Cyber

Listen to the latest updates, developments, and insights into the world of cybersecurity. Learn how to protect yourself against the ever evolving threat of cybercrime from leading talk radio shows and premium podcasts.

A highlight from Cyber Security Today, May 25, 2022 - A Linux trojan is spreading, malware aimed at security researchers and more

Cyber Security Today

03:31 min | 11 hrs ago

A highlight from Cyber Security Today, May 25, 2022 - A Linux trojan is spreading, malware aimed at security researchers and more

"Administrators are being warned to have the latest endpoint and serve a defenses on their system. This comes after Microsoft detected an increase in the use of a Linux Trojan called X door DDS, it infects Linux systems to use them as denial of service botnets. It also adds malware to systems that, in fact, the Trojan usually spreads by compromising passwords with a brute force attack, one way these are detected is by a large number of failed login attempts. In addition to deploying anti malware software, administrators can also protect the Internet facing Linux servers by not allowing remote password access to anyone. And make sure any password used by employees for any systems is strong and enforced with multi factor authentication. Security researchers are juicy targets for threat actors because they help defeat cyberattacks, which is why they have to be among those least trusting of the Internet. This comes after infected and fake proof of concept exploits were found on GitHub, where researchers often look for possible vulnerabilities to work on. According to a company called cyborg, supposed researchers blogged on GitHub about creating proofs of concept to leverage software vulnerabilities. However, those files had malware. The suspicion is someone is targeting the InfoSec community as the bleeping computer news site points out, security researchers often take apart a security patch issued by a software company and create a proof of concept exploit to learn how a threat actor could abuse the vulnerability. In this case, a threat actor likely thought this curiosity could be used to infect the computers of researchers. The lesson, security researchers have to be careful what they download. Russia has been hammered by Western countries for launching cyberattacks. Now Russia is a target, according to researchers at malwarebytes. Just after it began invading Ukraine in February, a previously unknown group started spearfishing attacks against Russian government entities trying to install a remote access Trojan, there have been four types of messages, one pretends to be an attachment with an interactive map, another pretends to be a patch for the log four J vulnerability, a third pretends to be from the Russian ros tech defense group, and the fourth is an attachment for a fake job ad at the Saudi Aramco oil company. Here's another warning for Android phone users. Google has seen evidence that governments in a number of countries, including Spain, Indonesia, Egypt, Serbia, and Greece are buying zero day Android exploits for use against certain people, the vulnerabilities were found and sold by a commercial surveillance company called now, governments use exploits to spy on the smartphones of terrorists and crooks, but also on political opponents and reporters, the report is another reason why executives, politicians, and others who think they may be

Github Russian Government Microsoft Russia Ukraine Saudi Aramco Serbia Indonesia Egypt Spain Greece Google
A highlight from SN 872: Dis-CONTI-nued: The End of Conti? - Clearview AI in Ukraine, Vancouver Pwn2Own, Voyager 1

Security Now

04:27 min | 19 hrs ago

A highlight from SN 872: Dis-CONTI-nued: The End of Conti? - Clearview AI in Ukraine, Vancouver Pwn2Own, Voyager 1

"The myth, the legend, Steve Gibson, hello. Apparently we are a well caffeinated team, this week. Yeah, a little bouncy right now, yes, I am. Or this early afternoon, rather than whatever, whatever it is. So you agreed with me that the title for the show is that bad puns got awful, yes. It's got. Discontinued discontinued nude. Yes. Yes. The end of Conti question mark. This is become, I think, kind of a new MO for these bad guys. And yes, thank you for the perfect foil. Segue, Leo, because that's actually what hooked me on the story. I thought maybe it would make it so interesting for our listeners is that there is evidence that this whole Costa Rica debacle was a setup designed to obscure the reformation of kanti. And. Remember how it didn't like something seemed off about it. It was like, what? Exactly. It was weird when we talked about it last week, actually for the last couple of weeks, in various aspects. And it's looking like it was actually, well, I don't want to, I don't want to give it all away here at the beginning, because we have lots to talk about. We're going to follow up on Microsoft's patch Tuesday after Active Directory domain controller mess. We're going to look at several instances of the clear view AI, facial recognition system making news, and at the systems which fell during last week's Vancouver pne to own competition. We cover some welcome news from the U.S. Department of Justice. They're rethinking what it means to be an ethical hacker, which is really good news. And some disturbing news about a relatively simple and obvious hack against popular Bluetooth linked smart locks. We've got some closing the loop feedback. Actually, only three pieces, but what are the meds up being, well, actually two of them. Two of the three end up really big being expanding into something because we're going to take a look at what's going on with the Voyager one space probe, which is just started to act a little wonky. You mean feature? Please don't say feature. That was, God was at an awful movie. Thank goodness. So how they were forgiven for producing that first atrocity, and then we got Khan. Yes, V jerk. I have a theory about what might have happened. Which you're going to get an interest. You got a kick out of China. Anyway, I'll save that too. And another interesting look into the looming impact of quantum crypto. Then are going to finish by sharing an in depth examination of the surprisingly deliberately orchestrated shutdown of the Conti ransomware operation. It turns out it was far more well planned than was known. And essentially, the guys that have been watching this have spoiled what Conti was trying to do. Yeah, good. And we have a pretty funny picture of the week. So I think another great podcast for our listeners. What a shock. Spoil the spoilers. All right, all coming up. On the show. Before we go too far, let's talk a little bit about our sponsor for this segment. Barracuda and let's talk about email because that really is becoming a prime vector for malware into an organization. Spearfishing, specifically. In a recent survey, barracuda found out that 43% of their response said they'd been victims. 43% had been victims of a spear phishing attack. And maybe it's not a surprise, only 23% said they have dedicated spearfishing protection. I'm happy to say we do thanks to you barracuda. How do you keep your email secure barracuda has identified, in fact, a

Kanti Steve Gibson Conti LEO Rica U.S. Department Of Justice Costa Vancouver Microsoft Khan China
A highlight from 16. Roe v. Wade in a world of digital dust

Recorded Future - Inside Threat Intelligence for Cyber Security

04:50 min | 1 d ago

A highlight from 16. Roe v. Wade in a world of digital dust

"And it began in starkville, a college town about a 125 miles from Jackson. A woman named latisse Fisher already a mother of three, had given birth to a stillborn. And when the paramedics arrived at her house that night, they decided something was off. From the moment they arrived at her house, they alleged at least in the media, publicly, and even in other places, that they found they found the scene suspicious. There was an investigation, a grand jury, and about a year later Fisher was arrested and charged with second degree murder. What's crazy about it is that the evidence against her amounted to a test that dates back more than 400 years and what investigators could find on her phone. The searches, the text messages, the emails, the kind of innocuous stuff you do on your phone that you never think could be used against you. I'm Dina temple Reston, and this is click here. A podcast about all things cyber and intelligence. Today, as we teeter on the threshold of a post row world of possible widespread abortion bands, everything we thought we knew about women's reproductive rights could change, and our digital world will need to change with it. Location data, those fitness apps that ovulation tracker, now we need to think of them as potential threats that could make you a target in ways they never have before. Stay with us. The times a daily news podcast from the Los Angeles Times gives you the world through the eyes of the West Coast. Through interviews and original stories, the times is a podcast you need to understand the world and how California shapes it. Because if an issue that's in California isn't your town yet, it will be soon. New episodes of the times are available every weekday to find it, go wherever you get your podcasts and search for the times. Daily news from the LA times. Gracias. Lori bertram Roberts first heard about Fisher's arrest from Facebook. I get a Facebook message. It's not even a phone call. I get a Facebook message with a link to the story. With latissimus mugshot on the front of the story. If you Google the mugshot it's heartbreaking. It captures a woman in an oversized orange prison shirt who looks like she's just stopped crying long enough to pose for the picture. There's one of those police measurement tapes behind her on the wall. She's 63 inches tall, but looks even smaller. If you're not moved by her mugshot, like just the visible pain and anguish on her face, I don't know what to say about you as a human. I was just so disturbed by that picture. The mugshot and the story made national headlines, and Roberts found herself in the middle of the case. Latisse Fisher declined to talk, but she agreed to let Roberts tell her story. What does it look like, wrapping around support for this family, right? Robert has worked with a variety of organizations like the Mississippi reproductive freedom fund, and the yellowhammer fund. They offer women like Fisher, support, and legal advice. Not just giving her an attorney, not just getting her legal assistance, but making sure that her kids were supported while she was locked up. Trying to get her out as fast as possible because the grand jury indictment against latisse Fisher accuses her of a particular kind of murder. They said baby Fisher wasn't stillborn, but instead was killed evincing a depraved heart, which is actually a legal term. It essentially says that Fisher showed indifference to a human life. But the more Roberts looked into the case, the more concerned she became. Because it appeared to hinge on two very disparate things. The first was a test that dates back to the 17th century, something called a float test. This literally from the 1600s is an invalid non scientific test. And it's controversial. The float test is performed by placing lung tissue into water and observing whether this tissue floats or sinks. An airless lung, one that has never taken an air, allegedly 6, and along that floats is seen as an indication of at least one breath. It all sounds bizarrely like the test they used in witch trials in the 17th century. You know, where they'd tie someone up, they thought was a witch, they'd throw them in the water. And if they sang to the bottom they were human, and if they floated, well, they were witches. The lung float test, people thought that up around the same time. It's one of the things that's used to prosecute people in still birth cases for home birth. So it's one of the things that if you're in the birth justice community, you know. And the second thing the case hinged on was Fisher's phone.

