November 7, 2025 • 10 mins
In this episode of Privacy Please, host Cameron Ivey discusses significant security threats, including a critical vulnerability in Microsoft's WSUS, a major data breach at the University of Pennsylvania, and the emergence of sophisticated malware known as Glassworm. The conversation highlights the importance of cybersecurity measures and the potential consequences of negligence in IT security.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
SPEAKER_01 (00:44):
Alrighty then, ladies and gentlemen, welcome
back to another episode ofPrivacy Please.
I'm your host, Norman Ivy.
Flying solo this week.
I got some juicy news for you.
So sit back, relax.
Let's dig into the chaos, shallwe?
(01:04):
No, seriously.
You might want to embraceyourselves if you haven't heard
this yet.
So if you've been feeling alittle paranoid lately, well, I
have some bad news.
The stories this week are thekind that keeps security
engineers up at night.
So if I have any securityengineers on here, maybe this
isn't news to you, but we haveuh trusted tools turning
(01:27):
malicious, universities leaking,donors net worth, and a sci-fi
worm that just won't die.
Sounds like some kind of ahorror sci-fi movie.
Anyways, let's dig into thechaos, shall we?
So, first up, the story that isstill dominating every IT Slack
(01:50):
channel right now.
It broke late last month, uh,but the fallout is still going
on.
Uh, we all know you have youhave to have a patch for your
systems, right?
It's security 101.
But what happens when the toolyou use to patch is the very
thing that infects you?
That's a major problem, right?
(02:12):
So we're talking aboutMicrosoft's WSUS.
So that stands for WindowsServer Update Service.
For those who don't know, thisis basically the traffic
controller for your updatesinside a big company.
It downloads the officialpatches from Microsoft once and
then pushes them to thousands ofemployees.
(02:33):
It is arguably one of the mosttrusted servers on any network.
So here's the one flaw (02:38):
a critical 9.8 out of 10 bug was
found that lets hackers takeover this server remotely
without a password.
So the terrifying part that MassMedia missed, once attackers are
in, they aren't just stoppingupdates.
They are using WSUS to pushdowngrade attacks.
(03:01):
They're forcing companycomputers to uninstall recent
security patches, effectivelyrolling back time to make them
vulnerable again before they hitthem with ransomware.
That's a huge, huge issue.
So right now, the current statusis the CISA has sounded the
(03:21):
alarm.
So ransomware cartels areactively scanning for this.
If you are an IT admin, listen,listen, come in close.
SPEAKER_00 (03:32):
I got something to tell you.
If you're an IT admin and youhaven't patched your WSUS server
yet, stop listening to thispodcast and go do it right now.
Please.
Thank you.
SPEAKER_01 (03:44):
And moving on.
So next up, we're talking aboutsome breaking news that happened
this week.
Yes.
So a massive data breach at theUniversity of Pennsylvania just
happened this week.
I think it was on the 4th.
So UPenn confirmed a breachaffecting 1.2 million people.
(04:05):
So very likely yourself,possibly.
This includes current students,tons of alumni, and crucially
major donors.
So let's dig into the detailsjust a little bit here.
This isn't your standard emailand password leak.
Before it hit the donorrelations database, the stolen
data includes what they callwealth screenings.
(04:27):
So these are detailed profilesestimating the alumni's net
worth, their property values,and their capacity to give.
It also includes highlyinsensitive demographic data,
religious affallations,political leanings, and sexual
orientation.
So they use these for targeteduh fundraising, stuff like that.
(04:48):
Let's talk about how ithappened.
They didn't hack the mainframe.
It was a classic supply chainattack.
A third-party vendor thathandles their alumni engagement
got fished.
Classic.
Uh, one employee at one vendorclicked the wrong link, and 1.2
million people are exposed.
It's that easy.
(05:08):
It's that easy.
SPEAKER_00 (05:11):
It's that easy.
Oh my god.
SPEAKER_01 (05:14):
But seriously, the takeaway here is this data is
radioactive, so attackers cannow use those wealth ratings to
conduct hyper-targeted whalingattacks.
Frickin' whale on it.
So they're fishing designedspecifically for high net worth
individuals that's fishing witha pH.
(05:35):
We are not fishing for sea bass.
If you're with me.
If you're a UPen alum, checkyour inbox or watch it very
closely.
So we'll keep tabs on that.
To close out here with anotherstory, I have to share the
wildest, nerdiest piece ofmalware we've seen in a long
(05:56):
time, in many years.
So this one is called Glassworm.
