Podcasts about black basta

Dean Teffer of Arctic Wolf reveals how they process 8 trillion weekly security observations to find "a needle in a stack of needles," and breaks down real-world GenAI lessons learned.Topics Include:Dean Teffer, VP of AI at Arctic Wolf, discusses company's GenAI journeyArctic Wolf: decade-old security operations company serving mid-market customers globallyOperates massive security operation center, now launching AI-powered productsAI agent recently identified Black Basta ransomware attack, enabling rapid containmentDean's 15+ years in cybersecurity: traditional ML focused on detectionGenAI breakthrough allows natural language interaction with security modelsArctic Wolf processes 8 trillion weekly observations, correlating suspicious activitiesChallenge: finding specific threats in "stack of needles," not haystackSuccess measured by making human analysts faster, more consistent, scalableEvolved from treating GenAI like traditional ML to integrated workflowsKey misconception: GenAI isn't magic, needs proper data and reasoningAdvice: start with existing challenges, build flexible systems for adaptationGenAI excels at summarizing information and supporting complex decisionsFuture vision: AI handles routine threats, humans focus on creativityDemocratizing machine learning capabilities to broader range of subject expertsParticipants:Dean Teffer – Vice President of AI, Arctic WolfFurther Links:Arctic Wolf: Website | LinkedIn | AWS MarketplaceSee how Amazon Web Services gives you the freedom to migrate, innovate, and scale your software company at https://aws.amazon.com/isv/

This segment is sponsored by Flashpoint. Visit https://securityweekly.com/flashpoint to learn more about them! Recent leaks tied to LockBit and Black Basta have exposed the inner workings of two of the most notorious ransomware groups—revealing their tactics, negotiation strategies, and operational infrastructure. For defenders, this rare window into adversary behavior offers critical intelligence to strengthen incident response and prevention strategies. In this interview, we'll break down what these leaks reveal and how security teams can use this intelligence to proactively harden their defenses, including: Key takeaways from the LockBit and Black Basta leaks—and what they confirm about ransomware operations How leaked playbooks, chats, and toolkits can inform detection and response Practical steps to defend against modern ransomware tactics in 2025 In the security news: Practical exploit code Old vulnerabilities, new attackers AI and web scraping - the battle continues 0-Days: You gotta prove it WinRAR 0-Day LLM patch diffing $20 million bug bounty Your APT is showing Hacking from the routers Its that easy eh? NIST guidance on AI Words have meaning Developers knowingly push vulnerable code My Hackberry PI post is live: https://eclypsium.com/blog/build-the-ultimate-cyberdeck-hackberry-pi/ Resources: Inside the LockBit Leak: Rare Insights Into Their Operations: https://flashpoint.io/blog/inside-the-lockbit-leak/?utmcampaign=WBHostedSCMedia2025&utmsource=SCMedia&utmmedium=email&sfcampaign_id=701Rc00000S48bZIAR 2025 Ransomware Survival Guide: https://flashpoint.io/resources/e-book/2025-ransomware-survival-guide/?utmcampaign=WBHostedSCMedia2025&utmsource=SCMedia&utmmedium=email&sfcampaign_id=701Rc00000S48bZIAR AI and Threat Intelligence: The Defenders' Guide https://go.flashpoint.io/ai-and-threat-intelligence-guide?utmcampaign=WBHostedSCMedia2025&utmsource=SCMedia&utmmedium=email&sfcampaign_id=701Rc00000S48bZIAR Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-888

This segment is sponsored by Flashpoint. Visit https://securityweekly.com/flashpoint to learn more about them! Recent leaks tied to LockBit and Black Basta have exposed the inner workings of two of the most notorious ransomware groups—revealing their tactics, negotiation strategies, and operational infrastructure. For defenders, this rare window into adversary behavior offers critical intelligence to strengthen incident response and prevention strategies. In this interview, we'll break down what these leaks reveal and how security teams can use this intelligence to proactively harden their defenses, including: Key takeaways from the LockBit and Black Basta leaks—and what they confirm about ransomware operations How leaked playbooks, chats, and toolkits can inform detection and response Practical steps to defend against modern ransomware tactics in 2025 In the security news: Practical exploit code Old vulnerabilities, new attackers AI and web scraping - the battle continues 0-Days: You gotta prove it WinRAR 0-Day LLM patch diffing $20 million bug bounty Your APT is showing Hacking from the routers Its that easy eh? NIST guidance on AI Words have meaning Developers knowingly push vulnerable code My Hackberry PI post is live: https://eclypsium.com/blog/build-the-ultimate-cyberdeck-hackberry-pi/ Resources: Inside the LockBit Leak: Rare Insights Into Their Operations: https://flashpoint.io/blog/inside-the-lockbit-leak/?utmcampaign=WBHostedSCMedia2025&utmsource=SCMedia&utmmedium=email&sfcampaign_id=701Rc00000S48bZIAR 2025 Ransomware Survival Guide: https://flashpoint.io/resources/e-book/2025-ransomware-survival-guide/?utmcampaign=WBHostedSCMedia2025&utmsource=SCMedia&utmmedium=email&sfcampaign_id=701Rc00000S48bZIAR AI and Threat Intelligence: The Defenders' Guide https://go.flashpoint.io/ai-and-threat-intelligence-guide?utmcampaign=WBHostedSCMedia2025&utmsource=SCMedia&utmmedium=email&sfcampaign_id=701Rc00000S48bZIAR Show Notes: https://securityweekly.com/psw-888

This segment is sponsored by Flashpoint. Visit https://securityweekly.com/flashpoint to learn more about them! Recent leaks tied to LockBit and Black Basta have exposed the inner workings of two of the most notorious ransomware groups—revealing their tactics, negotiation strategies, and operational infrastructure. For defenders, this rare window into adversary behavior offers critical intelligence to strengthen incident response and prevention strategies. In this interview, we'll break down what these leaks reveal and how security teams can use this intelligence to proactively harden their defenses, including: Key takeaways from the LockBit and Black Basta leaks—and what they confirm about ransomware operations How leaked playbooks, chats, and toolkits can inform detection and response Practical steps to defend against modern ransomware tactics in 2025 In the security news: Practical exploit code Old vulnerabilities, new attackers AI and web scraping - the battle continues 0-Days: You gotta prove it WinRAR 0-Day LLM patch diffing $20 million bug bounty Your APT is showing Hacking from the routers Its that easy eh? NIST guidance on AI Words have meaning Developers knowingly push vulnerable code My Hackberry PI post is live: https://eclypsium.com/blog/build-the-ultimate-cyberdeck-hackberry-pi/ Resources: Inside the LockBit Leak: Rare Insights Into Their Operations: https://flashpoint.io/blog/inside-the-lockbit-leak/?utmcampaign=WBHostedSCMedia2025&utmsource=SCMedia&utmmedium=email&sfcampaign_id=701Rc00000S48bZIAR 2025 Ransomware Survival Guide: https://flashpoint.io/resources/e-book/2025-ransomware-survival-guide/?utmcampaign=WBHostedSCMedia2025&utmsource=SCMedia&utmmedium=email&sfcampaign_id=701Rc00000S48bZIAR AI and Threat Intelligence: The Defenders' Guide https://go.flashpoint.io/ai-and-threat-intelligence-guide?utmcampaign=WBHostedSCMedia2025&utmsource=SCMedia&utmmedium=email&sfcampaign_id=701Rc00000S48bZIAR Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-888

This segment is sponsored by Flashpoint. Visit https://securityweekly.com/flashpoint to learn more about them! Recent leaks tied to LockBit and Black Basta have exposed the inner workings of two of the most notorious ransomware groups—revealing their tactics, negotiation strategies, and operational infrastructure. For defenders, this rare window into adversary behavior offers critical intelligence to strengthen incident response and prevention strategies. In this interview, we'll break down what these leaks reveal and how security teams can use this intelligence to proactively harden their defenses, including: Key takeaways from the LockBit and Black Basta leaks—and what they confirm about ransomware operations How leaked playbooks, chats, and toolkits can inform detection and response Practical steps to defend against modern ransomware tactics in 2025 In the security news: Practical exploit code Old vulnerabilities, new attackers AI and web scraping - the battle continues 0-Days: You gotta prove it WinRAR 0-Day LLM patch diffing $20 million bug bounty Your APT is showing Hacking from the routers Its that easy eh? NIST guidance on AI Words have meaning Developers knowingly push vulnerable code My Hackberry PI post is live: https://eclypsium.com/blog/build-the-ultimate-cyberdeck-hackberry-pi/ Resources: Inside the LockBit Leak: Rare Insights Into Their Operations: https://flashpoint.io/blog/inside-the-lockbit-leak/?utmcampaign=WBHostedSCMedia2025&utmsource=SCMedia&utmmedium=email&sfcampaign_id=701Rc00000S48bZIAR 2025 Ransomware Survival Guide: https://flashpoint.io/resources/e-book/2025-ransomware-survival-guide/?utmcampaign=WBHostedSCMedia2025&utmsource=SCMedia&utmmedium=email&sfcampaign_id=701Rc00000S48bZIAR AI and Threat Intelligence: The Defenders' Guide https://go.flashpoint.io/ai-and-threat-intelligence-guide?utmcampaign=WBHostedSCMedia2025&utmsource=SCMedia&utmmedium=email&sfcampaign_id=701Rc00000S48bZIAR Show Notes: https://securityweekly.com/psw-888

In this Risky Business News sponsor interview, Catalin Cimpanu talks with Bobby Filar, Head of Machine Learning at Sublime Security. Bobby takes us through the rising problem of spam bombing, or email bombing, a technique threat actors are increasingly using for initial access into corporate environments. Show notes Bobby Filar Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing” Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators Storm-1811 exploits RMM tools to drop Black Basta ransomware Massive Email Bombs Target .Gov Addresses A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist

What's it like within a hacking group? After 190,000 chat messages from the Black Basta group leak, we get an inside look at operations within such a group. In this episode, Jay and Joao discuss this recent development. Also, breaking news regarding CVE's literally almost becoming a thing of the past!

