Podcasts about apt28

Three Buddy Problem - Episode 47: We unpack a multi-agency report on Russia's APT28/Fancy Bear hacking and spying on Ukraine war supply lines, CISA's sloppy YARA rules riddled with false positives, the ethics of full-disclosure after Akamai dropped Windows Server “BadSuccessor” exploit details, and Sekoia's discovery of thousands of hijacked edge devices repurposed as honeypots. The back half veers into Microsoft's resurrected Windows Recall, Signal's new screenshot-blocking countermeasure, Japan's fresh legal mandate for pre-emptive cyber strikes, and why appliance vendors like Ivanti keep landing in the headlines. Along the way you get hot takes on techno-feudalism, Johnny Ive's rumored AI gadget, and a lively debate over whether publishing exploit code ever helps defenders. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi Google tracked 75 zero days exploited in the wild in 2024 France ties Russian APT28 hackers to 12 cyberattacks on French orgs   Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

[LIVE] Out of the Woods Podcast January 30, 2025 | 12:00 - 1:30 PM ET Sign Up --> https://intel471.com/resources/podcasts/the-art-of-the-hunt-turning-intel-into-action Top Headlines: Truffle Security | Millions of Accounts Vulnerable due to Google's OAuth Flaw: https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw Halcyon | Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C: https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c Horizon3 | Critical Vulnerabilities in SimpleHelp Remote Support Software: https://www.horizon3.ai/attack-research/disclosures/critical-vulnerabilities-in-simplehelp-remote-support-software/ Sekoia | Double-Tap Campaign: Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations: https://blog.sekoia.io/double-tap-campaign-russia-nexus-apt-possibly-related-to-apt28-conducts-cyber-espionage-on-central-asia-and-kazakhstan-diplomatic-relations/ ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

[Referências do Episódio] FunkSec – Alleged Top Ransomware Group Powered by AI - https://research.checkpoint.com/2025/funksec-alleged-top-ransomware-group-powered-by-ai/  Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices - https://thehackernews.com/2025/01/google-project-zero-researcher-uncovers.html  Transaction Simulation Spoofing: A New Threat in Web3 - https://drops.scamsniffer.io/transaction-simulation-spoofing-a-new-threat-in-web3/  Double-Tap Campaign : Russia-nexus APT possibly related to APT28 conducts cyber espionage on Central Asia and Kazakhstan diplomatic relations - https://blog.sekoia.io/double-tap-campaign-russia-nexus-apt-possibly-related-to-apt28-conducts-cyber-espionage-on-central-asia-and-kazakhstan-diplomatic-relations/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Es ist soweit - Max meldet sich bei mir aus der „Wüste“ zurück - mit besseren Internet-Erfahrungen als in Deutschland und einigen Starallüren. Gemeinsam haben wir ein buntes Potpourri an Themen durchleuchtet:

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.In recent months, cybersecurity researchers have observed a surge in the use of a social engineering technique known as "ClickFix." This method involves threat actors presenting users with deceptive error messages that prompt them to manually execute malicious commands, often by copying and pasting scripts into their systems.Raspberry Robin, also known as Roshtyak, is a highly obfuscated malware first discovered in 2021, notable for its complex binary structure and advanced evasion techniques. It primarily spreads via infected USB devices and employs multi-layered execution to obscure its true purpose. A China-linked Advanced Persistent Threat (APT) group, Gelsemium, has been observed targeting Linux systems for the first time, deploying previously undocumented malware in an espionage campaign. Historically known for targeting Windows platforms, this new activity signifies a shift towards Linux, possibly driven by the increasing security of Windows systems.Russia's APT28 hacking group, also known as Fancy Bear or Unit 26165, has developed a novel technique dubbed the “nearest neighbor attack” to exploit Wi-Fi networks remotely.Hackers linked to the Chinese government, known as Salt Typhoon, have deeply infiltrated U.S. telecommunications infrastructure, gaining the ability to intercept unencrypted phone calls and text messages. The group exploited vulnerabilities in the wiretap systems used by U.S. authorities for lawful interception, marking what Senator Mark Warner has called "the worst telecom hack in our nation's history."

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

What's the new "nearest neighbor" attack and how do you defend against it? Let's Encrypt just turned 10. What changes has it wrought? Now the Coast Guard is worried about Chinese built ship-to-shore cranes. Pakistan becomes the first country to block Bluesky. There's a new way to get Git repos "swatted" and removed. Who's to blame for Palo Alto Networks' serious new 0-day vulnerabilities? If you have any of these six D-Link VPN routers, unplug them immediately! It turns out that VPN apps are against Shariah Law. Who knew? The Return of Windows Recall. What are we learning now? How many of today's systems remain vulnerable to last year's most popular exploits? We share and respond to a bunch of terrific feedback from our listeners. What are Microsoft's "Connected Experience" and why might you choose to disconnect from them? Show Notes - https://www.grc.com/sn/SN-1002-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: e-e.com/twit bitwarden.com/twit threatlocker.com for Security Now flashpoint.io

Forecast: Stormy skies with APT28's Wi-Fi exploits and rough seas in the Baltics as undersea cables are mysteriously cut. ‍ In this episode of Storm⚡️Watch, we review the fascinating poll results that reveal communication with non-technical leaders as the most undervalued skill in modern security, garnering 220 votes across three social media platforms and significantly outpacing other critical abilities like incident report writing, OSINT, and threat hunting. The crew then examines a groundbreaking cyber attack technique dubbed the "Nearest Neighbor Attack," executed by Russian APT28. This sophisticated operation allowed attackers to breach a U.S. organization's network by exploiting nearby Wi-Fi networks through a series of calculated steps, including password spraying and compromising adjacent organizations. The attack, occurring just before Russia's invasion of Ukraine, showcases a novel vector that combines the advantages of physical proximity with remote operation capabilities. Maritime security takes center stage as we explore two major undersea cable cuts in the Baltic Sea this November. The BSC East-West Interlink between Sweden and Lithuania and the C-Lion1 connecting Finland and Germany were severed, causing notable network latency increases. A Chinese vessel, Yi Peng 3, has drawn attention in the investigation, with German Defense Minister Boris Pistorius suggesting these incidents were deliberate hybrid actions rather than accidents. We round out the episode with updates from our respective organizations, including Censys's 2024 State of the Internet Report, VulnCheck's analysis of CISA's top exploited vulnerabilities, and GreyNoise's latest insights on critical infrastructure risks and technical challenges involving null bytes. Storm Watch Homepage >> Learn more about GreyNoise >>  

APT28 uses a novel technique to breach organizations via nearby WiFi networks. Your Apple ID is (not) suspended. UK highlighting Russian threats at NATO Cyber Defence Conference. US senators request an audit of TSA's facial recognition technology. Supply chain software company sustains ransomware attack. Critical QNAP vulnerability could allow remote code execution. Outdated Avast Anti-Rootkit driver exploited. No more internet rabbit holes for China. Guest Lesley Carhart from Dragos on "The Shifting Landscape of OT Incident Response." Stop & Shop turns cyber oops into coffee and cookies. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is ​​Lesley Carhart, Technical Director at Dragos, speaking with Dave Bittner about "The Shifting Landscape of OT Incident Response." You can find the blog here. Selected Reading Russian Cyberspies Hacked Building Across Street From Target for Wi-Fi Attack (SecurityWeek) The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access (Volexity) New Warning For 2 Billion iPhone, iPad, Mac Users—Your Apple ID Is Suspended (Forbes) Russia plotting to use AI to enhance cyber-attacks against UK, minister will warn (The Guardian)  Britain, NATO must stay ahead in 'new AI arms race', says UK minister (Reuters)  Senators call for audit of TSA's facial recognition tech as use expands in airports (The Record)  Blue Yonder ransomware attack disrupts supply chains across UK and US (Tech Monitor) Critical QNAP Vulnerability Let Attackers Execute Remote Code (Cyber Security News) Malware campaign abused flawed Avast Anti-Rootkit driver (Security Affairs) When Guardians Become Predators: How Malware Corrupts the Protectors (Trellix report)  Imagine a land where algorithms don't ruin the Internet (The Register) Stop & Shop recovers from 'cybersecurity issue,' will give out free food, coffee (WTNH) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cybersecurity Today: Palo Alto Firewalls Breached, APT28's Wi-Fi Hack, Meta Fights Scams In today's episode, over 2,000 Palo Alto firewalls were hacked via patched zero-day vulnerabilities; a Russian group, APT28, exploited Wi-Fi networks in a novel 'Nearest Neighbor Attack' to breach a U.S. firm; Meta removed more than 2 million accounts linked to pig butchering scams; and Google launched a free cybersecurity certificate on Coursera to prepare students for entry-level jobs in six months. Host Jim Love provides in-depth analysis and the latest updates in the world of cybersecurity. 00:00 Introduction and Headlines 00:29 Palo Alto Firewalls Hacked 02:43 Nearest Neighbor Wi-Fi Attack 05:09 Meta's Crackdown on Pig Butchering Scams 07:10 Google's Free Cybersecurity Certificate 08:52 Conclusion and Resources

Mal wieder ein Angriff auf kritische Infrastruktur Deutschlands. Dieses mal hat es die Deutsche Flugsicherung (DFS) erwischt und obwohl es noch nicht viele Informationen zu diesem Fall gibt, ordnen wir ein was es einzuordnen gibt. Spoiler: Du brauchst kein schlechtes Gefühl zu haben ein Flugzeug zu besteigen. -- Wenn Euch unser Podcast gefallen hat, freuen wir uns über eine Bewertung! Feedback wie z.B. Themenwünsche könnt Ihr uns über sämtliche Kanäle zukommen lassen: Email: podcast@ichglaubeeshackt.de Web: podcast.ichglaubeeshackt.de Instagram: http://instagram.com/igehpodcast

Česko a Německo jsou dlouhodobě cílem kybernetických útoků ruské skupiny APT28, která je financována ruským státem. Nyní NATO vydalo prohlášení, ve kterém vyzývá členské státy ke spolupráci. Proč až nyní? A jde se vůbec proti ruským útokům bránit?

Česko a Německo jsou dlouhodobě cílem kybernetických útoků ruské skupiny APT28, která je financována ruským státem. Nyní NATO vydalo prohlášení, ve kterém vyzývá členské státy ke spolupráci. Proč až nyní? A jde se vůbec proti ruským útokům bránit?Všechny díly podcastu Online Plus můžete pohodlně poslouchat v mobilní aplikaci mujRozhlas pro Android a iOS nebo na webu mujRozhlas.cz.

Shrnutí událostí z měsíce 04/24 Finále Kybersoutěže 2024 AfterMovie - https://www.youtube.com/watch?v=b0g8_GXZZNk&ab_channel=CzechCyberCompetition-Kybersout%C4%9B%C5%BE%C4%8CR Rozhovory: https://www.youtube.com/watch?v=0rlNdWhlFSo&t=158s&ab_channel=ALEFSecurity Kapitoly: 00:00 Úvod 01:05 Připsání kyberútoků na Česko skupině APT28 04:50 Blíží se konec koncového šifrování zpráv? 11:54 Velká Británie zpřísňuje pravidla pro chytrá zařízení 15:43 LastPass a pokus o deepfake phishing 18:20 Statistiky ransomware skupin Q1/24 24:15 České Noviny zneužity k publikaci dezinformací 27:36 6 Čechů součástí scamového call-centra zatčeno 31:15 Proběhlo Národní finále Kybersoutěže 32:56 Cisco a kampaň „ArcaneDoor“ 35:46 Doporučení pro Architekty a Manažery KB Odkazy a zdroje: https://www.root.cz/clanky/postrehy-z-bezpecnosti-ruske-utoky-nejen-na-cr/ https://www.europol.europa.eu/cms/sites/default/files/documents/EDOC-%231384205-v1-Joint_Declaration_of_the_European_Police_Chiefs.PDF https://therecord.media/united-kingdom-bans-defalt-passwords-iot-devices https://www.bleepingcomputer.com/news/security/lastpass-hackers-targeted-employee-in-failed-deepfake-ceo-call/ https://www.bleepingcomputer.com/news/security/ransomware-payments-drop-to-record-low-of-28-percent-in-q1-2024/ https://ct24.ceskatelevize.cz/clanek/domaci/stranky-ceske-tiskove-kancelare-napadli-hackeri-utokem-se-zabyva-kontrarozvedka-348509 https://www.bleepingcomputer.com/news/security/arcanedoor-hackers-exploit-cisco-zero-days-to-breach-govt-networks/ https://untrustednetwork.net/ https://stanovo.cz Jsme také na Spotify a dalších audio platformách: https://anchor.fm/alefsecuritycast Sledujte nás na X: https://twitter.com/AlefSecurity https://twitter.com/Jk0pr Všechny díly SecurityCastu: https://www.youtube.com/playlist?list=PLnvU6FnpuLT0Rlxvu-aEW0d2rIis5ceNa Všechny díly Světlé Strany Internetu: https://www.youtube.com/playlist?list=PLnvU6FnpuLT23xGxRcIuMmUA5Tomx12Pb #IT #ITBezpecnost #Bezpecnost #CyberSecurity #Novinky

