Podcasts about alphv

  • 49PODCASTS
  • 92EPISODES
  • 35mAVG DURATION
  • 1EPISODE EVERY OTHER WEEK
  • Jun 25, 2024LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about alphv

Latest podcast episodes about alphv

Storm⚡️Watch by GreyNoise Intelligence
Change Healthcare Fallout Continues: Massive Healthcare Data Breach Impacts Millions

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Jun 25, 2024 62:42


Forecast = Expect continued turbulence in the healthcare sector with a high chance of regulatory scrutiny and potential for scattered patient data leaks. ‍ On this episode of the Storm⚡️Watch we re-visits the Change Healthcare cyberattack which continues to have major impacts across the U.S. healthcare system. The attack, discovered in February 2024, was carried out by the ALPHV/BlackCat ransomware group and has disrupted healthcare operations nationwide. The breach potentially compromised sensitive data for up to one-third of the U.S. population, including personal information, health records, and financial data. Change Healthcare and UnitedHealth Group have faced criticism for their handling of the incident, including a delayed public disclosure. The attack has highlighted vulnerabilities in centralized healthcare data systems and the need for stronger cybersecurity measures industry-wide. In the Tool Time segment, the hosts will discuss OpenSSF Siren, a new resource to help keep open source projects safe. We close out the episode covering recent cybersecurity trends and active campaigns in the Tag Roundup section, as well as provide an update on known exploited vulnerabilities (KEVs) that organizations should be aware of. Storm Watch Homepage >> Learn more about GreyNoise >>  

Herrasmieshakkerit
Rahapelimies, vieraana Janne Raevaara | 0x32

Herrasmieshakkerit

Play Episode Listen Later Jun 20, 2024 55:09


Kutsuimme kartanolle vieraaksi Rahapeliasiantuntija Janne Raevaaran, sillä hän jos kuka tietää rahapelien tekemisestä ja huijaamisesta kaiken tietämisen arvoisen. Jaksossa keskustelemme miten reaalimaailman pelit ja eroavat toisistaan? Sekä siitä mitkä ovat pelien tyypilliset haavoittuvuudet ja kuinka yleisiä hyökkäykset ovat? Janne paljastaa myös mikä on hienoin huijaus minkä hän on nähnyt.   Äänijulkaisun lähdeluettelo: Ravintola Kaskis https://kaskis.fi/ Hack-a-Sat - capture the flag -kilpailu / DEF CON https://hackasat.com/ mHackeroni-ryhmä https://mhackeroni.it/ WarGames -elokuva https://en.wikipedia.org/wiki/WarGames Helsingin kaupungin tietomurto https://www.hel.fi/fi/paatoksenteko-ja-hallinto/tietomurto Vapaaehtoinen luottokielto (Positiivinen luottorekisteri) https://asiointi.positiivinenluottotietorekisteri.fi/voluntary-ban-on-credit Kyberturvallisuuskeskuksen ohjeet tietovuodon uhrille https://www.kyberturvallisuuskeskus.fi/fi/ajankohtaista/neuvoja-identiteettivarkauden-tai-tietovuodon-uhrille UnitedHealth, ALPHV ja Ransomhub https://techcrunch.com/2024/04/22/unitedhealth-change-healthcare-hackers-substantial-proportion-americans/ Vastaamo-tapauksen tuomio https://oikeus.fi/material/sites/oikeus_karajaoikeudet_lansi-uudenmaankarajaoikeus/dokumentit/06jshgh77/Tuomio_R23-3965.pdf Kasinoiden tahattomat bugipalkkiot - Skrolli 2023.3 https://skrolli.fi/numerot/2023-3/ Huom. Skrolli 2023.3. julkaistaan ilmaisena PDF-versiona vuoden 2024 aikana Dumb Money -elokuva https://www.imdb.com/title/tt13957560/ Jimmy Carr: The Easiest Way To Live A Happier Life | E106 https://www.youtube.com/watch?v=roROKlZhZyo Martti J. Kari — Käsikirjoitukset eivät pala https://docendo.fi/sivu/tuote/martti-j-kari/4945501

Reports
IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment

Reports

Play Episode Listen Later Jun 10, 2024 7:24


Report: https://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment/⁠ Contact Us: ⁠⁠⁠⁠https://thedfirreport.com/contact/⁠⁠⁠⁠ Services: ⁠⁠⁠⁠https://thedfirreport.com/services/⁠⁠⁠

TechStuff
The Largest Data Breaches in US History: Part II

TechStuff

Play Episode Listen Later Jun 5, 2024 48:53 Transcription Available


We've got more data breaches and leaks to talk about. From an attack that targeted Microsoft corporate customers to one affecting three billion accounts, we look at how hackers and poor data security practices put people and their information at risk.See omnystudio.com/listener for privacy information.

The Daily Decrypt - Cyber News and Discussions
CyberSecurity News: Expensive AWS S3 Bucket, No MFA for Change Healthcare, Wpeeper Android Malware uses WordPress

The Daily Decrypt - Cyber News and Discussions

Play Episode Listen Later May 2, 2024


In today's episode, we discuss how a developer nearly faced a $1,300 bill due to a poorly named AWS S3 storage bucket, attracting unauthorized access (https://arstechnica.com/information-technology/2024/04/aws-s3-storage-bucket-with-unlucky-name-nearly-cost-developer-1300/). We also delve into the repercussions faced by Change Healthcare after a ransomware attack due to compromised credentials and lack of MFA (https://www.cybersecuritydive.com/news/change-healthcare-compromised-credentials-no-mfa/714792/). Lastly, we explore a new Android malware named Wpeeper that utilizes compromised WordPress sites to conceal C2 servers, posing a threat to unsuspecting users (https://thehackernews.com/2024/05/android-malware-wpeeper-uses.html). 00:00 Intro 00:55 Change Health Care 04:10 The High Cost of a Naming Mistake: A Developer's AWS Nightmare 07:54 Emerging Threats: The Rise of WPeeper Malware AWS, S3, Storage Bucket, Unauthorized Access,Change Healthcare, AlphV, ransomware, cybersecurity,Wpeeper, malware, WordPress, command-and-control Search phrases: 1. Ransomware group AlphV 2. Change Healthcare 3. Compromised credentials 4. Multifactor authentication 5. Ransomware consequences Change Healthcare 6. Cybersecurity breach consequences 7. Security measures for cybersecurity breach prevention 8. Wpeeper malware 9. Android device security protection 10. Compromised WordPress sites protection Change Healthcare's CEO just testified in front of the House Subcommittee that the service they used to deploy remote desktop services did not require multi factor authentication. Which led to one of the most impactful ransomware attacks in recent history. In other news, a very unlucky developer in his personal time accidentally incurred over 1, 300 worth of charges on his AWS account overnight. What was this developer doing and how did it lead to such high charges in such a short amount of time? Wpeeper Malware is utilizing compromised WordPress sites to hide its C2 servers, posing a significant threat to Android devices, with the potential to escalate further if undetected. How can users protect their Android devices from falling victim to this malware? You're listening to The Daily Decrypt. The CEO of Change Healthcare, which is a subsidiary of UnitedHealthcare that was breached, it's been all over the news, it's all over the news. Revealed in written testimony that Change Healthcare was compromised by Ransomware Group. accessing their systems with stolen credentials. Which we all knew, but the ransomware group used these compromised credentials to remotely access a Citrix portal, which is an application used to enable remote access to desktops. And this portal did not require multi factor authentication. I don't know much about Change Healthcare's inner infrastructure, but any portal that allows remote access to other desktops should be locked down pretty hard. And the fact that just a simple username and password can grant access can grant all of these different desktops is pretty terrible. And means that this attack could have likely been avoided had they enabled multi factor authentication. So if you're brand new to cybersecurity and you're listening to this podcast for the first time, you need to know that there are a few very easy things you can do to improve your posture online. Don't reuse passwords. Step one, one of the easiest way to do that is to use a password manager and have them generate your passwords for you. Number two, enable multi factor authentication that way, if someone does come into your username and password combination, they still have to get through some sort of device based authentication, like a ping on your cell phone or something like that, to allow them to log into your account. Now, in the case of United and Change Healthcare, one thing that they also could have done To help mitigate their negligence in not enabling multi factor authentication would be to have frequent dark web scams for any password in the system or any username in the system. And this can all be automated. If a password that is being used to access any system in your network is found on the dark web, immediately revoke that password and require that user to create a new one. But, that is slightly more complicated than just requiring multi factor authentication. So, probably start there. But, the attackers who carried out this ransomware were able to use credentials they found on the dark web to infiltrate the networks, gain access to remote desktops, and launch their ransomware within 9 days of their entry. So, that's pretty fast. A few years ago, that would have taken dozens of days, if not hundreds of days. The dwell time for attackers was pretty high back then. But now, single digits. That doesn't leave much time for defenders to find this type of attack. But the CEO acknowledged this negligence and shared his deep condolences for all of the patrons of Change Healthcare. The pharmacists, the doctors, a lot of work had to be put on hold For And it's very possible that people died as a result of this breach, having to be transferred to different hospitals, etc. This is a pretty tragic thing, so if you're in the healthcare industry, if you're in a position of power, make sure that all your internal systems, and especially external, but definitely internal as well, have multi factor authentication enabled. And if you want to go the extra mile, create some sort of automatic tool that probably exists online for free, that will check the dark web on a recurring basis for any passwords in your system. A cloud developer was setting up a proof of concept for a client. And it involved creating an empty storage bucket in AWS. The project was a document indexing system. And so this developer uploaded a couple of documents and then began working in other areas of the project. Then after two days of work, went back and checked the billing costs and found 1, 300 worth of charges. Now, if you're not familiar with AWS and their pricing, S3 storage buckets are really cheap. The daily decrypt is actually hosted in the S3 storage bucket and I pay less than 10 a month for all hosting. And I'm uploading audio, which is a lot larger than documents. Okay. So this bucket should have cost less than 5 a month, but after two days, There were 1300 in charges, so I really appreciate the developer sharing this story because it's an interesting case study. What happened? Well, the developer accidentally named the bucket the same thing that an open source software uses as a placeholder in their code. So what does that mean? Some other company, let's say it's Home Depot, alright? That came up in a previous reel. Home Depot has some software that backs up their files to Amazon S3 buckets on a recurring basis. Home Depot also has a non production version of that code that has placeholders for those S3 bucket names, such as placeholder bucket 1231 or something like that, so that when it comes time to upload their files, they replace that placeholder with the actual name of their bucket. but That sample code is running, and it's not doing anything because it's attempting to backup their files to a bucket that doesn't exist. Well, this developer lucked out and created an S3 bucket with that exact name of that placeholder, and this script now all of a sudden is trying to send all of Home Depot's backup files to this bucket And news to me, but AWS charges a fee, it's like 005 cents per request. And an automated system can generate thousands of requests. Per second, like it can go very fast. So just in two days, that 0. 0005 cents per request turned into 1, 300. Now these are unexpected charges. Amazon agrees he shouldn't have to pay for this, but it just goes to show how careful you have to be when naming your S3 buckets, especially if they're going to allow for public users to place files in them. But another really important aspect of this story that I find fascinating is that the developer, once he realized what was happening, decided to open up his bucket and allow for files to be placed there. And within 30 seconds, there were over 10 gigabytes of files placed in this bucket. And these files belonged to another company. One that's pretty reputable, so probably on the same lines of Home Depot. Now this developer won't disclose that because these files are currently being backed up and there's a huge risk for data leak, but this developer now has the source code for all kinds of files that belong to a pretty big company. So as a developer, make sure you name your AWS buckets, something pretty unique and maybe even add in a little suffix of random characters after anything you name. And as developers for companies, make sure you're not having automated scripts upload to bucket names that don't exist because Maybe someday they will exist and all those files will go to that bucket. The developer did reach out to the company that was affected by this and has received no response. But we're all hoping that the company responds and fixes their practice and hopefully shells out some money to this developer because that's a pretty big bug and they deserve compensation. And finally, cybersecurity researchers have identified a new Android malware named WPeeper that utilizes compromised WordPress sites to hide its command and control servers. And if you've been listening to this podcast for a while or keeping up to date on cybersecurity news, you'll know that there's a lot of opportunity within the WordPress framework to compromise WordPress sites. And it would be a great place to host a command and control server. WPPer is a binary that employs the HTTPS protocol for secure C2 communications and functions as a backdoor. The malware disguises itself within a repackaged version of the Up to down app store for Android aiming to evade detection and deceive users into installing the malicious payload. WPaper utilizes a complex C2 architecture that involves using infected WordPress sites as intermediaries to obfuscate its actual C2 servers with as many as 45 C2 servers identified in the infrastructure. The malware's capabilities involve collecting device information, updating C2 servers, downloading additional payloads, and self deleting. And to safeguard against similar malware attacks, users are advised to download apps only from reputable sources, carefully review app permissions, and just Be careful what you click on. Stay vigilant out there against suspicious activities that may be taking place on your phone. You might notice a performance lag. You might notice weird browsers opening up. And if you do, you might just want to restart your device, reset it. And if you do get curious and install a scanning tool, antivirus, anti malware, et cetera, make sure you do it from a reputable source. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.

Die IT-Woche
Die neuen und alten Ransomware-Banden

Die IT-Woche

Play Episode Listen Later Apr 19, 2024 17:20


Die eigentlich vom Netz genommene Ransomware-Bande Lockbit ist so aktiv wie zuvor. Dasselbe gilt für die Kriminellen von Alphv. Zusätzlich verschärft wird die Situation, weil neue, kleinere Banden aktiv werden und alle überdies Affiliates beschäftigen (und abzocken).

Talion Threat Set Radio
Threat Bulletin #262

Talion Threat Set Radio

Play Episode Listen Later Apr 12, 2024 7:00


Warnings issued regarding 10/10 CVSS score Rust vulnerability.Researchers speculate LLM wrote Powershell for malware strain.Change Healthcare hit by ransom demand again following AlphV exit scam.

Smashing Security
WhatsApp at Westminster, unhealthy AI, and Drew Barrymore

Smashing Security

Play Episode Listen Later Apr 10, 2024 52:27


MPs aren't just getting excited about an upcoming election, but also the fruity WhatsApp messages they're receiving, can we trust AI with our health, and who on earth is pretending to be a producer for the Drew Barrymore TV show?All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by John Hawes.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Naked photos sent in WhatsApp ‘phishing' attacks on UK MPs and staff - Politico.How I was targeted in the Westminster honeytrap - BBC News.The Westminster honeytrap plotter tried to catch me too - The Times.How Westminster WhatsApp ‘honey trapper' targeted party conference season - Politico.William Wragg quits Commons roles over Westminster honeytrap - BBC News.A new prescription - The Economist.Change Healthcare faces second ransomware dilemma weeks after ALPHV attack - The Register.‘The Drew Barrymore Show' Targeted by Fraudsters in Celebrity Scamming Effort - Yahoo! News.‘Drew Barrymore Show' Targeted in Hacking, ID Fraud Scam by Imposter Who Posed as Producer and More - Variety.Guy Fieri Calls Drew Barrymore “Gangster” For Talking With Her “Mouth Full Of Food” On ‘The Drew Barrymore Show' - Decider. Beware The Fake Drew Barrymore Le Creuset Cookware Giveaway Scam - Malware Tips.Carmen - Royal Opera House.Mandy - BBC iPlayer.Anita de Monte Laughs Last - Bloomsbury.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)Sponsored by:Kiteworks – Step

Cyber Talks
Decoding AlphV/BlackCat's Ransomware Operations with Joe Stewart and Keegan Keplinger

Cyber Talks

Play Episode Listen Later Mar 25, 2024 35:26


The AlphV/BlackCat ransomware-as-a-service gang has been in the news lately thanks to the recent ransomware attack on Change Healthcare that resulted in widespread disruptions to healthcare services and allegedly resulted in the organization paying a $22 million ransom. Shortly thereafter, an affiliate claimed that BlackCat cheated them out of their share of the $22 million dollar ransom. So, what's going on? In this episode, Spence Hutchinson speaks with Joe Stewart, Principal Threat Researcher at eSentire, and Keegan Keplinger, Sr. Threat Intelligence Researcher at eSentire, all about AlphV/BlackCat's ransomware operations. Key topics discussed include: Who AlphV/BlackCat ransomware operators are and how they use malvertising to gain initial access The ransomware attack on Change Healthcare The validity of BlackCat claiming that the FBI has seized their Dark Web site and released a decryption tool Signs that a ransomware-as-a-service group is rebranding or preparing an exit scam --- Have a question for us? Reach out: hello@esentire.com --- About Cyber Talks From ransomware attacks to supply chain compromises, eSentire's Cyber Talks podcast will delve into the world of the latest cyber threats that are impacting businesses globally. Join our team of security experts as we speak with C-level executives and security practitioners about the cyber risks affecting their business and how they're addressing these challenges. About eSentire eSentire, Inc., the Authority in Managed Detection and Response (MDR), protects the critical data and applications of 2000+ organizations in 80+ countries, across 35 industries from known and unknown cyber threats by providing Exposure Management, Managed Detection and Response and Incident Response services designed to build an organization's cyber resilience & prevent business disruption. Founded in 2001, eSentire protects the world's most targeted organizations with 65% of its global base recognized as critical infrastructure, vital to economic health and stability. By combining open XDR platform technology, 24/7 threat hunting, and proven security operations leadership, eSentire's award-winning MDR services and team of experts help organizations anticipate, withstand and recover from cyberattacks. For more information, visit ⁠⁠⁠⁠⁠⁠www.esentire.com⁠⁠⁠⁠⁠⁠ and follow ⁠⁠⁠⁠⁠⁠@eSentire⁠⁠⁠⁠⁠⁠.

