Listen to the latest updates, developments, and insights into the world of cybersecurity. Learn how to protect yourself against the ever evolving threat of cybercrime from leading talk radio shows and premium podcasts.
A highlight from Cyber Security Today, Dec. 1, 2021 - FBI seizes alleged ransomware gang member's funds, a cloud computing security report from Google and more malware found in the Android store
"However, organizations still have to make sure the systems aren't vulnerable to misconfigurations and other errors by employees. In its first cloud threat intelligence report, Google says many successful attacks on applications are caused by poor cyber hygiene and a lack of basic security controls. What kind of problems can happen? Well, looking at its own service, the report says 86% of compromise Google Cloud Platform instances were used for stealing compute cycles for crypto mining. Other abuses of Google Cloud included using resources to scan targets to launch cyberattacks and to host malware. 48% of compromises were blamed on customer accounts that either had no password or a week password. Another 26% of compromises were due to vulnerabilities
A highlight from SN 847: Bogons Begone! - 0-Day Windows Exploit, Major MediaTek Flaw, Super Duper Secure Mode
"Yeah, you've been waiting all week. You're very patient, but here we are Tuesday again and here he is straight fresh and ready to go straight from the keyboard where he's been typing typing typing, mister Steven, Tiberius Gibbs and hello, Steve. I actually have been. Hello, Leo. And I know you are. I worked all through the Thanksgiving holiday and weekend. Wow. Until something happened that really almost never happens. I literally hit the wall on Sunday around two or three p.m. and I posted a note to the spin right group. And I said, okay, I can't work anymore. Wow. So, yeah. But I've been hurting. So interested in what's going on. I talk about it a little bit later in the podcast. So we have a really fun podcast, I think. 847 for this last day, the final day of November. Bogons be gone. Yes. And everyone will understand by the time we're done, what bogan's are to be gone. Oh, good. Maybe. But we got a lot to talk about. We're going to note that the new edge browsers unbelievably named super duper secure mode because Microsoft certainly wouldn't want its satellites with anything less than super duper security has been deployed kind of quietly. But we can all enable it. It's not on by default. So our listeners are going to want to know all about that. We also have more than one third, 37% of the world's smartphones all vulnerable to audio monitoring and recording flaws. Courtesy of their media tech firmware in their media tech audio processing DSP. We're going to talk about that. We've got an important reminder about clicking links in email and wonder how that can still be a problem. It's still is. The entirely predictable evolution of a Windows zero day vulnerability, which is latent no longer. Unfortunately, we have some interesting closing loop feedback from our terrific listeners. I've got a sci-fi book update. Then we're going to take another and much broader look at the recent efforts to clean up IPv4. But this time from the perspective of those who are working to do so and I understand their position. So, you know, we talked last week about this crazy idea, as a consequence of the IETF's proposal to claw back essentially, most of the local net one 27 network. It turns out that's just the tip of the iceberg. So I think a really fun podcast for our listeners. I can't wait. I'm excited, as always, I look forward to this all week long. Oh, and a picture. We got a picture picture. We got a picture. But before we do that, let's talk a little bit about our sponsor of the hour E set. And you know I've been talking about he said I think more than ten years now. They're the global leaders of cybersecurity. And in particular, one of the things I love about ESET, and you'll hear it all the time on this show is their commitment to research. We quote them from time to time about their security research.
A highlight from 236 Preparing for the Next Ransomware Generation
"A co authored the book with Tim Gallo back in 2016. And the ransomware kind of market has changed a lot since 2016. And ransomware attacks have changed dramatically. Some of the defenses that are needed have changed. And so I really, really wanted to kind of give an update to kind of what's happening and get it in a condensed understandable format. I really, if any publishers are listening, I really wanted to write a book on the history of ransomware and not have any technical stuff, but nobody really wants to hear the story of ransomware from me. They just want to know how they can protect themselves from me. So just with an option and I was really excited and happy to do it. And actual tech media and recorded future have been really great, making the book freely available to anybody who wants it. You can also, of course, buy it on Amazon, but if you want the PDF version, it's free to anybody. And I think that's amazing. So what are some of the key things that have changed in between your first ransomware book in this one? I mean, obviously, the big thing is chew really big things are big game hunting, so instead of when I rode in 2016, or when we rode in 2016, ransomware was single machine, encrypt that machine and then you're done. It was still a big problem for organizations because they were getting hit a lot. So those single machines kind of added up whereas today it's encrypting thousands of machines at the same time. And of course, with that comes a much more hefty ransom involved. And then there's also the idea of that extra extortion, the double and triple extortion of leaking files, which wasn't the case. Hey, and I'll also throw in ransomware as a service has made it a lot easier for anybody to kind of get into the ransomware game. Whereas the 2016 you have to have some level of technical skills, not much, but you have to have some now really there's handbooks there's guides that are available. Ransomware actors, Bragg about how easy their ransomware is to install once you get into network. And so that really does make a big difference. Yeah, it strikes me how much this vertical, I guess we could call it has really professionalized itself that, you know, it's not just the kids in The AV Club who are doing this. These are serious organizations. Right, absolutely. I mean, you know, when we talk about the growth of ransomware, it's not just that ransomware itself has gotten bigger, but the ransomware Inc if you will has gotten bit bigger in that, now you have ransomware groups that hire professional negotiators who will not professional. They hire at least English speaking negotiators. Let's say that they hire developers to build out their ransomware. They hire initial access brokers to gain that first footing and then buy the access from them. So there's this whole sort of set of cottage industries that have sprung up in support of frets where and part of that is just because ransomware makes so much money. Right now, outside of possibly business email compromise, ransomware is the most profitable by far cybercriminal activity. So what has changed in this updated book in terms of your recommended approaches for people to prevent this and deal with it if they do find themselves falling victim to it? You know, it's funny because some of the things just haven't changed people just haven't started doing them yet. So some of the things like you need better asset management, you need better vulnerability management, right? That's kind of you've been doing this for a long time. I've been doing this for a long time. We've been saying that for 20 plus years. That's still