Cyber

Listen to the latest updates, developments, and insights into the world of cybersecurity. Learn how to protect yourself against the ever evolving threat of cybercrime from leading talk radio shows and premium podcasts.

A highlight from 43. SPECIAL FEATURE: The Most Dangerous Game from Big Brother: North Korea's Forgotten Prince

Recorded Future - Inside Threat Intelligence for Cyber Security

07:10 min | 9 hrs ago

A highlight from 43. SPECIAL FEATURE: The Most Dangerous Game from Big Brother: North Korea's Forgotten Prince

"Hey there, it's Dina. I click here, we've always found North Korea's leader Kim Jong-un to be a subject of fascination. Whether it's his decision to set up hacker hotels in China, North Korea's epic cryptocurrency heist, or the nation's launching of ICBMs, that, well, aren't exactly as they seem. But North Korea is one of those places we need to understand. Whether it's because of its role in the cyber world, or it's important to maintaining peace in the Korean Peninsula. That's why we wanted to share an episode from a podcast we love. Big brother, North Korea's forgotten prince. It looks into what may be the strangest assassination of the 21st century, and it explores a little known story about why Kim Jong-un shouldn't be leading North Korea at all. Hosted by Eden Lee, it follows his improbable rise, and what that means for us all. Here's the first episode. Have a listen. It's February 13th, 2017. The day before Valentine's Day. Kim chall is standing inside Kuala Lumpur international airport. Staring up at the departures board. It's busy. Throngs of passengers glide through the airport's spacious hall, making their way from check in to security. This is Malaysia's biggest and busiest international airport. On a usual day, nearly a 160,000 passengers travel through here. At 9 in the morning, Kim blends into the crowd. He's bald and pudgy, wearing light blue jeans and a gray blazer. A black backpack slung casually around his right shoulder. Kim gazes up at the list of departures and sees that his flight to Macau, his home in the south of China is on schedule. He begins walking toward the ticketing area. Little does he know. But he is being watched. Kim approaches an air Asia kiosk. As he enters his flight information, he doesn't notice two young women, both thin, with dark hair, slowly creeping up behind him. Suddenly, a pair of hands clasp around Kim's face from behind. It's as if someone is trying to surprise him. Like a game of guess who? But instead, the woman wipes her hands across his cheeks. Pressing her palms firmly against his eyes, his nose, his mouth. Kim jerks his head away. Just as the first woman releases her grip, the second woman, wearing a T-shirt that says LOL, does the same. She smears her hands all over his face. Kim thrashes his head to break free. The woman yells sorry. And scurries away. And then, as quickly as they appeared, they're gone. The women vanish into the crowd. Kim Jong takes a deep breath and tries to collect himself. He checks his belongings. The woman didn't take his bag or ID or nab anything from his pockets. All they did was smear a greasy substance over his eyes and nose. It feels like motor oil. And then it starts to burn. Kim staggers to the closest information desk. His nose starts to run. The pain on his skin intensifies. He explains to an employee that he's been assaulted that two strangers came up behind him and rubbed oil or grease or something. All over his face. He tries to wipe the grease off and put the stinging is so intense. He can hardly keep his eyes open. It's painful. Very painful. He explains taking deeper and deeper breaths. Very painful. The attendant walks Kim to three officials. Through labored breath, he explains the story again. The attack, the grease, the pain, the official's nod and lead him down a long hallway to the airport clinic. Can begin to limp. And his vision blurs. He groans in pain as his chest. His lungs, his heart, tighten like a clamp. Inside the clinic, doctors measure his vitals. The burning becomes relentless. His breathing is rapid and shallow. Somebody snaps a picture of Kim Cho. He slumped in a chair. His jacket cast off. His potbelly peeking out of his royal blue T-shirt. His eyes are half open. But he's unconscious. At this point, he's barely breathing. Seconds later, medics Lake him flat on an orange stretcher and strap an oxygen mask over his nose and mouth. Squeezing it again and again. Trying to force air into his lungs. Soon, he's ferried out to the wine of an ambulance siren. It's the last thing Kim Cho will ever hear. Within 15 minutes, he is dead. And nobody knows why. Hours later as police review Kim Cho's strange and sudden death. They're left with the most basic and bizarre questions. How did Kim die? Who were these women? What did they smear onto his face? And why of all people did they attack him? But it soon became clear that Kim chol was not your average visitor to koala lempor international airport. Discovered inside his backpack is approximately 120,000 American dollars in cash. As well as 12 vials of atropine, a rare antidote that's used to treat deadly chemical attacks. Analysis from a lab also reveals that the substance smeared onto his face. Was VX nerve agent. One of the deadliest chemical weapons on the planet. Within 24 hours, they learned that Kim Cho was not the man he claimed to be. The name on his passport was just an alias, a cover. The dead man's real name was Kim Jong Nam. And while most people had never heard of him, international experts knew him well. He was North

North Korea KIM Kim Jong Eden Lee Kim Chall Kim Cho UN Kim Jerks Kuala Lumpur International Air Korean Peninsula Dina China Macau Valentine Malaysia Asia Kim Chol Koala Lempor International Air Kim Jong Nam
A highlight from EP99 Google Workspace Security: from Threats to Zero Trust

Cloud Security Podcast by Google

05:50 min | 1 d ago

A highlight from EP99 Google Workspace Security: from Threats to Zero Trust

"Anton, we're talking about that other part of Google Cloud today that workspace part. It's another sort of sass episode, isn't it? Exactly right. And I think that we've departed from the discussion of the Google Cloud Platform, technology and went to workspace. And of course, there are a lot of fun security challenges there, right? It involves email. It involves documents. It involves file storage. It involves, you know, the last factor is the most annoying. It involves desky users, humans, right? You know, what's one of my least favorite phrases in all of info sec? That the user is the weakest link. The least favorite phrase. I hate it. I just hated with a passion. So negative value. Yes, yes, yes. But what I love about this episode is we talk about ways to protect humans and in particular talk about one of my favorite ways of protecting people, which is fishing resistant to factor keys. And we get into whether they are fishing resistant or fishing proof and have a long digression about watches and going to the moon. So perhaps with that teaser listeners, let's turn things over to today's guests. We are joined today by two wonderful Googlers. We have Nikhil Sinha, a group product manager for workspace security, as well as Kelly Anderson. Product marketing manager for work space security. We're talking about not quite cloud today, but something delivered from the cloud, Google workspace, security. You know, when I think about email, I think about lots of kinds of threats, but there's more than just email and workspace. So could you give us just like that? 10,000 foot overview of the kind of threats we're caring about here. And thanks to him for having us on this spectacular podcast. As far as the variety of threats go, we think we can categorize them into three broad categories. The first one is account hijacks, which is essentially to gain access to crown jewels from a customer. This can include credential theft, cookie theft, another variety of mechanisms to get to your data. The second is data exfiltration, particularly from an insider who's trying to leak sensitive information, externally, either via the web interfaces or through the mobile interfaces. By the way, inside there from a client side, not inside there at Google, correct? That is correct. Yeah, it could be an employee. It could be a contractor that works at your organization where there is a potential for leaking information. And the last part of the last bucket, I would say, is ransomware, which is essentially an attempt to hold customer data, hostage, typically starts as a phishing attack, but there can be many other ways of getting to it. What I would say is that as a general trend, we are seeing the threats increase and really getting sophisticated by the day. Our job as workspace and Google is to stay ahead so that our customers can securely collaborate and innovate while using workspace tools. And to build off of, I just want to touch on this point that Nick hill made about the increase of threats getting more sophisticated by the day because for our listeners and for all of us since we work in security, the threats that he named like account hijacks, data exfiltration, ransomware. These are not new threats. Like these have been threats that have been around for a while that I think, unfortunately, our listeners are all too familiar with. So the emphasis is really on the sophistication and what do we mean by that? In the workspace world, we think about the increase in sophistication around social engineering and phishing attacks and how those types of attacks it's getting harder and harder for IT professionals and security professionals to understand is this behavior that is coming from a user or is it coming from a bot? Or is this coming from a script? Because they're starting to get really good at mimicking user behavior. And so an example of this is when we look at account hijacking, credential stuffing, we're starting to see criminals being able to write scripts, have bots that mimic the speed and pace in which somebody is starting to log in to their account or the speed at which they're mouse hovers over a certain object. So that's what we mean by an increase in sophistication is we have to have threat detection models that are staying ahead and keeping pace of attackers being able to get better at mimicking human behavior. And listeners, what you might take away from Kelly's answer there is that before she was leading workspace security product marketing, she was quite involved in reCAPTCHA product marketing. And fun fact, Anton was the only Gartner analyst to question where the term credential stuffing came from when we first made it up back in my days at shape security. Yeah, I don't know. This sounds like an impressive feat of analyst in, but at the same time it's it was. It felt very obvious. If I hear a vendor that can analyze this, if I heard it then, they say something suspicious, I would always say, what? That sounds suspicious. You were the only one. In any case, I'm going to put my van der head. I can see there. It's called a noogler head. On the head. And ask a question that sort of moves us a little bit away from threats. And they're also compliance motivations here, right? Not because people put credit card numbers in email, you should not do that. But there are other reasons for regulatory pressure to improve security. What are some of the things? Because I'm not even sure what regulations may apply to an office online to regulators know what a Google Doc is. Yeah, exactly. Thank you. So let me just go over there. You'd be surprised. I think you have a great point there Anton. Many of the cyber engines is across the globe. Are taking actions to protect themselves, right?