PEBCAK Podcast: Information Security News by Some All Around Good People
Episode 151 - ALPHV Ransomware Gang's $22 Million Exit Scam, Arrests in $400m FTX Heist, Typosquating as a Service, Things That Have Gotten Too Expensive

PEBCAK Podcast: Information Security News by Some All Around Good People

Play Episode Listen Later Mar 11, 2024 54:21


Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”   Submit the Stigma non-profit: https://www.submitthestigma.org/ Steven's book: https://a.co/d/8nHiswO   ALPHV exit scams after Change Healthcare hack https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-1st-2024-healthcare-under-siege/ https://arstechnica.com/security/2024/03/alphv-ransomware-site-claims-it-was-seized-by-fbi-researchers-suspect-22m-scam/   Arrests in $400 million FTX heist https://krebsonsecurity.com/2024/02/arrests-in-400m-sim-swap-tied-to-heist-at-ftx/   Typosquatting as a Service https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/   Things that have gotten too expensive https://nypost.com/2024/03/07/us-news/out-of-control-five-guys-prices-ignites-social-media-furor-after-24-receipt-for-just-burger-fries-small-drink-goes-viral/ https://nypost.com/2023/07/19/mcdonalds-branch-slammed-for-charging-18-for-a-big-mac-meal/ https://nypost.com/2024/02/28/business/panera-bread-exempt-from-california-wage-law-after-newsom-donation/   Dad Joke of the Week (DJOW)   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Steven - https://www.linkedin.com/in/stevenzhajny/

One Sentence News
One Sentence News / March 8, 2024

One Sentence News

Play Episode Listen Later Mar 8, 2024 4:56


Three news stories summarized & contextualized by analytic journalist Colin Wright.Hackers that hit UnitedHealth pull disappearing actSummary: The Blackcat hacking gang, also known as ALPHV, has reportedly disappeared, replacing their online presence with statements that, also reportedly, incorrectly suggest they were taken down by law enforcement.Context: This is what's known in the cybercrime industry as an “exit scam,” where a hacking group or crypto-asset company runs away with the loot and leaves their collaborators or customers in the lurch, usually pretending, as justification for their disappearance, that law enforcement entities have captured them, which makes it less likely those with information about them will share said information; in this case, the Blackcat gang hacked the technology unit of UnitedHealth Group, causing all sorts of disruptions to the US healthcare system for weeks, and the heat from that attack might be why they decided to shut down, though in most cases the gangs that disappear in this way reappear before long using a different name; UnitedHealth reportedly paid about $22 million in ransom to the hackers in order to get their systems back online, though the company hasn't confirmed this, publicly.—ReutersOne Sentence News is a reader-supported publication. To support my work, consider becoming a free or paid subscriber.The EU's new competition rules are going liveSummary: Wednesday was the deadline for some of the tech world's biggest companies to comply with the European Union's Digital Markets Act, or DMA, which has riled the industry and is resulting in a flurry of changes across online services within the bloc and around the world.Context: The DMA is meant to force these companies to behave in fair and open ways, and is especially focused on preventing monopolization of what have become fundamental aspects of the global economy; companies that have been designated “gatekeepers” by the European Commission, defined as tech companies operating in at least three EU states, pulling in at least 7.5 billion euros each year, boasting an average market cap of around 75 billion euros, operating a platform with at least 45 million monthly active users, and serving more than 10,000 active EU business customers, must thus adjust their offerings to these new guidelines or be fined up to 10% of their global revenue, and up to 20% of that revenue for infractions after the first; these rules apply to Microsoft, Meta, Apple, Alphabet, ByteDance, and Amazon, and these companies have made announcements in recent months as to how they plan to change the way they do things to fulfill their new, DMA-delineated responsibilities within the bloc—including things like Apple allowing third-party app stores in the EU and Microsoft changing how they promote their own products within their Windows operating system—which could lead to similar enforcement in other countries in the coming years, if these rules prove successful according to the competition- and consumer-oriented metrics outlined by the EU Commission.—The VergeNovo Nordisk says Ozempic drug cuts risk of kidney problemsSummary: The diabetes medication that has in recent years been repurposed to help obese people lose weight, Ozempic, has been shown in a new clinical trial to reduce the risk of kidney disease-related problems in patients by 24%.Context: This trial was conducted by the company behind Ozempic, Novo Nordisk, so it's a good idea to take this finding with a grain of salt, but this is of a kind with other recent findings that suggest this and other drugs in the same general category seem to have a slew of uses beyond their original intended purpose, and that's led to a revolution in the weight loss industry, but also, potentially, in a bunch of adjacent fields, like those related to addiction; these drugs are considered to be pretty safe for humans because they've been prescribed for treating diabetes for so long, and thus we have a backlog of data showing how patients respond to them over time, and pharmaceutical companies around the world have been looking at their existing portfolio of drugs, hoping to find other products that might be repurposed in this same way, as doing so could save them a lot of development costs, while also potentially providing them with a new blockbuster drug offering.—The Wall Street JournalLike Biden, Trump did very well at Tuesday's “Super Tuesday” ballots, but in contrast to his consistent over-performance of polls in 2016, he seems to have under-performed 2024 polls in these primary contests, raising questions (amongst some analysts) as to whether his (glowing) numbers might be a bit inflated.—Financial Times$69,191.95Market value of a Bitcoin on Tuesday, surpassing the crypto-asset's previous high price of around $69,000 (which was tallied back in November 2021).Bitcoin (and other cryptocurrencies and assets, like NFTs) have been on the rise, recently, possibly because of the recent approval of a double-handful of ETFs in the US that allow financial entities to buy Bitcoin and then sell shares of that asset portfolio.—BloombergTrust Click Get full access to One Sentence News at onesentencenews.substack.com/subscribe

Security Squawk
Change Healthcare Pay $22 Million Dollars to BlackCat/ALPHV

Security Squawk

Play Episode Listen Later Mar 7, 2024 12:21


In this eye-opening video, we delve deep into the shocking cyberattack on Change Healthcare, orchestrated by the notorious BlackCat ransomware group. Discover the alarming chain of events that led to a staggering $22 million extortion payment, and the subsequent fallout that rocked the cybercriminal world. What You'll Learn: The Importance of Change Healthcare: Understand the critical role of Change Healthcare in the U.S. healthcare system and the impact of the cyberattack on nationwide prescription drug services. The Anatomy of the Attack: Follow the timeline of the cyberattack, from the initial breach to the eventual ransom payment, and the significant disruption it caused. The Controversy of the Ransom Payment: Explore the complex dynamics of the $22 million ransom payment, including the dispute with a disgruntled affiliate and the failure to secure the deletion of stolen data.

Risk & Repeat
Risk & Repeat: Alphv/BlackCat's chaotic exit (scam)

Risk & Repeat

Play Episode Listen Later Mar 7, 2024


This podcast episode discusses the possible exit scam of ransomware-as-a-service gang Alphv/BlackCat, as well as the chaotic months the gang had leading up to its closure.

Risky Business
Risky Business #739 -- ALPHV exit scams while Change Healthcare burns

Risky Business

Play Episode Listen Later Mar 6, 2024 59:25


In this week's show Patrick Gray and Adam Boileau discuss the week's security news. They talk about: The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response Predator spyware maker getting a stern sanctioning A German military WebEx meeting gets snooped Mem-corrpution is still king And much, much more In this week's sponsor interview Patrick Gray speaks to Karl McGuinness, Okta's chief architect, about some new security improvements they've built into their IDP. Show notes U.S. Air Force employee charged with giving classified information to woman he met on dating site Ransomware attack on U.S. health care payment processor ‘most serious incident of its kind' AlphV's hit on Change Healthcare strikes a sour note for defenders | Cybersecurity Dive Office of Public Affairs | Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1) Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED Ciaran Martin on X: "“We have to find a way of making a ransom ban work” - me for @thetimes US launches antitrust investigation into UnitedHealth, WSJ reports | Reuters Brett Callow on X: "#Lockbit has de-listed Fulton County. Predator spyware endures even after widespread exposure, analysis shows | CyberScoop Predator spyware infrastructure taken down after exposure | CyberScoop U.S. bans maker of spyware that targeted a senator's phone Spyware maker NSO Group ordered to turn over Pegasus code in WhatsApp case Whatsapp Inc vs NSO Group Russia's chief propagandist leaks intercepted German military Webex conversation The White House's Oddly Specific, and Really Quite Good, Software Engineering Advice A leaky database spilled 2FA codes for the world's tech giants | TechCrunch In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly | Cybersecurity Dive How to Secure the SaaS Apps of the Future | Okta Security

Risky Business
Risky Business #739 -- ALPHV exit scams while Change Healthcare burns

Risky Business

Play Episode Listen Later Mar 6, 2024


In this week's show Patrick Gray and Adam Boileau discuss the week's security news. They talk about: The serious consequences from the Change Healthcare ransomware, and the need for a … nastier response Predator spyware maker getting a stern sanctioning A German military WebEx meeting gets snooped Mem-corrpution is still king And much, much more In this week's sponsor interview Patrick Gray speaks to Karl McGuinness, Okta's chief architect, about some new security improvements they've built into their IDP. Show notes U.S. Air Force employee charged with giving classified information to woman he met on dating site Ransomware attack on U.S. health care payment processor ‘most serious incident of its kind' AlphV's hit on Change Healthcare strikes a sour note for defenders | Cybersecurity Dive Office of Public Affairs | Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant | United States Department of Justice Developing: AlphV allegedly scammed Change Healthcare and its own affiliate (1) Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment | WIRED Ciaran Martin on X: "“We have to find a way of making a ransom ban work” - me for @thetimes US launches antitrust investigation into UnitedHealth, WSJ reports | Reuters Brett Callow on X: "#Lockbit has de-listed Fulton County. Predator spyware endures even after widespread exposure, analysis shows | CyberScoop Predator spyware infrastructure taken down after exposure | CyberScoop U.S. bans maker of spyware that targeted a senator's phone Spyware maker NSO Group ordered to turn over Pegasus code in WhatsApp case Whatsapp Inc vs NSO Group Russia's chief propagandist leaks intercepted German military Webex conversation The White House's Oddly Specific, and Really Quite Good, Software Engineering Advice A leaky database spilled 2FA codes for the world's tech giants | TechCrunch In ConnectWise attacks, Play and LockBit ransomware exploits developed quickly | Cybersecurity Dive How to Secure the SaaS Apps of the Future | Okta Security

Cyber Security Headlines
US cyber strategy update, spyware sanctions, ALPHV exits

Cyber Security Headlines

Play Episode Listen Later Mar 6, 2024 6:45


US cybersecurity strategy update on the way US Treasury issues first spyware sanctions UK denies responsibility for ALPHV takedown Thanks to today's episode sponsor, Conveyor Conveyor is the only GPT-powered customer trust portal that automates the entire customer security review process — from sharing your security posture and documents in a single portal to automating security questionnaire responses with 90% accuracy so you can fly through any customer security review in minutes. It might sound like every other compliance software claim out there, but there's a reason our customers have dubbed Conveyor their ‘favorite security tool of the year'. Test our market-leading AI in a free proof of concept at www.conveyor.com

Risky Business News
Risky Biz News: AlphV admins exit-scam with Change Healthcare's ransom

Risky Business News

Play Episode Listen Later Mar 6, 2024


A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

The CyberWire
Change Healthcare hackers cash in $22 million ransom.

The CyberWire

Play Episode Listen Later Mar 5, 2024 28:21


Is the ALPHV gang pulling up a twenty two million dollar rug? Meta platforms are experiencing outages.  Ukraine claims a cyberattack on the Russian Ministry of Defense. Malicious phishers hope to hook hashes. TeamCity users are warned of critical vulnerabilities. The Discord leaker pleads guilty. AmEx suffers a third-party data breach. Amazon is flooded with fake copycat publications. Our guest is Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division to discuss Volt Typhoon. And, Dude, she is just not that into you. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division joins us to discuss Volt Typhoon. Selected Reading Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment  (WIRED) Ukraine claims it hacked Russian Ministry of Defense servers (Bleeping Computer) Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes (Help Net Security) TeamCity Users Urged to Patch Critical Vulnerabilities (Infosecurity Magazine) Pentagon leak defendant Jack Teixeira pleads guilty, faces years in prison (Reuters) American Express credit cards exposed in third-party data breach (Bleeping Computer) Tech writer Kara Swisher has a new book. Enter the AI-generated scams. (Bleeping Computer) Retired Army officer charged with sharing classified information about Ukraine on foreign dating site (CBS News)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Cyber Security Headlines
North Korea semiconductor hacks, ALPHV goes dark, China AI vouchers

Cyber Security Headlines

Play Episode Listen Later Mar 5, 2024 6:52


North Korea targets semiconductor industry ALPHV infrastructure goes dark China to offer computing vouchers to AI startups Thanks to today's episode sponsor, Conveyor AI is getting pretty smart so you shouldn't settle for mediocre security questionnaire automation software that only generates the right answer 20 to 50 percent of the time or have to wait a day for the vendor's team to check the answers. Conveyor's security questionnaire automation tool not only boasts industry leading AI accuracy reducing time spent on security reviews by 80%, but now also autofills in OneTrust portal questionnaires with a single click. Trying a proof of concept with your own data is always free. Learn more at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan.

Risky Business News
Risky Biz News: AlphV admins exit-scam with Change Healthcare's ransom

Risky Business News

Play Episode Listen Later Mar 5, 2024 6:40


A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here.