This week we talk about APT28, spoofing, and hybrid warfare.We also discuss the Baltics, Tartu airport, and hacking.Recommended Book: The Middle Passage by James HollisTranscriptIn early May of 2024, the German government formally blamed a Russian hacking group called APT28 for hacking members of the governing German Social Democratic Party in 2023, and warned of unnamed consequences.Those consequences may apply just to APT28, which is also sometimes called "Fancy Bear," or they may apply to the Russian government, as like many Russia-based hacking groups, APT28 often operates hand-in-glove with the Russian military intelligence service, which allows the Russian government to deny involvement in all sorts of attacks on all sorts of targets, while covertly funding and directing the actions of these groups.APT28 reportedly also launched attacks against German defense, aerospace, and information technology companies, alongside other business entities and agencies involved, even tangentially, with Ukraine and its defense measures against Russia's invasion.This hacking effort allegedly began in early 2022, shortly after Russia began its full-scale invasion of Ukraine, and the head of the Russian embassy in Germany has been summoned to account for these accusations—though based on prior attacks and allegations related to them by Russia's intelligence agencies, and the hacking groups it uses as proxies, that summoning is unlikely to result in anything beyond a demonstration of anger on the part of the German government, formally registered with Russia's representative in Berlin.For its part, Russia's government has said that it was in no way involved in any incidents of the kind the German government describes, though Germany's government seems pretty confident in their assessment on this, at this point, having waited a fair while to make this accusation, and utilizing its partnerships with the US, UK, Canada, and New Zealand to confirm attribution.This accusation has been leveled amidst of wave of similar attacks, also allegedly by Russia and its proxies, against other targets in the EU and NATO—including but not limited to the Czech Republic, Lithuania, Poland, Slovakia, and Sweden.Many of these attacks have apparently made use of an at-the-time unknown security flaw in Microsoft software that gave them access to compromised email accounts for long periods of time, allowing them to, among other things, scoop up intelligence reports from folks in the know in these countries, sifting their messages for data that would help Russia's forces in Ukraine.This group, and other Russia GRU, their intelligence service, proxies, have reportedly targeted government and critical infrastructure targets in at least 10 NATO countries since the fourth quarter of 2023, alone, according to analysis by Palo Alto Networks, and experts in this space have said they're concerned these sorts of attacks, while often oriented toward intelligence-gleaning and at times embarrassing their targets, may also be part of a larger effort to weaken and even hobble intelligence, military, and critical infrastructure networks in regional nations, which could, over time, reduce stability in these countries, increase extremism, and possibly prevent them from defending themselves and their neighbors in the event of a more formal attack by Russian forces.What I'd like to talk about today is another sort of attack, allegedly also launched by Russia against their neighbors in this part of the world, but this one a little less well-reported-upon, at this point, despite it potentially being even more broadly impactful.—The Global Positioning System, or GPS, was originally developed in 1973 by the US Department of Defense. Its first satellite was launched in 1978, and its initial, complete constellation of 24 satellites were in orbit and functional in 1993.This satellite network's full functionality was only available to the US military until 2000, when then-President Bill Clinton announced that it would be opened up for civilian use, as well.This allowed aviation and similar industries to start using it on the vehicles and other assets, and normal, everyday people were thenceforth able to buy devices that tapped this network to help them figure out where they were in the world, and get to and from wherever they wanted to go.A high-level explanation of how GPS works is that all of these satellites contain atomic clocks that are incredibly stable and which remain synchronized with each other, all showing the exact same, very precise time. These satellites broadcast signals that indicate what time their clocks currently read.GPS devices, as long as they can connect to the signals broadcast by a few of these satellites, can figure out where they're located by noting the tiny differences in the time between these broadcasts: signals from satellites that are further away will take longer to arrive, and that time difference will be noted by a given device, which then allows it to triangulate a geolocation based on the distance between the device and those several satellites.This is a simple concept that has created in a world in which most personal electronic devices now contain the right hardware and software to tap these satellite signals, compute these distances, and casually place us—via our smartphones, cars, computers, watches, etc—on the world map, in a highly accurate fashion.This type of technology has proven to be so useful that even before it was made available for civilian use, catalyzing the world that we live in today, other governments were already investing in their own satellite networks, most predicated on the same general concept; they wanted to own their own constellation of satellites and technologies, though, just in case, because the GPS network could theoretically be locked down by the US government at some point, and because they wanted to make sure they had their own militarizable version of the tech, should they need it.There are also flaws in the US GPS system that make it less ideal for some use-cases and in some parts of the world, so some GPS copycats fill in the blanks on some of those flaws, while others operate better at some latitudes than vanilla GPS does.All of which brings us to recent troubles that the global aviation industry has had in some parts of the world, related to their flight tracking systems.Most modern aircraft use some kind of global navigation satellite system, which includes GPS, but also Europe's Galileo, Russia's GLONASS, and China's BeiDou, among other competitors.These signals can sometimes be interrupted or made fuzzy by natural phenomena, like solar flares and the weather, and all of these systems have their own peculiarities and flaws, and sometimes the hardware systems they use to lock onto these signals, or the software they use to compute a location based on them, will go haywire for normal, tech-misbehaving reasons.Beginning in the 1990s, though, we began to see electronic countermeasures oriented toward messing with these global navigation satellite system technologies.These technologies, often called satellite navigation deceivers, are used by pretty much every government on the planet, alongside a slew of nongovernment actors that engage in military or terrorist activities, and they operate using a variety of jamming methods, but most common is basically throwing out a bunch of signals that look like GPS or other navigation system signals, and this has the practical effect of rendering these gadgets unusable, because they don't know which signal is legit and which is garbage; a bit like blasting loud noises to keep people from talking to each other, messing with their communication capacity.It's also possible to engage in what's called GPS Spoofing, which means instead of throwing out gobs of garbage signals, you actually send just a few signals that are intended to look legit and to be accepted by, for instance, a plane's GPS device, which then makes the aircraft's navigation systems think the plane is somewhere other than it is—maybe just a little off, maybe on the other side of the planet.Notably, neither of these sorts of attacks are actually that hard to pull off anymore, and it's possible to build a GPS-jamming device at home, if you really want to, though spoofing is a fair bit more difficult. Also worth knowing is that while making your own jammer is absolutely frowned upon by most governments, and it's actually illegal in the US and UK, across most of the world it's kind of a Wild West in this regard, and you can generally get away with making one if you want to, though there's a chance you'd still be arrested if you caused any real trouble with it.And it is possible to cause trouble with these things: most pilots and crew are aware of how these devices work and can watch for their effects, using backup tools to keep tabs on their locations when they need to; but using those backup tools requires a lot more effort and attention, and there's a chance that if they're hit by these issues at a bad moment, when they're distracted by other things, or when they're coming in for a landing or attempting to navigate safely around another aircraft, that could present a dangerous situation.That's why, until May 31, at the minimum, Finnair will no longer be flying to Tartu airport—which is a very small airport in Estonia, but it's home to the Baltic Defense College, which is one of NATO's educational hubs, and losing a daily flight to Tartu (the only daily flight at this particular airport) from Helsinki, will disconnect this area, via plane, at least, from the rest of Europe, which is inconvenient and embarrassing.This daily flight was cancelled because of ongoing disruptions to the airport's GPS system, which was previously an on-and-off sort of thing, but which, since 2022, when Russia launched its full-scale invasion of Ukraine, has become a lot worse. And Tartu relies exclusively on GPS for planes landing at the airport, and thus doesn't have another fallback system, if GPS fails at a vital, dangerous moment.This is a running theme throughout the Baltic region, an area populated by now-democratic NATO members that were formerly part of the Soviet Union, and which are considered to be at risk of a Russian invasion or other sort of attack if the invasion of Ukraine goes Russia's way.Almost all aircraft flying through this area have experienced GPS-jamming issues since 2022, and though that Finnair flight is the only one to have been cancelled as a result of all this jamming, so far, there are concerns that this could really scramble travel and shipping in the region, as it's making all flying in the area that much more risky on a continuous basis.Finland's government is framing this jamming as part of a hybrid warfare effort on Russia's part—alongside other hybrid efforts, like bussing migrants to Finland's borders in order to strain national coffers and nudge politics toward reactionary extremes.Some other nations are thinking along the same lines, though there's a chance that, rather than this jamming representing an intentional assault on these neighboring nations, it may actually be something closer to overflow from other, nearby jamming activities: Russia jamming GPS signals in Ukraine, for instance, or the governance of the Kaliningrad region, which is a Russian enclave separated from the rest of Russia and surrounded by Poland and Lithuania, engaging in their own, localized jamming, and those signals are then picked up across national borders, because that's how these signals work—just like sound can travel further than you might intend.It's possible we're seeing a bit of both here, overflow from that huge regional conflict, but also intentional jabs meant to make life more difficult for NATO nations, stressing their systems and costing them money and other resources, while also maybe testing the region's capacity to cope with such GPS disruptions and blackouts in the event of a potential future conflict.Another point worth making here, though, is that we see a lot of this sort of behavior in conflict zones, globally.FlightRadar24 recently introduced a live GPS jamming map to keep track of this sort of thing, and as of the day I'm recording this, alongside these consistent irregularities in the Baltic region, Ukraine, and parts of Eastern Europe, there's jamming occurring in the Middle East, near Israel, throughout Turkey, which has ongoing conflicts with insurgents in the afflicted areas, a portion of Moldova that is attempting to break away with the support of Russia, similar to what happened in Ukraine back in 2014, a northern portion of India where the Indian government has an ongoing conflict with separatists, and in Myanmar, where the military government is embroiled in fighting with a variety of groups that have unified to overthrow them.This has become common in conflict zones over the past few decades, then, as those who want to deny this data, and the capabilities it grants, to their enemies tend to blanket the relevant airwaves with disruptive noise or incorrect location information, rendering the GPS and similar networks less useful or entirely useless thereabouts.In Ukraine, the military has already worked out ways around this noise and false information, incorporating alternative navigation systems into their infrastructure, allowing them to use whichever one is the most accurate at any given moment.And it's likely, especially if this dynamic continues, which it probably will, as again, this is a fairly easy thing to accomplish, it's likely that spreading out and becoming less reliant on just one navigation system will probably become more common, or possibly even the de facto setup, which will be beneficial in the sense that each of these systems has its own pros and cons, but perhaps less so in that more satellites will be necessary to keep that larger, multi-model network operating at full capacity, and that'll make it more expensive to operate these systems, while also creating more opportunities for satellite collisions up in the relevant orbit—an orbit that's becoming increasingly crowded, and which is already packed with an abundance of no longer operational craft that must be avoided and operated-around.Show Noteshttps://www.dw.com/en/gps-jamming-in-the-baltic-region-is-russia-responsible/a-68993942https://www.bbc.com/news/articles/cne900k4wvjohttps://www.economist.com/the-economist-explains/2024/04/30/who-is-jamming-airliners-gps-in-the-baltichttps://www.ft.com/content/37776b16-0b92-4a23-9f90-199d45d955c3https://www.reuters.com/business/aerospace-defense/what-is-gps-jamming-why-it-is-problem-aviation-2024-04-30/https://www.politico.eu/article/gps-jamming-is-a-side-effect-of-russian-military-activity-finnish-transport-agency-says/https://www.flightradar24.com/data/gps-jamminghttps://www.flightradar24.com/blog/types-of-gps-jamming/https://en.wikipedia.org/wiki/Aviaconversiyahttps://www.reuters.com/world/europe/russian-hackers-targeted-nato-eastern-european-militaries-google-2022-03-30/https://www.cnn.com/2023/12/07/politics/russian-hackers-nato-forces-diplomats/index.htmlhttps://www.reuters.com/technology/cybersecurity/russian-cyber-attacks-targeted-defence-aerospace-sectors-berlin-says-2024-05-03/https://www.aljazeera.com/news/2024/5/3/germany-accuses-russia-of-intolerable-cyberattack-warns-of-consequenceshttps://en.wikipedia.org/wiki/Fancy_Bear This is a public episode. If you'd like to discuss this with other subscribers or get access to bonus episodes, visit letsknowthings.substack.com/subscribe

durée : 00:03:06 - Un monde connecté - par : François Saltiel - Plusieurs entreprises, institutions et organes publiques européens ont été victimes de cyberattaques, menées par le groupe de hackers APT28, lié aux services de renseignement russes.

In today's podcast we cover four crucial cyber and technology topics, including: Finland discloses ongoing Android malware campaign Czechia, Germany say Russia abused Microsoft flaw to spy Wichita officials say public services limited following ransomware Illinois to review language of law protecting biometric data I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Shrnutí týdne v kyberprostoru. Kapitoly: 00:00 Úvod 00:48 APT28 a její útoky nejen na ČR 05:52 Několik odsouzení v USA 07:37 Bezpečnostní incident v DropBox Sign 08:44 Velká Británie a zákon s pravidly pro chytrá zařízení 09:37 Meme Of The Week 10:13 AfterMovie z národního finále kybersoutěže https://discord.gg/qQvXnUyeH2 Odkazy a zdroje: https://www.root.cz/clanky/postrehy-z-bezpecnosti-ruske-utoky-nejen-na-cr/ https://www.linkedin.com/posts/nettles_n%C3%A1%C5%A1-kolega-jan-kopriva-byl-o-v%C3%ADkendu-hostem-activity-7193139679565676545-1YlS?utm_source=share&utm_medium=member_desktop https://mzv.gov.cz/jnp/cz/udalosti_a_media/tiskove_zpravy/prohlaseni_mzv_ke_kyberutokum_ruskeho.html https://thehackernews.com/2024/05/microsoft-outlook-flaw-exploited-by.html https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian https://www.justice.gov/opa/pr/sodinokibirevil-affiliate-sentenced-role-700m-ransomware-scheme https://sign.dropbox.com/blog/a-recent-security-incident-involving-dropbox-sign https://untrustednetwork.net/cs/2024/04/24/ics-cz-2024/ https://thehackernews.com/2024/05/ex-nsa-employee-sentenced-to-22-years.html www.stanovo.cz Všechny díly SecurityCastu: https://www.youtube.com/playlist?list=PLnvU6FnpuLT0Rlxvu-aEW0d2rIis5ceNa Všechny díly Světlé Strany Internetu: https://www.youtube.com/playlist?list=PLnvU6FnpuLT23xGxRcIuMmUA5Tomx12Pb #ITBezpecnost #IT #Novinky #Bezpecnost #Česko

 - Liên minh châu Âu (EU), NATO và nhiều nước thành viên hôm qua (03/5) đồng loạt chì trích Nga hỗ trợ nhóm tin tặc APT28 thực hiện các cuộc tấn công mạng nhắm vào nhiều cơ quan nhà nước tại châu Âu trong bối cảnh cuộc bầu cử châu Âu chuẩn bị diễn ra vào tháng 6 tới. Chủ đề : eu, phương tây --- Support this podcast: https://podcasters.spotify.com/pod/show/vov1tintuc/support

