Hey everyone, I'm Drex, and this is the 2 Minute Drill, where I cover three hot security stories twice a week, all part of the cyber and risk community here at the 229 Project and This Week Health. Today's 2 Minute Drill is brought to you by Enterprise Health, a health catalyst company. It turns out you can reduce the time and effort needed for third party risk management by up to 50 percent using Enterprise Health's Blueprint Gen AI technology.

Security, compliance, and peace of mind. Find out more at enterprisehealth. com. Great to see you today. Here's some stuff you might want to know about. Patch, patch, patch. Microsoft's patch Tuesday includes the second largest number of zero days ever published by that company. Just one shy of the all time record.

Six of those zero days are already being actively exploited online and Apple has released. Patches for a bug found in the browser engine of Safari. The patches for Macs and iPhones and iPads and vision pro headsets. Oh, and of course for the Safari browser. Last week I talked about the leaked chat logs from Black Basta, a cyber gang that has been responsible for a lot of ransomware attacks over the past year.

The logs are filled with some really interesting insights. If you've not had time or the interest to dig into them, the folks at Security Boulevard have written a really nice summary of all those leaked chats. They cover everything from what vulnerabilities the cyber gangs are focusing on to How they have evaded detection to cloud based attacks to insights on how they use the same thread until you do to make their tactics and techniques better and some very funny and sometimes graphic descriptions of security products and companies that I'm sure many of you use in your environment.

And yes, at one point they actually use the F word and I don't want to say it's hilarious, but it's It's interesting. It's, it's, it's a fun read, especially if you're slightly nerdy. That story is on our news site. And finally today, I talked about a DDoS attack against X on Tuesday. Honestly, it doesn't look like we know a lot more than we did earlier in the week, except that Elon Musk, who claimed that the attack came from Ukrainian IP addresses.

That claim has now been debunked. One prominent security firm said they didn't see any Ukrainian IP addresses in the top 20 IP addresses attacking TwitterX. While a hacker group called DarkStorm has claimed credit for the attack, the actual attribution may be never known. That story and a ton of other health care tech and security stories are at one of health care's fastest growing news sites.

Thisweekhealth. com slash news. Today's two minute drill was brought to you by Enterprise Health, a health catalyst company. Enterprise Blueprint centralizes privacy, security, and third party risk management, all on a single scalable platform, helping you identify, prioritize, and address risk across your health system.

Check it out now at Enterprise Health. That's it for today's two minute drill. Thanks for being here. Stay a little paranoid. I'll see you around campus.