is kind of needs to be done. Network segmentation that was in the first book and that's still highly recommended now, even more so with master deployment of ransomware. Some of the things that are different, though, really focusing on improving your incident response and disaster recovery plans. So before your incident response was on a single machine, right? So you could have kind of a loose based incident response or a loose based disaster recovery because you were only recovering for one thing. So it wasn't fully up to date or whatever it wasn't the end of the world. Now you need an updated incident response plan and disaster recovery plan because you need to take into account the fact that you're not down one machine, but you're down a thousand machines. And how are you going to respond how are you going to get services back online? How are you going to prioritize that? Especially when once it happens, every other or every other part of your organization is going to tell you that they need to be a top priority. So you need to have that in advance, where else we're negotiators weren't a thing. When we wrote the last book, so discussing when you need to hire a ransomware negotiator and if you're going to have to pay the ransom, why it's so important to have a good rinse and we're negotiating there instead of trying to do it yourself. Double triple quadruple extortion wasn't a thing. How to prepare for that. How to handle the fact that you're going to have a whole lot of bad news coming your way possibly for weeks or months at a time depending on whether you pay the ransom and how long the brand's more actor kind of strings out the release of files. And then really there's a whole chapter dedicated to protecting your domain controller because that wasn't as big a deal. When they're landing on a single machine, not as big of a deal to have to worry about them getting credentials and getting to the domain controller, but now that's kind of critical to any rents war operation, so it has to be critical to any ransomware defense. You know, in the past 5 years, I think it's fair to say that more and more of the things we do with our computers has shifted to the cloud. How does that reality affect the ransomware situation? Is it a mixed blessing there? Yes and no. It depends on your cloud provider. Because cloud providers are being targeted by ransomware groups. We know that ransomware groups are like have written special versions of their software that target ESXI and Linux. So even if you have your own internal cloud, you could potentially be vulnerable on rates and more groups love going after ESXI because they know that they can take down that one server, but they can take down a hundred servers
A highlight from EP45 VirusTotal Insights on Ransomware Business and Technology
"Anton we've got virus total representatives as well as somebody from the threat analysis group today, which is super fun, and we are talking about ransomware. Yes, today's episode as you would know. In a few minutes, had a couple of moments when I kind of exclaimed, this is surreal. Yes. So there would be a few moments when my mind of a person being in the security industry for a good number of years was kind of blown by some things we've been learning. So this is fascinating. This is an episode where I really felt like my political science degree was not a waste of time because so much of what we were talking about today comes down to the economy and in some ways the psychological economy of ransomware operators and people who are paying ransoms. It's really fascinating stuff out there. Yes, I guess I'll give one brief preview about trust. It emerges that it's better to be hacked to be compromised by a trusted brand in ransomware. Because if you're hacked by somebody who has a trust as well known brand and rent somewhere and if you pay them, you get your data back. But of course it's obscure and kind of weird, to even think about which criminals are trusted and which are not. How do you go to their website and check their Yelp ratings? How do you even go about that? We don't have answers. Is there a Yelp for ransomware operators? It's really an interesting sort of thing where the criminals will make more money in the long run by being trustworthy. But have at various junctures and we get into this in the episode as well as opportunities to make a quick buck and then run away. So there's really just fascinating trust incentives all over the place. And with that, let's turn it over to today's guests. I am delighted to introduce today's guests.
A highlight from Episode 298 - Mitigating global disruption and predictions 2022 - Interview with CISO of Kaseya
"Hello, welcome to my security TV in our tech and sec weekly. My name is Chris cabbage on the executive editor and director with my security media. And today we've got a special guest from the U.S. mitigating global disruptions and predictions 2022. One of the highlights for 2021 was kasia and we're going to be joined by Jason manar. The new chief information security officer and I'll bring Jason on now. Jason, thanks very much for joining us. It's a pleasure. Thank you for having me. It's always good to have an American accent with us as well. We're in the USA. I'm down here in Miami. My dialect is actually from Kentucky. So if you're a little bit over a western kind of culture slang, don't have my cowboy hat with me, but a lot of people a lot of people here. Yeah, look, I'm sorry. I can't pick American accents that will. Sometimes on California and stands out to me, but obviously the Texas accent adjacent I and understand looking at some of the media releases coming out with cassia that brought you into the row. You actually worked with kasia during we'll call it a brachial or the incident around July, as well, the ransomware incident. Maybe let's start off being brought in as the chief information security officer, which is a challenging role at best. But obviously coming from law enforcement into the private sector is also going to be a bit of a transition for you. But also, hand over to you made in terms of your role as see so with kasaya and then expand out from there. In the role since October. Yeah, so you hit the nail on the head. I got to know kasia in July. During the event, I got to know me. It's one of probably more than a thousand incidents that I've worked, which is allowed me a really holistic view that few people ever get. You get to see how companies have done things right, how companies have done things wrong. You get to see the best in breed products, solutions, policies, recommendations that every system around the world, maybe not every Sicily around the world, but a thousands that I've dealt with around the world. What they've implemented. And then that kind of information is invaluable and can say saw that. Obviously, brought me on board and, you know, we have really just hit the ground running, right? Making sure that we continue to harden ourselves, continue to have the best practices and policies that are in place. To ensure that we're we need to be not only today, but in the future. Maybe if I can come back to the role of the FBI, what was your actually role in the incident or maybe if you position at the FBI? Was it an investigator or a lease on what was that kind of that role? So I have to be real careful because it's still ongoing investigation, and understood. Right. So what I will say is I was the cyber supervisor down here responsible for all interactions with not only to say it, but everyone down here in Miami, Central and South America, the Caribbean, anything that took place down here. That was my role at the time as to the particulars and what was done other than I would point you to some of the media releases that DOJ has recently done.