The IT Pro Podcast
February rundown: LockBit takedown and ChatGPT woes

The IT Pro Podcast

Play Episode Listen Later Mar 1, 2024 22:06


February has been an eventful month in the tech sector as ransomware operator LockBit, which has accrued billions of dollars in ill-gotten gains in its approximately four-year history, was taken down by an international task force spearheaded by the UK's National Crime Agency.Elsewhere, ChatGPT suffered a major setback as users noticed the industry-leading chatbot had taken to answering prompts with complete gibberish. Though the issue was fixed within a day of being reported, it has raised important questions about the reliability of the service and the technology that underlies it.In this episode, Jane and Rory welcome back Ross Kelly, ITPro's news and analysis editor, to explore February's big cyber security story and discuss what ChatGPT's moment of madness means for generative AI.Read more:LockBit could be done and dusted after NCA operation gained access to admin environments, source code, and affiliate infoLockBit rises from the ashes, but will it pack the same punch as before?Life after LockBit: A fragmented landscape and wayward affiliates will still cause chaos for enterprisesEuropol takes down 'dangerous' Emotet botnetQakbot forced offline, but history suggests it probably won't be foreverEverything we know so far about the rumored ALPHV 'takedown'History tells us ALPHV will likely recover from recent takedownLockBit remains most dangerous ransomware despite fall in attacksThe 'Big Three' ransomware groups are losing their grip on the industry as gangs begin to fracture, study shows

Security Squawk
Ransomware Rampage: ALPHV's Attack on American Corporates

Security Squawk

Play Episode Listen Later Feb 21, 2024 58:06


This week, we discuss the escalating cyber threats targeting the United States, with a particular focus on recent developments and warnings from high-level officials and cybersecurity experts. We begin with FBI Director Christopher Wray's stark warning about China's cyber threat, revealing that offensive malware has been covertly placed in U.S. critical infrastructure by Chinese hackers, representing a scale of threat previously unseen. Wray's comments at the Munich security conference underscore the urgent need for heightened cybersecurity measures against such national security threats. We also cover the alarming ransomware attacks by the ALPHV/Blackcat gang on prominent companies such as Prudential Financial and loanDepot, showcasing the persistent risks ransomware poses to both private and public sectors. With over 16.6 million individuals affected by the loanDepot breach alone, the implications of these attacks are far-reaching. Additionally, we discuss the recent cyberattack that disrupted Georgia's Fulton County, affecting its main technology platforms and limiting operations across various county offices. This incident further highlights the vulnerabilities of local government infrastructure to sophisticated cyberattacks. Join us as we also explore the global response to these threats, including the U.S. State Department's rewards for information leading to the capture of ALPHV gang leaders and the ongoing efforts by law enforcement to counter Chinese hacking campaigns. With the use of artificial intelligence by hackers amplifying the threat landscape, we'll examine the calls for a "Geneva Convention around cyber" and the implications for future cybersecurity defenses. Tune into Security Squawk to stay informed on the latest cyber threats and the evolving landscape of cybersecurity defense strategies.

Cyber Security Headlines
LockBit disrupted, Cactus leaks Schneider data, ALPHV claims financial attacks

Cyber Security Headlines

Play Episode Listen Later Feb 20, 2024 7:44


LockBit disrupted by global police operation Cactus leaks Schneider Electric data on dark web ALPHV gang takes credit for LoanDepot, Prudential attacks Thanks to today's episode sponsor, Conveyor Conveyor, the security questionnaire automation software one of our customers dubbed “my favorite security tool of the year”, is now even better. They've upgraded their browser extension for portal-based questionnaires and it can now autofill OneTrust portal questionnaires in one click. You can test the AI in a free proof of concept at www.conveyor.com. Mention this podcast for 5 free questionnaire credits when you purchase an Enterprise plan. Get the stories behind the headlines at CISOSeries.com

Cyber Security Today
Cyber Security Today, Feb. 16, 20924 - US takes down Russian botnet of routers

Cyber Security Today

Play Episode Listen Later Feb 16, 2024 6:28


This episode reports on mulit-million dollar rewards for information on the AlphV ransomware gang, a decryptor is available for the Rhysida ransomware strain, and more

Defence Connect Podcast
CYBER UNCUT: X, the new home of crypto scams?

Defence Connect Podcast

Play Episode Listen Later Jan 15, 2024 31:38


In this episode of the Cyber Uncut podcast, Liam Garman, David Hollingworth, and Daniel Croft unpack a recent string of cryptocurrency-related compromises on X (formerly Twitter) and how threat actors have targeted Australian consumers over the Christmas break. The trio begin unpacking a recent post on X by the US Securities and Exchange Commission (SEC) endorsing bitcoin-tracked exchange traded funds (ETFs) and how the post is the latest in a long string of cryptocurrency scams on the site. They then discuss the latest breaking news with the ALPHV site being seized by the FBI. The podcast wraps up looking into The Iconic's strong response to recent consumer compromises, as well as an attack on a local travel agent. Enjoy the podcast, The Cyber Daily team

Cyber Security Uncut
X, the new home of crypto scams?

Cyber Security Uncut

Play Episode Listen Later Jan 12, 2024 31:38


In this episode of the Cyber Uncut podcast, Liam Garman, David Hollingworth, and Daniel Croft unpack a recent string of cryptocurrency-related compromises on X (formerly Twitter) and how threat actors have targeted Australian consumers over the Christmas break. The trio begin unpacking a recent post on X by the US Securities and Exchange Commission (SEC) endorsing bitcoin-tracked exchange traded funds (ETFs) and how the post is the latest in a long string of cryptocurrency scams on the site. They then discuss the latest breaking news with the ALPHV site being seized by the FBI. The podcast wraps up looking into The Iconic's strong response to recent consumer compromises, as well as an attack on a local travel agent. Enjoy the podcast, The Cyber Daily team

Risky Business
Risky Business #731 -- SEC Twitter hack moves Bitcoin price

Risky Business

Play Episode Listen Later Jan 10, 2024


On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: * SEC Twitter account hack moves bitcoin price * Kaspersky admires Triangulation hackers' fine work * Telcos hacked all over * Israel hacks Iranian gasoline pumps again * Iran up in Albania, Sudan, Egypt and Tanzania * and much, much more… This week's show is brought to you by Nucleus Security. Co-founder Scott Kuffer joins us to talk about why patch management is more nuanced than just “patch fast!” Show notes U.S. Securities and Exchange Commission on X: "The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products." / X Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked | Ars Technica 4-year campaign backdoored iPhones using possibly the most advanced exploit ever | Ars Technica Spyware attack chain used previously unknown iPhone hardware feature, report says "Dutch engineer carried out Iranian nuclear sabotage": VK - DutchNews.nl Russian hackers infiltrated Ukrainian telecom giant months before cyberattack Ukraine telecom cyberattack one of ‘highest-impact' hacks of the war Pro-Ukraine hackers claim breach of Russian internet provider Ukraine says Russia hacked web cameras to spy on targets in Kyiv Optus outage: Banks, telcos to be quizzed at Senate hearing A “ridiculously weak” password causes disaster for Spain's No. 2 mobile carrier | Ars Technica Albanian parliament, telecom company hit by cyberattacks Paraguay military warns of ‘significant impact' of ransomware after attack on internet provider Iran confirms nationwide cyberattack on gas stations Hackers disrupt Beirut airport with anti-Hezbollah message Telecom organizations in Africa targeted by Iran-linked hackers Myanmar rebels take control of ‘pig butchering' scam city amid Chinese pressure on junta AlphV ransomware site is “seized” by the FBI. Then it's “unseized.” And so on. | Ars Technica BreachForums administrator detained after violating parole Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation Toronto Zoo says it remains open after ransomware attack Central Bank of Lesotho facing outages after cyberattack Kansas City-area hospital transfers patients, reschedules appointments after cyberattack Cyberattack on Massachusetts hospital disrupted records system, emergency services LockBit claims November attack on New Jersey hospital that disrupted patient care First American becomes latest real estate industry giant hit with cyberattack Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters SSH protects the world's most sensitive networks. It just got a lot weaker | Ars Technica LastPass enforces 12-character master password lengths | Cybersecurity Dive FTC soliciting contest submissions to help tackle voice cloning technology Biden signs short-term FISA extension before year-end deadline Foone: "The 37C3 talk on TEA1 encrypti…" - Infosec Exchange Crypto hedge fund CEO may not exist; probe finds no record of identity | Ars Technica

Risky Business
Risky Business #731 -- SEC Twitter hack moves Bitcoin price

Risky Business

Play Episode Listen Later Jan 10, 2024 65:29


On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: SEC Twitter account hack moves bitcoin price Kaspersky admires Triangulation hackers' fine work Telcos hacked all over Israel hacks Iranian gasoline pumps again Iran up in Albania, Sudan, Egypt and Tanzania and much, much more… This week's show is brought to you by Nucleus Security. Co-founder Scott Kuffer joins us to talk about why patch management is more nuanced than just “patch fast!” Show notes U.S. Securities and Exchange Commission on X: "The @SECGov X account was compromised, and an unauthorized post was posted. The SEC has not approved the listing and trading of spot bitcoin exchange-traded products." / X Mandiant, the security firm Google bought for $5.4 billion, gets its X account hacked | Ars Technica 4-year campaign backdoored iPhones using possibly the most advanced exploit ever | Ars Technica Spyware attack chain used previously unknown iPhone hardware feature, report says "Dutch engineer carried out Iranian nuclear sabotage": VK - DutchNews.nl Russian hackers infiltrated Ukrainian telecom giant months before cyberattack Ukraine telecom cyberattack one of ‘highest-impact' hacks of the war Pro-Ukraine hackers claim breach of Russian internet provider Ukraine says Russia hacked web cameras to spy on targets in Kyiv Optus outage: Banks, telcos to be quizzed at Senate hearing A “ridiculously weak” password causes disaster for Spain's No. 2 mobile carrier | Ars Technica Albanian parliament, telecom company hit by cyberattacks Paraguay military warns of ‘significant impact' of ransomware after attack on internet provider Iran confirms nationwide cyberattack on gas stations Hackers disrupt Beirut airport with anti-Hezbollah message Telecom organizations in Africa targeted by Iran-linked hackers Myanmar rebels take control of ‘pig butchering' scam city amid Chinese pressure on junta AlphV ransomware site is “seized” by the FBI. Then it's “unseized.” And so on. | Ars Technica BreachForums administrator detained after violating parole Autistic teen behind spate of Lapsus$ hacks sentenced to indefinite hospital stay Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation Toronto Zoo says it remains open after ransomware attack Central Bank of Lesotho facing outages after cyberattack Kansas City-area hospital transfers patients, reschedules appointments after cyberattack Cyberattack on Massachusetts hospital disrupted records system, emergency services LockBit claims November attack on New Jersey hospital that disrupted patient care First American becomes latest real estate industry giant hit with cyberattack Ivanti warns of critical vulnerability in its popular line of endpoint protection software | Ars Technica US officials say Russian targeting JetBrains servers for potential SolarWinds-style operations | Reuters SSH protects the world's most sensitive networks. It just got a lot weaker | Ars Technica LastPass enforces 12-character master password lengths | Cybersecurity Dive FTC soliciting contest submissions to help tackle voice cloning technology Biden signs short-term FISA extension before year-end deadline Foone: "The 37C3 talk on TEA1 encrypti…" - Infosec Exchange Crypto hedge fund CEO may not exist; probe finds no record of identity | Ars Technica

The Cybersecurity Defenders Podcast
#91 - Intel Chat: ALPHV, DanaBot?, Operation Triangulation, npm everything, & Sandworm?

The Cybersecurity Defenders Podcast

Play Episode Listen Later Jan 10, 2024 32:47


In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.An international group of law enforcement agencies has seized the dark web leak site of the notorious ransomware gang known as ALPHV, or BlackCat.IBM Security Trusteer uncovered a new malware campaign using JavaScript web injections with a possible connection to DanaBot.Kaspersky published some new research in which they have identified a vulnerability in Apple System on a chip - or SOC - that has played a critical role in the attacks they saw in Operation Triangulation.NPM package “everything” downloads millions of packages and prevents all authors on npmjs.com from removing their packages.Russian hackers were inside the Ukrainian telecom giant Kyivstar's system from at least May last year and recently caused a destructive outage.And the Hacker History episodes, When the Lights Went Out in Ukraine Part 1 & Part 2.

ALEF SecurityCast
Ep#205 - Virtuální Přestřelka FBI a ALPHV (BlackCat)

ALEF SecurityCast

Play Episode Listen Later Jan 8, 2024 11:27


ALEF Security Report dotazník: Směrnice NIS2 / nový zákon o kybernetické bezpečnosti („ZKB“) (google.com) Discord Kapitoly: 00:00 Úvod 01:25 FBI Narušila Operaci Ransomwaru Blackcat 04:24 Zdrojový Kód GTA 5 Údajně Unikl na Internet 06:19 Společnost Google Urovnala Soudní Sport v Hodnotě 5 Miliard USD 08:24 Šestihodinový Hack X Účtu Mandiant 10:45 Meme Of The Week Odkazy a zdroje: FBI disrupts Blackcat ransomware operation, creates decryption tool (bleepingcomputer.com) GTA 5 source code reportedly leaked online a year after Rockstar hack (bleepingcomputer.com) Mandiant's Twitter Account Restored After Six-Hour Crypto Scam Hack (thehackernews.com) Google Settles $5 Billion Privacy Lawsuit Over Tracking Users in 'Incognito Mode' (thehackernews.com) www.stanovo.cz #ITBezpecnost #IT #Novinky #Bezpecnost #Česko

The Other Side Of The Firewall
US Seizes ALPHV Website - The Other Side of the Firewall Season 2 Episode 517

The Other Side Of The Firewall

Play Episode Listen Later Jan 1, 2024 10:23


In this episode, Ryan and Shannon discuss how the US has taken over the ransomware group, ALPHV, website and released decryption tools to their victims. Please LISTEN

Defence Connect Podcast
CYBER UNCUT: Game developer suffers data dump, and movements in online criminal enterprises

Defence Connect Podcast

Play Episode Listen Later Dec 25, 2023 37:26


In this episode of the Cyber Uncut podcast, Liam Garman, David Hollingworth, and Daniel Croft unpack the biggest news stories for 2023 – and dive into the recent Rhysida and ALPHV attacks.  The trio begin the podcast by unpacking the latest hack against Insomniac Games by Rhysida, which saw over a terabyte of data leaked online, as well as recent movements within the ALPHV ransomware gang. They then unpack the top five news stories of the year. Garman, Hollingworth, and Croft then wrap up the podcast by discussing recent research on a recently uncovered Chinese disinformation campaign. Enjoy the podcast, The Cyber Uncut team

The CyberWire
Sentenced to hospital detention.

The CyberWire

Play Episode Listen Later Dec 22, 2023 29:46


A Lapsus$ hacker is sentenced to hospital detention. Online ads and phishing drain crypto wallets. Cyberespionage continues. LockBit and ALPHV say they want to form a ransomware cartel. The 8220 gang's cryptojacking. DarkGate RAT's propagation. The evolution of Bandook. A prominent title insurance company takes systems offline. Rick Howard speaks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence. And Trump's Dumps lead to BidenCash. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K's Rick Howard talks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence in conjunction with Google. Selected Reading The infamous GTA VI hacker has been convicted - and the story is simply absurd (IT Pro) Crypto drainer steals $59 million from 63k people in Twitter ad push (Bleeping Computer) Threat Actor 'UAC-0099' Continues to Target Ukraine (Deep Instinct)  ‘Today FBI Got Him, Tomorrow They Will Get Me': LockBit, BlackCat Unite to Form Cyber Cartel (The Cyber Express)  Imperva Detects Undocumented 8220 Gang Activities (Imperva) BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates (Proofpoint) Bandook - A Persistent Threat That Keeps Evolving (Fortinet) First American takes IT systems offline after cyberattack (Bleeping Computer) BidenCash darkweb market gives 1.9 million credit cards for free (Bleeping Computer) BidenCash (Searchlight Cyber) Russia Seizes Ferum, Sky-Fraud, UAS, and Trump's Dumps—and Signals More Takedowns to Come [Updated] (Flashpoint) Share your feedback.Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

WIRED Security: News, Advice, and More
A Major Ransomware Takedown Suffers a Strange Setback

WIRED Security: News, Advice, and More

Play Episode Listen Later Dec 21, 2023 7:26


After an 18 month rampage, global law enforcement finally moved against the notorious Alphv or Blackcat ransomware group. Within hours, the operation faced obstacles. Read this story here.