Latisse Fisher Fisher Dina Temple Reston Los Angeles Times Lori Bertram Roberts Starkville Facebook Roberts Mississippi Reproductive Freed California Yellowhammer Fund Jackson West Coast The Times Google Robert
A highlight from EP66 Is This Binary Legit? How Google Uses Binary Authorization and Code Provenance

Cloud Security Podcast by Google

05:56 min | 2 d ago

A highlight from EP66 Is This Binary Legit? How Google Uses Binary Authorization and Code Provenance

"Anton, we're having an episode today in what I consider the magical technologies of Google category. Do you think that's a fair category for this one? I think so too and I think we're developing a bit of a telepathy between you and me because I was just about to say, this is in the Google security magic topic episode. This is about something we have that is so amazing that maybe other people would look at it and say, this sounds like it came from a future. Yeah, I mean, that's got to be one of my favorite parts about being a p.m. here is you get to pull technology out of your hat that very futuristic, but what we're doing today has some really cool security implications when it comes to workload identity and traceability. Indeed, and the threat assessment threat modeling for this kind of amazing, of course, will touch on this in the episode, but sometimes you really do have an environment where you don't get to fix the security problem. You don't get to fight the security problem, but you get to build the infrastructure in such a way that it doesn't appear at all. That's right. And to me, this bit is in that bucket of not preventing it, not detecting it, but kind of like setting it up so it never appears. Which is frankly magical and then this episode also has some aspects that lead to not just changing that outcome, but organizational dynamics as well. So I'm really excited about this one. And maybe with that, let's welcome to today's guest. Delighted to introduce today's guest, Sandra gua, product manager, insecurity, here at Google Cloud. Sandra, we've got a really interesting problem here. Imagine a world where we make all of these great investments in our use of trusted repos, great investments in code review, securing our build systems, having reproducible builds, but how do we know what all of that led to that secure build is actually what got deployed to the production. How do we do that? You can't. Unless you put a policy together. What kind of policy? So you said analogy. It's like you have all the kinds of fancy logs, your fortune front door. But unless you screw your front door onto your house, it's not going to stop anybody from going into your house, right? So that's what we see binary authorization is. It's a deploy time policy enforcement point that we have integrated into GKE. But the concept is very general. The idea is put a policy together to control what get to deploy it in your production environment in addition to who can deploy in your production environment. Okay, so let me make sure I understand that. We've got a technology that lets us control what gets deployed, not just who can do that to play. So it's on top of, say, I am controls or Kubernetes controls. Exactly. Traditionally, the user is DevOps admin can push deployment to production. And that's fine. That's their job. At the end of the day, we need people to do stuff. But in a large organizations, this becomes a single point of failure. You have all kinds of fancy supply chain controls, and yet at the end of the day, you rely on one, two, or 20 accounts to do direct manual access to your production environment. I want to put a policy on that. We want to delegate that single point of failure. But so when I hear about such setups, in most cases, my immediate line of thinking is, okay, I get it, it's kind of useful that the security control. But what type of threats can this thing help us handle? Are there specific organizations who care about this? Are there specific types of badness? I know people sometimes confuse threads and risks, but so let's talk about specific types of badness that this would stop. And maybe also who, what type of work would care about this? I lived through this every day. So a lot of this is what I think was not saying. But let me start from the beginning. When we talk about supply chain security, there are many different points of attacks. Somebody could compromise your build system, somebody could compromise your artifact repositories. Somebody could compromise your vulnerability scanner and give you a fake result. And somebody can bypass it. The last one would be really sad. The last one really kind of freaked. You said it, compromised vulnerabilities, and I literally shuddered. Oh no. Yeah, if you look at the supply chain attacks that happen in the past two years, there was like 12 notable ones. It was kind of crazy. And the attack point scatter all over the life cycle. So what we are trying to put in place is not to make your entire ci CD supply chain invincible. There's always going to be weak spot. But what are we putting in place is to make a single point of failure in your supply chain, not result in disaster. So blast radius question, plus radius question versus fixed insecurity question. Impact radius. Impact radius, right? Yeah, okay, you're right. So having a policy that requires every production deployment to be signed off by your QE engineers to be scanned by your vulnerability scanner to be built by your virus sophisticated central build system. Those are individual checks that are enforced individually that intrinsic linked to the workloads and solves. Whether bob deploy it or your CEO deploys it, it doesn't change the fact that a workload has or not have the necessary check marks to go into a production. And let's say that your volcanic compromise and somebody give you a fake report and say this vulnerable piece of code is actually perfectly fine. You still have two other check marks, your code still have to be built centrally in your center build pipeline. Still have to be checked off by your curious release engineer. So that single failed compromise check doesn't directly result

Google Sandra Gua Anton Sandra BOB
A highlight from Cyber Security Today, May 23, 2022 podcast

Cyber Security Today

03:37 min | 2 d ago

A highlight from Cyber Security Today, May 23, 2022 podcast

"In the office are also practice at home. The latest example of poor planning allegedly involves the U.S. government has cybersecurity reporter Brian krebs reports, Washington issues smart cards to employees and defense contractors for logging into government applications, which they use from their offices with government approved smart card readers. But when COVID hit, a number of these people had to work from home. However, they weren't issued approved card readers for use from home. Nor apparently did they get advice on where to buy and approved card reader. At least one person turned to Amazon to buy a device that met the government's common access card standard. However, he discovered that a driver that was on the device manufacturer's site seems to be infected with malware. That could have led to government systems being infected. It is known how many federal employees in the U.S. bought compromised card readers, one lesson is if an organization requires special login ID for employees, it has to be prepared if they suddenly have to work from home. The annual poem to own hacking contest at Vancouver's cansec west conference ended Friday with 17 participants winning just over $1 million, they did it by finding ways to evade defenses in commercial software, such as Windows, Ubuntu, and several browsers. Winners included a team that was able to get into the infotainment system used in a Tesla Model three car. The contest sponsored by trend micro's zero day initiative is run at a number of cyber conferences around the world to help find vulnerabilities before crooks do. Here's another example of a third party ransomware attack. An American nonprofit called battelle for kids, which holds student data from a number of school systems across the United States, has acknowledged it was hit last year by a ransomware attack. This was revealed in a letter sent out by Chicago's public school system on Friday to parents. According to the bleeping computer news site, the data of almost a half a million students in the Chicago system between 2015 and 2019 was copied by the attackers, it included their names, dates of birth and some performance scores, data on 60,000 Chicago school board employees was also stolen. No social security or home addresses were stolen. I've reported before on the need of application developers to watch for malicious software packages on open-source libraries like NPM. That's not the only place malware can be deposited, researchers at sona type have discovered a malicious package in the open python registry called pi pi. The back package has a similar name to the legitimate library called pi Kafka. Now tricking victims by closely spelling a file name or a URL to a legitimate name is called typo squatting, and it's common in open-source registries. Earlier this month, sono type found a file with a name similar to the popular library called colors.