If you're not familiar with it,so let's talk about this a
little bit.
It's hunting software developersby infecting Visual Studio Code.
So the digital workbench wheremost of the world's software is
written.
So here's the crazy part.
Usually, when malware phoneshome for instructions, security
(06:21):
teams can see that traffic andblock the server, right?
Glassworm is different.
It uses an unkillable commandsystem.
And this is kind of how itworks.
It reads public transactionmemos on the Solona blockchain
to get its orders.
So you can't block theblockchain without breaking half
the internet.
(06:41):
As a backup, it checks a publicGoogle Calendar event.
Think about standard corporatefirewalls.
They trust traffic going toGoogle.com by hiding its
commands inside of GoogleCalendar.
This worm's traffic lookscompletely legitimate to most
security tools.
It's hiding in plain sight,basically.
Here's the reality (07:03):
the hackers have built a decentralized,
unkillable beast.
It's a massive leap insophistication, and it's aimed
right at the people building oursoftware.
It's pretty scary, if you thinkabout it.
To quickly recap from everythingthis week, the security patch is
(07:24):
trying to downgrade you.
The university just leaked yournet worth to the dark web, and
the virus is checking GoogleCalendar for its next target.
Just a normal week in 2025.
Getting closer to the end there.
So perfect for Q4.
Good job.
All right.
Fantastic.
Well, this was just a quickupdate for all of our listeners
(07:46):
out there.
I just want to say, as always,thank you so much for listening
to Privacy Please.
We got a lot of big thingscoming in the new year.
Q4 has been really crazy just onour normal jobs and things like
that.
So thank you so much for yourpatience and for continuing to
stay with us.
I will continue to push outepisodes as much as I can.
Um, so thank you for thepatience and just be ready for
(08:09):
2026 because we got a lot.
And if you haven't checked outthe website, go check it out the
problemlounge.com.
That is theproblemlounge.com.
That's our network.
Um, so we have the new problemlounge podcast coming out in the
new year as well, and anothershow to come along with it with
some surprises.
So thank you again for thesupport.
(08:31):
We'll see you guys soon.
Definitely next week.
I'm Cameron Ivy, as always.
Thank you for listening toPrivacy Please.
Lock your shit down, stay safe,and enjoy some nice fall weather
if you have it.
If you don't, I don't know whatto tell you.
But we'll see y'all next week.
Cameron Ivy, over and out.
Alrighty then, ladies and gentlemen, welcome
back to another episode ofPrivacy Please.
I'm your host, Norman Ivy.
Flying solo this week.
I got some juicy news for you.
So sit back, relax.
Let's dig into the chaos, shallwe?
(01:04):
No, seriously.
You might want to embraceyourselves if you haven't heard
this yet.
So if you've been feeling alittle paranoid lately, well, I
have some bad news.
The stories this week are thekind that keeps security
engineers up at night.
So if I have any securityengineers on here, maybe this
isn't news to you, but we haveuh trusted tools turning
(01:27):
malicious, universities leaking,donors net worth, and a sci-fi
worm that just won't die.
Sounds like some kind of ahorror sci-fi movie.
Anyways, let's dig into thechaos, shall we?
So, first up, the story that isstill dominating every IT Slack
(01:50):
channel right now.
It broke late last month, uh,but the fallout is still going
on.
Uh, we all know you have youhave to have a patch for your
systems, right?
It's security 101.
But what happens when the toolyou use to patch is the very
thing that infects you?
That's a major problem, right?
(02:12):
So we're talking aboutMicrosoft's WSUS.
So that stands for WindowsServer Update Service.
For those who don't know, thisis basically the traffic
controller for your updatesinside a big company.
It downloads the officialpatches from Microsoft once and
then pushes them to thousands ofemployees.
(02:33):
It is arguably one of the mosttrusted servers on any network.
So here's the one flaw (02:38):
a critical 9.8 out of 10 bug was
found that lets hackers takeover this server remotely
without a password.
So the terrifying part that MassMedia missed, once attackers are
in, they aren't just stoppingupdates.
They are using WSUS to pushdowngrade attacks.
(03:01):
They're forcing companycomputers to uninstall recent
security patches, effectivelyrolling back time to make them
vulnerable again before they hitthem with ransomware.
That's a huge, huge issue.
So right now, the current statusis the CISA has sounded the
(03:21):
alarm.
So ransomware cartels areactively scanning for this.
If you are an IT admin, listen,listen, come in close.
