Initial commit: HPR Knowledge Base MCP Server
- MCP server with stdio transport for local use - Search episodes, transcripts, hosts, and series - 4,511 episodes with metadata and transcripts - Data loader with in-memory JSON storage 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
Lee Hanken
125
hpr_transcripts/hpr3743.txt
Normal file
125
hpr_transcripts/hpr3743.txt
Normal file
@@ -0,0 +1,125 @@
|
||||
Episode: 3743
|
||||
Title: HPR3743: HPR News
|
||||
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3743/hpr3743.mp3
|
||||
Transcribed: 2025-10-25 04:51:25
|
||||
|
||||
---
|
||||
|
||||
This is Hacker Public Radio Episode 3,743 for Wednesday the 7th of December 2022.
|
||||
Today's show is entitled HPR News.
|
||||
It is the 20th show of some guy on the internet and is about 10 minutes long.
|
||||
It carries a clean flag.
|
||||
The summary is news for the community by the community.
|
||||
Hello and welcome to another episode of Hacker Public Radio.
|
||||
This is the news show, HPR News, starting off with threat analysis, your attack surface.
|
||||
Microsoft confirms a server misconfiguration led to 65,000 companies data leak.
|
||||
Microsoft misconfigured an Azure Blob storage server causing a major security breach.
|
||||
Attackers were able to access unauthorized customer data.
|
||||
SOC Radar, a cybersecurity company, is calling the security breach Blue Blade.
|
||||
SOC Radar discovered the breach on September 24th, 2022.
|
||||
Microsoft is attempting to downplay the security breach, but security researcher Kevin Buehmont
|
||||
isn't buying it.
|
||||
Mr. Buehmont suggests that Microsoft dropped the ball on informing its customers
|
||||
and federal regulators of the security breach in a timely manner.
|
||||
For our next article,
|
||||
Hidden ads malware affects over 1 million Android users.
|
||||
MacAfee's mobile research team identified multiple apps containing malware on Google's Play Store.
|
||||
After install, the malicious Android apps automatically run without the user knowing or interacting
|
||||
with the app. That's right, they automatically run after install.
|
||||
They're happy.
|
||||
These malicious apps then disguise themselves by changing their icon to the Google Play icon
|
||||
and renaming themselves to either Google Play or Settings.
|
||||
The malicious apps quickly create permanent malicious services.
|
||||
MacAfee's mobile research team demonstrates the resilience of the malware by using
|
||||
Kill-9 on the service processes.
|
||||
More malicious processes generate immediately as if nothing happened.
|
||||
For our next article,
|
||||
fully undetectable PowerShell backdoor disguised as part of Windows Update.
|
||||
Director of security research at Safe Reach,
|
||||
Tomarbar stated,
|
||||
The covert self-employed tool and the associated C2 command seem to be the work of a sophisticated
|
||||
unknown threat actor who has targeted approximately 100 victims.
|
||||
Oh no!
|
||||
Based on a metadata found within the malicious document,
|
||||
it seems to be a LinkedIn-based spearfishing attack,
|
||||
which ultimately leads to the execution of a PowerShell script via a piece of macro code.
|
||||
The macro drops update.vbs creates a scheduled task pretending to be part of the Windows update,
|
||||
which will execute the updater.vbs script from a fake update folder under
|
||||
slash app data slash local slash Microsoft slash Windows.
|
||||
Said Tomar,
|
||||
Currently, 32 security vendors in 18 anti-malware engines
|
||||
have flagged the decoy document and the PowerShell scripts as malicious.
|
||||
Yay!
|
||||
The findings come as Microsoft has taken steps to block Excel forms and visual basic application
|
||||
macros by default across Office apps, prompting threat actors to pivot toward alternative delivery
|
||||
methods. I imagine this is a major issue inside of work environments and school environments,
|
||||
where users slash students share documents on Microsoft Cloud.
|
||||
If one person gets a hold of the malicious document,
|
||||
then they just spreads like wildfire across the environment.
|
||||
There will be links down in the show notes.
|
||||
I've turned certain words in the hyperlinks where you can find out more about what steps
|
||||
Microsoft has taking as well as the alternative delivery methods the attackers are using.
|
||||
Next up, user spakes.
|
||||
Texas sues Google for biometric data collection.
|
||||
The great state of Texas has filed a lawsuit against Google claiming that the tech bohemeth
|
||||
has taken user biometric data without permission.
|
||||
Texas Attorney General Ken Paxton claims Google is illegally data harvesting Texans using features
|
||||
and devices such as Google Photos, Google Assistant, and Nest Hub Max.