Brian Krebs U.S. Government United States Washington Amazon Chicago School Board Battelle Vancouver Chicago Government Pi Kafka
A highlight from Cyber Security Today, Week in Review for May 20, 2022

Cyber Security Today

02:42 min | 5 d ago

A highlight from Cyber Security Today, Week in Review for May 20, 2022

"Be joined by David shipley, head of Boston security to talk about some of the news from the past 7 days. Here are some of the headlines. Cyber intelligence agencies from 5 countries, including the U.S. and Canada, issued another reminder that attackers routinely exploit poor security configurations, unpatched software, and weak login controls. David and I will discuss their recommendations to IT leaders. We'll also look at an international survey of CIS os about ransomware and other things that are important to them. And we'll analyze the latest proposal by the European Union to update cybersecurity standards for critical infrastructure sectors in the 27 EU countries. Can we do that here? Elsewhere, the Conti ransomware gang continues trying to pressure Costa Rica with its multi-million dollar financial demands. The gang, which struck some government departments last month, now says it's trying to overthrow the government with the help of insiders. Microsoft warned database administrators that hackers are going after SQL Server installations. They're using brute force attacks to break passwords for initial compromise, which isn't new. What is new is they're leveraging a server tool called SQL PS dot exe instead of PowerShell to run malicious commands. Hiring IT staff over the Internet is risky, especially if they were to work in a foreign country and never come into the office. The U.S. government said this week that's more true than ever because North Korea is directing its IT trained citizens to apply for jobs in countries around the world. The goal of the U.S. alleges is for them to get privileged access to IT systems for either espionage or to help hacking. Some North Koreans have been seeing pretending to be teleworkers from South Korea, China, Japan, or Eastern European countries, the U.S. says, and IT managers whose building doors have a smart locks that use the Bluetooth low energy wireless fobs should be worried. And that's because researchers at the NCC group have discovered there's a way to defeat the short range wireless system and unlock doors. The trick works on some models of Tesla cars and home door locks. Say the researchers.

David Shipley European Union U.S. Boston Costa Rica Canada David Microsoft U.S. Government North Korea South Korea Japan China NCC Tesla
A highlight from Cyber Security Today, May 18, 2022 -  A warning to e-commerce sites, Conti ransomware gang squeezes Costa Rica and more

Cyber Security Today

01:21 min | Last week

A highlight from Cyber Security Today, May 18, 2022 - A warning to e-commerce sites, Conti ransomware gang squeezes Costa Rica and more

"Demands. In a message Monday, the gang claimed it is working with people inside the government. It is also claiming that it's trying to break into more IT systems and overthrow the government through cyberattacks. The Associated Press news agency quotes experts as saying overthrowing the government isn't likely the gang's goal, but it does want to cause more disruption. The Conti gang began compromising government data and Costa Rica in April. The newly elected government declared a state of emergency last week. America and authorities allege a heart doctor living in Venezuela. Is behind the use and sale of ransomware to cyber crux. The man who's also a citizen of France and Venezuela faces American charges of conspiracy to commit computer intrusions and attempted computer intrusions if he is arrested and extradited to the U.S.. He is allegedly behind the jigsaw ransomware and the Thanos ransomware builder. Attention IT administrators and video has released a software security update for the Nvidia GPU display driver for Windows and Linux computers. The update

Venezuela The Associated Press Costa Rica U.S. France Nvidia
A highlight from SN 871: The New EU Surveillance State - Eventful Patch Tuesday, Open Source Maintenance Crew, BIG-IP Boxes

Security Now

03:21 min | Last week

A highlight from SN 871: The New EU Surveillance State - Eventful Patch Tuesday, Open Source Maintenance Crew, BIG-IP Boxes

"Careful the drone is right in front of you. It could wake up at any time. Well, it's tethered right now. So that's good. It can't escape. Because it's got a tail on it. For those who don't know, Leo has been playing with a little inexpensive sort of a selfie cam drone that doesn't really cut the mustard. But as you point out, I mean, given this thing is about four square inches, it's pretty impressive what it can do yeah. It's basically flying propellers that suspend a camera. And it has sensors, not only a camera, but as sensors and things, it doesn't have to have position sensors and inertial sensors in order to be stabilized and all that. Pretty impressive. Anyway. So episode 8 71 for mid may. And I titled this one, the new EU surveillance state. That was about the fourth title. The podcast got. And I kept changing the title as I read more deeply into the details of some proposed legislation in the EU, which first leaked last Tuesday, and then it was funny too, because the leaked copy actually had the word sensitive on the front. Yes, it is. And that was removed from the actual formal official legislation that came out the next day on the 11th. Anyway, we got to talk about that because it's been compared to the CSAM, Apple stuff. No, this is way beyond what Apple was proposing. Well, it's breathtaking. Anyway, we'll get there. First, we're going to take a look back at what no one wanted, which was an eventful patch Tuesday. You don't want your patch Tuesdays to be eventful. You want them to be quite eventful. We didn't get that. Apple has pushed a set of updates to close and actively exploited zero day across a bunch of their products. We'll touch on that. Google has announced the creation of their open-source maintenance crew. That's the formal name of it. What is OSC? They open-source maintenance crew. A ransomware gang has the temerity to call for the overthrow of a government, Google's Play Store is facing an endlessly daunting task, which will mention and talk about and look into. The predicted disaster for F five's big IP systems, which we expected last week. That arrived right on schedule. We've got a piece of a ratta. I've got a bunch of closing the loop feedback from our terrific listeners. Then we're going to look at just how far a field that European Union has now wandered with their forthcoming breathtaking surveillance legislation.

European Union Csam Apple LEO Play Store Google
A highlight from 15. At war with facial recognition: Clearview AI in Ukraine

Recorded Future - Inside Threat Intelligence for Cyber Security

02:21 min | Last week

A highlight from 15. At war with facial recognition: Clearview AI in Ukraine

"Iraq's authorities have ordered life in Baghdad to come to a halt. When I was at NPR, one of my assignments was to cover the war in Iraq, I was there in 2008. And difficult, as NPR's Dina temple rest in reports from Baghdad, there is rampant intimidation of and that then, if you wanted to get a pass to go into that little city within a city behind blast walls, known as Baghdad's green zone, the name is ironic, given that the complex is monochromatic. You had to give the U.S. Army your biometrics. Iris scans, fingerprints, photographs, the whole 9 yards. And what I remember about it all is that I didn't have a choice. In order to do my job in order to get into that part of Baghdad, an interview members of the interim government, I had to give up information about myself. Did they enroll you using a device, a handheld device? Yes. Yes, that was most likely the bats toolkit, the Jackie Singh served in Iraq. And she was there around the same time I was, right? When you are in a fog of war, being able to distinguish between friend or foe seems like the most important thing you can do. Who are those officials at the gate now? Is this the same local who was working here yesterday? At that time, there were suicide bombings almost every day, so I can see that people needed to know who was who, having the biometric data, would help us make sense of that. But I couldn't help thinking. All this information they were gathering about me would never go away. They would have this essence of me in some database, well, forever. Fast forward 14 years and surveillance technology is on a whole different level. Now there are systems that can take a single frame from surveillance camera footage, isolate the face and in very short order, tell us exactly who it is. I'm Dina tuple raster, and this is click here. A podcast about all things cyber and intelligence. Today, we talked to people in Ukraine using a facial recognition program called clearview AI, have a rare interview with the CEO of the company and ask a bigger question. Is introducing this powerful technology into a war zone, a good idea. War zones are testing grounds for tech all the time, aren't they? I agree. So what makes this different?

