Cyber Intelligence Briefing

Welcome to the Nucleon Cyber Intelligence podcast. This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. https://news.nucleon.sh/2021/09/23/intelligence-briefing-74/ If you have been following the adventures of the hackers group called Revil cyber gang then they have fully returned and are once again attacking new victims and publishing stolen files on a data leak site. If you haven't heard about Revil gang, here is a short recap, Since 2019, the REvil ransomware operation, also known as Sodinokibi, has been conducting attacks on organizations worldwide where they demand million-dollar ransoms to receive a decryption key and prevent the leaking of stolen files. We covered some of their attacks right here on big cases such as JBS, Coop, Travelex and many others. REvil shut down their infrastructure and completely disappeared after their biggest hack yet. A massive attack on July 2nd that encrypted over 50 service providers and over 1,500 businesses using a zero-day vulnerability in the Kaseya VSA remote management platform which had no patch. This attack had such wide-ranging consequences worldwide that it brought the full attention of international law enforcement to bear on the group. Maybe because of the pressure, the REvil gang suddenly shut down all their servers and went offline, leaving many victims in a lurch with no way of decrypting their files. Few days later, Kaseya (the company that have been hacked) received a universal decryptor that victims could use to decrypt files for free. It is unclear how Kaseya received the decryptor but stated it came from a "trusted third party.".... ---- On a different subject, cybersecurity experts warned that cybercriminal forums had in recent months been selling access to login credentials for software that the United Nations uses to manage internal projects. The software could provide valuable access to intruders looking to extort the UN or steal data. The cyber security firm Resecurity contacted UN officials after noticing the login credentials for sale on the dark web. Another Security firm reported to observe one prominent cybercriminal gang claiming access to the UN software. This caused the UN to release an official statement saying: “Unidentified hackers breached computer systems at the United Nations in April and the multinational body has had to fend off related hacks in the months since.” There are different rumors and stories about this incident, so we just thought to briefly mention it here in case this case evolves and we will pay more attention to it in the future. ----- That's it for this podcast, stay safe and see you in the next podcast. Don't forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. https://news.nucleon.sh/2021/09/03/intelligence-briefing-73/ ---- Several times this year, LinkedIn seems to have experienced massive data scrape conducted by a malicious actor. An archive of data collected from hundreds of millions of LinkedIn user profiles surfaced on a hacker forum, where it's currently being sold for an undisclosed sum. This time, the author of the forum post is purportedly selling information gathered from 600 million LinkedIn profiles. Latest LinkedIn leak They also claim that the data is new and “better” than that collected during the previous scrapes. Latest LinkedIn leak in 2021 Samples from the archive shared by the author include full names, email addresses, links to the users' social media accounts, and other data points that users had publicly listed on their LinkedIn profiles. While not deeply sensitive, the information could still be used by malicious actors to quickly and easily find new targets based on the criminals' preferred methods of social engineering. LinkedIn's refusal to treat malicious scraping as a security problem can potentially allow cybercriminals to gather data on new victims with impunity. The social media platform, however, is of a different opinion on the matter: “Our teams have investigated a set of alleged LinkedIn data that has been posted for sale. We want to be clear that this is not a data breach and no private LinkedIn member data was exposed,” LinkedIn said in its statement regarding a previous data scrape, where malicious actors collected data from 700 million profiles... ---- Also, Notorious North Korean hacking group impersonates Airbus, General Motors and Rheinmetall to lure potential victims into downloading malware. Researchers have been tracking Lazarus activity for months published new report by AT&T Labs. According to the report's author, emails sent to prospective engineering candidates by the group purport to be from known defense contractors Airbus, General Motors (GM) and Rheinmetall. Attached to the emails are Windows documents containing macro-based malware, “which has been developed and improved during the course of this campaign and from one target to another,” the report wrote. The campaign is just the latest by Lazarus that targets the defense industry. In February, researchers linked a 2020 spear phishing campaign to the stealing of critical data from defense companies by leveraging an advanced malware called ThreatNeedle. The new campaign was identified when Twitter users reported several documents that were linked to Lazarus group using, GM and Airbus as lures. The campaigns using the three new documents have similarities in command and control (C&C) communication but different ways of executing malicious activity, researchers found. Lazarus distributed two malicious documents related to Rheinmetall, a German engineering company focused on the defense and automotive industries. However, the second included “more elaborate content,” and thus likely went unnoticed by victims. Given the historically prolific nature of Lazarus—named “the most active” threat group of 2020 by Kaspersky —the latest attack against engineers “is not expected to be the last,” the report noted. “Attack lures, potentially targeting engineering professionals in government organizations, showcase the importance of tracking Lazarus and their evolution,” the report said. ----- That's it for this podcast, stay safe and see you in the next podcast. Don't forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. https://news.nucleon.sh/2021/08/19/intelligence-briefing-71/ ---- A cyber attack has disrupted container operations at the South African port of Cape Town. Durban, the busiest shipping terminal in sub-Saharan Africa, was also affected. Cape Town Harbour Carriers Association said in an email to members: "Please note that the port operating systems have been cyber-attacked and there will be no movement of cargo until the system is restored." Transnet's official website was down showing an error message. Transnet, which operates major South African ports, including Durban and Cape Town, and a huge railway network that transports minerals and other commodities for export, confirmed its IT applications were experiencing disruptions and it was identifying the cause. It declined to comment on whether a cyber attack caused the disruption. The state-owned company already suffered major disruptions to its ports and national freight rail line last week following days of unrest and violence in parts of the country. In response to a question on whether the cyber attack on Transnet was linked to the unrest, a government official said: "We are investigating, and when that is confirmed or dispelled we are going to make that announcement. "Currently we are treating it as an unrelated event." The latest disruption has delayed containers and auto parts, but commodities were mostly unaffected as they were in a different part of the port, one of the sources said. It will also create backlogs that could take time to clear. Transnet said its container terminals were disrupted while its freight rail, pipeline, engineering and property divisions reported normal activity. ---- Due to a major leak at the coronavirus testing company Testcoronanu, it was possible for anyone to create their own Covid vaccination or test certificate, RTL reported on Sunday. Additionally, private details from about 60 thousand people who took a coronavirus test at this company had been leaked. The company is affiliated with the testing for travel initiative from the government. The leak made it possible for anyone to easily add a fake negative coronavirus test result or proof of vaccination by adding two code lines. In the database, it was possible to personally enter which kind of test was absolved and what the result was. Afterward, you would automatically receive a travel certificate from Testcoronanu. The site has since been shut down by the Ministry of Health. Not only was it possible to add test and vaccination certificates, but users could also alter the data of others. “Anyone with an internet connection could simply adjust data in a corona database. The leak put in question the reliability of the CoronaCheck app. “Any form of reliability is completely gone”, professor of microbiology at the UMC Groningen, Bert Niesters, said. “It is completely irresponsible to use this app for events where it is not possible to keep one and a half meters distance.” The leak also revealed personal information, such as the full names, addresses, phone numbers, social security numbers, passport numbers and medical information from over 60 thousand people. This highly sensitive information can easily be misused by cybercriminals. All locations from Testcoronanu have been closed. People who had an appointment to get tested will have to make an appointment with a different provider. ----- That's it for this podcast, stay safe and see you in the next podcast. Don't forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. https://news.nucleon.sh/2021/08/13/intelligence-briefing-70/ ---- COVID related cyber attacks are attractive targets as they are usually well funded and time sensitive so ransomware should be easier. German pharmacies have stopped issuing digital COVID-19 vaccination certificates after hackers created passes from fake outlets. Germans who have been fully vaccinated are entitled to a certificate which allows them more freedoms, especially to travel. Pharmacies and vaccination centres issue them but The German Pharmacists Association said hackers had managed to produce two vaccination certificates by accessing the portal and making up pharmacy owner identities. In a statement they released they said: "The DAV, in consultation with the Health Ministry, stopped issuing certificates to investigate further", adding it had so far found no other indication of unauthorised access to the portal. "It can therefore be assumed that the more than 25 million vaccination certificates issued so far through pharmacies have all been issued by legally registered pharmacies," said the DAV. After a slow start, due to supply problems and bureaucratic hurdles, Germany's vaccine rollout picked up in May and June but now the pace of doses being administered is slowing. ---- The Saudi Arabian Oil Company, better known as Saudi Aramco, told that it "recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors." Saudi Arabia's state oil giant acknowledged Wednesday that leaked data from the company - files now apparently being used in a cyber-extortion attempt involving a USD 50 million ransom demand - likely came from one of its contractors. The oil firm did not say which contractor found itself affected nor whether that contractor had been hacked or if the information leaked out another way. "We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture," Aramco said. A page on the darknet offering Aramco a chance to have the data deleted for USD 50 million in cryptocurrency, while another timer counted down from USD 5 million, likely in an effort to pressure the company. It remains unclear who is behind the ransom plot. Aramco has been targeted before by a cyberattack. In 2012, the kingdom's oil giant found itself hit by the so-called Shamoon computer virus, which deleted hard drives and then displayed a picture of a burning American flag on computer screens. The attack forced Aramco to shut down its network and destroy over 30,000 computers. In 2017, another virus swept across the kingdom and disrupted computers. ----- That's it for this podcast, stay safe and see you in the next podcast. Don't forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cybersecurity in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. In this podcast, we will discuss two topics , one related to cyber incident in the health care in the usa. the second a cyber incident related to south korea stealth fighter. Full post can be found at: https://news.nucleon.sh/2021/08/09/intelligence-briefing-69/

