Symantec Cyber Security Brief Podcast

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the Symantec Threat Hunter Team’s latest blog detailing a recent campaign by the Billbug espionage group, in which it targeted a certificate authority and multiple government agencies in various countries in Asia. We also discuss a new strain of ransomware called Prestige, which is being used in attacks against Ukraine, while we also take a look some recent arrests of suspects that are alleged to have been involved in major cyber crime groups - with one suspect alleged to have been involved in the JabberZeus gang arrested in Switzerland, while an alleged member of the LockBit ransomware group was apprehended in Canada.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss two recent Symantec blogs, including one detailing the new Exbyte data exfiltration tool, which is being used by at least one affiliate of the BlackByte ransomware gang. We also discuss our blog about a group called Cranefly, which is using a new dropper and malware, as well as a novel method of reading commands from legitimate IIS logs. We also discuss the OpenSSL vulnerability that caused a lot of headlines over the last week, and the ransomware losses that occurred in 2021.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Kevin Sovey to discuss a blog we recently published about the Budworm espionage group targeting organizations in the U.S. We also discuss another blog we published this week about the Spyder Loader malware being deployed on the machines of government agencies in Hong Kong. We also talk about apparent links between the operators behind Ransom Cartel and the REvil/Sodinokibi ransomware family.

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss a recent blog we published on the Witchetty (aka LookingFrog) espionage group, which has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa, including a new tool that employs steganography. We also discuss the recently discovered Microsoft Exchange Server zero days, the U.S. defense sector being targeted by multiple APT groups, and a newly discovered espionage actor called Metador, which was spotted operating in recent weeks. We also discuss the breach of Australian telecoms giant Optus, and some new information that has emerged about the takedown of the REvil/Sodinokibi ransomware gang.

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Alan Neville to discuss some of the recent blogs that the Symantec Threat Hunter team has published. We discuss a new wave of espionage activity targeting Asian governments by attackers who were formerly associated with the ShadowPad malware but who appear to have now adopted a new toolset to mount an ongoing campaign against a range of government and state-owned organizations in a number of Asian countries. We also examine the current activities of a group we call Webworm, which has developed customized versions of three older remote access Trojans (RATs), including Trochilus, Gh0st RAT, and 9002 RAT. We also discuss a blog we have published about the Noberus (aka BlackCat ) ransomware, and the recent tactics, tools, and procedures we have seen deployed alongside that ransomware recently.

The Cyber Security Brief is back after its summer break! In this episode, Brigid O Gorman and Dick O’Brien cover some of the stories you might have missed while we were off air. Dick discusses a recent Symantec blog that looks at the implications of poor security practices in the mobile software supply chain, and how this can lead to the exposure of an alarming amount of data. Brigid discusses some of the continuing effects of the Russian invasion of Ukraine in the world of cyber security, including some activity by the Shuckworm APT gang aimed at Ukraine, as well as a seemingly increased focus by Chinese espionage actors on Russia since the invasion began. Finally, we also discuss some recent developments by the Evil Corp cyber crime gang, and what these might mean.

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O Gorman are joined by Symantec threat researcher Chris Kiefer to discuss our latest blog about the Bumblebee loader. We discuss this new malware’s place on the cyber crime landscape, its capabilities, and how it is being leveraged by ransomware actors. We also discuss the appearance of new versions of both Raccoon Stealer and LockBit, as well as an FBI warning about deepfakes being used in job interviews. The podcast will be taking a short break for the summer and we will be back with new episodes in September.

In this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss how Russian espionage actors are exploiting the Follina vulnerability, the release of the latest version of Metasploit, and a new phishing campaign that’s been underway on Facebook. We also discuss ransomware extensively, including what authorities were able to find when they took down the Netwalker ransomware gang, the increasing activity of the BlackCat ransomware, and some new research into the Hello XD ransomware. We also speculate about the impact turmoil on the cryptocurrency markets may have on the types of payment ransomware actors might demand.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the recently discovered Follina vulnerability in Microsoft Office, as well as some recent ransomware stories. One thing we talk about is the apparent break up of the Conti ransomware gang, with evidence pointing to the group folding itself into other ransomware gangs, including Hive, which carried out a recent attack on the health service in Costa Rica. The Clop and REvil names have also appeared in news reports in recent weeks, but are these ransomware gangs really back? And what are the signs of pre-ransomware activity that organizations need to look out for on their networks because they may indicate a ransomware attack in preparation?