Herrasmieshakkerit
Suomen kyberpuolustus, vieraana Tuomo Rusila | 0x2e

Herrasmieshakkerit

Play Episode Listen Later Dec 21, 2023 51:37


Kutsuimme kartanolle vieraaksi Tuomo Rusilan, joka on Suomen kansallisen kyberpuolustuksen taustavoima työssään Puolustusministeriössä. Kysyimme Tuomolta kuka puolustaa Suomen tietojärjestelmiä vihamielisen valtion hyökkäyksiä vastaan. Lisäksi keskustelimme valtion kyberresilienssistä, reservin osaamisen hyödyntämisestä kyberpuolustuksessa sekä siitä mitä muutoksia Nato-jäsenyys tuo Suomen valtion kyberpuolustukseen.  Äänijulkaisun lähdeluettelo: Vieras Tuomo Rusila https://twitter.com/tuomorusila Slush https://slush.org t2'24 infosec https://t2.fi/ Wolt Security Whitepaper https://assets.ctfassets.net/23u853certza/6nVwMWMcVS0OtP3bw2cE5M/0206018566a493515cfd711f079c8c08/Security_whitepaper_2023.pdf iPhone sulkutila https://support.apple.com/fi-fi/HT212650 Why Apple is working hard to break into its own iPhones https://www.independent.co.uk/tech/iphone-apple-security-software-lockdown-mode-b2450192.html Post Mortem on Cloudflare Control Plane and Analytics Outage https://blog.cloudflare.com/post-mortem-on-cloudflare-control-plane-and-analytics-outage/ Alphv ja SEC https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/ Tuomo Rusilan artikkeli Kylkirauta-lehdessä https://kylkirauta.fi/wp-content/uploads/2023/03/Kylkirauta-1_23.pdf Multi-Account Containers https://support.mozilla.org/en-US/kb/containers Lahti 2001 https://www.ruutu.fi/ohjelmat/lahti-2001 Rollinsquare Aircard https://rollingsquare.com/products/aircard?variant=45836976718143 ChatGPT App https://apps.apple.com/us/app/chatgpt/id6448311069

Cyber Security Uncut
Game developer suffers data dump, and movements in online criminal enterprises

Cyber Security Uncut

Play Episode Listen Later Dec 21, 2023 37:26


In this episode of the Cyber Uncut podcast, Liam Garman, David Hollingworth, and Daniel Croft unpack the biggest news stories for 2023 – and dive into the recent Rhysida and ALPHV attacks. The trio begin the podcast by unpacking the latest hack against Insomniac Games by Rhysida, which saw over a terabyte of data leaked online, as well as recent movements within the ALPHV ransomware gang. They then unpack the top five news stories of the year. Garman, Hollingworth, and Croft then wrap up the podcast by discussing recent research on a recently uncovered Chinese disinformation campaign. Enjoy the podcast, The Cyber Uncut team

The CyberWire
A dark web take down.

The CyberWire

Play Episode Listen Later Dec 19, 2023 35:06


The FBI takes down ALPHV/BlackCat. Comcast reveals breach of nearly 36 million Xfinity customers. Microsoft and Cyberspace Solarium Commission release water sector security report. Malware increasingly uses public infrastructure. Iran's Seedworm and its telco targets. QR code scams. Feds release joint analysis of 2022 election integrity. Joint advisory on Play ransomware group. In today's Mr Security Answer Person, John Pescatore considers the risks of AI. Rick Howard talks with Lauren Brennan of GuidePoint Security about evaluating and maturing your SOC. Iranian gas stations running on empty. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests John Pescastore joins us for Mr. Security Answer Person to address the question, “Things seem to be moving quickly with AI, what is your feeling about that positioning for early 2024?” Today's guest is Lauren Brennan of GuidePoint Security. N2K's Rick Howard caught up with Lauren recently  at the MITRE ATT&CKcon 4.0. They discussed evaluating and maturing your SOC. Selected Reading Authorities claim seizure of notorious ALPHV ransomware gang's dark web leak site (TechCrunch+) Comcast says hackers stole data of close to 36 million Xfinity customers (TechCrunch+) Microsoft, Cyberspace Solarium Commission propose measures to strengthen water sector cybersecurity (Industrial Cyber) Malware leveraging public infrastructure like GitHub on the rise (Reversing Labs) Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (Symantec) “Quishing” you a Happy Holiday Season (netcraft) 2022 Election Not Impacted by Chinese, Russian Cyber Activity: DOJ, DHS (Securityweek) US and Australia Warn of Play Ransomware Threat (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Storm⚡️Watch by GreyNoise Intelligence
New SEC Rules, Threat Predictions, and Vulnerability Impact Scoring

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Dec 19, 2023 69:19


In this episode of Storm⚡️Watch, we kick off with our usual intros and roundtable discussion between co-hosts Kimber Duke, Emily Austin, Glenn Thorpe, and boB Rudis. ​ The show continues with a celebration of the FBI's confirmation that ALPHV has, indeed, been taken down. ​ Moving on, a significant development this week is the effective implementation date of new SEC cyber reporting rules. These rules mandate that companies report "material cybersecurity incidents" to their investors. The rules went into effect this week, and VF Corporation was one of the first to report under these new guidelines. VF Corporation suffered a significant cyberattack on December 13, 2023, which has had a major impact on its operations, particularly its ability to fulfill orders during the holiday rush. We also discuss the hot-off-the-presses Xfinity breach announcement. ​ Looking ahead, we delve into our predictions for the cybersecurity landscape in 2024 (make sure to check out our companion blog post, "Weathering 2024: Storm Watch Predictions for the Year Ahead").  ​ In Tool Time, we also discuss ZOOM's Vulnerability Impact Scoring System (VISS), a resource that helps organizations assess their vulnerability to cyber threats. ​ In the realm of recent vulnerabilities, we review Censys's blog post about the JetBrains TeamCity Remote Code Execution (RCE) vulnerability (CVE-2023-42793). We also showcase a deep dive into the Apache Struts2 RCE vulnerability (CVE-2023-50164) in our blog post, "A Day in the Life of a GreyNoise Researcher." ​ In another deep dive, Ron Bowes of GreyNoise Labs digs deep into F5 BIG-IP systems, where he explored how threat actors are baiting these systems. You can read all about those findings in our blog post, "Mining the Undiscovered Country with GreyNoise EAP Sensors: F5 BIG-IP Edition." We note three new tags, including a WordPress Backup Migration RCE (CVE-2023-6553), the 3CX CRM SQL Injection (CVE-2023-49954), and the WuzhiCMS SQL Injection (CVE-2018-11528). ​ Finally, we wrap up with a discussion on the CISA's recent advisories. The first is a design alert urging manufacturers to eliminate default passwords, aptly titled "NO KEV!" The second is a joint advisory on Play Ransomware, providing crucial information to help organizations protect themselves against this threat. Episode Slides >> Join our Community Slack >> Learn more about GreyNoise >>  

Talion Threat Set Radio
Threat Bulletin #248

Talion Threat Set Radio

Play Episode Listen Later Dec 15, 2023 6:57


AlphV ransomware  outage rumored to be caused by FBI.New "Pool Party" injection technique evades 5 leading EDR solutions.Lazarus continues to abuse Log4J with 3 new malware strains.

The Cyberlaw Podcast
Do AI Trust and Safety Measures Deserve to Fail?

The Cyberlaw Podcast

Play Episode Listen Later Dec 12, 2023 77:35


It's the last and probably longest Cyberlaw Podcast episode of 2023. To lead off, Megan Stifel takes us through a batch of stories about ways that AI, and especially AI trust and safety, manage to look remarkably fallible. Anthropic released a paper showing that race, gender, and age discrimination by AI models was real but could be dramatically reduced by instructing The Model to “really, really, really” avoid such discrimination. (Buried in the paper was the fact that the original, severe AI bias disfavored older white men, as did the residual bias that asking nicely didn't eliminate.) Bottom line from Anthropic seems to be, “Our technology is a really cool toy, but don't use if for anything that matters.”) In keeping with that theme, Google's highly touted OpenAI competitor Gemini was release to mixed reviews when the model couldn't correctly identify recent Oscar winners or a French word with six letters (it offered “amour”). The good news was for people who hate AI's ham-handed political correctness; it turns out you can ask another AI model how to jailbreak your model, a request that can make the task go 25 times faster. This could be the week that determines the fate of FISA section 702, David Kris reports. It looks as though two bills will go to the House floor, and only one will survive. Judiciary's bill is a grudging renewal of 702 for a mere three years, full of procedures designed to cripple the program. The intelligence committee's bill beats the FBI around the head and shoulders but preserves the core of 702. David and I explore the “queen of the hill” procedure that will allow members to vote for either bill, both, or none, and will send to the Senate the version that gets the most votes.  Gus Hurwitz looks at the FTC's last-ditch appeal to stop the Microsoft-Activision merger. The best case, he suspects, is that the appeal will be rejected without actually repudiating the pet theories of the FTC's hipster antitrust lawyers. Megan and I examine the latest HHS proposal to impose new cybersecurity requirements on hospitals. David, meanwhile, looks for possible motivations behind the FBI's procedures for companies who want help in delaying SEC cyber incident disclosures. Then Megan and I consider the tough new UK rules for establishing the age of online porn consumers. I think they'll hurt Pornhub's litigation campaign against states trying to regulate children's access to porn sites.  The race to 5G is over, Gus notes, and it looks like even the winners lost. Faced with the threat of Chinese 5G domination and an industry sure that 5G was the key to the future, many companies and countries devoted massive investments to the technology, but it's now widely deployed and no one sees much benefit. There is more than one lesson here for industrial policy and the unpredictable way technologies disseminate. 23andme gets some time in the barrel, with Megan and I both dissing its “lawyerly” response to a history of data breaches – namely changing its terms of service it harder for customers to sue for data breaches. Gus reminds us that the Biden FCC only took office in that last month or two, and it is determined to catch up with the FTC in advancing foolish and doomed regulatory initiatives. This week's example, remarkably, isn't net neutrality. It's worse. The Commission is building a sweeping regulatory structure on an obscure section of the 2021 infrastructure act that calls for the FCC to “facilitate equal access to broadband internet access service...”: Think we're hyperventilating? Read Commissioner Brendan Carr's eloquent takedown of the whole initiative.  Senator Ron Wyden (D-OR) has a been in his bonnet over government access to smartphone notifications. Megan and I do our best to understand his concern and how seriously to take it.  Wrapping up, Gus offers a quick take on Meta's broadening attack on the constitutionality of the FTC's current structure. David takes satisfaction from the Justice Department's patient and successful pursuit of Russian Hacker Vladimir Dunaev for his role in creating TrickBot. Gus notes that South Korea's law imposing internet costs on content providers is no match for the law of supply and demand. Finally, in quick hits we cover:  The guilty plea of the founder of a cryptocurrency exchange accused of money laundering. Rumors that the ALPHV ransomware site has been taken down by law enforcement IBM's long-term quantum computing research milestones The UK's antitrust throat-clearing about the OpenAI-Microsoft tie-up And Europe's low-on-details announcement of a deal on the world's first comprehensive AI rules  Download 485th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

The Cyberlaw Podcast
Do AI Trust and Safety Measures Deserve to Fail?

The Cyberlaw Podcast

Play Episode Listen Later Dec 12, 2023 77:35


It's the last and probably longest Cyberlaw Podcast episode of 2023. To lead off, Megan Stifel takes us through a batch of stories about ways that AI, and especially AI trust and safety, manage to look remarkably fallible. Anthropic released a paper showing that race, gender, and age discrimination by AI models was real but could be dramatically reduced by instructing The Model to “really, really, really” avoid such discrimination. (Buried in the paper was the fact that the original, severe AI bias disfavored older white men, as did the residual bias that asking nicely didn't eliminate.) Bottom line from Anthropic seems to be, “Our technology is a really cool toy, but don't use if for anything that matters.”) In keeping with that theme, Google's highly touted OpenAI competitor Gemini was release to mixed reviews when the model couldn't correctly identify recent Oscar winners or a French word with six letters (it offered “amour”). The good news was for people who hate AI's ham-handed political correctness; it turns out you can ask another AI model how to jailbreak your model, a request that can make the task go 25 times faster. This could be the week that determines the fate of FISA section 702, David Kris reports. It looks as though two bills will go to the House floor, and only one will survive. Judiciary's bill is a grudging renewal of 702 for a mere three years, full of procedures designed to cripple the program. The intelligence committee's bill beats the FBI around the head and shoulders but preserves the core of 702. David and I explore the “queen of the hill” procedure that will allow members to vote for either bill, both, or none, and will send to the Senate the version that gets the most votes.  Gus Hurwitz looks at the FTC's last-ditch appeal to stop the Microsoft-Activision merger. The best case, he suspects, is that the appeal will be rejected without actually repudiating the pet theories of the FTC's hipster antitrust lawyers. Megan and I examine the latest HHS proposal to impose new cybersecurity requirements on hospitals. David, meanwhile, looks for possible motivations behind the FBI's procedures for companies who want help in delaying SEC cyber incident disclosures. Then Megan and I consider the tough new UK rules for establishing the age of online porn consumers. I think they'll hurt Pornhub's litigation campaign against states trying to regulate children's access to porn sites.  The race to 5G is over, Gus notes, and it looks like even the winners lost. Faced with the threat of Chinese 5G domination and an industry sure that 5G was the key to the future, many companies and countries devoted massive investments to the technology, but it's now widely deployed and no one sees much benefit. There is more than one lesson here for industrial policy and the unpredictable way technologies disseminate. 23andme gets some time in the barrel, with Megan and I both dissing its “lawyerly” response to a history of data breaches – namely changing its terms of service it harder for customers to sue for data breaches. Gus reminds us that the Biden FCC only took office in that last month or two, and it is determined to catch up with the FTC in advancing foolish and doomed regulatory initiatives. This week's example, remarkably, isn't net neutrality. It's worse. The Commission is building a sweeping regulatory structure on an obscure section of the 2021 infrastructure act that calls for the FCC to “facilitate equal access to broadband internet access service...”: Think we're hyperventilating? Read Commissioner Brendan Carr's eloquent takedown of the whole initiative.  Senator Ron Wyden (D-OR) has a been in his bonnet over government access to smartphone notifications. Megan and I do our best to understand his concern and how seriously to take it.  Wrapping up, Gus offers a quick take on Meta's broadening attack on the constitutionality of the FTC's current structure. David takes satisfaction from the Justice Department's patient and successful pursuit of Russian Hacker Vladimir Dunaev for his role in creating TrickBot. Gus notes that South Korea's law imposing internet costs on content providers is no match for the law of supply and demand. Finally, in quick hits we cover:  The guilty plea of the founder of a cryptocurrency exchange accused of money laundering. Rumors that the ALPHV ransomware site has been taken down by law enforcement IBM's long-term quantum computing research milestones The UK's antitrust throat-clearing about the OpenAI-Microsoft tie-up And Europe's low-on-details announcement of a deal on the world's first comprehensive AI rules  Download 485th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.

