Silent Mode Cafe
Welcome to Silent Mode Cafe, the podcast where we translate the digital realm into plain English. From data privacy and basic internet security to smart home gadgets and the latest AI developments, we serve up tech insights with a side of caffeine.
Silent Mode Cafe
Weekly Security Roundup: Your Digital Footprint Is Never Truly Private
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
The digital world grows increasingly dangerous by the week, and our latest episode dives deep into the cybersecurity threats that affect both global powers and everyday users alike. We break down the alarming "SharePoint-ageddon" vulnerability that has compromised over 400 organizations—including critical US government agencies like the Department of Energy and Nuclear Security Administration. This sophisticated attack, allegedly orchestrated by China-linked hacking groups, demonstrates how geopolitical tensions now play out in cyberspace.
• Major security breach in Microsoft SharePoint affects 400+ organizations including US government agencies
• China linked to the attack with evidence pointing to sophisticated hacking groups
• LoveSense adult toy app breach exposed user emails and usage data
• Apple releases emergency patch for Chrome vulnerability on iOS devices
• Experts recommend using separate browsers for different online activities
• FBI warns about DMV phishing scams targeting both Android and iPhone users
• OpenAI removes feature allowing ChatGPT conversations to be discovered by search engines
• ChatGPT conversations are not private and could be subpoenaed in legal proceedings
• Nothing online is truly anonymous - treat all digital interactions as potentially discoverable
But these threats aren't just confined to government systems. We explore the recent LoveSense adult toy app data breach that exposed user email addresses and session data, highlighting how even our most intimate digital interactions aren't safe from prying eyes. The conversation shifts to practical security measures everyone should implement—like using separate browsers for different online activities and creating throwaway email addresses for services that might compromise your privacy.
Apple users should be aware of an emergency patch released for a Chrome vulnerability on iOS devices, while Android and iPhone users alike need to stay vigilant about DMV scam texts the FBI has recently warned about. Perhaps most eye-opening is our discussion about AI privacy concerns, particularly with ChatGPT. When OpenAI's CEO states that "ChatGPT isn't your therapist, lawyer or diary," it serves as a stark reminder that your AI conversations aren't protected by legal privilege and could potentially be subpoenaed in court proceedings.
Whether you're concerned about state-sponsored cyber attacks or simply want to protect your personal information from everyday threats, this episode offers clear, actionable advice to navigate our increasingly vulnerable digital landscape. Subscribe to Silent Mode Cafe for weekly updates on the latest privacy and security threats explained in plain English—because in today's world, what you don't know absolutely can hurt you.
Welcome to Silent Mode Cafe
Speaker 1All right , welcome everyone to Silent Mode Cafe . As usual , we have , in my opinion , a very exciting topic for you guys . Look , there's a lot to talk about . Lots of news that has taken place in the past week to two weeks that we'll summarize today . Past week to two weeks that we'll summarize today . Lots of exploits that may or may not impact you directly , but they're big and they impact us on a global level , on a company level as well as a personal level . We'll discuss those . A few things has happened with Microsoft , with AI . Fbi has put out some stuff . Vivek there's a lot of stuff going on , man .
Speaker 2Yeah , and I'm Vivek , so every week we try and break down the latest privacy and security threats in plain English . So this week , we'll be covering what is now being called as the SharePoint-ageddon or Armageddon , where there was a massive security hole . That was as the SharePoint-ageddon or Armageddon , where there was a massive security hole that was found in SharePoint , which Salah will go over . We'll also talk about data breach to a very popular adult toy maker called LoveSense , so people are using that . Your data might be out there . And then , of course , what Salah alluded to earlier AI privacy . I think that's going to be a super interesting topic and we'll conclude with AI privacy , because it's such a hot topic nowadays to discuss .
SharePoint-ageddon: Major Microsoft Vulnerability
Speaker 2So grab your coffee and then welcome to Silent Mode Cafe . So , salah , let's get rolling with a little sharepoint .