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O Gorman discuss the recent in-depth whitepaper the Symantec Threat Hunter team produced about Chinese cyber-espionage activity, which details the most active groups operating out of that country at the moment, as well as the tactics, tools, and procedures they leverage, the custom malware they use, and who their victims tend to be. We also talk about recent warnings from U.S. authorities about North Korean nationals posing as citizens of other countries to gain employment, and threats from the Conti ransomware gang to “overthrow” the government of Costa Rica.

In the latest Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the recent research published by Symantec’s Threat Hunter Team, including our blog about the activity of North Korean APT group Stonefly, and our latest whitepaper on the topic of Commodity Malware. We also talk about some stories that were in the news over the last week or so, including the possible return of the REvil/Sodinokibi ransomware gang, a new loader called Bumblebee that might be a successor to BazarLoader, and a China-on-Russia intelligence-gathering attack.

On this week’s Cyber Security Brief, Brigid O Gorman is joined by Symantec threat researchers John-Paul Power and Alan Neville. In this week’s podcast we discuss some recent research published by Symantec detailing new activity in the Dream Job campaign carried out by the North Korean Lazarus APT group, as well as continuing attacks aimed at Ukraine carried out by the Russia-linked APT group Shuckworm. Also, we talk about a critical vulnerability in the Windows Remote Procedure Call Runtime (RPC) protocol, the shut down of two well-known dark marketplaces, and the emergence of a new marketplace offering stolen data for sale.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of the research published by Symantec’s Threat Hunter team over the past couple of weeks, including a new Cicada/APT10 espionage campaign targeting government organizations and NGOs in multiple countries worldwide. We discuss the new Verblecon malware, which is being deployed in sophisticated campaigns that appear to have the relatively low-reward goal of cryptocurrency mining as their main objective. We also talk about the Spring4Shell vulnerability that briefly caused a lot of consternation last week, and give an update about the latest information that has emerged about the cyber activity that has been seen targeting organizations in Ukraine.

In this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien talk about extortion hacking group Lapsus$, which has made headlines in recent weeks by claiming to have compromised numerous high-profile companies including Microsoft, Okta, and Nvidia. We tell you what we know so far about this controversial new actor. We also discuss the impact the Russian invasion of Ukraine has had in the world of cyber security, from Russia potentially running out of data storage facilities due to international cloud providers pulling out of the country, to warnings about attacks on critical infrastructure being issued by authorities in the U.S. and the UK. Finally, the BazarBackdoor malware is seen deploying some new tactics.

In this special edition of the podcast, Dick O’Brien is joined by Symantec threat researchers and analysts Piotr Krysiuk and Vikram Thakur to discuss the Symantec Threat Hunter team’s discovery of Daxin, which is the most advanced piece of malware we have seen from China-linked actors. We published a blog about the discovery of Daxin last week, as well as two in-depth technical blogs with more information on the tool this week. Piotr discusses his work analyzing the malware, and when he realized the significance of this discovery, while Vikram talks about liaising with customers impacted by the malware as well as working with the Cyber Security and Infrastructure Security Agency (CISA) to engage with multiple foreign governments targeted with Daxin to assist with detection and remediation.

In this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss some of the activity we saw in Ukraine prior to the escalation of the last couple of days. We also heavily cover ransomware in this podcast, including discussing a recent FBI alert about the BlackByte ransomware, and a possible decryptor for the Hive ransomware, as well as some research into how long ransomware gangs are remaining active for these days and the amount of money they are making. Finally, we also discuss how BEC scammers are leveraging virtual meeting platforms in their attacks.

In this week’s Cyber Security Brief podcast, Dick O’Brien and Alan Neville discuss how Chinese state-backed advanced persistent threat (APT) group Antlion targeted financial institutions in Taiwan in a persistent campaign over the course of at least 18 months. Also up for discussion is the recent arrest of a New York couple and the seizure of $3.6 billion in cryptocurrency allegedly linked to the 2016 Bitfinex hack, as well as continuing attacks carried out by the Russia-linked Shuckworm APT group against targets in Ukraine.