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. https://news.nucleon.sh/2021/08/26/intelligence-briefing-72/ A group of Iranian hackers targeting U.S. military personnel on Facebook, deployed a "well-resourced and persistent operation" to connect with victims on the social media site, and trick them into providing sensitive information as part of a larger online espionage campaign, Facebook said recently. The group, known as "Tortoiseshell" in the security industry, targeted nearly 200 individuals associated with the military as well as defense and aerospace companies in the U.S., and to a lesser extent in the U.K. They used social engineering and phishing to direct victims away from Facebook and infect their devices with malware. Facebook said its investigation revealed that parts of the malware used by Tortoiseshell was developed by Mahak Rayan Afraz, a Tehran-based IT company with close ties to the Islamic Revolutionary Guard Corps (IRGC). "Based on our analysis of the capabilities of this malware, we believe it was target-tailored to understand the type of software that the device was running and the networks that it was connected to, to presumably assist in future targeting efforts for the attackers," Mike Dvilyanksi, Facebook head cyber espionage investigations, told..... ------ That's it for this podcast, stay safe and see you in the next podcast. Don't forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cybersecurity in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. In this special podcast, we will discuss Kaseya. Kaseya is a software company located in Florida, USA. They claim to have more than 40,000 organizations around the world using one of Kaseya's industry-leading IT solutions. KASEYA has a product named VSA, it's a Remote Monitoring & Management set of tools aimed for different organizations and service providers. one of its features is Automating software patch management and vulnerability management to ensure that all systems are up to date and another feature is managing backups and antiviruses on remote systems. By design KASEYA VSA needs to have privileged access to the remote computers it manages. Kaseya said in a statement that approximately 50 of its direct customers were breached in a cyber attack. The attackers were able to gain access using the update server to the clients' networks and from there encrypt remote computers. Since many of Kaseya's customers provide IT services to small businesses such as restaurants and accounting firms it is difficult to estimate the number of businesses that were impacted because of this cyber attack. Another consequence was that the Swedish coop grocery store chain was forced to close 800 stores during several days. Experts say it was no coincidence that REvil launched the attack at the start of the Fourth of July holiday weekend, knowing U.S. offices would be lightly staffed. Many victims may not learn of it until they are back at work on Monday. Short time after the incident Kaseya said it sent a detection tool to nearly 900 customers. https://news.nucleon.sh/2021/07/29/cyber-news-update-67/ -------------------------------------------------------------------------------------------- That's it for this podcast, stay safe and see you in the next podcast. Don't forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. https://news.nucleon.sh/2021/06/30/cyber-news-update-67/ ---- Several Japanese government agencies reportedly suffered data breaches originating from Fujitsu's information sharing tool they were using. The platform is a cloud-based enterprise collaboration and file-sharing platform launched in the mid-2000s. Fujitsu had earlier disclosed that hackers gained unauthorized access to the system and stole customer data. The computer emergency response team is still investigating and trying to determine if government agencies were targeted or the incident was a software supply chain attack. Investigators said that the cyber attack affected the Japanese Ministry of Land, Infrastructure, Transport, Tourism, the Cabinet Secretariat, and the Narita International Airport. The National Cyber ​​Security Center said that hackers accessed 76,000 email addresses and email system settings through Fujitsu's file-sharing tool. They exfiltrated flight schedules, air traffic control data, and business operations data from the Narita Airport. Similarly, study materials from Japan's Ministry of Foreign Affairs were exposed. Japan's Cabinet Secretariat's national cybersecurity center advised government agencies and critical infrastructure organizations relying on Fujitsu's information-sharing tool to check for indicators of compromise. The Fujitsu hacking incident was the second affecting Japan's government agencies in a month. In April, hackers compromised Solito's file-sharing server that affected Japan's Prime Minister's office. Japan's Chief Cabinet Secretary Katsunobu Kato, said that cyber attacks on Japan's critical infrastructure were expected during the Tokyo Olympics. He noted that his office was prepared to address such security incidents. ---- This week, The Steamship Authority of Massachusetts is asking travelers to bring cash for tickets and parking as the ferry service continues trying to recover from a ransomware attack. Customers were unable to book or change reservations online or by phone for the largest ferry service to the islands of Martha's Vineyard and Nantucket after the cyber attack occurred. "There is no impact to the safety of vessel operations, as the issue does not affect radar or GPS functionality," the Authority said in a statement. The FBI is now taking the lead on the investigation, working in conjunction with the Coast Guard and the Massachusetts State Police Cyber Security Unit, Coast Guard First District Petty Officer Amanda Wyrick told the Cape Cod Times. This joins more and more cyber incidents where the FBI is taking the lead on the investigation as the US is starting to realize and understand that such cyber attacks are not done only for financial reasons but also in order to cause chaos and disrupt the daily lives of citizens. Ransomware attacks have become a national threat against the USA and we can see that each week the USA is starting to take more and more severe measures in order to deal with it. --- That's it for this podcast, stay safe and see you in the next podcast. Don't forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. https://news.nucleon.sh/?p=1108 Chinese-backed threat actors breached New York City's Metropolitan Transportation Authority (MTA) network in April using a VPN provider that had a zero-day. just to remind the listeners, a zero-day means exploit or vulnerability the vendor is not aware and there is no patch to solve the issue yet. A VPN stands for Virtual Private Network, which means it is the part of the network that must be exposed to the internet as it enables employees to connect and work from remote environments. Luckily, they still failed to cause any data loss or gain access to systems controlling the transportation fleet. According to Rafail Portnoy, MTA's Chief Technology Officer, while the attackers hacked into several MTA computer systems, they couldn't gain access to employee or customer information. MTA mitigated the vulnerability one day after the VPN provider issued an advisory, and published an alert that it had a vulnerability which already being exploited in the wild... Also, Cox Media Group appeared to be struggling with a cyber attack after many of its live streams went down. Cox is a large US media conglomerate, comprising 54 radio stations in 10 markets and 33 TV stations in 20 markets. It also operates the conservative news site rare.us, which appears to be unaffected. The US has recently increased its ransomware attacks scrutiny as they begin to pose a more visible national security threat. the deputy of national security advisor for cyber and emerging technology sent an open letter to US businesses urging them to be more resilient after the JBS and Colonial attacks. The letter laid out a series of protective steps, including backing up data, segmenting their networks, and maintaining an incident response plan... --- That's it for this podcast, stay safe and see you in the next podcast. Don't forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. ---- https://news.nucleon.sh/2021/06/10/cyber-news-update-65/(opens in a new tab) This week we can see a live demonstration of the importance of cyber security ! UF Health from Central Florida has suffered a reported ransomware attack that forced two hospitals to shut down portions of their IT network. The University of Florida Health, also known as UF Health, is a healthcare network of hospitals and physician practices that provide care to countries throughout Florida. While ransomware has been a scourge on businesses worldwide since 2012, it has recently received increased scrutiny due to recent attacks on critical infrastructure, healthcare systems, and food suppliers. Last month, the DarkSide ransomware operation attacked Colonial Pipeline, the largest US fuel pipeline. It led to a temporary shutdown of fuel transport to the southeast and northeast of the United States. Surprisingly, it seems that It's the second data breach involving UF Health since last August when one of its contractors was compromised by ransomware. So it's been less than one year since the last successful ransomware attack and now the organization is facing again the same type of cyber attack! official response was: "UF Health Central Florida detected unusual activity involving its computer servers. Our information technology team is collaborating with IT experts on our Gainesville and Jacksonville campuses to investigate the situation and mitigate any potential risks.” In 2020, there were nearly 4,000 publicly reported data breaches. In just 23 of them, more than 2 billion records were exposed. And, health care was the most victimized sector, accounting for 12% of those breaches. Organizations should remember that even if they got hacked once it doesn't mean hackers will not try to hack them again. ---- A cyberattack on JBS SA, the largest meat producer globally, forced the shutdown of all its U.S. beef plants, wiping out the output from facilities that supply almost a quarter of American supplies. It's unclear exactly how many plants globally have been affected by the ransomware attack as Sao Paulo-based JBS has yet to release those details. The prospect of more extensive shutdowns worldwide is already upending agricultural markets and raising concerns about food security as hackers increasingly target critical infrastructure. Livestock futures slumped, while pork prices rose. JBS suspended it's North American and Australian computer systems on Sunday after an organized assault on some of its servers, the company said in a statement. Without commenting on plant operations, JBS said the incident may delay certain transactions with customers and suppliers. President Joe Biden directed his administration to do whatever it can to mitigate the impact on the meat supply. “Attacks like this one highlight the vulnerabilities in our nation's food supply chain security, and they underscore the importance of diversifying the nation's meat processing capacity,” said U.S. Senator John Thune of South Dakota. ---- That's it for this podcast, stay safe and see you in the next podcast. Don't forget to visit www.nucleoncyber.com for the latest podcasts on cyber intelligence.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. ---- https://news.nucleon.sh/2021/05/24/cyber-news-update-63/(opens in a new tab) One of the USA's largest pipelines, which carries refined gasoline and jet fuel from Texas up the East Coast to New York, was forced to shut down after being hit by ransomware in a vivid demonstration of the vulnerability of energy infrastructure to cyberattacks. The operator of the system, Colonial Pipeline had shut down its 5,500 miles of pipeline, which it says carries 45 percent of the East Coast’s fuel supplies, in an effort to contain the breach. Also, An Incident that happened a while ago and worth mentioning is potentially sensitive information leak from the Washington, D.C., police department that was allegedly breached by a ransomware attack from a group seeking a payout. A group called Babuk claimed to be behind the attack. In a post made on its website, the group threatened to release information pulled from the department's systems if they were not paid an undisclosed amount. Screenshots of alleged arrest records and internal memos were posted on Babuk's website and re-shared online. Sensitive information was not revealed as much as it's known. That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.