Speaker 1Hey , I do have to say I'm not having a coffee today , and I have to admit that I haven't had a coffee for these podcasts in some time . I've actually been drinking energy drinks , vivek , and they're really bad for you , apparently , but these ones are loaded with vitamins , so it makes me feel good .
Speaker 2So is coffee hey man .
Speaker 1So , look , there's a huge issue going on . We are truly in this interesting time with China , interesting time with China . So Microsoft actually disclosed a couple of major zero-day vulnerabilities . Zero-days , folks , are new vulnerabilities that don't have a patch to them , so there's no response to them yet . Microsoft has these tracked in , these things that they call in the industry called CVEs . So Microsoft has two CVEs for these that are available out there . For you geeks at heart and want to look these up , you could either just Google it what's going on with these CVEs ? Or you can just copy the CVE-2025-53770 or 53771 , both back-to-back , very much related to Microsoft . There's a big investigation , vivek , and they're really not sure how this has happened . Obviously it's a zero day , but there is a thought that this might be due to an insider leak .
Speaker 2Wow . Well , kids , we'll have a quiz at the end of the show . You need to remember the exact CVE numbers . Kids of all ages , by the way , kids of all ages . Really it's an insider attack , wow .
Speaker 1Yeah , this could be an insider attack . So this is big news . I mean , you know , microsoft is putting patches out . There's a lot of bad stuff that could happen as a result of this . You know this impacts everyone that uses any Microsoft . So , look , I'll tell you , this is not just a corporate thing . Everyone that uses any Microsoft . So , look , I'll tell you , this is not just a corporate thing . I use the Microsoft suite for at home with me and my wife , and SharePoint is part of that . So , you know , this impacts all the small businesses . This impacts all the Microsoft users . So this is a big issue , even though you think that you are not prone to this , and we'll talk a bit more of what this could mean for you . Right , this definitely is a credential loss . This is a possible data loss , but , look , the story is developing as this is still being investigated , so we will absolutely have a follow-up on this in the upcoming week or two .
Speaker 2Right . My understanding is about 400 organizations were hit officially , which included US federal agencies like the Department of Energy , the National Nuclear Security Administration that sounds like an important part of the government including Fermilab , which is the National Particle Physics Lab , which is also part of national security .
Speaker 1So it's kind of . And how were they impacted , Like ? In what way do you know ?
Speaker 2Well , the US is accusing China of exploiting the vulnerability to essentially get I mean , basically get access to servers in government or wherever , using the exploitation Right , and they're essentially saying that that's one way of exploiting the hack and getting access to computing systems and then access to the data that is in there . Right , so it's now . The US government is essentially accusing China of cyber sabotage .
Speaker 1Yeah , this does have . Look , this is really interesting . This is multifaceted attack , multiple things that happened , things like and I don't even know if it's worth getting into some of this geek terminology , but they had web shells planted . This is something that was planned out over weeks and months . At minimum . Right Things were planted ahead of time . The reconnaissance must have taken forever and they waited for the right timing , attacked all these government organizations . So this is big news .
Speaker 2It is really big news . Now China , on the other hand , is countering back and saying the US is using those tactics to attack Chinese assets . Never Right so they're— Absolutely never , I mean , I think they need to just back off on this one .
Speaker 1The US would never do anything like that . As a matter of fact , I haven't seen any Chinese silent mode cafe complain about us yet . So allegations , vivek , allegations Alleged . They're alleged .
Speaker 2Alleged , so we should use the word alleged .
Speaker 1We're going to Lawyer law . Sister-in-law is a lawyer and she always corrects me with allegedly Allegedly
LoveSense Adult Toy Data Breach
Speaker 1so speaking of . We've talked about hacking groups in the past . I feel like we need to resurface that conversation . It's a fun one to have At least for me , it's fun the ransomware group Storm2603 . We'd love to just have them on here , just for them to tell us how did they come up with storm 2603 ? Like what video game ? What was the motivation ?
Speaker 2what movie , uh , but regardless , their founder was born on march so , uh , look , ransomware storm 23 , um , not confirmed .