In this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O Gorman discuss the tumultuous situation in Ukraine, where cyber attacks, including destructive cyber attacks, have been aimed at government and private sector organizations. The WhisperGate attacks, as they have been dubbed, have been compared by many to the infamous 2017 NotPetya wiper attacks. Also up for discussion is recent law enforcement activity aimed at cyber criminals in Russia and elsewhere, and some ransomware news, including a Noberus ransomware attack, and the FBI officially linking the Diavol ransomware to the creators of Trickbot and Conti.

Welcome to the first Cyber Security Brief of 2022! In this week’s podcast, Dick O’Brien and Brigid O Gorman chat about some of the biggest news stories of the last couple of weeks. The topics up for discussion in this episode include: FIN7 BadUSB attacks return, an interesting new multi-platform backdoor, and the latest way attackers are attempting to abuse Google Docs. Also, a jump in the number of extortion DDoS attacks, how payments to suspicious cryptocurrency wallets have exploded in recent months, corruption of open source libraries as a form of protest, and how one APT group managed to infect itself with its own malware.

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec Threat Analyst Alan Neville to discuss the vulnerabilities in Apache Log4j that made lots of headlines this week. We also discuss two other blogs that Symantec published this week, including one looking at an attack campaign aimed at telecoms companies in the Middle East and Asia that appears likely to have originated from Iran-based attackers. Meanwhile, we also talk about a blog we published covering details about a new Rust-based malware we have dubbed Noberus (ALPHV/BlackCat). This is our last Cyber Security Brief podcast of 2021, we will be back on January 13.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the latest Symantec blog, some updated research about the Yanluowang ransomware gang, with fresh activity appearing to show that this ransomware isn’t a flash-in-the-pan. We also discuss how quickly exposed cloud services are compromised by malicious actors, how off-putting strong passwords are for attackers employing brute-forcing techniques, and apparent attempts by Russian hackers to collaborate with Chinese-speaking actors. Also, the Conti gang’s possible role in the return of Emotet, and North Korean actors continue to target security researchers with fake job offers.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some recent attack campaigns aimed at critical infrastructure organizations in several countries around the world, the possible return of the Emotet botnet, and some law enforcement activity that has led to the arrest of people involved with both the REvil and Gandcrab ransomware. We also discuss some new techniques being used by the BazarLoader gang, and an FBI system being compromised and used to send out fake information security alerts.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some of our recent blogs, including at least one BlackMatter ransomware affiliate using a new data exfiltration tool in attacks, and also the breaking news that the BlackMatter ransomware operation is apparently winding down. We also discuss another recent blog we published about banking Trojan activity in Latin America, while recent law enforcement activity cracking down on ransomware criminals is also up for discussion. Elsewhere, we also talk about SquirrelWaffle, a reasonably new malware that is used as a loader and has been mentioned as a potential successor to the notorious Emotet for the delivery of threats.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss several new blogs that the Symantec Threat Hunter Team has published recently. Firstly, we uncovered a new ransomware threat that we dubbed Yanluowang, which appears to be deployed in a targeted fashion and is certainly a new threat as various indications point towards it still being in development. We also published two blogs detailing two separate campaigns targeting organizations in Asia. The Harvester group is a previously unknown, likely nation-state backed group targeting victims in South Asia, while elsewhere a new espionage campaign is targeting the defense, healthcare, and ICT sectors in South East Asia. Meanwhile, we also discuss new activity from a targeted attack group dubbed LightBasin, and the return of the Lyceum group.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss how the UK and the U.S. are planning to increase their efforts to tackle cyber crime, ransomware being blamed in court for the death of a baby, and the arrests of some ransomware criminals in Ukraine. Also, the Conti ransomware gang makes some threats, evidence of the Pegasus spyware allegedly found on the phones of French cabinet ministers, and an interesting targeted phishing campaign.

We are back for Season 4 after our summer break, and on this week’s Cyber Security Brief podcast Dick O’Brien and Brigid O Gorman spend a lot of time discussing the subject that also dominated the last season of the podcast - ransomware. We discuss some of the ransomware stories we missed while we were off air, as well as a ransomware whitepaper we recently worked on and made available to our customers. Apart from ransomware, we also discuss Mēris - a huge botnet that emerged over the summer and has aimed massive DDoS attacks at various organizations around the world.