Baghdad Dina Temple Iraq NPR Interim Government Jackie Singh U.S. Army Clearview Ai Ukraine
A highlight from EP65 Is Your Healthcare Security Healthy? Mandiant Incident Response Insights

Cloud Security Podcast by Google

05:45 min | Last week

A highlight from EP65 Is Your Healthcare Security Healthy? Mandiant Incident Response Insights

"Anton, we are having a super fun conversation today about kind of a very serious topic. We're back into the field of security for healthcare. Correct, but we're also going to be talking about incidents and we're going to talk about real incident data from investigating incidents because we're going to have a guest from it. Very well known in Senate response company. Oh, well, you shouldn't give away who that will be. Okay, well, fine. That hide it for another minute. That's good. So what did we learn in today's episode? What's exciting about this one? Actually, one of the interesting things that I learned is that I should not make too many snide remarks when we are talking about ransomware incidents in healthcare because we are actually pretty close to people actually being harmed. And I don't mean IT systems or servers, but actually human people. Wait, if I pretty close, you mean we are actually seeing people be harmed by this. I think we're well beyond pretty close and into, oh my God, this is an actual problem affecting actual people. Correct. People's health, not just people's IT. That's right. I think that to me, the biggest lesson from today's discussion is that I've long visualized this kind of bridge from the IT realm to a normal life realm. And this is where the IT realm comes to closest to the normal human beings daily lives. I think this episode has a lot in common with the Maddie episode that way, where we have real world real impact of the decisions we're making, which often feel so abstract, but here really, really matter. So perhaps with that, let's welcome to today's guests. And with that, I'm delighted to introduce today's guests. We have joining us for the first time and hopefully not the last. Charles Carmichael, the CTO at mandiant and returning guest, Taylor Lehman, director at office of the ciso Google Cloud. Charles, I want to start off by talking about what are the current popular incidents at healthcare providers that you have handled. We're really interested in helping users understand in practice. What does this look like? And today we're talking about healthcare. So what are some healthcare instance that you've worked on? And do they involve cloud? Yeah, absolutely. So look, I don't know that any incident is popular. Incidents are frustrating to many of us, especially those that are impacted. But when I think about healthcare threats, I think back to October 2020, and I think about an assault against a number of U.S. based hospitals by an organized criminal group that essentially decided that they would go to no end to come up with ways to extort and disrupt business operations at healthcare organizations in order to make money. And so when I think about that, I think about dozens of intrusions at healthcare providers that essentially dealt with a highly disruptive attack that occurred over the course of a few days where threat actors typically fish their way into the organization, found ways to escalate privileges, move laterally across the environment, delete backups where they could, and then deploy ransomware and across healthcare organizations. And when you think about the impact of ransomware at healthcare organizations, some of these hospitals, they were diverting patients to emergency departments at other hospitals. And so just think about the end user or somebody that ended up going to a hospital and ended up getting rerouted to another hospital. It's a really terrible situation. When I think back to the incidents in October of 2020, I don't recall seeing cloud assets being impacted. I think it was mostly on prem intrusions and impacts. So while we are thinking about it, I guess that does make sense to me. So maybe it's a question to both of you, Taylor and Charles. So do healthcare systems nowadays have time for anything but ransomware because even in Charles response, the highlight was, of course, on ransomware because it's an availability attack. The attackers likely take the data with them too. So is there anything else, is there anything else that's keeping healthcare ceases up at night? From my perspective, have you done a c-sail in healthcare? I think some of what Charles was talking about, really highlighted a major and important shift in where healthcare C says need to be focused. Pandemic, tons of stress on the healthcare system to deliver to stay running. The bad guys knew it. And instead of saying, all right, well, we're going to go take this sort of difficult to monetize PHI focus that we've had over the years. And instead shift it to disrupting something that we think we can get paid for, IE shutting the systems down, they demonstrate that there was this shift in focus and that that shift in focus had some substantial value attached to it. Now, what does that mean with respect to your question about having time for things other than transport? I mean, if they don't have time for things other than ransomware, they need to have if they need to find time to deal with things other than rates were. And that's putting the controls and hygiene in place to prevent ransomware in the first place. So if you're not dealing with ransomware, you're preventing ransomware. Well, I mean, I think that's where we need people to be thinking is, look, like, a, you need to adopt the opinion you can do it. You can win. That's not to say that you won't have losses in between. But over time, we need to adapt a perspective of positivity that if we work hard and do the right things and we execute basics well, we can say reasonably ahead of most of the threats we face. Wait, does this mean you're seeing a defeatist attitude in the industry right now? I think that it's easy to adopt the defeatist attitude. I think we're seeing a lot in marketing of cloud security and other on prem security products. I think that fear doesn't help encourage security professionals to focus on, hey, you don't need to do everything really well. We need to do certain things very well. And I think this is obviously a club discussion. So one of the conversations I see a lot of, which sort of supports my point is the cloud can do so much more to help organizations become more resilient against threats to their systems, not just ransomware. And it's not just think of

Charles Carmichael Mandiant Taylor Lehman Charles Anton Senate Google U.S. Taylor
A highlight from Cyber Security Today, May 16, 2022 -  Beware of this botnet, new phishing campaigns spotted and cybersecurity oversight boosted in the EU

Cyber Security Today

04:50 min | Last week

A highlight from Cyber Security Today, May 16, 2022 - Beware of this botnet, new phishing campaigns spotted and cybersecurity oversight boosted in the EU

"The risk of having their organizations hacked, the latest example comes from researchers at Microsoft. They warn a new variant of the cis RV botnet has been found. It exploits software vulnerabilities to install coin miners on both Windows and Linux systems. These coin miners make money for threat actors. With this new variant looks for our vulnerable web servers, including old holes in WordPress, plugins. Once having taken over a server, the bot that looks for ways to spread to other computers on the network. The thing is, patches for all of the exploits that this botnet looks for are available, for installation. So there's no reason why your servers should be compromised by this bot. Malware that executes in memory. Also known as file less malware is a big threat to organization, here is one of the latest attempts to slip Phyllis malware past IT defenses, it hides itself as a phishing message, aimed at employees who handle finances. According to researchers at Fortnite, the message says something like please find the attached payments report, and the email address of the sender includes the words account payable, so the email address reads something like account payable at company dot co. That would seem convincing at a glance, however, the payload is an infected Excel spreadsheet. First, the victim has to enable macros to run. Microsoft Office apps are configured so macros don't automatically run. So trying to open the file will trigger a warning. However, sometimes an employee will disable that protection and allow the macro to run. If they do, the file is malware will execute. Keeping all applications patched and having a multi layered defense of the best ways to fight Phyllis malware. Researchers at Kaspersky have discovered a different fishing campaign, this one is aimed at customers of Wells Fargo Bank, which has operations in more than 40 countries, and email tells the person their Wells Fargo account has been blocked for some reason. An unverified email address or a mistake in their home address or typical reasons to regain access, they're supposed to click on a link in the email to verify their identity within 24 hours, or they lose access to the account. If they click, that leads to the theft of their login password. First, listeners should know this type of scam is used by crooks for many financial institutions, not just Wells Fargo. And second, one tip off this is a scam is the deadline. It hopes that victims will feel pressure. If you get an email like this and think it's real, don't click on the link, go to your institution's website the way you usually do. Through a bookmark that you've made or by looking up the institution's site on Google or another search engine, and then log in and see if there's a warning. Or fold in your bank, using a trusted phone number, like the one on your monthly bill, or just go to the nearest bank. The European Union is about to formally set up a body to coordinate the management of large scale cybersecurity incidents in critical infrastructure providers. The European cyber crisis liaison organization network or EU cyclone for short has been tested over the past two years, it will help manage incidents that spill over the borders of the 27 countries in the EU. Its formal adoption is part of an agreement announced Friday to increase the common level of cybersecurity across the EU, it will set baseline standards for cybersecurity risk management measures and for reporting obligations for critical infrastructure sectors like banks and utilities. The deal still has to be approved by each country. And finally, network administrators with sonic wall SMA 1000 devices for allowing remote IT access by employees and partners are urged to install the latest security patch. It closes a vulnerability in devices running version 12.4 and higher of the firmware. Successful exploitation of the whole could allow an attacker to take over the device. That's it for now.