Welcome to the CyberCure Bi-Weekly podcast. You can read the full transcript at: https://news.nucleon.sh/2021/04/02/cyber-news-update-62/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. Cryptocurrency exchange is a popular target, they hold many different cryptocurrencies, and it's usually less protected than banks and other traditional financial institutions. British cryptocurrency exchange EXMO is joining other crypto exchanges and has disclosed that unknown attackers withdrew almost 5% of its total assets after compromising its hot wallets. ----- There are many cybersecurity companies that perform regular patrols on the internet, searching different forums, searching hints both in the dark web as well as in the clear net. In the past, it was very easy to find people who are selling illegal stuff on the internet but in recent years the hackers realized that many of the users who are using the forums in the darknet are security researchers or law enforcement so forums that used to be public started limiting the access to them to provide access only for users who are able to prove who they are, for example by providing a recommendation from another user. ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit https://news.nucleon.sh for the latest podcasts on cyber intelligence.

Welcome to the CyberCure Bi-Weekly podcast. You can read the full transcript at: https://news.nucleon.sh/2021/02/07/cyber-news-update-60/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. ---- For a company who develops software there are very strict guidelines in order to ensure that sensitive information is not leaked or accessed by unauthorized users. it is specially challenging these days since many of what used to be internal protected network services is now need to be available online in order to enable work remotely. The Nissan Motor Company, is a Japanese multinational automobile manufacturer headquartered in Japan. The source code of mobile apps and internal tools developed and used by Nissan North America has leaked online after the company misconfigured one of its development servers. --- Also covering: Capcom, the game developer behind many popular games such as Resident Evil, Street Fighter and Others, now says its recent attack compromised the personal data of up to 400,000 gamers. Capcom is a Japan-based publisher of blockbuster games detected a breach During the end of 2020, Capcom said its personal, as well as corporate data, was compromised. A group called Ragnar Locker claimed responsibility and said they had downloaded more than 1TB of corporate data, including banking details, contracts, proprietary data, emails and more. Gaming is increasingly becoming a target for all types of cyberattacks. Over the past several months, along with Capcom many other popular and big brands found themselves dealing with different cyber attacks. ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit https://news.nucleon.sh for the latest podcasts on cyber intelligence.

