The Dangers of Googling Phone Numbers, an Attack on a Security Platform, and Typo Squatting on US Military Domains

This week on Hacker And The Fed you can't always count on Google for the right telephone number for an airline, an American cloud based directory as a service platform announces that they were hacked by a state sponsored threat actor, millions of US military emails may be ending up in the wrong hands, a new ransomware looks like a windows update, we answer listener questions, and Hector tells a fascinating story about a hacking methodology.
Links from the episode:
Airline Fake Contact Number on Google Maps
https://twitter.com/Shmuli/status/1680669938468499458
https://twitter.com/SwiftOnSecurity/status/1680926780599812098
 
JumpCloud discloses breach by state-backed APT hacking group
https://www.bleepingcomputer.com/news/security/jumpcloud-discloses-breach-by-state-backed-apt-hacking-group/
JumpClouds IOCs - https://jumpcloud.com/support/july-2023-iocs
 
Domains like army․ml, pentagon․ml, navy․ml and af․ml all have Mail Exchange records pointing to 'handle․catchemail․ml'
https://twitter.com/mikko/status/1680947795862200325
 
Watch out for this new malicious ransomware disguised as Windows updates
https://www.foxnews.com/tech/watch-out-new-malicious-ransomware-disguised-windows-updates
https://www.trendmicro.com/en_id/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html
 
Listener Questions
https://www.lsu.edu/mediacenter/news/2023/06/13-cyber-clinic.php
 
Support our sponsors:
Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees

Get your Hacker and the Fed merchandise at hackerandthefed.com