Storm⚡️Watch by GreyNoise Intelligence
ALPHV/BlackCat: BUSTED!?, Lazarus' Log4j Larks, Stopping Cloud Attackers Cold With The "AWS Kill Switch"

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Dec 12, 2023 69:07


In this episode of Storm⚡️Watch by GreyNoise Intelligence, we discuss the rumored takedown of the ALPHV/BlackCat ransomware site, which has been offline for days, fueling speculation that law enforcement may have finally caught up with the prolific ransomware group.  ​ We then delve into the North Korea-linked Lazarus Group's exploitation of the Log4j vulnerability in a global campaign targeting companies in the manufacturing, agriculture, and physical security sectors. This deep-dive Breaking News segment will shed some light on why attackers are still going after this two-year old weakness, and also discuss how attackers are using modern programming languages to gain efficiencies and thwart detections. ​ In our Tool Time segment, we explore the AWS Kill Switch, an open-source incident response tool for quickly locking down AWS accounts and IAM roles during a security incident.  ​ Our Shameless Self-Promotion segment drops details on upcoming GreyNoise webinars, Censys' new service tier, and a GreyNoise Labs blog on use of GreyNoise EAP sensors for novel exploitation discovery for CVE-2023-47246.  ​ Along with our CISA KEV roundup we provide a short readout on their Fourth Quarter Cybersecurity Advisory Committee Meeting and new CISA, jointly published guide on "The Case for Memory Safe Roadmaps". ​ Episode Slides >> Join our Community Slack >> Learn more about GreyNoise >>  

Lock and Code
Why a ransomware gang tattled on its victim, with Allan Liska

Lock and Code

Play Episode Listen Later Dec 4, 2023 35:17


Like the grade-school dweeb who reminds their teacher to assign tonight's homework, or the power-tripping homeowner who threatens every neighbor with an HOA citation, the ransomware group ALPHV can now add itself to a shameful roster of pathetic, little tattle-tales.In November, the ransomware gang ALPHV, which also goes by the name Black Cat, notified the US Securities and Exchange Commission about the Costa Mesa-based software company MeridianLink, alleging that the company had failed to notify the government about a data breach. Under newly announced rules by the US Securities and Exchange Commission (SEC), public companies will be expected to notify the government agency about “material cybersecurity incidents” within four days of determining whether such an incident could have impacted the company's stock prices or any investment decisions from the public.According to ALPHV, MeridianLink had violated that rule. But how did ALPHV know about this alleged breach?Simple. They claimed to have done it.“It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under Item 1.05 of Form 8-K within the stipulated four business days, as mandated by the new SEC rules,” wrote ALPHV in a complaint that the group claimed to have filed with the US government.The victim, MeridianLink, refuted the claims. According to a MeridianLink spokesperson, while the company confirmed a cybersecurity incident, it denied the severity of the incident.“Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption,” a MeridianLink spokesperson said at the time. “If we determine that any consumer personal information was involved in this incident, we will provide notifications as required by law.”This week on the Lock and Code podcast with host David Ruiz, we speak to Recorded Future intelligence analyst Allan Liska about what ALPHV could hope to accomplish with its SEC complaint, whether similar threats have been made in the past under other regulatory regime, and what organizations everywhere should know about ransomware attacks going into the new year. One big takeaway, Liska said, is that attacks are getting bigger, bolder, and brasher.“There are no protections anymore,” Liska said. “For a while, some ransomware actors were like, ‘No, we won't go after hospitals, or we won't do this, or we won't do that.' Those protections all seem to have flown out the window, and they'll go after anything and anyone that will make them money. It doesn't matter how small they are or how big they are.”Liska continued:“We've seen ransomware actors go after food banks. You're not going to get a ransom from a food bank. Don't do that.”Tune in today to listen to the full conversation.You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you use.For all our cybersecurity coverage, visit Malwarebytes Labs at malwarebytes.com/blog.Show notes and credits:Intro Music: “Spellbound” by Kevin MacLeod (incompetech.com)Licensed under Creative Commons: By Attribution 4.0...

podcast – #セキュリティのアレ
第203回 呼ばれてへんねん!スペシャル!

podcast – #セキュリティのアレ

Play Episode Listen Later Dec 4, 2023 58:30


Tweet・「現代用語の基礎知識」選 ユーキャン 新語・流行語大賞 ・AlphV files an SEC c[...]

Cyber and Technology with Mike
29 November 2023 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Nov 29, 2023 7:43


In today's podcast we cover four crucial cyber and technology topics, including: 1.        Fidelity National attack delays home closings 2.        Qilin Ransomware impact shutdowns North American Auto Maker 3.        Police arrest Ukraine based ransomware gang; raid 30 locations 4.        Ukrainian Ministry says they hacked Russian Ministry of Transport    I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

PEBCAK Podcast: Information Security News by Some All Around Good People
Episode 140 - US Stops SIM Swapping, AlphV Ransomware Group Files Complaint on Victim, iMessage Bridge Horrendous Idea, OpenAI Fires Sam Altman

PEBCAK Podcast: Information Security News by Some All Around Good People

Play Episode Listen Later Nov 27, 2023 47:46


Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”   Scammer moving services use fake online reviews https://krebsonsecurity.com/2015/07/dont-be-fooled-by-phony-online-reviews/   US FCC adopts new rules to stop SIM-swapping fraud https://www.bleepingcomputer.com/news/security/fcc-adopts-new-rules-to-protect-consumers-from-sim-swapping-attacks/ https://therecord.media/fcc-new-rules-stop-sim-swapping https://www.fcc.gov/consumers/guides/cell-phone-fraud  https://krebsonsecurity.com/2018/03/what-is-your-banks-security-banking-on/   Alphv ransomware group files SEC complaint on victim https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/  https://www.darkreading.com/risk/alphv-ransomware-group-files-sec-complaint-against-own-victim  https://www.bleepingcomputer.com/news/security/long-beach-california-turns-off-it-systems-after-cyberattack/   iMessage Bridge for Android full of security holes, removed from Google Play store https://appleinsider.com/articles/23/11/18/nothing-kills-imessage-bridge-because-it-profoundly-violated-user-privacy-security   Ongoing crisis at OpenAI after board fires Sam Altman https://www.theguardian.com/technology/2023/nov/25/how-crisis-openai-sam-altman-unfolded   Dad Joke of the Week (DJOW)   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Glenn - https://www.linkedin.com/in/glennmedina/

Smashing Security
Ransomware gang reports its own crime, and what happened at OpenAI?

Smashing Security

Play Episode Listen Later Nov 23, 2023 43:26


Who gets to decide who should be CEO of OpenAI? ChatGPT or the board? Plus a ransomware gang goes a step further than most, reporting one of its own data breaches to the US Securities and Exchange Commission.All this and more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault.Warning: This podcast may contain nuts, adult themes, and rude language.Episode links:Hackers Use Online Casinos to Gamble Mountains of Cash They Steal from Victims - 404.AlphV files an SEC complaint against MeridianLink for not disclosing a breach to the SEC - DataBreaches.net.SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies - US Securities and Exchange Committee.OpenAI announces leadership transition - OpenAI.The Fear and Tension That Led to Sam Altman's Ouster at OpenAI - The New York Times.Emergency Pod: Sam Altman is Out at Open AI - The New York Times.What We Know About Sam Altman's Ouster From OpenAI - The New York Times.Ousted OpenAI C.E.O. Makes Plans for New Artificial Intelligence Company - The New York Times.Microsoft Hires Sam Altman Hours After OpenAI Rejects His Return - The New York Times.In the battle to bring ousted founder Sam Altman back to OpenAI, Microsoft and Satya Nadella hold the trump cards - Fortune.Rate your resignation letter - Twitter account.Suella Braverman's resignation letter - Twitter.Analysis of letter by Dame Andrea Jenkyns - Twitter.Thread about letter from Dame Andrea Jenkyns - Twitter.The Future by Naomi Alderman review - The Guardian.The Future by Naomi Alderman - Harper Collins.

The Cybersecurity Defenders Podcast
#79 - Intel Chat: SystemBC, Ddostf DDOS bot, ALPHV files with the SEC, & LummaC2 v4.0

The Cybersecurity Defenders Podcast

Play Episode Listen Later Nov 23, 2023 24:36


In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.A look at a versatile piece of malware that gets categorised as proxy malware, a bot, a backdoor, and even as a RAT, known as SystemBC.The AhnLab Security Emergency response Center's analysis team has published an article outlining their recent discovery that the Ddostf DDoS bot is being installed on vulnerable MySQL servers.The notorious ALPHV ransomware group has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.A new Anti-Sandbox technique LummaC2 v4.0 stealer is using to avoid detonation if no human mouse activity is detected, along with some other techniques being employed such as Control Flow Flattening.And you can sign up to participate in the Defender Fridays series here. Join us as we delve into the dynamic world of information security, exploring its defensive side with seasoned professionals from across the industry. Our aim is simple yet ambitious: to foster a collaborative space where ideas flow freely, experiences are shared, and knowledge expands.

Risky Business News
Srsly Risky Biz: Death by a thousand cuts

Risky Business News

Play Episode Listen Later Nov 23, 2023


In this podcast Adam Boileau and Tom Uren talk the rise of the Indian hack-for-hire industry. It doesn't get the same attention that high-profile iPhone ‘zero-click' hacking does, but its a global scourge that undermines legal processes. They also discuss the AlphV ransomware group reporting a company to the SEC for not disclosing a breach that it caused.

Storm⚡️Watch by GreyNoise Intelligence

Welcome to the latest episode of Storm Watch by GreyNoise Intelligence, hosted by Emily Austin, Kimber Duke, Glenn Thorpe, and boB Rudis. In this episode, we're excited to share some good news about the takedown of the IPStorm Botnet, a significant victory in the fight against cybercrime. The Russian and Moldovan national behind the illegal botnet proxy service has pleaded guilty, marking a significant step forward in international cybersecurity efforts. In breaking news, we discuss the recent SEC complaint filed by AlphV against MeridianLink for not disclosing a breach to the SEC. The breach was linked to Confluence, and we delve into the details of this incident and its implications. We also focus on the CrushFTP RCE. In our regular programming segment, we discuss how Clorox is cleaning house after a cyberattack, with the company's cyber chief leaving as recovery efforts continue. We also talk about Rackspace's hefty $11M ransomware recovery bill, which was linked to an OWASSRF vulnerability. Toyota also makes headlines with a breach confirmed after the Medusa ransomware group threatened to leak data, an incident tied to the CitrixBleed vulnerability. We also discuss the upcoming IRISSCON cybersecurity conference, where Russian cybersecurity experts are expected to present. We reflect on the 20th anniversary of Patch Tuesday, a monthly event that has become a staple in the cybersecurity world. We also give a nod to the upcoming CAMLIS conference, which we'll cover in more detail next week. In our tool time segment, we introduce MaxCVE, a useful tool for cybersecurity professionals, and discuss the importance of container vulnerability scanning awareness.  In our self-promotion segment, we share some of the latest updates and discoveries from Censys and GreyNoise, including the introduction of Censys Search Teams, the discovery of NTC Vulkan infrastructure, and how to get a leg up on initial access ransomware with CISA KEV and GreyNoise tags. We also showcase UX and feature improvements in Sift. Finally, we discuss the latest trends in GreyNoise tags and the importance of the Known Exploited Vulnerabilities Catalog from CISA. We also cover CISA's new initiative to expand scalable cybersecurity services to protect broader critical infrastructure and their recently released Health Sector Guidance Document.  Episode Slides >> Join our Community Slack >> Learn more about GreyNoise >>  

Hírstart Robot Podcast
Sorra hagyják ott a legnagyobb hirdetői az X-et Elon Musk legutóbbi megnyilvánulása után

Hírstart Robot Podcast

Play Episode Listen Later Nov 20, 2023 4:46


Sorra hagyják ott a legnagyobb hirdetői az X-et Elon Musk legutóbbi megnyilvánulása után Rakéta     2023-11-20 07:00:06     Infotech Apple Elon Musk Disney Antiszemitizmus IBM Múlt csütörtök óta az Apple, az IBM, a Disney és még számos további vállalat függesztette fel a platformon futó hirdetéseit, miután a cég vezetője egyetértéséről biztosította egy antiszemita bejegyzés szerzőjét. Brüsszel elvenné a felkészületlen cégek árbevételének két százalékát Mínuszos     2023-11-20 07:33:27     Infotech Belgium Brüsszel Akár az árbevétel két százalékára is büntethetők azok a gazdasági társaságok, amelyek nem készülnek fel időben az it-biztonsági incidensek kezelésére, és nem a felülvizsgált uniós kibervédelmi irányelvnek megfelelően működnek. Az EY nemzetközi tanácsadó társaság emlékeztet arra, hogy Magyarországon jövő év január elsejétől kezdik nyilvántartásba ve Szokatlanul korán, január közepén debütálhat a Galaxy S24 szériája Android Portál     2023-11-20 12:38:56     Mobiltech USA Samsung Menetrend A Samsung várhatóan január 17-én tartja a következő Unpacked rendezvényét, ahol a Galaxy S24 sorozatot mutatják be. Az eseményre az Egyesült Államokban kerül sor, és most egy kiszivárogtató azt állítja, hogy felfedte az előrendelési és értékesítési menetrendet. Tarun Vats szerint az előrendelések rögtön az esemény után megkezdődnek, az első kiszáll Középkategóriás gaminget kínál a Snapdragon 7 Gen 3 PCW     2023-11-20 06:02:52     Mobiltech Telefon Generáció Okostelefon A megfizethetőbb okostelefonokba tervezett új generációs Snapdragon processzor minden téren fejlődött, és végre talán több gyártó hisz a lapka képességeiben. Megzsarolta majd feljelentette a hackercsoport az áldozatát IT Business     2023-11-20 07:37:16     Infotech USA Tőzsde Hacker Kiberbiztonság Kibertámadás Értékpapír A világ egyik legaktívabb zsarolóprogram-csoportja szokatlan – ha nem is példa nélküli – eljárást alkalmazott, hogy áldozatát fizetésre kényszerítse: feljelentette az amerikai Értékpapír- és Tőzsdefelügyeletnél (SEC). A nyomásgyakorlási módszer egy bejegyzésben látott napvilágot, amelyet az AlphV, egy két éve működő zsarolóvírus-bűnszervezet által Ősmajmok nyomaira bukkantak Alsótelkesen 24.hu     2023-11-20 12:20:30     Tudomány Tudományos szenzációról van szó, eddig még fedezték fel egyetlen kihalt ősmajom lábnyomát sem. Szappanoperának sem utolsó, ami az OpenAI vezetésében történik Bitport     2023-11-20 08:01:00     Infotech ChatGPT OpenAI Az igazgatótanács pénteken menesztette a ChatGPT-vel világhírűvé vált cég két legfontosabb emberét, ám alig egy nappal később már arról szóltak a hírek, hogy lehetséges, hogy mindent visszacsinálnak, és inkább ők mondanak le. A Microsoftnál folytatja az OpenAI kaotikusan kirúgott vezérigazgatója Telex     2023-11-20 11:27:05     Infotech Microsoft OpenAI Sam Altmant először kirúgták, aztán mégsem annyira akarták kirúgni, most az OpenAI-t támogató Microsoftnál folytatja. A legtávolabbi szupernagy tömegű fekete lyukat találták meg a NASA távcsövei Csillagászat     2023-11-20 08:10:12     Tudomány Világűr NASA Az eddigi legtávolabbi, röntgentartományban is sugárzó fekete lyukat fedezték fel a NASA teleszkópjai segítségével. Ez az első eset, amikor egy fekete lyukat életének növekedési szakaszában figyelhetnek meg, tömege pedig hasonló az őt tartalmazó galaxisához. Az eredmény magyarázatot adhat arra, hogyan keletkeztek az univerzum első szupernagy tömegű Teljesen karbonsemlegessé tennék a világ szén-dioxid-kibocsátásának 8%-áért felelős iparágat hvg.hu     2023-11-20 11:03:00     Infotech A kaliforniai központú Brimstone Energy azt a célt tűzte ki maga elé, hogy csökkentse a cementgyártásból származó szén-dioxid-kibocsátást. Az iparág globális szinten a teljes kibocsátás 8 százalékáért felel. A mesterséges intelligencia és a technológiai fejlődés átalakítja a világunkat TőzsdeFórum     2023-11-20 12:30:00     Infotech Mesterséges intelligencia Innováció Microsoft A 2023-as év végéhez közeledve jóformán minden iparág átalakuláson megy keresztül. Az MI fejlődésének köszönhetően szinte minden munkahelyen a munkavégzés teljesen új formáit fedezik fel. A Microsoft Ignite azokat az innovációkat mutatja be, amelyek megkönnyítik az ügyfelek, a partnerek és a fejlesztők dolgát, amikor a legteljesebb módon szeretnék Baromfi 4.0: Betör az agráriumba a mesterséges intelligencia Mínuszos     2023-11-20 06:33:20     Gazdaság egyetem Mesterséges intelligencia Óbuda Startup A Birdwatcher Zrt. és az Óbudai Egyetem (OE) startup-céget alapított, amely a baromfitartás rendszerét fejleszti a mesterséges intelligencia segítségével. A napokban alapított Birdwatcher Zrt. az egyetem kutatói bázisáról induló vállalkozás, amely a szárnyasok megfigyelése alapján olyan algoritmusokat alkalmaz, amely jelentős mértékben segítheti az Hódítanak az ipari robotok az Európai Unióban okosipar.hu     2023-11-20 06:03:24     Infotech Cégvilág Európai Unió Robot Az EU 27 tagállamában 2022-ben közel 72 ezer darab ipari robotot telepítettek, ami hatszázalékos növekedés az előző év számaihoz képest – állapítja meg a Nemzetközi Robotikai Szövetség (IFR) riportja. „Az EU-n belül a vezető öt ország

