Here is the DefSec podcast's latest sponsor: https://www.youtube.com/watch?v=wpM0kVJM55M

SANS Stormcast Monday, June 23rd, 2025: ADS and Python; More Secure Cloud PCs; Zend.to Path Traversal; Parser Differentials
https://isc.sans.edu/podcastdetail/9500

An update on the Krispy Kreme data breach: https://www.youtube.com/shorts/IAAcavf-hfQ

And here's this week's ~ this week in security ~ newsletter. Predictably, it starts with the situation in Iran, and also features stories on Scattered Spider attacks hitting insurance firms, a new Salt Typhoon victim named, reporters' emails hacked, San Diego's police data flub, forensic phone dumps found online, and more.

Sign up/RSS: https://this.weekinsecurity.com

Read online: https://mailchi.mp/weekinsecurity/this-week-in-security-june-22-2025-edition

Donate/support: https://ko-fi.com/thisweekinsecurity

My take on the 16 billion credential leak: https://www.youtube.com/shorts/Y5greyGyhnk

My report on the Aflac breach:
https://www.youtube.com/shorts/6VVCjop5nr8

The Qilin ransomware-as-a-service operation is now offering their affiliates a “Call a Lawyer” button. Yes, really.

Mid-crime, ransomware affiliates can get legal advice at the touch of a button, designed to help them apply more pressure on - and extract more money out of - their victims!

Imagine for one moment that you are a cybercriminal.

You have compromised an organisation's network, you have stolen their data, you have encrypted their network, and you are now deep in negotiation...

SANS Stormcast Friday, June 20th, 2025: New Employee Phishing; Malicious Tech Support Links; Social Engineering App Sepecific Passwords
https://isc.sans.edu/podcastdetail/9498

I updated my thread about Gor just now, and wanted to make a note separately to call out that I screwed up this analysis in a critical way. It's never my intention to cast aspersions or spread rumors. I only started looking because he has been so coy about his origins so far. But I do appreciate being able to share my research and get feedback from this awesome community.

I'm sorry if my posts caused any problems for anyone.

https://infosec.exchange/@briankrebs/114706859060973244

@faduda Hmmm ... Interesting.
I had very little problem setting up my business account in AIB 9 years ago. It only took a couple of days after the business rep in a branch helped me fill out the details and sign the form.
In another company I'm involved in, after filling out badly photocopied forms, in pen (in 2024), it took BOI between 6 and 8 weeks to open an account. The company had been a BoI customer for 10 years at that stage.

@faduda let me guess ... BOI?

When Thai police raided a holiday hotel in Pattaya on Monday night, they hit the jackpot.

Not only found an illicit gambling operation, but they also discovered the entire top floor had been taken over by a Chinese ransomware ring.

Increasingly ransomware and other cybercrime operations are merging with more "traditional" forms of organised criminality - such as gambling rings, money laundering, and drug smuggling.

The hotel is currently not taking bookings on Booking․com. 🤣

You're next.

#Trump #NoKings #Democracy #Confederacy #NoNazis #memes #humour

In episode 55 of "The AI Fix" #podcast, Gemini thinks a little meth won't hurt, Mark realises what a terrifying 45mph “robot bird” is really for, I find a surprising number of TikTokers in the bible, an AI discovers dust on Mars, Google forgets what year it is, and Apple finally enters the AI chat.

I learn what happened when ChatGPT took on 1979's Atari Video Chess, and Mark explains why Apple has been raining on the AI reasoning parade.

https://theaifix.show/55

Listen up Mastodonians, because this is important:

Right now we have a unique chance to rise up and hit back against Zuckerberg and Musk. Because italian filmmaker @_elena and her friends have made an OUTSTANDING short film, which explains why people should quit the fascist social networks and come join us in the fediverse.

Hit the fascists where it hurts — make this go viral by watching it and liking it on YouTube, then hit the share button and share it everywhere!

https://www.youtube.com/watch?v=YRJHIJy5Nno

Right at the last minute the UK government have added a power to access to your devices and extract information from any online account, on the say so of a senior police officer, in the #crimeandpolicingbill #cpbill

Really incredibly extreme stuff. No judicial oversight, just hand over your device.

SANS Stormcast Monday, June 16th, 2025: Extracing Data from JPEG; Windows Recall Export; Anubis Wiper; Mitel Vuln and PoC
https://isc.sans.edu/podcastdetail/9496

3. Once gang has gone through the entire list, it goes back to where it began - with the original hacked insurance company, and installs its ransomware there too.

4. Gang finds a new insurance company to hack, and so it continues...

By the way, ransomware gangs are already doing this...

💥 The ransomware vs insurance company playbook 💥

1. Ransomware gang infects insurance company, but DOESN'T install ransomware. Instead it steals information about insurance company's clients, learns which have cyberinsurance, and how much insurance cover they have.

2. Gang takes list of insured companies and goes through it - it's a rolodex of ransomware - infecting each one with ransomware. They tell the victims that they know how much cyberinsurance they have, and suggest they pay up PDQ

Google's John Hultquist says in an emailed statement that the company is seeing "multiple intrusions in the US" that bear the hallmarks of Scattered Spider activity and "now seeing incidents in the insurance industry." Google spokesperson confirmed there's more than one U.S.-based insurance victim.