A highlight from Cyber Security Today, Week in Review for Friday Nov. 26, 2021
"In a few minutes dinah Davis, the Canadian based vice president of research and development at managed service provider Arctic wolf will be with me for a discussion. But first I'll look back at some of the news from the past 7 days. GoDaddy, one of the biggest Internet hosting providers has admitted that a compromise password led to the attack of its managed WordPress service. The email addresses of up to 1.2 million active and inactive WordPress customers were copied. Worse is that the usernames and passwords for a number of subscribers to the hosted service were exposed, forcing GoDaddy to make those users reset their passwords. Dinah and I will discuss this incident. Windows administrators were warned to watch for a suspicious changes in users access privileges. This comes after a researcher released proof of concept code for a new Windows zero day vulnerability. If a person has access to a computer, they may be able to easily upgrade their privileges to administrator using the exploit. Cisco Systems says attackers are already trying to take advantage of the vulnerability. How fast can an attacker find improperly protected servers or databases open to the Internet? Sometimes within hours. This is according to a report released this week on a test by Palo Alto networks. It's set up a number of honey pots on the Internet to discover what happens. China and I will discuss what the company calls shocking results that are a lesson for IT managers. The Conti ransomware gang has suffered a temporary blow, researchers at the Swiss cybersecurity firm called pro daft. Published a report this week, saying they managed to get into the group's payment portal. They came away with valuable information for law enforcement agencies and IT security teams.
A highlight from Cyber Security Today, Nov. 26, 2021 - Advice to online retailers for the holiday season, lengthy prison terms for cybercrooks and watch for Android updates
"Android device users should be on the lookout for security patches from their carriers or device makers. This comes after media attack, which makes chips used in many smartphones, released a security update. And this follows an investigation by researchers at checkpoint software. They discovered a flaw in the media tech auto digital signal processor that could allow a hacker to listen to people's conversations or upload malware. Unfortunately, some Android mobile device makers only offer two or three years of security updates for their hardware, if you have an older device, it may not get this update or other device updates. It's one reason why you should consider adding antivirus protection. And finally, remember that later today, the weak and review addition will be available. A guest commentator and I will talk about the GoDaddy hack, honeypots and safe online shopping.
A highlight from Episode 297 - Recent cyber law cases and regulations highlights and takeaways
"Welcome to cybersecurity will be podcast and gene lo podcasting from Singapore today. And with us today we are very fortunate to have Greek Audrey who is a lead cybersecurity policy and compliance analyst with boost Ellen Hamilton, who is joining us from Virginia United States. And Rick has more than 15 years of experience as a United States Air Force judge advocate general sports and was recognized as the outstanding Professor of law at the air force academy. And he's now part of bus Allen Hamilton support to the Department of Defense CIO. So thank you for joining us with the podcast today. And you will be sharing with us as I understand highlights of all cases and regulations in the recent years in cyber, and some take aways from these developments. Yes, and thank you very much for that kind introduction. And before we start, I just do want to clarify that any views that I offer today are strictly those of my own. And do not necessarily reflect my company or any of my clients. Thank you, Rick. So with that, if we could start with something that had been discussed quite a lot in the last 12 months or so. And I think it has been prompted to stand by the search in ransomware payments during the COVID period. And so this is the all fact sanctions now, which is the U.S. department of treasury the office of foreign assets control. So OPEC. And the sanctions? Yes. So basically prohibits are U.S. persons from engaging in transactions directly or indirectly with individuals or entities on the sanctions list. And normally covered countries such as Iran or North Korea amongst others. Preaching such or making such a ransomware payments to these banned individuals and regions could result in fines for up to $1 million. And for our listeners why in the financial services and familiar with anti money laundering and robbery and corruption and other compliance related regulations, all fat sanctions are not new, but what our listeners were not in the sector are familiar with such regulations. For example, our colleagues in the cybersecurity industry specializing in say forensic are incident response. Or for those of us who are not in the United States, right? Why are these all fat sanctions in U.S. important and what are the implications for them? Okay, well, I think they're important because a lot of companies when faced with the loss of major business because their assets are basically frozen by these encryption schemes that result in these ransomware quests. I think there is a tendency in some cases after they've kind of analyzed their options to want to pay. And what the ofac has done and as you pointed out through an advisory the issued last year on October 1st, they tried to clarify their position on these payments and obviously the United States government wants to discourage ransomware payments because the whole business model of ransomware is premised on the fact that people would pay.
