June 21, 2023
Part 2 - What You Should Know About Location Records, Australian Government Data Found on Dark Web, Mystic Stealer, Hacker’s gonna hack
In this Episode:
Part 2 – What You Should Know About Location Records
Australian Government Data Found on Dark Web
Mystic Stealer: Credential Stealing Malware in Your Browser
?? Katy Craig, San Diego, California ↗
Mystic Stealer | Zscaler
Mystic Stealer: The New Kid on the Block
Hacker’s gonna hack… it’s the job
This Day in Tech History
It’s 5:05 on Wednesday, June 21st, 2023. From the Sourced Podcast Network in New York city, this is your host, Pokie Huang. Stories in today’s episode come from Hillary Coover in Washington, DC, Edwin Kwan in Sydney, Australia, Katy Craig in San Diego, California, Olimpiu Pop in Transylvania, Romania and Marcel Brown in St. Louis, Missouri.
Let’s get to it!
Hi, this is Hillary Coover returning for part two covering the open source data Implications considered by Washington State for their new privacy initiatives. Let’s dig into the healthcare data that companies collect, and let’s really dig into the browser data.
Imagine you’re browsing the web, checking social media sites and you open another tab to search for symptoms you are having, or medications you are taking or interested in taking. Let’s take it a step further and say you decide to then search for a healthcare provider that could diagnose or help you with an already diagnosed condition.
Each of these websites that you visit is likely to collect information on you by planting pixels or cookies. These are indicators of your browser activity that open up a channel for advertisers to sell targeted ads to you.
The cookie data is anonymous, but when correlated to other data, it’s often de-anonymized and there are tools out there that even attribute email addresses and IP addresses to people visiting websites to better target them. It’s no coincidence that you visit a website and then are targeted with ads by that website provider.
There are social media sites that even record keystrokes, thus being able to collect password information for your credentials. Whenever possible, opt out of cookies and be wary of websites that make it incredibly difficult to opt out. Also, be sure to explore safer, more private browser options that prevent a lot of tracking activity.
This is Edwin Kwan from Sydney, Australia.
Major Australian law firm, HWL Ebsworth, recently acknowledged that they had suffered a data breach of over four terabyte of data, including documents describing client and staff. The firm became aware of the breach on April 28 when a threat actor made a post to the dark web, claiming to have exfiltrated their data.
Upon being made aware, the firm engaged investigators to investigate and undertake containment and remediation actions. The investigation confirmed that threat actors had access and exfiltrated certain information on a confined part of the firm’s system, but not on the core document management system.
What makes this breach worrying is that the firm’s clients include the governments and large corporations. Some of those clients include the state government of Tasmania, the National Australia Bank, and the Office of the Australian Information Commissioner, which is the government entity to which data breaches in Australia must be reported to.
The Australian federal government has established a task force to determine the extent of the exposure which is thought to include some sensitive military material. The law firm has also secured an injunction, preventing media outlets from reporting on the contents of the leaked documents.
There’s a new player on the cyber crime scene. It’s called Mystic Stealer, and it’s turning heads in the world of malware.
This is Katie Craig in San Diego, California.
According to experts at Zscaler and InQuest, Mystic Stealer is a rising star among stealer malware. Since April 2023, its presence has been spreading like wildfire, raising concerns about its widespread impact.
Mystic Stealer has an insatiable appetite for user credentials. It targets nearly 40 different web browsers, including popular ones like Chrome, Edge, Firefox, and Opera. Safari users, you’re safe for now. It also sets its sites on over 70 browser extensions, including Coinbase Wallet, Dashlane, and LastPass. No stone is left unturned when it comes to stealing user credentials.
Just like its counterparts, Mystic Stealer goes on a data pillaging spree. It snatches autofill data, browsing history, files and cookies, but is really interested in cryptocurrency wallets. Instead of extracting credentials locally on the victim’s device, Mystic Stealer sends the stolen information to a command and control server for parsing. This clever tactic makes it harder for analysts to dissect its intentions.
So, the usual cybersecurity protection steps apply. Keep your software up to date, use strong and unique passwords and be cautious of suspicious emails and websites. And if you suspect you’ve fallen victim to an attack, consider installing reliable malware removal software.
This is Katie Craig. Stay safe out there.
Hacker’s gonna hack, that’s the job.
” Google is aware that an exploit for CVE-2023-3079 exists in the wild,” reads the company’s security bulletin touching on the third zero-day vulnerability of the year. And we still have six months ahead of us.
As usual the company did not disclose the technicalities of how to exploit or use the high severity of vulnerability in attacks. This is intentional to ensure users can upgrade to the patch versions released on June 5th. Their policy reads, “Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed”.
Mac and Linux users might want to remember 114.0.5735.106 as the version to install. For Windows users, 114.0.5735.110 is the magic number. Bingo. God, I miss blabbering CVE and awkward versions numbers in the morning.
The first zero day of the year was a type confusion as well, and if memory helps me, it was discovered by the same Clément Lecigne that discovered this one too.
Now you are warned. Even if you’re not a likely target of state backed hackers, you still need to update. Chrome makes it easy. Just press the red update button. I made sure to leave in the resources section of 505updates.com all extra information you might want to read.
Olympic Pop reported from Transylvania, Romania.
This is Marcel Brown bringing you some technology history for June 21st
June 21st, 1948. The first program on the world’s first stored program computer, the Manchester Small Scale Experimental Machine, is run. This first program was designed to test the computer’s reliability and ran for 52 minutes, performing 3.5 million operations.
June 21st, 2004. Financed by Microsoft co-founder Paul Allen, SpaceshipOne becomes the first spacecraft developed by the free market to enter space flight. Launched from a mothership named White Knight, SpaceshipOne flew just beyond the atmosphere into the threshold of space, then glided back to earth.
SpaceshipOne would later win the $10 million Ansari X Prize for the first non-government organization to launch a reusable manned spacecraft.
That’s your technology history for today. For more, tune in tomorrow and visit my website ThisDayInTechHistory.com.
That’s it for today’s open source and cybersecurity updates. For direct links to all stories and resources mentioned in today’s episode, go to 505Updates.com, where you can listen to our growing library of over 100 episodes. You can also download the transcript of all episodes for easy reference.
5:05 is a Sourced Networks Production with updates available Monday through Friday on your favorite audio streaming platform. Just search for “It’s 5:05!”. And please consider subscribing while you’re there.
Thank you to Hillary Coover, Edwin Kwan, Katy Craig, Olimpiu Pop, Marcel Brown for today’s contributions.
The Executive Producer and the editor is Mark Miller. The sound engineer is Pokie Huang. Music for today’s episode is by Blue Dot Sessions. We use Descript for spoken text editing and Audacity to layer in the soundscapes. The show distribution platform is provided by Captivate.fm.
This is Pokie Huang. See you tomorrow… at 5:05.