Podcasts about black basta

  • 49PODCASTS
  • 100EPISODES
  • 27mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • May 25, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about black basta

Latest podcast episodes about black basta

Risky Business News
Sponsored: Sublime Security on the spam/email bomb problem

Risky Business News

Play Episode Listen Later May 25, 2025 22:55


In this Risky Business News sponsor interview, Catalin Cimpanu talks with Bobby Filar, Head of Machine Learning at Sublime Security. Bobby takes us through the rising problem of spam bombing, or email bombing, a technique threat actors are increasingly using for initial access into corporate environments. Show notes Bobby Filar Sophos MDR tracks two ransomware campaigns using “email bombing,” Microsoft Teams “vishing” Ongoing Social Engineering Campaign Linked to Black Basta Ransomware Operators Storm-1811 exploits RMM tools to drop Black Basta ransomware Massive Email Bombs Target .Gov Addresses A familiar playbook with a twist: 3AM ransomware actors dropped virtual machine with vishing and Quick Assist

Enterprise Linux Security
Enterprise Linux Security Episode 113 – Black Basta Exposed

Enterprise Linux Security

Play Episode Listen Later Apr 16, 2025 47:07


What's it like within a hacking group? After 190,000 chat messages from the Black Basta group leak, we get an inside look at operations within such a group. In this episode, Jay and Joao discuss this recent development. Also, breaking news regarding CVE's literally almost becoming a thing of the past!

The Data Diva E230 - Lawrence Gentilello and Debbie Reynolds

"The Data Diva" Talks Privacy Podcast

Play Episode Listen Later Apr 1, 2025 37:28 Transcription Available


Send us a textDebbie Reynolds “The Data Diva” talks to Lawrence Gentilello, CEO and Founder of Optery, a company dedicated to removing personal data from online databases to enhance privacy and security for individuals and businesses. We discuss his career journey, beginning with his early work in the data industry at BlueKai, a firm specializing in collecting intent and purchase data for targeted advertising. He discusses how the industry evolved from simple ad personalization into a vast ecosystem where personal data is used in ways that can pose risks to individuals. His decision to launch Optery in 2020 was influenced by both his professional experience and a personal incident in which criminals used publicly available information to create fraudulent IDs in his and his wife's names.Debbie and Lawrence examine the hidden world of data brokers—companies that gather, package, and sell personal information without individuals' direct knowledge or consent. Lawrence describes how these brokers operate across different sectors, from advertising and email prospecting to risk analytics and law enforcement databases. He highlights the difficulty individuals face in protecting their information, as the average person has around 100 exposed online profiles, making them vulnerable to identity theft, cyberattacks, and even physical security threats.The discussion also covers emerging threats, including the rise of AI-native data brokers—companies that use artificial intelligence to automate the collection and sale of personal data at an even greater scale. Lawrence describes how these firms often operate without transparency and avoid legal disclosure, making it harder for individuals to track how their information is being used. He also references a recent incident involving the Russian ransomware gang Black Basta, where leaked internal communications revealed that cybercriminals were using data broker services like ZoomInfo and RocketReach to research and target victims.Debbie and Lawrence explore the real-world consequences of unchecked data sharing, including phishing scams, cyberattacks, and even physical harm. They discuss how executives, government officials, and everyday individuals become targets due to the ease of accessing their personal data online. Lawrence explains how Optery's services help address these risks through deep-crawling search technology, before-and-after screenshot verification, and automated monthly scans that continuously remove exposed information.Lawrence outlines his vision for improving privacy protections. He advocates for a standardized set of privacy laws across the U.S., stronger enforcement against data brokers that fail to comply with regulations, and the inclusion of authorized agent provisions in all privacy laws to ensure individuals can get assistance in managing their data. Debbie emphasizes the importance of ongoing awareness and proactive steps to combat the risks associated with data brokers. This insightful discussion sheds light on the urgent need for privacy-focused solutions and stronger policies to protect individuals and their data.Support the show

Security Squawk
Security Squawk Cybersecurity Podcast: Ransomware Tactics Government Shutdowns Microsoft365 Exploits

Security Squawk

Play Episode Listen Later Mar 19, 2025 57:46


In our latest podcast episode, we delve into the evolving landscape of cybersecurity threats, uncovering how sophisticated attacks are crippling industries and government institutions. We examine how the Black Basta ransomware gang is leveraging brute-force attacks against edge devices, enabling them to infiltrate networks with alarming efficiency. This highlights the growing need for businesses to fortify their perimeter defenses. Additionally, we discuss the Cleveland Municipal Court cyberattack, which has left operations crippled for over three weeks, shedding light on the prolonged impact of cyber incidents on the judicial system. Similarly, we explore the Atchison County government shutdown, where a cyberattack forced local offices to close, emphasizing the vulnerabilities in public sector cybersecurity. We also analyze a recent KnowBe4 report, which warns that the education sector remains dangerously unprepared for escalating cyberattacks, leaving schools and universities at high risk. Finally, we examine a newly discovered Microsoft365 exploit, where attackers are bypassing traditional email security measures, prompting an FBI warning for Gmail, Outlook, and VPN users to take immediate action. Cyber threats are evolving rapidly—are organizations prepared to defend against them? Tune in as we break down these incidents and discuss proactive security measures to mitigate risks.

Cyber Security Today
Black Basta's New Automated Brute Force Tool: Cyber Security Today For Monday, March 17, 2025

Cyber Security Today

Play Episode Listen Later Mar 17, 2025 12:00 Transcription Available


Critical Cybersecurity Updates: Ransomware, VPN Breaches, and Microsoft Vulnerabilities In this episode of 'Cybersecurity Today,' host Jim Love delves into emerging threats and vulnerabilities in the digital world. The Black Basta Ransomware Group has created a brute force tool to target VPNs and firewalls. The FBI and CISA alert users about Medusa ransomware, which has impacted over 300 organizations. A critical flaw in the popular Updraft Plus WordPress plugin is highlighted, exposing sensitive data. The FBI reports a surge in toll payment scams, and Microsoft's latest security update addresses severe vulnerabilities in Remote Desktop Services. Additionally, a breach within the Department of Government Efficiency underscores the risks of improper data handling. Stay informed about how to protect your systems and data in this comprehensive cybersecurity update. 00:00 Introduction to Cybersecurity News 00:27 Black Basta Ransomware Group's New Tool 02:18 Medusa Ransomware Advisory 03:43 WordPress Updraft Plus Vulnerability 05:12 Toll Payment Scams on the Rise 06:40 Microsoft's Critical RDS Vulnerabilities 09:35 DOGE's Treasury Data Breach 11:37 Conclusion and Contact Information

Cyber Security Headlines
VPN brute-force attacks, water utilities bill, LockBit developer extradited

Cyber Security Headlines

Play Episode Listen Later Mar 17, 2025 8:16


Black Basta creates tool to automate VPN brute-force attacks Bipartisan Senate bill offers improved cybersecurity for water utilities LockBit developer extradited from Israel, appears in New Jersey court Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals.   With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout.  Find the stories behind the headlines at CISOseries.com.

Today in Health IT
2 Minute Drill: Microsoft's Zero-Day, Black Basta, and X DDoS Attack Mystery with Drex DeFord

Today in Health IT

Play Episode Listen Later Mar 14, 2025 4:12 Transcription Available


Critical Microsoft Patch Tuesday release includes near-record number of zero-days with six already being exploited. Apple releases patches for Safari browser engine affecting all devices. Analysis of leaked Black Basta ransomware gang chat logs reveals valuable insights on attack strategies and evasion techniques. Recent DDoS attack against X (formerly Twitter) remains largely unattributed despite claims from hacker group DarkStorm and debunked assertions about Ukrainian IP addresses.Remember, Stay a Little Paranoid Subscribe: This Week Health Twitter: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Breaking Badness
Hacked Chats & Telecom Takedowns: Black Basta & Salt Typhoon

Breaking Badness

Play Episode Listen Later Mar 10, 2025 43:23


Episode 202 of Breaking Badness takes a deep dive into two of the biggest cybersecurity stories of the year (so far): ● Black Basta's Leaked Chats – A major data leak has exposed internal conversations from this notorious ransomware gang, revealing their internal struggles, ransom negotiations, and even workplace drama. ● Salt Typhoon's Cyber Espionage – A sophisticated Chinese threat group has been caught infiltrating major U.S. telecommunications providers, raising serious concerns about national security.

Today in Health IT
2 Minute Drill: VMware Zero-Day Exploits, Black Basta, and Concerningly Realistic Voice AI with Drex DeFord

Today in Health IT

Play Episode Listen Later Mar 7, 2025 3:35 Transcription Available


Broadcom reports three actively exploited zero-day vulnerabilities affecting VMware ESXi, Workstation, and Fusion products that require immediate patching. Leaked chat logs from the Black Basta ransomware group reveal internal conflicts, operational tactics, and efforts to circumvent cybersecurity tools. Lastly, A demonstration of Sesame's new voice AI technology shows concerningly realistic capabilities that could potentially lead users to inadvertently share private information.Remember, Stay a Little Paranoid Subscribe: This Week Health Twitter: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

The CyberWire
US Treasury targets darknet kingpin.

The CyberWire

Play Episode Listen Later Mar 5, 2025 29:32


US Treasury Department sanctions Iranian national accused of running the Nemesis criminal marketplace. Hunters International threatens to leak data stolen from Tata Technologies. Apple challenges U.K.'s iCloud encryption backdoor order. UK competition regulator says no investigation into Microsoft's OpenAI partnership. Stealthy malware campaign targets the UAE's aviation and satellite industry. This week on our CertByte segment, N2K's Chris Hare is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate (CCNA) exam. And hackers hit the books. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. This week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate (CCNA) exam, 201-301, version 1.1 exam. Today's question comes from N2K's Cisco Certified Network Associate (CCNA 200-301) Practice Test.  According to Cisco, the CCNA is the industry's most widely recognized and respected associate-level certification. To learn more about this and other related topics under this objective, please refer to the following resource: https://learningnetwork.cisco.com/s/article/protection-techniques-nbsp-from-wardriving-attack  To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.cisco.com/site/us/en/learn/training-certifications/certifications/enterprise/ccna/index.html Selected Reading Treasury sanctions Iranian national behind defunct Nemesis darknet marketplace (The Record) Ransomware Group Claims Attack on Tata Technologies (SecurityWeek)  Apple is challenging U.K.'s iCloud encryption backdoor order (TechCrunch) UK's competition regulator says Microsoft's OpenAI partnership doesn't qualify for investigation (TechCrunch)   Call It What You Want: Threat Actor Delivers Highly Targeted Multistage Polyglot Malware (Proofpoint) Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear (GuidePoint Security) Fake police call cryptocurrency investors to steal their funds (Bitdefender) Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (Bleeping Computer)   Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement (CyberScoop)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Storm⚡️Watch by GreyNoise Intelligence
Cyber Apocalypse 2025: Ransomware Rampage, ICS Mayhem, & Vulnerability Avalanche Exposed

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Mar 4, 2025 60:38


Forecast = Ransomware storms surge with an 87% spike in industrial attacks—brace for ICS strikes from GRAPHITE and BAUXITE! Infostealers hit healthcare and education, while VPN vulnerabilities pour in—grab your digital umbrella! ‍ It's report season and today the crew kicks things off with a breakdown of Veracode's State of Software Security 2025 Report, highlighting significant improvements in OWASP Top 10 pass rates but also noting concerning trends in high-severity flaws and security debt. Next, we take a peek at Dragos's 2025 OT/ICS Cybersecurity Report, which reveals an increase in ransomware attacks against industrial organizations and the emergence of new threat groups like GRAPHITE and BAUXITE. The report also details the evolution of malware targeting critical infrastructure, such as Fuxnet and FrostyGoop. The Huntress 2025 Cyber Threat Report is then discussed, showcasing the dominance of infostealers and malicious scripts in the threat landscape, with healthcare and education sectors being prime targets. The report also highlights the shift in ransomware tactics towards data theft and extortion. The team also quickly covers a recent and _massive_ $1.5 billion Ethereum heist. We *FINALLY* cover some recent findings from Censys, including their innovative approach to discovering non-standard port usage in Industrial Control System protocols. This segment also touches on the growing threat posed by vulnerabilities in edge security products. We also *FINALLY* get around to checking out VulnCheck's research, including an analysis of Black Basta ransomware group's tactics based on leaked chat logs, and their efforts to automate Stakeholder Specific Vulnerability Categorization (SSVC) for more effective vulnerability prioritization. The episode wraps up with mentions of GreyNoise's latest reports on mass internet exploitation and a newly discovered DDoS botnet, providing listeners with a well-rounded view of the current cybersecurity landscape. Storm Watch Homepage >> Learn more about GreyNoise >>  

Risky Business News
RBTALKS6: Will Thomas on the Black Basta leaks

Risky Business News

Play Episode Listen Later Mar 4, 2025 25:06


In this Risky Business Talks interview we invited Will Thomas to talk about the recent leak of internal chats from the Black Basta ransomware group. Will is a SANS Instructor, co-author of the SANS FOR589 course, and the co-founder of a community research project for CTI analysts called Curated Intelligence. Will walks us through the Black Basta leak and uses the group's attack on US healthcare provider Ascension to break down how the gang operated. Show notes Risky Bulletin: BlackBasta implodes, internal chats leak online BlackBasta's internal chats just got exposed BlackBasta Chat Logs BlackBastaGPT BlackBasta Leaks: Lessons from the Ascension Health attack Inside the Black Basta Leak: How Ransomware Operators Gain Access

Defending The Edge
32. Black Basta and Shaking News

Defending The Edge

Play Episode Listen Later Mar 4, 2025 24:42


On This Episode of the Defending The Edge Podcast with DefendEdge, the team talks about how AI could be used to predict earthquakes, ransomware groups decreasing their TTR, Black Basta's internal conflicts being shared with the threat intelligence community and more. 