A highlight from SN 846: HTTP Request Smuggling - NetGear Routers 0-Day, The Most Brute Forced Passwords, GoDaddy Breach
"Yes, you've been waiting all week long. You've very patient person for this guy right here. Steve Gibson, hello, Steve. Happy Thanksgiving. Happy, yes. Indeed, and I missed your birthday. Was it actually on Sunday? No, it's Friday. Oh, it's last Friday. This Friday. You didn't miss it. 1351 B redwood way. No, I don't like this, as you know, once you get to a certain age, you don't even want to think about it. Well, I was put in mind because this is Evan Katz's birthday today. Dear friend. And of course, you and I both know Evan. He's a prolific communicator. And it's a nice way to put it. And he tweeted, I had just the reason I know it's his birthday. I will track his birthday, but he said he tweeted that it was ten years ago today that I surprised him at the Ritz Carlton in Dana point at his wife set this up, and it was his name is Ruth. And he said, and so Ruth contacted me and she said, it would just blow Evans mind if he walked into the parlor at the Ritz Carlton and had you there to hang out with him. So I said, what is this? It was very cool. Yeah. And it turns out he's a big chess buff. I know. I know. From Evan, that I learned that humans just it's over. It's over. Not even close. Not even close. But the human world championship is starting Friday. So that's your birthday. On my birthday party. Magnus Carlsen, the Norwegian region world champion will face nepo machi. Nepo, they call him because his name is just recommending queen's gambit to someone who is good who has never seen it. It's so good. Really good. So we have an interesting episode of weighted at each end as opposed to just at the end. We're going to start off this week by taking a careful look. Oh, I should mention that this security now episode 8 46 for what is this three days before your birthday? November 23rd. If you want to actually my birthday, I am wrong. I lied. My birthday is a 29th. I don't know what I was thinking. Michael's birthday is Friday. Mine is a week is coming up a week. Yes. Next Monday. All right. Anyway, there's a lot of birthdays happening. I've got to confuse. We're going to be talking about HTTP request smuggling, which was going to be last week's topic until it got bumped for something more timely. But I did mention it because it was part of an attack chain, which I thought was going to be tied into the topic of the week. But now it's tied into this topic. This week's topic, anyway, HTTP requests, smuggling, a very tricky way of smuggling HTTP requests across the border, literally. So that one's going to be kind of tricky, but I think really interesting for our technically inclined listeners.
Telegram Emerges as New Dark Web for Cyber Criminals
"Of course is has been highlighted over the last number of months as being a platform of choice of people that are Organizing events to protest against locked on or other things but the demonization of t. Telegram is continuing appears here with the financial times plus a cybersecurity company producing the information. That box up this article telegram emerges as a new dark web for cybercriminals. So we've got to shut tub telegram dying straightaway thought signal. Was the dark web for this week. It's telegram this week. It's telegram so this was an investigation by cyber intelligence group cyber and together with financial times. And they say that they find a ballooning network of hackers sharing data leaks on the popular messaging platform sometimes and channels with tens of thousands of subscribers lured by its ease of use and light touch moderation and many kisses. The call ted resembled that of the markup is find the dark web a group of hidden websites that are popular amongst hackers accessed using specific analyzing software We have been recently witnessing a one hundred percent rise and telegram use usage by cyber criminals. said cyber and so We've got to shut down straightaway away or at least bring it under the The online harms legislation. And make sure that it's Well regulated or make. Sure the telegram put some kind of back door in there so that The uk intelligence agencies can easily access
3 Former U.S. Intelligence Operatives Admit Hacking for United Arab Emirates
"Three former. Us intelligence and military officials were behind an international hacking scheme newly released court documents show. They admitted the united arab emirates hired them to hack into computer networks around the world including right here in the us. They also sent advanced hacking technology from the us to help the uae spy on its enemies a team there ended up breaking into the computers and smartphones of thousands of targets including rival governments journalists and human rights activists. The justice department says the men committed computer fraud and violated export laws. But they made a deal to avoid a criminal trial instead. They'll have to pay almost one point seven million dollars in fines between the three of them and they'll have to cooperate with federal investigation. The men will also never again be able to get a us. Government security clearance. The justice department called it a first of its kind resolution so far. The emirati government has not commented
Microsoft Warns of New IE Zero-Day Exploited in Targeted Office Attacks
"Is warning of a newly discovered. I e believe it or not. What sort of indirectly i-it's zero day being actively exploited currently in targeted attacks using their office apps while the danger might not be extreme. Especially if the user of this or the use of this exploit remains targeted This should remind us of our picture of the week two weeks ago which was titled pandora's inbox where pandora's depicted thinking to herself. It can't hurt to open one little attachment can it And while i agree that it's unlikely to hurt any of us. We do know that once zero day has been observed being used and it's become public Those highly targeted attacks likely become spray attacks. You know the secret is out and a patch will be forthcoming. Which means that. The optimal strategy at that point is for those who wish to exploit what has now become a time. Limited advantage is to go from you. Know targeting individual people to spraying this thing foreign wide to collect all of the curious and even the incurease pandora's Which may be possible so my word to our listeners. Don't be a pandora When we hear that it's an easier o'day that's really a misnomer. Because the vulnerability which is now being tracked cvt two thousand twenty one. Four zero four four four was found in microsoft's 'em html component which was also known as trident which is the i e. browser
Apple Issues Urgent iPhone Software Update to Address Critical Spyware Vulnerability
"Heads up if you have an apple device. There's an urgent warning to download the latest emergency software update now available apple just released it to fix a critical security problem security. Researchers found a flaw that lets a certain spyware infect iphones ipads apple watches or mac computers. But here's the thing. The person who owns the device does not even have to click on anything to let the cybercriminals in so users might not even know when they've been compromised with this technology. Hackers can control the devices camera and microphone and they can record text messages. Emails and phone calls. The spyware is made by an israeli company called the nso group. The firm sells its technologies to governments and police forces for crimefighting purposes but amnesty international says the spyware has also been used against activists and journalists. The average user probably would not be targeted but apple. Still says everyone should update their devices. Now just in case and the emergency software. Update comes just hours before. Apple's big product launch happening today apple is expected to unveil the latest version of the
Who Are Ransomware Gangs Targeting?