Google Nikhil Sinha Kelly Anderson Anton Nick Hill SEC Van Der Gartner Kelly
A highlight from Cyber Security Today, Nov. 28, 2022 - Twitter breach may be worse than first reported, a US college victimized by ransomware and more

Cyber Security Today

02:20 min | 1 d ago

A highlight from Cyber Security Today, Nov. 28, 2022 - Twitter breach may be worse than first reported, a US college victimized by ransomware and more

"A massive Twitter data breach reported earlier this year of information on 5.4 million Twitter users was worse than initially reported. According to the new site 9 to 5 Mac, initially one hacker was suspected of exploiting a vulnerability. That exposed Twitter user IDs, usernames, login names, phone numbers, and email addresses of subscribers. But last week 9 to 5 Mac reported that security researchers say multiple hackers downloaded personal data using that same hole. One researcher now says, he's found a new list with that on millions of Twitter users. The bleeping computer news site says it has seen some of this data and said it appears to be different from the 5.4 million list of names reported stolen earlier this year. That may not be the worst part. Leaping computers said that the list of 5.4 million records that, as I said before, was stolen earlier this year, that list is being given away for free to crooks on a hacker forum. In addition, there's a stolen list floating around criminal circles of 1.4 million Twitter profiles of suspended users telecommunications and video surveillance equipment made by 5 Chinese manufacturers has formally been declared an unacceptable risk to American national security. The decision announced Friday by the Federal Communications Commission bans gear from Huawei, ZTE, itera, hike vision, and dua, and their subsidiaries. These companies had already been on what the FCC calls its covered list for risky manufacturers for the past 19 months. The vice society ransomware group has started posting what it says are documents stolen from Cincinnati state technical and community college in Ohio. According to a new site, the documents are dated as recently as November 24th. They're authenticity hasn't been verified.

Twitter MAC Itera Hike Vision FCC ZTE Huawei DUA Cincinnati State Technical And Ohio
A highlight from Episode 341 - Cyber threats and cyber-physical systems, and impacts for APAC

Cyber Security Weekly Podcast

02:30 min | 1 d ago

A highlight from Episode 341 - Cyber threats and cyber-physical systems, and impacts for APAC

"This is J.Lo on site at the center, ICS apex summits and training 2022. And I'm very pleased and very privileged that Tim Conway, who is a sense instructor and also the technical director of the ICS and SCADA program at cents, right? Yes. Joining us today. So thank you Tim for your time. Thank you for having me. Yeah, Tim, you have very extensive experience, right? From the U.S. with Indiana state, one of the largest, if I understand right, electric and gas company and you were computer engineer, looking after control systems and also the supporting networks infrastructure. So a panel experience and so very grateful for your time to share your insights and experience with us today. So if I could just start with a question if I look at your profile as a sense instructor, you focus on ICS and of course the summit here is about ICS as well. So I thought that we could start with talking about what we mean by ICS because I think that's what industrial control systems and for many of us immediately immediately think that is anything to do with industrial processes. So chemical plants, electric plants, utilities, power plants. But some may think, okay, what about those scara systems that are not quite industrial in nature? Correct. Right? Yes. Transport. And then you throw in the terms such as operational technology and critical infrastructure. And we all have different ideas of what ICS means. So tell us what is ICS? That's our goal. We're trying to confuse everybody. They don't know what we're defending. Very well. Very well. I don't know what to attack. So there's one of the things we talked about in class quite a bit. And we often start with a very common catch all term that is called cyber physical. So really moving away from information technology where you're looking at data and rest or data and use or data in motion, a normal information technology class would focus on securing data on a server or securing data on a network securing data on an endpoint. We're talking about data that does something and data that means something. So it has a kinetic component. It has a physics component, and it could be at a large scale like skater, covering multiple states, or it could be at a plant floor, distributed control system, could be an individual PLC, and you could even start to blend into the operational technology and the Internet of Things where people are adding kind of the eye at the front, the industrial Internet of Things.

Tim Conway TIM J.Lo Indiana U.S.
A highlight from Cyber Security Today, Week in Review for Friday, November 25, 2022

Cyber Security Today

06:25 min | 3 d ago

A highlight from Cyber Security Today, Week in Review for Friday, November 25, 2022

"Commentary on events, but first a review of some of what happened in the last 7 days. A fantasy sports betting website called DraftKings is blaming its users for reusing their passwords as the cause of the theft of $300,000 from their accounts. Carrie and I will discuss whether there's more to it than that. We'll also look at a couple of recent ransomware attacks and will offer advice on safe holiday online shopping. Also this week, an international police effort has closed the criminal I spoof website. A service that allowed crux to make calls that spoofed the phone number of businesses and government officials, it also allowed crooks to intercept passcodes for two factor authentication. The site's main administrator was arrested in the UK in an operation that also saw the arrests of over a 140 people. Authorities estimate victims around the world lost about a $160 million from ice spoofs operations. Separately, police around the world also arrested a thousand suspects who are believed to have committed online scams, this was done in a combined operation under Interpol, the international police cooperative. Now, while the suspects ran voice fishing, romance scams, sextortion, and investment frauds, one group was more imaginative. They impersonated Interpol offices. Tricking their victims into transferring almost a 150,000 to them through banks and cryptocurrency exchanges. Ten people were charged in the U.S. with allegedly being involved in multi-million dollar Medicare and Medicaid email scams. The con involved sending emails to public and private health insurance programs that looked like they came from real hospitals. The insurers were told to send payments to the hospital's new bank accounts, accounts that were set up by the crooks. Microsoft warned that a long discontinued web server called boa that's filled with vulnerabilities is still being used in products around the world. That means it poses dangers to millions of organizations. The boa web server can be found in Internet of Things devices. It's also tucked away in some software development kits. The problem, Microsoft continues to see attackers attempting to exploit boa vulnerabilities. Researchers have Palo Alto networks warned that employees are being tricked into downloading remote management tools under the guise of legitimate software. Using those tools, a threat actor can find and copy sensitive data, then the threat actor sends an extortion note to the organization, demanding money or the copy data will be publicly released. 34 Russian speaking threat groups are distributing malware capable of stealing passwords and other data. That's according to researchers at group IB. In the first 7 months of this year alone, the gangs infected almost 900,000 devices and stole over 50 million passwords. The malware they use can also steal cookies, credit card numbers, data from cryptocurrency wallets, and passwords for gaming services like steam, Epic Games, and Roblox. And finally, if you have an Internet connected video camera in or outside your home, Canada's privacy commissioner just published advice on how to keep it secure. There's a link in the text version of this podcast to that advisory. Hello again, Terry. Welcome back to the show. Hey, Howard, how are you? I'm very well. Thank you. And today as we record, it's relatively sunny and mild here in Toronto. Nice and cold here in Montreal. I want to start with news of the theft of money from subscribers to the DraftKings, fantasy sports betting site, DraftKings is an American based sports and casino betting site. That's available in a number of countries. On Monday, there were news reports of users noticing funds had been withdrawn from their accounts. One person told a reporter then around this time, his email was filled with spam. The company told reporters that some $300,000 was withdrawn without permission from a number of user accounts and officials said the company's IT systems were not compromised. So believes that victims weren't careful in creating separate usernames and passwords and those credentials that we used elsewhere were stolen by crooks, they think, who then successfully used them on the DraftKings site. Terry, if this is true, this is another example of people being careless. Yeah, I think it obviously we're dealing with a case with people that don't want to deal with cybersecurity until it's too late. I mean, if this was really a problem with the site, it would have affected all users. So I think this we're dealing with about 5% of their entire user base because they're worth like $6.5 billion. So this is classic password reuse. So if these folks were cyber educated, they would have turned on two step verifications. But ironically, what happened was FanDuel, on the other hand, also put out a tweet around the same time saying, hey, make sure you change your sports book and EFS passwords, and then set up two step verification because they're trying to attempt a hack attempt on various of their accounts as well. FanDuel is a competing site, correct. Exactly. But here, what's interesting here is that this is a perfect example of an unrelated third party advertising keyword advising you that there's a problem happening here. So obviously, if you're dealing with money, turn on your two step verification. Right. But I wonder if DraftKings also wasn't careful if one news site reporting on this is accurate because it quotes a

Draftkings Carrie Palo Alto Networks Microsoft Terry UK U.S. Montreal Howard Toronto Canada
A highlight from Cyber Security Today, Nov. 25, 2022 -  The Android patch-gap continues, beware of corrupted VPNs and more

Cyber Security Today

04:16 min | 4 d ago

A highlight from Cyber Security Today, Nov. 25, 2022 - The Android patch-gap continues, beware of corrupted VPNs and more