|
||||
Alright, I can just imagine this guy sitting somewhere down in Texas on a front porch,
|
||||
hollering it at his phone with an image of the Google logo and he's drinking from a jar of
|
||||
moon shine that he just brewed in his truck radiator on his way home from work.
|
||||
That's how I picture this guy because there's no way in hell he honestly believes that people
|
||||
don't know Google is harvesting their data.
|
||||
That Ulyss bulletproof right, whatever you do with that device, whatever sensors that device
|
||||
has on it, cameras, microphones, the ability to do the fingerprint reading.
|
||||
If it can collect any form of data, Google has it.
|
||||
Same thing with Apple, same thing with I don't know LG Samsung, you name it.
|
||||
I also imagine seeing Google's lawyers just planning how this trial will go
|
||||
and rather than actually showing up for the trial, they just send a pallet of money.
|
||||
So everything Ken Paxton has to argue, the judge will just look over at the pile of money and say,
|
||||
nope, doesn't add up. Let's pivot back to threat analysis.
|
||||
The next story, millions of patients compromised in hospital data leak.
|
||||
Nearly three million Illinois and Wisconsin patients are caught in a hospital data breach.
|
||||
Advocate Aurora Health, which operates 27 hospitals, said in a statement.
|
||||
The breach may have exposed information, including a patient's medical provider,
|
||||
type of appointments, medical procedures, date and locations of scheduled appointments,
|
||||
and IP addresses.
|
||||
The system blamed the breach on the use of pixels.
|
||||
Computer code that collects information on how a user interacts with their website.
|
||||
Wow, I can't believe this. This computer code pixels includes products developed by Google
|
||||
and Facebook's parent company meta that make the collected data accessible to those companies
|
||||
like Aurora Health. Yes, ladies and gentlemen, here in the United States of America,
|
||||
Google and Facebook are in control of your health care.
|
||||
Or at least the information surrounding your health care.
|
||||
The health care industry's use of pixels has come under wide criticism from privacy advocates
|
||||
who warned that the technologies used violates federal patent and privacy laws.
|
||||
A report published in June by the markup found that many of the country's top ranked hospitals
|
||||
used the meta pixel.
|
||||
Wow, ladies and gentlemen, I don't know what to tell you. I can't believe it.
|
||||
Our health care system is so difficult that regular citizens can't get health care.
|
||||
You can't go across state lines to get better health care if you could even afford it in the first
|
||||
place, right? So they lock you into a state which limits the amount of health care you can receive.
|
||||
You know, the options of insurance you can get so you can't get a cheaper plan from a neighboring
|
||||
state and then they make it so expensive that you can't even afford it in the first place.
|
||||
On top of that, to add insult to entry, they give your data to Facebook.
|
||||
I mean, to stop and think about that, Facebook and Google can tie your medical records to some
|
||||
account online and these people have no hip-hop obligations. There are no laws or anything protecting
|
||||
your data. Once it's in the hands of Facebook, they have no federal regulation that says how they
|
||||
must house this data. Who can have access to it? Nothing. Your data is just raw out there in
|
||||
the hands of Facebook. Meanwhile, everybody's upset about something on Twitter. You know, I haven't
|
||||
heard one person stop and talk about this, but yet, you know, apparently the Tesla guy in Twitter,
|
||||
that that's worth chatting about. Let me put it this way. Not if, but when Facebook suffers
|
||||
another day to breach, imagine having not only your Facebook account being compromised,
|
||||
but also any medical diagnosis that you have had any sort of appointments that you've made
|
||||
toward that diagnosis, any sort of embarrassing health conditions. They maybe they're not embarrassing,
|
||||
but they're private. You don't want it out there and they're open like that.
|
||||
All right, ladies and gentlemen, I'm going to leave you with that one to chew on because that one
|
||||
was a little bit upsetting to hear from you personally, but I want to know what you think about that.
|
||||
What do you think about Google and Meta, you know, with air quotes? What do you think about them
|
||||
being in control of your health care data? I'm some guy on the internet. This is HPR News and I'm
|
||||
signing off. You have been listening to Hacker Public Radio at Hacker Public Radio does work.
|
||||
Today's show was contributed by a HPR listener like yourself. If you ever thought of recording
|
||||
podcast, click on our contribute link to find out how easy it really is. Hosting for HPR has been
|
||||
kindly provided by an honesthost.com, the internet archive, and our sings.net.
|
||||
On this advice status, today's show is released under Creative Commons Attribution 4.0 International
|
||||
License.
|
||||
Reference in New Issue
Block a user