"Which organizations are ransomware gangs looking to target. According to israeli cyber security firm kayla they primarily want firms based in the us canada. Australia and europe who on average earn more than one hundred million dollars in annual revenue and are not in the education health. Care government or nonprofit sectors. That's according to an analysis of forty five conversation threads on criminal forums. these forums are where initial access brokers claim to have hijacked into a company and are now selling that access to ransomware groups. Attackers are looking to buy specific types of access to victims so it and security administrators should pay attention to this. Highly desirable are companies. That have vulnerabilities in their microsoft remote. Desktop protocol set up which is used my employees for remote access as well as those with vulnerable virtual private networks setups using products from six palo. Alto networks vm-ware fortinet and cisco systems now in the last several months all of these products have issued patches for vulnerabilities. So you shouldn't be caught off guard for such access. Ransomware attackers are willing to pay up to one hundred thousand dollars and remember if your company earns less than a hundred million dollars a year. Don't be complacent. That's an average of the requirements of some attackers and only for messages seen during a narrow timeframe
Ransomware Gang Threatens to Leak Data if Victim Contacts FBI
"Ransomware gang threatens to leak data if victim contacts. Fbi or the police in an announcement published on ragner lockers. Dark net leak site this week. The group is threatening to publish full data of victims who seek the help of law enforcement and investigative agencies following a ransomware attack or who contacted data recovery experts to attempt decryption or to conduct the negotiation process this announcement puts additional strain on victims considering that governments worldwide have strongly advised against paying ransoms but have suggested turning to law enforcement instead
Razer Mouse Security Flaw Can Give Admin Access to Non-Admin PC Users
"There was a rather disturbing story about how this security researcher was able to take over. Someone's computer t- basically live plug in the right kind of mouse now. This case that happens to be a razor mouse And there was actually a steel series mouse. That turns out had the same problem. But the problem's not with these mice the problems with microsoft windows so. This is an article from. Tom's guide and realize that there was actually a previous article to this. But talk about both of them so chronologically. It's gonna feel weird but just hang with me in the article. Explain both of these cases as we go a day. After the world learned that razor gaming mice could be used to take over windows. Pc's there's news at the same trick. Works with steel series gaming keyboards. Mice headsets and even mouse pads as with the razor mice. It's actually the windows. Desktop application that causes the trouble. That's because it gets system wide privileges during installation without first asking for a system administrators permission. This flaw was discovered by security researcher. Lawrence amer who was inspired by the razor issue. A militias human using or mauer. That's already running on a windows ten. Pc and presumably this applies to windows. Eleven to as a low level user during the installation process can leverage this flock to gain full system control and cybersecurity terms. This is called privilege escalation or escalation elevation of privileges it's when processes or users gained powers. They shouldn't have however. This law isn't the fault of steel series or a razor. Those companies are just trying to get their software and stone quickly. This is instead of microsoft issue because windows isn't distinguishing between hardware drivers which normally don't need admin permissions to install and peripheral related desktop software which should need edmund permission microsoft needs to fix this privilege escalation situation before more problems like this pop up as they almost certainly will. So what can you do about this to avoid having your p. honed by gaming peripherals. Make sure you lock the screen of your workplace. Pc when you step away from your desk home. Bc's are under less threat from this kind of attack due to there being fewer potential users around. But you might want to shut off your pc when you've got a lot of company over to really make sure that this can't happen to your machine log. In as an administrator good system than settings and then about and click on the advanced system settings link this will spawn a box labeled system properties. Select the hardware tab and then click the button device installation settings in the pop up window that follows title. Do you want to automatically downloaded absent and custom icons available for devices. Select the radio button labeled no in apparently next to know in parentheses says your device might not work as expected as you might imagine taking this more severe route might make installing new hardware not just gaming mice and keyboards but also printers headphones. Even usb security keys a bit more arduous although not impossible
Is It Time to Ditch Two-Factor Text Messages?