"However, many handset manufacturers and cell phone carriers have been slowed to distribute the fix to the devices. According to Google's project zero group, which found the vulnerabilities, ARM issued patches to close the 5 holes by the end of August. But as of Tuesday of this week, a bunch of phones that project zero tested still hadn't been patched. This is a common problem with smartphones, cell phone companies don't automatically push patches to all of the devices that they sell. It's something you could mention to your wireless provider. Threat actors are using the open docker hub image repository for containers to hide malware. Docker hub reviews some images, and verified software developers can add content, but researchers at cysteine said they recently found over 1600 images with malicious content out of 250,000 Linux images that they examined. The problem containers include links to malicious Internet websites and domains, embedded SSH and API keys, crypto miners, and corrupt versions of legitimate open-source software. The lesson is carefully scanned everything you download from docker hub, just as you should with content from open-source repositories like GitHub and pi pi. Targeted people are being tricked into downloading corrupted versions of two legitimate Android VPN apps by an advanced hacking group. The apps supposedly real versions of soft VPN or OpenVPN are really spyware that capture text messages when victims use WhatsApp, Facebook, signal, viable, and telegram. Researchers at esat believe the attackers are hacking for a group that a researchers called bahamut. Usually it goes after targets in the Middle East and South Asia. But the lesson for anyone around the world is, only download apps from websites approved by your department. Connect wise are MM, a remote monitoring management tool used by a number of IT departments and managed service providers had a stored cross site scripting vulnerability that could have been exploited by threat actors. That's according to researchers at. Now, they notified the company in June, which quietly issued a patch for the whole in August. News is only coming out now because agreed to give time for customers to install the update. The thing is, attackers didn't need to compromise installations of connect wise or MM to take advantage of the whole. All they had to do was register for a free 14 day trial of connect wise, set up a fake customer support page for a company that they wanted to hit. And start luring victims to log in. Now where could then be sent to the victim's computer? You see, the trial version allowed the creation of customized pages, just like the paid version. So for free, an attacker could have set up a fake IT support page with any company's logo and send out emails to the company's staff and trick them into logging into the fake support page. After being notified, connect wise removed the ability to customize pages in the trial version, and it also fixed the cross site scripting vulnerability. Two lessons here, first, it's important that application developers regularly scrutinize their code for bugs. And second, don't enable all features in trial versions of software. That's it for now.

Docker Hub Esat Cysteine Github Google South Asia Middle East Facebook
A highlight from Cyber Security Today, Nov. 23, 2022 - Lessons from the hack of officials in Moldova, a different phone scam and a warning about an abandoned web server

Cyber Security Today

02:51 min | 6 d ago

A highlight from Cyber Security Today, Nov. 23, 2022 - Lessons from the hack of officials in Moldova, a different phone scam and a warning about an abandoned web server

"According to Microsoft, the boa web server is still being used by makers of Internet of Things devices for management consoles, as well as by makers of some software development kits. Microsoft continues to see attackers attempting to exploit boa vulnerabilities. Now, because this application isn't being updated, Microsoft urges IT and security administrators to patch everything else whenever updates are available and to limit the number of IoT devices that connect to the Internet. Here's another example of how threat actors quickly shift to new tactics when they're exposed. In July, researchers at a company in Finland called with secure put out a report on a criminal campaign, it calls ducktail, its goal is to hijack the Facebook business accounts of companies to install malicious ads. After the alert, the digital certificate allowing the malware to be signed was revoked, and the gang went quiet. But it's come back. Using digital certificates bought from other sources, as well as other tricks to evade detection. One way companies can protect themselves against this attacker is to toughen defenses against Facebook business account takeovers. Fantasy sports betting site draft kings has acknowledged the accounts of some users were hacked, less than $300,000 was taken from the accounts of customers. The service says its systems weren't hacked, it alleges the victims were careless, suspecting their passwords were used on and stolen from other websites. Some people hope to make quick money through cryptocurrency, that makes them easy targets for scammers. Here's two pieces of news to put this into perspective. Two people in Estonia were arrested there after a U.S. grand jury returned an indictment. It is alleged the pair defrauded hundreds of thousands of people out of $575 million in a fraud and money laundering scheme. They allegedly got victims to enter into a fraudulent equipment rental contract to share in the profits from a cryptocurrency mining service. Well, the service didn't exist. And they also allegedly got victims to invest in a phony virtual currency bank. Separately, the Justice Department said it had seized several domains used in a $10 million cryptocurrency confidence scheme. The scam involved websites pretending to be the real Singapore international monetary exchange. 5 victims in the U.S.

Microsoft Facebook Finland Estonia U.S. Justice Department Singapore
A highlight from SN 898: Wi-Peep - FBI purchased Pegasus, Passkey support directory, Quantum decryption deadline, Firefox 107

Security Now

04:07 min | 6 d ago

A highlight from SN 898: Wi-Peep - FBI purchased Pegasus, Passkey support directory, Quantum decryption deadline, Firefox 107

"Leo agreed to be with you again as always. Good to see you. What is this? The pre Thanksgiving episode. It is. Yeah. And we're almost in the 900s, which is a scary place to be. Actually, it was interesting because when I got Elaine's transcript last week, she said, this was 897. Yeah. And she reminded me, she said, okay, that means that we are 102 episodes from 9 99. And there are 50 one episodes per year because we skip one for the holidays. She's paying attention, which means exactly precisely two more years of security now. I'll put that in my calendar. So honey, I'm not going to let you forget. So by then, you might say, oh, I'd like to keep doing this. You know, Leo, I may have the hang of it by then. And so it'd be like, not that big a deal. Well, as somebody who just quit the radio show after 19 years of doing that, I can kind of understand after a while you get to a point where it's like, I've done everything I'm going to do. Imagine now, I would say you could sleep in on Saturday, except that the show didn't start till 11. So if this really changes your sleeping habits, then we have a different problem. I get to do stuff on Saturday, which is I've worked weekends for 19 years. A long time. Yes, in fact, what was happening was you were only working 6 hours two days, Saturday and Sunday for three hours. And then you and I were meeting once a month up in Toronto. You were spending four days up there to record. I mean, I'm getting PTSD. Just hearing about it. Crazy. And you had three unfilled weekday weeks, and so you said, you know, it's just some shows. I got a lot of time on my hands here. Oh, well, aren't you glad now that you have a podcast? I am. I've been telling people this is the first time I've not been working for anybody in my whole working life. I'm working for myself for the first time ever, something you know a lot about. Well, except now you have a wife. So, well, as Patrick Norton once told me because I said, I want to work for the man he said, Leo, there's always a man. In this case, the man is a woman. But still, we're partners. But it is kind of interesting that I've been a employee at ten W two employee. Since I was 16 years old. So that is a big change. I think the podcast thing might work out that's all I'm saying. Eh, it might turn out to be something. I don't need to keep this job anymore. But it might. So we're going to note this week, many things. We've got a new version of Firefox, Google recently reached a nearly $400 million user tracking settlement. We've got some interesting legislative things to talk about during these next couple hours. Red Hat has started cryptographically signing its zip distributions like what? You can sign a zip? Well, not really. But the FDI purchased turns out the nefarious Pegasus software or the spyware, it's just to kind of see what it's about. Greece paid €7 million for a similar spyware called predator. Pass keys has a directory listing the sites where they can be used. So that will be exciting. The OMB, the U.S. office of management and budget has decreed a quantum decryption deadline. And of course, we're all going to pay attention to that. Also, 33 speaking of paying attention to the FTC, 33 U.S. state attorneys general have asked the FTC to get serious, my Friends, about online privacy regulation. We'll see how that turns

LEO Patrick Norton Elaine Ptsd Toronto U.S. Office Of Management And Red Hat Google Greece FTC U.S.
A highlight from EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?

Cloud Security Podcast by Google

05:05 min | Last week

A highlight from EP98 How to Cloud IR or Why Attackers Become Cloud Native Faster?

