This week on The Threat Show, Darien and Chris go over five trending threats, including several vulnerabilities affecting Windows systems, Mastodon servers leaking data, and even a hack that can help bad actors steal cars.
We also look at the recent discussion surrounding Tik Tok and the security risks users face, giving our thoughts on who should be concerned and practical advice for small/medium sized businesses who rely on the app to reach their audience.
Threat Landscape (01:00)
Darien and Chris break down this week’s Threat Landscape, broadly examining the threats that emerged, started to trend, and became mainstream, as well as the threats that haven’t seen any activity in the past month.
Nokoyawa ransomware attacks with Windows zero-day (03:38)
The Nokoyawa ransomware group, known for exploiting a Windows mechanism called the Common Log File System, is now pairing this exploit with new zero-day vulnerabilities. Once attackers have a foothold into a Windows system, they can get admin access, encrypt all data on disk, and hold it for ransom.
Windows admins warned to patch critical MSMQ QueueJumper bug (07:36)
MSMQ QueueJumper is a built-in Windows service that is vulnerable to a remote code execution (RCE) attack. This service might be enabled without you knowing and if you’re connected to the internet and don’t have a firewall, you could be affected.
Shell in the Ghost: Ghostscript CVE-2023-28879 writeup (09:28)
If you have any services processing PDFs, they likely use a library called Ghostscript. An RCE was discovered in Ghostscript, so if you process PDFs from untrusted sources, an attacker will have the chance to send weaponized PDF files, compromising your server.
Mastodon Vulnerability Exposes Sensitive Information: Data Leak Alert (13:00)
Mastodon is a decentralized social media where people can create their own servers and have other users join communities. A new vulnerability was discovered within the service that allows an attacker to enumerate all of the users on a server and steal whatever identity information is present on the server. Passwords and credentials are not exposed by this vulnerability.
Cybercriminals Exploit CAN Injection Hack to Steal Cars (15:07)
Connected vehicles are vulnerable to hacking through their Controller Are Network (CAN). By detaching the headlights on a vehicle, a hacker can get into CAN of vehicle, fake unlock codes, and ultimately steal the vehicle.
The Security Risks of Using Tik Tok as a Small Business (19:00)
We look at the recent discussion surrounding Tik Tok and the security risks users face, giving our thoughts on who should actually be concerned, as well as practical advice for small/medium sized businesses who rely on the app for promotion and to reach their audience.