Wells Fargo Dot Co Phyllis Malware Microsoft Phyllis EU Kaspersky European Cyber Crisis Liaison Google
A highlight from Cyber Security Today, Week in Review for Friday, May 13, 2022

Cyber Security Today

06:15 min | Last week

A highlight from Cyber Security Today, Week in Review for Friday, May 13, 2022

"Discussion about three recent news stories. But first, I'll look back at some of what happened in the past 7 days. Yesterday was anti ransomware day, everyone's against ransomware, but what can IT leaders do about it? Terry will have some answers. Speaking of ransomware, we'll have a few words to say about a proposal to fine Colonial Pipeline after last year's ransomware attack in the U.S. why? Because the company's incident response plan allegedly wasn't thorough. We'll also look at the acknowledgment by Ikea, Canada, that an employee searched through the company's customer database in March without permission. Also this week, the director of cybersecurity at the National Security Agency told a British cyber event that the number of ransomware attacks worldwide seems to have gone down in recent months, he suspects it's because economic sanctions against Russia over its invasion of Ukraine are making it harder for Russian based criminals to organize attacks and receive ransomware payments. Separately, researchers at secure works have joined other experts saying that after an interruption in operations, there's more evidence that the R evil ransomware gang is back in business. Security researchers urged a network administrators to patch their F 5 network big IP security devices to close a serious vulnerability. The province of Quebec, launched a bug bounty program, which will reward researchers who find vulnerabilities in select government applications. HP released a security update for the bios in a number of business notebooks, desktop PCs, point of sale PCs, workstations, and thin clients. The updates stop and attacker with kernel level privileges from getting full control over affected computers. Microsoft released its security updates for Windows on patch Tuesday this week, but some that are installed on domain controller servers are causing authentication failures. Microsoft will have to issue a fix for the fix. And Siemens released advisories on vulnerabilities in a number of its products, including several of its deze go Internet connected building automation devices. From Montreal, I'm joined by Terry cutler, good afternoon. Hey, Howard, how are you? I'm very well, thanks. And yourself. Beautiful. Plus 31 here. I can't wait to get outside. Okay. Let's start with anti ransomware day. This began in 2020 as an education initiative by Kaspersky and the Interpol police cooperative. It was sparked by the global spread three years earlier of the WannaCry strain of ransomware. A lot has changed in ransomware since then, gangs are now targeting companies and governments instead of home computers, gangs are running double extortion strategies by first stealing and then encrypting data to put extra pressure on victim firms. They're running live hands on attacks, and they're finding better ways of evading IT defenses. This week, firewall manufacturers, sonic wall, estimated that there were 623 million ransomware attempts last year on its customers alone. Terry, we've talked a lot about ransomware before. Is there anything new about what IT leaders should be doing to lower the risk of being victimized by ransomware? I mean, it's interesting, right? It's somewhere has come a long way. And I actually remember seeing a hands on attack happening at one of our new clients now, where they had a software running on one of their computers called OTR, which was stands for off the record. So basically attackers were logging into the system and they were working with their tech support to launch commands and map drives into the system and then launch ransomware attacks manually. So it's very scary to know that there's an actual hands on attacker in your environment and not just some automated script. And what we're seeing is that a lot of customers are still having a hard time with their patch management, especially around this one patch called EMS 1701 zero vulnerability, which is known as also eternal blue. So this is the one that caused that WannaCry infection years ago. And it's very difficult sometimes to phase that protocol out because you want to turn off SMB version one. And sometimes there's some old systems that still rely on SMB one. So it's not very easy to just turn it off. One of the things that I'll mention that whenever we do a penetration test, we love to get our hands on that exploit if it's available. So when we do our vulnerability assessment, we see machines that are missing that patch. Once we've exploited it, we have full control of that system. And we actually get system level access where we can pull out all of the users and passwords and also we'll also be able to decode passwords if they're weak. And one of the other attacks we can do with this is called pass the hash. This is where we're going to take this information and pass it off to another server and log in as possibly an administrator or as a system level service into another server without ever knowing the password. And that's what's really dangerous right now. So it's a very important that these organizations run at least a vulnerability assessment and these assessments will actually pick up if SMB V one is actually running in there and it will flag it as a critical. So that's the problem right now is IT is not doing a great job with patch management. And just a reminder to our listeners, you were talking about the eternal

Terry Cutler Interpol Police Cooperative Terry National Security Agency Ikea Microsoft Ukraine Quebec Russia Siemens Kaspersky Canada HP U.S. Montreal Howard
Telegram Emerges as New Dark Web for Cyber Criminals

UK Column Podcasts

01:35 min | 8 months ago

Telegram Emerges as New Dark Web for Cyber Criminals

"Of course is has been highlighted over the last number of months as being a platform of choice of people that are Organizing events to protest against locked on or other things but the demonization of t. Telegram is continuing appears here with the financial times plus a cybersecurity company producing the information. That box up this article telegram emerges as a new dark web for cybercriminals. So we've got to shut tub telegram dying straightaway thought signal. Was the dark web for this week. It's telegram this week. It's telegram so this was an investigation by cyber intelligence group cyber and together with financial times. And they say that they find a ballooning network of hackers sharing data leaks on the popular messaging platform sometimes and channels with tens of thousands of subscribers lured by its ease of use and light touch moderation and many kisses. The call ted resembled that of the markup is find the dark web a group of hidden websites that are popular amongst hackers accessed using specific analyzing software We have been recently witnessing a one hundred percent rise and telegram use usage by cyber criminals. said cyber and so We've got to shut down straightaway away or at least bring it under the The online harms legislation. And make sure that it's Well regulated or make. Sure the telegram put some kind of back door in there so that The uk intelligence agencies can easily access

TED UK
3 Former U.S. Intelligence Operatives Admit Hacking for United Arab Emirates

the NewsWorthy

00:51 sec | 9 months ago

3 Former U.S. Intelligence Operatives Admit Hacking for United Arab Emirates

"Three former. Us intelligence and military officials were behind an international hacking scheme newly released court documents show. They admitted the united arab emirates hired them to hack into computer networks around the world including right here in the us. They also sent advanced hacking technology from the us to help the uae spy on its enemies a team there ended up breaking into the computers and smartphones of thousands of targets including rival governments journalists and human rights activists. The justice department says the men committed computer fraud and violated export laws. But they made a deal to avoid a criminal trial instead. They'll have to pay almost one point seven million dollars in fines between the three of them and they'll have to cooperate with federal investigation. The men will also never again be able to get a us. Government security clearance. The justice department called it a first of its kind resolution so far. The emirati government has not commented

United Arab Emirates United States Justice Department Emirati Government
Microsoft Warns of New IE Zero-Day Exploited in Targeted Office Attacks

Security Now

02:07 min | 9 months ago

Microsoft Warns of New IE Zero-Day Exploited in Targeted Office Attacks

"Is warning of a newly discovered. I e believe it or not. What sort of indirectly i-it's zero day being actively exploited currently in targeted attacks using their office apps while the danger might not be extreme. Especially if the user of this or the use of this exploit remains targeted This should remind us of our picture of the week two weeks ago which was titled pandora's inbox where pandora's depicted thinking to herself. It can't hurt to open one little attachment can it And while i agree that it's unlikely to hurt any of us. We do know that once zero day has been observed being used and it's become public Those highly targeted attacks likely become spray attacks. You know the secret is out and a patch will be forthcoming. Which means that. The optimal strategy at that point is for those who wish to exploit what has now become a time. Limited advantage is to go from you. Know targeting individual people to spraying this thing foreign wide to collect all of the curious and even the incurease pandora's Which may be possible so my word to our listeners. Don't be a pandora When we hear that it's an easier o'day that's really a misnomer. Because the vulnerability which is now being tracked cvt two thousand twenty one. Four zero four four four was found in microsoft's 'em html component which was also known as trident which is the i e. browser

Pandora Microsoft
Apple Issues Urgent iPhone Software Update to Address Critical Spyware Vulnerability

the NewsWorthy

01:00 min | 9 months ago

Apple Issues Urgent iPhone Software Update to Address Critical Spyware Vulnerability

"Heads up if you have an apple device. There's an urgent warning to download the latest emergency software update now available apple just released it to fix a critical security problem security. Researchers found a flaw that lets a certain spyware infect iphones ipads apple watches or mac computers. But here's the thing. The person who owns the device does not even have to click on anything to let the cybercriminals in so users might not even know when they've been compromised with this technology. Hackers can control the devices camera and microphone and they can record text messages. Emails and phone calls. The spyware is made by an israeli company called the nso group. The firm sells its technologies to governments and police forces for crimefighting purposes but amnesty international says the spyware has also been used against activists and journalists. The average user probably would not be targeted but apple. Still says everyone should update their devices. Now just in case and the emergency software. Update comes just hours before. Apple's big product launch happening today apple is expected to unveil the latest version of the

Apple NSO
Who Are Ransomware Gangs Targeting?