Send us a textDebbie Reynolds “The Data Diva” talks to Lawrence Gentilello, CEO and Founder of Optery, a company dedicated to removing personal data from online databases to enhance privacy and security for individuals and businesses. We discuss his career journey, beginning with his early work in the data industry at BlueKai, a firm specializing in collecting intent and purchase data for targeted advertising. He discusses how the industry evolved from simple ad personalization into a vast ecosystem where personal data is used in ways that can pose risks to individuals. His decision to launch Optery in 2020 was influenced by both his professional experience and a personal incident in which criminals used publicly available information to create fraudulent IDs in his and his wife's names.Debbie and Lawrence examine the hidden world of data brokers—companies that gather, package, and sell personal information without individuals' direct knowledge or consent. Lawrence describes how these brokers operate across different sectors, from advertising and email prospecting to risk analytics and law enforcement databases. He highlights the difficulty individuals face in protecting their information, as the average person has around 100 exposed online profiles, making them vulnerable to identity theft, cyberattacks, and even physical security threats.The discussion also covers emerging threats, including the rise of AI-native data brokers—companies that use artificial intelligence to automate the collection and sale of personal data at an even greater scale. Lawrence describes how these firms often operate without transparency and avoid legal disclosure, making it harder for individuals to track how their information is being used. He also references a recent incident involving the Russian ransomware gang Black Basta, where leaked internal communications revealed that cybercriminals were using data broker services like ZoomInfo and RocketReach to research and target victims.Debbie and Lawrence explore the real-world consequences of unchecked data sharing, including phishing scams, cyberattacks, and even physical harm. They discuss how executives, government officials, and everyday individuals become targets due to the ease of accessing their personal data online. Lawrence explains how Optery's services help address these risks through deep-crawling search technology, before-and-after screenshot verification, and automated monthly scans that continuously remove exposed information.Lawrence outlines his vision for improving privacy protections. He advocates for a standardized set of privacy laws across the U.S., stronger enforcement against data brokers that fail to comply with regulations, and the inclusion of authorized agent provisions in all privacy laws to ensure individuals can get assistance in managing their data. Debbie emphasizes the importance of ongoing awareness and proactive steps to combat the risks associated with data brokers. This insightful discussion sheds light on the urgent need for privacy-focused solutions and stronger policies to protect individuals and their data.Support the show

In our latest podcast episode, we delve into the evolving landscape of cybersecurity threats, uncovering how sophisticated attacks are crippling industries and government institutions. We examine how the Black Basta ransomware gang is leveraging brute-force attacks against edge devices, enabling them to infiltrate networks with alarming efficiency. This highlights the growing need for businesses to fortify their perimeter defenses. Additionally, we discuss the Cleveland Municipal Court cyberattack, which has left operations crippled for over three weeks, shedding light on the prolonged impact of cyber incidents on the judicial system. Similarly, we explore the Atchison County government shutdown, where a cyberattack forced local offices to close, emphasizing the vulnerabilities in public sector cybersecurity. We also analyze a recent KnowBe4 report, which warns that the education sector remains dangerously unprepared for escalating cyberattacks, leaving schools and universities at high risk. Finally, we examine a newly discovered Microsoft365 exploit, where attackers are bypassing traditional email security measures, prompting an FBI warning for Gmail, Outlook, and VPN users to take immediate action. Cyber threats are evolving rapidly—are organizations prepared to defend against them? Tune in as we break down these incidents and discuss proactive security measures to mitigate risks.

Critical Cybersecurity Updates: Ransomware, VPN Breaches, and Microsoft Vulnerabilities In this episode of 'Cybersecurity Today,' host Jim Love delves into emerging threats and vulnerabilities in the digital world. The Black Basta Ransomware Group has created a brute force tool to target VPNs and firewalls. The FBI and CISA alert users about Medusa ransomware, which has impacted over 300 organizations. A critical flaw in the popular Updraft Plus WordPress plugin is highlighted, exposing sensitive data. The FBI reports a surge in toll payment scams, and Microsoft's latest security update addresses severe vulnerabilities in Remote Desktop Services. Additionally, a breach within the Department of Government Efficiency underscores the risks of improper data handling. Stay informed about how to protect your systems and data in this comprehensive cybersecurity update. 00:00 Introduction to Cybersecurity News 00:27 Black Basta Ransomware Group's New Tool 02:18 Medusa Ransomware Advisory 03:43 WordPress Updraft Plus Vulnerability 05:12 Toll Payment Scams on the Rise 06:40 Microsoft's Critical RDS Vulnerabilities 09:35 DOGE's Treasury Data Breach 11:37 Conclusion and Contact Information

Black Basta creates tool to automate VPN brute-force attacks Bipartisan Senate bill offers improved cybersecurity for water utilities LockBit developer extradited from Israel, appears in New Jersey court Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals.   With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout.  Find the stories behind the headlines at CISOseries.com.

Critical Microsoft Patch Tuesday release includes near-record number of zero-days with six already being exploited. Apple releases patches for Safari browser engine affecting all devices. Analysis of leaked Black Basta ransomware gang chat logs reveals valuable insights on attack strategies and evasion techniques. Recent DDoS attack against X (formerly Twitter) remains largely unattributed despite claims from hacker group DarkStorm and debunked assertions about Ukrainian IP addresses.Remember, Stay a Little Paranoid Subscribe: This Week Health Twitter: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Episode 202 of Breaking Badness takes a deep dive into two of the biggest cybersecurity stories of the year (so far): ● Black Basta's Leaked Chats – A major data leak has exposed internal conversations from this notorious ransomware gang, revealing their internal struggles, ransom negotiations, and even workplace drama. ● Salt Typhoon's Cyber Espionage – A sophisticated Chinese threat group has been caught infiltrating major U.S. telecommunications providers, raising serious concerns about national security.

Broadcom reports three actively exploited zero-day vulnerabilities affecting VMware ESXi, Workstation, and Fusion products that require immediate patching. Leaked chat logs from the Black Basta ransomware group reveal internal conflicts, operational tactics, and efforts to circumvent cybersecurity tools. Lastly, A demonstration of Sesame's new voice AI technology shows concerningly realistic capabilities that could potentially lead users to inadvertently share private information.Remember, Stay a Little Paranoid Subscribe: This Week Health Twitter: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