Hacker And The Fed
Inside a Ransomware Gang, Leaked Logs, a $1.4B Crypto Heist & Signal Under Attack

Hacker And The Fed

Play Episode Listen Later Feb 27, 2025 48:28


In this episode of Hacker in the Fed, former FBI special agent Chris Tarbell and ex-black hat hacker turned cybersecurity expert Hector Monsegur discuss the leaked Black Basta ransomware logs, a $1.4 billion crypto heist, and new threats targeting Signal Messenger. They also share insights from their latest speaking events, the role of AI in cybersecurity, and the pros and cons of IT centralization in government. Send HATF your questions at questions@hackerandthefed.com.

Discover Daily by Perplexity
Leaked Chat Logs Expose Ransomware Group, AI Tool Diagnoses Diabetes, HIV, and Covid-19, and Scientists Develop New View of Evolution

Discover Daily by Perplexity

Play Episode Listen Later Feb 27, 2025 7:23 Transcription Available


We're experimenting and would love to hear from you!In this episode of 'Discover Daily', a massive leak from the Black Basta ransomware group reveals shocking details about modern cybercrime networks, including a 17-year-old member and $28.7M ransom demands. Security researchers uncover how the group uses corporate tools like ZoomInfo to target English-speaking organizations, while internal conflicts stall their operations. Dive into the dark world of double extortion tactics and parallels to the infamous Conti ransomware leak.In medical tech, meet Mal-ID – an AI breakthrough analyzing immune cells to detect diseases like HIV, lupus, and COVID-19 from a single blood test. Discover how machine learning decodes B-cell and T-cell receptor patterns, offering hope for faster autoimmune disease diagnosis and silent infection detection. This "one-shot sequencing" method could revolutionize personalized medicine by mapping your immune system's entire history.Lastly, evolution gets a rewrite as scientists discover gene loss drives adaptation in marine life. A Molecular Biology and Evolution study shows how sea squirts called appendicularians thrived by deleting 16 key genes, enabling radical ocean adaptations and hidden "cryptic species." Explore the "less is more" evolutionary model challenging assumptions about genetic complexity – and what it means for future bioengineering breakthroughs.From Perplexity's Discover Feed:https://www.perplexity.ai/page/leaked-chat-logs-expose-ransom-TNwzdMedSOCWv34yS7HItg https://www.perplexity.ai/page/ai-tool-diagnoses-diabetes-hiv-60yD.7CfT9OBJzcTZ.LYMw https://www.perplexity.ai/page/scientists-develop-new-view-of-LQXruZGGQ1Oxdf.UzbgaJgIntroducing Perplexity Deep Research:https://www.perplexity.ai/hub/blog/introducing-perplexity-deep-research Perplexity is the fastest and most powerful way to search the web. Perplexity crawls the web and curates the most relevant and up-to-date sources (from academic papers to Reddit threads) to create the perfect response to any question or topic you're interested in. Take the world's knowledge with you anywhere. Available on iOS and Android Join our growing Discord community for the latest updates and exclusive content. Follow us on: Instagram Threads X (Twitter) YouTube Linkedin

Cyber Morning Call
734 - Aprendizados no leak do ransomware Black Basta

Cyber Morning Call

Play Episode Listen Later Feb 26, 2025 6:31


Referências do Episódio Roteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Storm⚡️Watch by GreyNoise Intelligence
Cybersecurity Under Fire: MiC Leadership, Edge Device Threats, and Black Basta Secrets

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Feb 25, 2025 65:07


Forecast = Expect a storm of insights as we tackle cybersecurity's cloudy diversity gaps, edge device downpours, and ransomware winds blowing from Black Basta! ‍ In this episode of Storm⚡️Watch, we kick things off with an insightful interview with Mary N. Chaney, the CEO of Minorities in Cybersecurity (MiC). MiC is a groundbreaking organization dedicated to addressing the lack of support and representation for women and minority leaders in cybersecurity. Mary shares how MiC is building a community that fosters leadership development and equips members with essential skills for career advancement. We also discuss the alarming statistics that highlight the underrepresentation of minorities in cybersecurity leadership roles and explore how MiC's programs, like The MiC Inclusive Community™ and The MiC Leadership Series™, are making a tangible difference. Next, the crew descends into a critical discussion about edge security products, drawing on insights from Censys. These devices, while vital for network protection, are increasingly becoming prime targets for attackers. We examine recent vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog, including flaws in products from Palo Alto Networks and SonicWall, and explore how state-sponsored actors like Salt Typhoon are exploiting these weaknesses. The conversation underscores the importance of proactive patch management and tools like attack surface monitoring to mitigate risks. In the next segment, we analyze leaked chat logs from the Black Basta ransomware group with insights from VulnCheck. These logs reveal how Black Basta prioritizes vulnerabilities in widely used enterprise technologies, their rapid response to new advisories, and even their pre-publication knowledge of certain CVEs. We break down their strategy for selecting targets based on financial viability, industry focus, and vulnerability presence, offering actionable advice for defenders to stay ahead. Finally, we turn our attention to GreyNoise's recent observations of active exploitation campaigns targeting Cisco vulnerabilities by Salt Typhoon, a Chinese state-sponsored group. Using data from GreyNoise's global observation grid, we discuss how legacy vulnerabilities like CVE-2018-0171 remain valuable tools for advanced threat actors. This segment highlights the importance of patching unaddressed issues and leveraging real-time threat intelligence to protect critical infrastructure. Storm Watch Homepage >> Learn more about GreyNoise >>  

ALEF SecurityCast
Ep#269 - Apple Ustoupil! V Británii Ruší Šifrování iCloudu. Kdo Bude Další?

ALEF SecurityCast

Play Episode Listen Later Feb 24, 2025 6:58


Apple pod tlakem britské vlády ruší koncové šifrování iCloudu, kryptoburza Bybit přišla o rekordních 1,5 miliardy dolarů při útoku skupiny Lazarus, Juniper opravuje kritickou zranitelnost routerů a unikly interní chaty gangu Black Basta. To vše v SecurityCastu Ep.269!Kapitoly:00:00 Apple ruší Advanced Data Protection iCloudu v Británii01:42 Únik interních chatů gangu Black Basta04:14 Bybit: Největší krádež kryptoměn v historii05:39 Juniper opravuje kritickou zranitelnost06:38 Meme týdneOdkazy a zdroje:https://www.reuters.com/technology/apple-removing-end-to-end-cloud-encryption-feature-uk-bloomberg-news-reports-2025-02-21/https://thehackernews.com/2025/02/bybit-confirms-record-breaking-146.htmlhttps://supportportal.juniper.net/s/article/2025-02-Out-of-Cycle-Security-Bulletin-Session-Smart-Router-Session-Smart-Conductor-WAN-Assurance-Router-API-Authentication-Bypass-Vulnerability-CVE-2025-21589?language=en_UShttps://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-s-internal-chat-logs-leak-online/www.stanovo.cz#ITBezpecnost #IT #Novinky #bezpecnost #Česko

Security Squawk
2024 Ransomware Surge: Hospitals, Schools, and Industries Under Attack | Cybersecurity Crisis Alert

Security Squawk

Play Episode Listen Later Dec 10, 2024 48:55


In this explosive episode of Security Squawk, we dive deep into the latest wave of devastating ransomware attacks that are shaking the foundations of healthcare, education, and major industries. From hospitals to vodka makers, no sector is safe from the relentless onslaught of cybercriminals. Healthcare Crisis: Discover how Anna Jaques Hospital and PIH Health fell victim to attacks, exposing sensitive data of over 300,000 patients and disrupting critical care services. Education Under Attack: Learn about the ransomware strike on Highland Park ISD in Texas, and the challenges faced by schools in the digital age. Industry Giants Crumble: Uncover how a ransomware attack forced vodka maker Stoli to file for bankruptcy, showcasing the financial devastation of cyber threats. ️ Government in the Crosshairs: Explore the ongoing saga of the Hoboken City Hall ransomware attack and its impact on local government services. Medical Tech at Risk: Analyze the alarming ransomware attack on a leading heart surgery device maker and its potential life-threatening consequences. Supply Chain Chaos: Examine the far-reaching implications of the Blue Yonder SaaS breach by the Termite ransomware gang on global supply chains. Plus, don't miss our crucial follow-up section: FBI's Urgent Warning: Learn why the FBI is urging users to change their WhatsApp, Facebook Messenger, and Signal apps immediately. ‍♂️ Evolving Threats: Uncover the latest tactics of the Black Basta ransomware group, including email bombing and QR code manipulation. Join our expert panel as we dissect these cyber attacks, discuss prevention strategies, and explore the future of cybersecurity in an increasingly vulnerable digital landscape.

Cyber Security Headlines
Week in Review: Deepfake targets Wiz, Black Basta leverages Teams, Russia's Linux plans

Cyber Security Headlines

Play Episode Listen Later Nov 1, 2024 24:35


Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest David Cross, SVP/CISO, Oracle. Also check out David's travel blog and recent “Secure by Default” white paper at IT ISAC. Thanks to our show sponsor, Dropzone AI Security operations are evolving, and AI is leading the way. Dropzone AI autonomously investigates 100% of your alerts with precision, freeing up your team to focus on real threats. See how this works in action. Visit dropzone.ai and schedule a demo today. Add to Description: All links and the video of this episode can be found on CISO Series.com

Security Squawk
Data Breaches Unmasked: The Shift from Ransomware to Silent Intrusions

Security Squawk

Play Episode Listen Later Oct 29, 2024 40:05


In this episode of Security Squawk, we dive deep into the alarming rise of data breaches that bypass ransomware altogether. As cybercriminals evolve their tactics, organizations are left vulnerable to silent intrusions that compromise sensitive information without a ransom demand. Join us as we explore recent high-profile cases, including the shocking breach affecting 800,000 individuals at Landmark Insurance and the cunning new tactics employed by the Black Basta ransomware group posing as IT support on Microsoft Teams. We'll also follow up on previous stories, including the delayed disclosures from Henry Schein and the massive data theft impacting UnitedHealth. Tune in to discover how these trends are reshaping the cybersecurity landscape and what businesses can do to safeguard their data against this emerging threat. Don't miss out—your data might depend on it!

Microsoft Threat Intelligence Podcast
Black Basta and the Use of LLMs by Threat Actors

Microsoft Threat Intelligence Podcast

Play Episode Listen Later Aug 28, 2024 23:45


In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Microsoft security researchers Anna Seitz and Daria Pop to discuss the latest trends in ransomware and the evolving role of AI in cyber threats. Daria Pop provides insights into the shifting tactics of Black Basta ransomware, including their use of phishing, social engineering, and remote management tools. The discussion also covers the persistence of malvertising and its challenges for defenders. Anna Seitz explores how state-sponsored threat actors, including Forest Blizzard, Emerald Sleet, and Crimson Sandstorm, are leveraging large language models (LLMs) for various malicious activities.     In this episode you'll learn:        Why the takedown of Qakbot impacted Black Basta's strategies  What malvertising is and why its persistence is due to the complex nature of ad traffic  How the MITRE Atlas framework assists defenders in identifying new threats    Some questions we ask:        What role does social engineering play in the campaigns involving Quick Assist?  How are North Korean threat actors like Emerald Sleep using LLMs for their campaigns?  Can you explain the changes in Black Basta's initial access methods over the years?    Resources:   View Anna Seitz on LinkedIn   View Daria Pop on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.  

Talion Threat Set Radio
Threat Bulletin #276

Talion Threat Set Radio

Play Episode Listen Later Aug 2, 2024 7:22


Microsoft vows less reliance on kernel drivers following CrowdStrike incident.Cloudflare trial product increasingly abused for criminal obfuscation.Black Basta sees success with in house tools following QBot takedown.