On this week’s Cyber Security Brief, we discuss some recent ransomware stories, as well as giving a sneak peek into some research we have been doing into ransomware. We also talk about recent announcements from U.S. authorities that attributed some recent cyber attacks, including the Microsoft Exchange Server campaign, to Chinese actors, and we also discuss the rising cost of data breaches. This is the last podcast of season 3, we will be taking a short break and will return with new episodes in September.

On this week’s Cyber Security Brief, Gavin O’Gorman joins us to discuss the Kaseya ransomware supply chain attack that occurred over the July 4 holiday weekend in the U.S. The REvil/Sodinokibi ransomware gang were behind this attack, and Gavin and Dick O’Brien discuss whether this is a sign that we now need to be aware of ransomware actors targeting victims through supply chain attacks, which would more traditionally be associated with state-sponsored hackers, as well as some of the other interesting aspects of this attack. Meanwhile, Brigid O Gorman discusses the latest news of a new vulnerability in SolarWinds software being exploited by a Chinese hacking group, energy companies being targeted in a year-long espionage campaign, and the rising cost of cyber insurance.

On this week’s Cyber Security Brief podcast, Dick O’Brien fills us in on the latest research we have published on our blog about how a growing number of ransomware attackers are using virtual machines in their attacks. We also discuss a few other ransomware-related stories, including REvil introducing a new Linux version of its ransomware, a Babuk ransomware builder being leaked online, and a couple of stories showing the amount of money that can be involved in ransomware operations. Elsewhere, the FBI recently released a report stating that over-60s lost around $1 billion through online fraud in 2020, the U.S. Secret Service released a cyber crime Most Wanted list, a FIN7 gang member was jailed, and the EU launched a new cyber security unit.

In this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O Gorman discuss some of the biggest cyber security stories of the last two weeks. Ransomware has once again dominated the news headlines, with news about huge ransom payments and ransom recovery operations being reported. Meanwhile, cyber security comes to the fore in the political sphere following pronouncements from the G7 and NATO summits. Elsewhere, attackers leveraged Slack to attack one of the world’s biggest gaming companies, one of the largest online marketplaces for stolen credentials in the world was taken down by authorities, and how law enforcement used a backdoored chat app to spy on criminals, leading to hundreds of arrests.

On this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O’Gorman are joined by Symantec threat researcher Gavin O’Gorman to discuss the Conti ransomware attack on Ireland’s national health service, how the response to this attack is going, and what the likely consequences of it may be. Elsewhere, another ransomware attack, this time on the world’s largest meat producer, JBS Foods, and Sweden’s Public Health Agency is also hit with some hack attempts. Meanwhile, the alleged leader of an ATM fraud gang responsible for stealing more than $1 billion from tourists, is arrested in Mexico.

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman discuss the implications of the Colonial Pipeline ransomware attack and the activities of the group behind it, Darkside. We also talk about what appears to be a reasonably new ransomware - Avaddon - that has been used in a string of attacks recently, while we also discuss an idea Brian Krebs wrote about that could potentially help deter ransomware actors from infecting your network. Away from the world of ransomware we talk about Lemon Duck and something of a resurgence in crypto mining, while we also discuss what CISOs are most worried about in 2021.

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss some research we have recently been working on at Symantec. First, we discuss a blog we published this week, which looks at multi-factor authentication and how it has become a headache for malicious actors, leading them to adopt new attack techniques in an attempt to bypass or avoid it completely. We also discuss a report that we shared with customers recently looking at living off the land attack techniques and the activity and trends in that area, as well as some steps you can take to try and protect your network from this kind of activity.

On this week’s Cyber Security Brief, Alan Neville joins Brigid O Gorman and Dick O’Brien to discuss the recent discovery of a zero-day vulnerability in popular VPN product Pulse Secure. We also discuss some recent developments in the SolarWinds and Microsoft Exchange Server stories. Finally, we discuss a recent potential data breach at software testing company Codecov, and look at why UK authorities are warning government employees about potential approaches from foreign spies on social media.