Hírstart Robot Podcast - Tech hírek
Sorra hagyják ott a legnagyobb hirdetői az X-et Elon Musk legutóbbi megnyilvánulása után

Hírstart Robot Podcast - Tech hírek

Play Episode Listen Later Nov 20, 2023 4:46


Sorra hagyják ott a legnagyobb hirdetői az X-et Elon Musk legutóbbi megnyilvánulása után Rakéta     2023-11-20 07:00:06     Infotech Apple Elon Musk Disney Antiszemitizmus IBM Múlt csütörtök óta az Apple, az IBM, a Disney és még számos további vállalat függesztette fel a platformon futó hirdetéseit, miután a cég vezetője egyetértéséről biztosította egy antiszemita bejegyzés szerzőjét. Brüsszel elvenné a felkészületlen cégek árbevételének két százalékát Mínuszos     2023-11-20 07:33:27     Infotech Belgium Brüsszel Akár az árbevétel két százalékára is büntethetők azok a gazdasági társaságok, amelyek nem készülnek fel időben az it-biztonsági incidensek kezelésére, és nem a felülvizsgált uniós kibervédelmi irányelvnek megfelelően működnek. Az EY nemzetközi tanácsadó társaság emlékeztet arra, hogy Magyarországon jövő év január elsejétől kezdik nyilvántartásba ve Szokatlanul korán, január közepén debütálhat a Galaxy S24 szériája Android Portál     2023-11-20 12:38:56     Mobiltech USA Samsung Menetrend A Samsung várhatóan január 17-én tartja a következő Unpacked rendezvényét, ahol a Galaxy S24 sorozatot mutatják be. Az eseményre az Egyesült Államokban kerül sor, és most egy kiszivárogtató azt állítja, hogy felfedte az előrendelési és értékesítési menetrendet. Tarun Vats szerint az előrendelések rögtön az esemény után megkezdődnek, az első kiszáll Középkategóriás gaminget kínál a Snapdragon 7 Gen 3 PCW     2023-11-20 06:02:52     Mobiltech Telefon Generáció Okostelefon A megfizethetőbb okostelefonokba tervezett új generációs Snapdragon processzor minden téren fejlődött, és végre talán több gyártó hisz a lapka képességeiben. Megzsarolta majd feljelentette a hackercsoport az áldozatát IT Business     2023-11-20 07:37:16     Infotech USA Tőzsde Hacker Kiberbiztonság Kibertámadás Értékpapír A világ egyik legaktívabb zsarolóprogram-csoportja szokatlan – ha nem is példa nélküli – eljárást alkalmazott, hogy áldozatát fizetésre kényszerítse: feljelentette az amerikai Értékpapír- és Tőzsdefelügyeletnél (SEC). A nyomásgyakorlási módszer egy bejegyzésben látott napvilágot, amelyet az AlphV, egy két éve működő zsarolóvírus-bűnszervezet által Ősmajmok nyomaira bukkantak Alsótelkesen 24.hu     2023-11-20 12:20:30     Tudomány Tudományos szenzációról van szó, eddig még fedezték fel egyetlen kihalt ősmajom lábnyomát sem. Szappanoperának sem utolsó, ami az OpenAI vezetésében történik Bitport     2023-11-20 08:01:00     Infotech ChatGPT OpenAI Az igazgatótanács pénteken menesztette a ChatGPT-vel világhírűvé vált cég két legfontosabb emberét, ám alig egy nappal később már arról szóltak a hírek, hogy lehetséges, hogy mindent visszacsinálnak, és inkább ők mondanak le. A Microsoftnál folytatja az OpenAI kaotikusan kirúgott vezérigazgatója Telex     2023-11-20 11:27:05     Infotech Microsoft OpenAI Sam Altmant először kirúgták, aztán mégsem annyira akarták kirúgni, most az OpenAI-t támogató Microsoftnál folytatja. A legtávolabbi szupernagy tömegű fekete lyukat találták meg a NASA távcsövei Csillagászat     2023-11-20 08:10:12     Tudomány Világűr NASA Az eddigi legtávolabbi, röntgentartományban is sugárzó fekete lyukat fedezték fel a NASA teleszkópjai segítségével. Ez az első eset, amikor egy fekete lyukat életének növekedési szakaszában figyelhetnek meg, tömege pedig hasonló az őt tartalmazó galaxisához. Az eredmény magyarázatot adhat arra, hogyan keletkeztek az univerzum első szupernagy tömegű Teljesen karbonsemlegessé tennék a világ szén-dioxid-kibocsátásának 8%-áért felelős iparágat hvg.hu     2023-11-20 11:03:00     Infotech A kaliforniai központú Brimstone Energy azt a célt tűzte ki maga elé, hogy csökkentse a cementgyártásból származó szén-dioxid-kibocsátást. Az iparág globális szinten a teljes kibocsátás 8 százalékáért felel. A mesterséges intelligencia és a technológiai fejlődés átalakítja a világunkat TőzsdeFórum     2023-11-20 12:30:00     Infotech Mesterséges intelligencia Innováció Microsoft A 2023-as év végéhez közeledve jóformán minden iparág átalakuláson megy keresztül. Az MI fejlődésének köszönhetően szinte minden munkahelyen a munkavégzés teljesen új formáit fedezik fel. A Microsoft Ignite azokat az innovációkat mutatja be, amelyek megkönnyítik az ügyfelek, a partnerek és a fejlesztők dolgát, amikor a legteljesebb módon szeretnék Baromfi 4.0: Betör az agráriumba a mesterséges intelligencia Mínuszos     2023-11-20 06:33:20     Gazdaság egyetem Mesterséges intelligencia Óbuda Startup A Birdwatcher Zrt. és az Óbudai Egyetem (OE) startup-céget alapított, amely a baromfitartás rendszerét fejleszti a mesterséges intelligencia segítségével. A napokban alapított Birdwatcher Zrt. az egyetem kutatói bázisáról induló vállalkozás, amely a szárnyasok megfigyelése alapján olyan algoritmusokat alkalmaz, amely jelentős mértékben segítheti az Hódítanak az ipari robotok az Európai Unióban okosipar.hu     2023-11-20 06:03:24     Infotech Cégvilág Európai Unió Robot Az EU 27 tagállamában 2022-ben közel 72 ezer darab ipari robotot telepítettek, ami hatszázalékos növekedés az előző év számaihoz képest – állapítja meg a Nemzetközi Robotikai Szövetség (IFR) riportja. „Az EU-n belül a vezető öt ország

Isaiah's Newsstand
Israel/Gaza, Altman, & AlphV

Isaiah's Newsstand

Play Episode Listen Later Nov 19, 2023 20:21


(11/12/2023-11/19/2023) News and chill. Tune in. patreon.com/isaiahnews #applepodcasts #spotifypodcasts #youtube #patreon --- Support this podcast: https://podcasters.spotify.com/pod/show/isaiah-m-edwards/support

TechStuff
Tech News: TikTok Protests Being Called a Gatekeeper

TechStuff

Play Episode Listen Later Nov 16, 2023 21:16 Transcription Available


TikTok tries to convince the EU to reconsider designating parent company ByteDance as a "gatekeeper" under the Digital Markets Act. A ransomware group tattles on its victim to the SEC. And SpaceX is getting ready to test the Starship launch vehicle, hopefully with better results.See omnystudio.com/listener for privacy information.

Cyber and Technology with Mike
16 November 2023 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Nov 16, 2023 8:42


In today's podcast we cover four crucial cyber and technology topics, including: 1.        SAP addresses critical flaw in Business One product 2.        Ransomware group files SEC complaint after victim fails to negotiate 3.        DP World of Australia operations impacted in cyber attack 4.        FCC gets new power to address “digital divide”  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Lock and Code
MGM attack is too late a wake-up call for businesses, says James Fair

Lock and Code

Play Episode Listen Later Oct 23, 2023 40:08


In September, the Las Vegas casino and hotel operator MGM Resorts became a trending topic on social media... but for all the wrong reasons. A TikTok user posted a video taken from inside the casino floor of the MGM Grand—the company's flagship hotel complex near the southern end of the Las Vegas strip—that didn't involve the whirring of slot machines or the sirens and buzzers of sweepstake earnings, but, instead, row after row of digital gambling machines with blank, non-functional screens. That same TikTok user commented on their own post that it wasn't just errored-out gambling machines that were causing problems—hotel guests were also having trouble getting into their own rooms.As the user said online about their own experience: “Digital keys weren't working. Had to get physical keys printed. They doubled booked our room so we walked in on someone.”The trouble didn't stop there.A separate photo shared online allegedly showed what looked like a Walkie-Talkie affixed to an elevator's handrail. Above the device was a piece of paper and a message written by hand: “For any elevator issues, please use the radio for support.” As the public would soon learn, MGM Resorts was the victim of a cyberattack, reportedly carried out by a group of criminals called Scattered Spider, which used the ALPHV ransomware.It was one of the most publicly-exposed cyberattacks in recent history. But just a few days before the public saw the end result, the same cybercriminal group received a reported $15 million ransom payment from a separate victim situated just one and a half miles away.On September 14, Caesar's Entertainment reported in a filing with the US Securities and Exchange Commission that it, too, had suffered a cyber breach, and according to reporting from CNBC, it received a $30 million ransom demand, which it then negotiated down by about 50 percent.The social media flurry, the TikTok videos, the comments and confusion from customers, the ghost-town casino floors captured in photographs—it all added up to something strange and new: Vegas was breached. But how? Though follow-on reporting suggests a particularly effective social engineering scam, the attacks themselves revealed a more troubling, potential vulnerability for businesses everywhere, which is that a company's budget—and its relative ability to devote resources to cybersecurity—doesn't necessarily insulate it from attacks. Today on the Lock and Code podcast with host David Ruiz, we speak with James Fair, senior vice president of IT Services at the managed IT services company Executech, about whether businesses are taking cybersecurity seriously enough, which industries he's seen pushback from for initial cybersecurity recommendations (and why), and the frustration of seeing some companies only take cybersecurity seriously after a major attack. "How many do we have to see? MGM got hit, you guys. Some of the biggest targets out there—people who have more cybersecurity budget than people can imagine—got hit. So, what are you waiting for?"Tune in today.You can also find us on Apple Podcasts, Spotify, and Google Podcasts, plus whatever preferred podcast platform you...

Cyber Security Headlines
Cloudflare's protection bypass, ALPHV healthcare victim, Lazarus Meta recruiter

Cyber Security Headlines

Play Episode Listen Later Oct 2, 2023 7:08


Cloudflare DDoS protections bypassed using Cloudflare McLaren Health Care becomes latest ALPHV/BlackCat victim Lazarus Group poses as Meta recruiters to spearfish Spanish engineers Thanks to our episode sponsor, Conveyor Does the thought of answering another security questionnaire make you want to beat the stuffing out of 32 pinatas?  Then you might want to check out Conveyor: the AI security review platform helping infosec and sales teams attack security questionnaires from all angles. Reduce incoming questionnaires by sharing a trust portal with customers and for those questionnaires you do get, use our AI questionnaire completion tool to auto-generate precise answers to entire questionnaires in seconds. Lucid tried a free one week proof of concept and reduced time spent on questionnaires by 91%. Learn more at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.

Cyber and Technology with Mike
02 October 2023 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Oct 2, 2023 9:22


In today's podcast we cover four crucial cyber and technology topics, including: 1.        Michigan healthcare firm shutdowns networks at 14 locations 2.        Iran hackers target Saudi Arabia with improved espionage malware 3.        Ransomware puts building control data at risk 4.        North Korean hackers target Spanish Aerospace firm with updated malware  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

iGaming Daily
Ep 107: Who committed the cyber attack on MGM and Caesars?

iGaming Daily

Play Episode Listen Later Sep 27, 2023 19:06


US giants MGM and Caesars both suffered cyber attacks recently, with MGM being taken offline after the attack, reportedly from hacking group Scattered Spider, impacted everything from the customer website to the gaming floor to the electronic room key system to corporate emails. Caesars on the other hand, suffered an attack of their own by the more financially-motivated ALPHV, which may have led to social security numbers being compromised. While both are back online, as a result of the attacks, both are facing multiple lawsuits due to the breaches that occurred. At iGaming Daily, we wanted to bring in an expert to explain exactly what happened, how it happened, who these groups are, and what might happen next. SBC Americas Senior Journalist Charlie Horner took on the hosting role, and welcomed twenty-year cyber security veteran Justin Albrecht, Global Director of Mobile Threat Intelligence at cloud security experts Lookout to the podcast to take us through the whole story. Host: Charlie HornerGuest: Justin AlbrechtProducer: Anaya McDonaldEditor: Anaya McDonaldAll eyes on Miami next for SBC, as we turn our attention towards SBC Summit Latinoamérica. The event will bring together the leadership teams and product specialists from retail and online operators in markets including Argentina, Brazil, Colombia, Chile, Costa Rica, Mexico, Peru, Puerto Rico, Dominican Republic, Uruguay and many others to share information about best practice, launching in new territories, localized marketing strategies, and the latest technology. You can get your tickets at https://sbcevents.com/en/sbc-summit-latinoamerica/Follow iGaming Daily on LinkedIn to never miss an update https://www.linkedin.com/company/igaming-daily

TechStuff
The High Tech Heist

TechStuff

Play Episode Listen Later Sep 25, 2023 43:53 Transcription Available


On September 11th, 2023, MGM Resorts International posted that the company experienced a "cybersecurity issue." That issue links to two different hacker groups, a ransomware attack, and a similar incident that happened to another major casino company earlier in the year. This is the story so far.See omnystudio.com/listener for privacy information.

Cyber Security Headlines
Clarion audio hacked, Egyptian Predator threat, Dallas cyberattack analysis

Cyber Security Headlines

Play Episode Listen Later Sep 25, 2023 7:01


Car audio manufacturer Clarion hacked – ALPHV claims responsibility High-ranking Egyptian politician targeted by Predator spyware City of Dallas issues report on May cyberattack Thanks to today's episode sponsor, AppOmni If you think CASBs effectively secure your SaaS data… think again. CASBs lack visibility into your SaaS estate. Nor can they address and detect risks that arise from SaaS apps' unlimited endpoints. What you need is a robust SSPM designed to secure the dynamic and extensible nature of SaaS apps and their data. That's where AppOmni comes in. We continuously monitor your SaaS estate to detect cyber risks and secure your company's most critical data and workflows. Get started at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.

RNZ: Nine To Noon
Tech: Las Vegas casinos hit by cyber attack, new bank scam doing the rounds

RNZ: Nine To Noon

Play Episode Listen Later Sep 20, 2023 13:56


Technology correspondent Tony Grasso joins Kathryn to talk about the huge ransomware attack that's affected casinos in Las Vegas. MGM Resorts International and Caesars Entertainment have both fallen victim to hacking groups known as ALPHV and Scattered Spider since August. So how did they get in, and did Caesars make the right move in paying a ransom? Tony also talks about social media slander and the latest bank scam hooking in victims.

