SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) SANS ISC Stormcast Feb 4th 2025: Crypto Scam; Mediatek and D-Link Patches; Microsoft ends VPN Service
Feb 4, 2025
Discover how a YouTube spam scam tricks users into losing money on crypto wallet fees, while their private keys remain safe. Learn about critical patches from Mediatek addressing serious vulnerabilities in WLAN products. D-Link faces challenges with older routers that will no longer receive updates, leaving users with the need to upgrade. Finally, Microsoft announces the discontinuation of its VPN service, prompting discussions about online security practices.
AI Snips
Chapters
Transcript
Episode notes
Crypto Wallet Scam Anecdote
- Johannes Ulrich discusses spam on his YouTube videos containing crypto wallet seed phrases.
- These seed phrases are unusable for withdrawing funds, but scammers trick victims into depositing "gas fees."
OKX Wallet Insight
- The advertised OKX wallet doesn't reveal that a second key is required for withdrawals.
- This makes it easier for victims to fall for the scam, highlighting a potential issue with some crypto wallets.
Mediatek Patch Advice
- MediaTek patched vulnerabilities in its WLAN products, including buffer overflows.
- Update your MediaTek devices to prevent unauthenticated arbitrary code execution.