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the big Facebook data leak that has made headlines around the world this week, as well as a cyber attack aimed at European Union institutions, and a cyber incident impacting Australia’s parliament. We also discuss warnings from authorities in the U.S. about attackers attempting to exploit vulnerabilities in Fortinet FortiOS, while authorities in the UK have issued warnings about an increased risk of ransomware attacks targeting the education sector. Meanwhile, some cyber criminals have started using call centers to distribute malware, with the tactic reportedly proving quite successful for several cyber crime groups.

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss how ransomware attackers are now attempting to leverage the vulnerabilities in Microsoft Exchange Server. We also talk about an interesting interview given by one of the ReEvil ransomware gang to Recorded Future, evidence that ransomware payments increased over the last year, and the users of WeLeakInfo falling victim to their own data breach. Also, we warn U.S. taxpayers to be on the lookout for phishing campaigns at this time of year, and the hacker who made headlines a few weeks ago for hacking security cameras used in Tesla offices and elsewhere is indicted on numerous hacking charges in the U.S.

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Alan Neville to discuss the biggest cyber security story of the last couple of weeks - the vulnerabilities in Microsoft Exchange Server. Alan gives a comprehensive overview of the vulnerabilities, what’s happened since they became public knowledge last week, and the steps you can take to keep your organization’s network safe. He also talks about some of the post-compromise activity that Symantec has seen. We also chat about some other topics: new research into the SolarWinds hack, and the arrest of an alleged GandCrab ransomware gang member.

On this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O’Gorman discuss some of the biggest cyber security stories of the last few weeks. Among the stories up for discussion are the bugs in Accellion’s 20-year-old FTA product, which led to multiple companies worldwide reporting breaches related to it. We also talk about the reports saying the Sandworm group has been carrying out a long-running spying campaign against multiple French IT services providers by compromising an open-source IT monitoring tool called Centreon, and a Chinese APT group reportedly cloning an Equation group tool. Some interesting law enforcement activity in recent weeks is also up for discussion.

On this week’s Cyber Security Brief podcast, Dick O’Brien and Brigid O’Gorman round up some of the biggest cyber security stories of the last two weeks. We bring you the latest developments in the SolarWinds hack investigation, and chat about the significance of the disruption to the Emotet botnet. We also discuss some other recent takedowns and arrests, as well as some of the biggest ransomware stories of the last couple of weeks. We also talk about the recently reported cyber attack on a water treatment plant in the Florida town of Oldsmar - was this just a one-off incident or do industrial control systems like water plants need to be on high alert?

Old threats and new feature in this week’s Cyber Security Brief podcast. Dick O’Brien and Gavin O’Gorman discuss the latest developments in the Solarwinds hack investigation, including how Symantec investigators found Raindrop, an additional piece of malware used in the SolarWinds attacks against a select number of victims that were of interest to the attackers. We published a blog about Raindrop last week, and Dick and Gavin discuss how this new malware was discovered. Also, romance scams and DDoS attacks make a comeback.

On this week’s Cyber Security Brief, the first of 2021, Dick O’Brien brings us a comprehensive update about some of the developments in the Solarwinds hack story, with a lot having happened since our last podcast. We also discuss some recent ransomware attacks, and how the healthcare sector is having a hard time with cyber attacks at the moment.

In this week’s Cyber Security Brief, the last one of 2020, find out all you need to know about the biggest news story of the week - the Sunburst supply chain attack targeting customers of software company SolarWinds. This is one of the biggest cyber security stories of the year, with thousands of organizations affected. Dick O’Brien and Symantec threat analyst Gavin O’Gorman give a comprehensive rundown of everything we know about this attack so far. Also, Twitter is handed a big fine by the Irish data regulator, and bug reports jump in 2020.

On this week’s Cyber Security Brief podcast, we discuss what card skimmers are up to during the busiest shopping time of the year, while also bringing some good news about how EU authorities prevented almost $50 million in card fraud this year. Also on the agenda, are botnets abandoning banking Trojans in favour of ransomware? It looks like they might be. We also take a look at some COVID-19 related cyber security stories that are making the headlines, as well as the reemergence of the Gootkit infostealer. Also, Dick O’Brien brings us his predictions for what to expect on the cyber security landscape in 2021 - including predictions around ransomware, the impact of work from home, and increased cooperation between cyber crime gangs.