US Treasury Department sanctions Iranian national accused of running the Nemesis criminal marketplace. Hunters International threatens to leak data stolen from Tata Technologies. Apple challenges U.K.'s iCloud encryption backdoor order. UK competition regulator says no investigation into Microsoft's OpenAI partnership. Stealthy malware campaign targets the UAE's aviation and satellite industry. This week on our CertByte segment, N2K's Chris Hare is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate (CCNA) exam. And hackers hit the books. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. This week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate (CCNA) exam, 201-301, version 1.1 exam. Today's question comes from N2K's Cisco Certified Network Associate (CCNA 200-301) Practice Test.  According to Cisco, the CCNA is the industry's most widely recognized and respected associate-level certification. To learn more about this and other related topics under this objective, please refer to the following resource: https://learningnetwork.cisco.com/s/article/protection-techniques-nbsp-from-wardriving-attack  To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.cisco.com/site/us/en/learn/training-certifications/certifications/enterprise/ccna/index.html Selected Reading Treasury sanctions Iranian national behind defunct Nemesis darknet marketplace (The Record) Ransomware Group Claims Attack on Tata Technologies (SecurityWeek)  Apple is challenging U.K.'s iCloud encryption backdoor order (TechCrunch) UK's competition regulator says Microsoft's OpenAI partnership doesn't qualify for investigation (TechCrunch)   Call It What You Want: Threat Actor Delivers Highly Targeted Multistage Polyglot Malware (Proofpoint) Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear (GuidePoint Security) Fake police call cryptocurrency investors to steal their funds (Bitdefender) Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (Bleeping Computer)   Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement (CyberScoop)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Forecast = Ransomware storms surge with an 87% spike in industrial attacks—brace for ICS strikes from GRAPHITE and BAUXITE! Infostealers hit healthcare and education, while VPN vulnerabilities pour in—grab your digital umbrella! ‍ It's report season and today the crew kicks things off with a breakdown of Veracode's State of Software Security 2025 Report, highlighting significant improvements in OWASP Top 10 pass rates but also noting concerning trends in high-severity flaws and security debt. Next, we take a peek at Dragos's 2025 OT/ICS Cybersecurity Report, which reveals an increase in ransomware attacks against industrial organizations and the emergence of new threat groups like GRAPHITE and BAUXITE. The report also details the evolution of malware targeting critical infrastructure, such as Fuxnet and FrostyGoop. The Huntress 2025 Cyber Threat Report is then discussed, showcasing the dominance of infostealers and malicious scripts in the threat landscape, with healthcare and education sectors being prime targets. The report also highlights the shift in ransomware tactics towards data theft and extortion. The team also quickly covers a recent and _massive_ $1.5 billion Ethereum heist. We *FINALLY* cover some recent findings from Censys, including their innovative approach to discovering non-standard port usage in Industrial Control System protocols. This segment also touches on the growing threat posed by vulnerabilities in edge security products. We also *FINALLY* get around to checking out VulnCheck's research, including an analysis of Black Basta ransomware group's tactics based on leaked chat logs, and their efforts to automate Stakeholder Specific Vulnerability Categorization (SSVC) for more effective vulnerability prioritization. The episode wraps up with mentions of GreyNoise's latest reports on mass internet exploitation and a newly discovered DDoS botnet, providing listeners with a well-rounded view of the current cybersecurity landscape. Storm Watch Homepage >> Learn more about GreyNoise >>  

In this Risky Business Talks interview we invited Will Thomas to talk about the recent leak of internal chats from the Black Basta ransomware group. Will is a SANS Instructor, co-author of the SANS FOR589 course, and the co-founder of a community research project for CTI analysts called Curated Intelligence. Will walks us through the Black Basta leak and uses the group's attack on US healthcare provider Ascension to break down how the gang operated. Show notes Risky Bulletin: BlackBasta implodes, internal chats leak online BlackBasta's internal chats just got exposed BlackBasta Chat Logs BlackBastaGPT BlackBasta Leaks: Lessons from the Ascension Health attack Inside the Black Basta Leak: How Ransomware Operators Gain Access

On This Episode of the Defending The Edge Podcast with DefendEdge, the team talks about how AI could be used to predict earthquakes, ransomware groups decreasing their TTR, Black Basta's internal conflicts being shared with the threat intelligence community and more. 

In this episode of Hacker in the Fed, former FBI special agent Chris Tarbell and ex-black hat hacker turned cybersecurity expert Hector Monsegur discuss the leaked Black Basta ransomware logs, a $1.4 billion crypto heist, and new threats targeting Signal Messenger. They also share insights from their latest speaking events, the role of AI in cybersecurity, and the pros and cons of IT centralization in government. Send HATF your questions at questions@hackerandthefed.com.

We're experimenting and would love to hear from you!In this episode of 'Discover Daily', a massive leak from the Black Basta ransomware group reveals shocking details about modern cybercrime networks, including a 17-year-old member and $28.7M ransom demands. Security researchers uncover how the group uses corporate tools like ZoomInfo to target English-speaking organizations, while internal conflicts stall their operations. Dive into the dark world of double extortion tactics and parallels to the infamous Conti ransomware leak.In medical tech, meet Mal-ID – an AI breakthrough analyzing immune cells to detect diseases like HIV, lupus, and COVID-19 from a single blood test. Discover how machine learning decodes B-cell and T-cell receptor patterns, offering hope for faster autoimmune disease diagnosis and silent infection detection. This "one-shot sequencing" method could revolutionize personalized medicine by mapping your immune system's entire history.Lastly, evolution gets a rewrite as scientists discover gene loss drives adaptation in marine life. A Molecular Biology and Evolution study shows how sea squirts called appendicularians thrived by deleting 16 key genes, enabling radical ocean adaptations and hidden "cryptic species." Explore the "less is more" evolutionary model challenging assumptions about genetic complexity – and what it means for future bioengineering breakthroughs.From Perplexity's Discover Feed:https://www.perplexity.ai/page/leaked-chat-logs-expose-ransom-TNwzdMedSOCWv34yS7HItg https://www.perplexity.ai/page/ai-tool-diagnoses-diabetes-hiv-60yD.7CfT9OBJzcTZ.LYMw https://www.perplexity.ai/page/scientists-develop-new-view-of-LQXruZGGQ1Oxdf.UzbgaJgIntroducing Perplexity Deep Research:https://www.perplexity.ai/hub/blog/introducing-perplexity-deep-research Perplexity is the fastest and most powerful way to search the web. Perplexity crawls the web and curates the most relevant and up-to-date sources (from academic papers to Reddit threads) to create the perfect response to any question or topic you're interested in. Take the world's knowledge with you anywhere. Available on iOS and Android Join our growing Discord community for the latest updates and exclusive content. Follow us on: Instagram Threads X (Twitter) YouTube Linkedin

Forecast = Expect a storm of insights as we tackle cybersecurity's cloudy diversity gaps, edge device downpours, and ransomware winds blowing from Black Basta! ‍ In this episode of Storm⚡️Watch, we kick things off with an insightful interview with Mary N. Chaney, the CEO of Minorities in Cybersecurity (MiC). MiC is a groundbreaking organization dedicated to addressing the lack of support and representation for women and minority leaders in cybersecurity. Mary shares how MiC is building a community that fosters leadership development and equips members with essential skills for career advancement. We also discuss the alarming statistics that highlight the underrepresentation of minorities in cybersecurity leadership roles and explore how MiC's programs, like The MiC Inclusive Community™ and The MiC Leadership Series™, are making a tangible difference. Next, the crew descends into a critical discussion about edge security products, drawing on insights from Censys. These devices, while vital for network protection, are increasingly becoming prime targets for attackers. We examine recent vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog, including flaws in products from Palo Alto Networks and SonicWall, and explore how state-sponsored actors like Salt Typhoon are exploiting these weaknesses. The conversation underscores the importance of proactive patch management and tools like attack surface monitoring to mitigate risks. In the next segment, we analyze leaked chat logs from the Black Basta ransomware group with insights from VulnCheck. These logs reveal how Black Basta prioritizes vulnerabilities in widely used enterprise technologies, their rapid response to new advisories, and even their pre-publication knowledge of certain CVEs. We break down their strategy for selecting targets based on financial viability, industry focus, and vulnerability presence, offering actionable advice for defenders to stay ahead. Finally, we turn our attention to GreyNoise's recent observations of active exploitation campaigns targeting Cisco vulnerabilities by Salt Typhoon, a Chinese state-sponsored group. Using data from GreyNoise's global observation grid, we discuss how legacy vulnerabilities like CVE-2018-0171 remain valuable tools for advanced threat actors. This segment highlights the importance of patching unaddressed issues and leveraging real-time threat intelligence to protect critical infrastructure. Storm Watch Homepage >> Learn more about GreyNoise >>  

In this explosive episode of Security Squawk, we dive deep into the latest wave of devastating ransomware attacks that are shaking the foundations of healthcare, education, and major industries. From hospitals to vodka makers, no sector is safe from the relentless onslaught of cybercriminals. Healthcare Crisis: Discover how Anna Jaques Hospital and PIH Health fell victim to attacks, exposing sensitive data of over 300,000 patients and disrupting critical care services. Education Under Attack: Learn about the ransomware strike on Highland Park ISD in Texas, and the challenges faced by schools in the digital age. Industry Giants Crumble: Uncover how a ransomware attack forced vodka maker Stoli to file for bankruptcy, showcasing the financial devastation of cyber threats. ️ Government in the Crosshairs: Explore the ongoing saga of the Hoboken City Hall ransomware attack and its impact on local government services. Medical Tech at Risk: Analyze the alarming ransomware attack on a leading heart surgery device maker and its potential life-threatening consequences. Supply Chain Chaos: Examine the far-reaching implications of the Blue Yonder SaaS breach by the Termite ransomware gang on global supply chains. Plus, don't miss our crucial follow-up section: FBI's Urgent Warning: Learn why the FBI is urging users to change their WhatsApp, Facebook Messenger, and Signal apps immediately. ‍♂️ Evolving Threats: Uncover the latest tactics of the Black Basta ransomware group, including email bombing and QR code manipulation. Join our expert panel as we dissect these cyber attacks, discuss prevention strategies, and explore the future of cybersecurity in an increasingly vulnerable digital landscape.

