From the massive data breaches affecting millions globally, including the largest-ever breach for French citizens, to Nvidia’s strategic leap over Amazon in market value, we cover the digital landscape’s pressing issues and innovations. Plus, we break down Microsoft’s February 2024 Patch Tuesday, addressing critical zero-days and enhancing digital safety. Join us as we explore the implications of these developments for the future of technology and cybersecurity.

Original URLs for Each Article:

1. Aircraft Leasing Company Cyberattack: Dark Reading Article
2. Integris Health Data Breach: BleepingComputer Article
3. Bank of America Customer Data Leak: Dark Reading Article
4. Islamic Nonprofit Infiltration: Dark Reading Article
5. French Citizens Data Breach: France TV Info Article
6. Black Basta and Hyundai Motor Europe: Dark Reading Article on Black Basta
7. LockBit and SEIU Local 1000: Dark Reading Article on Subway LockBit Investigation
8. Nvidia’s Sovereign AI: Nvidia Blog, Ars Technica Article
9. Microsoft February 2024 Patch Tuesday: Trend Micro Research on CVE-2024-21412, BleepingComputer Article on Microsoft’s Patch

Thanks to Jered Jones for providing the music for this episode. Find him on Spotify here: https://open.spotify.com/artist/37xLl4KR8hJ5jBuS8zYjQN?si=W75mgw68SsmCb7Zfu5ESeg

---

Transcript:

[00:00:00] Good morning listeners. And thanks for tuning in on Valentine’s day.

Sadly, I do not have anything Valentines related, uh, watch out for romance scams. As always. But we do have two very thrilling stories and a new segment. I’m calling. They got popped.

We’re going to be talking about. Nvidia and their leap towards sovereign AI and market dominance. And we’re also going to be bringing [00:01:00] you the updates from yesterdays patch Tuesday.

All right. So first up in an effort to avoid overly discussing data breaches, I’m going to compact them all for you and give them to you. At once. And to help me do this, to help me react to the severity of these breaches, I’ve brought in my brand new AI girlfriend. Uh, let’s name her Tina. Let’s kick it off.

They got popped.

Yes, Tina. Yes, they did.

Okay. So first up we have airplanes. Yes, Tina. Yes. Planes, a commercial engine aircraft leasing. Named Willis. Lease finance Corp. Said it suffered a cybersecurity incident on January 31st and [00:02:00] it got its systems knocked offline.

Uh, next we have the healthcare sector. Yes, believe it or not. The healthcare sector was just popped Integris health. Last November disclosed personal information, belonging to almost 2.4 million people was exposed.

You heard about it yesterday? But bank of America got popped.

Yeah, they seem so serious and significant, but yeah, they got popped. The details are in yesterday’s episode, but it affected around 57,000 customers.

We’re going international with an Islamic nonprofit from Saudi Arabia.

That’s not fair. Saudi Arabia, nonprofit was infiltrated for over three years. By a silent back door.

We’ve got two French companies.

No, the baguettes are not even safe. VM muddy and Al Murray. They’re both managed third party payments for health insurance [00:03:00] companies. And this combined exposure is the largest ever data breach for French citizens.

Staying in Europe. We’re talking about Hondai motor Europe.

Hyundai. Yes. Uh, but I do love them. Black Basta has. Claim to have stolen three terabytes of data from the Hyundai motor group Europe. And if we talk about text data, that is a lot.

And finally back state side.

We’ve got California.

A little outdated with the Arnold reference, but lock bit has claimed responsibility for a cyber attack on service employees, international union local, 1000 in California. According to that ransomware gang, it’s still 308 gigabytes of data from the union, including employee information, such as social security, numbers, salary information, and financial documents.

So as always sign up for crediting credit monitoring. Change your passwords and keep an eye on those bank statements.[00:04:00]

All right. So moving into our first real news article story of the day, it’s coming to us from ARS Technica, and it is discussing. NVIDIA’s CEO Jensen, Hong. Is championing the concept of sovereign AI amid the company, significant leap over Amazon in market value. So that’s pretty amazing because Amazon’s pretty important.

Basically the NVIDIA’s CEO is proposing a future where each country controls its own AI destiny. This vision termed sovereign AI suggests a world where nations harness artificial intelligence to preserve their cultural heritage and societal norms.

Hong announced this while speaking at the world government summit in Dubai and emphasize the importance of countries owning the production of their own intelligence. So this idea, isn’t just about data sovereignty. It’s about embedding a nation’s language, culture, and collective wisdom into the digital realm.