"Anton we're talking about instant response today. And I did not know until we recorded this episode that there was an actual three part definition of what counts as an incident. That was eye opening. Yes, and it comes from a broader field of incidence. I think the disaster recovery, even outside of IT. So I think that that source for wisdom wasn't security, hacking, malicious, whatever, or even IT incidences kind of came from outside, where you think about disasters in the physical world, which to me was kind of fascinating because I was about to argue with a guest about one minor point. And then I realized, well, actually, this definition kind of removes this reasonable argument. Yeah, the topic is near and dear to my heart listeners, fun fact, my mother for most of my childhood was part of AT&T's disaster response organization. So I spent a childhood climbing around DNR exercise locations. So it's very dear to me. Today's episode is a ton of fun. We have returning guest John stone and a new guest with that. Let's turn it over to both of them. Welcome to the show. Today we have Matt Linton, a cow specialist at Google, and John stone Charles coordinator at office of the seas of Google Cloud. So all that much chaos, what is the topic? Obviously the topic is incident response. In the cloud as things happen. So back in 2014, when I first touched on this topic, to me, the number one challenge was getting the data to investigate as some of the cloud providers, 8 years ago, had few logs accessible to clients. So what are the top 2022 cloud IR challenges? Let's start from the problem space. Matt, John, who wants to answer first? Oh, that's a tough question. I mean, I think the challenge varies per company or per individual even, right? Are some places who are just beginning to adopt cloud and their challenges are all in either responding to ad hoc builds that have been put together or formalizing things that were just experiments a week ago. And then there's other institutions that are really large and they're bound by regulations and they have mature processes and their challenges are about how to actually meet the same kinds of processes they have in place. Now, but in the cloud. With different resources and different risk profiles. So it's hard to even say anybody has kind of a one size fits all risk profile there. But to me, it's sounds a little bit like everything is top challenge. Well, I think there's a varying maturity model there. So maybe John can lay that out for us. Yeah, I'll add these two buckets. I'll use the hour analogy the whole thing and for the folks that don't know what it is. It's organization operations and their technology. So and I think it falls into the first two categories, right? So the organization, depending on what Matt was saying, either is very new to it. Or doesn't have that. And a lot of times they don't have the operational capability. So like you have 2014 example Anton. I don't think it's an issue of having the not anymore. In fact, it's probably too many large right now for them to look at. But do they organizationally have the skills? In the organization to look at cloud, a lot of times they don't. And then do they have operational capabilities. But everybody wants to run to the tooling first, which is the T of the U thing. And that's no need to one way it goes wrong from my perspective. Like if they just approach it from the two other things like answering the question of can we even do it before? Here's the thing we should do it with. I think that would solve a lot of the challenges. I think it falls in those phase two buckets. It sounds like a very early stage problems over domain. I'm trying to put my analyst briefly on and think this sounds like problems that we would describe for a domain that's really immature. Well, the final immaturity, because it has been along for more than ten years already. So it's not a new thing. But some organizations have been slower moving to cloud. If you look at a digital native organization, well, they were born in the clock. It's not a new thing for them. They have a different way of approaching this whole problem. In fact, the only incident response they know it's in the cloud. But if you look at the larger scale enterprises, that's a brand new thing for them that's a new thing where they're pushing to. And especially regulated markets are even slower to then uptake around that. So it's a sliding scale. I wouldn't say it's like a starting thing, but to match point different customers are different points in their journey. So part of the problem here is just knowing yourself and knowing where your organization is in that journey. When we ask that question, we kind of did something unfair. We didn't start out by saying what a cloud incident even is. So Matt, when we think about security in the cloud and instant response in the cloud, what is an incident in the cloud? Because things like exposed storage buckets or crypto mining attacks on an exposed project. That happens pretty often. Do those still count as incidents? What's the line?

Matt Linton John Stone Charles Anton John Stone Google Matt John AT
A highlight from Cyber Security Today, Nov. 21, 2022 - New ransomware strains found

Cyber Security Today

03:18 min | Last week

A highlight from Cyber Security Today, Nov. 21, 2022 - New ransomware strains found

"Last month, it also started using links in Google ads for distributing malware. There is good news to report for the past two years in New Jersey, cybersecurity firm has been quietly helping victims of the Zeppelin ransomware strain, recover their encrypted files, this comes after it cracked the ransomware code, the company, unit two 21 B, needed the help of 20 servers with 40 processors to do it, and for those of you who are calculating, yes, that's a total of 800 CPUs. It took them less than 6 hours to find a solution. The company has now gone public after two years with its success. Now, here's the thing. The company told the law enforcement agencies about this two years ago so that they could notify victims where to go for help. This is one of the reasons why if you're hit with ransomware, let police know. They may be able to point to resources that can help the IT department recover. Attention Microsoft exchange administrators. If you haven't yet installed the exchange security updates to plug the vulnerability called proxy not shell, you're in trouble. According to the bleeping computer news site, a security researcher has publicized a proof of concept exploit that attackers have been using for some time to compromise exchange servers. The patches were released November 8th. Even still, administrators should have taken mitigation action before that because attackers have been trying to leverage these holes since the end of September. Ten people have been charged in the U.S. with allegedly being involved in a multi-million dollar Medicare and Medicaid scam. The Department of Justice said the scam involves sending emails to public and private health insurance programs that looked like they came from real hospitals. The insurers were asked to send payments to the hospitals new bank accounts. Unknown to the insurers, the bank accounts were set up by crux. The charges are in other examples of why staff and finance and accounting departments have to be regularly trained, not to trust email messages involving changes of regular procedures in handling money. Any requested bank account changes have to be independently verified. The European Union is closer to launching a constellation of satellites that will give member countries more Internet resilience. The EU council last week reached a provisional agreement on a regulation establishing a secure connectivity program, including the launching of the iris satellite network. Separately, the EU council voted to support a proposed regulation to ensure a high common level of cybersecurity across the 27 countries in the union. The regulation would promote cooperation and responding to cyber incidents. It still has to be passed by the European Parliament.

New Jersey Google Eu Council Microsoft Department Of Justice U.S. European Union European Parliament
A highlight from Cyber Security Today, Week in Review for Friday, November 18, 2022

Cyber Security Today

03:50 min | Last week

A highlight from Cyber Security Today, Week in Review for Friday, November 18, 2022

"New Brunswick's Bose security will join me for a discussion. But first, a quick look at what happened in the past 7 days. The parent company of one of Canada's biggest supermarket change is still saying virtually nothing about a cyber incident that started a week ago today is silence golden David will have some thoughts. A ransomware attack against Australia's second largest private healthcare provider is getting the country angry. The government has formed a task force to go after hackers and possibly forbid organizations from paying hackers. David and I will discuss whether cooler heads are needed. And we'll look at a recent expert panel report on cybersecurity in Ontario's broader public sector. Which includes municipalities, hospitals, children's agencies, and education institutions. How much help and what kind of help do they need? In other news, a Chinese government intelligence officer was sentenced to 20 years in prison by a U.S. judge, he was convicted a year ago for conspiracy to commit economic espionage and other offenses for accessing aviation related information of American companies. He would arrange trips for unsuspecting experts to China to give university presentations. But when he took his guests to dinner, Chinese agents hacked the computers left in their hotel rooms. Swiss police have reportedly arrested a Ukrainian man wanted by the FBI for hitting a cybercrime group, cyber reporter Brian krebs, said the man was arrested three weeks ago in Geneva. He is allegedly the head of the jibber Zeus gang, which goes after bank passwords of victims. CNN says this week, Swiss authorities agreed he should be extradited to the U.S.. A threat actor as compromised over 15,000 WordPress websites, according to researchers at security. The goal is to redirect unsuspecting people when they do a search on sites that they go to. They end up being sent to a fake question and answer site. Website owners have to regularly scrutinize their code for compromises. A state sponsored threat actor is believed to have compromised that digital certificate authority as part of its hacking activities, that's according to researchers at semantic. The group dubbed Bill bug, usually goes after organizations in Asian countries, but the researchers worry that the gang can create legitimate looking digital certificates that could fool any target's computer system with malware filled software. Google agreed to pay $391 million to 40 U.S. states for misleading users on the amount of location tracking that Android did, users thought, turning off location tracking stopped data collection, it didn't. And finally, an analysis of websites and applications suggests that developers still aren't writing secure code. Researchers at synopsis found 95% of work that it looked at had some vulnerabilities. At least 20% were high risk and another 4.5% were critical vulnerabilities. Joining

Golden David Chinese Government Swiss Police Brian Krebs New Brunswick U.S. Ontario Canada Australia David FBI Geneva CNN China Google
A highlight from Cyber Security Today, Nov. 18, 2022 -  A warning about Amazon RDS snapshots, a new ransomware strain found, and more

Cyber Security Today

04:05 min | Last week

A highlight from Cyber Security Today, Nov. 18, 2022 - A warning about Amazon RDS snapshots, a new ransomware strain found, and more

"The warning comes from researchers at Nida, who found a way to scan, clone, and extract sensitive data from RDS snapshots, administrators usually store these snapshots in a separate database, but if that database is exposed to the Internet or shared with someone, the snapshots could be copied by a hacker and worse the researchers said, with some work a hacker could figure out where the snapshot came from and threaten to release the data unless the organization pays them off. In doing their work, the researchers found 2783 snapshots around the world, 810 of which were publicly accessible. RDS administrators and users should take care to securely configure and encrypt these snapshots. Just over a year ago, 18 security leaders were warned to patch the log for Shell vulnerability and applications that use the log four J two logging library. This week, the U.S. cybersecurity and infrastructure security agency, otherwise known as the CIS a warned IT and security leaders to make sure all their systems are patched for this whole. They issued that alert after finding suspected Iranian government sponsored threat actors, use that vulnerability last February to compromise a federal organization through an unpatched VMware horizon server. The attackers used their access to get to the organization's domain controller, they compromised credentials, and then implanted reverse proxies on several hosts to maintain persistence. The alert urges administrators with VMware horizon that didn't immediately install patches or workarounds to assume they've been compromised and to take action. Separately, the CI SA issued a background paper on the tactics of the hive ransomware gang, security teams can use the information to look for indicators of compromise. Meanwhile, researchers at BlackBerry have identified a new strain of ransomware. They called our crypto. Foreseen hitting organizations in Chile and Columbia in August, BlackBerry says victims in Canada and China have uploaded examples with similar code to the virus total scanner, for examination. That suggests that those behind this strain of ransomware are going after organizations around the world. Hackers are still using old tricks to fool unsuspecting victims, one of them is an email or a text that says something like we noticed an unusual log in on your account, please click here to secure the account. Clicking takes the victim to a fake website where they're asked to log in to confirm or change their username or password. The goal is to steal those credentials. In a blog this week, researchers at armor blocks said crux recently tried to send a message like that to students at an unnamed educational institution. The message looked like it came from Instagram. If you get a message like this, ignore it. Legitimate companies don't send messages this way, instead they'll tell you to go to the application's login page the way you usually do to check or change a password. And finally, if you use the Firefox browser, make sure it's running the latest version, an update was released this week that patches a number of vulnerabilities. You should be on version one O 7. That's it for now. But later today, the week in review edition of the podcast will be available.