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest David Cross, SVP/CISO, Oracle. Also check out David's travel blog and recent “Secure by Default” white paper at IT ISAC. Thanks to our show sponsor, Dropzone AI Security operations are evolving, and AI is leading the way. Dropzone AI autonomously investigates 100% of your alerts with precision, freeing up your team to focus on real threats. See how this works in action. Visit dropzone.ai and schedule a demo today. Add to Description: All links and the video of this episode can be found on CISO Series.com

In this episode of Security Squawk, we dive deep into the alarming rise of data breaches that bypass ransomware altogether. As cybercriminals evolve their tactics, organizations are left vulnerable to silent intrusions that compromise sensitive information without a ransom demand. Join us as we explore recent high-profile cases, including the shocking breach affecting 800,000 individuals at Landmark Insurance and the cunning new tactics employed by the Black Basta ransomware group posing as IT support on Microsoft Teams. We'll also follow up on previous stories, including the delayed disclosures from Henry Schein and the massive data theft impacting UnitedHealth. Tune in to discover how these trends are reshaping the cybersecurity landscape and what businesses can do to safeguard their data against this emerging threat. Don't miss out—your data might depend on it!

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Daria Pop to discuss the latest trends in ransomware and the evolving role of AI in cyber threats. Daria Pop provides insights into the shifting tactics of Black Basta ransomware, including their use of phishing, social engineering, and remote management tools. The discussion also covers the persistence of malvertising and its challenges for defenders. Anna Seitz explores how state-sponsored threat actors, including Forest Blizzard, Emerald Sleet, and Crimson Sandstorm, are leveraging large language models (LLMs) for various malicious activities.     In this episode you'll learn:        Why the takedown of Qakbot impacted Black Basta's strategies  What malvertising is and why its persistence is due to the complex nature of ad traffic  How the MITRE Atlas framework assists defenders in identifying new threats    Some questions we ask:        What role does social engineering play in the campaigns involving Quick Assist?  How are North Korean threat actors like Emerald Sleep using LLMs for their campaigns?  Can you explain the changes in Black Basta's initial access methods over the years?    Resources:   View Anna Seitz on LinkedIn   View Daria Pop on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Forecast = Persistent cyber heat dome in effect with no sign of abatement. In this episode of Storm⚡️Watch, we dive into the latest cybersecurity news and trends. We kick things off with a breaking story about DigiCert's certificate revocation incident. Due to a validation issue affecting about 0.4% of their domain validations, DigiCert is revoking certificates with less than 24 hours' notice. This could impact thousands of SSL certs and potentially cause outages worldwide starting July 30 at 19:30 UTC. Organizations using affected certificates should be prepared for a busy night of renewals. Our Cyberside Chat focuses on a critical vulnerability in VMware ESXi hypervisors that ransomware operators are actively exploiting. Identified as CVE-2024-37085, this flaw allows attackers to gain full administrative access to ESXi servers without proper validation. Several ransomware groups, including Storm-0506 and Storm-1175, have been using this vulnerability to deploy ransomware like Akira and Black Basta. Microsoft reports that incidents targeting ESXi hypervisors have doubled over the past three years, highlighting the growing threat to these systems. In our Cyber Spotlight, we examine a global cyber espionage campaign conducted by North Korean hackers. This operation aims to steal classified military intelligence to advance Pyongyang's nuclear weapons program. The hackers, known as Anadriel or APT45, have targeted defense and engineering companies involved in producing tanks, submarines, naval ships, fighter jets, and missile technologies. The campaign affects not only the US, UK, and South Korea but also entities in Japan and India. This underscores the persistent threat posed by state-sponsored actors from North Korea in their pursuit of military and nuclear ambitions. We wrap up with our Tag Roundup, highlighting recent trends in cyber threats, and our KEV Roundup, discussing the latest known exploited vulnerabilities cataloged by CISA. These segments provide valuable insights into the current threat landscape and help our listeners stay informed about potential risks to their organizations. Don't forget to check out the Storm Watch homepage and learn more about GreyNoise for additional cybersecurity resources and updates. Storm Watch Homepage >> Learn more about GreyNoise >>  

Dick O'Brien from Symantec Threat Hunter team is talking about their work on "Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day." Also going to provide some background/history on Black Basta. CVE-2024-26169 in the Windows Error Reporting Service, patched on March 12, 2024, allowed privilege escalation. Despite initial claims of no active exploitation, recent analysis indicates it may have been exploited as a zero-day before the patch. The research can be found here: Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day Learn more about your ad choices. Visit megaphone.fm/adchoices

Dick O'Brien from Symantec Threat Hunter team is talking about their work on "Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day." Also going to provide some background/history on Black Basta. CVE-2024-26169 in the Windows Error Reporting Service, patched on March 12, 2024, allowed privilege escalation. Despite initial claims of no active exploitation, recent analysis indicates it may have been exploited as a zero-day before the patch. The research can be found here: Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day Learn more about your ad choices. Visit megaphone.fm/adchoices

Mai menü:google keresö algoritmus kiszivárgottAwareness - edzőterem élményWindows Defender Got You Down? Try No-Defender!Black Basta  Elérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show

On this week's retreat special, the entire Risky Business team is together in a tropical paradise for the first time. The team takes a break from the infinity pool to discuss the week's security news: Microsoft recalls Recall, but why did it have to be such a mess And a Windows kernel wifi code-exec, really? Passkeys and identity are hard Scattered Spider bigwig arrested in Spain The pentagon runs a deeply flawed info-op Is it time E2E crypto nerds accept their place in the world? And much, much more. This week's show is brought to you by Corelight… Corelight's CEO Brian Dye will be along in this week's sponsor interview to make a really compelling case for something that shouldn't exist… which is NDR in cloud environments. Show notes Microsoft shelves Recall feature release after security uproar Microsoft's Recall puts the Biden administration's cyber credibility on the line | CyberScoop Microsoft's cybersecurity vulnerabilities endanger America US lawmakers grill Microsoft president over China ties, hacks | Reuters Microsoft Refused to Fix Flaw Years Before SolarWinds Hack — ProPublica CVE-2024-30078 - Security Update Guide - Microsoft - Windows Wi-Fi Driver Remote Code Execution Vulnerability Security bug allows anyone to spoof Microsoft employee emails | TechCrunch Patrick Gray on X: "I was wrong about some things I said about iCloud accounts in this week's show and I'll tell you all exactly how I was wrong in next week's show" Passkeys in Microsoft Authenticator and Entra ID Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED MFA plays a rising role in major attacks, research finds | Cybersecurity Dive Luke Jennings on LinkedIn: saas-attacks/techniques/ghost_logins/description.md at main ·… Alleged Boss of ‘Scattered Spider' Hacking Group Arrested – Krebs on Security EXPOSED: Identities of Iranian Hackers Targeting Israel and Other Countries Revealed | Matzav.com Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating | Ars Technica Windows flaw may have been exploited with Black Basta ransomware before it was patched Crown Equipment Corporation victim of a Ransomware attack | Born's Tech and Windows World City governments in Michigan, New York face shutdowns after ransomware attacks Cleveland confirms ransomware attack as City Hall remains closed Authorities investigating extended ‘network outage' at organization that runs TheBus Pentagon ran secret anti-vax campaign to incite fear of China vaccines Shashank Joshi on X: "Just finished “Information Operations”, a new book by @TathamSteve. Includes this anecdote on a British effort to stop children throwing stones at a base in Afghanistan. “LRGR was the abbreviation for the Long-Range Gonad Reducer.” https://t.co/zmoxb45Cgz" Dmitri Alperovitch on X: "@shashj They also allegedly hacked the email of the lieutenant leading the medical service of the 960th unit and retrieved the medical certificates of 150 officers and enlisted personnel" Signal president Meredith Whittaker criticizes EU attempts to tackle child abuse material

Life360 faces extortion attempt after Tile data breach White House report highlights increase in federal attacks Russian hacker with ties to LockBit and Conti gangs arrested Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines.  

The Black Basta ransomware group has become a significant concern, prompting the issuance of a joint Cybersecurity Advisory. Join Steve Shappell and David Finz, Alliant Claims & Legal, as they discuss the escalating concern surrounding the Black Basta ransomware syndicate and its implications for cyber risk management. Originating from Russia, this group has been targeting healthcare and critical infrastructure sectors, prompting a joint cybersecurity advisory from several U.S. agencies. The advisory provides technical details and mitigation strategies to help organizations protect their data and networks. They also explore the importance of precise policy language in D&O insurance, especially in cases involving bankruptcy and prior acts, emphasizing the need for meticulous scrutiny to ensure comprehensive coverage.