The rise of Nvidia and the global [00:05:00] market.

Now neck and neck with Amazon for market value is not just a financial milestone. It’s a Testament to the growing importance of AI technology. NVIDIA’s GPU’s or graphical processing units are critical for AI development and have become indispensable in data centers around the world.

Data centers that are used by Amazon. Microsoft Google and more notably open AI. This development underscores how essential AI and invidious technology have become to our digital infrastructure. Highlighting the company’s influence in shaping the future of global technology and AI applications.

So, this is pretty crazy. I knew Nvidia was doing great due to Bitcoin mining and AI, but I didn’t know they were up there on the scale with Amazon. That’s pretty cool. In 2019, I built my first computer. And I bought an Nvidia graphics processor, 2070, something like that for, I don’t know, four or 500 bucks. Which has felt like a lot at the time.[00:06:00] And that is now over four years ago and that exact graphics processor is worth double it’s worth 800 bucks brand new. In tech terms. Tech years are kind of like dog years.

Like we progress so much faster in tech. So I, you know, expected that. Graphics processor to decline in value very rapidly. That’s not to say that graphics processing hasn’t improved much because. Yeah, it’s almost even unusable. It’s a great graphics processor, but not $800 worth.

Good for you, Nvidia. And good for you. Whoever has bought stock in Nvidia, prior to Bitcoin mining and AI and all this stuff, because it’s doing pretty well.

Yesterday was Microsoft’s monthly patch Tuesday. Valentine’s day edition to zero days and a total of 73 security flaws. So just to [00:07:00] recap, a zero day is a vulnerability that was built into the initial software to the initial product. That. The company did not know existed.

So the two, zero days that were patched were. To CVS. One was a windows SmartScreen security feature bypass, and the other was an internet shortcut files, security feature bypass.

So the first one allowed attackers to bypass smart screens security checks by tricking users into opening malicious files.

This vulnerability involved attackers exploiting the windows smart screen filter, which is a tool designed to screen out unrecognized apps. And files from the internet to protect users from malicious software

by crafting a malicious file in a certain way. Attackers could deceive the smart screen filter into not recognizing the file as a threat. Which often involves manipulating metadata or the files digital signature to either appear benign or to mask its true nature.

Once the user is convinced to open the file, believing it to be safe.

The attacker could execute malicious [00:08:00] code on the victim system. So this is so huge when. We discussed this when talking about labeling AI content as well, but once the user gets confident, In a security measure, such as this label that identifies malicious files.

When they see it, they’re going to trust that it’s there,

and then when it’s not there, they’re going to trust that it was checked. So just like in the AI content, if people are used to seeing labels.

I guess let’s use. Corporate email as an example, we’ve all probably seen these banners on corporate emails that say. This email originated outside of the company, right? When we see that banner, we know to look at it. With a critical eye. But when we don’t see that banner, something in our brain says it’s safe because we know that that check exists. And when it’s not there, it must be safe.

Our guard is down when we don’t see that banner.

That’s the same thing about this sort of check.

And consumer confidence in [00:09:00] these checks.

We trust that they’re happening. And so attackers have found a way to exploit that trust. The other. Zero day vulnerability. That was patched yesterday. Is in a similar vein. This vulnerability specifically targets the way windows, processes, internet shortcut files.

With respect to mark of the web or M O T w. So MTW is a security feature that assigns a quote zone. To files downloaded from the internet. So similarly, It starts tagging them. As less trusted. Than files originating from the local machine. When a file is tagged windows and various applications apply stricter security measures such as prompting users with warnings. Before execution, same thing.

When we’re used to seeing that warning and it doesn’t come up, we assume it’s safe.

This basically just allows. Attackers to convince users to download malicious files. And also convinced them that those files are safe. ’cause that warning [00:10:00] didn’t pop up. So we’re glad Microsoft has patch these. It’s just the lesson. Don’t. Always trust.

Security warnings and security features take your safety into your own hands when you can.

Try to stick to downloading files from reputable sources. And if you’re feeling advanced, you can go in. To Google and look up, check, sum and file integrity. Checking. Basically the file that is downloaded. From a reputable source. He has a certain signature. And once you get it onto your computer, you can check to see if that signature is still intact.

But overall, make sure your systems are regularly patched with security updates, because that’s the only way this update’s going to get to your computer is by downloading the security updates.

So. Make sure to patch.

All right. That is it. I hope you guys have great plans for your Valentine’s day today. And.

We really appreciate you listening. We will talk to you more [00:11:00] tomorrow.