PokerFraudAlert - Druff & Friends
Poker Fraud Alert Radio - 09/16/2023 - MGM Won't Negotiate With Terrorists

PokerFraudAlert - Druff & Friends

Play Episode Listen Later Sep 17, 2023 354:03


Topic begins at (0:24:00) mark: Poker Fraud Alert Radio finally on YouTube! Please like and subscribe!.... (0:27:06): MGM systems hacked, held for tens of millions in ransom, causing chaos among all Las Vegas properties.... (0:58:57): Major side effects to MGM hacking include alleged room thefts by staff, hours long lines, inability to cash out, inability to get into rooms.... (1:08:08): Druff talks about the two hacker groups claiming responsibility, Scattered Spider and ALPHV, and explains how they did it.... (1:54:31): Man arrested at casino cage after claiming he's responsible, and demanding $40,000,000 payment to restore their system.... (1:56:29): Caesars was victim of similar attack in late August, but paid ransom.... (2:07:25): Could this MGM mess have been prevented? Druff gives opinion of regarding system design and security vulnerabilities.... (2:24:19): What can customers do when caught up in something like the MGM chaos?.... (2:40:37): When is it safe to return to MGM properties? Colonel Fabersham calls to find out.... (2:54:28): Cody Daniels, last episode's guest, hospitalized and on breathing device.... (3:01:54): Ed Sheeran Vegas concert cancelled less than an hour before showtime, after stage setup disaster.... (3:19:45): Controversy takes place regarding Aaron Rodgers' early injury in NFL game, and how it relates to prop bets.... (3:37:43): Mojave Desert and Las Vegas History: Owens Lake and Mono Lake make unexpected comebacks.... (4:32:43): Gay Aria employee steals over $700k through phony reservation refunds scheme, lavishes gifts upon fellow gay co-worker, and that guy reports him.... (4:52:42): Horseshoe Baltimore accused of screwing players regarding NFL touchdown promotion.... (5:05:12): DraftKings stupidly offers 9/11 bet on NY teams, social media clobbers them.... (5:30:08): Druff talks about the Poker Fraud Alert entries into the $9 million Circa Survivor NFL contest.

PokerFraudAlert - Druff & Friends
Poker Fraud Alert Radio - 09/16/2023 - MGM Won't Negotiate With Terrorists

PokerFraudAlert - Druff & Friends

Play Episode Listen Later Sep 17, 2023 354:03


Topic begins at (0:24:00) mark: Poker Fraud Alert Radio finally on YouTube! Please like and subscribe!.... (0:27:06): MGM systems hacked, held for tens of millions in ransom, causing chaos among all Las Vegas properties.... (0:58:57): Major side effects to MGM hacking include alleged room thefts by staff, hours long lines, inability to cash out, inability to get into rooms.... (1:08:08): Druff talks about the two hacker groups claiming responsibility, Scattered Spider and ALPHV, and explains how they did it.... (1:54:31): Man arrested at casino cage after claiming he's responsible, and demanding $40,000,000 payment to restore their system.... (1:56:29): Caesars was victim of similar attack in late August, but paid ransom.... (2:07:25): Could this MGM mess have been prevented? Druff gives opinion of regarding system design and security vulnerabilities.... (2:24:19): What can customers do when caught up in something like the MGM chaos?.... (2:40:37): When is it safe to return to MGM properties? Colonel Fabersham calls to find out.... (2:54:28): Cody Daniels, last episode's guest, hospitalized and on breathing device.... (3:01:54): Ed Sheeran Vegas concert cancelled less than an hour before showtime, after stage setup disaster.... (3:19:45): Controversy takes place regarding Aaron Rodgers' early injury in NFL game, and how it relates to prop bets.... (3:37:43): Mojave Desert and Las Vegas History: Owens Lake and Mono Lake make unexpected comebacks.... (4:32:43): Gay Aria employee steals over $700k through phony reservation refunds scheme, lavishes gifts upon fellow gay co-worker, and that guy reports him.... (4:52:42): Horseshoe Baltimore accused of screwing players regarding NFL touchdown promotion.... (5:05:12): Darian Casado, owner of Bluff Shove Poker, is accused of stealing player funds.... (5:17:58): DraftKings stupidly offers 9/11 bet on NY teams, social media clobbers them.... (5:30:08): Druff talks about the Poker Fraud Alert entries into the $9 million Circa Survivor NFL contest.

Business of Tech
Fri Sep-15-2023: How ALPHV hit MGM grand, Generative AI skepticism, Hidden Leadership Costs

Business of Tech

Play Episode Listen Later Sep 15, 2023 10:08


Three things to know today00:00 From LinkedIn to Lockdown: How ALPHV Targeted MGM Grand03:39 Generative AI and Workplaces: The Promises, the Reality, and the Skepticism06:25 The Hidden Cost of Leadership: Entrepreneurs, CEOs, and Personal SacrificeAdvertiser: https://supportadventure.com/MSPRadio/Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Support the show on Patreon: https://patreon.com/mspradio/Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.comFollow us on:Facebook: https://www.facebook.com/mspradionews/Twitter: https://twitter.com/mspradionews/Instagram: https://www.instagram.com/mspradio/LinkedIn: https://www.linkedin.com/company/28908079/

La French Connection
Episode 0x232 (Hebdo) - 31 juillet 2023 - La FC en été!

La French Connection

Play Episode Listen Later Sep 11, 2023 56:53


31 juillet 2023 - La FC en été! Shamelessplug POLAR Conference - Journée gestionnaires cyersécurité - 12 octobre - 10h à 18h00 Hackfest 2023 - 15e édition - Réservez votre hôtel - 12-13-14 Octobre 2023 FORMATIONS: 9 AU 12 OCTOBRE COCKTAIL D'OUVERTURE: 12 OCTOBRE - 18H CONFÉRENCES ET VILLAGES: 13 ET 14 OCTOBRE CTFS: 13 AU 14 OCTOBRE (24H) Join Hackfest/La French Connection Discord Join Hackfest us on Mastodon IrResponsible disclosure / OPSEC FAIL CCV https://admin.ccv-cvc.ca/CCV-P490T%20-%20CCV%20Admin%20Training%20Manual-en.htm#_Toc304452197 https://admin.ccv-cvc.ca/loginadmin-eng.frm https://ccv-cvc.ca/schema/generic-cv/generic-cv.html Lecture de chevet The Evolution of Cyber Operations in Armed Conflict CCC - AL23-010 - 20230725 - Alerte - Rançongiciel ALPHV/BlackCat ciblant les industries canadiennes News Francois Lambert NVIDIA et Hikvision pointés du doigt pour le développement d'un détecteur de Uyghurs en Chine La CISA avertit les entreprises de développement logiciel contre les IDOR Une porte dérobée dans les systèmes TETRA Le partage des fichiers pour les “backups imprévus”: Known MOVEit Attack Victim Count Reaches 545 Organizations Exploitation of Recent Citrix ShareFile RCE Vulnerability Begins Quatres jours (QUATRES jours !!) : SEC demands four-day disclosure limit for cybersecurity breaches Les cyber-méchants ont désormais leur propre API !! ALPHV ransomware adds data leak API in new extortion strategy 20230721 - Payer avec sa paume de main, c'est possible dans tous les Whole Foods américains 20230728 - FBI warns of broad AI threats facing tech companies and the public 20230728 - Facebook Bowed to White House Pressure, Removed Covid Posts 20230727 - US Senate Letter to CISA-FTC AG-DOJ about Microsoft negligence 20230727 - US Senator Wyden Accuses Microsoft of ‘Cybersecurity Negligence' 20230729 - Google: More than 40% of zero-days in 2022 were variants of previous vulnerabilities 20230727 - US Electrical Grid Dependent on China–Made Transformers 20230725 - Enquête de la GRC de Whitehorse sur le piratage informatique 20230729 - U.S. Hunts Chinese Malware That Could Disrupt American Military Operations 20230726 - Largest US Grid Declares Emergency Alert For July 27 - High demand too hot ! 20230729 - ​​Google Warns Gmail And Photos Content Deletions To Start December 2023 20230729 - Pentagon Investigates ‘Critical Compromise' Of Air Force Communications Systems Crew Patrick Mathieu Steve Waterhouse Jacques Sauvé Crédits Montage audio par Hackfest Communication Musique par Mindex – Teleport - Sonic Tonic Locaux virtuels par Streamyard

Cyber and Technology with Mike
22 August 2023 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Aug 22, 2023 8:42


In today's podcast we cover four crucial cyber and technology topics, including: 1.        Cuba ransomware adds Veeam exploit to toolkit 2.        Seiko hit by BlackCat ransomware group3.        Australian energy firm disclosed cyber attack 4.        U.S says foreign adversaries threat to space assets  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Cyber and Technology with Mike
20 July 2023 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Jul 20, 2023 9:21


In today's podcast we cover four crucial cyber and technology topics, including: 1.        Researchers uncover advanced fee fraud job scams 2.        Adobe releases fix for ColdFusion flaw 3.        Estee Lauder faces two simultaneous cyber attacks 4.        Russia bans iPhones for government and military  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

The Jiggy Jaguar Show
Ep. 6/29/2023 - The Jiggy Jaguar Show: Townsquare Media HACKED!

The Jiggy Jaguar Show

Play Episode Listen Later Jun 29, 2023


According to a story at cyberexpress.com, Townsquare Media has been hacked by the ransomware group ALPHV. The piece states, “The ALPHV ransomware group made their claim public, asserting that they haveim gained unauthorized access to a significant amount of data belonging to Townsquare Media. According to their statement, the threat actors allegedly possess a staggering 251GB of the company's data. This includes files sourced from the company's servers and workstations, explicitly targeting those created within the past year.” The story does not indicate how much money the hackers are asking for, but they are reportedly giving Townsquare a week to respond before making the data public

Riesgo Existencial
NT 319C - ALPHV robó datos de Reddit

Riesgo Existencial

Play Episode Listen Later Jun 28, 2023 0:39


La organización de ransomware ALPHV reveló en su sitio que robó 80 gigabytes de datos de Reddit durante una violación de datos reconocida por la compañía en febrero pasado. Reddit dice que el atacante obtuvo acceso a la información de empleados, así como documentos internos, pero no había evidencia de que se hubiera accedido a datos personales de usuarios. ALPHV dice que liberará los archivos si no recibe un pago de 4.5 millones de dólares y si Reddit no revierte los cambios en los precios de uso de su API.Para esta y más noticias, escucha el podcast de Noticias de Tecnología ExpressDisponible en Spotifyhttps://open.spotify.com/show/2BHTUlynDLqEE2UhdIYfMaen Apple Podcastshttps://podcasts.apple.com/us/podcast/noticias-de-tecnolog%C3%ADa-express/id1553334024

Noticias de Tecnología Express
Meta eliminará noticias en Canadá - NTX 319

Noticias de Tecnología Express

Play Episode Listen Later Jun 24, 2023 8:59


Adobe se integra con Chrome OS, te decimos donde está el cargador eléctrico más rápido del mundo y empieza el bloqueo de noticias en CanadáPuedes apoyar la realización de este programa con una suscripción. Más información por acáNoticias:JPM Coin aceptará pagos en euros¿Dónde está el cargador de EV más rápido del mundo?ALPHV robó datos de RedditAdobe Express se integra a Chrome OSLey C-18 es aprobada en Canadá¿Puedes bloquear el contenido noticioso de un país?Notas del episodio disponibles aquí. Become a member at https://plus.acast.com/s/noticias-de-tecnologia-express. Hosted on Acast. See acast.com/privacy for more information.

It's 5:05! Daily cybersecurity and open source briefing
Episode #169 - Apple releases a patch addressing three zero-day vulnerabilities, BlackCat (ALPHV) just won't leave reddit alone, Part 3 - What You Should Know About Location Records, Edge Browser, This Day in Tech History

It's 5:05! Daily cybersecurity and open source briefing

Play Episode Listen Later Jun 22, 2023 10:36


It's 5:05 on Thursday, June 22nd, 2023. From the source podcast network in New York city. This is Pokie Huang. Stories in today's episode come from Edwin Kwan in Sydney, Australia, Katy Craig in San Diego, California, Hillary Coover in Washington, DC, Olimpiu Pop in Transylvania, Romania and Marcel Brown in St. Louis, Missouri.Let's get to it!Apple releases a patch addressing three zero-day vulnerabilities

Tech Update | BNR
Overmaat van ramp bij Reddit, hackersgroep claimt 80 GB aan datadiefstal

Tech Update | BNR

Play Episode Listen Later Jun 20, 2023 5:05


Bij Reddit zou 80 gigabyte aan data gestolen zijn door hackersgroep BlackCat, ook wel bekend als ALPHV. Dat zou gebeurd zijn tijdens een inbraak in de systemen afgelopen februari. We weten niet om wat voor data het gaat, maar wél dat het motief van de daders op een maffe manier solidair is met makers van externe apps waarmee je Reddit kunt gebruiken. Naast 4,5 miljoen dollar losgeld wil BlackCat dat Reddit die prijsverhogingen terugtrekt waarmee deze makers te maken krijgen. Beheerders van groepen op Reddit, Subreddits genoemd, zijn uit protest tegen dat voornemen lange tijd op zwart gegaan. Onder druk van Reddit zelf zijn een aantal daarvan nu wel weer toegankelijk, maar met opmerkelijke nieuwe regels. In sommige groepen mogen alleen nog foto's van TV-presentator John Oliver geplaatst worden, in de iPhone-Reddit geldt dat voor mooie plaatjes van topman Tim Cook en in de groep 'Shitposting' mag je de letter K niet meer gebruiken. Verder in deze Tech Update: De Chinese tech-reus Alibaba krijgt een nieuwe CEO. Daniël Zhang moet het veld ruimen: hij wordt in die rol opgevolgd door Eddie Wu, terwijl Joseph Thai de nieuwe bestuursvoorzitter wordt. Sinds een tijdje is bekend dat Alibaba wordt opgesplitst in zes verschillende bedrijven. De cloud-tak krijgt een eigen beursnotering en staat wél nog steeds onder leiding van Zhang. Suzuki wil komend jaar al vliegende auto's produceren. Daarvoor heeft het een overeenkomst bereikt met SkyDrive, het eveneens Japanse bedrijf dat eVTOLs ontwerpt. De productie van deze kleine 'vliegende auto's gaat binnenkort van start in een fabriek van Suzuki, in het midden van Japan. See omnystudio.com/listener for privacy information.

The CyberWire
Developments in the ransomware underworld: ALPHV, Akira, Cactus, and Royal. Some organizations remain vulnerable to problems with unpatched Go-Anywhere instances.

The CyberWire

Play Episode Listen Later May 8, 2023 26:53


ALPHV claims responsibility for a cyberattack on Constellation Software. A new Akira ransomware campaign spreads. CACTUS is a new ransomware leveraging VPNs to infiltrate its target. Many organizations are still vulnerable to the Go-Anywhere MFT vulnerability. Russian hacktivists interfere with the French Senate's website. Keith Mularski from EY, details their "State of the Hack" report. Emily Austin from Censys discusses the State of the Internet. And ransomware gangs target local governments in Texas and California.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/88 Selected reading. ALPHV gang claims ransomware attack on Constellation Software (BleepingComputer)  Constellation Software hit by cyber attack, some personal information stolen (IT World Canada)  Press Release of Constellation Software Inc. (GlobeNewswire News Room) Meet Akira — A new ransomware operation targeting the enterprise (BleepingComputer) New Cactus ransomware encrypts itself to evade antivirus (BleepingComputer)  Pro-Russian Hackers Claim Downing of French Senate Website (SecurityWeek) Dallas cyberattack highlights ransomware's risks to public safety, health (Washington Post)  Hacked: Dallas Ransomware Attack Disrupts City Services (Dallas Observer)  City of Dallas Continues Battling Ransomware Attack for Third Day (NBC 5 Dallas-Fort Worth)  San Bernardino County pays hackers $1.1 million ransom after cyber attack (Victorville Daily Press)  San Bernardino County pays $1.1M ransom after cyberattack disrupts Sheriff's Department systems (ABC7 Los Angeles) Atomic Data devastated by the unexpected death of CEO and co-owner Jim Wolford (Atomic Data)

Cybercrime Magazine Podcast
Cyber Grimes. Amazon's Ring Breached. Roger Grimes, Defense Evangelist, KnowBe4.

Cybercrime Magazine Podcast

Play Episode Listen Later Mar 17, 2023 25:49


Roger Grimes is an industry expert and the Data Driven Defense Evangelist for KnowBe4. In this episode, Roger and host Hillarie McClure talk about the alleged breach of Amazon's Ring by the ALPHV ransomware group, as well as whether Windows is phishing-resistant, the new version of the Xenomorph Android malware, and more. KnowBe4 is the world's first and largest New-school security awareness training and simulated phishing provider that helps you manage the ongoing problem of social engineering. To learn more about our sponsor, KnowBe4, visit https://knowbe4.com

Cyber Briefing
Cyber-Briefing-2023-03-16

Cyber Briefing

Play Episode Listen Later Mar 16, 2023 0:57


CyberBriefing *** 2023-03-16

The Cybersecurity Defenders Podcast
#23 - Intel chat with Matt Bromiley and an interview with Joe Schreiber, Co-founder & CEO of appNovi.