Storm⚡️Watch by GreyNoise Intelligence
DigiCert's Certificate Revocation, VMware ESXi Vulnerability, and North Korean Espionage

Storm⚡️Watch by GreyNoise Intelligence

Play Episode Listen Later Jul 30, 2024 54:52


Forecast = Persistent cyber heat dome in effect with no sign of abatement. In this episode of Storm⚡️Watch, we dive into the latest cybersecurity news and trends. We kick things off with a breaking story about DigiCert's certificate revocation incident. Due to a validation issue affecting about 0.4% of their domain validations, DigiCert is revoking certificates with less than 24 hours' notice. This could impact thousands of SSL certs and potentially cause outages worldwide starting July 30 at 19:30 UTC. Organizations using affected certificates should be prepared for a busy night of renewals. Our Cyberside Chat focuses on a critical vulnerability in VMware ESXi hypervisors that ransomware operators are actively exploiting. Identified as CVE-2024-37085, this flaw allows attackers to gain full administrative access to ESXi servers without proper validation. Several ransomware groups, including Storm-0506 and Storm-1175, have been using this vulnerability to deploy ransomware like Akira and Black Basta. Microsoft reports that incidents targeting ESXi hypervisors have doubled over the past three years, highlighting the growing threat to these systems. In our Cyber Spotlight, we examine a global cyber espionage campaign conducted by North Korean hackers. This operation aims to steal classified military intelligence to advance Pyongyang's nuclear weapons program. The hackers, known as Anadriel or APT45, have targeted defense and engineering companies involved in producing tanks, submarines, naval ships, fighter jets, and missile technologies. The campaign affects not only the US, UK, and South Korea but also entities in Japan and India. This underscores the persistent threat posed by state-sponsored actors from North Korea in their pursuit of military and nuclear ambitions. We wrap up with our Tag Roundup, highlighting recent trends in cyber threats, and our KEV Roundup, discussing the latest known exploited vulnerabilities cataloged by CISA. These segments provide valuable insights into the current threat landscape and help our listeners stay informed about potential risks to their organizations. Don't forget to check out the Storm Watch homepage and learn more about GreyNoise for additional cybersecurity resources and updates. Storm Watch Homepage >> Learn more about GreyNoise >>  

The CyberWire
The Black Basta ransomware riddle. [Research Saturday]

The CyberWire

Play Episode Listen Later Jul 27, 2024 19:04


Dick O'Brien from Symantec Threat Hunter team is talking about their work on "Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day." Also going to provide some background/history on Black Basta. CVE-2024-26169 in the Windows Error Reporting Service, patched on March 12, 2024, allowed privilege escalation. Despite initial claims of no active exploitation, recent analysis indicates it may have been exploited as a zero-day before the patch. The research can be found here: Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day Learn more about your ad choices. Visit megaphone.fm/adchoices

Research Saturday
The Black Basta ransomware riddle.

Research Saturday

Play Episode Listen Later Jul 27, 2024 19:04


Dick O'Brien from Symantec Threat Hunter team is talking about their work on "Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day." Also going to provide some background/history on Black Basta. CVE-2024-26169 in the Windows Error Reporting Service, patched on March 12, 2024, allowed privilege escalation. Despite initial claims of no active exploitation, recent analysis indicates it may have been exploited as a zero-day before the patch. The research can be found here: Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day Learn more about your ad choices. Visit megaphone.fm/adchoices

Hack és Lángos
HnL335 - Black Basta lives matter

Hack és Lángos

Play Episode Listen Later Jun 20, 2024 63:18


Mai menü:google keresö algoritmus kiszivárgottAwareness - edzőterem élményWindows Defender Got You Down? Try No-Defender!Black Basta  Elérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show

Risky Business
Risky Business #753 – Congress and vuln researchers maul Microsoft

Risky Business

Play Episode Listen Later Jun 19, 2024 63:37


On this week's retreat special, the entire Risky Business team is together in a tropical paradise for the first time. The team takes a break from the infinity pool to discuss the week's security news: Microsoft recalls Recall, but why did it have to be such a mess And a Windows kernel wifi code-exec, really? Passkeys and identity are hard Scattered Spider bigwig arrested in Spain The pentagon runs a deeply flawed info-op Is it time E2E crypto nerds accept their place in the world? And much, much more. This week's show is brought to you by Corelight… Corelight's CEO Brian Dye will be along in this week's sponsor interview to make a really compelling case for something that shouldn't exist… which is NDR in cloud environments. Show notes Microsoft shelves Recall feature release after security uproar Microsoft's Recall puts the Biden administration's cyber credibility on the line | CyberScoop Microsoft's cybersecurity vulnerabilities endanger America US lawmakers grill Microsoft president over China ties, hacks | Reuters Microsoft Refused to Fix Flaw Years Before SolarWinds Hack — ProPublica CVE-2024-30078 - Security Update Guide - Microsoft - Windows Wi-Fi Driver Remote Code Execution Vulnerability Security bug allows anyone to spoof Microsoft employee emails | TechCrunch Patrick Gray on X: "I was wrong about some things I said about iCloud accounts in this week's show and I'll tell you all exactly how I was wrong in next week's show" Passkeys in Microsoft Authenticator and Entra ID Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake | WIRED MFA plays a rising role in major attacks, research finds | Cybersecurity Dive Luke Jennings on LinkedIn: saas-attacks/techniques/ghost_logins/description.md at main ·… Alleged Boss of ‘Scattered Spider' Hacking Group Arrested – Krebs on Security EXPOSED: Identities of Iranian Hackers Targeting Israel and Other Countries Revealed | Matzav.com Ransomware attackers quickly weaponize PHP vulnerability with 9.8 severity rating | Ars Technica Windows flaw may have been exploited with Black Basta ransomware before it was patched Crown Equipment Corporation victim of a Ransomware attack | Born's Tech and Windows World City governments in Michigan, New York face shutdowns after ransomware attacks Cleveland confirms ransomware attack as City Hall remains closed Authorities investigating extended ‘network outage' at organization that runs TheBus Pentagon ran secret anti-vax campaign to incite fear of China vaccines Shashank Joshi on X: "Just finished “Information Operations”, a new book by @TathamSteve. Includes this anecdote on a British effort to stop children throwing stones at a base in Afghanistan. “LRGR was the abbreviation for the Long-Range Gonad Reducer.” https://t.co/zmoxb45Cgz" Dmitri Alperovitch on X: "@shashj They also allegedly hacked the email of the lieutenant leading the medical service of the 960th unit and retrieved the medical certificates of 150 officers and enlisted personnel" Signal president Meredith Whittaker criticizes EU attempts to tackle child abuse material

Talion Threat Set Radio
Threat Bulletin #270

Talion Threat Set Radio

Play Episode Listen Later Jun 14, 2024 6:56


PoC exploit code available for heavily targeted Veeam backup solution.New loader dubbed PhantomLoader delivers MaaS payloads.Black Basta may have exploited flaw 3 months before fix issued, as 0 day.

Cyber Security Headlines
Life360 faces extortion attempt, White House reports increase in federal attacks, Black Basta exploits zero-day flaw in windows

Cyber Security Headlines

Play Episode Listen Later Jun 13, 2024 8:02


Life360 faces extortion attempt after Tile data breach White House report highlights increase in federal attacks Russian hacker with ties to LockBit and Conti gangs arrested Thanks to today's episode sponsor, Vanta When it comes to ensuring your company has top-notch security practices, things can get complicated, fast. Vanta automates compliance for SOC 2, ISO 27001, and more, saving you time and money. With Vanta, you can unify your security program management and proactively manage security reviews with AI-powered security questionnaires.Our listeners get $1,000 off at vanta.com/headlines.  

XenTegra - IGEL Weekly
IGEL Weekly: IGEL Response to CISA Black Basta Cybersecurity Advisory

XenTegra - IGEL Weekly

Play Episode Listen Later Jun 13, 2024 24:32 Transcription Available


In response to the increasing cyber threats identified by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS), including the aggressive ransomware campaigns by the Black Basta group, IGEL's Preventative Security Model™ stands as a critical defence mechanism for the healthcare industry. This model prioritizes proactive prevention over merely reactive measures, ensuring that healthcare organizations are not just responsive but fortified proactively against sophisticated malware and ransomware attacks that exploit endpoint vulnerabilities. As threats like Black Basta continue to evolve, employing advanced tactics such as spear phishing and exploiting critical vulnerabilities within commonly used software, the emphasis on robust endpoint security and comprehensive threat prevention strategies has never been more crucial.Host: Andy WhitesideCo-host: Chris Feeney

Alliant Specialty Podcasts
Battling Black Basta: Cyber Threats and D&O Insurance Insights

Alliant Specialty Podcasts

Play Episode Listen Later Jun 10, 2024 13:17


The Black Basta ransomware group has become a significant concern, prompting the issuance of a joint Cybersecurity Advisory. Join Steve Shappell and David Finz, Alliant Claims & Legal, as they discuss the escalating concern surrounding the Black Basta ransomware syndicate and its implications for cyber risk management. Originating from Russia, this group has been targeting healthcare and critical infrastructure sectors, prompting a joint cybersecurity advisory from several U.S. agencies. The advisory provides technical details and mitigation strategies to help organizations protect their data and networks. They also explore the importance of precise policy language in D&O insurance, especially in cases involving bankruptcy and prior acts, emphasizing the need for meticulous scrutiny to ensure comprehensive coverage.

Pharma and BioTech Daily
Pharma and Biotech Daily: Your Daily Dose of Healthcare Insights

Pharma and BioTech Daily

Play Episode Listen Later Jun 3, 2024 4:21


Good morning from Pharma and Biotech daily: the podcast that gives you only what's important to hear in Pharma e Biotech world.## The healthcare industry is facing various challenges, including nursing homes suing to block a staffing mandate, healthcare organizations not being prepared for cyberattacks, the impact of Ascension's cyberattack, and a house committee targeting healthcare consolidation. Trends in addressing social determinants of health and site-neutral payments are also discussed. A report shows that over a third of healthcare organizations lack a cyberattack contingency plan. Stay informed on healthcare news and trends through the Healthcare Dive newsletter.## Data-driven marketing strategies are crucial for success in today's competitive landscape. Marketers are using data to optimize campaigns and gain insights into consumer behavior. Examples include Pop-Tarts Bites using data to improve ad recall and engagement rates. Legacy media investing in connected TV, retail media convergence, the impact of cookie deprecation on marketing strategies, and the latest trends in marketing data are also covered. Marketing Dive delivers this content to subscribers as part of their newsletter subscription.## AstraZeneca aims to expand its cancer drug sales, while Pfizer and Lilly enter the direct-to-consumer market online. The European Commission declines to revoke approval of PTC Duchenne drug, calling for a new review. Amgen's drug for tough-to-treat lung cancer receives FDA approval, and Regeneron faces new biosimilar threats. An AI biotech has laid off staff, with companies focusing on immune disease research and treatments. Moderna wins a patent dispute, Walgreens and CVS rethink their pharmacy business, and weight-loss drug shortages affect patients. Biopharma Dive provides news and insights on biotech and pharma trends.## AstraZeneca plans to achieve $80 billion in annual revenue by 2030, launching 20 new drugs before the end of the decade. Bio lays off 30 employees as Congress moves forward with the Biosecure Act. Lilly signs a potential $1.1 billion deal with Aktis Oncology for radiopharmaceuticals, GSK's long-acting asthma drug shows positive results in Phase III trials, FDA approves interchangeable biosimilars to Regeneron's Eylea, strong Phase III data for Dupixent by Sanofi and Regeneron, and AltruBio raises $225 million in Series B funding.## AstraZeneca invests $1.5 billion in an antibody-drug conjugate (ADC) manufacturing plant in Singapore. The global market for GLP-1 receptor agonists is projected to reach $125 billion by 2033. Gilead highlights positive results for a liver disease drug, while Rapport Therapeutics and Telix Pharma file for IPOs. Sino Biological offers recombinant cytokines for cell culture research. Bayer announces 1,500 layoffs as part of a company overhaul.## Humana CEO Bruce Broussard steps down on July 1, with current COO Jim Rechtin taking over. Inpatient admissions boost revenue for for-profit providers in Q1. The US increases tariffs on medical products from China to boost domestic production. Black Basta ransomware targets critical infrastructure providers, causing concern among authorities.## Bayer undergoes layoffs as part of a company shake-up led by CEO Bill Anderson. FogPharma and ArtBio collaborate on designing a new radiopharma drug. Sands Capital raises a $555 million fund for biotech 'crossover' investing.## Big pharma companies pledge $2.16 billion in investments in France to boost global manufacturing and research capabilities. Interest grows in cancer vaccines as a potential breakthrough in immunotherapy.## Ascension confirms a ransomware attack leaving its computer systems offline. Insurers see elevated utilization in Q1 with minimal financial impact from cyberattacks.## The biotech industry sees a surge in cell and gene therapy technologies with biosimilar uptake showing mixed results. Novartis' biosimilar sales grow while Boehringer Ingelheim's biosi

The Medcurity Podcast: Security | Compliance | Technology | Healthcare
The Ascension Breach and the Importance of Cybersecurity | Medcurity Live 050

The Medcurity Podcast: Security | Compliance | Technology | Healthcare

Play Episode Listen Later May 29, 2024 6:05


The Ascension breach has rocked the healthcare sector, and we're breaking down what happened. In this episode, we cover: - The Ascension Breach: How the Black Basta group managed to breach one of the largest healthcare associations.  - Immediate Impact: Delays in patient care, administrative chaos, and over 1.2 million patient records exposed.  - Key Takeaways: The vulnerabilities exposed, the challenges of recovery, and the importance of maintaining patient trust.  - Cybersecurity Essentials: Steps every healthcare organization should take to enhance their cybersecurity posture. Learn about effective defenses against breaches and protect your organization.  Learn more about Medcurity here: https://medcurity.com 