"Of the most important security measures you can take turning on two factor authentication to log into various online accounts whether it's for your bank your email or your twitter account but it might be time to ditch the option to receive those codes. You get by text that's right. I'm usa today. Tech columnist rob pecoraro writes about this on dot usa today dot com exploring alternatives to rely on text messages when enabling two factor authentication. It's especially important if your t. mobile customer as a recent data breach made its customers more susceptible to what's called a sim swap attack where a hacker tries to take over a phone line to intercept two factor authentication messages and it doesn't require the hacker to physically have your phone in their possession one alternative to receiving text with a code that allows you to continue the log in process is to switch to an or app google authenticate or is one big example. I've used an app called offi h. y. for years. Now it's fantastic. I use it for several of my accounts. It's really easy to set up in. All you do is when it gets to that screen that asks for the code to put in Instead of again getting text she'll go to the offi app and pull up the account. And it'll give you a six digit code. You type it right in. There are also some apps like google bypass text message altogether instead showing a message on your screen asking if you tried signing in and then he can tap either yes or no to confirm that you can also purchase an encrypted usb security key to linked to your account and then confirmed by plugging into the new device. They usually start around twenty five dollars but can't be fooled by fishing pages and protect multiple
Twitch Streamers Are Taking a Day off to Protest Hate Raids
"Expect the popular live streaming platform twitch to be a little quieter than usual today. Many streamers have staged a one day blackout. They're hoping to draw attention. To so called hate raids and show solidarity with streamers face them during these raids. Some users will swarm streamers chats with racist and hateful language for example one streamer who's black and uses them pronoun says they've been a frequent target. Other streamers say they see hate raids with the n. Word posted so much that other chats cannot even get through twitch has encouraged people to report those kinds of issues and says. It's planning updates later this year. To help streamers protect
T-Mobile Hacker Who Stole Data on 50 Million Customers
"T mobile thanks to the fact that the attacker a us citizen believes that he's currently outside the long arm of us law enforcement. We're now learning quite a lot about the. who what. And why of his quite successful data exfiltration attack on t. mobile and none of what. We're learning flatters. T. mobile's cybersecurity. The wall street journal turns out had been chatting with the purported attacker via telegram for some time. They've confirmed that his name is john. Binns b. i. n. s. john is a twenty one year old. Us citizen of turkish descent. Who relocated from the us back to turkey three years ago. John was reportedly discussing details of the reach before they were widely known and t. mobile received their first indications of trouble when they were notified of the breach by unit to twenty one. Be a cybersecurity. Company the monitors the dark web for their own purposes. So they saw the that. John was offering the sale of all of this data breach material on the dark web and they unit to one b. said T mobile. Do you have a problem that You haven't told anybody about so john. The wall street journal that his attack against t. Mobile was conducted from the comfort of his home in izmir turkey where he lives with his mom of turkish descent. His american father died when he was just too and he and his mom moved back to turkey three years ago when he was eighteen. He reportedly uses the online handles. I are dev and vortex with an numeric. Oh among others Among other handles and he's alleged to have an online track record that includes some participation in the creation of a massive dot net. That was used for online de dos attacks. Four years ago when he was still in the us in seventeen years old
Who Are the Belarusian Cyber Partisans?
"The first place. I want to talk about these actually. From patrick neil at mit technology review. And i think he's written probably one of the stories here About the cyber partisans in belarus. These this is the group that claimed to be hacktivists. Who ex filled a whole bunch of Data that's critical to the functioning of the belarusian. Sort of security apparatus and. Yeah he's got he's got right up really talking about this group. It's interesting stuff. Yes this is a really good return to the because we talked wasn't two or three weeks ago on the show win by. I started dropping some of the things that this group the partisans had hacked out the various interstate security apparatus in belarus. And this kind of goes back and looks at. That story has a bunch more details about kind of the makeup of the group They should be saying something. Like fifteen ish people bounce from the work in the tech industry and belarus in general and a few that have some sub security experience about what kind of learning to hack on the fly supported by a whole bunch of ex patriots involuntary ex patriot belarussian police and other state security people that fled the country after you know some of the bad things down in las relations and they end up providing support and gardens and analytics To help them go through. The process of making the most of the networks have a gangster. I think this kind of spitballing at times like it. Is this exactly what it sounds like. Is it really activists and local did initially talk about this. We came down on the side of well. This actually looks like it might be genuine kind of weird and it starts is to see some stories that back out that feel that we have at the time because we were going on. I'm pretty thin input at that at that point in the story but this is just an i was reading. This and i'm struck by this is like really walked inside a threat. Looks like you know we. We've seen so much has been made in writing about computer security over the you know the the dangers of insiders. This is really the in game of of insider when your own national government is using the people who work the mechanics of your national governments have security apparatus tuning against you and then using those tolls against the government and that's just a. That's inside three writ large and it's really interesting to see.
Dangers of Data Collected in Afghanistan
"The taliban seizure of hide that's hand-held interagency identity detection equipment biometric registration and identification devices aroused concern when it was first reported but the risks of that loss while real seem likely to be limited. Mit technology review argues. That a more serious matter is the insurgent government's acquisition of apps the afghan personnel and pay system used by the deposed governments ministries of defense and the interior. A great deal of data was collected in apps. Technology reviews sources tell it that each profile and apps contains at least forty data fields quote. These include obvious personal information such as name date data birth as well as a unique. Id number that connects each profile to a biometric profile kept my the afghan ministry of interior. But it also contains details on the individuals military specialty and career trajectory. As well as sensitive relational data such as the names of their father uncles and grandfathers as well as the names of the two tribal elders per recruit who served as guarantors for their enlistment and quote this amounts to a catalog of community connections with anyone whose name appears in a profile flagged as connected in some non trivial way to the subject of the profile. And unfortunately there are signs that the lists are being used in head hunting searches for personnel. Who served in or otherwise connected to the former government's military services apps data was unprotected by retention or deletion policies and was presumably seized intact.
Is FBI's Magic Lantern the Ultimate Keylogger?