Welcome to the CyberCure Bi-Weekly podcast. You can read the full transcript at: https://news.nucleon.sh/2021/02/07/cyber-news-update-60/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. ---- Lately it seems more and more organizations refuse to pay ransomware attacks, as a result there is increasing amount of stolen data offered for sale on the internet. A US-based auto parts distributor has sensitive data leaked by cybercriminals After refusing to pay ransom. A 3GB archive that purportedly belongs to NameSouth, a US-based auto parts shop, has been publicly leaked by the NetWalker ransomware group. The NameSouth archive leaked by NetWalker includes confidential company data and sensitive documents, including financial and accounting data, credit card statements, personally identifiable employee information, and various legal documents. --- Also covering: A wave of attacks against companies in Colombia uses a trio of Remote Access Trojans (RATs) to steal confidential, sensitive data. ESET an antivirus company said in a blog post that lately government and private entities in Colombia are being exclusively targeted by the threat actors, who seem to have a particular interest in the energy and metallurgical industries. ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit https://news.nucleon.sh for the latest podcasts on cyber intelligence.

Welcome to the CyberCure Bi-Weekly podcast. You can read the full transcript at: https://news.nucleon.sh/2021/02/05/cyber-news-update-58/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. ---- malvuln.com is a new web site, it is a unique web site which offers a different view on vulnerabilities in software. It is the first website exclusively dedicated to the research of security vulnerabilities within Malware itself. For the non technical listeners we will explain in more details what it means. Many cyberattack have a phase where the attacker is installing some type of backdoor of a malware on the remote computer. --- Also covering: Dutch energy supplier Eneco has warned tens of thousands of clients, including business partners, to change their passwords amid a recent data breach. Eneco, a producer and supplier of natural gas, electricity and heat in the Netherlands, serves more than 2 million business and residential customers. In a recent statement, the company said that “cyber ​​criminals have used email addresses and passwords from previous thefts at other websites to gain access to approximately 1,700 private and small business My Eneco accounts, the online environment for Eneco customers.” All affected customers have been sent an email with instructions on how to create a new My Eneco account. ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit https://news.nucleon.sh for the latest podcasts on cyber intelligence.

Welcome to the CyberCure Bi-Weekly podcast. You can read the full transcript at: https://blog.cybercure.ai/2021/01/19/cyber-news-update-57/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. Don’t forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.

Welcome to the CyberCure Bi-Weekly podcast. You can read the full transcript at: https://blog.cybercure.ai/2020/07/31/cyber-news-update-31-7-20/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. ---- Life Healthcare, a South African healthcare provider, is investigating a cyber-attack that targeted some of the group’s IT systems. Life Healthcare Group is the second largest private hospital operator in South Africa and said its southern African operation had been the victim of a targeted criminal attack on its IT systems. According to the organization, patient care has not been impacted by the cyber-attack, although some hospitals and administrative offices have switched to manual backup systems. The acting group CEO, said: “We are deeply disappointed and saddened that criminals would attack our facilities during such a time, when we are all working tirelessly and collectively to fight the COVID-19 pandemic." Its sad to see once again how organizations fails to allocate proper budgets to cyber security measures and training which might resulted in this attack. South Africa have been targeted lately by several strong entities resulting successful hacking attacks. --- Cosmetics giant Avon is recovering from a mysterious cyber-security incident that took place last week, on June 8, sources have told ZDNet. The company has filed documents with the US Securities Exchange Commission disclosing the incident on June 9, a day after the company first discovered issues with some of its IT infrastructure. The company said the incident "interrupted some systems and partially affected operations." Last week, Avon distributors reported problems accessing the company's backend, where they usually file new product orders. Issues with accessing the Avon backend have been reported in the UK, Argentina, Brazil, Poland, and Romania. Avon, which is owned by Brazilian multinational Natura &Co, has declined to provide details about the incident to both distributors, and the representatives of the press. An Avon spokesperson could not be contacted for comment, despite repeated attempts over the past two days. Details about the nature of the cyber-attack are still a mystery, but in a second document filed with the SEC on June 12, last Thursday, Avon promised to restore "some of its affected systems in the impacted markets" during this week. rumors on the internet states that the Avon incident is a ransomware attack carried out by the DopplePaymer gang. However,no independent confirmation found. While ago, The operators of the DopplePaymer ransomware have congratulated SpaceX and NASA for their first human-operated rocket launch and then immediately announced that they infected the network of one of NASA's IT contractors. In a blog post published today, the DopplePaymer ransomware gang said it successfully breached the network of Digital Management Inc. (DMI), a Maryland-based company that provides managed IT and cyber-security services on demand. To support their claims, the DopplePaymer operators posted 20 archive files on a dark web portal the group is operating. So maybe there is a good reason for Avon to hide the details about the attack and not disclose ? ----- That’s it for this podcast, stay safe and see you in the next podcast. Don’t forget to visit www.cybercure.ai for the latest podcasts on cyber intelligence.