Good morning from Pharma and Biotech daily: the podcast that gives you only what's important to hear in Pharma e Biotech world.## The healthcare industry is facing various challenges, including nursing homes suing to block a staffing mandate, healthcare organizations not being prepared for cyberattacks, the impact of Ascension's cyberattack, and a house committee targeting healthcare consolidation. Trends in addressing social determinants of health and site-neutral payments are also discussed. A report shows that over a third of healthcare organizations lack a cyberattack contingency plan. Stay informed on healthcare news and trends through the Healthcare Dive newsletter.## Data-driven marketing strategies are crucial for success in today's competitive landscape. Marketers are using data to optimize campaigns and gain insights into consumer behavior. Examples include Pop-Tarts Bites using data to improve ad recall and engagement rates. Legacy media investing in connected TV, retail media convergence, the impact of cookie deprecation on marketing strategies, and the latest trends in marketing data are also covered. Marketing Dive delivers this content to subscribers as part of their newsletter subscription.## AstraZeneca aims to expand its cancer drug sales, while Pfizer and Lilly enter the direct-to-consumer market online. The European Commission declines to revoke approval of PTC Duchenne drug, calling for a new review. Amgen's drug for tough-to-treat lung cancer receives FDA approval, and Regeneron faces new biosimilar threats. An AI biotech has laid off staff, with companies focusing on immune disease research and treatments. Moderna wins a patent dispute, Walgreens and CVS rethink their pharmacy business, and weight-loss drug shortages affect patients. Biopharma Dive provides news and insights on biotech and pharma trends.## AstraZeneca plans to achieve $80 billion in annual revenue by 2030, launching 20 new drugs before the end of the decade. Bio lays off 30 employees as Congress moves forward with the Biosecure Act. Lilly signs a potential $1.1 billion deal with Aktis Oncology for radiopharmaceuticals, GSK's long-acting asthma drug shows positive results in Phase III trials, FDA approves interchangeable biosimilars to Regeneron's Eylea, strong Phase III data for Dupixent by Sanofi and Regeneron, and AltruBio raises $225 million in Series B funding.## AstraZeneca invests $1.5 billion in an antibody-drug conjugate (ADC) manufacturing plant in Singapore. The global market for GLP-1 receptor agonists is projected to reach $125 billion by 2033. Gilead highlights positive results for a liver disease drug, while Rapport Therapeutics and Telix Pharma file for IPOs. Sino Biological offers recombinant cytokines for cell culture research. Bayer announces 1,500 layoffs as part of a company overhaul.## Humana CEO Bruce Broussard steps down on July 1, with current COO Jim Rechtin taking over. Inpatient admissions boost revenue for for-profit providers in Q1. The US increases tariffs on medical products from China to boost domestic production. Black Basta ransomware targets critical infrastructure providers, causing concern among authorities.## Bayer undergoes layoffs as part of a company shake-up led by CEO Bill Anderson. FogPharma and ArtBio collaborate on designing a new radiopharma drug. Sands Capital raises a $555 million fund for biotech 'crossover' investing.## Big pharma companies pledge $2.16 billion in investments in France to boost global manufacturing and research capabilities. Interest grows in cancer vaccines as a potential breakthrough in immunotherapy.## Ascension confirms a ransomware attack leaving its computer systems offline. Insurers see elevated utilization in Q1 with minimal financial impact from cyberattacks.## The biotech industry sees a surge in cell and gene therapy technologies with biosimilar uptake showing mixed results. Novartis' biosimilar sales grow while Boehringer Ingelheim's biosi

The Ascension breach has rocked the healthcare sector, and we're breaking down what happened. In this episode, we cover: - The Ascension Breach: How the Black Basta group managed to breach one of the largest healthcare associations.  - Immediate Impact: Delays in patient care, administrative chaos, and over 1.2 million patient records exposed.  - Key Takeaways: The vulnerabilities exposed, the challenges of recovery, and the importance of maintaining patient trust.  - Cybersecurity Essentials: Steps every healthcare organization should take to enhance their cybersecurity posture. Learn about effective defenses against breaches and protect your organization.  Learn more about Medcurity here: https://medcurity.com 

On the latest episode of the Security Sprint, Dave and Andy talked about the following topics. Warm Start Information Sharing: A Valuable Tool in Preventing Cyber Attacks CISA: Prepared Together – Cyber Storm IX Recap   Main Topics   Physical Threats & Violence Gate 15 White Paper: The Hostile Event Attack Cycle (HEAC), 2021 Update New Jersey Marine arrested after allegedly making threats to kill White people, 'began planning' mass shooting DOJ: Maryland Woman Pleads Guilty to Conspiring to Destroy the Baltimore Region Power Grid   U.S. Department of State: Worldwide Caution, 17 May. Due to the potential for terrorist attacks, demonstrations, or violent actions against U.S. citizens and interests, the Department of State advises U.S. citizens overseas to exercise increased caution.    Elections, Info Ops, Resources:  Misinformation perceived as a bigger informational threat than negativity: A cross-country survey on challenges of the news environment Sekoia: Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign Canadian Centre for Cyber Security How to identify misinformation, disinformation, and malinformation (ITSAP.00.300). Opening Statement by CISA Director Jen Easterly at the Update on Foreign Threats to the 2024 Elections Hearing US intelligence spotted Chinese, Iranian deepfakes in 2020 aimed at influencing US voters Contagious Disruption: How CCP Influence and Radical Ideologies Threaten Critical Infrastructure and Campuses Across the United States Russian Connections to Israel-Gaza Protests   Democratic People's Republic of Korea Leverages U.S.-Based Individuals to Defraud U.S. Businesses and Generate Revenue.  Charges and Seizures Brought in Fraud Scheme, Aimed at Denying Revenue for Workers Associated with North Korea Justice Department Announces Arrest, Premises Search, and Seizures of Multiple Website Domains to Disrupt Illicit Revenue Generation Efforts of Democratic People's Republic of Korea   Quick Hits UK NCSC: Business email compromise: new guidance to protect your organisation Canadian Centre for Cyber Security Rethink your password habits to protect your accounts from hackers (ITSAP.30.036) CISA: Encrypted DNS Implementation Guidance Software Transparency in SaaS Environments TLP:CLEAR | FB-ISAO Newsletter.  Reliaquest: New Black Basta Social Engineering Scheme Microsoft: Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Stairwell threat report: Black Basta overview and detection rules Iran Declares Mourning Period As President, Foreign Minister Killed In Helicopter Crash Israel insists 'it wasn't us' after 'Butcher of Tehran' Iranian president is killed in mysterious helicopter crash a month after ordering missile attack on the Jewish state while Islamic regime supports Hamas in Gaza war ICC prosecutor seeks arrest warrants against Netanyahu, Hamas leaders. Senators unveil plan to regulate AI, as companies race ahead Men accused of plot to attack Jews with machine guns in north-west England DHS Announces Creation of the Homeland Intelligence Advisory Board.  U.S. Attorney's Office and Law Enforcement Partners Take Action Against Money Mules in Order to Disrupt Transnational Fraud Schemes and Educate Public. Two Foreign Nationals Arrested for Laundering At Least $73M Through Shell Companies Tied to Cryptocurrency Investment Scams Feds nab alleged money launderers for pig butchering scheme Senator Vance issues warning on China-backed Volt Typhoon threat to US critical infrastructure BreachForums seized by FBI for 2nd time 6K-plus AI models may be affected by critical RCE vulnerability Tinyproxy (CVE-2023-49606) – Vulnerability Analysis and Exploitation British engineering giant Arup revealed as $25 million deepfake scam victim  

This week Patrick Gray and Adam Boileau along special guest Lina Lau discuss the week's news, including: The ongoing Ascension healthcare disruption, and Whether its reasonable for healthcare orgs to be pushing back Platforming cybercriminals for interviews Own the libs by… not using E2EE messaging? CISA's secure by design, we want to believe! The $64billion scale of indusrialised fraud And much, much more. This week's sponsor is network discovery specialist, Run Zero. Director of research Rob King joins to talk about the weird and wonderful delights in their new Research Report. Show notes Federal agencies assisting Catholic health network amid cyberattack After Ascension ransomware attack, feds issue alert on Black Basta group As White House preps new cyber rules for healthcare, Neuberger says backlash is unwarranted Stolen children's health records posted online in extortion bid Guidance for organisations considering payment in... - NCSC.GOV.UK How Did Authorities Identify the Alleged Lockbit Boss? – Krebs on Security In interview, LockbitSupp says authorities outed the wrong guy A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED UK 'increasingly concerned' about Russian intelligence links to hacktivists Civil society under increasing threats from ‘malicious' state cyber actors, US Elon Musk Weighs in on the Encryption Wars Between Telegram and Signal Encrypted services Apple, Proton and Wire helped Spanish police identify activist | TechCrunch Christie's Website Offline For A Fifth Day And The Company Is Still Silent On The Extent Of Last Week's Security Breach 68 tech, security vendors commit to secure-by-design practices | Cybersecurity Dive UK government urges caution over blaming China for Ministry of Defence breach Black Basta group spam-bombs victims and then calls to help Southeast Asian scam syndicates stealing $64 billion annually, researchers find The $2.3 Billion Tornado Cash Case Is a Pivotal Moment for Crypto Privacy | WIRED ADVANCED APT EMULATION LABS