"This malware called magic lantern. And i find it fascinating. It usually infects a computer through an email attachment. You get email which says to open the attachment and when you do zane. Your computer is infected. And what magic lantern does. Is it record your key strokes and sends everything you type back to a central system so the hackers can see everything you type now of course with a key stroke logger like this. It can pick up any message. You send the people private chats and of course your passwords to who's the shady hacking group that uses magic lantern the f. b. i. In two thousand one someone issued a freedom of information request and got back information. The fbi uses this magic lantern malware to capture key strokes on target computers. No i'm under the impression that the fbi would need to get permission to use the software like a search warrant or something so this would classify magic lantern to be a lawful intercept mechanism meaning. They had permission to basically wiretaps on one. But this sparked a debate in the security community. The question was if the fbi has legal permission to eavesdrop on someone by using magic lantern should antivirus and security companies detect and report on this activity. Of course the fbi would like to go unnoticed in any kind of stealth mission and would rather antivirus companies not alert when they see this but on the other hand. That's the whole point of antivirus software to alert. When something is going on and shouldn't be happening. F secure antivirus company based in finland said right away that they would absolutely report on this but they're in finland the fbi is in the us. Mcafee an american antivirus tools said they would not alert the user if the tool saw magic lantern trigger and that it would ignore it later. They denied saying they're saying they do. In fact alert when magic lantern is detected on a computer but this opens a door to a strange world of allies and enemies. And it's hard to know who to trust when the software you buy might be lying to you or when the fbi is busy infecting people with malware to spy on them.
T-Mobile CEO Apologizes for Data-Security Breach
"An apology from a communications giant Ron Dirac Stra has the story, T-mobile told nearly 50 million customers whose personal data was stolen. It was truly sorry for the breach. In a written statement, CEO Mike Seaver says the company spends a lot of effort to try to stay ahead of criminal hackers, but did live up to the expectations they have for themselves to protect their customers. 21 year old American living in Turkey, told The Wall Street Journal. He was responsible and blame Team Mobil's lax security for making it
Biden Urges Tech Moguls to Help Fight Cybersecurity Threat
"In the wake of major cybersecurity breaches. Like the one of the Alpharetta based colonial pipeline. President Biden meets with top executives from major tech and financial companies. Reporter Moussa Deka Madar says the White House wants the private sector to help toughen its defenses. Google pledged to spend 10 billion in the next five years to secure software supply chains, expand security models and train 100,000 America. And then it support and data analytics. Microsoft also pledged to provide $150 million in technical services to help federal, state and local governments with upgrading their
New Hampshire Town Loses $2.3M in Taxpayer Money to Cyberattack
"Hampshire town loses millions to email scammers. The town of peterborough reported. It lost two point. Three million dollars. As a result of business email compromise scammers which redirected bank transfers using forged documents. Sent to the peterborough finance department. The compromise was achieved using fishing and social engineering techniques. The town. I became aware of the issue on july. Twenty six when the convent school district reported. It didn't receive. Its one point. Two million dollar monthly transfer the us secret service cyberfraud task force is currently investigating the attack which originated from overseas. It's unclear if insurance will cover the lost funds and it's down for the transactions can be
Iran Prisons Chief Apologizes Over Leaked Videos of Prison Abuse
"The head of iran's prison system admitted tuesday that leaked video showing abuse at the notorious prison is authentic about a few handled speaking to reporters iran's judiciary chief said authorities are investigating the incident. The prison chief apologized for what he called unacceptable behaviours but offered no plan for reforms. Hackers reportedly stole the video footage taken by the prison security cameras. The videos showed fights among prisoners and guards. They also show overcrowding in cells and harsh conditions in one shot. Prisoners smashes a mirror and tries to cut his arm with a shard of glass even has long been known to house political prisoners and those retires to the west
Nickel Digital Sees Growing Institutional Demand in UK for Crypto
"Let's start with institutional adoption expectations. Yesterday i shared some results of a recent deloitte survey that showed just how normalized digital assets were becoming among fund managers. Today another survey out of the uk said something very similar. Nickel digital is a digital asset hedge firm that was started by former goldman sachs and j. p. morgan investors. They recently surveyed wealth managers and other institutional investors and found that more than half plan to increase crypto acid exposure between now and twenty twenty three over a quarter say that they will dramatically increase their exposure. The reason most often cited predictably was number. Go up aka. The long-term appreciation prospects of crypto assets. Now to be clear about this study only twenty. Three asset managers were surveyed so a relatively small sample size but those managers oversee sixty six and a half billion dollars in assets so it certainly not small if you're looking in terms of assets under management of these twenty-three managers nine said they'd become more confident about how digital assets work and nine cents at the regulatory environment was improving in terms of concerns sixteen still cited market structure issues of liquidity and lack of transparency so summing up a very small sample size but much in line with the deloitte survey we discussed yesterday which had for its part a much larger sample size of twelve hundred eighty
Twitch Streamers to Hold One-Day 'Blackout' to Draw Awareness to 'Hate Raids'
"Streamers are Preparing to take a day off from the platform to bring attention to so called hate raids. The Washington Post reports that a blackout is scheduled for September. 1st. It's reportedly meant to bring awareness to the fact that some users employed dummy and bought accounts to flood a streamers chat with abuse, like hateful slurs and symbols.