The State Department puts visa restrictions on spyware developers. UnitedHealth says its recent breach could affect tens of millions of Americans. LockBit leaks data allegedly stolen from the DC government. Microsoft says APT28 has hatched a GooseEgg. The White House and HHS update HIPAA rules to protect private medical data. Keyboard apps prove vulnerable. A New Hampshire hospital suffers a data breach. Microsoft's DRM may be vulnerable to compromise. On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain. GoogleTeller just can't keep quiet.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain. Selected Reading U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity (Security Affairs) UnitedHealth Group Previews Massive Change Healthcare Breach (GovInfo Security) Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor (SecurityWeek) Russian APT28 Group in New “GooseEgg” Hacking Campaign (Infosecurity Magazine) HHS strengthens privacy protections for reproductive health patients and providers (The Record) The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers (The Citizen Lab) Records of almost 2,800 CMC patients vulnerable in 'data security incident': hospital | Crime (Union Leader)  Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services (SecurityWeek) The creepy sound of online trackers (Axbom)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

EPISODE 106 | Suffer the Children – Pizzagate, Wayfair & the Seeds of QAnon "Without a clear indication of the author's intent, it is difficult or impossible to tell the difference between an expression of sincere extremism and a parody of extremism." In the world of the internet, this is known as Poe's Law, and it's especially applicable to the weird narrative Gordian Knot known as Pizzagate. The adage applies not just to how absurd some beliefs are, but also to the arguments made by people who hold these beliefs. First formulated in 2005 by Nathan Poe, it builds on a 2001 quote by Alan Morgan called Alan's 2nd Law of Newsgroups, which states, “Any sufficiently advanced troll is indistinguishable from a genuine kook.” And that is certainly the case for the wild story that “a hipster-heavy pizza parlor” (as they put it on their website) in the Chevy Chase neighborhood of Washington D.C. is not just a fun family place with pizza, ping pong and live music, but the nerve center for an diabolical child trafficking ring that operates out in the open because they are protected by highly-placed pedophiles in the Democratic party. As an article on Cracked.com puts it, “This is supported by lots of very stupid evidence”. The stakes of the fake narrative are so high that it's become more than just true believers review bombing the place. Workers have been harassed and, on December 4, 2016, a heavily armed man entered the restaurant and started firing guns. The story of Pizzagate is the story of how the conspirasphere went from harmless kookery to being actually, physically dangerous. TRIGGER WARNING: Some pretty disturbing things will be talked about in this episode, so if the subject of child sexual abuse and trafficking is deeply uncomfortable for you, perhaps you should not listen. I mean, it should be uncomfortable to anyone, but you know what I mean. Like what we do? Then buy us a beer or three via our page on Buy Me a Coffee. #ConspiracyClearinghouse #sharingiscaring #donations #support #buymeacoffee You can also SUBSCRIBE to this podcast. Review us here or on IMDb! SECTIONS 03:11 - A note, pedophilia is a mental disorder, victims suffer for many years, how do we handle this problem? 06:31 - How it all began: Hillary Clinton's emails, John Podesta, Anthony Weiner and Huma Abedin; "Carmen Katz" makes allegations, "David Goldberg" shares and extends these 08:46 - Side note: "Carmen Katz" is Cynthia Campbell, "David Goldberg" is an anti-Semitic fake profile; Amanda Rob finds Borce Pejcev in Macedonia, a fake news click bait ecosystem, it really all began with Doug Hagmann of Eerie, PA 12:35 - Russian hackers Fancy Bear, APT28 and Sofacy use "spear phishing " attacks 13:30 - Pedo codes on 4chan: pizza, cheese, hot dogs, dominos and handkerchief codes; Comet Ping Pong gets targeted 16:30 - DumbScribblyUnctious see all sorts of things - murals, art, logos, musical acts and more; Pizzagaters talks of aliens, the Illuminati, Satanic rituals and Arun Rao; Susan Alefantis knew a pedophile, Tony "pasta obsession" Podesta knew Dennis Hastert, another pedophile, and also collects art (including some by Rachel Rose); Amanda Kleinman (Majestic Ape) of Heavy Breathing performs at Sasha Lord's birthday party and "secret pizza" is maybe mentioned, the film "Automatic At Sea", the Clinton Foundation in Haiti, Alex Jones issues a "bulletin" 25:49 - #pizzagate soars, Comet Ping Pong gets hassled, Turkey's Erdoğan jumps on the story, InfoWars spearheads the narrative, fake images proliferate, artists and musicians also harassed, it might all have been coordinated; other businesses (especially pizza places) get targeted, like Roberta's in Brooklyn and East Side Pies in Austin, TX 30:33 - Edgar Maddison Welch storms Comet Ping Pong with guns, InfoWars apologizes, then retracts the apology; white supremacist Jack Posobiec says Welch is a crisis actor; neo-Nazi pubs the Daily Stormer, the Right Stuff and Smoloko News continue the Pizzagate narrative 35:07 - Canadian Andrew Richmond's ice cream shop Sweet Jesus gets the #PedoGate treatment 36:15 - Portland, Oregon's Voodoo Donuts gets the same treatment thanks to talentless poet VeganMikey (Michael Whelan); #donutgate starts trending, building on a previous #donutgate when Ariana Grande and Ricky Alvarez licked food at Wolfee Donuts; Big League Politics's "research organization" Pedo Takedown Crew funds a coordinated harassment campaign and expand the narrative, adding tunnels, schools, and child-smiggling submarines 41:35 - In England, recreational troll Oliver Redmond targets Paul Cheape's vape shop business 43:32 - Mattress Firm gets targeted 45:32 - Frazzledrip: a very nasty fake video (trigger warning - seriously, it's really nasty), QAnon terms "adrenochrome" and "spirit cooking" get added to the Pizzagate lexicon 47:56 - PrincessPeach1987 kicks of the Wayfair affair, the now combined Pizzagate and QAnon make a LOT of noise, it's all nonsense and yet there were real consequences for real people, iMGSRC.ru and US Army Staff Sgt. Richard Ciccarella  57:25 - Cybersteria and the very first QAnon 4chan post Music by Fanette Ronjat More Info Pedophilia defined on Psychology Today Crimes against Children Research Center Facts and Stats About Child Sexual Abuse The possible long-term effects of experiencing child sexual abuse Long-term Effects of Child Sexual Abuse and Molestation on Helping Survivors A review of the long-term effects of child sexual abuse on the National Library of Medicine website Child Molesters: A Behavioral Analysis paper Sexuality of Offenders on the Zero Abuse Project Facts About Homosexuality and Child Molestation by Gregory Herek Everything You Need To Know About Pizzagate (Is Insane) on Cracked.com Pizzagate on RationalWiki Pizzagate: A slice of fake news on Reveal Anatomy of a Fake News Scandal in Rolling Stone Anthony Weiner breaks down after he's sentenced to 21 months for sexting on ABC News How The Bizarre Conspiracy Theory Behind "Pizzagate" Was Spread on BuzzFeed How Hackers Broke Into John Podesta and Colin Powell's Gmail Accounts on Vice Comet Ping Pong - Pizzagate Summary by DumbScribblyUnctious How Pizzagate went from fake news to a real problem for a D.C. business on PolitiFact 'It's a form of addiction' - Tony Podesta's art addiction article in The Guardian Rachel Rose - Aubade: Grendel's Mother (live reading) video Pizzagate, the fake news conspiracy theory that led a gunman to DC's Comet Ping Pong, explained on Vox Pizzagate gunman recorded video for daughters, said he's standing up for children on CBS News Death threats, abuse, then a gunman: 'Pizzagate' businesses relive ordeal in The Guardian  Pizzagate: Gunman fires in restaurant at centre of conspiracy on BBC News What to Know About Pizzagate, the Fake News Story With Real Consequences in Time 'Pizzagate' gunman pleads guilty as conspiracy theorist apologizes over case Is Comet Ping Pong Pizzeria Home to a Child Abuse Ring Led by Hillary Clinton? on Snopes Dissecting the #PizzaGate Conspiracy Theories in the New York Times A Moral Panic for the Age of Trump: “Pizzagate” is the latest in a long line of child-sex-ring myths on Slate The PizzaGate Gunman's Paranoid Rescue Fantasy Comes from a Long American Tradition on Reason 'There's Nothing You Can Do': The Legacy of #Pizzagate on SPLC Secret message board drives 'pizzagate'-style harassment campaign of small businesses on NBC News When Nerds Attack - Gamergate, Elevatorgate & Sad Puppies episode Voodoo Donuts website Voodoo Doughnut Gets Sucked Into Outrageous Far-Right Conspiracy Theory on Eater Wolfee Donuts Pressing Charges Against Ariana Grande Donut-Gate on Ariana Grande fandom wiki Vegan Mikey - bad poet and troll  #Donutgate: How one Oregon donut shop became the target of online conspiracy theorists on Salon Connecting the Dots Between Donutgate and Pizzagate Man jailed for falsely branding a businessman a ‘dirty paedophile' The Great Mattress Conspiracy: Why Are There So Many Mattress Firm Stores Why Are There So Many Mattress Stores? A wildly popular conspiracy theory about why there are so many Mattress Firm stores is starting to sound less crazy Mattress Firm responds to the wild conspiracy theory about its business that people are going crazy over The Mattress Firm Conspiracy: An Analysis The Mattress Firm Money Laundering Conspiracy Theory on Snopes What Is Frazzledrip? Fake Hillary Clinton Video Builds on Pizzagate Conspiracy Theory in Newsweek Frazzledrip: Is a Hillary Clinton 'Snuff Film' Circulating on the Dark Web? on Snopes Hush Supper Club Full Frazzledrip video (WARNING) Claims that pizza listings on Etsy are selling child pornography are baseless Reddit post that kicked off Wayfair conspiracy theories Outrageously Priced Wayfair Cabinets Lead to Human Trafficking Conspiracy Kids Shipped in Armoires? The Person Who Started the Wayfair Conspiracy Speaks in Newsweek Wayfair: The false conspiracy about a furniture firm and child trafficking on BBC News Baseless Wayfair child-trafficking theory spreads online on AP The bizarre story of how internet conspiracy theorists convinced themselves Wayfair is trafficking children on CBC News A US soldier working at Mar-a-Lago uploaded photos of an underage girl to a Russian website — a closer look at the site reveals a horrific underworld A US Army soldier who worked at Trump's Mar-a-Lago resort uploaded photos of an underage girl to a Russian website, prosecutors say How a reporter found the true story behind a false story of sex trafficking Is Wayfair Trafficking Children Via Overpriced Items? on Snopes MISSING IN KANSAS: Anabel Wilson no longer missing How A QAnon Conspiracy Theory Involving A Wayfair Pillow Left A Metro Detroit Teen Struggling A girl falsely believed to be a victim of the fake Wayfair sex-trafficking ring says she had hives, lost sleep over the conspiracy theory A QAnon con: How the viral Wayfair sex trafficking lie hurt real kids Human Trafficking Rumors: Viral Stories That Do More Harm Than Good at the Polaris Project The Storm Is the New Pizzagate — Only Worse Follow us on social: Facebook Twitter Other Podcasts by Derek DeWitt DIGITAL SIGNAGE DONE RIGHT - Winner of a 2022 Gold Quill Award, 2022 Gold MarCom Award, 2021 AVA Digital Award Gold, 2021 Silver Davey Award, 2020 Communicator Award of Excellence, and on numerous top 10 podcast lists.  PRAGUE TIMES - A city is more than just a location - it's a kaleidoscope of history, places, people and trends. This podcast looks at Prague, in the center of Europe, from a number of perspectives, including what it is now, what is has been and where it's going. It's Prague THEN, Prague NOW, Prague LATER  

Fancy Bear, also known by the Russian actor designation APT28, has been implicated in cyber attacks targeting Microsoft Outlook and other platforms, utilizing CVEs to exploit systems. This group, associated with Russian military intelligence, is known for attempting to influence democratic processes in France and the US, supporting pro-Russian actions in Europe and the US. Interested in the full technical info of the discussed threat? For more detailed information or to access the infographic, please visit https://threat-talks.com/outlook-vulnerability-deep-dive/

In this week's Source Code podcast we talk about how threat actors are using malware that allows them to maintain a better foothold on compromised Ivanti appliances, and we discuss advisories from the U.S. government about APT28, APT29 and the BlackCat ransomware group.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.

