you in the next one.
Host: Ben (DJ Bsec), filling in for Gerald Auger, Ph.D.
Date: December 23, 2025
Podcast: Simply Cyber – Daily Cyber Threat Brief
This episode delivers a rapid-fire rundown of the top cybersecurity news stories relevant to practitioners, analysts, and business leaders, with Ben offering his direct analysis on the impact and lessons from each incident. Topics include a massive Spotify scraping operation by hacktivists, an old ASUS vulnerability mysteriously surfacing in CISA’s KEV list, DDoS attacks impacting French public services, a sharp rise in phishing schemes targeting holiday shoppers, persistent Android malware in Central Asia, a WhatsApp API supply chain compromise, a major Interpol takedown, and South Korea’s new mobile registration biometric rules.
The episode mixes practical guidance, infosec context, and even some lighthearted Christmas and movie talk during the community Jawjacking segment.
“Hey, I’m gonna steal all this stuff because of humanity. We need to preserve our knowledge and culture. That’s just crazy.” (09:12)
“The moral of the story is you’re patching it. Make sure everything’s patched.” (13:56) “You’re putting out a CVE for something that no longer really exists...these devices are those in all our bins in the corner.” (14:44)
“Another day that ends in y, we have a DDoS attack.” (19:15)
Criticizes lack of DDoS mitigation (Cloudflare, Azure DDoS) for critical services. “Why are these things not behind some type of DDoS system, especially as a government service?” (19:28)
“A new holiday, a new phishing scam.” (25:02)
Emphasizes ongoing user awareness—don’t click links in unexpected texts/emails; mouse-over URLs and verify via vendor websites.
“They just want someone to click on it. That’s it. They’re looking for one person to be the guinea pig. Don’t make it you.” (27:51)
“This one’s a little nasty...it’s pretty crazy when we read into this.” (33:50)
Describes how side-loaded APKs grant persistence and wide access—difficult to remove and can turn phones into botnets.
“Put a bookmark on this one and let’s see what happens over the next couple of months.” (37:20)
“Good lord. Another one. Fake WhatsApp API package on NPM steals messages, contacts and login tokens. Sounds like another...So we were just doing Telegram, now we’re doing WhatsApp.” (41:10)
“If you are using WhatsApp, go and look at your settings and find out if there’s devices connected to it that you have no clue about.” (44:50)
“Supply chain attacks are not slowing down. They’re getting better. And that is, for me, the crux of everything…” (46:22)
“Interpol coordinated an initiative...that led to the arrest of 574 individuals. And they recovered about $3 million linked to business email compromise, extortion, and ransomware...even better...they were able to decrypt six distinct ransomware variants. That in itself is amazing.” (52:37)
“That, that right there...kind of gives you a little bit of hope...Interpol is in the back going, Don’t worry, we got you.” (54:37)
“Not sure how I feel about this...it's kind of like impeding on privacy. Right. Because now...you’re scanning my face...” (57:34) “This is great...if you send me a bad message, I want you to get got. But I also know that I’m not a bad person...so why do you need my face?” (63:08)
“Do you want to prioritize privacy or do you want to prioritize security? In all reality, that’s the question we as practitioners ask every day.” (73:44)
| Story | Summary | Key Lessons | Timestamp | |-------|---------|-------------|-----------| | Spotify scraped | Pirate group steals 256M metadata rows, 86M audio files | Data scraping risks, hacktivism justification | 08:05 | | ASUS CVE | Old vulnerability added to KEV | Patch your legacy stuff, don’t assume old bugs don’t matter | 12:23 | | France DDoS | Postal/banking DDoS outages | Importance of DDoS protection, CDN role | 18:40 | | Fake Delivery Phishing | 86% spike during holidays | User awareness is critical; phishing tactics evolve | 24:19 | | Uzbek Android Malware | SMS Stealers via Telegram | Risks with APK/sideloading, Android vs iPhone, propagates via contacts | 33:12 | | WhatsApp NPM malware | 56K+ downloads of malicious “Lotus Bail” API | Supply chain/integrity risks, static analysis limits | 40:29 | | Interpol Sentinel | 574 arrests, $3m recovered, ransomware decrypts | Success of multinational initiatives | 51:54 | | South Korea Mobile/Biometrics | Facial recognition for SIM registration | Security/privacy balance, response to big breach | 56:58 |
Ben’s tone is frank, collegial, slightly irreverent, and highly practical—he doesn’t sugarcoat story implications and mixes in humor (especially for dubious hacktivist claims or “yet another DDoS”). He wants listeners to learn applicable lessons (“bookmark this one for the future,” “always patch,” “check your accounts for abnormal devices”). The community focus is on encouraging practitioners to keep improving while not being afraid to admit what they don’t know.
Ben will return for the Christmas Eve episode, with more news and a potential “virtual snowball fight” for the community. Daniel Lowry steps in next week as Ben returns to work.
End of summary. For full actionable context, see specific timestamps above.