The Gate 15 Podcast Channel
Weekly Security Sprint EP 66. Cyber Storm, Hostile Events, MDM, and deceptive hiring

The Gate 15 Podcast Channel

Play Episode Listen Later May 21, 2024 32:30


On the latest episode of the Security Sprint, Dave and Andy talked about the following topics. Warm Start Information Sharing: A Valuable Tool in Preventing Cyber Attacks CISA: Prepared Together – Cyber Storm IX Recap   Main Topics   Physical Threats & Violence Gate 15 White Paper: The Hostile Event Attack Cycle (HEAC), 2021 Update New Jersey Marine arrested after allegedly making threats to kill White people, 'began planning' mass shooting DOJ: Maryland Woman Pleads Guilty to Conspiring to Destroy the Baltimore Region Power Grid   U.S. Department of State: Worldwide Caution, 17 May. Due to the potential for terrorist attacks, demonstrations, or violent actions against U.S. citizens and interests, the Department of State advises U.S. citizens overseas to exercise increased caution.    Elections, Info Ops, Resources:  Misinformation perceived as a bigger informational threat than negativity: A cross-country survey on challenges of the news environment Sekoia: Master of Puppets: Uncovering the DoppelGänger pro-Russian influence campaign Canadian Centre for Cyber Security How to identify misinformation, disinformation, and malinformation (ITSAP.00.300). Opening Statement by CISA Director Jen Easterly at the Update on Foreign Threats to the 2024 Elections Hearing US intelligence spotted Chinese, Iranian deepfakes in 2020 aimed at influencing US voters Contagious Disruption: How CCP Influence and Radical Ideologies Threaten Critical Infrastructure and Campuses Across the United States Russian Connections to Israel-Gaza Protests   Democratic People's Republic of Korea Leverages U.S.-Based Individuals to Defraud U.S. Businesses and Generate Revenue.  Charges and Seizures Brought in Fraud Scheme, Aimed at Denying Revenue for Workers Associated with North Korea Justice Department Announces Arrest, Premises Search, and Seizures of Multiple Website Domains to Disrupt Illicit Revenue Generation Efforts of Democratic People's Republic of Korea   Quick Hits UK NCSC: Business email compromise: new guidance to protect your organisation Canadian Centre for Cyber Security Rethink your password habits to protect your accounts from hackers (ITSAP.30.036) CISA: Encrypted DNS Implementation Guidance Software Transparency in SaaS Environments TLP:CLEAR | FB-ISAO Newsletter.  Reliaquest: New Black Basta Social Engineering Scheme Microsoft: Threat actors misusing Quick Assist in social engineering attacks leading to ransomware Stairwell threat report: Black Basta overview and detection rules Iran Declares Mourning Period As President, Foreign Minister Killed In Helicopter Crash Israel insists 'it wasn't us' after 'Butcher of Tehran' Iranian president is killed in mysterious helicopter crash a month after ordering missile attack on the Jewish state while Islamic regime supports Hamas in Gaza war ICC prosecutor seeks arrest warrants against Netanyahu, Hamas leaders. Senators unveil plan to regulate AI, as companies race ahead Men accused of plot to attack Jews with machine guns in north-west England DHS Announces Creation of the Homeland Intelligence Advisory Board.  U.S. Attorney's Office and Law Enforcement Partners Take Action Against Money Mules in Order to Disrupt Transnational Fraud Schemes and Educate Public. Two Foreign Nationals Arrested for Laundering At Least $73M Through Shell Companies Tied to Cryptocurrency Investment Scams Feds nab alleged money launderers for pig butchering scheme Senator Vance issues warning on China-backed Volt Typhoon threat to US critical infrastructure BreachForums seized by FBI for 2nd time 6K-plus AI models may be affected by critical RCE vulnerability Tinyproxy (CVE-2023-49606) – Vulnerability Analysis and Exploitation British engineering giant Arup revealed as $25 million deepfake scam victim  

David Bombal
#468: You have to look out for these hacks in 2024! (plus get FREE training)

David Bombal

Play Episode Listen Later May 21, 2024 43:57


Big thank you to Cisco for sponsoring this video! (And for the FREE Ethical Hacking Training!) // Free Ethical Hacking course // Free Ethical Hacking course: https://skillsforall.com/course/ethic... // Talos Report // 2024 Q1 Trends: https://blog.talosintelligence.com/ta... These are the threats you need to be aware of in 2024 from the Talos Report: * Talos IR also observed a variety of threats in engagements, including data theft extortion, brute-force activ- ity targeting VPNs, and the previously seen commodity loader Gootloader. * Talos IR responded to new variants of Phobos and Akira ransomware for the first time this quarter as well as the previously seen LockBit and Black Basta ransomware operations. * A recent Talos IR engagement suggests that Akira has returned to using encryption as an additional extortion method, now deploying a multipronged attack strategy to target Windows and Linux ma- chines. * Security researchers discovered an MFA bypassing phishing kit called “Tycoon 2FA” that has since become one of the most widespread phishing kits. However, this has yet to appear in any Talos IR engagements. Firewalls getting hacked: ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices: https://blog.talosintelligence.com/ar... AI voice cloning: The use of voice cloning of voice mails to sound authentic. Attackers use voice clones to phone help desk and reset passwords etc. 2FA is a major issue: "Users accepting unauthorized MFA push notifications was the top observed security weakness, accounting for 25 percent of engagements this quarter. The lack of proper MFA implementation closely followed, accounting for 21 percent of engagements, a 44 percent decrease from the previous quarter" // Martin Lee's SOCIAL // Twitter / X: / mlee_security LinkedIn: / martinlee Talos Blog: http://blogs.cisco.com/tag/trac/ Security Website: https://sec.cloudapps.cisco.com/secur... Cisco Blog: https://blogs.cisco.com/author/martinlee // Book // Cyber Threat Intelligence by Martin Lee: USA: https://amzn.to/4dJ2LQj UK: https://amzn.to/3K3TqVH // Articles MENTIONED // Talos Incident Response Threat Summary for Jan- March 2024: https://blog.talosintelligence.com/co... // David SOCIAL // Discord: / discord Twitter: / davidbombal Instagram: / davidbombal LinkedIn: / davidbombal Facebook: / davidbombal.co TikTok: / davidbombal YouTube: / @davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com // MY STUFF // https://www.amazon.com/shop/davidbombal Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only. #ai #iphone #android

Risky Business
Risky Business #748 -- New cyber rules for US healthcare are coming

Risky Business

Play Episode Listen Later May 15, 2024 62:33


This week Patrick Gray and Adam Boileau along special guest Lina Lau discuss the week's news, including: The ongoing Ascension healthcare disruption, and Whether its reasonable for healthcare orgs to be pushing back Platforming cybercriminals for interviews Own the libs by… not using E2EE messaging? CISA's secure by design, we want to believe! The $64billion scale of indusrialised fraud And much, much more. This week's sponsor is network discovery specialist, Run Zero. Director of research Rob King joins to talk about the weird and wonderful delights in their new Research Report. Show notes Federal agencies assisting Catholic health network amid cyberattack After Ascension ransomware attack, feds issue alert on Black Basta group As White House preps new cyber rules for healthcare, Neuberger says backlash is unwarranted Stolen children's health records posted online in extortion bid Guidance for organisations considering payment in... - NCSC.GOV.UK How Did Authorities Identify the Alleged Lockbit Boss? – Krebs on Security In interview, LockbitSupp says authorities outed the wrong guy A (Strange) Interview With the Russian-Military-Linked Hackers Targeting US Water Utilities | WIRED UK 'increasingly concerned' about Russian intelligence links to hacktivists Civil society under increasing threats from ‘malicious' state cyber actors, US Elon Musk Weighs in on the Encryption Wars Between Telegram and Signal Encrypted services Apple, Proton and Wire helped Spanish police identify activist | TechCrunch Christie's Website Offline For A Fifth Day And The Company Is Still Silent On The Extent Of Last Week's Security Breach 68 tech, security vendors commit to secure-by-design practices | Cybersecurity Dive UK government urges caution over blaming China for Ministry of Defence breach Black Basta group spam-bombs victims and then calls to help Southeast Asian scam syndicates stealing $64 billion annually, researchers find The $2.3 Billion Tornado Cash Case Is a Pivotal Moment for Crypto Privacy | WIRED ADVANCED APT EMULATION LABS

The technology blog and podcast
The Security box, podcast 191: Our Lax Damn Cybersecurity

The technology blog and podcast

Play Episode Listen Later May 15, 2024 136:40


On podcast 187 of the security box, we covered water security and this podcast is no different. On this podcast, we're going to talk about lax our damn security is. The title of this program Our Lax Dam Cybersecurity is not meant to be taken as swaring as dam is defined as a stopping point for water. Once that breaks, water can cause tons of havoc, so it is actually a good thing. Besides this topic, we'll have our news, notes and more. Things that might be discussed Black Basta breached over 500 organizations to date https://technology.jaredrimer.net/2024/05/10/del-computers-had-a-databreach/ So … What's going on with the vistamo guy and his sentence? So, is lockbitsupp completely wrong in him saying they have the wrong man? What's going on with Ascension ? Lockbit is still out there, sent through other network Lax Dam Cybersecurity I thought we blogged this, but it looks like we did not. Luckily for searching this out as I knew I had it in my inbox, the article comes from Cyberscoop. The article is titled Congress sounds alarm on lax dam cybersecurity which was a good one. If you read the article, what did you think? Supporting the podcast If you'd like to support our efforts on what this podcast is doing, you can feel free to donate to the network, subscribing to the security box discussion list or sending us a note through contact information throughout the podcast. You can also find contact details on our blog page found here. Thanks so much for listening, reading and learning! We can't do this alone. Internet Radio affiliates airing our program Our Internet Radio stations that carry us include Blue Streak Radio and International Friends Radio Network. The program is also carried live through the Independent Channel which is part of 98.6 the mix, KKMX, International. If you want to carry us, please use the Jared Rimer Network site to do that and let me know about your station. Please allow 3-4 hours for airplay, although we try to go 3 hours for this program. Thanks so much!

Today in Health IT
2 Minute Drill: Ascension Cyber Attack, Chrome Zero Day Vulnerability, and AI at RSA Conference

Today in Health IT

Play Episode Listen Later May 14, 2024 3:46 Transcription Available


In this episode of The 2 Minute Drill, Drex covers the latest updates on the Ascension cyber attack, including the involvement of the Black Basta ransomware group and the challenges faced in recovery. He also explains the importance of updating your Google Chrome browser to protect against a new zero day vulnerability. Lastly, Drex recaps key discussions from the RSA Conference, highlighting insights on AI and cybersecurity from industry leaders and experts. Stay informed and stay secure with these quick updates!Contributions & Community:Become part of the conversation and help shape future episodes by contributing stories and insights. Visit thisweekhealth.com/news and click on "Become a Contributor."Stay Connected:Don't miss out on our upcoming episodes focused on hacking healthcare. Follow our podcast, like and share this post to spread the word, and join the new 229 cyber and risk community for more in-depth discussions and resources.Stay Informed, Stay Secure:Visit thisweekhealth.com/security for more information and resources to bolster your cybersecurity knowledge and defenses.Remember, Stay a little paranoid.

