Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
175
hpr_transcripts/hpr3714.txt
Normal file
175
hpr_transcripts/hpr3714.txt
Normal file
@@ -0,0 +1,175 @@
|
||||
Episode: 3714
|
||||
Title: HPR3714: The News with Some Guy On the Internet
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3714/hpr3714.mp3
|
||||
Transcribed: 2025-10-25 04:31:52
|
||||
|
||||
---
|
||||
|
||||
This is Hacker Public Radio Episode 3,714 for Thursday, the 27th of October 2022.
|
||||
Today's show is entitled, The News with some Guy on the Internet.
|
||||
It is hosted by some guy on the Internet, and is about 10 minutes long.
|
||||
It carries a clean flag.
|
||||
The summary is Threat Analysis.
|
||||
Hello and welcome to another episode of Hacker Public Radio.
|
||||
I'm your host, some guy on the Internet.
|
||||
I'm testing out something new.
|
||||
You guys let me know if you like it, but I want to do a news show.
|
||||
And that's what this is.
|
||||
For the first segment of the show, it's what I'll call Threat Analysis.
|
||||
Our first article is going to be coming from the Hacker News.
|
||||
New Chinese malware attack, named Framework, targets, Windows, Mac OS, and Linux systems.
|
||||
It previously undocumented command and control C2 Framework, dubbed Alchemist, is likely
|
||||
being used in a while to target the three platforms.
|
||||
This thing has an interface online written in simplified Chinese.
|
||||
It can generate payloads, establish remote sessions, deploy the payloads to the remote
|
||||
machines, capture screenshots, you know, all the things you don't want to happen.
|
||||
And apparently it's written in GoLang.
|
||||
Oh no, oh no.
|
||||
Since the Alchemist is a single file based, ready to go C2 Framework, it is difficult to
|
||||
attribute.
|
||||
It's used to a single actor such as authors, APIs, or crime wave syndicates.
|
||||
The Trojan, for its part, is equipped with features typically present in backdoors of
|
||||
its kind.
|
||||
Enabling the malware to get system information, capture screenshots, run arbitrary commands,
|
||||
and download remote files among other things.
|
||||
The Alchemist C2 panel further features the ability to generate first stage payloads, including
|
||||
PowerShell and WGit code snippets for Windows and Linux, potentially allowing the attacker
|
||||
to flesh out their infestation chain to distribute the insect RAT binary.
|
||||
So it seems like they're going to be delivering this thing, usually with phishing emails, you
|
||||
know, they'll have a malicious document in there, you launch the document, it then reaches
|
||||
out, pulls down the package, infect your computer, and then your host.
|
||||
My guess is that the Alchemist C2 is also capable of gaining root access because it can also
|
||||
modify your authorized keys and your SSH folder.
|
||||
So it's going to continue the remote access even after using SSH.
|
||||
For our next headline, and this is for our U-Android users out there, hackers using
|
||||
vishing, not phishing, with a V-Vishing, to trick victims into installing Android banking
|
||||
malware.
|
||||
Good heavens, malicious actors are resorting to voice phishing, known as vishing tactics
|
||||
to duke victims into installing Android malware on their devices.
|
||||
A Dutch mobile security company said it identified a network of phishing websites targeting
|
||||
Italian online banking users that are designed to fish contact details.
|
||||
Are you guys going to love this one?
|
||||
Telephone-oriented attack delivery, known as Toad, involves calling the victims using
|
||||
previously collected information from the fraudulent websites.
|
||||
Yep, to be honest with you guys, that's the moment where I contact the Dutch security
|
||||
guys and just go and ask them what's going on over there.
|
||||
Toad, really?
|
||||
Toad.
|
||||
The caller, who's basically a fraudster, pretending to be from the bank, contacts the victim,
|
||||
informs them that, hey, I'm from the bank, you have a security issue, you should download
|
||||
the security app that we have.
|
||||
So the person, you know, downloads the security app, and then that's when the app launches
|
||||
all the malicious stuff gaining access to the financial credentials and they commit financial
|
||||
fraud this way.
|
||||
Once the victim falls for the security app malware, it then reaches out and pulls down
|
||||
a second piece of malware called SMS Spy, which enables the ability to monitor SMS messages.
|
||||
What that will do is intercept the one-time password, you know, the TLTP codes.
|
||||
Yep.
|
||||
They'll just gain access to everything once they have that.
|
||||
Yeah, so if you're an android, just look out there.
|
||||
They mentioned further on an article that there's a new wave of scams being launched on
|
||||
the Android platform through the Google Play Store.
|
||||
Another attack type is called Smashing with an S.
|
||||
Yeah, so it's pretty bad out there on the Google Play side.
|
||||
What's the next article from the hacker news once more?
|
||||
It's about OmniCell.
|
||||
They had a data breach and 6,4,000 patients were impacted by this.
|
||||
Go ahead.
|
||||
Founded in 1992, OmniCell is a leading provider in medical management solutions for hospitals,
|
||||
long-term care facilities, and retail pharmacies.
|
||||
But on May 4th of 2022, OmniCell's IT systems and third party
|
||||
cloud services were affected by ransomware attacks which may have led to data security
|
||||
concerns for employees and patients.
|
||||
While it's still early in the investigation, this appears to be a severe breach with potentially
|
||||
significant consequences for the company.
