.png)
Privacy Please
Welcome to "Privacy Please," a podcast for anyone who wants to know more about data privacy and security. Join your hosts Cam and Gabe as they talk to experts, academics, authors, and activists to break down complex privacy topics in a way that's easy to understand.
In today's connected world, our personal information is constantly being collected, analyzed, and sometimes exploited. We believe everyone has a right to understand how their data is being used and what they can do to protect their privacy.
Please subscribe and help us reach more people!
Privacy Please
S6, E259 - Poisoned Patches & Billionaire Breaches
In this episode of Privacy Please, host Cameron Ivey discusses significant security threats, including a critical vulnerability in Microsoft's WSUS, a major data breach at the University of Pennsylvania, and the emergence of sophisticated malware known as Glassworm. The conversation highlights the importance of cybersecurity measures and the potential consequences of negligence in IT security.
Alrighty then, ladies and gentlemen, welcome back to another episode of Privacy Please. I'm your host, Norman Ivy. Flying solo this week. I got some juicy news for you. So sit back, relax. Let's dig into the chaos, shall we? No, seriously. You might want to embrace yourselves if you haven't heard this yet. So if you've been feeling a little paranoid lately, well, I have some bad news. The stories this week are the kind that keeps security engineers up at night. So if I have any security engineers on here, maybe this isn't news to you, but we have uh trusted tools turning malicious, universities leaking, donors net worth, and a sci-fi worm that just won't die. Sounds like some kind of a horror sci-fi movie. Anyways, let's dig into the chaos, shall we? So, first up, the story that is still dominating every IT Slack channel right now. It broke late last month, uh, but the fallout is still going on. Uh, we all know you have you have to have a patch for your systems, right? It's security 101. But what happens when the tool you use to patch is the very thing that infects you? That's a major problem, right? So we're talking about Microsoft's WSUS. So that stands for Windows Server Update Service. For those who don't know, this is basically the traffic controller for your updates inside a big company. It downloads the official patches from Microsoft once and then pushes them to thousands of employees. It is arguably one of the most trusted servers on any network. So here's the one flaw: a critical 9.8 out of 10 bug was found that lets hackers take over this server remotely without a password. So the terrifying part that Mass Media missed, once attackers are in, they aren't just stopping updates. They are using WSUS to push downgrade attacks. They're forcing company computers to uninstall recent security patches, effectively rolling back time to make them vulnerable again before they hit them with ransomware. That's a huge, huge issue. So right now, the current status is the CISA has sounded the alarm. So ransomware cartels are actively scanning for this. If you are an IT admin, listen, listen, come in close.
SPEAKER_00:I got something to tell you. If you're an IT admin and you haven't patched your WSUS server yet, stop listening to this podcast and go do it right now. Please. Thank you.
SPEAKER_01:And moving on. So next up, we're talking about some breaking news that happened this week. Yes. So a massive data breach at the University of Pennsylvania just happened this week. I think it was on the 4th. So UPenn confirmed a breach affecting 1.2 million people. So very likely yourself, possibly. This includes current students, tons of alumni, and crucially major donors. So let's dig into the details just a little bit here. This isn't your standard email and password leak. Before it hit the donor relations database, the stolen data includes what they call wealth screenings. So these are detailed profiles estimating the alumni's net worth, their property values, and their capacity to give. It also includes highly insensitive demographic data, religious affallations, political leanings, and sexual orientation. So they use these for targeted uh fundraising, stuff like that. Let's talk about how it happened. They didn't hack the mainframe. It was a classic supply chain attack. A third-party vendor that handles their alumni engagement got fished. Classic. Uh, one employee at one vendor clicked the wrong link, and 1.2 million people are exposed. It's that easy. It's that easy.
SPEAKER_00:It's that easy. Oh my god.
SPEAKER_01:But seriously, the takeaway here is this data is radioactive, so attackers can now use those wealth ratings to conduct hyper-targeted whaling attacks. Frickin' whale on it. So they're fishing designed specifically for high net worth individuals that's fishing with a pH. We are not fishing for sea bass. If you're with me. If you're a UPen alum, check your inbox or watch it very closely. So we'll keep tabs on that. To close out here with another story, I have to share the wildest, nerdiest piece of malware we've seen in a long time, in many years. So this one is called Glassworm. If you're not familiar with it, so let's talk about this a little bit. It's hunting software developers by infecting Visual Studio Code. So the digital workbench where most of the world's software is written. So here's the crazy part. Usually, when malware phones home for instructions, security teams can see that traffic and block the server, right? Glassworm is different. It uses an unkillable command system. And this is kind of how it works. It reads public transaction memos on the Solona blockchain to get its orders. So you can't block the blockchain without breaking half the internet. As a backup, it checks a public Google Calendar event. Think about standard corporate firewalls. They trust traffic going to Google.com by hiding its commands inside of Google Calendar. This worm's traffic looks completely legitimate to most security tools. It's hiding in plain sight, basically. Here's the reality: the hackers have built a decentralized, unkillable beast. It's a massive leap in sophistication, and it's aimed right at the people building our software. It's pretty scary, if you think about it. To quickly recap from everything this week, the security patch is trying to downgrade you. The university just leaked your net worth to the dark web, and the virus is checking Google Calendar for its next target. Just a normal week in 2025. Getting closer to the end there. So perfect for Q4. Good job. All right. Fantastic. Well, this was just a quick update for all of our listeners out there. I just want to say, as always, thank you so much for listening to Privacy Please. We got a lot of big things coming in the new year. Q4 has been really crazy just on our normal jobs and things like that. So thank you so much for your patience and for continuing to stay with us. I will continue to push out episodes as much as I can. Um, so thank you for the patience and just be ready for 2026 because we got a lot. And if you haven't checked out the website, go check it out the problemlounge.com. That is theproblemlounge.com. That's our network. Um, so we have the new problem lounge podcast coming out in the new year as well, and another show to come along with it with some surprises. So thank you again for the support. We'll see you guys soon. Definitely next week. I'm Cameron Ivy, as always. Thank you for listening to Privacy Please. Lock your shit down, stay safe, and enjoy some nice fall weather if you have it. If you don't, I don't know what to tell you. But we'll see y'all next week. Cameron Ivy, over and out.
