Here at Fletch and The Threat Show, we're all about making complex cybersecurity conversations simple and digestible, and a huge part of that hinges on the language we use. From a daunting list of acronyms, to naming collisions where malware and vulnerabilities discovered in quick succession of each other coincidentally end up sharing the name, Darien and Chris discuss how the cybersecurity industry can change to become more accessible for newcomers and seasoned veterans alike.
They also break down the state of the threat landscape and go over five interesting threats you should know about, including a threat group elevated to nation-state status, a fix for last week's aCropalypse flaw in Windows, a vulnerability that's leaking ChatGPT session history, and more.
Threat Landscape (00:54)
Darien and Chris break down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
Newly exposed APT43 hacking group targeting US orgs since 2018 (02:30)
The North Korean threat group formally known as Lazarus, Kimsuky, and other names, has been upgraded to a nation-state status threat group now called APT43. They’ve targeted organizations across the world, and the group has been linked to unique ways to launder money stolen through crypto mining by using stolen funds to rent compute cycles on farms to mine for more crypto that won’t be attributed to them.
CrowdStrike Tracking Active Intrusion Campaign Targeting 3CX Customers (04:51)
A popular softphone application, 3CX, was the victim of a supply chain attack. 3CX is a VoIP (Voice over Internet Protocol) platform used by many Fortune 100 or Global 1000 customers and the attack has been attributed to a sub cluster of APT43 known as LabyrinthChollima.
ChatGPT Data Leak and Redis Race Condition Vulnerability That Remains Unfixed (06:52)
OpenAI’s ChatGPT has a vulnerability that leaked chat session history. This was originally just a logic bug within the software, but it has now been tied to the Redis open source component and the bug can be intentionally triggered.
Microsoft Issues Patch for aCropalypse Privacy Flaw in Windows Screenshot Tools (09:02)
Microsoft has released a patch, plugging the problem with their screenshot tools that allowed cropped information to be recovered within the file.
MacStealer: New macOS-based Stealer Malware Identified (11:09)
Two separate issues recently had a name collision; a malware family stealing data from MacOS systems was identified by the researcher who found it as MacStealer. Less than 24 hours later, a vulnerability was found within the 802.11 wifi standard that allowed for someone to impersonate a wireless client and reroute traffic to another system, with the vulnerability being named MacStealer, not because of any relation to MacOS systems but because the vulnerability occurs at the Media Access Control layer (MAC layer). Researchers often pick arbitrary names, don’t think about collisions, and this leads to confusion.