U.S. Cybersecurity And Infrast Iranian Government Nida Vmware Ci Sa CIS Chile Blackberry Columbia China Canada Instagram
A highlight from Special: Coordinated Release of Detection Rules for CobaltStike Abuse

Cloud Security Podcast by Google

02:39 min | Last week

A highlight from Special: Coordinated Release of Detection Rules for CobaltStike Abuse

"This is a special episode today we're talking about cobalt strike. Exactly. It's involved FBI and threads and fun stuff. The FBI. Yes, so this is one of those where we kind of get excited about the threat reasons, so to say, and it's also a fascinating episode because it involves a legitimate tool that's used by bad actors. This episode also involved one of the most clever ways we've ever heard of stealing cycles. Oh yes. Oh yeah. Listeners to Anton and I were just about dead when we wrapped our minds around what our guest was telling us. One of the fun things about being a podcast host, I'll say, is you get to realize when it takes a long time to catch up to what somebody has told you because sometimes it just does. And I think this was one of those cases. So with that, let's turn things over to today's guest. Today we are joined by Greg Sinclair, a security engineer here at Google Cloud. Greg, thank you so much for joining us today. Could you just give us a little bit about your background and how you ended up here at Google? Sure. I've been taking things apart since I was a kid. My sister still mad about several of the toys the first that took part and see how they work. That led into a career of being on a red team for a healthcare company in Chicago. From there, I moved into malware analysis. And I worked for I defense for a while, and then from there, Nevada, and then Capital One, and then Google. So I've had quite a few years of taking malware apart. And something I just checked away enjoy. Was people whose hobby and career massively overlap. You know, when I was in college, my father said to me, Tim, do what you love, and you'll never work a day in your life. And I listened to that advice, and I got a political science degree. And for a while there, it looked like I would never work a day in my life. But I don't think that's what people mean by that expression. Well, in my case, I actually worked out pretty well because again, I really enjoy what I do. So that's awesome. So tell us about the team you're on here at Google. So I'm with the upper case research team. We are responsible for doing a bunch of things primarily related to the chronicle product. But you work with my product too. You also help out the security command center folks. Absolutely. Absolutely. We're kind of a far reaching team and that sets. We do a lot of we do a lot of research, a lot of signature developments, detection development, which is great. My particular little enclave on the team is responsible for taking pieces of code that are of interest and fully exploring what they are and hope to write better detections that we can and then in turn feed into other teams and give to customers.

FBI Greg Sinclair Google Anton Greg Nevada Chicago TIM
A highlight from Cyber Security Today, Nov. 16, 2022 - Bad news for application developers and early security advice for Black Friday shoppers

Cyber Security Today

00:59 min | Last week

A highlight from Cyber Security Today, Nov. 16, 2022 - Bad news for application developers and early security advice for Black Friday shoppers

"Bad news for application developers who think they are careful coders, 95% of the 2700 websites and applications recently tested by researchers had some sort of vulnerability. At least 20% of them were high risk vulnerabilities, according to synopsis, which conducted the research. Another 4.5% were critical vulnerabilities. A common fault was cross site scripting. A report concludes developers should run a wide variety of tests on their websites and applications before putting them into production, including penetration testing. Last week I told you about a threat actor hiding malware and images in a package left on the open-source pi pi python language repository. This week, researchers at checkmarks said they have identified the attackers.

Checkmarks
A highlight from SN 897: Memory-Safe Languages - Shennina Framework, Shufflecake, The Helm, LightSpeed vulnerabilities

Security Now

05:22 min | Last week

A highlight from SN 897: Memory-Safe Languages - Shennina Framework, Shufflecake, The Helm, LightSpeed vulnerabilities

"We survived election day, and we are now on to well, we got tonight's announcement from Mario. Oh, that's right. It's you. It's 6 p.m. Pacific time, 9 p.m. eastern for those who are interested. I'm certainly a spectator. So we'll be watching, yeah? I will be glued with my popcorn and we'll see what happens. A lot of fun. Also fun is today's topic. This is another one of these weeks where there was no major cyber research that was, I always liked to track cyber research things. Nothing really happened except a bunch of news, except that the NSA published a real interesting sort of an appeal to everyone to seriously consider switching to the use of memory safe languages. Yes. Yes. Yes, that's the title of today's episode of security now, 897 for November 15th, memory safe languages. We're going to do a little retrospective on the event filled more eventful than Microsoft would have wished. Patch Tuesday, we're going to look at a newly published horrifying automated host attack framework, which script kiddies are sure to be jumping on. We've got to welcome new feature that's been introduced into GitHub. Also, so three critical vulnerabilities in the, it's only 6th in the world, but that gives it 1.9 million instances the light speed web server. We've also got something I think is going to be of interest to our Linux users. The spiritual successor to true crypt and Vera crypt for Linux. And then we're going to do a little segment two and a half minutes. We're going to play of Australia's announcement of their intention to proactively attack the attackers. I don't know how you don't know how you could do that legally. Yikes. Okay. And boy, she's not she's pissed off. We've also got a controversial new feature that was added to iOS 16.1 .1. Also, I just have to touch on a couple more decentralized finance catastrophes. Believe it or not, Leo, other than the collapse of FTX last week, or week weekend before last. We've also got submission and listener feedback. we're going to wrap up by taking a look at this National Security Agency promotion of the use of memory safe languages. So I think another great podcast for listeners. Oh, and because of last Tuesday's election, they put up a chart on the screen at one point. Where I just said, okay, stop everything. Hold on. This is just so wrong. And we probably talked about this last year, but again, I just can't resist, because this is just makes my blood boil. It's like, who's in charge? All right? You know, I'm looking at I'm trying to figure out what you don't like about it. We'll find out and just a little bit. Oh, I see. Yes, I do. It's green, green is like way bigger than orange. Yes, you're right. I see. Well, show you in a second. Okay. Now that I now that I look at it. Yes. Interesting. Huh? It's a perspective thing. You just wouldn't understand, Steve. It's all about TV production. I have a lack of perspective. Our show today. That's been said before. Our show today is brought to you by the password manager I use and love and been recommending for some time now. Bit warden. I'm a big fan. Now you probably know if you listen to this show that you've got to have a password manager. In fact, if you listen to this show and you're not using a password manager, you're not listening to the show. Stop listening. Pay attention. So really, this is not necessarily for you. This might be for a friend or family member that you're helping secure. It might be, well, it might be if you're unhappy with your current password manager, I love bit ward. You know, I've always for a long time I've said that encryption is not reliable if it's not open-source. If you don't know what they're doing, how are you going to know if they're doing it right? I kind of feel the same way about a password manager. Bit warden is the only open-source. There's .1 very important. Cross platform works everywhere. Windows Mac Linux everywhere, iOS Android. Password manager that can be used at home, you can have a personal edition at work. They've got business versions on the go. And it's trusted by millions. This is a really great solution with bit warden you can securely store and not just credentials, but anything you want to keep safe across personal and business worlds.

Vera Crypt NSA Mario National Security Agency Microsoft LEO Australia Steve
A highlight from Uniswap Introduces Universal Router

Ethereum Daily

02:57 min | Last week

A highlight from Uniswap Introduces Universal Router

"Event of a hack permit to enables time bound token approvals removing the need to revoke approvals instead one time signatures only permit token allowance for the duration of the transaction, permit two is also integrated into universal router, a new smart contract that unifies ERC 20 and NFT swaps into a single gas optimized router. The router can be used to swap multiple tokens on uniswap and by NFTs across marketplaces in a single transaction. The new contracts are non upgradable open-source and deployed across 5 chains. Meta mask added NFT price estimates to its portfolio dap, estimates are powered by NFT bank AI and NFT portfolio manager that provides APIs for NFT price appraisals, according to meta mask price estimates are provided with roughly 90% accuracy. The integration provides estimates for most major collections on Ethereum, support for NFTs on other networks is planned to be added at a later date meta mask introduced its portfolio dap in September, allowing users to view their assets across multiple chains and accounts. The release is still in beta and only allows wallet connection through the better mass extension or mobile app. DeFi saver released its first automated perpetual strategy for liquidy chicken bonds. The strategy allows all USD chicken bond holders to automate the rebounding of their position for maximize yield. Re bonding claims the boosted derivative token called a BL USD converts it into LU SD and then uses it to create a new chicken Bond. The automated rebounding strategy uses the optimal rebounding time as the triggering condition. Since new bonds accrue faster than old bonds, the strategy calculates the point at which creating a new bond with an increased amount of USD becomes more profitable than accruing bail USD and the current Bond. Adidas original unveiled its genesis collection of wearable Ethereum based NFTs called a virtual gear, the NFTs are designed to be worn by virtual avatars and will be interoperable with other identity based worlds, according to Adidas, users who hold a wearable and a partner NFT will also have access to a profile picture dressing tool. The 16 piece genesis collection includes 8 profiles, including three limited edition wearables led by board a biot club G money and punk's comic, the new collection marks Adidas third NFT drop as part of its metaverse strategy, Adidas first launched its into the metaverse collection last year, which raked in $23.5 million in sales for the retailer. And lastly, coinbase wallet added a polygon Mumbai faucet to its browser extension wallet. Users can now obtain testnet Matic tokens without having to sign up or provide personal information. Testnet faucets can be accessed within the wallets settings page. Coinbase wallet also supports faucets for sepolia, gorilla, and optimistic