Host of the CyberWire Daily podcast segment Threat Vector, David Moulton sits down with Mike "Siko" Sikorski from Palo Alto Networks Unit 42 to discuss their research on "Fighting Ursa Aka APT28: Illuminating a Covert Campaign." Unit 42 just published new threat intelligence on Fighting Ursa (aka APT28), a group associated with Russia's military intelligence, on how they are exploiting a Microsoft Outlook vulnerability (CVE-2023-23397) to target organizations in NATO member countries, Ukraine, Jordan, and the UAE. These organizations are of strategic importance in defense, foreign affairs, economy, energy, transportation, and telecommunications. The research can be found here: Fighting Ursa Aka APT28: Illuminating a Covert Campaign

Host of the CyberWire Daily podcast segment Threat Vector, David Moulton sits down with Mike "Siko" Sikorski from Palo Alto Networks Unit 42 to discuss their research on "Fighting Ursa Aka APT28: Illuminating a Covert Campaign." Unit 42 just published new threat intelligence on Fighting Ursa (aka APT28), a group associated with Russia's military intelligence, on how they are exploiting a Microsoft Outlook vulnerability (CVE-2023-23397) to target organizations in NATO member countries, Ukraine, Jordan, and the UAE. These organizations are of strategic importance in defense, foreign affairs, economy, energy, transportation, and telecommunications. The research can be found here: Fighting Ursa Aka APT28: Illuminating a Covert Campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

Történelmi dróncsapásról készült videó G7     2023-12-11 11:36:31     Infotech Ukrajna Drón Eddig csak légi drónok közötti összecsapásról volt felvétel, az ukránoknak most sikerült kiütniük egyet a földön is. Szépen lassan kettészakad Afrika 24.hu     2023-12-11 09:57:45     Tudomány Afrika A folyamat nagyjából 25 millió éve zajlik, de meg bőven kell idő, hogy lezáruljon. A gépelés hangja alapján ismeri fel a jelszavakat az MI IT Business     2023-12-11 05:03:11     Mobiltech Telefon Mesterséges intelligencia Okostelefon Brit kutatók mesterséges intelligenciát képeztek ki arra, hogy hang alapján felismerje a billentyűleütéseket. Mikrofonként egy laptop mellé helyezett okostelefon szolgált. A kutatók az egyes billentyűk hangját a megfelelő betűvel kombinálták a képzéshez. Ezután beírtak egy jelszót a laptopba, és a mesterséges intelligencia a hang alapján kiszámolta Szivárognak az információk a One UI 6.1-ről Android Portál     2023-12-11 08:41:44     Mobiltech Hétvége Twitter Google Samsung A hétvégén a One UI 6.1 funkciók hosszú listája szivárgott ki Benit Bruhner Pro szivárogtatón keresztül az X-en (korábban Twitter). Úgy tűnik, hogy a Samsung több példát is átvesz a Google Pixel termékcsaládjától, számos új AI-alapú lehetőséggel. Konkrétan a One UI 6.1 várhatóan új, AI által generált háttérképekkel debütál, amelyeket a felhasználói Évente 10 ezer humanoid robot masírozna elő ebből a gyárból Bitport     2023-12-11 08:00:00     Infotech Robot Az Agility Robotics néhány éven belül elöntené a piacot a Digit robotokkal, amelyek emberi munkát végeznek majd a raktárakban, és képesek gondoskodni a saját feltöltésükről is. Kína rejtélyes anyagot kutat 2400 méter mélyen First Class     2023-12-11 06:15:38     Tudomány Kína A világ legmélyebb és legnagyobb földalatti laboratóriuma – amelyet 2400 méterrel a felszín alatt építettek Délnyugat-Kínában – megkezdte működését, ezzel jelentős lökést adva a sötét anyag globális kutatásának. Fókuszban a kiberbiztonság: Célegyenesben az új követelményekre való felkészülés Digital Hungary     2023-12-11 07:33:00     Infotech Kiberbiztonság A kiberbiztonsági törvény számos cég számára új követelményeket támaszt az elektronikus információs rendszereik üzemeltetésével kapcsolatban. Az érintett szervezeteknek 2023 végéig maradt idejük felkészülni, hogy megfeleljenek az új szabályoknak. A művészek visszavágnak az AI-nak Igényesférfi.hu     2023-12-11 10:42:02     Infotech Az internet óriási változást hozott a művészetben: egy-egy alkotó könnyedén hírnévre tehet szert akár egy éjszaka leforgása alatt, ugyanakkor azzal, hogy online publikálja alkotásait, azok bárki számára elérhetőek és eltulajdoníthatóak lesznek. Egy e-mailes hibát kihasználva loptak el katonai titkokat a NATO-országok egységeire rászálló oroszok hvg.hu     2023-12-11 11:03:00     Infotech NATO Microsoft Hacker Az orosz APT28 hackerei a Microsoft Outlook sebezhetőségét kihasználva férkőzhettek hozzá a NATO-országok katonai titkaihoz. A SpaceX is csak pislog: remekel Kína metánhajtású rakétája IT café     2023-12-11 10:22:00     Tudomány Kína Világűr Műhold SpaceX Három műholdat is bolygó körüli pályára állított a kínai LandSpace metánhajtású rakétája, így a technológiában a SpaceX-et és a Blue Origint is lekörözték. Kiborg csótány menthet emberéleteket IT Business     2023-12-11 06:03:38     Infotech Japán Földrengés Robot Atomerőmű Tokió Cunami Hirotaka Sato Tokióban volt, amikor 2011 márciusában a földrengés bekövetkezett. A rengések épületek tízezreit rombolták le, és cunamit váltottak ki, amely Japán keleti partvidékét – köztük a fukusimai atomerőművet is – sújtotta. Ahogy Sato végignézte a kétségbeesett kereső- és mentőakciókat, arra gondolt: "Ki kell fejlesztenem a technológiát az em Az öt leggyakoribb tévhit a robotizációról Transpack     2023-12-11 08:11:00     Cégvilág Robot A robotizációról szóló tévhitek erős érzéseket keltenek az üzemekben elfoglalt helyükkel kapcsolatban. Az Nvidia Vietnámban terjeszkedik IT Business     2023-12-11 14:03:22     Cégvilág Infotech USA Mesterséges intelligencia Nvidia Az amerikai chipgyártó, az Nvidia vezérigazgatója hétfőn közölte, hogy a vállalat kibővíti partnerségét Vietnám vezető technológiai cégeivel, és támogatja az országot a tehetségek képzésében a mesterséges intelligencia és a digitális infrastruktúra fejlesztésére. A délkelet-ázsiai ország, amely nagy chip-összeszerelő gyáraknak ad otthont, köztük az

Történelmi dróncsapásról készült videó G7     2023-12-11 11:36:31     Infotech Ukrajna Drón Eddig csak légi drónok közötti összecsapásról volt felvétel, az ukránoknak most sikerült kiütniük egyet a földön is. Szépen lassan kettészakad Afrika 24.hu     2023-12-11 09:57:45     Tudomány Afrika A folyamat nagyjából 25 millió éve zajlik, de meg bőven kell idő, hogy lezáruljon. A gépelés hangja alapján ismeri fel a jelszavakat az MI IT Business     2023-12-11 05:03:11     Mobiltech Telefon Mesterséges intelligencia Okostelefon Brit kutatók mesterséges intelligenciát képeztek ki arra, hogy hang alapján felismerje a billentyűleütéseket. Mikrofonként egy laptop mellé helyezett okostelefon szolgált. A kutatók az egyes billentyűk hangját a megfelelő betűvel kombinálták a képzéshez. Ezután beírtak egy jelszót a laptopba, és a mesterséges intelligencia a hang alapján kiszámolta Szivárognak az információk a One UI 6.1-ről Android Portál     2023-12-11 08:41:44     Mobiltech Hétvége Twitter Google Samsung A hétvégén a One UI 6.1 funkciók hosszú listája szivárgott ki Benit Bruhner Pro szivárogtatón keresztül az X-en (korábban Twitter). Úgy tűnik, hogy a Samsung több példát is átvesz a Google Pixel termékcsaládjától, számos új AI-alapú lehetőséggel. Konkrétan a One UI 6.1 várhatóan új, AI által generált háttérképekkel debütál, amelyeket a felhasználói Évente 10 ezer humanoid robot masírozna elő ebből a gyárból Bitport     2023-12-11 08:00:00     Infotech Robot Az Agility Robotics néhány éven belül elöntené a piacot a Digit robotokkal, amelyek emberi munkát végeznek majd a raktárakban, és képesek gondoskodni a saját feltöltésükről is. Kína rejtélyes anyagot kutat 2400 méter mélyen First Class     2023-12-11 06:15:38     Tudomány Kína A világ legmélyebb és legnagyobb földalatti laboratóriuma – amelyet 2400 méterrel a felszín alatt építettek Délnyugat-Kínában – megkezdte működését, ezzel jelentős lökést adva a sötét anyag globális kutatásának. Fókuszban a kiberbiztonság: Célegyenesben az új követelményekre való felkészülés Digital Hungary     2023-12-11 07:33:00     Infotech Kiberbiztonság A kiberbiztonsági törvény számos cég számára új követelményeket támaszt az elektronikus információs rendszereik üzemeltetésével kapcsolatban. Az érintett szervezeteknek 2023 végéig maradt idejük felkészülni, hogy megfeleljenek az új szabályoknak. A művészek visszavágnak az AI-nak Igényesférfi.hu     2023-12-11 10:42:02     Infotech Az internet óriási változást hozott a művészetben: egy-egy alkotó könnyedén hírnévre tehet szert akár egy éjszaka leforgása alatt, ugyanakkor azzal, hogy online publikálja alkotásait, azok bárki számára elérhetőek és eltulajdoníthatóak lesznek. Egy e-mailes hibát kihasználva loptak el katonai titkokat a NATO-országok egységeire rászálló oroszok hvg.hu     2023-12-11 11:03:00     Infotech NATO Microsoft Hacker Az orosz APT28 hackerei a Microsoft Outlook sebezhetőségét kihasználva férkőzhettek hozzá a NATO-országok katonai titkaihoz. A SpaceX is csak pislog: remekel Kína metánhajtású rakétája IT café     2023-12-11 10:22:00     Tudomány Kína Világűr Műhold SpaceX Három műholdat is bolygó körüli pályára állított a kínai LandSpace metánhajtású rakétája, így a technológiában a SpaceX-et és a Blue Origint is lekörözték. Kiborg csótány menthet emberéleteket IT Business     2023-12-11 06:03:38     Infotech Japán Földrengés Robot Atomerőmű Tokió Cunami Hirotaka Sato Tokióban volt, amikor 2011 márciusában a földrengés bekövetkezett. A rengések épületek tízezreit rombolták le, és cunamit váltottak ki, amely Japán keleti partvidékét – köztük a fukusimai atomerőművet is – sújtotta. Ahogy Sato végignézte a kétségbeesett kereső- és mentőakciókat, arra gondolt: "Ki kell fejlesztenem a technológiát az em Az öt leggyakoribb tévhit a robotizációról Transpack     2023-12-11 08:11:00     Cégvilág Robot A robotizációról szóló tévhitek erős érzéseket keltenek az üzemekben elfoglalt helyükkel kapcsolatban. Az Nvidia Vietnámban terjeszkedik IT Business     2023-12-11 14:03:22     Cégvilág Infotech USA Mesterséges intelligencia Nvidia Az amerikai chipgyártó, az Nvidia vezérigazgatója hétfőn közölte, hogy a vállalat kibővíti partnerségét Vietnám vezető technológiai cégeivel, és támogatja az országot a tehetségek képzésében a mesterséges intelligencia és a digitális infrastruktúra fejlesztésére. A délkelet-ázsiai ország, amely nagy chip-összeszerelő gyáraknak ad otthont, köztük az

In today's podcast we cover four crucial cyber and technology topics, including: 1.        Atlas VPN for Linux flawed, could allow leakage of user data 2.        Pennsylvania school district continues school despite ransomware impact 3.        Russia tries to gain access to Ukrainian electric power organization 4.        UK Electoral Commission failed cyber audit amidst cyber attack  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

The UK National Cyber Security Centre (NCSC), NSA, CISA, and FBI are releasing this joint advisory to provide TTPs associated with APT28's exploitation of Cisco routers in 2021. AA23-108A Alert, Technical Details, and Mitigations Malware Analysis Report Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov  To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

The UK National Cyber Security Centre (NCSC), NSA, CISA, and FBI are releasing this joint advisory to provide TTPs associated with APT28's exploitation of Cisco routers in 2021. AA23-108A Alert, Technical Details, and Mitigations Malware Analysis Report Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov  To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

Latest Uber Trial and Arrest News. New Powerpoint Warning.Blockbuster testimony at the UBER Trial of former CISO Joe Sullivan facing federal charges and possible prison sentence if found guilty. Shocking new testimony and we break it down.Update on the recent Uber Breach and the arrest of the Hacker allegedly involved and his ties to organized crime.BREAKING NEWS!The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. Find out what this means.And check out our new Merchandise Market available at CyberCrimeJunkies.comWant EXCLUSIVE content? We now have have a special offer for those who want Exclusive Member-Only benefits! Subscribe here and sign up for Prime Access Today! (https://glow.fm/cybercrimejunkiesprime/) Get EXCLUSIVE Special Resources, Career Guidance, Cool Documentaries, Exclusive VIDEO Episodes, & Proprietary Security Trainings!Support the show

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Lapsus$'s Teapot arrested by UK police Optus hacker issues grovelling apology after feeling AFP and ASD heat Ukraine claims Russia is planning massive attacks on its infrastructure RSOCKS bot herder begs for extradition to USA Russians scammed when seeking military service exemptions Much, much more This week's show is sponsored by Votiro. Ravi Srinivasan, Votiro's CEO, joins the show this week to talk about how people are using content disarm and reconstruction. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes British teen arrested in hacking case Australian cybersecurity minister lambasts Optus for ‘unprecedented' hack - The Record by Recorded Future CISA: Iranian hackers spent 14 months in Albanian gov't network before launching ransomware - The Record by Recorded Future Iran shutters mobile networks, Instagram, WhatsApp amid protests - The Record by Recorded Future US Treasury carves out Iran sanctions exceptions for internet providers - The Record by Recorded Future Signal Is Asking People Around the World to Help Iranians Access the Encrypted App Shadowy Russian Cell Phone Companies Are Cropping Up in Ukraine | WIRED Risky Biz News: XakNet "hacktivists" linked to APT28 and Russia's GRU intelligence service Russia plans “massive cyberattacks” on critical infrastructure, Ukraine warns | Ars Technica Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S. – Krebs on Security Сбербанк предупредил о мошенничестве с продажей якобы "белых" военников - РИА Новости, 26.09.2022 SIM Swapper Abducted, Beaten, Held for $200k Ransom – Krebs on Security How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000 | Ars Technica The record-setting DDoSes keep coming, with no end in sight | Ars Technica International conflicts driving increased strength of DDoS attacks: report - The Record by Recorded Future Tarfile path traversal bug from 2007 still present in 350k open source repos | The Daily Swig