Speaker 1Allegedly a chinese hacking group , allegedly um , also took advantage of this exploit . Uh , and they were they . They pushed their Warlock ransomware on some of the servers that they knew were compromised as soon as they found out and , in some cases , pushed out the popular LockBit payload for ransomware . Lockbit , folks , is just the tech behind what ransomware is , and , just as for those of you who have been lucky enough to not have been hit by ransomware , ransomware is when they hold either your data or your devices for ransom . So they play this out in many different ways . They'll either steal sensitive data , they'll hack your cameras and capture intimate moments , moments . They'll do a lot of things and then they'll ransom you to pay them to release this information , or with the promise that they will not release it publicly . In this case , the ransom was asking for 0.0 . Can you do some math for me ?
Speaker 20.005 Bitcoin . Yeah , but what does that mean ?
Speaker 1So 0.005 of Bitcoin 5 divided by 1,000 per victim . Yeah , that's true .
Speaker 2Well , no , it's per victim .
Speaker 1So you multiply that by the thousands of victims , then it adds up .
Speaker 2It's like a per-user license .
Speaker 1Yeah , look , this is as this stuff goes . You know , again , this is a very political attack . You know China-linked actors , multiple organizations that were part of this . I don't know if it's worth naming them Linen Typhoon , Violet Typhoon it's not the first time we've seen these guys , right . No , They've been part of previous campaigns against the US , Without a doubt . Look , the purpose of this is to exploit information , and it's interesting to me , Vivek , I always think about timing when this stuff happens . Why , now ? Clearly they've had access to these vulnerabilities , these day zeros , for some time . Something happened suddenly where they either got the information they want or they got a whiff of their zero day Information before Microsoft announced it .
Speaker 1And then they quickly went forward with the attack . So we don't know again , but we will find out . So more on the way , folks , this is very interesting for those of you who are into this kind of geopolitical cyber warfare stuff . And let's be honest , Uh-oh , you know , something good is going to come out when he says let's be honest , let's go ahead . Be honest with me , vivek .
Speaker 2A significant portion of people use SharePoint , so the attack surface is significant .
Speaker 1Yeah .
Speaker 2Well , what else ?
Speaker 1is going on . I'm sure there's some better news after that .
Speaker 2Well for people who have bought adult toys by a company called Loves Toys there you go ?
Speaker 1Let's jump from geopolitical to adult toys , Vivek . What's happening with the adult toy world ? Anything can happen on this podcast Surprised .
Speaker 2Hence it's the Silent Mode Cafe podcast . Yes , so Love Sense is an adult toy , allegedly . I don't know much about it , but I believe it is , so I'll go with it . And so they have apparently an app which connects to their sex toys , and that app got hacked and it leaked the user email addresses and possibly session tokens , which essentially means it tells you when you used it , how you used it , simply by knowing a username .
Speaker 2Okay , so essentially if you are using LoveSense and your username is known , then the internet knows your email address and when and how you use the app .
Speaker 1What do you mean ? What data are they collecting on the app ? They're all session tokens . Oh , session tokens .
Speaker 2So they know that you use the app .
Speaker 1How often what power settings ?
Speaker 2I don't know about power settings . I have no idea Interesting .
Speaker 1Yeah . So look folks , goodness Vivek . Yeah , can we just tell people , yeah , so look folks , goodness Vivek , yeah , so Can we just tell people always , always , never , trust anything online , right ? Whether it's your computer , whether it's your phone ? You know , we've seen this so many times over . You know , likechat is supposed to be personal , everything that then , a couple years later , everything you had done where you thought was in secret , gets divulged to the day to the world , right ? Um , you're you , you're doing private browsing through chrome and then suddenly , google says sorry , that wasn't really private .
Speaker 1You know , just don't do anything online . If you're really worried about getting caught doing it , just own it . I'm not saying don't do it , I'm just letting you know , just own it . One day we'll come around that your information is out there and something very uncomfortable like a family member might come across it .
Speaker 2So it's just you know . I think the point here of this news item was IoT or Internet of Things , which we have talked about in earlier episodes with things like ring doorbells and so on .
Speaker 1Yeah , Internet of Things are everything that is connected . That is not your typical computer phone .