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman talk about some of the biggest cyber security stories of the last couple of weeks. There are multiple stories about APT groups to cover this week, including our own Threat Intel blog detailing a wide-ranging attack campaign that targeted Japan-linked companies in multiple sectors in 17 regions worldwide. We also discuss other public reports about a Chinese APT targeting governments in South East Asia, and nation-state backed attacks from Russia and North Korea targeting COVID-19 vaccine makers and researchers. We also discuss a separate campaign in which Lazarus is targeting victims in South Korea, and examine some developments in the world of ransomware.

In this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman talk about some of the biggest cyber security stories of the last couple of weeks. Of course, this week’s U.S. Presidential Election gets a mention, while we also discuss the recently announced ‘retirement’ of the Maze ransomware gang, as well as a threat alert issued last week by authorities in the U.S. about Trickbot and the Ryuk ransomware. Elsewhere, a Russian man was jailed this week for his involvement with a financial botnet, and the UK’s Information Commissioner’s Office handed down a US$23.8 million fine to the Marriott Hotels group.

On this week’s Cyber Security Brief, Dick O’Brien and Brigid O’Gorman are joined by Symantec threat researchers Vikram Thakur and Alan Neville. Vikram discusses Symantec’s role in the cross-industry initiative to disrupt the Trickbot botnet. Symantec was part of a global partnership that secured a court order directing hosting providers to take down Trickbot’s infrastructure. Trickbot had spread prolifically across the internet for years and became one of the most commonly blocked types of malware, suggesting it was one of the world’s largest botnets. Alan is on the podcast to discuss some newly-published Symantec research into Seedworm, as the Iran-linked group continues to target organizations in the Middle East, while we also chat about some of the indictments that have recently been announced against various nation-state backed actors around the world.

We are back! Welcome to Season 3 of the Cyber Security Brief podcast, recording now from home. We will be with you every fortnight going forward and we are delighted to be back to tell you all about what is happening in the world of cyber security. In this episode, Dick O’Brien and Brigid O’Gorman discuss some of the projects they have been working on while the podcast was off air - threats against the financial sector, North Korean threat actors’ activity, the WastedLocker ransomware, and an attack linked to the Palmerworm APT group are all covered.

In this week's Cyber Security Brief podcast, Brigid O'Gorman and Dick O'Brien discuss some of the biggest infosec news stories of the last week, including, new vulnerabilities in Intel chips, and the Microsoft SMB protocol, as well as the Rowhammer vulnerability being back in the headlines. As well as this, there is an intricate phishing scam targeting Russian speakers that uses a chatbot to help you hand over your information, a mysterious Vietnam-based group is releasing Trojanized hacking tools to try and hack other hackers, the chief suspect thought to be behind the Deer[.]io online marketplace is arrested, and BEC scammers make the headlines once again.

On this week’s Cyber Security Brief, we bring you a round-up of some of the biggest cyber security stories of the last 7 days. Among the topics up for discussion are the latest innovations of ransomware criminals, a data breach at a controversial facial recognition company, and an investigation by Brian Krebs into a series of cyber attacks on companies in France that led to an interesting conclusion. Also this week, a survey reveals that many government employees feel ill-prepared to cope with a cyber attack, and a judge on Shark Tank falls victim to BEC scammers.

Candid Wueest and Dick O’Brien join the Cyber Security Brief from the RSA Conference in San Francisco this week. Both Candid and Dick were presenting at RSA this week – Dick on the topic of targeted ransomware, and Candid on the subject of formjacking. They fill us in on how their presentations went, the other interesting sessions they attended, what the big themes of the conference are this year, and their overall impressions of RSAC 2020.

This week’s Cyber Security Brief is part of our regular Attack Group of the Month series, though this time around it’s more like Tool of the Month, as we take a closer look at Pegasus. Pegasus is a mobile spyware that is owned and sold by Israeli company the NSO Group, which says it is a legitimate tool that it sells exclusively to law enforcement and government agencies. However, there have been many cases where Pegasus appears to have been misused and has been found on the phones of journalists, activists and government critics in some countries. Symantec engineer Alexey Kleymenov has examined Pegasus extensively, and joins Dick O’Brien to discuss the malware and its technical abilities and sophistication.