Meta Mask Nft Bank Ai Adidas Mumbai
A highlight from CowSwap Proposes MEV Capturing AMMs

Ethereum Daily

03:32 min | Last week

A highlight from CowSwap Proposes MEV Capturing AMMs

"Daily briefing on the latest in Ethereum, cow swap proposes surplus capturing AMMs, open sea decides to continue enforcing royalties winter mutes be bob Dex is now live and re designates tornado cash sanctions. All is similar from eth daily starts right now. Cow swap technical lead, Felix loophole to propose the launch of surplus capturing AMMs, a new type of AMM focused on protecting liquidity providers from maximally extracted value also known as MeV. According to loopholed, LP's lose money to arbitrage in traditional AMM's compared to LPs that actively rebalance their portfolio. Majority of arbitrage value is paid in the form of priorities to validators. Surplus capturing AMMs aim to capture surplus revenue for liquidity to providers by executing trades at the new equilibrium price. Sandwich attacks are also avoided as Kelso up only provides one price per batch. The new revenue stream could also lower AMM fees for traders. Open seat decided to continue enforcing creator royalties for all existing collections on the marketplace, the decision comes after pushback from NFT creators after revealing plans to make royalties optional. Open sea already introduced optional royalties on new collections that fail to implement a new on chain enforcement tool. The tool allows creators to create permissioned NFT collections by blocking contracts from marketplaces that do not honor creator royalties, such as blur luxury and X to Y two. Open C also advice creators to no longer link to fee avoiding marketplaces. Open C is still the largest NFT marketplace by trading volume. Beep bop, a new tax developed by winter mu is now live. The exchange offers one to many and many to many token trading, allowing traders to swap multiple tokens in a single trade. According to the exchange, the feature saves upwards of 65% on gas fees compared to individual swaps, be bob supports trading on Ethereum and polygon, bebop also offers zero slippage trades made possible by using requests for a quote in which private market makers offer guaranteed price quotes, the exchange also provides eth less trading by having traders pay gas fees in ERC 20 tokens. Be bop aims to become a fully decentralized protocol in the future. The U.S. Department of the Treasury's office of foreign assets control has redesignated tornado cash as a sanctioned entity, defined as a group of founding developers maintainers and Dao participants. However, of designation does not yet include any individual founders developers members of the Dao or users, the agency cited the use of tornado cash by DPRK associated groups as the basis for the designation. Coin center which holds a lawsuit against stated that their redesignation does not change the nonprofit strategy in the lawsuit. Designation makes it illegal for U.S. persons to transact with the privacy tool and lastly ZK roll up based layer two network loop ring now supports our eth, the liquid steak and token by rocket pool, looping users can now swap ether for RE through the projects earn portal. The network also supports staking via leaders wrapped steak eth token, staking withdrawals, however, are unavailable until Ethereum's Shanghai upgrade looping a Z fourth largest roll up with over a $100 million in total value locked. This has been

Ethereum Bob Dex Eth Daily Felix LP U.S. Department Of The Treasur Office Of Foreign Assets Contr Coin Center BOB DAO Dprk U.S. Shanghai
Chat w_ Alberto Daniel Hillmp3 - burst 2

twitterspaces

06:55 min | 4 months ago

Chat w_ Alberto Daniel Hillmp3 - burst 2

"Of your bio from your LinkedIn page. Oh, why do I can talk about myself without reading? I would be better. That would be better. Why don't you tell us a little bit about yourself? I know. Yeah, that's right. Well, guys, I am a computer engineer. I am my name is Alberto, first of all. I want to kill. I am from Uruguay, of America. And I am a computer engineer. I have been working for 20 years into information security in different fields, such as computer forensics, consulting, I have a BMP certification, which is a pressure management professional from the PMA organization, and that allowed me to lead many projects, implementing information security management systems, based on the norm, so I select 27,000, which I am also satisfied, and I am the first hacker in Uruguay that will seem to be, but that's not the main point, the pain point is that I was sent to research and for trying to help others seem to present without being guilty of any crime. And well, I am here with my friend Tony that I met on the address spaces. And well, she invited me to talk in a space with her and I'm very honored to be here today. Thank you. And I want to welcome everyone to this nice space. I see we have Jason, who I met also on Twitter space bunsen and beaker who hosts an incredible portrait of phrases. Make sure you follow. I guess he does a great work and also my good friend Jason, who is an incredible guitarist. He plays beautiful music for me and hi there. So she's just kind of remark the sky as we follow each other. How are you? And hi Mike, how are you, space Mike, and also let's say hi to mister proctor 31 and also to Samantha. Hi, everybody. Welcome to this space. And again, another disclaimer. We are recording this space. I am running an analytics on this space. So if you could go ahead and share this out and invite all your Friends, even if they're not seen on this base, there are people listening to us right now according to the software. I wanted to talk a little bit about some of the things that you experienced. But what made you decide to reach out? I mean, you know, they say that no good deal unpunished. Alberto, I wonder, can we talk a little bit about that? Well, maybe you decide to reach out and to help your country. Wait, do you mean after or before being arrested? Before being arrested, I mean, did you thought that you would get arrested for doing this? Absolutely not. It was something that never crossed my mind. It was something that for me, it was impossible that would never happen. I mean, if you ask anyone from my school, when I was a child, when I was in university, I was probably the most introverted person in the class, the person that if you have told anyone of my act Friends from college, who will be impression, if you have to do one person in the future, I would probably leave it the last in the list to be considered, no, never across my mind. And as I work in cybersecurity, one of the key things that we do is finding some problems in systems, you may find them in the place where you work and you are paid for finding them. I mean, that's part of your issue. Or actually, when you go to your house and you tell your computer, you can also find security problems in systems that are not under your control. And yeah, I did find a lot of problems in many systems. And all the time, I reported them in order to help those people that both the companies that are involved and the people whose information is started in those systems that are being vulnerable without wanting anything in return. I mean, there are no problems here in Europe. So you do it just to help you then get I mean, you don't get to eat sometimes I think in return, but I consider that that's the thing to do because otherwise somebody with bad intentions will probably find the same problem you found. And they will be affecting the private information of a lot of people, which I really like because privacy for me is something patients and I respect other people's privacy and I want my what I don't want to I don't want to be invaded by policy and my life is quite public right now, but I really think the priorities should be really respected. But I have reported for years not to accompanies to what I find the best, but to assert of my country, the search is agency of the development that handles all the security things that are linked to the government and to critical systems or importance systems such as America providers, for example, or financial financial institutions. And well, I have done it for years. And I never had any problem. Until I found a very important security issue in America provider that was the provider of my ex-girlfriend where she wanted to set an appointment in the system and she gave me a computer to do that. And well, before she gave me her username and password, I was already in the system with the privilege of administrator being able to see absolutely everything everything out there, the provider with the username admin and the password admin, which is something that is hard to relieve, but it was true. So I immediately reported that to the serve. And then I forgot about it because you had to report it and you don't need to get any update or you have to know how the incident is being handled and solved. That's not part of the

Uruguay Alberto Mister Proctor Jason PMA Mike Linkedin America Samantha Tony Twitter Europe
Telegram Emerges as New Dark Web for Cyber Criminals

UK Column Podcasts

01:35 min | 1 year ago

Telegram Emerges as New Dark Web for Cyber Criminals

"Of course is has been highlighted over the last number of months as being a platform of choice of people that are Organizing events to protest against locked on or other things but the demonization of t. Telegram is continuing appears here with the financial times plus a cybersecurity company producing the information. That box up this article telegram emerges as a new dark web for cybercriminals. So we've got to shut tub telegram dying straightaway thought signal. Was the dark web for this week. It's telegram this week. It's telegram so this was an investigation by cyber intelligence group cyber and together with financial times. And they say that they find a ballooning network of hackers sharing data leaks on the popular messaging platform sometimes and channels with tens of thousands of subscribers lured by its ease of use and light touch moderation and many kisses. The call ted resembled that of the markup is find the dark web a group of hidden websites that are popular amongst hackers accessed using specific analyzing software We have been recently witnessing a one hundred percent rise and telegram use usage by cyber criminals. said cyber and so We've got to shut down straightaway away or at least bring it under the The online harms legislation. And make sure that it's Well regulated or make. Sure the telegram put some kind of back door in there so that The uk intelligence agencies can easily access

TED UK
3 Former U.S. Intelligence Operatives Admit Hacking for United Arab Emirates

the NewsWorthy

00:51 sec | 1 year ago

3 Former U.S. Intelligence Operatives Admit Hacking for United Arab Emirates

"Three former. Us intelligence and military officials were behind an international hacking scheme newly released court documents show. They admitted the united arab emirates hired them to hack into computer networks around the world including right here in the us. They also sent advanced hacking technology from the us to help the uae spy on its enemies a team there ended up breaking into the computers and smartphones of thousands of targets including rival governments journalists and human rights activists. The justice department says the men committed computer fraud and violated export laws. But they made a deal to avoid a criminal trial instead. They'll have to pay almost one point seven million dollars in fines between the three of them and they'll have to cooperate with federal investigation. The men will also never again be able to get a us. Government security clearance. The justice department called it a first of its kind resolution so far. The emirati government has not commented

