Hacker And The Fed

MOVEit and MGM Resorts Hacks, U.S. Senate's Email System Melts Down, Cisco Can't Stop Using Static Passwords, and Listener Questions

Oct 19, 2023

Updates on MOVEit and MGM Resorts hacks, US Senate email system meltdown, Cisco's use of static passwords. Listener questions on single sign-on, circumventing IT rules, LinkedIn profiles.

01:24:49

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The recent hack of the file transfer software, MoveIT, highlights the growing trend of targeted attacks on software vulnerabilities by ransomware groups.

The US Department of State's failure to implement effective security measures raises concerns about the vulnerability of a vital government agency.

The US Senate's email system meltdown underscores the importance of proper IT training and email management policies.

Deep dives

MGM hack leads to massive theft of sensitive information

The popular file transfer software, MoveIT, was hacked by the Clop ransomware gang, resulting in 62 million people and over 2,000 organizations being affected. The cybercriminals earned between $75-100 million from this breach. This incident highlights the increasing focused targeting of software vulnerabilities by ransomware groups, emphasizing the need for proactive security measures.

Introduction

2min

Living in Puerto Rico: The Pros and Cons

6min

The Moveit Hack and Ransomware Exploits

21min

Resilience, Good Policies, and Backup Systems

6min

Corruption in Gaming Industry, Partnership with DeleteMe, and US State Department's IT Security

4min

Enforcing Policies and Collaboration Between CIOs and CISOs

14min

The Senate's Email System Meltdown

3min

Email Security and Static Passwords

10min

Using Vulnerabilities to Solve IT Problems

19min

This week on Hacker And The Fed we offer updates on the MOVEit and MGM Resorts hacks, the US State Department has no idea if its IT security actually works, the Senate's email system melts down in the face of a security test, Cisco can't stop using static passwords, and we answer listener questions about Single Sign-on, circumventing company IT rules, and LinkedIn profiles.

Links from the episode:

MOVEit Maker Announces New Critical Vulnerability Affecting a Different File Transfer Tool

https://therecord.media/progress-new-file-transfer-vulnerability

MGM Resorts Hack Update

https://x.com/brettforrest89/status/1711885567695433765

US State Dept has No Idea if its IT Security Actually Works, Say Auditors

https://www.theregister.com/2023/10/02/us_state_security_gao/

https://endoflife.date/windows

The Senate’s Email System Melted Down in the Face of Security Test

https://www.politico.com/minutes/congress/09-8-2023/senate-reply-all-mess/

Cisco Can't Stop Using Static Passwords

https://www.schneier.com/blog/archives/2023/10/cisco-cant-stop-using-hard-coded-passwords.html