The Daily Decrypt - Cyber News and Discussions
2024 Browser Security Report, Black Basta IT Department, MITRE EMB3D

The Daily Decrypt - Cyber News and Discussions

Play Episode Listen Later May 14, 2024


In today's episode, MITRE debuted EMB3D, a threat model enhancing cybersecurity of embedded devices through collaboration with industry experts. The model aligns with existing frameworks and suggests mechanisms to mitigate threats, aiming to fortify the security ecosystem. Separately, the Black Basta ransomware group's new social engineering tactics, combining email DDoS and vishing, have been exposed by CISA and FBI, underscoring the importance of vigilance against evolving attack vectors in cybersecurity. Lastly, LayerX's 2024 Browser Security Report sheds light on browser risks in enterprises, urging leaders to address vulnerabilities and recommending proactive security measures. For more information, visit https://www.helpnetsecurity.com/2024/05/13/mitre-emb3d-framework/, https://www.helpnetsecurity.com/2024/05/13/black-basta-social-engineering/, and https://thehackernews.com/2024/05/the-2024-browser-security-report.html. EMB3D, cybersecurity, embedded devices, collaborative efforts, Black Basta, campaign, vishing, ransomware, LayerX, browser extensions, AI-powered threats, enterprise Search phrases: EMB3D cybersecurity threat model for embedded devices collaborative efforts in EMB3D model development challenges in embedded device security Black Basta social engineering campaign Black Basta ransomware group access methods protecting organizations from Black Basta vishing techniques LayerX browser extensions security risks AI-powered threats in browser security mitigating browser-based risks in enterprise protecting sensitive data in the enterprise Transcript: may14 ​ Every web session is a security minefield with unmanaged devices, browser extensions, and AI powered threats posing significant risks. This was revealed in the 2024 Browser Security Report by LayerX. What steps can security leaders take to mitigate these evolving browser based risks and protect sensitive data in the enterprise? Black Basta is at it again, utilizing a new social engineering campaign, combining email DDoS and vishing techniques to trick employees into downloading remote access tools. What steps can organizations take to protect themselves from falling victim to these social engineering tactics? And finally, MITRE has just released a new framework. called EMBED, which is a security threat model for embedded devices, which will provide a knowledge base of cyber threats to embedded devices, and the mechanisms required to mitigate them. How will this model address the evolving challenges in embedded device security? You're listening to The Daily Decrypt. LayerX has just released the annual browser security report for 2024, and it reveals that browsers have become a prime target for cyberattacks, leading to various threats like account takeovers, malicious extensions, and phishing attacks within enterprises. The report highlights that unmanaged devices and personal browser profiles are major risk factors, with 62 percent of the workforce using unmanaged devices and 45 percent using personal browser profiles, which can increase the likelihood of data leaks or phishing incidents. Approximately 33 percent of all extensions in organizations are deemed high risk, with 1 percent confirmed. As malicious attackers exploit deceptive extensions to compromise user data and direct users to phishing sites. Now browsers are in a very. unique position to be either very beneficial or very harmful to users because they sit between you and the websites that are trying to get your information. And we, as users, don't treat browsers this way. We treat them just the same. like a window on our computer, but they're responsible for communicating with the internet. And so, yeah, they have the opportunity to implement security measures that can help protect us from these attacks that happen in the browser, or they have the opportunity to provide malicious extensions and other mechanisms for attackers to get access to our data. So along with the recommendations from this report, The Daily Decrypt recommends checking out some legit browser extensions that might help you identify malicious ones. Now, you gotta be extra careful when you're trying to download browser extensions, especially ones that will help you identify malicious ones. But one that my mom brought to my attention is called guard. io, or guard ee oh. And though I don't love the thought of placing trust in a browser extension to help you avoid getting phished or getting your credentials stolen, Because that trust might cause you to be a little more laxadaisical and click links that you normally wouldn't. So, I don't love that thought, but it is true. good at scanning the reputation of the browser extensions that you have installed and will check the browser extensions that you are going to install for malicious use across the internet. And for the enterprise users out there who are in a position to make some decisions, this report recommends enforcing regular browser updates, which is also applicable to just the general daily user. Implement stringent extension control. shouldn't be allowing your employees to add any extension to their browser that they want. It's got to be limited. Continue training your employees on identifying suspicious activities within the browser. Enforce multi factor authentication throughout your entire enterprise. And, and deploy advanced threat detection tools for proactive defense. Blackpasta is at it again. Blackpasta is a ransomware as a service operator and is employing a new social engineering tactic combining email, denial of service, and vishing to trick employees into downloading remote access tools. So, they're going to start by spamming your inbox with junk email, then pose as IT team members over the phone to offer assistance in installing remote monitoring tools, perhaps in order to address this large influx in spam. And these remote monitoring tools will allow them to access your computer and potentially pivot to other devices in your company's network. Now this is going to be an effective tactic, because people hate spam. Alright, they want to get rid of it. If IT is recognizing that you're getting crap spammed out of you, then they're gonna, you know, you're gonna feel confident that IT has identified this problem that you're seeing and is coming to fix it, right? You're in distress, you want an urgent solution to fix this problem. Oh, there's a call from your IT department. Sure. Yeah, I'll download this tool so you can get in there and you can fix this spam. All right. Well, here's your official warning from the Daily Decrypt. Keep an eye out for that call. If your IT department is calling you on your personal phone, Ask yourself, hey, do we use Slack? Do we use Teams? Shouldn't they be emailing me? Is there a ServiceNow ticket? think about it for a second. You know, the spam is gonna be there. Let's make sure that that's actually your IT department. What can you do? Ask to give them a call back. Go into your workplace, ask your boss for the number of the IT department, and call them. And say, Hey, did you guys just call me? I'm getting a lot of spam, and I got a call from a random number saying they were on it. And if they say no, please report it to your IT department. Hopefully the IT person on the phone will prompt you to do that, but please report it to the IT department. And if you're in IT and you manage an IT department, make sure you're not allowing remote access tools to be installed and launched from your end points. Application management is a huge hill to climb, but definitely start by not allowing any remote access tools, except for the ones that you specifically use. And hey, set up an alert, set up a log monitoring service that will monitor for Remote access tools being launched in your environment by non technical users. And really continue to encourage your employees to report things they find suspicious. If it makes you go, hmm, you should probably report it. And finally, MITRE, who we know for the famous attack and defend frameworks, has partnered with Neo Little Thunder Pearson, Red Balloon Security, and Narf Industries to release a new threat model called Embed, which is specifically designed for embedded devices. This model aims to provide a common understanding of cyber threats to embedded devices and the necessary security mechanisms to mitigate these threats. The embed model received significant interest for peer review from a variety of industries, including energy, water, manufacturing, aerospace, health, automotive, and more, and organizations piloted the threat model and provided essential feedback contributing to the refinement and enhancement of the modelscontent and usability Threats identified within the embed framework are mapped to device properties, aiding users in developing accurate threat models tailored to specific embedded devices. The framework encompasses device vendors, asset owners, security researchers, and testing organizations. The embed framework is designed to evolve continuously with new threats and mitigations being added as new threat actors emerge and vulnerabilities are discovered. This framework is intended to be a community resource where all information is open and publicly available, allowing for submissions of additions and revisions by the security community like you. Now the embed framework is doing a great job at describing what it does. Um, embedded devices are becoming a. Bigger and bigger security risk by the day. And so this is definitely needed in the security community. But what embed is not good at is telling me what embed stands for. Looking at the MITRE website, looking at these articles, I'm not able to see what it stands for. All right. That's going to help me remember what it is. So if you find out what embed stands for, please drop a comment, shoot me a DM on Instagram. I'd love to know. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.

The CyberWire
A battle for digital sovereignty.

The CyberWire

Play Episode Listen Later May 13, 2024 34:16


IntelBroker claims to have breached a Europol online platform. The U.S. and China are set to discuss AI security. U.S. agencies warn against BlackBasta ransomware operators. A claimed Russian group attacks British local newspapers. Cinterion cellular modems are vulnerable to malicious SMS attacks. A UK IT contractor allegedly failed to report a major data breach for months. Generative AI is a double edged sword for CISOs. Reality Defender wins the RSA Conference's Innovation Sandbox competition. Our guest is Chris Betz, CISO of AWS, discussing how to build a strong culture of security. Solar storms delay the planting of corn.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Chris Betz, CISO of AWS, discussing how to build a strong culture of security. In his blog, Chris writes about how AWS's security culture starts at the top, and it extends through every part of the organization.  Selected Reading Europol confirms web portal breach, says no operational data stolen (Bleeping Computer) US and China to Hold Discussions on AI Risks and Security (BankInfo Security) CISA, FBI, HHS, MS-ISAC warn critical infrastructure sector of Black Basta hacker group; provide mitigations (Industrial Cyber) 'Russian' hackers deface potentially hundreds of local British news sites (The Record) Cinterion IoT Cellular Modules Vulnerable to SMS Compromise (GovInfo Security) MoD hack: IT contractor concealed major hack for months (Computing) AI's rapid growth puts pressure on CISOs to adapt to new security risks (Help Net Security) Reality Defender Wins RSAC Innovation Sandbox Competition (Dark Reading) Solar Storms are disrupting farmer GPS systems during critical planting time (The Verge)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Cyber Security Today
Cyber Security Today, May 13, 2024 - Europol police portal hacked, report on Black Basta ransomware gang is released, and more

Cyber Security Today

Play Episode Listen Later May 13, 2024 5:34


This episode reports on a warning from security researchers about a VPN vulnerability, a suspected Russian threat actor using generative AI tools to plagiarize or modify legitimate news stories from mainstream media to pump pro-Russian themes, and more 

Risky Business News
Risky Biz News: Black Basta group spam-bombs victims and then calls to help

Risky Business News

Play Episode Listen Later May 12, 2024 7:12


A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast here. Show notes Risky Biz News: Black Basta group spam-bombs victims and then calls to help

Security Breach
Hackers Learn How to Attack You, From You

Security Breach

Play Episode Listen Later Apr 3, 2024 34:15


It's not always about the ransom, data theft or denial of service.Many cheered with the recent crackdowns  on groups like LockBit, and rightfully so. However, the harsh reality is that most of these victories are short-lived. For example, after law enforcement seized control of multiple LockBit websites and stolen data, the group was back to running extortion campaigns within a week.And the same can be said for many other high-profile busts of groups like Hive and Volt Typhoon. These groups re-build or re-brand, as was the case with the Conti Group offshoot Black Basta. After Conti disbanded, Black Basta reformed from the ashes and tallied over $100 million in ransomware payments last year. My point is not to belittle the incredible work that global agencies are performing, but to illustrate that while the industrial sector continues to make tremendous gains - the war continues. And as we evolve and improve, so will the bad guys. And perhaps no one knows this better than our guest for this episode - Rod Locke. He's the director of project management at Fortinet, a leading provider of OT cybersecurity solutions. Watch/listen as Rod shares his thoughts on:The growing influence of state-sponsored hacker groups.The rise of dwelling or live-off-the-land attacks and how some hackers are more focused on learning about their victims than harming them.Why OT can't always place the blame on IT, and the value in understanding both environments.How some regulatory efforts might have "swung too far."How to attract more "unique individuals" to cybersecurity.An anticipated rise in cloud infrastructure and the ways it will impact data security.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

The Daily Decrypt - Cyber News and Discussions
They Got Popped?? Nvidia’s Sovereign AI, and Microsoft’s Patch Tuesday