Speaker 2Right , right . So the point is that consumer security or consumer-grade software not all consumer-grade software is safe . All consumer-grade software is safe . When you buy things like , for example , anything that's connected to the Internet whether in this case it's LoveSense or doorbells which are connected to cameras , which is connected to the Internet , or even Wi-Fi routers , just make sure that you're running the latest version of the firmware and the patch so that known security issues about those platforms are addressed . So please , always , whenever you use such equipment or Internet of Things , try and use throwaway email addresses with the service , not email addresses that you use on a daily basis to apply for jobs or correspond with family members . Have a throwaway email address , always create one , whether it's on Gmail or some other platform
Chrome Vulnerability and Browser Security Tips
Speaker 2, protonmail , et cetera . And the second thing is you always have to re-evaluate trust in platforms that delay patching or have legacy code bases , and that's where we come in .
Speaker 2Yeah , but look that's a lot to ask , I know , but that's where we come in . Yeah , but look , that's a lot to ask , I know , but that's where we come in . Silentmodecafe .
Speaker 1Just look , you want to solve all your world problems when it comes to privacy . Just listen to SilentModeCafe . I guarantee you your blood pressure might also rise along with your level of understanding , but it will be incredibly informative . Look , vivek , on this topic , I plugged these guys before and look , we're not getting paid by anyone for this . So just keep in mind , right , yeah , hopefully , but we're not getting paid by anyone . But use my pseudo man . I love that app . It's like five bucks for the year . It's a no-brainer . It's like for the price of a cup of coffee you get . You can create multiple accounts and use those accounts to you know , when you are on the internet doing private things like this , don't use your work email . Don't use the same email you log into to your banking information . Don't use the same email that you into to your banking information . Don't use the same email that you you know . Just divide and conquer . Use certain emails for private stuff , for banking . Use other emails that are pseudo emails , that are throwaway burner emails , as Vivek just mentioned .
Speaker 2Yeah , and if you don't want to pay five bucks , just get a Gmail address . Dude , pay five bucks , just pay five bucks .
Speaker 1Just suck it up . Look , skip your daily cup of coffee from your favorite coffee shop .
Speaker 2Or energy drink , or energy drink . You got out .
Speaker 1These drinks are freaking expensive .
Speaker 2Are we ?
Speaker 1going to get into inflation right now ? What ?
Speaker 2All right , okay , I think you're next with .
Speaker 1Apple . Oh man , I tell everyone that they should move away from certain products and move to Apple , but Apple rolled out an emergency patch for iOS 18.6 . This affects Apple devices using Chrome .
Speaker 2So it's a Chrome issue .
Speaker 1It's a Chrome issue , but it's on Apple devices , which is typically how it tends to be . Some software running on Apple is the issue , but it utilized untrusted websites and graphics graphic content that gave the ability of a remote hacker to execute something on your device . So , whether it's your phone or iPad , they were able to do stuff on your device without you knowing , to do stuff on your device without you knowing . So that's the Chrome issue . Look , I'm not going to tell you to stop using Chrome . The user-friendliness of Chrome is amazing , but Chrome has been hit with a couple of things this year One to the fault of Google , where they said that you're in conspicuous mode , but you aren't . They were actually collecting data and your data was not inconspicuous .
Speaker 1And two , something like this so what I do in these scenarios , vivek , is I actually have Firefox for all my really secure interactions , right , and I use Chrome for all my web browsing . Yeah , and you know , if you guys want to take it a step ahead , you know , use your other . Use three different browsers One for all your financial stuff , one for your generic web browsing , hopefully with a pseudo tied to it , and one specifically look my device is going to it , and one specifically look , my device is going back and one maybe for gaming or communication or email , whatever . But try to divide and conquer , try to separate , because if one account gets hacked , if one browser gets hacked , if something , then you minimize the impact of it .
Speaker 2Yeah , I think that that's a smart way of doing it . The other way is I'm actually curious that Apple talked about an issue with Chrome , but Chrome hasn't talked about the issue with Chrome right Chrome hasn't talked about the issue with Chrome yeah , I agree , and Chrome hasn't talked about the issue on Windows , because if it's an issue across Chrome and Electron browsers , then that should impact Windows too .
