Hacker And The Fed

Your Car and Your Sex Life, US Departments of State and Commerce Compromised, Iran and North Korea Hacking Crews, and Victories Over Russian Hackers

Sep 14, 2023

Iran and North Korea hacking crews target security researchers, US Departments of State and Commerce compromised due to a Windows crash report, victories over Russian hackers, your car may have sensitive information about your sex life, Swiss insurer fined $3M for cyber security flaws

01:05:21

Episode guests

Russian hackers

Iran and North Korea hacking crews

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Hacker group APT 34 from Iran disguises itself as a marketing company to launch cyber attacks on enterprise targets.

North Korea-backed hacker group APT 34 targets security researchers using social engineering tactics.

Privacy concerns arise with modern cars requiring users to agree to conditions that violate their privacy.

Deep dives

Russian Infosec Boss Sentenced to 9 Years for Insider Trading

A Russian infosec boss, known as Vlad, has been sentenced to nine years in the US for stealing confidential financial information from top corporations to carry out insider trading. Vlad, a former GRU officer, used the stolen data to make $93 million through illegal stock trading. He was extradited to the US after being arrested in Switzerland. Two of his co-conspirators remain at large. Vlad's arrest serves as a warning to those engaged in insider trading that they will be caught and held accountable for their actions.

Introduction

1min

Travel Plans to Puerto Rico and Customer Data Exposed

4min

IDOR vulnerability in a web application

7min

Changes in SEC Rules for Insurance Providers and Data Privacy Issues in New Cars

14min

Privacy in Classic Cars and Microsoft's Account Hack

4min

Microsoft's Incident Response Report and the Significance of Signing Keys

17min

Security Breaches and Insider Trading

17min

This week on Hacker And The Fed your car may know all the details about your sex life, the Swiss fined an insurer 3 million dollars for horrible cyber security practices, the US Departments of State and Commerce were compromised because of a two-year-old Windows crash report, Iran and New Korea hacking crews have active campaigns against security researchers, and two victories over Russian hackers for the US government.

Links from the episode:

Insurer Fined $3M for Exposing Data of 650k Clients for Two Years

https://www.bleepingcomputer.com/news/security/insurer-fined-3m-for-exposing-data-of-650k-clients-for-two-years/

If You’ve Got a New Car, It’s a Data Privacy Nightmare

https://gizmodo.com/mozilla-new-cars-data-privacy-report-1850805416

https://arstechnica.com/cars/2023/09/connected-cars-are-a-privacy-nightmare-mozilla-foundation-says/

Microsoft Finally Explains Cause of Azure Breach: An Engineer’s Account Was Hacked

https://arstechnica.com/security/2023/09/hack-of-a-microsoft-corporate-account-led-to-azure-breach-by-chinese-hackers/

https://twitter.com/0xdabbad00/status/1699596048392736812

Hacker Group Disguised as Marketing Company to Attack Enterprise Targets

https://gbhackers.com/hacker-group-disguised-as-marketing/

Active North Korean Campaign Targeting Security Researchers