United Arab Emirates United States Justice Department Emirati Government
Microsoft Warns of New IE Zero-Day Exploited in Targeted Office Attacks

Security Now

02:07 min | 1 year ago

Microsoft Warns of New IE Zero-Day Exploited in Targeted Office Attacks

"Is warning of a newly discovered. I e believe it or not. What sort of indirectly i-it's zero day being actively exploited currently in targeted attacks using their office apps while the danger might not be extreme. Especially if the user of this or the use of this exploit remains targeted This should remind us of our picture of the week two weeks ago which was titled pandora's inbox where pandora's depicted thinking to herself. It can't hurt to open one little attachment can it And while i agree that it's unlikely to hurt any of us. We do know that once zero day has been observed being used and it's become public Those highly targeted attacks likely become spray attacks. You know the secret is out and a patch will be forthcoming. Which means that. The optimal strategy at that point is for those who wish to exploit what has now become a time. Limited advantage is to go from you. Know targeting individual people to spraying this thing foreign wide to collect all of the curious and even the incurease pandora's Which may be possible so my word to our listeners. Don't be a pandora When we hear that it's an easier o'day that's really a misnomer. Because the vulnerability which is now being tracked cvt two thousand twenty one. Four zero four four four was found in microsoft's 'em html component which was also known as trident which is the i e. browser

Pandora Microsoft
Apple Issues Urgent iPhone Software Update to Address Critical Spyware Vulnerability

the NewsWorthy

01:00 min | 1 year ago

Apple Issues Urgent iPhone Software Update to Address Critical Spyware Vulnerability

"Heads up if you have an apple device. There's an urgent warning to download the latest emergency software update now available apple just released it to fix a critical security problem security. Researchers found a flaw that lets a certain spyware infect iphones ipads apple watches or mac computers. But here's the thing. The person who owns the device does not even have to click on anything to let the cybercriminals in so users might not even know when they've been compromised with this technology. Hackers can control the devices camera and microphone and they can record text messages. Emails and phone calls. The spyware is made by an israeli company called the nso group. The firm sells its technologies to governments and police forces for crimefighting purposes but amnesty international says the spyware has also been used against activists and journalists. The average user probably would not be targeted but apple. Still says everyone should update their devices. Now just in case and the emergency software. Update comes just hours before. Apple's big product launch happening today apple is expected to unveil the latest version of the

Apple NSO
Who Are Ransomware Gangs Targeting?

Cyber Security Today

01:45 min | 1 year ago

Who Are Ransomware Gangs Targeting?

"Which organizations are ransomware gangs looking to target. According to israeli cyber security firm kayla they primarily want firms based in the us canada. Australia and europe who on average earn more than one hundred million dollars in annual revenue and are not in the education health. Care government or nonprofit sectors. That's according to an analysis of forty five conversation threads on criminal forums. these forums are where initial access brokers claim to have hijacked into a company and are now selling that access to ransomware groups. Attackers are looking to buy specific types of access to victims so it and security administrators should pay attention to this. Highly desirable are companies. That have vulnerabilities in their microsoft remote. Desktop protocol set up which is used my employees for remote access as well as those with vulnerable virtual private networks setups using products from six palo. Alto networks vm-ware fortinet and cisco systems now in the last several months all of these products have issued patches for vulnerabilities. So you shouldn't be caught off guard for such access. Ransomware attackers are willing to pay up to one hundred thousand dollars and remember if your company earns less than a hundred million dollars a year. Don't be complacent. That's an average of the requirements of some attackers and only for messages seen during a narrow timeframe

Care Government Kayla Alto Networks Ware Fortinet Australia Europe Canada Cisco Systems Palo United States Microsoft
Ransomware Gang Threatens to Leak Data if Victim Contacts FBI

Cyber Security Headlines

00:33 sec | 1 year ago

Ransomware Gang Threatens to Leak Data if Victim Contacts FBI

"Ransomware gang threatens to leak data if victim contacts. Fbi or the police in an announcement published on ragner lockers. Dark net leak site this week. The group is threatening to publish full data of victims who seek the help of law enforcement and investigative agencies following a ransomware attack or who contacted data recovery experts to attempt decryption or to conduct the negotiation process this announcement puts additional strain on victims considering that governments worldwide have strongly advised against paying ransoms but have suggested turning to law enforcement instead

FBI
Razer Mouse Security Flaw Can Give Admin Access to Non-Admin PC Users

Firewalls Don't Stop Dragons Podcast

02:46 min | 1 year ago

Razer Mouse Security Flaw Can Give Admin Access to Non-Admin PC Users

"There was a rather disturbing story about how this security researcher was able to take over. Someone's computer t- basically live plug in the right kind of mouse now. This case that happens to be a razor mouse And there was actually a steel series mouse. That turns out had the same problem. But the problem's not with these mice the problems with microsoft windows so. This is an article from. Tom's guide and realize that there was actually a previous article to this. But talk about both of them so chronologically. It's gonna feel weird but just hang with me in the article. Explain both of these cases as we go a day. After the world learned that razor gaming mice could be used to take over windows. Pc's there's news at the same trick. Works with steel series gaming keyboards. Mice headsets and even mouse pads as with the razor mice. It's actually the windows. Desktop application that causes the trouble. That's because it gets system wide privileges during installation without first asking for a system administrators permission. This flaw was discovered by security researcher. Lawrence amer who was inspired by the razor issue. A militias human using or mauer. That's already running on a windows ten. Pc and presumably this applies to windows. Eleven to as a low level user during the installation process can leverage this flock to gain full system control and cybersecurity terms. This is called privilege escalation or escalation elevation of privileges it's when processes or users gained powers. They shouldn't have however. This law isn't the fault of steel series or a razor. Those companies are just trying to get their software and stone quickly. This is instead of microsoft issue because windows isn't distinguishing between hardware drivers which normally don't need admin permissions to install and peripheral related desktop software which should need edmund permission microsoft needs to fix this privilege escalation situation before more problems like this pop up as they almost certainly will. So what can you do about this to avoid having your p. honed by gaming peripherals. Make sure you lock the screen of your workplace. Pc when you step away from your desk home. Bc's are under less threat from this kind of attack due to there being fewer potential users around. But you might want to shut off your pc when you've got a lot of company over to really make sure that this can't happen to your machine log. In as an administrator good system than settings and then about and click on the advanced system settings link this will spawn a box labeled system properties. Select the hardware tab and then click the button device installation settings in the pop up window that follows title. Do you want to automatically downloaded absent and custom icons available for devices. Select the radio button labeled no in apparently next to know in parentheses says your device might not work as expected as you might imagine taking this more severe route might make installing new hardware not just gaming mice and keyboards but also printers headphones. Even usb security keys a bit more arduous although not impossible

Lawrence Amer Microsoft Mauer TOM
Is It Time to Ditch Two-Factor Text Messages?

Talking Tech

01:41 min | 1 year ago

Is It Time to Ditch Two-Factor Text Messages?

"Of the most important security measures you can take turning on two factor authentication to log into various online accounts whether it's for your bank your email or your twitter account but it might be time to ditch the option to receive those codes. You get by text that's right. I'm usa today. Tech columnist rob pecoraro writes about this on dot usa today dot com exploring alternatives to rely on text messages when enabling two factor authentication. It's especially important if your t. mobile customer as a recent data breach made its customers more susceptible to what's called a sim swap attack where a hacker tries to take over a phone line to intercept two factor authentication messages and it doesn't require the hacker to physically have your phone in their possession one alternative to receiving text with a code that allows you to continue the log in process is to switch to an or app google authenticate or is one big example. I've used an app called offi h. y. for years. Now it's fantastic. I use it for several of my accounts. It's really easy to set up in. All you do is when it gets to that screen that asks for the code to put in Instead of again getting text she'll go to the offi app and pull up the account. And it'll give you a six digit code. You type it right in. There are also some apps like google bypass text message altogether instead showing a message on your screen asking if you tried signing in and then he can tap either yes or no to confirm that you can also purchase an encrypted usb security key to linked to your account and then confirmed by plugging into the new device. They usually start around twenty five dollars but can't be fooled by fishing pages and protect multiple

Rob Pecoraro Usa Today Twitter USA Google
Twitch Streamers Are Taking a Day off to Protest Hate Raids

the NewsWorthy

00:36 sec | 1 year ago

Twitch Streamers Are Taking a Day off to Protest Hate Raids

"Expect the popular live streaming platform twitch to be a little quieter than usual today. Many streamers have staged a one day blackout. They're hoping to draw attention. To so called hate raids and show solidarity with streamers face them during these raids. Some users will swarm streamers chats with racist and hateful language for example one streamer who's black and uses them pronoun says they've been a frequent target. Other streamers say they see hate raids with the n. Word posted so much that other chats cannot even get through twitch has encouraged people to report those kinds of issues and says. It's planning updates later this year. To help streamers protect