Speaker 2But that's why I'm kind of like why hasn't this been more widely announced on other operating systems ? But you know , that's a really good point , salah , that you bring in that you use certain browsers for certain use cases and then you use other browsers or another browser for other use cases .
Speaker 1Yeah , and if you really want to get I mean you know at this point then it's a cost issue . But if you even have separate devices , that's even better .
Speaker 2Yeah , that's , yes , that's even better .
Speaker 1If you have an old phone , an old iPad , use that for all your nefarious stuff For those of you who just got caught with this sex toy hack . Shame on you .
Speaker 2You should go to church , but it was on the app so it's not on the browser .
FBI Warnings on Text Scams
Speaker 2So you're saying from a browser perspective , you got caught on the app .
Speaker 1Look . No judging , I'm not judging , I'm just saying hey man there's a lot of interesting stuff going on right now .
Speaker 2Yeah , go ahead with the FBI .
Speaker 1I don't even know where to start with this one man Like . There's a couple of things . The FBI has been putting out warnings , which is almost a whole topic on its own which is almost a whole topic on its own how active they are with giving us information about what to do and what not to do . But there's been a couple of updates recently with some sensational taglines . Fbi warns Android and iPhone users to delete malicious DMV scam texts immediately , and I fully agree with them .
Speaker 1Look , folks , in the case that you receive a weird text from DMV or a weird text that has some funny numbers and lettering and links in it , delete that stuff . Don't just ignore it and just say , oh , I'm not going to open that link , delete it . There have been hacks in the past that are well-documented , well-known that if you have a text that came in , whether it's through Messenger or WhatsApp or any application , and it has even some images in it or a link that have dangerous code , that has not gone away , it's still on your device and it still is dangerous . Another one was interesting , vivek , is that they're saying reset your passwords or do not reset your passwords . But this is the part that I think they just don't know who they're talking to . Yeah .
Speaker 1They really said don't reset your password during a scattered spider hack . What does that mean ? What the you know ? Do we need to call cash ? Like what the Are you reviewing any of this shit ? Like , what are you talking about ? Like , how does anyone know they're under attack , specifically a scattered spider hack ?
Speaker 2I have no idea what that means . I'll be honest with you . You know what .
Speaker 1I have no idea what that means , either like and and I would like to say that we're pretty well informed , um , but regardless the the , the way I would hone that in is if your phone is acting funny , if you know you just clicked on a link here , here's the way I would say it . Okay , if you know you just made a mistake and you clicked on something and suddenly you realize , uh-oh , this thing is asking for . My phone is acting funny after I clicked on this link , or my browser is acting funny and it's asking me for my password and it's got a bunch of prompts that just jumped up . You probably just got hacked , not probably . You did just get hacked . Okay , there are certain things you can tell . And I know , look , I've had my mom call me and said , oh , I clicked on this and now these things are happening , okay , yeah , those are phishing attacks .
Speaker 1They're phishing attacks , right ? You know something bad just happened , right . And if you know something bad happened , what you don't want to do with that same device that something bad just happened is for you to log into a browser and try to change a password . Yeah , that's pretty much what they're saying .
Speaker 2Yeah , because at that point of time your machine has been compromised , your browser has been compromised .
Speaker 1So what does that mean ?
Speaker 2Tell me .
Speaker 1What does it mean when they've been compromised ?
Speaker 2So , which means if you go and change the password , they're essentially just sniffing everything you're talking about . They're watching , man , they're watching , they know everything .
Speaker 1The second , you click on a bad link . Someone and I know people would love to imagine this and I'm just going to play along , but this is definitely not the case , folks . His diet coke and and dried up pizza stacks behind him , sitting in a dark basement of his grandparents house , is watching your screen and probably has access to your microphone and camera .
Speaker 2Don't don't click on links , folks that's a very romantic way of saying that's a very romantic hacker way .