The Daily Decrypt - Cyber News and Discussions

Play Episode Listen Later Feb 14, 2024 11:21


From the massive data breaches affecting millions globally, including the largest-ever breach for French citizens, to Nvidia's strategic leap over Amazon in market value, we cover the digital landscape's pressing issues and innovations. Plus, we break down Microsoft's February 2024 Patch Tuesday, addressing critical zero-days and enhancing digital safety. Join us as we explore the implications of these developments for the future of technology and cybersecurity. Original URLs for Each Article: Aircraft Leasing Company Cyberattack: Dark Reading Article Integris Health Data Breach: BleepingComputer Article Bank of America Customer Data Leak: Dark Reading Article Islamic Nonprofit Infiltration: Dark Reading Article French Citizens Data Breach: France TV Info Article Black Basta and Hyundai Motor Europe: Dark Reading Article on Black Basta LockBit and SEIU Local 1000: Dark Reading Article on Subway LockBit Investigation Nvidia's Sovereign AI: Nvidia Blog, Ars Technica Article Microsoft February 2024 Patch Tuesday: Trend Micro Research on CVE-2024-21412, BleepingComputer Article on Microsoft's Patch Thanks to Jered Jones for providing the music for this episode. Find him on Spotify here: https://open.spotify.com/artist/37xLl4KR8hJ5jBuS8zYjQN?si=W75mgw68SsmCb7Zfu5ESeg Transcript: [00:00:00] Good morning listeners. And thanks for tuning in on Valentine's day. Sadly, I do not have anything Valentines related, uh, watch out for romance scams. As always. But we do have two very thrilling stories and a new segment. I'm calling. They got popped. We're going to be talking about. Nvidia and their leap towards sovereign AI and market dominance. And we're also going to be bringing [00:01:00] you the updates from yesterdays patch Tuesday. All right. So first up in an effort to avoid overly discussing data breaches, I'm going to compact them all for you and give them to you. At once. And to help me do this, to help me react to the severity of these breaches, I've brought in my brand new AI girlfriend. Uh, let's name her Tina. Let's kick it off. They got popped. Yes, Tina. Yes, they did. Okay. So first up we have airplanes. Yes, Tina. Yes. Planes, a commercial engine aircraft leasing. Named Willis. Lease finance Corp. Said it suffered a cybersecurity incident on January 31st and [00:02:00] it got its systems knocked offline. Uh, next we have the healthcare sector. Yes, believe it or not. The healthcare sector was just popped Integris health. Last November disclosed personal information, belonging to almost 2.4 million people was exposed. You heard about it yesterday? But bank of America got popped. Yeah, they seem so serious and significant, but yeah, they got popped. The details are in yesterday's episode, but it affected around 57,000 customers. We're going international with an Islamic nonprofit from Saudi Arabia. That's not fair. Saudi Arabia, nonprofit was infiltrated for over three years. By a silent back door. We've got two French companies. No, the baguettes are not even safe. VM muddy and Al Murray. They're both managed third party payments for health insurance [00:03:00] companies. And this combined exposure is the largest ever data breach for French citizens. Staying in Europe. We're talking about Hondai motor Europe. Hyundai. Yes. Uh, but I do love them. Black Basta has. Claim to have stolen three terabytes of data from the Hyundai motor group Europe. And if we talk about text data, that is a lot. And finally back state side. We've got California. A little outdated with the Arnold reference, but lock bit has claimed responsibility for a cyber attack on service employees, international union local, 1000 in California. According to that ransomware gang, it's still 308 gigabytes of data from the union, including employee information, such as social security, numbers, salary information, and financial documents. So as always sign up for crediting credit monitoring. Change your passwords and keep an eye on those bank statements.[00:04:00] All right. So moving into our first real news article story of the day, it's coming to us from ARS Technica, and it is discussing. NVIDIA's CEO Jensen, Hong. Is championing the concept of sovereign AI amid the company, significant leap over Amazon in market value. So that's pretty amazing because Amazon's pretty important. Basically the NVIDIA's CEO is proposing a future where each country controls its own AI destiny. This vision termed sovereign AI suggests a world where nations harness artificial intelligence to preserve their cultural heritage and societal norms. Hong announced this while speaking at the world government summit in Dubai and emphasize the importance of countries owning the production of their own intelligence. So this idea, isn't just about data sovereignty. It's about embedding a nation's language, culture, and collective wisdom into the digital realm. The rise of Nvidia and the global [00:05:00] market. Now neck and neck with Amazon for market value is not just a financial milestone. It's a Testament to the growing importance of AI technology. NVIDIA's GPU's or graphical processing units are critical for AI development and have become indispensable in data centers around the world. Data centers that are used by Amazon. Microsoft Google and more notably open AI. This development underscores how essential AI and invidious technology have become to our digital infrastructure. Highlighting the company's influence in shaping the future of global technology and AI applications. So, this is pretty crazy. I knew Nvidia was doing great due to Bitcoin mining and AI, but I didn't know they were up there on the scale with Amazon. That's pretty cool. In 2019, I built my first computer. And I bought an Nvidia graphics processor, 2070, something like that for, I don't know, four or 500 bucks. Which has felt like a lot at the time.[00:06:00] And that is now over four years ago and that exact graphics processor is worth double it's worth 800 bucks brand new. In tech terms. Tech years are kind of like dog years. Like we progress so much faster in tech. So I, you know, expected that. Graphics processor to decline in value very rapidly. That's not to say that graphics processing hasn't improved much because. Yeah, it's almost even unusable. It's a great graphics processor, but not $800 worth. Good for you, Nvidia. And good for you. Whoever has bought stock in Nvidia, prior to Bitcoin mining and AI and all this stuff, because it's doing pretty well. Yesterday was Microsoft's monthly patch Tuesday. Valentine's day edition to zero days and a total of 73 security flaws. So just to [00:07:00] recap, a zero day is a vulnerability that was built into the initial software to the initial product. That. The company did not know existed. So the two, zero days that were patched were. To CVS. One was a windows SmartScreen security feature bypass, and the other was an internet shortcut files, security feature bypass. So the first one allowed attackers to bypass smart screens security checks by tricking users into opening malicious files. This vulnerability involved attackers exploiting the windows smart screen filter, which is a tool designed to screen out unrecognized apps. And files from the internet to protect users from malicious software by crafting a malicious file in a certain way. Attackers could deceive the smart screen filter into not recognizing the file as a threat. Which often involves manipulating metadata or the files digital signature to either appear benign or to mask its true nature. Once the user is convinced to open the file, believing it to be safe. The attacker could execute malicious [00:08:00] code on the victim system. So this is so huge when. We discussed this when talking about labeling AI content as well, but once the user gets confident, In a security measure, such as this label that identifies malicious files. When they see it, they're going to trust that it's there, and then when it's not there, they're going to trust that it was checked. So just like in the AI content, if people are used to seeing labels. I guess let's use. Corporate email as an example, we've all probably seen these banners on corporate emails that say. This email originated outside of the company, right? When we see that banner, we know to look at it. With a critical eye. But when we don't see that banner, something in our brain says it's safe because we know that that check exists. And when it's not there, it must be safe. Our guard is down when we don't see that banner. That's the same thing about this sort of check. And consumer confidence in [00:09:00] these checks. We trust that they're happening. And so attackers have found a way to exploit that trust. The other. Zero day vulnerability. That was patched yesterday. Is in a similar vein. This vulnerability specifically targets the way windows, processes, internet shortcut files. With respect to mark of the web or M O T w. So MTW is a security feature that assigns a quote zone. To files downloaded from the internet. So similarly, It starts tagging them. As less trusted. Than files originating from the local machine. When a file is tagged windows and various applications apply stricter security measures such as prompting users with warnings. Before execution, same thing. When we're used to seeing that warning and it doesn't come up, we assume it's safe. This basically just allows. Attackers to convince users to download malicious files. And also convinced them that those files are safe. 'cause that warning [00:10:00] didn't pop up. So we're glad Microsoft has patch these. It's just the lesson. Don't. Always trust. Security warnings and security features take your safety into your own hands when you can. Try to stick to downloading files from reputable sources. And if you're feeling advanced, you can go in. To Google and look up, check, sum and file integrity. Checking. Basically the file that is downloaded. From a reputable source. He has a certain signature. And once you get it onto your computer, you can check to see if that signature is still intact. But overall, make sure your systems are regularly patched with security updates, because that's the only way this update's going to get to your computer is by downloading the security updates. So. Make sure to patch. All right. That is it. I hope you guys have great plans for your Valentine's day today. And. We really appreciate you listening. We will talk to you more [00:11:00] tomorrow.

Cyber Security Headlines
Raspberry Robin warning, Hyundai ransomware attack, Cisco job cuts

Cyber Security Headlines

Play Episode Listen Later Feb 12, 2024 8:14


Raspberry Robin – a new one-day exploit targeting Windows Hyundai Europe suffers Black Basta ransomware attack Cisco to cut thousands of jobs as it focuses on high growth areas Huge thanks to our sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To learn more, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.

Cyber Morning Call
Cyber Morning Call - #478 - 05/02/2024

Cyber Morning Call

Play Episode Listen Later Feb 5, 2024 2:36


[Referências do Episódio] “Água Curupira” em parceria com ransomware “Black Basta” lança ataque de spam usando malware “Pikabot” - https://www.trendmicro.com/ja_jp/research/24/b/a-look-into-pikabot-spam-wave-campaign.html Following The AnyDesk Incident: Customer Credentials Leaked And Published For Sale On The Dark Web - https://www.resecurity.com/blog/article/following-the-anydesk-incident-customer-credentials-leaked-and-published-for-sale-on-the-dark-web Exploring the Latest Mispadu Stealer Variant - https://unit42.paloaltonetworks.com/mispadu-infostealer-variant/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

The CyberWire
The mother of all data breaches.

The CyberWire

Play Episode Listen Later Jan 23, 2024 31:49


The mother of all data breaches. CISA director Easterly is the victim of a swatting incident. An AI robocall in New Hampshire seeks to sway the election. Australia sanctions an alleged Russian cyber-crime operator. Atlassian Confluence servers are under active exploitation. Apple patches a webkit zero-day. Black Basta hits a major UK water provider. Hackers who targeted an Indian ISP launch and online search portal. A Massachusetts hospital suffered a Christmas day ransomware attack. Ann Johnson host of the Afternoon Cyber Tea podcast, speaks with Caitlin Sarian, known to many as Cybersecurity Girl. And HP claims bricked printers are a security feature, not a bug.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Microsoft Security's Afternoon Cyber Tea podcast host, Ann Johnson, speaks with Caitlin Sarian, known to many as Cybersecurity Girl, a leading influencer with a cybersecurity-focused social presence. Listen to the full interview here.  Selected Reading Mother of All Breaches: ​a Historic Data Leak Reveals 26 Billion Records (Cybernews) CISA's Easterly the target of ‘harrowing' swatting incident (The Record) AI robocalls impersonate President Biden in an apparent attempt to suppress votes in New Hampshire (PBS NewsHour) Hear fake Biden robocall urging voters not to vote in New Hampshire (YouTube) Medibank hack: Russian sanctioned over Australia's worst data breach (BBC) Hackers start exploiting critical Atlassian Confluence RCE flaw (BleepingComputer) iOS 17.3 and macOS Sonoma 14.3 Patch WebKit Vulnerability That May Have Been Exploited (MacRumors) UK water company that serves millions confirms system attackIndian ISP Hathway Data Breach (The Record) Hacker Leaks 4 Million Users, KYC Data (HACKREAD) Massachusetts hospital claimed to be targeted by Money Message ransomware (SC Media) HP's CEO spells it out: You're a 'bad investment' if you don't buy HP supplies (The Register) HP CEO evokes James Bond-style hack via ink cartridges (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Security Headlines
Sweden grocer cyberattack, Black Basta flaw, Boston hospital cyberattack

Cyber Security Headlines

Play Episode Listen Later Jan 2, 2024 7:03


Swedish national grocer stung by Cactus Flaw in Black Basta decryptor allows recovery of victims' files - temporarily Cyberattack hist Boston area hospital Thanks to today's episode sponsor, NetSPI Take the hassle out of dealing with alert fatigue, validation, and prioritization. Instead, use NetSPI's ASM platform to hone in on what's actually important. Attack surface vulnerabilities constantly evolve, causing a lack of visibility and overwhelm for your security teams. Start the new year off right by partnering with NetSPI to enhance your security program. Visit netspi.com/ASM to learn more.  For the stories behind the headlines, head to CISOseries.com.

Paul's Security Weekly
Cybertruck, Okta, Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More - SWN #345

Paul's Security Weekly

Play Episode Listen Later Dec 1, 2023 29:06


Cybertruck, Okta, Google and More Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-345

Tevora Talks Info-Sec Podcast
Tevora Talks - Okta Hacked + Black Basta Ransomware + Ethyrial Game Data Wiped + MORE!!!

Tevora Talks Info-Sec Podcast

Play Episode Listen Later Dec 1, 2023 26:37


This week, Matt Mosley and Kash Izadseta cover cyber attacks of the Month! Okta Hacked (AGAIN) Black Basta Ransomware's lucrative "business" Ethyrial user account data wiped More more more! Links mentioned in this episode: https://www.bleepingcomputer.com/news/security/okta-october-data-breach-affects-all-customer-support-system-users/ https://www.bleepingcomputer.com/news/security/black-basta-ransomware-made-over-100-million-from-extortion/ https://www.bleepingcomputer.com/news/security/ransomware-attack-on-indie-game-maker-wiped-all-player-accounts/ http://tevoratalks.com Instagram, Twitter, Facebook: @TevoraTalks

Paul's Security Weekly TV
Cybertruck, Okta, Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More - SWN #345

Paul's Security Weekly TV

Play Episode Listen Later Dec 1, 2023 29:11


Cybertruck, Okta, Google and More Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More News on the Security Weekly News. Show Notes: https://securityweekly.com/swn-345

Hack Naked News (Audio)
Cybertruck, Okta, Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More - SWN #345

Hack Naked News (Audio)

Play Episode Listen Later Dec 1, 2023 29:06


Cybertruck, Okta, Google and More Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-345

Risky Business News
Risky Biz News: Black Basta group made $107 million from ransom payments

Risky Business News

Play Episode Listen Later Dec 1, 2023


A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

Hack Naked News (Video)
Cybertruck, Okta, Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More - SWN #345

Hack Naked News (Video)

Play Episode Listen Later Dec 1, 2023 29:11


Cybertruck, Okta, Google and More Google, Black Basta, Zoom, Unitronics, Aaran Leyland, and More News on the Security Weekly News. Show Notes: https://securityweekly.com/swn-345

Risky Business News
Risky Biz News: Black Basta group made $107 million from ransom payments

Risky Business News

Play Episode Listen Later Nov 30, 2023 10:03


A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu. You can find the newsletter version of this podcast here.

Breaking Badness
Special Report - Quadrant Security [Re-Release]

Breaking Badness

Play Episode Listen Later Nov 22, 2023 61:17


We're taking this opportunity to share how grateful we are for the guests and discussions we've had this past year on Breaking Badness. One of which is our conversation with Champ Clark III and Steven Drenning-Blalock from Quadrant Security on how they thwarted the Black Basta ransomware gang. If you didn't have a chance to listen when we initially released this episode, now's a great time to catch up!

The CyberWire
Hacktivist discipline is inversely correlated with sincerity of commitment.

