Stolen OAuth Tokens Hit Security Firms, AryStinger Router Botnet Emerges, AI Deepfake Cyberstalking - podcast episode cover

Stolen OAuth Tokens Hit Security Firms, AryStinger Router Botnet Emerges, AI Deepfake Cyberstalking

Jun 22, 202610 min
--:--
--:--
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

A breach at market intelligence platform Klue allowed attackers to steal OAuth tokens linking Clue to customers' Salesforce environments, enabling quiet API-driven data extraction from firms including Huntress, Recorded Future, Tanium, and Jamf; Clue revoked tokens, removed the legacy integration credential involved, and engaged CrowdStrike as Icarus threatens extortion, echoing earlier Salesforce token-theft campaigns affecting nearly 1,000 companies.

Researchers also detail AriStinger, a new botnet infecting 4,000+ end-of-life D-Link routers to scan, proxy, tunnel, execute commands, and hijack DNS, with many infections in South Korea and China. The episode covers federal cyberstalking charges against Anthony Belford for allegedly using fake accounts and AI-generated nude images, and ESET's report that the "Gentleman" ransomware crew is developing modular EDR-killing tools to disable endpoint defenses.

00:00 Top Stories Teaser 00:29 Clue OAuth Token Breach 02:32 Salesforce Token Attack Trend 04:14 AryStinger Router Botnet 05:33 AI Deepfake Cyberstalking Case 07:50 Gentleman EDR Killer Arsenal 09:37 Wrap Up And Sign Off

For the best experience, listen in Metacast app for iOS or Android