PayPal Launches Its Cryptocurrency Service in the UK
"Report. The price of Bitcoin has topped the $50,000 mark for the first time after its slumped three months ago. PayPal in the UK will allow its customers to buy, sell and hold Bitcoin and other Cryptocurrencies starting this week. It's the first international expansion of PayPal's crypto services outside the United States. The service was launched in the US
Wanted: Disgruntled Employees to Deploy Ransomware – Krebs on Security
"Ransomeware. Gangs usually try to compromise. Victims computers by secrecy tricking employees into downloading. What they think is legitimate file but one attacker is blatantly appealing to employees greed. He sending emails to employees asking them to infect their companies system with ransomware in return they get a piece of the ransom according to security company abnormal security which is seen emails like this received by its customers. The crook says the employees would get one million dollars in bitcoin. That's assuming the employer pays a two point five million dollar ransom and how does this attacker. Fine potential victims by searching through link them in fact this attacker started out by sending poisoned email attachments to senior executives but when all of his attempts failed turn to finding greeting employees two i good for executives for spotting the initial phony messages and second employees. Need to be warned that they might get a pitch inviting them to be criminal. Cisco systems is investigating what it calls it medium severity vulnerability that could impact some of his routers and edge platforms. The problem is in the server. Name identification requests filtering in cisco's web security appliance and firepower threat. Defense devices it also affects all open source project releases of the snort intrusion detection engine prior to release two point nine point eighteen now. The current version of snort is three an attacker could exploit the vulnerability to compromise a host machine. At the moment there are no work arounds for the cisco products and earlier version of snort. Those with affected secure cisco devices should watch the company's security website for mitigation or patches
New York Man Pleads Guilty to Hacking and Stealing Nude Pics
"New unofficial windows patch fixes more petite po tam attack vectors a second unofficial patch for the petite po tam vulnerability which allows a threat actor to force a windows server domain controller to authenticate against an. Nt relay server has been released to fix issues not addressed by microsoft's official security update the petite bottom bug tracked as cv dish. Twenty twenty one dash three six nine. Four two was partially fixed by microsoft's august twenty twenty one patch tuesday update but unfortunately it is still possible to abuse petite bo tam using e f s rpc functions that were not addressed zero patch micro patching service has released an unofficial patch. That can be used to block. All known petite potassium alum relay attacks and windows server. Twenty nineteen twenty sixteen twenty twelve in two thousand eight. Our two for those who wish to wait. For an official patch from microsoft petite bottom attacks can be defended against using nets h rpc filters that block remote access to the f. s. Rpc service new york man sentenced to prison for stealing student's nude photos after hacking their accounts. The justice department announced on thursday. That nicholas farber of rochester. New york has been sentenced to three years in federal prison. For hacking. The accounts of dozen female suny plattsburgh students to excess private nude photos farber. Who is a suny plattsburgh. Grad worked with co-conspirator michael fish to access the students school email accounts between twenty seventeen and twenty nineteen fish gained access to at least one account by guessing the answers to victim security questions farber then used their credentials to ex's facebook snapchat in cloud accounts from which he stole private nude photographs movies which he then traded online with others farber was charged with computer fraud and aggravated identity theft and has been ordered to pay just over thirty five thousand dollars in restitution to the school fish also pled guilty to several related charges and his sentencing is set for november third the school implemented multisector authentication all email accounts after the incident
How to Stay Compliant With GDPR?
"You're someone who has seen data prediction as well as technology evolved over the years. Let's start las twenty five years. If i may tap into that belt of knowledge and them what is the big change on. Evolution have seen in data protection as well as technology because it hasn't evolved or not and everyone of us has a perspective. But what do you see the broad level right right. I think one is Ubiquity so when i was a trainee and the law firm no one had computers. There was this word processing system called wang and and so so absolutely dates me and there are still faxes so we'd have legal documents sent through and faxes this big and they used to disappear on that facts paper so we say to review and then very very quickly we got our own personal computers and we were expected to do more of our own document and all this thing and then the what was interesting. Walls the client expectations massively changed when someone sent through a fax this big while they posted round a letter document that big in their mind though going. That's a huge document going to take a while to read. It's gonna take them to get it. And so the the expectation of the reply was was accordingly whereas when you could just email attachment you didn't get any sense of the size and so as a lawyer you'd get the same document email to you. I'm very quickly people to go. So what do you think you're like well. So what was interesting. Was ubiquity of the technology. How quickly that happened. Another one is how that affects things like our own human expectations and changes them based on on the understanding of of different material. I think that's one thing. One another thing is the ease of getting knowledge and and also the the ability to get a lot of poor knowledge. So when everything was offline it you. You basically had a lot of word of mouth. You're quite very selective about how you found the information and there wasn't as much information out there
T-Mobile Confirms It Was Hacked After Customer Data Posted Online
"Mobile has now confirmed. Hackers gained access to it system and didn't escape and claims to have not yet determined if personal customer data was involved. T. mobile statement continues with. We are competent that the entry point used to gain access has been closed and we are continuing our deep technical review. The situation across our systems to identify the nature of any data that was illegally accessed. Yesterday's report from motherboard noted social security numbers phone numbers names physical addresses and more were available from the
Cryptocurrency Heist Hacker Returns Stolen Funds
"Hackers pulled off one of the largest crypto highs ever this week and then within hours. They started giving the stolen funds back. The heck happened at a decentralized. Finance platform called pauling network. The cyber thieves stole more than six hundred million dollars worth of digital tokens on tuesday. An anonymous person online took credit for the heist saying they did it for fun and to expose a vulnerability in pauling network system about a third of the stolen crypto currency was returned yesterday and more could still turn up experts. Say it's possible. The hacker decided to return the digital money because cryptocurrency exchanges are easily tracked on the trading platforms. That would have made it much harder for the hacker to actually cash in on the stolen