In today's episode, MITRE debuted EMB3D, a threat model enhancing cybersecurity of embedded devices through collaboration with industry experts. The model aligns with existing frameworks and suggests mechanisms to mitigate threats, aiming to fortify the security ecosystem. Separately, the Black Basta ransomware group's new social engineering tactics, combining email DDoS and vishing, have been exposed by CISA and FBI, underscoring the importance of vigilance against evolving attack vectors in cybersecurity. Lastly, LayerX's 2024 Browser Security Report sheds light on browser risks in enterprises, urging leaders to address vulnerabilities and recommending proactive security measures. For more information, visit https://www.helpnetsecurity.com/2024/05/13/mitre-emb3d-framework/, https://www.helpnetsecurity.com/2024/05/13/black-basta-social-engineering/, and https://thehackernews.com/2024/05/the-2024-browser-security-report.html. EMB3D, cybersecurity, embedded devices, collaborative efforts, Black Basta, campaign, vishing, ransomware, LayerX, browser extensions, AI-powered threats, enterprise Search phrases: EMB3D cybersecurity threat model for embedded devices collaborative efforts in EMB3D model development challenges in embedded device security Black Basta social engineering campaign Black Basta ransomware group access methods protecting organizations from Black Basta vishing techniques LayerX browser extensions security risks AI-powered threats in browser security mitigating browser-based risks in enterprise protecting sensitive data in the enterprise Transcript: may14 ​ Every web session is a security minefield with unmanaged devices, browser extensions, and AI powered threats posing significant risks. This was revealed in the 2024 Browser Security Report by LayerX. What steps can security leaders take to mitigate these evolving browser based risks and protect sensitive data in the enterprise? Black Basta is at it again, utilizing a new social engineering campaign, combining email DDoS and vishing techniques to trick employees into downloading remote access tools. What steps can organizations take to protect themselves from falling victim to these social engineering tactics? And finally, MITRE has just released a new framework. called EMBED, which is a security threat model for embedded devices, which will provide a knowledge base of cyber threats to embedded devices, and the mechanisms required to mitigate them. How will this model address the evolving challenges in embedded device security? You're listening to The Daily Decrypt. LayerX has just released the annual browser security report for 2024, and it reveals that browsers have become a prime target for cyberattacks, leading to various threats like account takeovers, malicious extensions, and phishing attacks within enterprises. The report highlights that unmanaged devices and personal browser profiles are major risk factors, with 62 percent of the workforce using unmanaged devices and 45 percent using personal browser profiles, which can increase the likelihood of data leaks or phishing incidents. Approximately 33 percent of all extensions in organizations are deemed high risk, with 1 percent confirmed. As malicious attackers exploit deceptive extensions to compromise user data and direct users to phishing sites. Now browsers are in a very. unique position to be either very beneficial or very harmful to users because they sit between you and the websites that are trying to get your information. And we, as users, don't treat browsers this way. We treat them just the same. like a window on our computer, but they're responsible for communicating with the internet. And so, yeah, they have the opportunity to implement security measures that can help protect us from these attacks that happen in the browser, or they have the opportunity to provide malicious extensions and other mechanisms for attackers to get access to our data. So along with the recommendations from this report, The Daily Decrypt recommends checking out some legit browser extensions that might help you identify malicious ones. Now, you gotta be extra careful when you're trying to download browser extensions, especially ones that will help you identify malicious ones. But one that my mom brought to my attention is called guard. io, or guard ee oh. And though I don't love the thought of placing trust in a browser extension to help you avoid getting phished or getting your credentials stolen, Because that trust might cause you to be a little more laxadaisical and click links that you normally wouldn't. So, I don't love that thought, but it is true. good at scanning the reputation of the browser extensions that you have installed and will check the browser extensions that you are going to install for malicious use across the internet. And for the enterprise users out there who are in a position to make some decisions, this report recommends enforcing regular browser updates, which is also applicable to just the general daily user. Implement stringent extension control. shouldn't be allowing your employees to add any extension to their browser that they want. It's got to be limited. Continue training your employees on identifying suspicious activities within the browser. Enforce multi factor authentication throughout your entire enterprise. And, and deploy advanced threat detection tools for proactive defense. Blackpasta is at it again. Blackpasta is a ransomware as a service operator and is employing a new social engineering tactic combining email, denial of service, and vishing to trick employees into downloading remote access tools. So, they're going to start by spamming your inbox with junk email, then pose as IT team members over the phone to offer assistance in installing remote monitoring tools, perhaps in order to address this large influx in spam. And these remote monitoring tools will allow them to access your computer and potentially pivot to other devices in your company's network. Now this is going to be an effective tactic, because people hate spam. Alright, they want to get rid of it. If IT is recognizing that you're getting crap spammed out of you, then they're gonna, you know, you're gonna feel confident that IT has identified this problem that you're seeing and is coming to fix it, right? You're in distress, you want an urgent solution to fix this problem. Oh, there's a call from your IT department. Sure. Yeah, I'll download this tool so you can get in there and you can fix this spam. All right. Well, here's your official warning from the Daily Decrypt. Keep an eye out for that call. If your IT department is calling you on your personal phone, Ask yourself, hey, do we use Slack? Do we use Teams? Shouldn't they be emailing me? Is there a ServiceNow ticket? think about it for a second. You know, the spam is gonna be there. Let's make sure that that's actually your IT department. What can you do? Ask to give them a call back. Go into your workplace, ask your boss for the number of the IT department, and call them. And say, Hey, did you guys just call me? I'm getting a lot of spam, and I got a call from a random number saying they were on it. And if they say no, please report it to your IT department. Hopefully the IT person on the phone will prompt you to do that, but please report it to the IT department. And if you're in IT and you manage an IT department, make sure you're not allowing remote access tools to be installed and launched from your end points. Application management is a huge hill to climb, but definitely start by not allowing any remote access tools, except for the ones that you specifically use. And hey, set up an alert, set up a log monitoring service that will monitor for Remote access tools being launched in your environment by non technical users. And really continue to encourage your employees to report things they find suspicious. If it makes you go, hmm, you should probably report it. And finally, MITRE, who we know for the famous attack and defend frameworks, has partnered with Neo Little Thunder Pearson, Red Balloon Security, and Narf Industries to release a new threat model called Embed, which is specifically designed for embedded devices. This model aims to provide a common understanding of cyber threats to embedded devices and the necessary security mechanisms to mitigate these threats. The embed model received significant interest for peer review from a variety of industries, including energy, water, manufacturing, aerospace, health, automotive, and more, and organizations piloted the threat model and provided essential feedback contributing to the refinement and enhancement of the modelscontent and usability Threats identified within the embed framework are mapped to device properties, aiding users in developing accurate threat models tailored to specific embedded devices. The framework encompasses device vendors, asset owners, security researchers, and testing organizations. The embed framework is designed to evolve continuously with new threats and mitigations being added as new threat actors emerge and vulnerabilities are discovered. This framework is intended to be a community resource where all information is open and publicly available, allowing for submissions of additions and revisions by the security community like you. Now the embed framework is doing a great job at describing what it does. Um, embedded devices are becoming a. Bigger and bigger security risk by the day. And so this is definitely needed in the security community. But what embed is not good at is telling me what embed stands for. Looking at the MITRE website, looking at these articles, I'm not able to see what it stands for. All right. That's going to help me remember what it is. So if you find out what embed stands for, please drop a comment, shoot me a DM on Instagram. I'd love to know. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.

In this episode of The 2 Minute Drill, Drex covers the latest updates on the Ascension cyber attack, including the involvement of the Black Basta ransomware group and the challenges faced in recovery. He also explains the importance of updating your Google Chrome browser to protect against a new zero day vulnerability. Lastly, Drex recaps key discussions from the RSA Conference, highlighting insights on AI and cybersecurity from industry leaders and experts. Stay informed and stay secure with these quick updates!Contributions & Community:Become part of the conversation and help shape future episodes by contributing stories and insights. Visit thisweekhealth.com/news and click on "Become a Contributor."Stay Connected:Don't miss out on our upcoming episodes focused on hacking healthcare. Follow our podcast, like and share this post to spread the word, and join the new 229 cyber and risk community for more in-depth discussions and resources.Stay Informed, Stay Secure:Visit thisweekhealth.com/security for more information and resources to bolster your cybersecurity knowledge and defenses.Remember, Stay a little paranoid.