The CyberWire

Play Episode Listen Later Oct 18, 2023 35:07


Hamas and Israel exchange accusations in a hospital strike. Using Gazan cell data to develop intelligence, and using hostages' devices to spread fear. Black Basta ransomware is out and about, again. Qubitstrike is a newly discovered cryptojacking campaign. Preparing for post-quantum security. Tim Starks from the Washington Post looks at one US Senator's ability to gum up cyber legislation. In the Learning Layer, N2K's Sam Meisenberg explores the challenges and best practices of rolling out a large-scale corporate re-skilling program. And attention people of Pompei: that volcano alert is bogus. Probably. Learning Layer. On this segment of Learning Layer, N2K's Sam Meisenberg is joined by Phil, an N2K client who leads Talent Development at a large telecommunication company. They discuss the challenges and best practices of rolling out a large-scale corporate re-skilling program, including increasing learner engagement, accountability, and the importance of internal talent development and recognition. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/199 Selected reading. Blast kills hundreds at Gaza hospital; Hamas and Israel trade blame, as Biden heads to Mideast (AP News) In deadly day for Gaza, hospital strike kills hundreds (Reuters)  Hacktivist attacks against Israeli websites mirror attacks following Russian invasion of Ukraine (ComputerWeekly.com)  Growing Concern Over Role of Hacktivism in Israel-Hamas Conflict (Infosecurity Magazine)  Israel-Hamas war illuminates trouble with political hacking groups (Axios)  ISRAEL GAZA CONFLICT : THE CYBER PERSPECTIVE (CYFIRMA)  Tracking Cellphone Data by Neighborhood, Israel Gauges Gaza Evacuation (New York Times)  Hamas Hijacked Victims' Social Media Accounts to Spread Terror (New York Times) TV advertising sales giant affected by ransomware attack (Record) Chilean government warns of Black Basta ransomware attacks after customs incident (Record) Qubitstrike - An Emerging Malware Campaign Targeting Jupyter Notebooks (Cado Security) DigiCert Global Study: Preparing for a Safe Post-Quantum Computing Future (DigiCert)  SpyNote Android malware spreads via fake volcano eruption alerts (BleepingComputer)  Learn more about your ad choices. Visit megaphone.fm/adchoices

Security Squawk
Ransomware Attacks on Ampersand and Henry Schein: Cybersecurity Insights and Business Advice

Security Squawk

Play Episode Listen Later Oct 18, 2023 43:58


In this episode of the Security Squawk Podcast, we discuss two recent ransomware attacks: 1. Ampersand cyber attack: Ampersand is a company that provides viewership data to advertisers for about 85 million households. The Black Basta ransomware group reportedly claims the attack disrupted Ampersand's operations. 2. Henry Schein cyber attack: Henry Schein is a healthcare solutions company. In a recent cyber attack, they announced that part of their manufacturing and distribution have suffered data breaches. We also discuss: 1. the importance of cyber resilience, which involves preparing for and withstanding cyber-attacks to ensure business continuity 2. the importance of having effective backups, as well as the cost implications of failing to restore data from backups after a ransomware attack 3. email security and the differences between Google Workspace and Microsoft 365 In a world where digital threats loom large, protecting your business is paramount. Tune in now and empower yourself and your business with the knowledge to stay secure in a digital world.

Cyber Security Today
Cyber Security Today, August 21, 2023 - The latest ransomware news, and security patches issued by Cisco, Juniper and Jenkins

Cyber Security Today

Play Episode Listen Later Aug 21, 2023 6:14


This episode includes reports on how much Dallas paid for a ransomware incident response, data released by the Black Basta ransomware gang after an attack on a U.S. housing authority and more

Security Breach
AI - Use It or Lose!

Security Breach

Play Episode Listen Later Jul 13, 2023 18:50


The latest tools and technology needed to create and defend your data fortress.A couple of recent ransomware attacks offer perspective on evolving cybersecurity concerns within the industrial sectorGentex is a Michigan-based manufacturer of electronic safety systems for the automotive sector. They were attacked by a ransomware gang called Dunghill, which is believed to be a rebranded version of the Dark Angels ransomware gang that had historically targeted the gaming and consumer electronics industry.In early May, global industrial component and infrastructure systems manufacturer ABB confirmed that it had also been the victim of a ransomware attack. The group Black Basta reportedly hit the company's Windows Active Directory, disrupting hundreds of devices.The takeaways from these attacks are that ransomware groups continue to evolve, and in doing so are looking to hit new and more lucrative markets. The industrial sector, as you all know, certainly checks this box.These are dynamics that our guest for today's episode, Erik Alfonso Nilsen, Chief Technology Strategist at Flexxon, knows all too well.We're excited to announce that Security Breach is being sponsored by Pentera. For more information on how Automated Security Validation can help you safely test all your IT security controls with the click of a button in a non-stop industrial operational environment, visit pentera.io.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

@BEERISAC: CPS/ICS Security Podcast Playlist
Taking a look at cyber insurance in the industrial space.

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jun 2, 2023 39:41


Podcast: Control Loop: The OT Cybersecurity Podcast (LS 33 · TOP 5% what is this?)Episode: Taking a look at cyber insurance in the industrial space.Pub date: 2023-05-31China's Volt Typhoon snoops into US infrastructure, with special attention to Guam. Is CosmicEnergy just red-teaming, or is it a threat straight out of Red Square? Siemens patches a vulnerability endemic to the energy sector. An update on the Vulkan Papers. A cyberattack leads Suzuki to shut down its Indian production line. BlackBasta conducts ransomware attack against Swiss technology company ABB, and claims responsibility for Rheinmetall attack. Food and Agriculture Information Sharing and Analysis Center stands up.Control Loop News Brief.China's Volt Typhoon snoops into US infrastructure, with special attention to Guam.People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Cybersecurity Advisory)Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft)Chinese hackers spying on US critical infrastructure, Western intelligence says (Reuters)CosmicEnergy, from Russia.COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant)This newly-discovered malware could disrupt power generation — and do physical damage (Washington Post)Siemens patches a vulnerability endemic to the energy sector.Command Injection Vulnerability in CPCI85 Firmware of SICAM A8000 Devices (Siemens)An update on Russia's NTC Vulkan: SIGINT, EW, and cyber ops.7 takeaways from the Vulkan Files investigation (Washington Post)Russian Software Programs Threatening Critical Civilian Infrastructure (Dragos)A cyberattack leads Suzuki to shut down its Indian production line.Suzuki Motorcycle India plant shut down after cyber attack, production affected (Hindustan Times)Suzuki motorcycle plant shut down by cyber attack (Bitdefender)BlackBasta conducts ransomware attack against Swiss technology company ABB.Multinational tech firm ABB hit by Black Basta ransomware attack (BleepingComputer)BlackBasta claims responsibility for Rheinmetall attack.Arms maker Rheinmetall confirms BlackBasta ransomware attack (BleepingComputer)Food and Agriculture Information Sharing and Analysis Center stands up.The food and agriculture industry gets a new center to share cybersecurity information (Washington Post)Control Loop Interview.The interview is with Gerry Glombicki of Fitch Ratings talking about cyber insurance and his opinions on industrial space.Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O'Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardner to continue their discussion on threat hunting. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Security Breach
The Bad Guys Are Salivating Over Manufacturing

Security Breach

Play Episode Play 51 sec Highlight Listen Later Jun 1, 2023 42:57


Inside the resurgence of ransomware attacks and the rise of billion-dollar "unicorn" hacker gangs.Believe it or not, there was a time in recent history when we actually experienced a reprieve in ransomware attacks. According to a report from Black Kite, a leading provider of third-party risk management and cyber intelligence, a number of factors contributed to a flattening of ransomware attack frequency in late 2021 and into 2022.Unfortunately, the bad guys evolved and ransomware attacks have surged in early 2023, with the number of ransomware victims in March of this year coming in at nearly twice that of April 2022, and 1.6 times higher than last year's highest monthly total.New players like Black Basta, as well as new strategies from well-known adversaries like LockBit once again brought manufacturing to the top of the list of favorite targets. According to the report, manufacturing represented nearly one out of every five attacks.Our guest for today's episode is Jeffrey Wheatman, a Cyber Risk Evangelist at Black Kite.We're also excited to announce that Security Breach is being sponsored by Pentera. For more information on their cybersecurity solutions, you can go to Pentara.io.To download our latest report on industrial cybersecurity,  The Industrial Sector's New Battlefield, click here.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

Control Loop: The OT Cybersecurity Podcast
Taking a look at cyber insurance in the industrial space.

Control Loop: The OT Cybersecurity Podcast

Play Episode Listen Later May 31, 2023 39:41


China's Volt Typhoon snoops into US infrastructure, with special attention to Guam. Is CosmicEnergy just red-teaming, or is it a threat straight out of Red Square? Siemens patches a vulnerability endemic to the energy sector. An update on the Vulkan Papers. A cyberattack leads Suzuki to shut down its Indian production line. BlackBasta conducts ransomware attack against Swiss technology company ABB, and claims responsibility for Rheinmetall attack. Food and Agriculture Information Sharing and Analysis Center stands up. Control Loop News Brief. China's Volt Typhoon snoops into US infrastructure, with special attention to Guam. People's Republic of China State-Sponsored Cyber Actor Living off the Land to Evade Detection (Joint Cybersecurity Advisory) Volt Typhoon targets US critical infrastructure with living-off-the-land techniques (Microsoft) Chinese hackers spying on US critical infrastructure, Western intelligence says (Reuters) CosmicEnergy, from Russia. COSMICENERGY: New OT Malware Possibly Related To Russian Emergency Response Exercises (Mandiant) This newly-discovered malware could disrupt power generation — and do physical damage (Washington Post) Siemens patches a vulnerability endemic to the energy sector. Command Injection Vulnerability in CPCI85 Firmware of SICAM A8000 Devices (Siemens) An update on Russia's NTC Vulkan: SIGINT, EW, and cyber ops. 7 takeaways from the Vulkan Files investigation (Washington Post) Russian Software Programs Threatening Critical Civilian Infrastructure (Dragos) A cyberattack leads Suzuki to shut down its Indian production line. Suzuki Motorcycle India plant shut down after cyber attack, production affected (Hindustan Times) Suzuki motorcycle plant shut down by cyber attack (Bitdefender) BlackBasta conducts ransomware attack against Swiss technology company ABB. Multinational tech firm ABB hit by Black Basta ransomware attack (BleepingComputer) BlackBasta claims responsibility for Rheinmetall attack. Arms maker Rheinmetall confirms BlackBasta ransomware attack (BleepingComputer) Food and Agriculture Information Sharing and Analysis Center stands up. The food and agriculture industry gets a new center to share cybersecurity information (Washington Post) Control Loop Interview. The interview is with Gerry Glombicki of Fitch Ratings talking about cyber insurance and his opinions on industrial space. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Principal Adversary Hunter Kyle O'Meara and Dragos Principal Intelligence Technical Account Manager Michael Gardner to continue their discussion on threat hunting.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

Risky Business
Risky Business #707 -- Inside China's information lockdown with Chris Krebs

Risky Business

Play Episode Listen Later May 24, 2023 57:37


On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Germans charge FinFisher executives The got FBI busted misusing 702 data Special guest Chris Krebs talks China, new CISA mandates and more New research breaks Android fingerprint auth Much, much more This week's show is brought to you by Trail of Bits. Dan Guido is this week's sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Congress looks to expand CISA's role, adding responsibilities for satellites and open source software | CyberScoop Biden nominates Lt. Gen. Timothy Haugh for top position at NSA, Cyber Command Unsere Strafanzeige: Staatsanwaltschaft erhebt Anklage gegen FinFisher The Real Risks in Google's New .Zip and .Mov Domains | WIRED FBI misused controversial surveillance tool to investigate Jan. 6 protesters Suspicion stalks Genesis Market's competitors following FBI takedown Crimephones Are a Cop's Best Friend - by Tom Uren The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED Some Of Russia's Most Dangerous Cybercriminals Just Had Their Malware Dealer Unmasked Shifting tactics fuel surge in Business Email Compromise Treasury Department sanctions entities tied to North Korean IT scams, hacking | CyberScoop Chinese Labs Are Selling Fentanyl Ingredients for Millions in Crypto | WIRED Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption | WIRED Here's how long it takes new BrutePrint attack to unlock 10 different smartphones | Ars Technica It took 48 hours, but the mystery of the mass Asus router outage is solved | Ars Technica Popular Android TV boxes sold on Amazon are laced with malware | TechCrunch Teen hacker charged in scheme to siphon funds from sports betting accounts Researchers tie FIN7 cybercrime family to Clop ransomware German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack Dallas courts still closed 2 weeks post-ransomware attack | Cybersecurity Dive Health insurer says patients' information was stolen in ransomware attack Patients angered after Oklahoma allergy clinic blames cyberattack for shutdown UK steel industry supplier Vesuvius says ‘cyber incident' cost £3.5 million Researchers infiltrate Qilin ransomware group, finding lucrative affiliate payouts A different kind of ransomware demand: Donate to charity to get your data back | CyberScoop Joe Tidy on Twitter: "A bizarre one from Reading courts - an IT Security worker pleads guilty to piggy-backing off a cyber attack against his own firm. Liles switched the ransom payment details to his own Bitcoin wallet and changed the hacker's email to secretly apply pressured on bosses to pay up. https://t.co/Ze4yAJA6vM" / Twitter ChatGPT Scams Are Infiltrating Apple's App Store and Google Play | WIRED

Risky Business
Risky Business #707 -- Inside China's information lockdown with Chris Krebs

Risky Business

Play Episode Listen Later May 24, 2023


On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Germans charge FinFisher executives The got FBI busted misusing 702 data Special guest Chris Krebs talks China, new CISA mandates and more New research breaks Android fingerprint auth Much, much more This week's show is brought to you by Trail of Bits. Dan Guido is this week's sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Congress looks to expand CISA's role, adding responsibilities for satellites and open source software | CyberScoop Biden nominates Lt. Gen. Timothy Haugh for top position at NSA, Cyber Command Unsere Strafanzeige: Staatsanwaltschaft erhebt Anklage gegen FinFisher The Real Risks in Google's New .Zip and .Mov Domains | WIRED FBI misused controversial surveillance tool to investigate Jan. 6 protesters Suspicion stalks Genesis Market's competitors following FBI takedown Crimephones Are a Cop's Best Friend - by Tom Uren The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED Some Of Russia's Most Dangerous Cybercriminals Just Had Their Malware Dealer Unmasked Shifting tactics fuel surge in Business Email Compromise Treasury Department sanctions entities tied to North Korean IT scams, hacking | CyberScoop Chinese Labs Are Selling Fentanyl Ingredients for Millions in Crypto | WIRED Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption | WIRED Here's how long it takes new BrutePrint attack to unlock 10 different smartphones | Ars Technica It took 48 hours, but the mystery of the mass Asus router outage is solved | Ars Technica Popular Android TV boxes sold on Amazon are laced with malware | TechCrunch Teen hacker charged in scheme to siphon funds from sports betting accounts Researchers tie FIN7 cybercrime family to Clop ransomware German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack Dallas courts still closed 2 weeks post-ransomware attack | Cybersecurity Dive Health insurer says patients' information was stolen in ransomware attack Patients angered after Oklahoma allergy clinic blames cyberattack for shutdown UK steel industry supplier Vesuvius says ‘cyber incident' cost £3.5 million Researchers infiltrate Qilin ransomware group, finding lucrative affiliate payouts A different kind of ransomware demand: Donate to charity to get your data back | CyberScoop Joe Tidy on Twitter: "A bizarre one from Reading courts - an IT Security worker pleads guilty to piggy-backing off a cyber attack against his own firm. Liles switched the ransom payment details to his own Bitcoin wallet and changed the hacker's email to secretly apply pressured on bosses to pay up. https://t.co/Ze4yAJA6vM" / Twitter ChatGPT Scams Are Infiltrating Apple's App Store and Google Play | WIRED

The CyberWire
Ransomware, doxxing, and data breaches, oh my! State fronts and cyber offensives.

