The Dangers of Googling Phone Numbers, an Attack on a Security Platform, and Typo Squatting on US Military Domains

This week on Hacker And The Fed you can't always count on Google for the right telephone number for an airline, an American cloud based directory as a service platform announces that they were hacked by a state sponsored threat actor, millions of US military emails may be ending up in the wrong hands, a new ransomware looks like a windows update, we answer listener questions, and Hector tells a fascinating story about a hacking methodology.

Links from the episode:

Airline Fake Contact Number on Google Maps

https://twitter.com/Shmuli/status/1680669938468499458

https://twitter.com/SwiftOnSecurity/status/1680926780599812098

JumpCloud discloses breach by state-backed APT hacking group

https://www.bleepingcomputer.com/news/security/jumpcloud-discloses-breach-by-state-backed-apt-hacking-group/

JumpClouds IOCs - https://jumpcloud.com/support/july-2023-iocs

Domains like army․ml, pentagon․ml, navy․ml and af․ml all have Mail Exchange records pointing to 'handle․catchemail․ml'

https://twitter.com/mikko/status/1680947795862200325

Watch out for this new malicious ransomware disguised as Windows updates

https://www.foxnews.com/tech/watch-out-new-malicious-ransomware-disguised-windows-updates

https://www.trendmicro.com/en_id/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html

Listener Questions

https://www.lsu.edu/mediacenter/news/2023/06/13-cyber-clinic.php

Support our sponsors:

Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees

Get your Hacker and the Fed merchandise at hackerandthefed.com