IntelBroker claims to have breached a Europol online platform. The U.S. and China are set to discuss AI security. U.S. agencies warn against BlackBasta ransomware operators. A claimed Russian group attacks British local newspapers. Cinterion cellular modems are vulnerable to malicious SMS attacks. A UK IT contractor allegedly failed to report a major data breach for months. Generative AI is a double edged sword for CISOs. Reality Defender wins the RSA Conference's Innovation Sandbox competition. Our guest is Chris Betz, CISO of AWS, discussing how to build a strong culture of security. Solar storms delay the planting of corn.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Chris Betz, CISO of AWS, discussing how to build a strong culture of security. In his blog, Chris writes about how AWS's security culture starts at the top, and it extends through every part of the organization.  Selected Reading Europol confirms web portal breach, says no operational data stolen (Bleeping Computer) US and China to Hold Discussions on AI Risks and Security (BankInfo Security) CISA, FBI, HHS, MS-ISAC warn critical infrastructure sector of Black Basta hacker group; provide mitigations (Industrial Cyber) 'Russian' hackers deface potentially hundreds of local British news sites (The Record) Cinterion IoT Cellular Modules Vulnerable to SMS Compromise (GovInfo Security) MoD hack: IT contractor concealed major hack for months (Computing) AI's rapid growth puts pressure on CISOs to adapt to new security risks (Help Net Security) Reality Defender Wins RSAC Innovation Sandbox Competition (Dark Reading) Solar Storms are disrupting farmer GPS systems during critical planting time (The Verge)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

This episode reports on a warning from security researchers about a VPN vulnerability, a suspected Russian threat actor using generative AI tools to plagiarize or modify legitimate news stories from mainstream media to pump pro-Russian themes, and more 

A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Black Basta group spam-bombs victims and then calls to help

From the massive data breaches affecting millions globally, including the largest-ever breach for French citizens, to Nvidia's strategic leap over Amazon in market value, we cover the digital landscape's pressing issues and innovations. Plus, we break down Microsoft's February 2024 Patch Tuesday, addressing critical zero-days and enhancing digital safety. Join us as we explore the implications of these developments for the future of technology and cybersecurity. Original URLs for Each Article: Aircraft Leasing Company Cyberattack: Dark Reading Article Integris Health Data Breach: BleepingComputer Article Bank of America Customer Data Leak: Dark Reading Article Islamic Nonprofit Infiltration: Dark Reading Article French Citizens Data Breach: France TV Info Article Black Basta and Hyundai Motor Europe: Dark Reading Article on Black Basta LockBit and SEIU Local 1000: Dark Reading Article on Subway LockBit Investigation Nvidia's Sovereign AI: Nvidia Blog, Ars Technica Article Microsoft February 2024 Patch Tuesday: Trend Micro Research on CVE-2024-21412, BleepingComputer Article on Microsoft's Patch Thanks to Jered Jones for providing the music for this episode. Find him on Spotify here: https://open.spotify.com/artist/37xLl4KR8hJ5jBuS8zYjQN?si=W75mgw68SsmCb7Zfu5ESeg Transcript: [00:00:00] Good morning listeners. And thanks for tuning in on Valentine's day. Sadly, I do not have anything Valentines related, uh, watch out for romance scams. As always. But we do have two very thrilling stories and a new segment. I'm calling. They got popped. We're going to be talking about. Nvidia and their leap towards sovereign AI and market dominance. And we're also going to be bringing [00:01:00] you the updates from yesterdays patch Tuesday. All right. So first up in an effort to avoid overly discussing data breaches, I'm going to compact them all for you and give them to you. At once. And to help me do this, to help me react to the severity of these breaches, I've brought in my brand new AI girlfriend. Uh, let's name her Tina. Let's kick it off. They got popped. Yes, Tina. Yes, they did. Okay. So first up we have airplanes. Yes, Tina. Yes. Planes, a commercial engine aircraft leasing. Named Willis. Lease finance Corp. Said it suffered a cybersecurity incident on January 31st and [00:02:00] it got its systems knocked offline. Uh, next we have the healthcare sector. Yes, believe it or not. The healthcare sector was just popped Integris health. Last November disclosed personal information, belonging to almost 2.4 million people was exposed. You heard about it yesterday? But bank of America got popped. Yeah, they seem so serious and significant, but yeah, they got popped. The details are in yesterday's episode, but it affected around 57,000 customers. We're going international with an Islamic nonprofit from Saudi Arabia. That's not fair. Saudi Arabia, nonprofit was infiltrated for over three years. By a silent back door. We've got two French companies. No, the baguettes are not even safe. VM muddy and Al Murray. They're both managed third party payments for health insurance [00:03:00] companies. And this combined exposure is the largest ever data breach for French citizens. Staying in Europe. We're talking about Hondai motor Europe. Hyundai. Yes. Uh, but I do love them. Black Basta has. Claim to have stolen three terabytes of data from the Hyundai motor group Europe. And if we talk about text data, that is a lot. And finally back state side. We've got California. A little outdated with the Arnold reference, but lock bit has claimed responsibility for a cyber attack on service employees, international union local, 1000 in California. According to that ransomware gang, it's still 308 gigabytes of data from the union, including employee information, such as social security, numbers, salary information, and financial documents. So as always sign up for crediting credit monitoring. Change your passwords and keep an eye on those bank statements.[00:04:00] All right. So moving into our first real news article story of the day, it's coming to us from ARS Technica, and it is discussing. NVIDIA's CEO Jensen, Hong. Is championing the concept of sovereign AI amid the company, significant leap over Amazon in market value. So that's pretty amazing because Amazon's pretty important. Basically the NVIDIA's CEO is proposing a future where each country controls its own AI destiny. This vision termed sovereign AI suggests a world where nations harness artificial intelligence to preserve their cultural heritage and societal norms. Hong announced this while speaking at the world government summit in Dubai and emphasize the importance of countries owning the production of their own intelligence. So this idea, isn't just about data sovereignty. It's about embedding a nation's language, culture, and collective wisdom into the digital realm. The rise of Nvidia and the global [00:05:00] market. Now neck and neck with Amazon for market value is not just a financial milestone. It's a Testament to the growing importance of AI technology. NVIDIA's GPU's or graphical processing units are critical for AI development and have become indispensable in data centers around the world. Data centers that are used by Amazon. Microsoft Google and more notably open AI. This development underscores how essential AI and invidious technology have become to our digital infrastructure. Highlighting the company's influence in shaping the future of global technology and AI applications. So, this is pretty crazy. I knew Nvidia was doing great due to Bitcoin mining and AI, but I didn't know they were up there on the scale with Amazon. That's pretty cool. In 2019, I built my first computer. And I bought an Nvidia graphics processor, 2070, something like that for, I don't know, four or 500 bucks. Which has felt like a lot at the time.[00:06:00] And that is now over four years ago and that exact graphics processor is worth double it's worth 800 bucks brand new. In tech terms. Tech years are kind of like dog years. Like we progress so much faster in tech. So I, you know, expected that. Graphics processor to decline in value very rapidly. That's not to say that graphics processing hasn't improved much because. Yeah, it's almost even unusable. It's a great graphics processor, but not $800 worth. Good for you, Nvidia. And good for you. Whoever has bought stock in Nvidia, prior to Bitcoin mining and AI and all this stuff, because it's doing pretty well. Yesterday was Microsoft's monthly patch Tuesday. Valentine's day edition to zero days and a total of 73 security flaws. So just to [00:07:00] recap, a zero day is a vulnerability that was built into the initial software to the initial product. That. The company did not know existed. So the two, zero days that were patched were. To CVS. One was a windows SmartScreen security feature bypass, and the other was an internet shortcut files, security feature bypass. So the first one allowed attackers to bypass smart screens security checks by tricking users into opening malicious files. This vulnerability involved attackers exploiting the windows smart screen filter, which is a tool designed to screen out unrecognized apps. And files from the internet to protect users from malicious software by crafting a malicious file in a certain way. Attackers could deceive the smart screen filter into not recognizing the file as a threat. Which often involves manipulating metadata or the files digital signature to either appear benign or to mask its true nature. Once the user is convinced to open the file, believing it to be safe. The attacker could execute malicious [00:08:00] code on the victim system. So this is so huge when. We discussed this when talking about labeling AI content as well, but once the user gets confident, In a security measure, such as this label that identifies malicious files. When they see it, they're going to trust that it's there, and then when it's not there, they're going to trust that it was checked. So just like in the AI content, if people are used to seeing labels. I guess let's use. Corporate email as an example, we've all probably seen these banners on corporate emails that say. This email originated outside of the company, right? When we see that banner, we know to look at it. With a critical eye. But when we don't see that banner, something in our brain says it's safe because we know that that check exists. And when it's not there, it must be safe. Our guard is down when we don't see that banner. That's the same thing about this sort of check. And consumer confidence in [00:09:00] these checks. We trust that they're happening. And so attackers have found a way to exploit that trust. The other. Zero day vulnerability. That was patched yesterday. Is in a similar vein. This vulnerability specifically targets the way windows, processes, internet shortcut files. With respect to mark of the web or M O T w. So MTW is a security feature that assigns a quote zone. To files downloaded from the internet. So similarly, It starts tagging them. As less trusted. Than files originating from the local machine. When a file is tagged windows and various applications apply stricter security measures such as prompting users with warnings. Before execution, same thing. When we're used to seeing that warning and it doesn't come up, we assume it's safe. This basically just allows. Attackers to convince users to download malicious files. And also convinced them that those files are safe. 'cause that warning [00:10:00] didn't pop up. So we're glad Microsoft has patch these. It's just the lesson. Don't. Always trust. Security warnings and security features take your safety into your own hands when you can. Try to stick to downloading files from reputable sources. And if you're feeling advanced, you can go in. To Google and look up, check, sum and file integrity. Checking. Basically the file that is downloaded. From a reputable source. He has a certain signature. And once you get it onto your computer, you can check to see if that signature is still intact. But overall, make sure your systems are regularly patched with security updates, because that's the only way this update's going to get to your computer is by downloading the security updates. So. Make sure to patch. All right. That is it. I hope you guys have great plans for your Valentine's day today. And. We really appreciate you listening. We will talk to you more [00:11:00] tomorrow.