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Lapsus$'s Teapot arrested by UK police Optus hacker issues grovelling apology after feeling AFP and ASD heat Ukraine claims Russia is planning massive attacks on its infrastructure RSOCKS bot herder begs for extradition to USA Russians scammed when seeking military service exemptions Much, much more This week's show is sponsored by Votiro. Ravi Srinivasan, Votiro's CEO, joins the show this week to talk about how people are using content disarm and reconstruction. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes British teen arrested in hacking case Australian cybersecurity minister lambasts Optus for ‘unprecedented' hack - The Record by Recorded Future CISA: Iranian hackers spent 14 months in Albanian gov't network before launching ransomware - The Record by Recorded Future Iran shutters mobile networks, Instagram, WhatsApp amid protests - The Record by Recorded Future US Treasury carves out Iran sanctions exceptions for internet providers - The Record by Recorded Future Signal Is Asking People Around the World to Help Iranians Access the Encrypted App Shadowy Russian Cell Phone Companies Are Cropping Up in Ukraine | WIRED Risky Biz News: XakNet "hacktivists" linked to APT28 and Russia's GRU intelligence service Russia plans “massive cyberattacks” on critical infrastructure, Ukraine warns | Ars Technica Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S. – Krebs on Security Сбербанк предупредил о мошенничестве с продажей якобы "белых" военников - РИА Новости, 26.09.2022 SIM Swapper Abducted, Beaten, Held for $200k Ransom – Krebs on Security How 3 hours of inaction from Amazon cost cryptocurrency holders $235,000 | Ars Technica The record-setting DDoSes keep coming, with no end in sight | Ars Technica International conflicts driving increased strength of DDoS attacks: report - The Record by Recorded Future Tarfile path traversal bug from 2007 still present in 350k open source repos | The Daily Swig

A short podcast updating listeners on the security news of the last few days, as prepared and presented by Catalin Cimpanu. You can find the newsletter version of this podcast here. Today's podcast features appearances from Pearce Barry, principal security researcher at runZero (formerly Rumble Network Discovery), this episode's sponsor. Show notes Risky Biz News: XakNet "hacktivists" linked to APT28 and Russia's GRU intelligence service

UTURE LOFI HACKER | idm nation state | BREAKCORE DISRUPTER | Live Looping PLA Unit 61398 | DRUM AND BASS WIZ-BIT | APT38 Lazarus Group | VAPORWAVE RETROWAVE | APT28 Fancy Bear | RIDDIM DUBSTEP TRAP | APT41 Double Dragon Dnb  FUTURE LOFI HACKER | idm nation state | BREAKCORE DISRUPTER | APT1 PLA Unit 61398 | DRUM AND BASS WIZ-BIT | APT38 Lazarus Group | VAPORWAVE RETROWAVE | APT28 Fancy Bear | RIDDIM DUBSTEP TRAP | APT41 Double Dragon Dnb LO-FI BASS HACKER | BREAKCORE STATE DISRUPTER | DRUM AND BASS WIZBIT | APT38 Lazarus Group | VAPORWAVE RETROWAVE | APT28 Fancy Bear | RIDDIM DUBSTEP TRAP | APT41 Double Dragon Dnb FUTURE LO-FI BASS HACKER | BREAKCORE STATE DISRUPTER | DRUM AND BASS WIZBIT | APT38 Lazarus Group | VAPORWAVE RETROWAVE | APT28 Fancy Bear | RIDDIM DUBSTEP TRAP | APT41 Double Dragon Dnb   FUTURE LO-FI BASS HACKER | BREAKCORE STATE DISRUPTER | DRUM AND BASS WIZBIT | APT38 Lazarus Group | VAPORWAVE RETROWAVE | APT28 Fancy Bear | RIDDIM DUBSTEP TRAP | APT41 Double Dragon Dnb  

In today's podcast we cover four crucial cyber and technology topics, including: 1.QNAP reportedly fixing 3 year old flaw in NAS devices 2.APT28 now abusing Follina flaw in attacks against Ukraine 3.Conti report shows groups high operational tempo in late 2021 4.Chinese group target beginning hackers with “free” tool I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

[Referências do Episódio] - OT:ICEFALL - The legacy of “insecure by design” and its implications for certifications and risk management - https://www.forescout.com/resources/ot-icefall-report/ - Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia - https://securelist.com/toddycat/106799/ - Russia's APT28 uses fear of nuclear war to spread Follina docs in Ukraine - https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/ - Are Blockchains Decentralized? Unintended Centralities in Distributed Ledgers - https://assets-global.website-files.com/5fd11235b3950c2c1a3b6df4/62af6c641a672b3329b9a480_Unintended_Centralities_in_Distributed_Ledgers.pdf - Cloudflare outage on June 21, 2022 - https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/?utm_source=pocket_mylist [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

In today's podcast we cover four crucial cyber and technology topics, including: 1.DNS flaw in code impacts IoT devices in mass 2.Mandiant finds Russia-linked malware hiding on network appliances 3.Docker images used to launch DDoS against Russia, Belarus 4.Chinese army-linked hackers observed targeting Russian entities I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Elon Musk's Twitter stake, Unreal Engine 5, WWDC predictions Elon Musk buys 9.2% stake in Twitter. Twitter Should Make Musk CEO. @TwitterComms: now that everyone is asking... yes, we've been working on an edit feature since last year!  Elon Musk asks court to scrap SEC agreement over his tweets, claiming he was 'forced' to enter into it.  SEC Probes Trading by Elon Musk and Brother in Wake of Tesla CEO's Sales.  Mike raises a glass to 17 years of TWiT.  Podcast listeners are likely to be more curious and less neurotic.  Apple's Worldwide Developers Conference returns in its all-online format.  Windows powers the future of hybrid work.  The 'Great Return' to the office is happening — now what?  How Argan Oil Is Made and Is So Expensive.  Gastronomad: THE MOROCCO EXPERIENCE.  Please don't use this new Windows 11 feature.  NVIDIA Broadcast App: AI-Powered Voice and Video.  Updated MacBook Air could launch at WWDC 2022.  Apple M1 Ultra vs M1 Max: Head-to-head shootout with photo and video editing apps.  Intercepted audio reveals Russians yelling at each other after getting pinned down in Ukraine.  As Russia Plots Its Next Move, an AI Listens to the Chatter.  Microsoft takes down APT28 domains used in attacks against Ukraine.  Apple defies the Russian government and restores opposition voting app.  Unreal Engine 5 is finally ready to power a new generation of games.  Apple Sets the Date for Another Virtual WWDC—Here's What to Expect. Inside Apple's 'Bionic Virtual Meeting Room'.  Magic Leap: Enterprise augmented reality (AR) platform.  How Amazon plans to fix its massive returns problem.  The only thing we should be talking about is the climate crisis.  r/Place and the battle of pixels.  Alphabet's Wing is bringing drone delivery to Texas this week.  Windows 3.1 is officially 30 years old.  MLB to allow pitchers and catchers to use anti-sign-stealing technology during regular season, sources say.  Amtrak Is Streaming an Empty Railroad on Twitch to Beef With Freight Rail Companies.  Chatterbox Smart Speaker. Host: Leo Laporte Guests: Doc Rock, Mike Elgan, and Daniel Rubino Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: wwt.com/twit mintmobile.com/twit www.stamps.com - promo code: TWIT itpro.tv/twit promo code TWIT30

Elon Musk's Twitter stake, Unreal Engine 5, WWDC predictions Elon Musk buys 9.2% stake in Twitter. Twitter Should Make Musk CEO. @TwitterComms: now that everyone is asking... yes, we've been working on an edit feature since last year!  Elon Musk asks court to scrap SEC agreement over his tweets, claiming he was 'forced' to enter into it.  SEC Probes Trading by Elon Musk and Brother in Wake of Tesla CEO's Sales.  Mike raises a glass to 17 years of TWiT.  Podcast listeners are likely to be more curious and less neurotic.  Apple's Worldwide Developers Conference returns in its all-online format.  Windows powers the future of hybrid work.  The 'Great Return' to the office is happening — now what?  How Argan Oil Is Made and Is So Expensive.  Gastronomad: THE MOROCCO EXPERIENCE.  Please don't use this new Windows 11 feature.  NVIDIA Broadcast App: AI-Powered Voice and Video.  Updated MacBook Air could launch at WWDC 2022.  Apple M1 Ultra vs M1 Max: Head-to-head shootout with photo and video editing apps.  Intercepted audio reveals Russians yelling at each other after getting pinned down in Ukraine.  As Russia Plots Its Next Move, an AI Listens to the Chatter.  Microsoft takes down APT28 domains used in attacks against Ukraine.  Apple defies the Russian government and restores opposition voting app.  Unreal Engine 5 is finally ready to power a new generation of games.  Apple Sets the Date for Another Virtual WWDC—Here's What to Expect. Inside Apple's 'Bionic Virtual Meeting Room'.  Magic Leap: Enterprise augmented reality (AR) platform.  How Amazon plans to fix its massive returns problem.  The only thing we should be talking about is the climate crisis.  r/Place and the battle of pixels.  Alphabet's Wing is bringing drone delivery to Texas this week.  Windows 3.1 is officially 30 years old.  MLB to allow pitchers and catchers to use anti-sign-stealing technology during regular season, sources say.  Amtrak Is Streaming an Empty Railroad on Twitch to Beef With Freight Rail Companies.  Chatterbox Smart Speaker. Host: Leo Laporte Guests: Doc Rock, Mike Elgan, and Daniel Rubino Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: wwt.com/twit mintmobile.com/twit www.stamps.com - promo code: TWIT itpro.tv/twit promo code TWIT30

Elon Musk's Twitter stake, Unreal Engine 5, WWDC predictions Elon Musk buys 9.2% stake in Twitter. Twitter Should Make Musk CEO. @TwitterComms: now that everyone is asking... yes, we've been working on an edit feature since last year!  Elon Musk asks court to scrap SEC agreement over his tweets, claiming he was 'forced' to enter into it.  SEC Probes Trading by Elon Musk and Brother in Wake of Tesla CEO's Sales.  Mike raises a glass to 17 years of TWiT.  Podcast listeners are likely to be more curious and less neurotic.  Apple's Worldwide Developers Conference returns in its all-online format.  Windows powers the future of hybrid work.  The 'Great Return' to the office is happening — now what?  How Argan Oil Is Made and Is So Expensive.  Gastronomad: THE MOROCCO EXPERIENCE.  Please don't use this new Windows 11 feature.  NVIDIA Broadcast App: AI-Powered Voice and Video.  Updated MacBook Air could launch at WWDC 2022.  Apple M1 Ultra vs M1 Max: Head-to-head shootout with photo and video editing apps.  Intercepted audio reveals Russians yelling at each other after getting pinned down in Ukraine.  As Russia Plots Its Next Move, an AI Listens to the Chatter.  Microsoft takes down APT28 domains used in attacks against Ukraine.  Apple defies the Russian government and restores opposition voting app.  Unreal Engine 5 is finally ready to power a new generation of games.  Apple Sets the Date for Another Virtual WWDC—Here's What to Expect. Inside Apple's 'Bionic Virtual Meeting Room'.  Magic Leap: Enterprise augmented reality (AR) platform.  How Amazon plans to fix its massive returns problem.  The only thing we should be talking about is the climate crisis.  r/Place and the battle of pixels.  Alphabet's Wing is bringing drone delivery to Texas this week.  Windows 3.1 is officially 30 years old.  MLB to allow pitchers and catchers to use anti-sign-stealing technology during regular season, sources say.  Amtrak Is Streaming an Empty Railroad on Twitch to Beef With Freight Rail Companies.  Chatterbox Smart Speaker. Host: Leo Laporte Guests: Doc Rock, Mike Elgan, and Daniel Rubino Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: wwt.com/twit mintmobile.com/twit www.stamps.com - promo code: TWIT itpro.tv/twit promo code TWIT30

Elon Musk's Twitter stake, Unreal Engine 5, WWDC predictions Elon Musk buys 9.2% stake in Twitter. Twitter Should Make Musk CEO. @TwitterComms: now that everyone is asking... yes, we've been working on an edit feature since last year!  Elon Musk asks court to scrap SEC agreement over his tweets, claiming he was 'forced' to enter into it.  SEC Probes Trading by Elon Musk and Brother in Wake of Tesla CEO's Sales.  Mike raises a glass to 17 years of TWiT.  Podcast listeners are likely to be more curious and less neurotic.  Apple's Worldwide Developers Conference returns in its all-online format.  Windows powers the future of hybrid work.  The 'Great Return' to the office is happening — now what?  How Argan Oil Is Made and Is So Expensive.  Gastronomad: THE MOROCCO EXPERIENCE.  Please don't use this new Windows 11 feature.  NVIDIA Broadcast App: AI-Powered Voice and Video.  Updated MacBook Air could launch at WWDC 2022.  Apple M1 Ultra vs M1 Max: Head-to-head shootout with photo and video editing apps.  Intercepted audio reveals Russians yelling at each other after getting pinned down in Ukraine.  As Russia Plots Its Next Move, an AI Listens to the Chatter.  Microsoft takes down APT28 domains used in attacks against Ukraine.  Apple defies the Russian government and restores opposition voting app.  Unreal Engine 5 is finally ready to power a new generation of games.  Apple Sets the Date for Another Virtual WWDC—Here's What to Expect. Inside Apple's 'Bionic Virtual Meeting Room'.  Magic Leap: Enterprise augmented reality (AR) platform.  How Amazon plans to fix its massive returns problem.  The only thing we should be talking about is the climate crisis.  r/Place and the battle of pixels.  Alphabet's Wing is bringing drone delivery to Texas this week.  Windows 3.1 is officially 30 years old.  MLB to allow pitchers and catchers to use anti-sign-stealing technology during regular season, sources say.  Amtrak Is Streaming an Empty Railroad on Twitch to Beef With Freight Rail Companies.  Chatterbox Smart Speaker. Host: Leo Laporte Guests: Doc Rock, Mike Elgan, and Daniel Rubino Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: wwt.com/twit mintmobile.com/twit www.stamps.com - promo code: TWIT itpro.tv/twit promo code TWIT30