|
||||
Yeah, so the IT learned of it on May 4th, 2022, OmniCell began in a farming people on
|
||||
August 3rd, 2022.
|
||||
Yeah, if you've been visiting any hospitals or whatever lately, just go ahead and get
|
||||
yourself some of those identity monitoring programs like Life Lock or whatever it's
|
||||
available in your country because healthcare is a major target for ransomware.
|
||||
I mean, they're just getting knocked over year after year.
|
||||
Now, a little bit more details in the article talk about the OmniCell data that may have
|
||||
been exposed from the attack, which includes but is not limited to credit card information,
|
||||
financial information, social security numbers, driver's license numbers, and health insurance
|
||||
details.
|
||||
Basically, everything it takes to identify you as an individual in your nation was exposed.
|
||||
They can run around and completely pretend to be you opening up accounts and whatever
|
||||
else they need to with that information.
|
||||
Wow.
|
||||
Now, with all that said, healthcare is not the only area of our system that's under
|
||||
attack by ransomware.
|
||||
Schools, colleges, the entire education sector is also under attack by these ransomware
|
||||
attacks.
|
||||
He's an article from the Washington Post.
|
||||
How to protect schools getting whacked by ransomware?
|
||||
Ransomware gangs are taking American schools.
|
||||
So far this year, hackers have taken hostage at least 1700 schools in 27 districts.
|
||||
The massive Los Angeles unified school district is their latest target.
|
||||
Yeah, so basically ransomware hackers will deploy ransomware inside of these schools,
|
||||
their organizations, it'll lock up all of their servers, locking the administrators out,
|
||||
and in order for the administrators to gain access to their services again, they have to
|
||||
pay the ransom.
|
||||
The Department of Treasury has released guidance on paying these global criminal organizations.
|
||||
Basically, they don't want you to pay them, but I'm pretty sure that the moment the
|
||||
Department of Treasury steps out of the door, the school is going to be like, pay them.
|
||||
Also like to quote down an article, apparently they spoke to these gangs, ransomware gangs
|
||||
and asked them, you know, why are you targeting these groups?
|
||||
And the quote was very simple because we can.
|
||||
So with all the money coming into schools and them making the students carry around
|
||||
Chromebooks and tablets and all this other stuff to, you know, do their schoolwork.
|
||||
They're not maintaining any of the back and they don't have proper backups.
|
||||
That's why they're forced to pay these guys because they don't have any other way to
|
||||
get the data back or access to the data for all you young hackers out there getting ready
|
||||
to go to university or high school or whatever out there.
|
||||
Make sure you maintain your own backups.
|
||||
Don't listen to the school about just uploading to their cloud services or whatever.
|
||||
Clearly, if their work is jacked up, you want to make sure that you're able to still
|
||||
turn in your work.
|
||||
You need to be able to understand file systems, local storage and all of that other cool
|
||||
and XC stuff.
|
||||
Alrighty.
|
||||
So our next article comes from CTNet News.
|
||||
It's Verizon Alerts Prepaid Customers to Recent Security Breach.
|
||||
All right, I'm going to breeze through this one.
|
||||
Verizon's Prepaid Customers, only about 250 of them from what they put in the article
|
||||
on October 10th.
|
||||
Well, it occurred October 6th through October 10th.
|
||||
So they say the breach exposed a little bit of data, the last four of the credit card
|
||||
numbers and some of the people may have had their accounts jacked with a method call
|
||||
sim swapping.
|
||||
I, of course, being a Verizon customer, had to quickly jump on the line and figure out
|
||||
whether or not I'm good.
|
||||
Hello.
|
||||
Yes, is this Verizon?
|
||||
Yes, I'm a customer there.
|
||||
Am I good?
|
||||
I heard about the breach.
|
||||
Am I okay?
|
||||
Apparently, the breach only affected the rebate customers and not the rest of us, so I
|
||||
good.
|
||||
Okay, so that's going to conclude our news for today.
|
||||
This is just a test.
|
||||
If you guys really enjoy this, please leave a comment down below.
|
||||
Let me know what you think.
|
||||
I'll definitely do more, add some more segments into it and not just the threat analysis.
|
||||
And for now, I just wanted it to be something simple and easy for everybody to grasp.
|
||||
What's this?
|
||||
What do we have here?
|
||||
Breaking news, ladies and gentlemen, I just got breaking news.
|
||||
Oh my goodness.
|
||||
I'm so excited about this.
|
||||
If you, too, want to become a contributor here on hacker public radio, all you have to
|
||||
do is go over to the hackerpublicradio.org website and click on the contribute link.
|
||||
There will be information there to help you on your journey.
|
||||
All right, that's all I got for you today, ladies and gentlemen, thank you for coming
|
||||
on over to hackerpublicradio and listening to this fine, fine broadcast we got going
|
||||
on over here.
|
||||
Please leave a comment down below and I'll see you guys in the next episode.
|
||||
You have been listening to hackerpublicradio.com at hackerpublicradio.org.
|
||||
Today's show was contributed by a HBR listener like yourself.
|
||||
If you ever thought of recording podcast, click on our contribute link to find out
|
||||
how easy it really is.
|
||||
Hosting for HBR has been kindly provided by an honesthost.com, the internet archive and
|
||||
our things.net.
|
||||
On this advice status, today's show is released on our creative comments, attribution 4.0
|
||||
international license.
|
||||
Reference in New Issue
Block a user