Speaker 1What's probably really happening is some geek that looks very sharp with a clean haircut or a government agency , which is also some geek under some fluorescent lighting well-shaved . You know you'd probably trust them with your trust fund information . Is the guy who's doing it ?
Speaker 2I mean it's akin to if you saw the movies of the old times , where a person picks up the telephone and rings a number and there's a person in the middle listening to the conversation between two parties right . That's
AI Privacy and ChatGPT Concerns
Speaker 2if I'm talking about , if you've seen the movies of the 70s or the 80s or the James Bond movies of that time , sean Connery . Basically , interception right , which takes us to the topic of AI privacy .
Speaker 1Oh my gosh man .
Speaker 2Which is we want to end with AI privacy , but I'm happy , yeah . So let's discuss this .
Speaker 2So this week OpenAI removed a feature in ChatGPT that users make their chats discoverable by search engines . So there's a feature in ChatGPT where , if you really like the chat , you can say create a link for me , and then it also has a text box which says make the link public . And what that ended up doing was about it made the chat public for Google to discover . So suddenly Google search started showing those chats and the results of those chats .
Speaker 1So imagine a scenario like this Salah does a search of something he wants to share with his wife , hits that link so his wife and shares it through text or shares it with his friends Maybe they're planning a bachelor party , whatever it is , and and and chat just helped them come up with an agenda as well as a bunch of links to places to go . Um , shares that link , that that is shareable and this is , and that scenario is not bad .
Speaker 2So here's what happened . Right , people share a lot of personal information with Chantipati , and that became discoverable , which essentially forced OpenAI CEO Sam Altman to win , saying that Chantipati isn't your therapist , lawyer or your diary , right ? And so conversations , even emotional ones , aren't protected by legal privilege and it could end up in court proceedings or audits and this is the big news , because now that's huge . So look , so , essentially , if something is sensitive , then don't assume it's confidential , especially with things like Chad , gpt or Claude or any of these others . Right , yeah , but go ahead , sola .
Speaker 1No , you hit it on the nose . That's what I was going to say . A lot of us , when we see a new tech , we tend to use it intimately Right and look , folks , everyone has done this . I mean , we've all done this . Like in our early days of ICQ , we thought all the information we were sharing within these chat , early chat screens , we thought we were anonymous you know , I've got a funny story there but we thought we were anonymous and you quickly will find out you are not .
Speaker 1Anything that you do on the nets is not anonymous . Folks with any tech tech , okay , um , and you know I , there was a , there was there was a security hole a while ago where I was able to look up conversations that I was having with my group of friends okay , in a private chat group of friends playing call of duty on an early version of PlayStation , and I found this vulnerability and I looked up my username and I was listening to myself a decade ago saying a lot of things that I would never say if I found out , because this is what you would feel like , what you and your friends are just playing sports and you're talking a lot of crap to each other what was your ?
Speaker 1username and call of duty . Yes , I'll share that immediately . What was your ? Name of your first pet yeah , look , um , there's a lot of things that are incredibly obvious about me . That username is not .
Speaker 2Is not Okay . See , this is doing a classic social engineering attack , yeah , but yeah , you know , treat chat GPT interactions like emails , not secrets . Don't trust anything , right ? And then please be extremely cautious using shared links . If you did share a link , publicly , unlink or delete it immediately .
Speaker 1But I do have to add one more thing to that .
Speaker 2Absolutely , it's not just shared links .
Speaker 1Folks , let's be clear . If you happen to be in some legal issue , your chat GPT data will be subpoenaed and , whether it was private or not , it will be shared with courts .
Speaker 2It's part of the discovery process .
Speaker 1It's part of the discovery process and all your digital footprint will be shared if it's being invested .
Speaker 2If it comes to that , like if someone , unfortunately , is going through a divorce , proceeding , et cetera , and you've shared stuff with Chad GPT , making Chad GPT as your therapist , it's potentially discoverable evidence . So things like that .
Speaker 1That's a good wrap-up . Yeah , thanks for listening .
Speaker 2A lot of information .
Speaker 1Hopefully your blood pressure is not too high today , but you do feel more informed . Thank you for joining . Talk to you guys next time . Bye .