Elon Musk's Twitter stake, Unreal Engine 5, WWDC predictions Elon Musk buys 9.2% stake in Twitter. Twitter Should Make Musk CEO. @TwitterComms: now that everyone is asking... yes, we've been working on an edit feature since last year!  Elon Musk asks court to scrap SEC agreement over his tweets, claiming he was 'forced' to enter into it.  SEC Probes Trading by Elon Musk and Brother in Wake of Tesla CEO's Sales.  Mike raises a glass to 17 years of TWiT.  Podcast listeners are likely to be more curious and less neurotic.  Apple's Worldwide Developers Conference returns in its all-online format.  Windows powers the future of hybrid work.  The 'Great Return' to the office is happening — now what?  How Argan Oil Is Made and Is So Expensive.  Gastronomad: THE MOROCCO EXPERIENCE.  Please don't use this new Windows 11 feature.  NVIDIA Broadcast App: AI-Powered Voice and Video.  Updated MacBook Air could launch at WWDC 2022.  Apple M1 Ultra vs M1 Max: Head-to-head shootout with photo and video editing apps.  Intercepted audio reveals Russians yelling at each other after getting pinned down in Ukraine.  As Russia Plots Its Next Move, an AI Listens to the Chatter.  Microsoft takes down APT28 domains used in attacks against Ukraine.  Apple defies the Russian government and restores opposition voting app.  Unreal Engine 5 is finally ready to power a new generation of games.  Apple Sets the Date for Another Virtual WWDC—Here's What to Expect. Inside Apple's 'Bionic Virtual Meeting Room'.  Magic Leap: Enterprise augmented reality (AR) platform.  How Amazon plans to fix its massive returns problem.  The only thing we should be talking about is the climate crisis.  r/Place and the battle of pixels.  Alphabet's Wing is bringing drone delivery to Texas this week.  Windows 3.1 is officially 30 years old.  MLB to allow pitchers and catchers to use anti-sign-stealing technology during regular season, sources say.  Amtrak Is Streaming an Empty Railroad on Twitch to Beef With Freight Rail Companies.  Chatterbox Smart Speaker. Host: Leo Laporte Guests: Doc Rock, Mike Elgan, and Daniel Rubino Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: wwt.com/twit mintmobile.com/twit www.stamps.com - promo code: TWIT itpro.tv/twit promo code TWIT30

In today's podcast we cover four crucial cyber and technology topics, including: 1.API flaw in financial firm could have allowed mass account takeovers 2.Hamas-linked threat actors target Israeli industries in large campaign 3.Fin7 criminal from Ukraine sentenced to prison 4.Microsoft begins disrupting Russian cyber criminal infrastructureI'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

[Referências do Episódio] - Parrot TDS - https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/ - Estudo sobre o Sharkbot - https://research.checkpoint.com/2022/google-is-on-guard-sharks-shall-not-pass/ - FFDroider - https://www.zscaler.com/blogs/security-research/ffdroider-stealer-targeting-social-media-platform-users - [Palestra] - Making Order out of Chaos: How to Deal with Threat Group Names - Katie Nickels - https://www.youtube.com/watch?v=ff1yhdIx0yY - Microsoft derruba domínios do APT28 - https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/ [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

‘Het idee dat de meeste mensen deugen is typisch een uiting van een generatie die te veel Disney-films heeft gekeken waarin zelfs de dieren kunnen praten,' vertelde schrijver Rob Riemen aan het FD. Ik geniet al meer dan een week van deze opmerking. Hij vertelde het in relatie tot de gedachte dat na de val van de Berlijnse muur vrede, zoals wij in het westen kennen, de hele wereld welvaart zou kunnen brengen. Waarbij we negeerden dat bijvoorbeeld Russische leiders anders in de wedstrijd zitten dan wij. In de wereld van Disney is alles mooi, leuk, aangenaam, rechtvaardig en ondanks dat de dieren een stem hebben, humaan. De Disneyhelden worden geconfronteerd met schurken of gevaren van buitenaf, maar uiteindelijk sluit je het verhaal met een goed gevoel af. Want de helden zegevieren na alle bombastische liedjes, snode motieven en zweverig charisma. Ze leren en groeien door hun eigen fouten onder ogen te zien. Waarbij ze niet de schurk of het gevaar daadwerkelijk doorgronden. Want de overwinning moet zoet smaken en je moet niet te moeilijk doen. Op 23 december 2015 zaten 230 duizend mensen in Oekraïne tot zes uur zonder stroom door een hack op enkele energiebedrijven. De bedrijven waren aangevallen vanaf computers met IP-adressen vanuit Rusland. Deze aanval volgde op verschillende cyberaanvallen in 2014 na de inname van de Krim door Rusland. Het Westen onderschreef de schurkendaad en zag in dat ze het anders moesten doen. Het belang van een cyberleger kreeg meer aandacht. Budgetten verschoven naar militaire veiligheid- en inlichtingsdiensten. De gevolgen van de Westerse maatregelen waren nog heftiger cyberaanvallen vanuit Rusland. Denk aan de inmiddels klassieke NonPety-virus aanval op aanvankelijk Oekraïne waarna het verspreidde over de rest van de wereld. Het richtte een totale schade van tien miljard dollar aan. Volgens Amerikaanse inlichtingendiensten was het virus gemaakt door 'unit 74455' van de Russische geheime dienst GRU, een groep die ook bekend staat als Sandworm, Fancy Bear of APT28. De groep die ook verantwoordelijk was voor de Solarwind hack waardoor vele Amerikanen ineens geen diesel meer konden tanken. Sinds het binnenvallen van Rusland in Oekraïne bleef het tot nu toe betrekkelijk rustig op het cyberfront. Experts vrezen echter voor het ergste, maar niemand durft een 'Cyber Pearl Habor' te beginnen, zoals Joe Biden het noemt. Ondanks zijn leeftijd is dat toch weer een typische Disneygedachte. Poetin durft dat echt wel, hij doet het echter nog niet. Hij heeft een andere definitie van mooi, leuk, aangenaam en humaan. En daar zijn we klaar mee. See omnystudio.com/listener for privacy information.

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: UK, Netherlands and Australia promise offensive response to big ticket ransomware Wave of major cyber regulation and legislation in USA Iran up in yer O365s, Russians in yer gmails Submarine spy guy would have been fine, if he didn't make one very big mistake Much, much more Jonathan Reiber is this week's sponsor guest. He's senior director of cybersecurity at AttackIQ and he's joining us to talk through the US Government's executive order on Zero Trust. Jonathan says it is actually born of a realisation the US Government needs to do something differently, that the old approaches aren't working. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes UK cyber head says Russia responsible for 'devastating' ransomware attacks - BBC News Netherlands can use intelligence or armed forces to respond to ransomware attacks - The Record by Recorded Future Ransomware Action Plan Ransomware hackers find vulnerable target in U.S. grain supply Emergent ransomware gang FIN12 strikes hospitals, moves quickly against big targets Macquarie Health Corporation hit by cyberattack as hackers claim 6700 people affected | news.com.au — Australia's leading news site Microsoft: Iran-linked hackers breached Office 365 customer accounts - The Record by Recorded Future Google notifies 14,000 Gmail users of targeted APT28 attacks - The Record by Recorded Future Google distributing 10,000 security keys to journalists, elected officials, human rights activists | The Daily Swig Peanut butter and ProtonMail: US charges underscore evolution of espionage in digital age Hackers of SolarWinds stole data on U.S. sanctions policy, intelligence probes | Reuters Senate committee advances major cybersecurity legislation - The Record by Recorded Future Justice Department launches a National Cryptocurrency Enforcement Team - The Record by Recorded Future DOJ to go after government contractors who don't disclose breaches - The Record by Recorded Future TSA to impose cybersecurity mandates on major rail and subway systems - The Washington Post OMB orders federal agencies to let CISA access defenses of devices, servers CIA Funding Arm Gave Encrypted App Wickr $1.6 Million U.S. prosecution of alleged WikiLeaks ‘Vault 7' source hits multiple roadblocks Ukraine arrests operator of DDoS botnet with 100,000 bots - The Record by Recorded Future Botnet abuses TP-Link routers for years in SMS messaging-as-a-service scheme - The Record by Recorded Future Microsoft said it mitigated a 2.4 Tbps DDoS attack, the largest ever - The Record by Recorded Future Report links Indian company to spyware that targeted Togolese activist - The Record by Recorded Future Trolls defaced Twitch's website with pictures of Jeff Bezos, the latest security concern Twitch says no user passwords or cards numbers were exposed in major hack - The Record by Recorded Future Video game streaming service Twitch suffers major data breach Woman Allegedly Hacked Flight School, Cleared Planes With Maintenance Issues to Fly Microsoft to disable Excel 4.0 macros, one of the most abused Office features - The Record by Recorded Future NSA warns of ALPACA TLS attack, use of wildcard TLS certificates - The Record by Recorded Future Azure, GitHub, GitLab, BitBucket mass-revoke SSH keys following bug report - The Record by Recorded Future Reverse engineering and decrypting CyberArk vault credential files | Jelle Vergeer Security researchers find another UEFI bootkit used for cyber-espionage - The Record by Recorded Future Apple patches iPhone zero-day in iOS 15.0.2 - The Record by Recorded Future Bindiff and POC for the IOMFB vulnerability, iOS 15.0.2 | IOMFB_integer_overflow_poc Apache HTTP Server update fails to squash path traversal, RCE bugs | The Daily Swig Executive Order on Improving the Nation's Cybersecurity | The White House

Die Hacker von APT28 fliegen in die Niederlande - für eine riskante Operation vor Ort. Sie wollen offenbar eine internationale Organisation hacken, die den Gift-Angriff auf den russischen Ex-Agenten Sergei Skripal untersucht. Doch was die Hacker nicht ahnen: Sie werden selbst beobachtet.

Die Hacker von APT28 fliegen in die Niederlande - für eine riskante Operation vor Ort. Sie wollen offenbar eine internationale Organisation hacken, die den Gift-Angriff auf den russischen Ex-Agenten Sergei Skripal untersucht. Doch was die Hacker nicht ahnen: Sie werden selbst beobachtet.

After taking a 3-week break, Syed and Deepak are back with Weekly Episode 26 to get you up to speed with the recent news and developments.  Apologizes for choppy audio on Syed's segments... In his tech update, he talks about several things such as Apple's IOS 15, Samsung Galaxy leaks, Windows 11,  the printnightmare  zero-day vulnerability, and much more...      Deepak talks about news from China, particularly pertaining to Ali Baba. Next Syed provides an update on Solana X and Ethereum 2.0.     Deepak dives into the international tax crackdown, and then Syed gives his thoughts on Elon Musk's recent tweet about Doge being better than ETH and bitcoin.      Deepak then goes over the upcoming earnings reports, and then the crew ends off with their stock picks.                Intro   0:00 - Intro      1:38 - Brute-Force Attack tied to Russia's APT28   2:20 - Samsung Galaxy Leaks    3:06 - PrintNightmare     3:37 - Kaseya Ransomware Attack      6:16 - iPad OS 15 and IOS 15      8:21 - Windows 11    9:55 - Nio update     11:13 - Apple Glasses     12:15 - China news: Ali Baba and FUED     17:00 - Solonax IEO update   19:24 - Ethereum  London Hard Fork update     23:37 - International Tax Crackdowns          26:27 - Elon Musk and Doge      30:54 -  Earnings to look out for        34:45 - Stock picks        41:29 - Outro      Resources    https://threatpost.com/kubernetes-brute-force-attacks-russia-apt28/167518/     https://www.theregister.com/2021/07/07/printnightmare_fix_fail/     https://www.engadget.com/kaseya-warned-of-security-flaws-before-ransomware-210226358.html     https://www.tomsguide.com/news/apple-glasses   https://ca.finance.yahoo.com/news/ev-maker-nio-4-000-024539192.html   https://news.bitcoin.com/ethereums-london-hard-fork-scheduled-to-commence-on-august-4/     https://cryptonews.com/news/solanax-has-now-started-their-second-ieo-round-11013.htm     https://twitter.com/elonmusk/status/1413396249546563586

This week on the podcast, Jeff's on vacation, so Ahmed and I tackle some thorny cybersec issues on our own. We start with news that EA's billion dollar franchise, Apex Legends, faced hacking concerns from gamers about the state of TitanFall, Respawn's first foray into the FPS genre. From there, we move on to news that Google has taken the ban-hammer to some developers who placed Trojans inside their apps to scrape Facebook credentials. Other stories this week include discussion about APT28, aka Fancy Bear, targeting governments around the world, plus an exclusive chat with Kaspersky security researcher David Emm about the recent REvil attacks.

Immer wieder heißt es, man vermute "russische Hacker" hinter einem IT-Angriff. Inzwischen stehen mehrere Offiziere des militärischen Geheimdienstes GRU auf offiziellen FBI-Fahndungslisten. Aber woher weiß man eigentlich, wer von wo aus hackt? Sind die Schuldzuweisungen berechtigt? Wir suchen Spuren in den Cyberkrimis der letzten zehn Jahre. #includes: Ransomware[:], APT28, FBI, GRU, MIVD, Hack auf die OPCW, Hack auf den Bundestag[Merkels_Rechner], Hack auf Demokratische Partei der USA, Hack auf die NotPetya, Hack auf TU Berlin. Quellen: https://www.documentcloud.org/documents/4598895-DOJ-Russia-DNC-Hack-Indictment - Anklageschrift von FBI-Sonderermittler Robert Mueller gegen zwölf Bedienstete des GRU (Главное разведывательное управление) Der Mann in Merkels Rechner - Investigativer Podcast des BR zum Hackerangriff auf den deutschen Bundestag 2015 DarknetDiaries - Podcast über IT-Untiefen, Folge #54 'NotPetya'

Die Hacker von APT28 fliegen in die Niederlande - für eine riskante Operation vor Ort. Sie wollen offenbar eine internationale Organisation hacken, die den Gift-Angriff auf den russischen Ex-Agenten Sergei Skripal untersucht. Doch was die Hacker nicht ahnen: Sie werden selbst beobachtet.