Cyber Security Today

01:45 min | 9 months ago

Who Are Ransomware Gangs Targeting?

"Which organizations are ransomware gangs looking to target. According to israeli cyber security firm kayla they primarily want firms based in the us canada. Australia and europe who on average earn more than one hundred million dollars in annual revenue and are not in the education health. Care government or nonprofit sectors. That's according to an analysis of forty five conversation threads on criminal forums. these forums are where initial access brokers claim to have hijacked into a company and are now selling that access to ransomware groups. Attackers are looking to buy specific types of access to victims so it and security administrators should pay attention to this. Highly desirable are companies. That have vulnerabilities in their microsoft remote. Desktop protocol set up which is used my employees for remote access as well as those with vulnerable virtual private networks setups using products from six palo. Alto networks vm-ware fortinet and cisco systems now in the last several months all of these products have issued patches for vulnerabilities. So you shouldn't be caught off guard for such access. Ransomware attackers are willing to pay up to one hundred thousand dollars and remember if your company earns less than a hundred million dollars a year. Don't be complacent. That's an average of the requirements of some attackers and only for messages seen during a narrow timeframe

Care Government Kayla Alto Networks Ware Fortinet Australia Europe Canada Cisco Systems Palo United States Microsoft
Ransomware Gang Threatens to Leak Data if Victim Contacts FBI

Cyber Security Headlines

00:33 sec | 9 months ago

Ransomware Gang Threatens to Leak Data if Victim Contacts FBI

"Ransomware gang threatens to leak data if victim contacts. Fbi or the police in an announcement published on ragner lockers. Dark net leak site this week. The group is threatening to publish full data of victims who seek the help of law enforcement and investigative agencies following a ransomware attack or who contacted data recovery experts to attempt decryption or to conduct the negotiation process this announcement puts additional strain on victims considering that governments worldwide have strongly advised against paying ransoms but have suggested turning to law enforcement instead

FBI
Razer Mouse Security Flaw Can Give Admin Access to Non-Admin PC Users

Firewalls Don't Stop Dragons Podcast

02:46 min | 9 months ago

Razer Mouse Security Flaw Can Give Admin Access to Non-Admin PC Users

"There was a rather disturbing story about how this security researcher was able to take over. Someone's computer t- basically live plug in the right kind of mouse now. This case that happens to be a razor mouse And there was actually a steel series mouse. That turns out had the same problem. But the problem's not with these mice the problems with microsoft windows so. This is an article from. Tom's guide and realize that there was actually a previous article to this. But talk about both of them so chronologically. It's gonna feel weird but just hang with me in the article. Explain both of these cases as we go a day. After the world learned that razor gaming mice could be used to take over windows. Pc's there's news at the same trick. Works with steel series gaming keyboards. Mice headsets and even mouse pads as with the razor mice. It's actually the windows. Desktop application that causes the trouble. That's because it gets system wide privileges during installation without first asking for a system administrators permission. This flaw was discovered by security researcher. Lawrence amer who was inspired by the razor issue. A militias human using or mauer. That's already running on a windows ten. Pc and presumably this applies to windows. Eleven to as a low level user during the installation process can leverage this flock to gain full system control and cybersecurity terms. This is called privilege escalation or escalation elevation of privileges it's when processes or users gained powers. They shouldn't have however. This law isn't the fault of steel series or a razor. Those companies are just trying to get their software and stone quickly. This is instead of microsoft issue because windows isn't distinguishing between hardware drivers which normally don't need admin permissions to install and peripheral related desktop software which should need edmund permission microsoft needs to fix this privilege escalation situation before more problems like this pop up as they almost certainly will. So what can you do about this to avoid having your p. honed by gaming peripherals. Make sure you lock the screen of your workplace. Pc when you step away from your desk home. Bc's are under less threat from this kind of attack due to there being fewer potential users around. But you might want to shut off your pc when you've got a lot of company over to really make sure that this can't happen to your machine log. In as an administrator good system than settings and then about and click on the advanced system settings link this will spawn a box labeled system properties. Select the hardware tab and then click the button device installation settings in the pop up window that follows title. Do you want to automatically downloaded absent and custom icons available for devices. Select the radio button labeled no in apparently next to know in parentheses says your device might not work as expected as you might imagine taking this more severe route might make installing new hardware not just gaming mice and keyboards but also printers headphones. Even usb security keys a bit more arduous although not impossible

Lawrence Amer Microsoft Mauer TOM
Is It Time to Ditch Two-Factor Text Messages?

Talking Tech

01:41 min | 9 months ago

Is It Time to Ditch Two-Factor Text Messages?

"Of the most important security measures you can take turning on two factor authentication to log into various online accounts whether it's for your bank your email or your twitter account but it might be time to ditch the option to receive those codes. You get by text that's right. I'm usa today. Tech columnist rob pecoraro writes about this on dot usa today dot com exploring alternatives to rely on text messages when enabling two factor authentication. It's especially important if your t. mobile customer as a recent data breach made its customers more susceptible to what's called a sim swap attack where a hacker tries to take over a phone line to intercept two factor authentication messages and it doesn't require the hacker to physically have your phone in their possession one alternative to receiving text with a code that allows you to continue the log in process is to switch to an or app google authenticate or is one big example. I've used an app called offi h. y. for years. Now it's fantastic. I use it for several of my accounts. It's really easy to set up in. All you do is when it gets to that screen that asks for the code to put in Instead of again getting text she'll go to the offi app and pull up the account. And it'll give you a six digit code. You type it right in. There are also some apps like google bypass text message altogether instead showing a message on your screen asking if you tried signing in and then he can tap either yes or no to confirm that you can also purchase an encrypted usb security key to linked to your account and then confirmed by plugging into the new device. They usually start around twenty five dollars but can't be fooled by fishing pages and protect multiple

Rob Pecoraro Usa Today Twitter USA Google
Twitch Streamers Are Taking a Day off to Protest Hate Raids

the NewsWorthy

00:36 sec | 9 months ago

Twitch Streamers Are Taking a Day off to Protest Hate Raids

"Expect the popular live streaming platform twitch to be a little quieter than usual today. Many streamers have staged a one day blackout. They're hoping to draw attention. To so called hate raids and show solidarity with streamers face them during these raids. Some users will swarm streamers chats with racist and hateful language for example one streamer who's black and uses them pronoun says they've been a frequent target. Other streamers say they see hate raids with the n. Word posted so much that other chats cannot even get through twitch has encouraged people to report those kinds of issues and says. It's planning updates later this year. To help streamers protect

T-Mobile Hacker Who Stole Data on 50 Million Customers

Security Now

02:28 min | 9 months ago

T-Mobile Hacker Who Stole Data on 50 Million Customers

"T mobile thanks to the fact that the attacker a us citizen believes that he's currently outside the long arm of us law enforcement. We're now learning quite a lot about the. who what. And why of his quite successful data exfiltration attack on t. mobile and none of what. We're learning flatters. T. mobile's cybersecurity. The wall street journal turns out had been chatting with the purported attacker via telegram for some time. They've confirmed that his name is john. Binns b. i. n. s. john is a twenty one year old. Us citizen of turkish descent. Who relocated from the us back to turkey three years ago. John was reportedly discussing details of the reach before they were widely known and t. mobile received their first indications of trouble when they were notified of the breach by unit to twenty one. Be a cybersecurity. Company the monitors the dark web for their own purposes. So they saw the that. John was offering the sale of all of this data breach material on the dark web and they unit to one b. said T mobile. Do you have a problem that You haven't told anybody about so john. The wall street journal that his attack against t. Mobile was conducted from the comfort of his home in izmir turkey where he lives with his mom of turkish descent. His american father died when he was just too and he and his mom moved back to turkey three years ago when he was eighteen. He reportedly uses the online handles. I are dev and vortex with an numeric. Oh among others Among other handles and he's alleged to have an online track record that includes some participation in the creation of a massive dot net. That was used for online de dos attacks. Four years ago when he was still in the us in seventeen years old

T. Mobile Binns B The Wall Street Journal John United States Turkey Izmir
Who Are the Belarusian Cyber Partisans?

Risky Business

02:22 min | 9 months ago

Who Are the Belarusian Cyber Partisans?