The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. You can read the transcript of the podcast at: https://blog.cybercure.ai/2020/07/24/intelligence-update-24-7-20/ The National Highways Authority of India is responsible for management of a network of over 50,000 km of National Highways. India's cyber security agency, had issued an advisory warning that the potential phishing attacks could impersonate government agencies, departments and trade bodies that have been tasked to oversee disbursement of government fiscal aid. This incident joins previous reports that several government agencies, media houses, pharma companies, telecom operators and a large tyre company in India may be targeted by a massive cyberattack from hacking groups with links to the Chinese government. also covering: Online food delivery service Delivery Hero has confirmed a data breach affecting its Foodora brand. Foodora is an online food delivery brand originally based in Germany which offers meals from over 9,000 selected restaurants in several countries worldwide. The cybersecurity incident has exposed the account details of hundreds of thousands of customers in 14 different countries. read more at: https://blog.cybercure.ai/2020/07/24/intelligence-update-24-7-20/

Cyber News Update - July - 17th - 2020 by CyberCure.ai

You can read the full blog at: https://blog.cybercure.ai/2020/07/10/intelligence-news/ This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. ---- ST Engineering is a Singapore based Technology company with an integrated engineering group in the aerospace, electronics, land systems and marine sectors, producing products used by militaries around the world. ---- Also covering, The the University of California in San Francisco is dedicated entirely to health science. It is a major center of medical and biological research and teaching. On June 3, UCSF IT staff detected a security incident that occurred in a limited part of the UCSF School of Medicine’s IT environment a few days earlier, the organization said in a statement on its website. *** They paid to of money *** In October, the FBI warned that ransomware attacks are becoming "more targeted, sophisticated and costly, even as the overall frequency of attacks remains consistent." The FBI does not advocate paying a ransom, the agency said, "in part because it does not guarantee an organization will regain access to its data." In some cases, victims who paid a ransom were never provided with decryption keys.

Welcome to the CyberCure Bi-Weekly podcast. This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. In this episode we cover: 1. Bluebook , a popular site used by influencers hacked. 2. Marriott hack, again (?!) Read full podcast at cybercure: https://blog.cybercure.ai/2020/04/13/cyber-intel-update-20-4-20/

Welcome to the CyberCure Bi-Weekly podcast transcript. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. In this episode we cover: 1. A common cyber attacks type that we frequently discuss here is when hackers are targeting different service suppliers. this time covering GoDaddy phising incident which cause some clients security isssues. 2. Hacking for profit , hackers offering other hackers money for hacking and earning money of it. Full transcript at the blog: https://blog.cybercure.ai/2020/04/14/cyber-intel-update/

Welcome to the CyberCure Bi-Weekly podcast transcript. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. In this episode we cover: 1. The owners of Philips smart bulbs were being urged to check its firmware, after publication of a vulnerability in how the accessories communicate with each other could allow an attacker to gain control over the whole home network. 2. WhatsApp is known to be an unsecured messaging platform, even tough there are many warnings coming from cyber security experts about the dangers of using whatsApp its still widely popular messaging app. read the fulll transcript at: https://blog.cybercure.ai/2020/02/09/blog-49

This podcast covers 2 topics related to cyber security. 1. The hack into the UN. 2. The hack into the slotmachines. maker. Not all the organizations in the world think that transparency related to cyber attacks is needed, this is specially concerning when it comes from one of the famous organizations in the world, the United Nations. read the full transcript at: https://blog.cybercure.ai/2020/03/05/blog-48/

The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. This time covering: 1. Facebook's official accounts on Twitter and Instagram have been temporarily taken over and then defaced by a group of hackers known as OurMine. 2.Maastricht University located in the netherlands disclosed that it paid 30 bitcoin ransom requested by the attackers who encrypted some of its critical systems following a cyberattack that took place on December 23, 2019. The university also disclosed that it acquired the ransomware decryptor from the attackers by paying a 30 bitcoin ransom (roughly $220,000) to restore all the encrypted files as Reuters reported. Read full transcript at http://blog.cybercure.ai

Last week, Security experts caught hackers in Japan trying to spread malware through emails with links about the corona virus. This podcast drill into more details about phishing attacks taking advantage of the corona virus situation and try to exploit human fears to gain financial profits. The second part discuss Turkey low abilities in the cyber warfare arena.