Rysslands offensiva cyberkrig har inte undgått många. Från påverkan i olika nationers demokratiska val till stora dataläckor - det är få som inte riskerar att råka ut. Men givetvis finns inget officiellt erkännande, utan allting måste antas. Mattias och Erik går igenom Rysslands historia sedan 1910-talet och funderar på vad som byggt en av världens mest kompententa och samtidigt skrämmande underrättelsetjänster, samt hur denna kunnat bli en så kraftfull cyberkrigare. Det finns många hackergrupper som anses tillhöra Ryssland, men vi tar en titt på en av dem, Fancy bear eller APT28 som den också kallas. Show notes här: https://www.itsakerhetspodden.se/show-notes-for-110-det-ryska-cyberkriget/

ShadowTalk hosts Kacey, Alec, Charles and Digital Shadows CISO Rick bring you the latest in threat intelligence. This week they cover: - The US Department of Treasury sends a message about negotiating with ransomware operators - APT28 compromises a US federal agency - Foreign spies use fronts to hide cyber espionage operations - Iranian nation-state threat actors leverage Zerologon flaw to carry out attacks Get this week’s intelligence summary at https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-09-october-2020 ***Resources from this week’s podcast*** Sanctions for ransomware: https://threatpost.com/mixed-sanctions-ransomware-negotiators/159795/ APT28: https://www.wired.com/story/russias-fancy-bear-hack-us-federal-agency/ Foreign spies: https://www.cyberscoop.com/chinese-iranian-hackers-front-companies/ Zerologon: https://threatpost.com/microsoft-zerologon-attack-iranian-actors/159874/ Bitcoin vs. Monero Blog: https://www.digitalshadows.com/blog-and-research/bitcoin-vs-monero/

In today's podcast we cover four crucial cyber and technology topics, including: 1. OldGremlin ransomware group added to growing threat list 2. Russian-linked APT 28 targets NATO 3. Long Island hospital discloses data breach via 3rd party in May of 20204. Dunkin Donuts accused of concealing cyber attacks, agrees to settlement I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com

On this week’s show Patrick and Adam discuss the week’s security news, including: Salt framework 1Day wreaks havoc Toll Group hit with ransomware attack. Again. Germans indict APT28 operator Ransomware a key word in SEC filings Much, much more! This week’s show is brought to you by Remediant. They offer software that lets you get privileged accounts under control very quickly. In this week’s sponsor interview we’re chatting with Remediant’s COO Paul Lanzi and Julie Smith, the executive director of the Identity Defined Security Alliance (IDSA). We’ll be talking about what the IDSA actually is and what its goals are. You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Salt DevOps framework shaken by data center server security flaws | The Daily Swig CT2 Log Compromised via Salt Vulnerability - Google Groups Ghost blogging platform servers hacked and infected with crypto-miner | ZDNet Hackers seize on software flaw to breach two victims, despite patch availability Hackers breach LineageOS servers via unpatched vulnerability | ZDNet German authorities charge Russian hacker for 2015 Bundestag hack | ZDNet bellingcat - Who Is Dmitry Badin, The GRU Hacker Indicted By Germany Over The Bundestag Hacks? - bellingcat Toll Group suffers second ransomware attack this year - Security - iTnews Taiwan’s state-owned energy company suffers ransomware attack Ransomware mentioned in 1,000+ SEC filings over the past year | ZDNet Indonesian e-commerce giant probes reported breach of 91 million credentials Estonia: Foreign hackers breached local email provider for targeted attacks | ZDNet Google and Apple Reveal How Covid-19 Alert Apps Might Look | WIRED Australia’s COVID-19 app is buggy, not yet operational - Risky Business (13) Senator Murray Watt on Twitter: "Here are just a few of the issues with the Govt’s #COVIDSafe app that we’ll explore at today’s #COVID-19 Senate hearing. If it’s central to our recovery, we need to know it works. ⁦@riskybusiness⁩ https://t.co/ATtL6UExqs" / Twitter Coronavirus Australia: COVIDSafe app privacy law to seek jail time for offenders The United Nations Coronavirus App Doesn’t Work - VICE Apple, Google ban use of location tracking in contact tracing apps - Reuters Hacker Bribed 'Roblox' Insider to Access User Data - VICE CursedChrome turns your browser into a hacker's proxy | ZDNet Google announces Chrome Web Store crackdown for August 2020 | ZDNet First seen in the wild - Malware uses Corporate MDM as attack vector - Check Point Research Executive Order on Securing the United States Bulk-Power System | The White House DHS CISA to provide DoH and DoT servers for government use | ZDNet UK NCSC to stop using 'whitelist' and 'blacklist' due to racial stereotyping | ZDNet SAP notifying 9% of customers about mysterious cloud products security holes | ZDNet Adult Cam Site CAM4 Exposed 10.88 Billion Records Online | WIRED How Cybercriminals are Weathering COVID-19 — Krebs on Security NSO Group partly disputes claim about use of U.S.-based servers in WhatsApp spy campaign LabCorp investors file lawsuit, alleging 'persistent' failure to secure data Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use Apple will make it easier to unlock your iPhone while wearing a face mask | TechCrunch Magento security: Adobe patches six critical flaws in e-commerce platform | The Daily Swig Oracle warns of attacks against recently patched WebLogic security bug | ZDNet Putting Identity at the Center of Security - Identity Defined Security Alliance Remediant: Privileged Access Management | SecureONE

In the first segment of the show, Host George Rettas provides analysis on last week's announcement by the FBI recommending that all Americans reboot their office and home routers to mitigate a nation state threat from the Russian Government. Then Senior Product Manager of DFLabs, John Moran appears on the show to level set the incident response problems and the desire for organizations to decrease the mean time to mitigating cyber attacks when they are detected. Moran level sets the incident response environment, talks about how the talent crisis has effected the ability of organizations to respond to incidents, and lays out how the orchestration and automation of the incident response process can help your organization defend itself against attacks that are getting more sophisticated in nature every day.

Yeah, that wasn't Russia in your email. Librarians get pwned. The Turks and the Greeks seem to still be at it. Joker malware.

Yeah, that wasn't Russia in your email. Librarians get pwned. The Turks and the Greeks seem to still be at it. Joker malware.

Threatpost editors Tara Seals and Lindsey O'Donnell break down the top security news of this week, from data breaches to Advanced Persistent Threat (APT) activity.  Top stories include: A Microsoft alert that APT group Fancy Bearhas targeted anti-doping authorities and sporting organizations around the world as the world begins to gear up for the Tokyo Summer Olympic Games, which kick off July 2020. A report outlining that Chinese state-sponsored hackersare attacking telecom networks to sniff out SMS messages that contain keywords revolving around political dissidents. Bed, Bath and Beyond disclosing a data breachthat allowed the adversaries to access customers' online accounts - and what researchers say the attack may have stemmed from. A nasty phishing campaignthat uses fake voicemail messages to lure victims into revealing their Office 365 email credentials.

Adam Cook, Philip Doherty, and Viktoria Austin host this week’s ShadowTalk update around an unsecured Elasticsearch database exposing account information of about 7.5 million Adobe Creative Cloud users. The team then looks at the news story around the City of Johannesburg experiencing a ransomware attack as well as APT28 (aka Fancy Bear) targeting anti-doping authorities and sporting organizations. ***Resources from this week’s episode*** - BriansClub Blog from Viktoria: https://www.digitalshadows.com/blog-and-research/cybercriminal-credit-card-stores-is-brian-out-of-the-club/ - Understanding Different Cybercriminal Platforms: https://www.digitalshadows.com/blog-and-research/understanding-the-different-cybercriminal-platforms-avcs-marketplaces-and-forums/ - Too Much Information - The Sequel: https://resources.digitalshadows.com/whitepapers-and-reports/too-much-information-the-sequel - Adam’s World Cup Blog: https://www.digitalshadows.com/blog-and-research/threats-to-the-2018-football-world-cup/ News Stories: https://www.zdnet.com/article/adobe-left-7-5-million-creative-cloud-user-records-exposed-online/ https://www.ccn.com/johannesburg-shuts-down-bitcoin-ransomware-attack/

A daily look at the relevant information security news from overnight.Episode 184 - 29 October 2019Russia targets Olympics - https://www.zdnet.com/article/microsoft-russian-hackers-are-targeting-sporting-organizations-ahead-of-tokyo-olympics/Sixth June skimmed - https://www.bleepingcomputer.com/news/security/sixth-june-fashion-site-hacked-to-steal-credit-cards/Georgia suffers huge attack - https://threatpost.com/country-of-georgia-suffers-widespread-cyberattack/149625/Krystal discloses breach - https://www.bleepingcomputer.com/news/security/us-food-chain-alerts-customers-of-payment-card-incident/UniCredit breah (again) - https://threatpost.com/unicredit-suffers-third-breach/149617/

A daily look at the relevant information security news from overnight.Episode 160 - 25 September 2019APT10 after utilities - https://www.zdnet.com/article/17-us-utility-firms-targeted-by-mysterious-state-sponsored-group/New Fancy Bear attack - https://threatpost.com/zebrocy-retools-political-attacks/148593/U.S. vets sammed - https://www.bleepingcomputer.com/news/security/fake-employment-site-created-to-target-veterans-with-malware/Wyoming hospital ransomware - https://www.darkreading.com/attacks-breaches/wyoming-hospital-the-latest-to-be-hit-with-ransomware-attack/d/d-id/1335895Apple open access - https://techcrunch.com/2019/09/24/apple-bug-full-access-keyboards/

Alex Guirakhoo and newcomer to the pod Travis Randall (@puppyozone) join HVR this week to discuss updates to the JasperLoader malware loader, APT28’s newly observed link shortening technique, Gnosticplayers allegedly stole information from an Australian graphics design companies, and APT10 malware loaders. After that, Richard Gold (@drshellface) and Simon Hall (@5ecur1tySi) discuss the Remote Desktop Protocol vulnerability that everyone has been hyped up about in the last couple of weeks. Be sure to download the full intelligence summary at resources.digitalshadows.com. In more news, Photon Research Team has published a new report! The overall main finding of the paper is that Photon found there were 2.3 billion files currently being exposed online via file shares like SMB or Amazon S3 buckets. We are going to do a deep dive episode about that for next week’s episode. (Report) Too Much Information: The Sequel: https://info.digitalshadows.com/TooMuchInfoTheSequel-podcast.html (Blog) 2.3 billion files exposed across online file storage technologies: https://www.digitalshadows.com/blog-and-research/2-billion-files-exposed-across-online-file-storage-technologies/

Depuis 2016, les pirates russes se sont invités dans les processus électoraux de plusieurs pays, sous forme de trolls et de tentatives de déstabilisations. Avec les élections canadiennes qui se pointent à l’horizon, à quoi peut-on s’attendre des pirates russes ici au pays? Est-ce que quelqu’un a pensé à nous protéger contre d’éventuelles offensives? Avec Baptiste Zapirain et Charles Trahan