Raspberry Robin – a new one-day exploit targeting Windows Hyundai Europe suffers Black Basta ransomware attack Cisco to cut thousands of jobs as it focuses on high growth areas Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.

The mother of all data breaches. CISA director Easterly is the victim of a swatting incident. An AI robocall in New Hampshire seeks to sway the election. Australia sanctions an alleged Russian cyber-crime operator. Atlassian Confluence servers are under active exploitation. Apple patches a webkit zero-day. Black Basta hits a major UK water provider. Hackers who targeted an Indian ISP launch and online search portal. A Massachusetts hospital suffered a Christmas day ransomware attack. Ann Johnson host of the Afternoon Cyber Tea podcast, speaks with Caitlin Sarian, known to many as Cybersecurity Girl. And HP claims bricked printers are a security feature, not a bug.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Microsoft Security's Afternoon Cyber Tea podcast host, Ann Johnson, speaks with Caitlin Sarian, known to many as Cybersecurity Girl, a leading influencer with a cybersecurity-focused social presence. Listen to the full interview here.  Selected Reading Mother of All Breaches: ​a Historic Data Leak Reveals 26 Billion Records (Cybernews) CISA's Easterly the target of ‘harrowing' swatting incident (The Record) AI robocalls impersonate President Biden in an apparent attempt to suppress votes in New Hampshire (PBS NewsHour) Hear fake Biden robocall urging voters not to vote in New Hampshire (YouTube) Medibank hack: Russian sanctioned over Australia's worst data breach (BBC) Hackers start exploiting critical Atlassian Confluence RCE flaw (BleepingComputer) iOS 17.3 and macOS Sonoma 14.3 Patch WebKit Vulnerability That May Have Been Exploited (MacRumors) UK water company that serves millions confirms system attackIndian ISP Hathway Data Breach (The Record) Hacker Leaks 4 Million Users, KYC Data (HACKREAD) Massachusetts hospital claimed to be targeted by Money Message ransomware (SC Media) HP's CEO spells it out: You're a 'bad investment' if you don't buy HP supplies (The Register) HP CEO evokes James Bond-style hack via ink cartridges (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Swedish national grocer stung by Cactus Flaw in Black Basta decryptor allows recovery of victims' files - temporarily Cyberattack hist Boston area hospital Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more.  For the stories behind the headlines, head to CISOseries.com.

Cybertruck, Okta, Google and More Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-345

This week, Matt Mosley and Kash Izadseta cover cyber attacks of the Month! Okta Hacked (AGAIN) Black Basta Ransomware's lucrative "business" Ethyrial user account data wiped More more more! Links mentioned in this episode: https://www.bleepingcomputer.com/news/security/okta-october-data-breach-affects-all-customer-support-system-users/ https://www.bleepingcomputer.com/news/security/black-basta-ransomware-made-over-100-million-from-extortion/ https://www.bleepingcomputer.com/news/security/ransomware-attack-on-indie-game-maker-wiped-all-player-accounts/ http://tevoratalks.com Instagram, Twitter, Facebook: @TevoraTalks

We're taking this opportunity to share how grateful we are for the guests and discussions we've had this past year on Breaking Badness. One of which is our conversation with Champ Clark III and Steven Drenning-Blalock from Quadrant Security on how they thwarted the Black Basta ransomware gang. If you didn't have a chance to listen when we initially released this episode, now's a great time to catch up!

Hamas and Israel exchange accusations in a hospital strike. Using Gazan cell data to develop intelligence, and using hostages' devices to spread fear. Black Basta ransomware is out and about, again. Qubitstrike is a newly discovered cryptojacking campaign. Preparing for post-quantum security. Tim Starks from the Washington Post looks at one US Senator's ability to gum up cyber legislation. In the Learning Layer, N2K's Sam Meisenberg explores the challenges and best practices of rolling out a large-scale corporate re-skilling program. And attention people of Pompei: that volcano alert is bogus. Probably. Learning Layer. On this segment of Learning Layer, N2K's Sam Meisenberg is joined by Phil, an N2K client who leads Talent Development at a large telecommunication company. They discuss the challenges and best practices of rolling out a large-scale corporate re-skilling program, including increasing learner engagement, accountability, and the importance of internal talent development and recognition. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/199 Selected reading. Blast kills hundreds at Gaza hospital; Hamas and Israel trade blame, as Biden heads to Mideast (AP News) In deadly day for Gaza, hospital strike kills hundreds (Reuters)  Hacktivist attacks against Israeli websites mirror attacks following Russian invasion of Ukraine (ComputerWeekly.com)  Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict (Infosecurity Magazine)  Israel-Hamas war illuminates trouble with political hacking groups (Axios)  ISRAEL GAZA CONFLICT : THE CYBER PERSPECTIVE (CYFIRMA)  Tracking Cellphone Data by Neighborhood, Israel Gauges Gaza Evacuation (New York Times)  Hamas Hijacked Victims' Social Media Accounts to Spread Terror (New York Times) TV advertising sales giant affected by ransomware attack (Record) Chilean government warns of Black Basta ransomware attacks after customs incident (Record) Qubitstrike - An Emerging Malware Campaign Targeting Jupyter Notebooks (Cado Security) DigiCert Global Study: Preparing for a Safe Post-Quantum Computing Future (DigiCert)  SpyNote Android malware spreads via fake volcano eruption alerts (BleepingComputer)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Discord sees a third-party data breach. Black Basta conducts a ransomware attack against technology company ABB. Intrusion Truth returns to dox APT41. Anonymous Sudan looks like a Russian front operation. Attribution and motivation of "RedStinger" remain murky. CISA summarizes Russian cyber offensives. Remote code execution exploits Ruckus in the wild. Our guest is Dave Russell from Veeam with insights on data protection. Matt O'Neill from the US Secret Service on their efforts to thwart email compromise and romance scams. And espionage by way of YouTube comments. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/93 Selected reading. Discord discloses data breach after support agent got hacked (Bleeping Computer) Discord suffered a data after third-party support agent was hacked (Security Affairs) Multinational tech firm ABB hit by Black Basta ransomware attack (Bleeping Computer) Breaking: ABB confirms cyberattack; work underway to restore operations (ET CISO) Black Basta conducts ransomware attack against Swiss technology company ABB (The CyberWire) They dox Chinese hackers. Now, they're back. (Washington Post) What's Cracking at the Kerui Cracking Academy? (Intrusion Truth) Posing as Islamists, Russian Hackers Take Aim at Sweden (Bloomberg) Anonymous Sudan: Threat Intelligence Report (TrueSec) Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020 (Malwarebytes) Russian ‘Red Stealer' cyberattacks target breakaway territories in Ukraine (Cybernews) Russia Cyber Threat Overview and Advisories (CISA) Known Exploited Vulnerabilities Catalog (CISA) CISA Adds Seven Known Exploited Vulnerabilities to Catalog (CISA) CISA warns of critical Ruckus bug used to infect Wi-Fi access points (Bleeping Computer) Security Bulletins (Ruckus) ROK union leaders charged with spying for North Korea in ‘movie-like' scheme (NK News)