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. The Indonesian National Police in a joint press conference with Interpol announced the arrest of three Indonesian hackers who had compromised hundreds of international e-commerce websites and stolen payment card details of their online shoppers. listen for more details. the second item behind covered is about The health care industry being a target for hackers for a long time. Health care institutes carry both financial opportunities as well as large amounts of sensitive data, this combination makes health care organizations popular target for cyber attacks. A new research indicates that Two thirds of healthcare organisations suffered cybersecurity incidents in 2019 in the USA. Read full transcript: https://blog.cybercure.ai/?p=632

The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. ---- A week ago we examined the cyber attack that was made on travelex, Travelex is a financial agency with more than 1500 outlets in different airports. the cyber attack was performed using a malware known as REvil, it's been almost a month since travelex declared about the cyber attack and still some of their web sites seems to be down giving the same message. the hackers who are spreading this type of malware continue to work and this time another big company was hit, Parts manufacturer Gedia Automotive Group, which employs more than 4,000 people in seven countries got hit by what they call a massive cyber attack and said it has been forced to shut down its IT systems and send staff home. The company is located in a town called Attendorn in Germany which shows that the group behind this malware is able to hit major enterprises all around the world, started with US computer services company Artech Information Systems after that UK based Travelex and now Gedia which is located in Germany. They managed to hit at least 3 big companies in 3 different segments and 3 different geographical location. The difference this time is that the hackers behind the malware are using psychological warfare in order to push the victims to pay. In Gedia case the hackers uploaded records of sensitive data taken from the internal network to show a proof they collected internal data and now they threaten to publish the data if they will not be paid soon. As we discussed previously, the malware developers worked with other hackers that were affiliates, this gave the developers behind the malware extensive reach to different networks in different segments. While the hackers made threats against all organizations they still haven't proved they actually got all the data they claim to have and did not published much sensitive data from previous breaches. is it going to change ? maybe , stay tunedfor more news soon. ---- The tension between Iran and the USA is high, the USA already admitted it performed several cyber attacks against Iran. On the other side Iran never admitted it made cyber attacks but security researchers are starting to see more and more evidences that such attacks are being performed. A group of security researchers from Recorded Future identified An hacking campaign with suspected ties to Iran has targeted the European energy sector in what's thought to be a reconnaissance mission aimed at gathering sensitive information. They particularly identified a malware that is known to be used mainly by the group known as APT33, and has previously been deployed in attacks targeting critical infrastructure. read full transcript at: https://blog.cybercure.ai/2020/01/29/intelligence-update-30-1-20/

This recent weeks some interesting cyber attacks took place, in this special podcast we will try to give some insights about them and explain also to non technical people. Travelex is an exchange company headquartered in London. Its main businesses are international payments and issuing prepaid credit cards for use by travellers and some other financial services. On 31 December 2019, Travelex was officially got hit by a ransomware and took its websites and mobile apps offline and reported about the cyber attack. A week later, it was revealed that the entire company was being held to ransom known as revil but also known as Sodinokibi. read the full post at: https://blog.cybercure.ai/?p=606

This episode covers the An Indian nuclear power plant that suffered a cyber attack, this revealed that India still have problems with adjusting themselves to modern cyber attacks and still have long way to go. Also covering the incident of the crashed spaceship, was this part of elaborated cyber attack ? is there someone aiming India critical infrastructure ? might it be an ally ? Listen to the full podcast or read the transcript at: https://blog.cybercure.ai/?p=590

In recent podcast we covered Ring , company owned by Amazon. Ring manufactures a range of home security products that incorporate outdoor motion-detecting cameras, such as the Ring Video Doorbell and other home internet connected cameras. NASA is very attractive target for cyber attacks. earlier this year it was reported that hackers breached NASA network and were able to steal Mars mission data, The infiltration was only spotted and stopped after the hackers roamed the network undetected for almost a year. read more at: https://blog.cybercure.ai/2020/01/03/intel-update/

The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. This episode covering Fuel pumps vulnerabilities and IoT devices being hacked remotely once again. you can read the full transcript at: https://blog.cybercure.ai/?p=554

Some of the best ways for hackers to hide their identity is by looking like they are some one else, recent example that made public lately by the UK’s National Cyber Security Centre after a two-year probe, The so-called Turla group, which has been linked with Russian intelligence, allegedly hijacked the tools of Oilrig, a group widely linked to the Iranian ministry of Intelligence which is part of the Iranian government, also known as APT34. read the full podcast transcript at: https://blog.cybercure.ai/?p=538

In this special podcast we will focus on cyber attacks known as ATM jackpotting. This type of attacks is gaining popularity and worth taking the time to get to know it better and understands. You probably seen movies where the ATM starts to spit out cash to the street with no reason, listen to the podcast or read the full blog to learn more about this type of cyber attacks. read the full transcript at: https://blog.cybercure.ai/?p=528

The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. This time the following topics are covered: * Zynga security incident * Billboards vulnerabilities read full transcript at: https://blog.cybercure.ai/?p=485

The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. This time the following topics are covered: Doordash - The popular delivery food app had a leak of almost 5M users. IoT - Hacker hacked into smart home and played with the couple living in it. read full transcript at: https://blog.cybercure.ai/?p=485

The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. read full transcript at: https://blog.cybercure.ai/?p=449

This episode of the cyber intelligence podcast by cybercure.ai covers the following topics: * Malaysia’s Malindo Air, a subsidiary of Indonesia’s Lion Group, said it was investigating a data breach involving the personal details of its passengers during September 2019, around 30 million passengers of Lion Group and were posted in online forums. * Facebook is huge company and it is constantly having securiy issues, during september 2019 Hundreds of millions of phone numbers linked to Facebook accounts have been found online. Checkout the full post at: https://wordpress.com/block-editor/post/blog.cybercure.ai/459