The Cybersecurity Defenders Podcast

Play Episode Listen Later Mar 15, 2023 59:33


In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel:A new Microsoft Word Vulnerability: CVE-2023-21716. The Emotet botnet is back spamming again.A previously undisclosed toolset used by Sharp Panda, a long-running Chinese cyber-espionage operation targeting Southeast Asian government entities.A SpaceX vendor has been compromised by a LockBit affiliate.Ring LLC, the home security and smart home company owned by Amazon, has been ransomed by ALPHV ransomware group.And an interview with Joe Schreiber, Co-founder and CEO of appNovi.Joe has been doing IT security since dial-up. He utilizes his knowledge and experience as a practitioner, software developer, and business developer to build highly functional, scalable, usable and quality software.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

The CyberWire
Noberus ransomware: evolving tactics. [Research Saturday]

The CyberWire

Play Episode Listen Later Oct 15, 2022 25:10


Brigid O Gorman from Symantec's Threat Hunter team joins Dave to discuss their research on "Noberus Ransomware - Darkside and BlackMatter Successor Continues to Evolve its Tactics." The research states that Noberus ransomware (aka BlackCat, ALPHV) is more dangerous than ever because attackers have been using new tactics, tools, and procedures in recent months. In the research, Symantec says, "Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software." They go over an in-depth look at how its affiliate program operates. The research can be found here: Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics

Research Saturday
Noberus ransomware: evolving tactics.

Research Saturday

Play Episode Listen Later Oct 15, 2022 25:10


Brigid O Gorman from Symantec's Threat Hunter team joins Dave to discuss their research on "Noberus Ransomware - Darkside and BlackMatter Successor Continues to Evolve its Tactics." The research states that Noberus ransomware (aka BlackCat, ALPHV) is more dangerous than ever because attackers have been using new tactics, tools, and procedures in recent months. In the research, Symantec says, "Among some of the more notable developments has been the use of a new version of the Exmatter data exfiltration tool, and the use of Eamfo, information-stealing malware that is designed to steal credentials stored by Veeam backup software." They go over an in-depth look at how its affiliate program operates. The research can be found here: Noberus Ransomware: Darkside and BlackMatter Successor Continues to Evolve its Tactics

Cyber and Technology with Mike
03 October 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Oct 3, 2022 9:56


In today's podcast we cover four crucial cyber and technology topics, including: 1.        Microsoft provides mitigation for two zero day exploits 2.        Shangri-Las hotel chain suffers data breach 3.        APLV impacts IT firm supporting DoD, leak site subsequently down 4.        Researchers uncover flaw in medical imaging software I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Security Squawk
Suffolk County heightens the importance of cybersecurity for local municipalities- Ransomware Attacks Increase-New Royal Ransomware emerges in multi-million dollar attacks-Cyberattack on InterContinental Hotels Disrupts Business at Franchises

Security Squawk

Play Episode Listen Later Sep 30, 2022 38:22


In this week's episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss a particular industry out there that is a super soft target right now and the cyber criminals know it. Who is it and why should people be aware of this? Next, the crew talks about some data that they gathered around ransomware attacks increasing and not only increasing but these ransomware groups are changing their tactics faster then what they thought. What are these changes? Lastly, the team talks about a hotel chain that was cyber attack over the labor day weekend and now out 3-6 weeks stories are coming out. Tune In! Like and Share the show! Articles used: https://suffolktimes.timesreview.com/2022/09/ransomware-attack-on-suffolk-county-heightens-importance-of-cybersecurity-for-local-municipalities/ https://www.msspalert.com/cybersecurity-research/research-20-of-all-reported-ransomware-attacks-occurred-in-the-last-12-months/ https://www.csoonline.com/article/3674848/ransomware-operators-might-be-dropping-file-encryption-in-favor-of-corrupting-files.html https://www.bleepingcomputer.com/news/security/new-royal-ransomware-emerges-in-multi-million-dollar-attacks https://www.wsj.com/articles/cyberattack-on-intercontinental-hotels-disrupts-business-at-franchisees-11664184602

ShadowTalk by Digital Shadows
LockBit Builder leak, Lapsus$ breaches Rockstar and Uber, Emotet pushes Quantum and Alphv ransomware

ShadowTalk by Digital Shadows

Play Episode Listen Later Sep 23, 2022 23:52


ShadowTalk host Nicole alongside Stefano give you the latest in threat intelligence. This week they cover: -LockBit Builder leak, -Lapsus$ breaches Rockstar Games and Uber, -Emotet pushes Quantum and Alphv ransomware Get this week's intelligence summary at: resources.digitalshadows.com/weekly-int…ry-23-sept

ShadowTalk by Digital Shadows
Weekly: 911 Proxy Service Ends, ALPHV claims attack on pipeline and Recent news from Taiwan & China

ShadowTalk by Digital Shadows

Play Episode Listen Later Aug 5, 2022 33:05


ShadowTalk host Stefano alongside Chris bring you the latest in threat intelligence. This week they cover: - 911 proxy service ends protection for cybercriminals - ALPHV (aka BlackCat) ransomware claims attack on European gas pipeline - Cyber threat implications from recent news in Taiwan & China Get this week's intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-05-aug ***Resources from this week's podcast*** The Boy Who Cried Ransomware: The Trustworthiness Of Ransomware Groups https://www.digitalshadows.com/blog-and-research/the-boy-who-cried-ransomware-the-trustworthiness-of-ransomware-groups/ ReliaQuest And Digital Shadows – The Next Stage Of The Journey https://www.digitalshadows.com/blog-and-research/reliaquest-and-digital-shadows-the-next-stage-of-the-journey/

The CyberWire
DDoS attacks strike countries friendly to Ukraine. Predatory Sparrow's assault on Iran's steel industry. Callback phishing impersonates security companies. Anubis is back. BlackCat ups the ante.

The CyberWire

Play Episode Listen Later Jul 11, 2022 27:21


More deniable DDoS attacks strike countries friendly to Ukraine. Predatory Sparrow's assault on Iran's steel industry. A callback phishing campaign impersonates security companies. The Anubis Network is back. Thomas Etheridge from CrowdStrike on the importance of outside threat hunting. Rick Howard weighs in on sentient AI. And a ransomware gang ups the ante. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/130 Selected reading. Pro-Russian cybercriminals briefly DDoS Congress.gov (CyberScoop) Lithuania's state-owned energy group hit by 'biggest cyber attack in a decade' (lrt.lt) Ignitis Group hit by DDoS attack as Killnet continues Lithuania campaign (Tech Monitor) Russian ‘Hacktivists' Are Causing Trouble Far Beyond Ukraine (Wired - 07-11-2022)  Predatory Sparrow: Who are the hackers who say they started a fire in Iran? (BBC News) Hacktivists claiming attack on Iranian steel facilities dump tranche of 'top secret documents' (CyberScoop) Callback Phishing Campaigns Impersonate CrowdStrike, Other Cybersecurity Companies (CrowdStrike) Anubis Networks is back with new C2 server (Security Affairs) BlackCat (aka ALPHV) ransomware is increasing stakes up to $2.5 million in demands(Help Net Security) Resecurity - BlackCat (aka ALPHV) Ransomware is Increasing Stakes up to $2,5M in Demands (Resecurity)

Cyber and Technology with Mike
11 July 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Jul 11, 2022 9:57


In today's podcast we cover four crucial cyber and technology topics, including: 1.Honda vehicles vulnerable to remote unlock and start 2.French telephone operator impacted by Lockbit ransomware 3.Maastricht University to recover 30 bitcoin ransomware; profit 4.Researchers say BlackCat ransomware prices increase dramatically I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

ShadowTalk by Digital Shadows
Weekly: AlphV Publishes Victims' Data, 'BidenCash' Website Sells Credit Card Info, ATO Paper

ShadowTalk by Digital Shadows

Play Episode Listen Later Jun 24, 2022 36:05


ShadowTalk host Chris alongside Stefano and Kim bring you the latest in threat intelligence. This week they cover: * AlphV breaching victims' data in open source * 'BidenCash' website sells your credit card information for only 15 cents * Account Takeover paper ***Resources from this week's podcast*** POLONIUM: Proxy Warfare And Iran's Cyber Strategy https://www.digitalshadows.com/blog-and-research/polonium-proxy-warfare-and-irans-cyber-strategy/ Vulnerability Intelligence Roundup: Leveraging The OODA Loop For Vulnerability Management https://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-roundup-leveraging-the-ooda-loop-for-vulnerability-management/ Credential Stuffing: What Is It, Are You At Risk? https://www.digitalshadows.com/blog-and-research/credential-stuffing-what-is-it-are-you-at-risk/ ALPHV/BlackCat ransomware gang starts publishing victims' data on the clear web https://securityaffairs.co/wordpress/132339/malware/blackcat-ransomware-clear-web.html New 'BidenCash' site sells your stolen credit card for just 15 cents https://www.bleepingcomputer.com/news/security/new-bidencash-site-sells-your-stolen-credit-card-for-just-15-cents/ The Anatomy of a Cyberattack https://www.wsj.com/articles/anatomy-cyberattack-11654543046 Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don't forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Tech Babblin' with Tech Gee
Ransomware Gang Creates Site for Victims to Search for Their Stolen Data

Tech Babblin' with Tech Gee

Play Episode Listen Later Jun 15, 2022 9:54


The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack. **Study Notes** https://www.TechnologyGee.com/it-certification-study-materials/ **Discounted CompTIA Exam Vouchers** https://www.TechnologyGee.com/discounted-comptia-exam-vouchers/ **CompTIA Virtual Simulation Labs** https://www.TechnologyGee.com/comptia-virtual-labs/ **Equipment I Use for Making Videos** https://www.TechnologyGee.com/podcast-youtube-equipment/ --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app Support this podcast: https://anchor.fm/tech-gee/support

Cyber and Technology with Mike
25 April 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Apr 26, 2022 10:41


In today's podcast we cover four crucial cyber and technology topics, including: 1.Atlassian fixes bypass flaw in Jira 2.FBI reports that BlackCat ransomware hit over 60 organizations in 6 months 3.Conti ransomware impacts Costa Rica government operations 4.T-Mobile confirms March Lapsus$ hack, claims no data of value accessed I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Cyber Coast to Coast Podcast
Vulnerabilities in Qualcomm chips, Lenovo malware, FBI reveals BlackCat ransomware gang breaches

Cyber Coast to Coast Podcast

Play Episode Listen Later Apr 25, 2022 38:27


This week Scott and Craig open the show (apologies for sound issues at the top of the episode) by discuss and new book release of Hacker's Movie Guide: The Complete List of Hacker and Cybersecurity Movies (2022-23 Edition). They also discuss 3 stories involving researchers finding three vulnerabilities in Qualcomm and MediaTek mobile chips, 3 flaws present in Lenovo laptops that can give attackers a way to drop highly persistent malware and the FBI has stated that the Black Cat ransomware gang, also known as ALPHV, has breached the networks of at least 60 organizations worldwide. This episode is sponsored by www.DarkCryptonite.com https://www.amazon.com/Hackers-Movie-Guide-Complete-Cybersecurity/dp/173301571X https://thehackernews.com/2022/04/critical-chipset-bug-opens-millions-of.html https://www.darkreading.com/threat-intelligence/millions-of-lenovo-laptops-contain-firmware-level-vulnerabilities https://www.bleepingcomputer.com/news/security/fbi-blackcat-ransomware-breached-at-least-60-entities-worldwide/  

Risky Business
Risky Business #662 -- It's a bad month to be an electricity grid

Risky Business

Play Episode Listen Later Apr 21, 2022


On this week's show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week's security news, including: Ukraine foils Russian ICS hack US Government burns someone's ICS toolkit China gets all up in India's energy gridz The Heroku/Hithub/Travis CI story is very confusing US DOJ removes GRU malware from Watchguard boxes under Rule 41 North Korea behind $540m crypto hack Much, much more This week's sponsor interview is with Scott Kuffer, co-founder of Nucleus Security, and Jared Semrau of Mandiant. They'll be joining us to talk about how you can now plug Mandiant data into the Nucleus vulnerability scan aggregator. Links to everything that we discussed are below and you can follow Patrick, Dmitri or Adam on Twitter if that's your thing. Show notes Ukraine foiled Russian cyberattack that tried to shut down energy grid (4) Catalin Cimpanu on Twitter: "Days later... anyone managed to confirm or debunk this?" / Twitter (4) Matthew Garrahan on Twitter: "Ukraine has since adapted a government app so that people can more easily upload information about Russian military positions https://t.co/oWRctXBTxU" / Twitter Pipedream Malware: Feds Uncover 'Swiss Army Knife' for Industrial System Hacking | WIRED Suspected Chinese hackers are targeting India's power grid Lawmakers ask Energy Department to take point on sector digital security - The Record by Recorded Future Threat of Russian cyberattack prompts energy firms to collaborate with U.S. government - The Washington Post US says it disrupted Russian botnet 'before it could be weaponized' DOJ's Sandworm operation raises questions about how far feds can go to disarm botnets Microsoft seizes internet domains linked to GRU cyberattacks against Ukraine WatchGuard failed to explicitly disclose critical flaw exploited by Russian hackers | Ars Technica Microsoft uses court order to disrupt ZLoader botnet - The Record by Recorded Future DHS investigators say they foiled cyberattack on undersea internet cable in Hawaii US agency attributes $540 million Ronin hack to North Korean APT group - The Record by Recorded Future Chemical sector targeted by North Korea-linked hacking group, researchers say - The Record by Recorded Future U.S. offers $5 million for info on North Korean cyber operators - The Record by Recorded Future Security alert: Attack campaign involving stolen OAuth user tokens issued to two third-party integrators | The GitHub Blog After a brief decline, organizations once again are bombarded with ransomware - The Record by Recorded Future BlackCat ransomware group claims attack on Florida International University - The Record by Recorded Future North Carolina A&T hit with ransomware after ALPHV attack - The Record by Recorded Future Ransomware groups go after a new target: Russian organizations - The Record by Recorded Future T-Mobile Secretly Bought Its Customer Data from Hackers to Stop Leak. It Failed. Experts warn of concerns around Microsoft RPC bug - The Record by Recorded Future Make phishing great again. VSTO office files are the new macro nightmare? | by Daniel Schell | Apr, 2022 | Medium VMware patches critical flaws in Workspace ONE Access identity management software | The Daily Swig Researcher finds cryptomining malware targeting AWS Lambda - The Record by Recorded Future Apple paid out $36,000 bug bounty for HTTP request smuggling flaws on core web apps – research | The Daily Swig Hackers steal more than $11 million from Elephant Money DeFi platform - The Record by Recorded Future WonderHero game disabled after hackers steal $320,000 in cryptocurrency - The Record by Recorded Future 'We Are Fucked': Crypto Stablecoin Collapses After $182M Hack The Original APT: Advanced Persistent Teenagers – Krebs on Security

Cyber Security Today
Cyber Security Today, Feb. 7, 2022 - Insight into a ransomware gang, email used in cyberattacks on Ukraine, and more

Cyber Security Today

Play Episode Listen Later Feb 7, 2022 6:17


Today's podcast reports on the background of the ALPHV ransomware gang, email used in cyberattacks on Ukraine, what may have been behind the theft of cryptocurrency at the Wormhole platform and more

Cyber and Technology with Mike
10 December 2021 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Dec 10, 2021 8:37


In today's podcast we cover four crucial cyber and technology topics, including:  1. Apache's Log4j vulnerable to remote code execution exploit 2. Researchers track new ransomware written in different language  3. South Australian government employee data stolen in ransomware attack  4. Over a million WordPress sites being targeted for exploitation  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com