SPEAKER_00 (03:32):
I got something to tell you.
If you're an IT admin and youhaven't patched your WSUS server
yet, stop listening to thispodcast and go do it right now.
Please.
Thank you.
SPEAKER_01 (03:44):
And moving on.
So next up, we're talking aboutsome breaking news that happened
this week.
Yes.
So a massive data breach at theUniversity of Pennsylvania just
happened this week.
I think it was on the 4th.
So UPenn confirmed a breachaffecting 1.2 million people.
(04:05):
So very likely yourself,possibly.
This includes current students,tons of alumni, and crucially
major donors.
So let's dig into the detailsjust a little bit here.
This isn't your standard emailand password leak.
Before it hit the donorrelations database, the stolen
data includes what they callwealth screenings.
(04:27):
So these are detailed profilesestimating the alumni's net
worth, their property values,and their capacity to give.
It also includes highlyinsensitive demographic data,
religious affallations,political leanings, and sexual
orientation.
So they use these for targeteduh fundraising, stuff like that.
(04:48):
Let's talk about how ithappened.
They didn't hack the mainframe.
It was a classic supply chainattack.
A third-party vendor thathandles their alumni engagement
got fished.
Classic.
Uh, one employee at one vendorclicked the wrong link, and 1.2
million people are exposed.
It's that easy.
(05:08):
It's that easy.
SPEAKER_00 (05:11):
It's that easy.
Oh my god.
SPEAKER_01 (05:14):
But seriously, the takeaway here is this data is
radioactive, so attackers cannow use those wealth ratings to
conduct hyper-targeted whalingattacks.
Frickin' whale on it.
So they're fishing designedspecifically for high net worth
individuals that's fishing witha pH.
(05:35):
We are not fishing for sea bass.
If you're with me.
If you're a UPen alum, checkyour inbox or watch it very
closely.
So we'll keep tabs on that.
To close out here with anotherstory, I have to share the
wildest, nerdiest piece ofmalware we've seen in a long
(05:56):
time, in many years.
So this one is called Glassworm.
If you're not familiar with it,so let's talk about this a
little bit.
It's hunting software developersby infecting Visual Studio Code.
So the digital workbench wheremost of the world's software is
written.
So here's the crazy part.
Usually, when malware phoneshome for instructions, security
(06:21):
teams can see that traffic andblock the server, right?
Glassworm is different.
It uses an unkillable commandsystem.
And this is kind of how itworks.
It reads public transactionmemos on the Solona blockchain
to get its orders.
So you can't block theblockchain without breaking half
the internet.
(06:41):
As a backup, it checks a publicGoogle Calendar event.
Think about standard corporatefirewalls.
They trust traffic going toGoogle.com by hiding its
commands inside of GoogleCalendar.
This worm's traffic lookscompletely legitimate to most
security tools.
It's hiding in plain sight,basically.
Here's the reality (07:03):
the hackers have built a decentralized,
unkillable beast.
It's a massive leap insophistication, and it's aimed
right at the people building oursoftware.
It's pretty scary, if you thinkabout it.
To quickly recap from everythingthis week, the security patch is
(07:24):
trying to downgrade you.
The university just leaked yournet worth to the dark web, and
the virus is checking GoogleCalendar for its next target.
Just a normal week in 2025.
Getting closer to the end there.
So perfect for Q4.
Good job.
All right.
Fantastic.
Well, this was just a quickupdate for all of our listeners
(07:46):
out there.
I just want to say, as always,thank you so much for listening
to Privacy Please.
We got a lot of big thingscoming in the new year.
Q4 has been really crazy just onour normal jobs and things like
that.
So thank you so much for yourpatience and for continuing to
stay with us.
I will continue to push outepisodes as much as I can.
Um, so thank you for thepatience and just be ready for
(08:09):
2026 because we got a lot.
And if you haven't checked outthe website, go check it out the
problemlounge.com.
That is theproblemlounge.com.
That's our network.
Um, so we have the new problemlounge podcast coming out in the
new year as well, and anothershow to come along with it with
some surprises.
So thank you again for thesupport.
(08:31):
We'll see you guys soon.
Definitely next week.
I'm Cameron Ivy, as always.
Thank you for listening toPrivacy Please.
Lock your shit down, stay safe,and enjoy some nice fall weather
if you have it.
If you don't, I don't know whatto tell you.
But we'll see y'all next week.
Cameron Ivy, over and out.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Bobby Bones Show
Listen to 'The Bobby Bones Show' by downloading the daily full replay.