T-Mobile Hacker Who Stole Data on 50 Million Customers

Security Now

02:28 min | 1 year ago

T-Mobile Hacker Who Stole Data on 50 Million Customers

"T mobile thanks to the fact that the attacker a us citizen believes that he's currently outside the long arm of us law enforcement. We're now learning quite a lot about the. who what. And why of his quite successful data exfiltration attack on t. mobile and none of what. We're learning flatters. T. mobile's cybersecurity. The wall street journal turns out had been chatting with the purported attacker via telegram for some time. They've confirmed that his name is john. Binns b. i. n. s. john is a twenty one year old. Us citizen of turkish descent. Who relocated from the us back to turkey three years ago. John was reportedly discussing details of the reach before they were widely known and t. mobile received their first indications of trouble when they were notified of the breach by unit to twenty one. Be a cybersecurity. Company the monitors the dark web for their own purposes. So they saw the that. John was offering the sale of all of this data breach material on the dark web and they unit to one b. said T mobile. Do you have a problem that You haven't told anybody about so john. The wall street journal that his attack against t. Mobile was conducted from the comfort of his home in izmir turkey where he lives with his mom of turkish descent. His american father died when he was just too and he and his mom moved back to turkey three years ago when he was eighteen. He reportedly uses the online handles. I are dev and vortex with an numeric. Oh among others Among other handles and he's alleged to have an online track record that includes some participation in the creation of a massive dot net. That was used for online de dos attacks. Four years ago when he was still in the us in seventeen years old

T. Mobile Binns B The Wall Street Journal John United States Turkey Izmir
Who Are the Belarusian Cyber Partisans?

Risky Business

02:22 min | 1 year ago

Who Are the Belarusian Cyber Partisans?

"The first place. I want to talk about these actually. From patrick neil at mit technology review. And i think he's written probably one of the stories here About the cyber partisans in belarus. These this is the group that claimed to be hacktivists. Who ex filled a whole bunch of Data that's critical to the functioning of the belarusian. Sort of security apparatus and. Yeah he's got he's got right up really talking about this group. It's interesting stuff. Yes this is a really good return to the because we talked wasn't two or three weeks ago on the show win by. I started dropping some of the things that this group the partisans had hacked out the various interstate security apparatus in belarus. And this kind of goes back and looks at. That story has a bunch more details about kind of the makeup of the group They should be saying something. Like fifteen ish people bounce from the work in the tech industry and belarus in general and a few that have some sub security experience about what kind of learning to hack on the fly supported by a whole bunch of ex patriots involuntary ex patriot belarussian police and other state security people that fled the country after you know some of the bad things down in las relations and they end up providing support and gardens and analytics To help them go through. The process of making the most of the networks have a gangster. I think this kind of spitballing at times like it. Is this exactly what it sounds like. Is it really activists and local did initially talk about this. We came down on the side of well. This actually looks like it might be genuine kind of weird and it starts is to see some stories that back out that feel that we have at the time because we were going on. I'm pretty thin input at that at that point in the story but this is just an i was reading. This and i'm struck by this is like really walked inside a threat. Looks like you know we. We've seen so much has been made in writing about computer security over the you know the the dangers of insiders. This is really the in game of of insider when your own national government is using the people who work the mechanics of your national governments have security apparatus tuning against you and then using those tolls against the government and that's just a. That's inside three writ large and it's really interesting to see.

Belarus Patrick Neil Mit Technology Review Patriots
Dangers of Data Collected in Afghanistan

The CyberWire

01:47 min | 1 year ago

Dangers of Data Collected in Afghanistan

"The taliban seizure of hide that's hand-held interagency identity detection equipment biometric registration and identification devices aroused concern when it was first reported but the risks of that loss while real seem likely to be limited. Mit technology review argues. That a more serious matter is the insurgent government's acquisition of apps the afghan personnel and pay system used by the deposed governments ministries of defense and the interior. A great deal of data was collected in apps. Technology reviews sources tell it that each profile and apps contains at least forty data fields quote. These include obvious personal information such as name date data birth as well as a unique. Id number that connects each profile to a biometric profile kept my the afghan ministry of interior. But it also contains details on the individuals military specialty and career trajectory. As well as sensitive relational data such as the names of their father uncles and grandfathers as well as the names of the two tribal elders per recruit who served as guarantors for their enlistment and quote this amounts to a catalog of community connections with anyone whose name appears in a profile flagged as connected in some non trivial way to the subject of the profile. And unfortunately there are signs that the lists are being used in head hunting searches for personnel. Who served in or otherwise connected to the former government's military services apps data was unprotected by retention or deletion policies and was presumably seized intact.

Afghan Ministry Of Interior Taliban
Is FBI's Magic Lantern the Ultimate Keylogger?

Darknet Diaries

02:12 min | 1 year ago

Is FBI's Magic Lantern the Ultimate Keylogger?

"This malware called magic lantern. And i find it fascinating. It usually infects a computer through an email attachment. You get email which says to open the attachment and when you do zane. Your computer is infected. And what magic lantern does. Is it record your key strokes and sends everything you type back to a central system so the hackers can see everything you type now of course with a key stroke logger like this. It can pick up any message. You send the people private chats and of course your passwords to who's the shady hacking group that uses magic lantern the f. b. i. In two thousand one someone issued a freedom of information request and got back information. The fbi uses this magic lantern malware to capture key strokes on target computers. No i'm under the impression that the fbi would need to get permission to use the software like a search warrant or something so this would classify magic lantern to be a lawful intercept mechanism meaning. They had permission to basically wiretaps on one. But this sparked a debate in the security community. The question was if the fbi has legal permission to eavesdrop on someone by using magic lantern should antivirus and security companies detect and report on this activity. Of course the fbi would like to go unnoticed in any kind of stealth mission and would rather antivirus companies not alert when they see this but on the other hand. That's the whole point of antivirus software to alert. When something is going on and shouldn't be happening. F secure antivirus company based in finland said right away that they would absolutely report on this but they're in finland the fbi is in the us. Mcafee an american antivirus tools said they would not alert the user if the tool saw magic lantern trigger and that it would ignore it later. They denied saying they're saying they do. In fact alert when magic lantern is detected on a computer but this opens a door to a strange world of allies and enemies. And it's hard to know who to trust when the software you buy might be lying to you or when the fbi is busy infecting people with malware to spy on them.

FBI Zane Finland Mcafee United States
T-Mobile CEO Apologizes for Data-Security Breach

3 Dimensional Wealth Radio

00:28 sec | 1 year ago

T-Mobile CEO Apologizes for Data-Security Breach

"An apology from a communications giant Ron Dirac Stra has the story, T-mobile told nearly 50 million customers whose personal data was stolen. It was truly sorry for the breach. In a written statement, CEO Mike Seaver says the company spends a lot of effort to try to stay ahead of criminal hackers, but did live up to the expectations they have for themselves to protect their customers. 21 year old American living in Turkey, told The Wall Street Journal. He was responsible and blame Team Mobil's lax security for making it

Ron Dirac Ceo Mike Seaver Turkey The Wall Street Journal Team Mobil
Biden Urges Tech Moguls to Help Fight Cybersecurity Threat

Atlanta's Morning News

00:32 sec | 1 year ago

Biden Urges Tech Moguls to Help Fight Cybersecurity Threat

"In the wake of major cybersecurity breaches. Like the one of the Alpharetta based colonial pipeline. President Biden meets with top executives from major tech and financial companies. Reporter Moussa Deka Madar says the White House wants the private sector to help toughen its defenses. Google pledged to spend 10 billion in the next five years to secure software supply chains, expand security models and train 100,000 America. And then it support and data analytics. Microsoft also pledged to provide $150 million in technical services to help federal, state and local governments with upgrading their

President Biden Moussa Deka Madar Alpharetta White House Google America Microsoft
New Hampshire Town Loses $2.3M in Taxpayer Money to Cyberattack

Cyber Security Headlines

00:36 sec | 1 year ago

New Hampshire Town Loses $2.3M in Taxpayer Money to Cyberattack

"Hampshire town loses millions to email scammers. The town of peterborough reported. It lost two point. Three million dollars. As a result of business email compromise scammers which redirected bank transfers using forged documents. Sent to the peterborough finance department. The compromise was achieved using fishing and social engineering techniques. The town. I became aware of the issue on july. Twenty six when the convent school district reported. It didn't receive. Its one point. Two million dollar monthly transfer the us secret service cyberfraud task force is currently investigating the attack which originated from overseas. It's unclear if insurance will cover the lost funds and it's down for the transactions can be

Hampshire Town Peterborough Finance Departmen Peterborough Convent School District Cyberfraud Task Force United States
Iran Prisons Chief Apologizes Over Leaked Videos of Prison Abuse

The World and Everything In It

00:47 sec | 1 year ago

Iran Prisons Chief Apologizes Over Leaked Videos of Prison Abuse

"The head of iran's prison system admitted tuesday that leaked video showing abuse at the notorious prison is authentic about a few handled speaking to reporters iran's judiciary chief said authorities are investigating the incident. The prison chief apologized for what he called unacceptable behaviours but offered no plan for reforms. Hackers reportedly stole the video footage taken by the prison security cameras. The videos showed fights among prisoners and guards. They also show overcrowding in cells and harsh conditions in one shot. Prisoners smashes a mirror and tries to cut his arm with a shard of glass even has long been known to house political prisoners and those retires to the west

Iran