Russian Nation State Hackers & What We're Not Doing About It.  - By Bob Flores – former Chief Technology Officer of the CIA & Babak Pasdar CEO and CTO of Acreto IoT Security The effective use of Russian nation state hackers led to a hacked election that has resulted in a hacked America. We're still licking our wounds and not doing anything about it. In fact we are arguing if it happened at all! Cybersecurity strategy incorporates the confluence of technology, business and geopolitics with so many moving parts that to call them complex is an understatement. Strategies must span multiple geographies across a plurality of nations and continents. That is why no one can “go it alone”.  Today we need our friends more than ever – not just for geopolitics, but also for cyber defense. Collaboration is the underpinning of cybersecurity. As the largest global economy that comprises infrastructure, industry, enterprise and institutions, the US is the most technologically advanced. Many American companies span the globe making them one big glass house while the rest of the cyber world are kids with rocks on a dare. These "kids with rocks" fall into four major categories. First, there are hacktivists, who hack for their cause. The most well known of these being the loosely bound group called Anonymous. The second category is terrorist organizations such as ISIS and Al Qaeda. These organizations recognize cyber warfare as a cornerstone to their mid to long-term strategy and are working feverishly and investing heavily to get them to maturity. The third group is financial hackers. The best way to describe financial hackers is the Mob and Cartels' online arm. And finally, the most dangerous are state-sponsored hackers. Even though they operate behind triple or quadruple blind systems, which makes tracking them extremely difficult, they can be identified by their unique hacking techniques or fingerprints. Nation state hackers are not the moody lone-wolf nocturnal teenagers cranking death metal and surviving on Amp energy drinks. That's a TV cliche. And hacking is not an organic game of pickup, where individual hackers are swapped indiscriminately. Nation state hackers are carefully curated teams that train, collaborate and solve problems together. Not only do they have to get along and gel over time, but they have to build and test many foundational tools they need to perform the advanced objectives they are charged with. Sometimes this can take years! Lets Talk Hacking Fingerprints: Cyber-threat intelligence organizations that monitor and track Advanced Persistent Threats – APT.s - use their threat fingerprints to build a profile on each team over time. The collection of fingerprints defines each team, otherwise called an APT. The profile fingerprints for the Russians, Chinese, North Koreans and Iranians all vary. Each APT, or different hacking group, is assigned a unique number for identification. For example, APT37 is North Korea, APT34 is Iran, and the American election hacks are associated with APT.28 and AP.29 - which are obviously Russian nation state hackers. In fact, APT.28, otherwise known as "Fancy Bear", is a completely different team than APT29, "Cozy Bear", both of which work for the Russian Government.  As an example, here is a sample of the fingerprint for Fancy Bear – APT28- that has been tracked since 2007, and the reasons for American intelligence agencies' confidence in Russia as source for the election hacks: Here are some quick hit details for APT28: Its Target Sectors includes: The Caucasus, particularly Georgia, eastern European countries and militaries, North Atlantic Treaty Organization (NATO) and other European security organizations and defense firms. APT. 28 is focused on Cyber-Espionage As a summary overview: APT28 is a skilled team of developers and operators collecting intelligence on defense and geopolitical issues—intelligence that would be useful only to a government. This APT group compiles malware samples with Russian language settings during working hours (8 a.m. to 6 p.m.), consistent with the time zone of Russia’s major cities, including Moscow and St. Petersburg. This suggests that APT28 receives direct ongoing financial and other resources from a well-established organization, most likely the Russian government. Tools commonly used by APT28 include the SOURFACE downloader, its second-stage backdoor EVILTOSS and a modular family of implants dubbed CHOPSTICK. APT28 has employed RSA encryption to protect files and stolen information moved from the victim’s network to the controller. It has also made incremental and systematic changes to the SOURFACE downloader and its surrounding ecosystem since 2007, indicating a long-standing and dedicated development effort. Known operations include Operation RussianDoll where Adobe & Windows Zero-Day Exploits were Leveraged in highly-targeted attacks. There are other means for determining the source of attacks.  Aside from fingerprinting, intelligence agencies do track the sale of zero-day exploits purchased on the markets. Zero-days are exploits for previously unknown vulnerabilities. There are numerous commercial and underground organizations whose business is finding, exploiting and weaponizing vulnerabilities.  Once the exploit is developed, it's put up for bid - and governments are the most affluent bidders. Commercial organizations offer them for sale on the public market to sanctioned agencies, while underground groups sell their exploits on the black market – Dark Net - to the highest bidder indiscriminately. In the case of juicy exploits, the buyer may pay significant sums for the privilege of exclusivity. The buyer wants the advantage of a weapon that nobody else has. All governments use a variety of proprietary techniques, technologies and informants to track the exploit inventory of both rival and ally countries. Ultimately the recourse to cyber attacks is a blunt instrument in the form of counter-attack. Counter attacks may include counter hacks, economic sanctions, embargoes, or a combination.  However, for a government to get involved in countering attacks large organizations or critical infrastructure are usually involved and even then it is reserved for the largest and most egregious attacks. American election compromise is such an example. At this particular point in time, America has opted for a "go it alone" approach to global relationships. Collaboration on cyber issues is not exempt from this. As the occupant of "The Big Glass House" in a world of rock-throwing kids, especially Russian nation state hackers, America needs its friends more than ever. Even though we have been hacked, America is still Not Minding The Store. Collaboration between government and commercial threat intelligence is key to a successful cyber strategy. The nation’s top intelligence officer, Director of National Intelligence Dan Coats, indicated on Friday, July 13 and I quote: "persistent danger of Russian cyberattacks today was akin to the warnings the United States had of stepped-up terror threats ahead of the Sept. 11, 2001, attacks. The system was blinking red," Coats said. (nytimes.com) "Here we are nearly two decades later and I’m here to say the warning lights are blinking red again. Today, the digital infrastructure that serves this country is literally under attack. Every day, foreign actors - the worst offenders being Russia, China, Iran, and North Korea - are penetrating our digital infrastructure and conducting a range of cyber-intrusions and attacks against targets in the United States". Recently, Congress has zeroed out nearly $400 million from the fund used to protect the integrity of our election and has blocked subsequent efforts to fund it across partisan lines. In April 2018, the White House Cybersecurity coordinator was relieved from his role less than six months from the November elections. As of the end of July no replacement has been named. Moreover, tough sanctions passed by congress in July 2017 are yet to be implemented as of July 2018. It may be too late for anyone to take the helm and implement meaningful protections at such a late stage. Collaborating to stop these attacks requires leadership, funding, a competent team, communications and sharing. At this point in time we have the competent team members in the form of our intelligence agencies that are raring to be let loose. However there is no leadership, no mandate and no funding. We also find ourselves in a strange situation with sparse dialog with our allies due to newly formed political trust issues. The patient is not in trouble because a first- year med student is the surgeon. Rather, the patient has been abandoned by the surgeon with little time to live while the operating room is dark because nobody paid the utility bill. Next in this series we will look at an example of Russia's nation-state hacking teams and their construct in our blog: Putin's Eleven – Nation State hacker teams uncovered. Learn more by visiting our web site: Acreto.io -- On Twitter: @acretoio and if you haven’t done so, sign up for the Acreto Crypto-n-IoT podcast. You can get it from Apple – Google or your favorite podcast app. About Acreto IoT Security Acreto IoT Security delivers advanced security for IoT Ecosystems, from the cloud. IoTs are slated to grow to 50 Billion by 2021. Acreto’s Ecosystem security protects all Clouds, users, applications, and purpose-built IoTs that are unable to defend themselves in-the-wild. The Acreto platform offers simplicity and agility, and is guaranteed to protect IoTs for their entire 8-20 year lifespan. The company is founded and led by an experienced management team, with multiple successful cloud security innovations. Learn more by visiting Acreto IoT Security on the web at acreto.io or on Twitter @acretoio.

Interview with Valentino De Sousa, cyberdefense lead for the UK and Ireland with Accenture Security, about SNAKEMACKERAL aka Fancybear, APT28, and Sofacy.

In this week’s Symantec Cyber Security Brief we discuss two of our recently-published pieces of research. First, we are joined by Threat Analyst Stephen Doherty to discuss the recent activity of APT28 (aka Swallowtail, Fancy Bear), which made headlines in 2016 due to its involvement in cyber attacks against an organisation involved in the U.S. presidential election. Then, we talk about our newly published whitepaper examining the topic of cryptojacking – one of the hottest subjects in the world of cyber security in 2018. Finally, we discuss a first-of-its-kind case in the U.S. where a criminal suspect was forced by the FBI to use Face ID to unlock his iPhone.

В конце июля 2018 года вице-президент Microsoft, Том Берт (Tom Burt) выступил на мероприятии Aspen Security Forum, где рассказал о том, что в текущем году специалисты компании обнаружили и помогли властям США предотвратить атаки, направленные как минимум против трех кандидатов в Конгресс. Ответственность за эти атаки, предположительно, лежит на российских «правительственных хакерах». Дело в том, что осенью 2018 года в США пройдут так называемые «промежуточные выборы» — это выборы в Сенат и Палату представителей, а также губернаторские выборы в ряде штатов. Теперь, спустя месяц, представители Microsoft заявили, что раскрыли еще одну попытку вмешательства в грядущие выборы. На этот раз компании удалось обнаружить готовящуюся фишинговую кампанию, за которой якобы стояли работающие на ГРУ хакеры из группировки APT28, также известной под названиями Fancy Bear, Pawn Storm, Strontium, Sofacy, Sednit и Tsar Team. Президент Microsoft Брэд Смит (Brad Smith) сообщил, что сотрудники Digital Crimes Unit выполнили предписание суда и перехватили управление шестью доменами, созданными группировкой: my-iri.org; hudsonorg-my-sharepoint.com; senate.group; adfs-senate.services; adfs-senate.email; office365-onedrive.com. Первый и второй домены пытаются имитировать настоящие домены Международного республиканского института и Института Хадсона. Еще три домена — это попытка подделать различные ресурсы, связанные с ИТ-инфраструктурой Сената. Предполагается, что все они должны были стать частью узконаправленных фишингововых кампаний, хотя конкретные цели хакеров идентифицировать не удалось, и злоумышленники так и не успели воспользоваться доменами по назначению. Смит сообщает, что за последние два года Microsoft «закрыла» уже 84 домена, так или иначе связанных с APT28 и фальшивыми сайтами, создаваемыми группой. Нужно отметить, что каких-либо доказательств и технических подробностей заявление Microsoft не содержит. Специалисты ограничиваются общими словами о том, что схема действий хакеров зеркально повторяет паттерны, которые ранее наблюдались во время атак на президентские выборы в США в 2016 году и прошлогодние президентские выборы во Франции. Обвинения Microsoft уже прокомментировали представители МИД РФ и пресс-секретарь президента РФ Дмитрий Песков. «Мы не знаем, о каких хакерах говорится [в заявлении компании], в чем заключается влияние на выборы, — заявил Песков. — Из Америки мы слышим подтверждения о том, что никакого влияния на выборы не было. О ком именно идет речь? Что является доказательствами и на основании чего делаются выводы вот такой категории — мы не понимаем. Такие данные отсутствуют. Соответственно мы к таким утверждениям и относимся». «Жаль, что крупной международной компании, к тому же давно, активно и успешно работающей на российском рынке, приходится участвовать в захватившей Вашингтон охоте на ведьм,— говорится в сообщении Министерства иностранных дел. — Это их выбор. Нам же придется сделать необходимые выводы».

This week it was revealed that six new domains registered by APT28, spoofing nonprofit, Senate, and Microsoft domains, have been sinkholed. With November’s US midterm elections fast-approaching, we dive into the latest threats and discuss how organizations can understand the threat posed to them by such malicious actors. Dr Richard Gold, Head of Security Engineering at Digital Shadows, joins Mike Marriott to discuss threat modeling; outlining the steps organizations can take to define their critical assets, understand the threat landscape, and create scenarios based on these. This enables organizations to identify security controls that are in place to mitigate, prevent and detect a specific threat actor's tradecraft, as well as uncover gaps in controls and establish a remediation plan.

Early Tuesday, Microsoft announced that last week it seized control of six domains owned by the Russian hacking group Fancy Bear, also known as APT28. The hackers had used the sites to mount midterm election-related phishing campaigns, similar to those Fancy Bear launched during the 2016 United States election season. It's the most prominent, publicly known effort to proactively identify and thwart Russian election hacking efforts—and Microsoft's in a unique position to pull it off.

In the first segment of the show, Host George Rettas provides analysis on last week's announcement by the FBI recommending that all Americans reboot their office and home routers to mitigate a nation state threat from the Russian Government. Then Senior Product Manager of DFLabs, John Moran appears on the show to level set the incident response problems and the desire for organizations to decrease the mean time to mitigating cyber attacks when they are detected. Moran level sets the incident response environment, talks about how the talent crisis has effected the ability of organizations to respond to incidents, and lays out how the orchestration and automation of the incident response process can help your organization defend itself against attacks that are getting more sophisticated in nature every day.

El malware VPNfilter detectado primero por CISCO Talos ha infectado al menos 500.000 routers y está dando mucho que hablar. Los investigadores atribuyen la creación de este virus a los grupos de cibercriminales APT28 y Fancy Bears, vinculado con el "hackeo" en 2016 de las pruebas de doping de las deportistas Simone Biles y las hermanas Williams. Varias agencias de seguridad online y después el FBI están recomendado el reinicio de este tipo de equipos, con especial hincapié en los de pequeñas empresas y los domésticos, aunque son conscientes de que este malware es difícil de detectar debido a su nivel de cifrado. "El FBI recomienda que cualquier propietario de pequeños enrutadores y enrutadores de oficinas domésticas apague (reinicie) los dispositivos", reza en la misiva, que se ha extendido como la pólvora por todo internet. Pero, ¿es posible deshacerse de un virus solo con reiniciar el equipo? Los expertos contradicen al FBI acerca de los más de 500.000 routers infectados por VPNFilter. En opinión de Lorenzo Martínez, especializado en seguridad informática y fundador de Securizame, está infección "es persistente", por lo que "aunque lo reinicies no lograrás evitar tener comprometido el router". "No me cuadra mucho que el FBI dé esa solución. Supongo que es por aquellos routers que hayan sido comprometidos por una versión de ese malware o por otras variantes de este, que no lograban persistencia", sostiene en declaraciones a ABC. Sin embargo, puede darse el caso que el dispositivo de Red no haya sido comprometido de manera persistente, un supuesto que se produce "cuando el malware que se instala resiste a los reinicios debido a que se copia en alguna parte del router, al arranque de este. Si se da la suerte que no llega a pasar esto, el router al arrancar no está comprometido, aunque puede darse el caso que no se haya instalado una actualización del software que solucione la vulnerabilidad y, en este caso el simple hecho de estar expuesto a Internet podrá ser comprometido nuevamente. De hecho, a pesar de los titulares, el FBI no especificaba en su comunicado que reiniciar el dispositivo sea una medida efectiva para acabar con este malware. Solo indicaba que reiniciar "interrumpiría temporalmente y haría más sencillo identificar los dispositivos cifrados. Se recomienda a los propietarios que consideren la desactivación de la configuración de administración remota en los dispositivos y la seguridad con contraseñas seguras y cifrado cuando esté habilitado", proseguía el mensaje, recomendando también que se actualizase el dispositivo con las últimas actualizaciones disponibles, un hecho que suele olvidarse porque no se suele operar directamente con este equipo.

In this week’s episode Shadow Talk, it’s a vulnerability extravaganza. We cover malicious use of legitimate software, as APT28 attributed to hijacking LoJack and Blackrouter delivered via AnyDesk software. Vulnerabilities found (and exploited) in GPON home routers, and Loki Bot exploits two remote code execution vulnerabilities in Microsoft Office (CVE-2017-8570 and CVE-2018-0802).

In today's podcast, we learn that Hurricane Reaper, the big IoT botnet, remains a digital tropical depression, but plenty of people are warning everyone to stock up on the cyber equivalents of flashlight batteries and bottled water. Czech parliament sites hacked in apparent election-related mischief. Kenya's contentious re-vote approaches. APT28 gets a Bronx cheer for lame CyCon phishing, but don't get cocky, kid. KnowBe4 and Cisco announce acquisitions. Kaspersky seeks to undo reputational damage inflicted by US Government ban. The FBI re-engages in the crypto wars. David DuFour from Webroot on phishing trends. Phil Neray from CyberX reviewing their Global ICS & IIoT Risk Report. If you had a nose job at London Bridge Plastic Surgery, someone's got your before and after pix. 

Free wi-fi is widely available and tempting to use, especially when traveling.  Hotels, airports, coffee shops, even NYC subway stations provide it.  But the dangers of public wi-fi are many-fold.  Not only are they hunting grounds for hackers, but a new report from security firm FireEye claims a Russian hacker group known as APT28, or Fancy Bear, used hotel Wi-Fi networks to spy on high-value guests. While use of Virtual Private Networks (VPNs) can safeguard against unsafe wi-fi networks, recent bans of VPNs by Russia and China further complicate matters.  Bob Braun with Jeffer Mangels, Butler & Mitchell, says when using any public wi-fi, you are inherently at risk.  

Allowing terrible passwords, four arrested in Game of Thrones leak, using EternalBlue to attack hotel guests, and more. Don Pezet of ITProTV joins us to deliver expert commentary on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode136 Visit http://hacknaked.tv to get all the latest episodes!

Allowing terrible passwords, four arrested in Game of Thrones leak, using EternalBlue to attack hotel guests, and more. Don Pezet of ITProTV joins us to deliver expert commentary on this episode of Hack Naked News! Full Show Notes: https://wiki.securityweekly.com/HNNEpisode136 Visit http://hacknaked.tv to get all the latest episodes!