"The first place. I want to talk about these actually. From patrick neil at mit technology review. And i think he's written probably one of the stories here About the cyber partisans in belarus. These this is the group that claimed to be hacktivists. Who ex filled a whole bunch of Data that's critical to the functioning of the belarusian. Sort of security apparatus and. Yeah he's got he's got right up really talking about this group. It's interesting stuff. Yes this is a really good return to the because we talked wasn't two or three weeks ago on the show win by. I started dropping some of the things that this group the partisans had hacked out the various interstate security apparatus in belarus. And this kind of goes back and looks at. That story has a bunch more details about kind of the makeup of the group They should be saying something. Like fifteen ish people bounce from the work in the tech industry and belarus in general and a few that have some sub security experience about what kind of learning to hack on the fly supported by a whole bunch of ex patriots involuntary ex patriot belarussian police and other state security people that fled the country after you know some of the bad things down in las relations and they end up providing support and gardens and analytics To help them go through. The process of making the most of the networks have a gangster. I think this kind of spitballing at times like it. Is this exactly what it sounds like. Is it really activists and local did initially talk about this. We came down on the side of well. This actually looks like it might be genuine kind of weird and it starts is to see some stories that back out that feel that we have at the time because we were going on. I'm pretty thin input at that at that point in the story but this is just an i was reading. This and i'm struck by this is like really walked inside a threat. Looks like you know we. We've seen so much has been made in writing about computer security over the you know the the dangers of insiders. This is really the in game of of insider when your own national government is using the people who work the mechanics of your national governments have security apparatus tuning against you and then using those tolls against the government and that's just a. That's inside three writ large and it's really interesting to see.

Belarus Patrick Neil Mit Technology Review Patriots
Dangers of Data Collected in Afghanistan

The CyberWire

01:47 min | 9 months ago

Dangers of Data Collected in Afghanistan

"The taliban seizure of hide that's hand-held interagency identity detection equipment biometric registration and identification devices aroused concern when it was first reported but the risks of that loss while real seem likely to be limited. Mit technology review argues. That a more serious matter is the insurgent government's acquisition of apps the afghan personnel and pay system used by the deposed governments ministries of defense and the interior. A great deal of data was collected in apps. Technology reviews sources tell it that each profile and apps contains at least forty data fields quote. These include obvious personal information such as name date data birth as well as a unique. Id number that connects each profile to a biometric profile kept my the afghan ministry of interior. But it also contains details on the individuals military specialty and career trajectory. As well as sensitive relational data such as the names of their father uncles and grandfathers as well as the names of the two tribal elders per recruit who served as guarantors for their enlistment and quote this amounts to a catalog of community connections with anyone whose name appears in a profile flagged as connected in some non trivial way to the subject of the profile. And unfortunately there are signs that the lists are being used in head hunting searches for personnel. Who served in or otherwise connected to the former government's military services apps data was unprotected by retention or deletion policies and was presumably seized intact.

Afghan Ministry Of Interior Taliban
Is FBI's Magic Lantern the Ultimate Keylogger?

Darknet Diaries

02:12 min | 9 months ago

Is FBI's Magic Lantern the Ultimate Keylogger?

"This malware called magic lantern. And i find it fascinating. It usually infects a computer through an email attachment. You get email which says to open the attachment and when you do zane. Your computer is infected. And what magic lantern does. Is it record your key strokes and sends everything you type back to a central system so the hackers can see everything you type now of course with a key stroke logger like this. It can pick up any message. You send the people private chats and of course your passwords to who's the shady hacking group that uses magic lantern the f. b. i. In two thousand one someone issued a freedom of information request and got back information. The fbi uses this magic lantern malware to capture key strokes on target computers. No i'm under the impression that the fbi would need to get permission to use the software like a search warrant or something so this would classify magic lantern to be a lawful intercept mechanism meaning. They had permission to basically wiretaps on one. But this sparked a debate in the security community. The question was if the fbi has legal permission to eavesdrop on someone by using magic lantern should antivirus and security companies detect and report on this activity. Of course the fbi would like to go unnoticed in any kind of stealth mission and would rather antivirus companies not alert when they see this but on the other hand. That's the whole point of antivirus software to alert. When something is going on and shouldn't be happening. F secure antivirus company based in finland said right away that they would absolutely report on this but they're in finland the fbi is in the us. Mcafee an american antivirus tools said they would not alert the user if the tool saw magic lantern trigger and that it would ignore it later. They denied saying they're saying they do. In fact alert when magic lantern is detected on a computer but this opens a door to a strange world of allies and enemies. And it's hard to know who to trust when the software you buy might be lying to you or when the fbi is busy infecting people with malware to spy on them.

FBI Zane Finland Mcafee United States
T-Mobile CEO Apologizes for Data-Security Breach

3 Dimensional Wealth Radio

00:28 sec | 9 months ago

T-Mobile CEO Apologizes for Data-Security Breach

"An apology from a communications giant Ron Dirac Stra has the story, T-mobile told nearly 50 million customers whose personal data was stolen. It was truly sorry for the breach. In a written statement, CEO Mike Seaver says the company spends a lot of effort to try to stay ahead of criminal hackers, but did live up to the expectations they have for themselves to protect their customers. 21 year old American living in Turkey, told The Wall Street Journal. He was responsible and blame Team Mobil's lax security for making it

Ron Dirac Ceo Mike Seaver Turkey The Wall Street Journal Team Mobil
Biden Urges Tech Moguls to Help Fight Cybersecurity Threat

Atlanta's Morning News

00:32 sec | 9 months ago

Biden Urges Tech Moguls to Help Fight Cybersecurity Threat

"In the wake of major cybersecurity breaches. Like the one of the Alpharetta based colonial pipeline. President Biden meets with top executives from major tech and financial companies. Reporter Moussa Deka Madar says the White House wants the private sector to help toughen its defenses. Google pledged to spend 10 billion in the next five years to secure software supply chains, expand security models and train 100,000 America. And then it support and data analytics. Microsoft also pledged to provide $150 million in technical services to help federal, state and local governments with upgrading their

President Biden Moussa Deka Madar Alpharetta White House Google America Microsoft
New Hampshire Town Loses $2.3M in Taxpayer Money to Cyberattack

Cyber Security Headlines

00:36 sec | 9 months ago

New Hampshire Town Loses $2.3M in Taxpayer Money to Cyberattack

"Hampshire town loses millions to email scammers. The town of peterborough reported. It lost two point. Three million dollars. As a result of business email compromise scammers which redirected bank transfers using forged documents. Sent to the peterborough finance department. The compromise was achieved using fishing and social engineering techniques. The town. I became aware of the issue on july. Twenty six when the convent school district reported. It didn't receive. Its one point. Two million dollar monthly transfer the us secret service cyberfraud task force is currently investigating the attack which originated from overseas. It's unclear if insurance will cover the lost funds and it's down for the transactions can be