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. in this podcast focus on alibaba and Czech Republic incidents. read the full transcript at cybercure.ai blog: https://blog.cybercure.ai/?p=441

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. About 160 speed and red-light cameras were targeted in the 2017 WannaCry ransomware attack in Victoria Australia. The 2017 attack reportedly caused a loss of $20 million in revenue, and about 70,000 fewer bookings. you think it was fixed by now ? listen in the podcast to the amazing facts. Another good story is about the city of baltimore who decided to increase its cyber insurance after the learning the hard way what cyber attacks can do. read the full transcript at cybercure.ai blog: https://blog.cybercure.ai/?p=431

This time we cover the huge data leak Bulgaria is facing. The second issue is about the hacker that got caught in Seattle in the USA. can read full blog at: https://blog.cybercure.ai/2019/08/09/9-8-19-cyber-news/

This week we focus on the cyber attacks on/from Australia and Russia. Australia’s ties with Russia soured after the downing of Malaysian Airlines flight MH17 back in 2014, the joint task force that investigated the crash, reached a conclusion that the airplane brought down by a Russian surface-to-air missile known as BUK , the missile launcher arrived to Ukraine at the same day from Russia and went back after the shooting. Was this incident related to a recently published hack to Russian secret services contractor that revealed many sensitive details ?

the CyberCure Bi-Weekly podcast transcript. The podcast is aimed at professionals who are short on time, or for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. Telegram is in the news again after it suffered a major cyber-attack that appeared to originate from China, The attack was linked it to the ongoing political unrest in Hong Kong. Telegram warned users in many regions may face connection issues and also predicted that like with other political associated DDoS attacks it is expected to be over when the protests will end. The second item is about The Indian WhatsApp lynchings are a spate of mob-related violence and killings following the spread of rumours, primarily relating to child-abduction and organ harvesting, via the WhatsApp message service. there having been terrifying incidents evolving WhatsApp users spreading rumours which caused mob to perform violence related acts against innocent people.

full blog at: https://blog.cybercure.ai/?p=270 This time the podcast covers: Nearly 1,000 employees sent home for the entire week, on paid leave after ransomware got control over the network of one of the world's largest suppliers of airplane parts located in Belgium named ASCO. and about Podemos is a left wing political party in Spain founded in January 2014 by Pablo Iglesias in the aftermath of the protests against inequality and corruption in Spain. The party filed a complaint in the police earlier this year reporting that a security camera installed by the authorities outside the family home of the group’s leader, Pablo Iglesias, had been hacked, and that footage was being streamed live on a publicly accessible website.

Sometimes hacking is done for pure fun, The Cartoon Network is an American pay television channel. During May 2019, Hackers were able to perform a successful attack against the network web servers and change the content of the web pages. many videos started showing videos of a male stripper from brazil. The other story is about Romania and the unprofessional minister there who cause the goof professional people who actually needs to defend the country troubles and problems. some politians just dont know when to stop talking and they will say anything they can just to get another line in the news.

This week we cover two topics: In Italy things are working at a slower pace, A 25-year-old Italian man pleaded guilty this week for defacing NASA websites and 60 other Italian government sites back since 2011. This week A Florida city agreed to pay $600,000 in ransom to hackers who took over its computer systems, that attack joining other cyber attacks that have been hitting Florida recently. The Riviera Beach City Council voted unanimously this week to pay the hackers’ demands, believing the Palm Beach suburb had no choice if it wanted to retrieve its records, which the hackers encrypted. The council already voted to spend almost $1 million on new computers and hardware after hackers captured the city’s system three weeks ago. full podcast transcript and images available at cybercure.ai blog: https://blog.cybercure.ai/2019/06/29/29-6-19-cyber-news/

In this episode we review two incidents happened recently, one related to germany and the fleet of planes the government have and the other is a massive breach of restaurant chain called checkers located in the USA. This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. full transcript is available at: https://blog.cybercure.ai/2019/06/10/10-5-19-cyber-intelligence-news/ more podcasts can be found at: http://www.cybercure.ai

This podcast will give you a summary of the latest news related to cyber intelligence and proactive cyber security in only a few minutes. The podcast is aimed for anyone who would like to know a bit more about what is REALLY happening out there in the cyber world. The focus of this podcast will be on the latest cyber events for non-technical people; anyone can listen and understand. In this episode we review upbit cyber attack as well as cyber attack on Ireland. full transcript is available at: https://blog.cybercure.ai/2019/06/10/10-5-19-cyber-intelligence-news/ more podcasts can be found at: http://www.cybercure.ai

This is the fifth podcast in the docuseries examining Cyber Iran, this time the focus on current events covering cyber events which happening for the first time in public light. Full transcript of the podcast can be found at cybercure blog: https://blog.cybercure.ai/2019/05/26/cyber-iran-the-2019-conflict/

This week news, follow up on venezuela story. hackers got into cyber security company traded on the NASDAQ. full podcast transcript can be found at: http://blog.cybercure.ai

This week news, follow up on venezuela story. hackers got into cyber security company traded on the NASDAQ. full podcast transcript can be found at: http://blog.cybercure.ai