Hampshire Town Peterborough Finance Departmen Peterborough Convent School District Cyberfraud Task Force United States
Iran Prisons Chief Apologizes Over Leaked Videos of Prison Abuse

The World and Everything In It

00:47 sec | 9 months ago

Iran Prisons Chief Apologizes Over Leaked Videos of Prison Abuse

"The head of iran's prison system admitted tuesday that leaked video showing abuse at the notorious prison is authentic about a few handled speaking to reporters iran's judiciary chief said authorities are investigating the incident. The prison chief apologized for what he called unacceptable behaviours but offered no plan for reforms. Hackers reportedly stole the video footage taken by the prison security cameras. The videos showed fights among prisoners and guards. They also show overcrowding in cells and harsh conditions in one shot. Prisoners smashes a mirror and tries to cut his arm with a shard of glass even has long been known to house political prisoners and those retires to the west

Iran
Nickel Digital Sees Growing Institutional Demand in UK for Crypto

CoinDesk Podcast Network

01:23 min | 9 months ago

Nickel Digital Sees Growing Institutional Demand in UK for Crypto

"Let's start with institutional adoption expectations. Yesterday i shared some results of a recent deloitte survey that showed just how normalized digital assets were becoming among fund managers. Today another survey out of the uk said something very similar. Nickel digital is a digital asset hedge firm that was started by former goldman sachs and j. p. morgan investors. They recently surveyed wealth managers and other institutional investors and found that more than half plan to increase crypto acid exposure between now and twenty twenty three over a quarter say that they will dramatically increase their exposure. The reason most often cited predictably was number. Go up aka. The long-term appreciation prospects of crypto assets. Now to be clear about this study only twenty. Three asset managers were surveyed so a relatively small sample size but those managers oversee sixty six and a half billion dollars in assets so it certainly not small if you're looking in terms of assets under management of these twenty-three managers nine said they'd become more confident about how digital assets work and nine cents at the regulatory environment was improving in terms of concerns sixteen still cited market structure issues of liquidity and lack of transparency so summing up a very small sample size but much in line with the deloitte survey we discussed yesterday which had for its part a much larger sample size of twelve hundred eighty

Nickel Digital Goldman Sachs Morgan UK
Twitch Streamers to Hold One-Day 'Blackout' to Draw Awareness to 'Hate Raids'

Bloomberg Law

00:21 sec | 9 months ago

Twitch Streamers to Hold One-Day 'Blackout' to Draw Awareness to 'Hate Raids'

"Streamers are Preparing to take a day off from the platform to bring attention to so called hate raids. The Washington Post reports that a blackout is scheduled for September. 1st. It's reportedly meant to bring awareness to the fact that some users employed dummy and bought accounts to flood a streamers chat with abuse, like hateful slurs and symbols.

The Washington Post
PayPal Launches Its Cryptocurrency Service in the UK

Mornings on Maine Street

00:24 sec | 9 months ago

PayPal Launches Its Cryptocurrency Service in the UK

"Report. The price of Bitcoin has topped the $50,000 mark for the first time after its slumped three months ago. PayPal in the UK will allow its customers to buy, sell and hold Bitcoin and other Cryptocurrencies starting this week. It's the first international expansion of PayPal's crypto services outside the United States. The service was launched in the US

Bitcoin Paypal UK United States
Wanted: Disgruntled Employees to Deploy Ransomware – Krebs on Security

Cyber Security Today

02:08 min | 9 months ago

Wanted: Disgruntled Employees to Deploy Ransomware – Krebs on Security

"Ransomeware. Gangs usually try to compromise. Victims computers by secrecy tricking employees into downloading. What they think is legitimate file but one attacker is blatantly appealing to employees greed. He sending emails to employees asking them to infect their companies system with ransomware in return they get a piece of the ransom according to security company abnormal security which is seen emails like this received by its customers. The crook says the employees would get one million dollars in bitcoin. That's assuming the employer pays a two point five million dollar ransom and how does this attacker. Fine potential victims by searching through link them in fact this attacker started out by sending poisoned email attachments to senior executives but when all of his attempts failed turn to finding greeting employees two i good for executives for spotting the initial phony messages and second employees. Need to be warned that they might get a pitch inviting them to be criminal. Cisco systems is investigating what it calls it medium severity vulnerability that could impact some of his routers and edge platforms. The problem is in the server. Name identification requests filtering in cisco's web security appliance and firepower threat. Defense devices it also affects all open source project releases of the snort intrusion detection engine prior to release two point nine point eighteen now. The current version of snort is three an attacker could exploit the vulnerability to compromise a host machine. At the moment there are no work arounds for the cisco products and earlier version of snort. Those with affected secure cisco devices should watch the company's security website for mitigation or patches

Cisco
New York Man Pleads Guilty to Hacking and Stealing Nude Pics

Cyber Security Headlines

02:05 min | 9 months ago

New York Man Pleads Guilty to Hacking and Stealing Nude Pics

"New unofficial windows patch fixes more petite po tam attack vectors a second unofficial patch for the petite po tam vulnerability which allows a threat actor to force a windows server domain controller to authenticate against an. Nt relay server has been released to fix issues not addressed by microsoft's official security update the petite bottom bug tracked as cv dish. Twenty twenty one dash three six nine. Four two was partially fixed by microsoft's august twenty twenty one patch tuesday update but unfortunately it is still possible to abuse petite bo tam using e f s rpc functions that were not addressed zero patch micro patching service has released an unofficial patch. That can be used to block. All known petite potassium alum relay attacks and windows server. Twenty nineteen twenty sixteen twenty twelve in two thousand eight. Our two for those who wish to wait. For an official patch from microsoft petite bottom attacks can be defended against using nets h rpc filters that block remote access to the f. s. Rpc service new york man sentenced to prison for stealing student's nude photos after hacking their accounts. The justice department announced on thursday. That nicholas farber of rochester. New york has been sentenced to three years in federal prison. For hacking. The accounts of dozen female suny plattsburgh students to excess private nude photos farber. Who is a suny plattsburgh. Grad worked with co-conspirator michael fish to access the students school email accounts between twenty seventeen and twenty nineteen fish gained access to at least one account by guessing the answers to victim security questions farber then used their credentials to ex's facebook snapchat in cloud accounts from which he stole private nude photographs movies which he then traded online with others farber was charged with computer fraud and aggravated identity theft and has been ordered to pay just over thirty five thousand dollars in restitution to the school fish also pled guilty to several related charges and his sentencing is set for november third the school implemented multisector authentication all email accounts after the incident

Microsoft Nicholas Farber Farber Plattsburgh Michael Fish Justice Department Rochester New York Facebook
How to Stay Compliant With GDPR?

The FIT4PRIVACY Podcast - For those who care about privacy

02:03 min | 10 months ago

How to Stay Compliant With GDPR?

"You're someone who has seen data prediction as well as technology evolved over the years. Let's start las twenty five years. If i may tap into that belt of knowledge and them what is the big change on. Evolution have seen in data protection as well as technology because it hasn't evolved or not and everyone of us has a perspective. But what do you see the broad level right right. I think one is Ubiquity so when i was a trainee and the law firm no one had computers. There was this word processing system called wang and and so so absolutely dates me and there are still faxes so we'd have legal documents sent through and faxes this big and they used to disappear on that facts paper so we say to review and then very very quickly we got our own personal computers and we were expected to do more of our own document and all this thing and then the what was interesting. Walls the client expectations massively changed when someone sent through a fax this big while they posted round a letter document that big in their mind though going. That's a huge document going to take a while to read. It's gonna take them to get it. And so the the expectation of the reply was was accordingly whereas when you could just email attachment you didn't get any sense of the size and so as a lawyer you'd get the same document email to you. I'm very quickly people to go. So what do you think you're like well. So what was interesting. Was ubiquity of the technology. How quickly that happened. Another one is how that affects things like our own human expectations and changes them based on on the understanding of of different material. I think that's one thing. One another thing is the ease of getting knowledge and and also the the ability to get a lot of poor knowledge. So when everything was offline it you. You basically had a lot of word of mouth. You're quite very selective about how you found the information and there wasn't as much information out there

Wang