The CyberWire

Play Episode Listen Later May 15, 2023 32:14


Discord sees a third-party data breach. Black Basta conducts a ransomware attack against technology company ABB. Intrusion Truth returns to dox APT41. Anonymous Sudan looks like a Russian front operation. Attribution and motivation of "RedStinger" remain murky. CISA summarizes Russian cyber offensives. Remote code execution exploits Ruckus in the wild. Our guest is Dave Russell from Veeam with insights on data protection. Matt O'Neill from the US Secret Service on their efforts to thwart email compromise and romance scams. And espionage by way of YouTube comments. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/93 Selected reading. Discord discloses data breach after support agent got hacked (Bleeping Computer) Discord suffered a data after third-party support agent was hacked (Security Affairs) Multinational tech firm ABB hit by Black Basta ransomware attack (Bleeping Computer) Breaking: ABB confirms cyberattack; work underway to restore operations (ET CISO) Black Basta conducts ransomware attack against Swiss technology company ABB (The CyberWire) They dox Chinese hackers. Now, they're back. (Washington Post) What's Cracking at the Kerui Cracking Academy? (Intrusion Truth) Posing as Islamists, Russian Hackers Take Aim at Sweden (Bloomberg) Anonymous Sudan: Threat Intelligence Report (TrueSec) Uncovering RedStinger - Undetected APT cyber operations in Eastern Europe since 2020 (Malwarebytes) Russian ‘Red Stealer' cyberattacks target breakaway territories in Ukraine (Cybernews) Russia Cyber Threat Overview and Advisories (CISA) Known Exploited Vulnerabilities Catalog (CISA) CISA Adds Seven Known Exploited Vulnerabilities to Catalog (CISA) CISA warns of critical Ruckus bug used to infect Wi-Fi access points (Bleeping Computer) Security Bulletins (Ruckus) ROK union leaders charged with spying for North Korea in ‘movie-like' scheme (NK News)

Cyber and Technology with Mike
15 May 2023 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later May 15, 2023 9:52


In today's podcast we cover four crucial cyber and technology topics, including: 1.        Discord support ticket data exposed 2.        French transportation service eposes user data 3.        Black Basta impacts financial firm causes over 10 million pounds in damage 4.        ABB impacted by Black Basta  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Cyber and Technology with Mike
24 April 2023 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Apr 24, 2023 7:22


In today's podcast we cover four crucial cyber and technology topics, including: 1.        American Bar Association data breached 2.        Health insurer Point32Health impacted by ransomware 3.        Yellow Pages Canada has data leaked in ransomware attack 4.        Old discarded routers proven to aid compromise   I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

InfoSec Weekly Podcast
IT Governance Podcast 21.4.23: Capita, Chrome, LockBit for Macs and Alan Calder on cyber security

InfoSec Weekly Podcast

Play Episode Listen Later Apr 20, 2023 18:11


This week, we discuss the apparent sale of exfiltrated Capita data by the Black Basta ransomware group, a zero-day Google Chrome vulnerability and the development of a new LockBit ransomware variant targeting macOS, and Alan Calder analyses the new US National Cybersecurity Strategy and explains what all organisations should learn from it.

Breaking Badness
Special Report - Quadrant Security

Breaking Badness

Play Episode Listen Later Jan 25, 2023 60:10


This week on Breaking Badness is a Special Report episode. We learn about a re-emergence of the Black Basta ransomware group. We'll talk with Champ Clark III and Steven Drenning-Blalock of Quadrant Information Security to get all the details. Plus—we'll get their Gold, Guidance and Grievances.

PolySécure Podcast
Spécial - Autopsie d'une crise - Sobey's - Parce que... c'est l'épisode 0x245!

PolySécure Podcast

Play Episode Listen Later Jan 10, 2023 45:50


Parce que… c'est l'épisode 0x245! Préambule Shameless plug 1er et 2 Mars 2023 - SéQCure Formation Crise et résilience Ateliers et conférences (Auto évaluation) Formation PCA 2022 4 Guides pour survivre à une CyberCrise Formation PCA en ligne GDPR Enforcement Tracker - list of GDPR fines Notes Inside the turmoil at Sobeys-owned stores after ransomware attack Canadian food retail giant Sobeys hit by Black Basta ransomware Sobeys parent company Empire says cyberattack expected to cost $25M after insurance Collaborateurs Nicolas-Loïc Fortin Alexandre Fournier Jean-Luc Dumont Crédits Montage audio par Intrasecure inc Locaux virtuels par Riverside.fm

Cyber, cyber...
Cyber, Cyber… – 313 – Raport (15.12.2022 r.) – Uwaga na grupę Black Basta

Cyber, cyber...

Play Episode Listen Later Dec 15, 2022 17:14


Cyber, Cyber… Raport to specjalna edycja naszego podcastu. Od poniedziałku do piątku relacjonujemy dla Was najważniejsze wydarzenia z zakresu działań podejmowanych w cyberprzestrzeni. Dzisiejszy odcinek poprowadził Cyprian Gutkowski. Zapraszamy! Dzisiejsze tematy: Cybereason ostrzega przed atakami ransomware ze strony grupy Black Basta Google ogłasza narzędzie Vulnerability Scanner dla programistów Open Source Sztuczna inteligencja przyjrzy się odwiedzającym More

Cybercrime Magazine Podcast
Ransomware Roundup. Conti Affiliates Increase Attacks Against Europe. Spence Hutchinson, eSentire.

Cybercrime Magazine Podcast

Play Episode Listen Later Dec 14, 2022 16:51


In this episode, host Hillarie McClure is joined by Spence Hutchinson, Senior Threat Researcher with the Threat Intelligence team at eSentire. Together, they discuss findings from eSentire's recently published EMEA threat research report, “Notorious Russian Gang and Affiliates Increase Ransomware Attacks Against Europe,” the BlackByte and Black Basta ransomware groups, how they emerged, and more. Read the full report at https://esentire.com/resources/library/notorious-russian-gang-and-affiliates-increase-ransomware-attacks-against-europe. To learn more about our sponsor, eSentire, visit https://esentire.com.

Cyber Morning Call
Cyber Morning Call - #207 - 24/11/2022

Cyber Morning Call

Play Episode Listen Later Nov 24, 2022 3:46


[Referências do Episódio] - Professional Stealer - https://www.group-ib.com/media-center/press-releases/professional-stealers/ - Incidentes no servidor web Boa - https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/ - Campanha do Qakbot e Black Basta - https://www.cybereason.com/blog/threat-alert-aggressive-qakbot-campaign-and-the-black-basta-ransomware-group-targeting-u.s.-companies - Problema no Windows Remote Desktop- https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#connections-may-fail-when-using-remote-desktop-connection-brokers [Ficha técnica] Apresentação: Daniel Venzi Roteiro: Carlos Cabral e Daniel Venzi Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

Transatlantic Cable Podcast
Transatlantic Cable podcast, episode 276

Transatlantic Cable Podcast

Play Episode Listen Later Nov 18, 2022 36:13


  Episode 276 of the Transatlantic Cable kicks off with the US Department of Justice that revealed it seized $3.36bn (£2.9bn) of Bitcoin last year which was stolen from an infamous darknet website. Then, How Twitter users are using the platform's new Elon Musk era changes to impersonate official video game companies. Moving on, we look at the advanced threat predictions for 2023. And FTX investigating possible hack hours after bankruptcy filing! We wrap up with Canadian food retail giant Sobeys hit by Black Basta ransomware! If you liked what you heard, please consider subscribing.

Security Squawk
3 Ransomware Attacks this week- Austrailian Bank MediBank, Michigan counties close due to ransomware attack, Canadian food giant hit with ransomware- 42,000 sites used to trap users in brand impersonation scheme

Security Squawk

Play Episode Listen Later Nov 16, 2022 57:39


In this week's episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss an Austrailian bank, Medibank who faces possible class action after a devastating data breach that left millions of customers exposed. Who is allegdly behind this hack? Meanwhile, they continue to dive deeper into why Austrailia is considering banning the payment of ransoms to cybercriminals because of Medibank. Next, the crew talks about a Canadian food retail giant, Sobeys, who was hit by Black Basta ransomware. What should the grocery store have in place so their IT systems don't disrupt their operations again? Tune in. Meanwhile, the experts get into another ransomware attack that shut down two counties, Jackson and Hillsdale in Michigan because of a systems outage. What's going on here? Lastly, the cyber experts talk about 42,000 web domains that impersonate well-known brands to redirect users to sites promoting adware apps, dating sites, or 'free' giveaways. Like and share the show! Articles that were used: https://www.news.com.au/technology/online/hacking/medibank-faces-possible-class-action-after-hack-leaves-millions-of-customers-exposed/news-story/aa73c71740879c524b6dc01bfe268350 https://www.reuters.com/technology/australia-consider-banning-paying-ransoms-cyber-criminals-2022-11-12/ https://nbc25news.com/news/local/jackson-and-hillsdale-counties-close-due-to-ransomware-attack https://www.bleepingcomputer.com/news/security/canadian-food-retail-giant-sobeys-hit-by-black-basta-ransomware/ https://www.bleepingcomputer.com/news/security/42-000-sites-used-to-trap-users-in-brand-impersonation-scheme/

Risky Business
Risky Business #684 -- DoJ seizes 50,000 stolen bitcoins from popcorn tin

Risky Business

Play Episode Listen Later Nov 9, 2022 62:16


On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: DoJ seizes 50k bitcoin stolen from Silk Road, charges thief Australian health insurer Medibank refuses to pay ransom, data leaked Inside Qatar's $386m world cup espionage operation EU Parliament report into spyware lands SolarWinds settles shareholder lawsuit, faces SEC enforcement action Much, much more This week's sponsor guest is Andrew Morris from Greynoise Intelligence. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace - The Record by Recorded Future U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud | USAO-SDNY | Department of Justice Medibank says it will not pay ransom in hack that impacted 9.7 million customers - The Record by Recorded Future Names, addresses, birthdays posted to dark web by hackers after Medibank ransom deadline passes - ABC News ‘Project Merciless': how Qatar spied on the world of football in Switzerland - SWI swissinfo.ch How Qatar hacked the World Cup — The Bureau of Investigative Journalism (en-GB) FBI probing ex-CIA officer's spying for World Cup host Qatar - The Washington Post EU governments accused of using spyware ‘to cover up corruption and criminal activity' - The Record by Recorded Future Press conference on draft findings of EP spyware inquiry | News | European Parliament SolarWinds says it's facing SEC ‘enforcement action' over 2020 hack | TechCrunch Microsoft accuses China of abusing vulnerability disclosure requirements - The Record by Recorded Future 工业和信息化部国家互联网信息办公室公安部关于印发网络产品安全漏洞管理规定的通知-中共中央网络安全和信息化委员会办公室 Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup Could a ‘digital Red Cross emblem' protect hospitals from cyber warfare? - The Record by Recorded Future TrustCor Systems verifies web addresses, but its address is a UPS Store - The Washington Post Cyber incident at Boeing subsidiary causes flight planning disruptions - The Record by Recorded Future FIN7 cybercrime cartel tied to Black Basta ransomware operation: report - The Record by Recorded Future More than 100 election jurisdictions waiting on federal cyber help, sources say $28 million stolen from cryptocurrency platform Deribit - The Record by Recorded Future Nigerian scammer sentenced to 11 years in US prison - The Record by Recorded Future Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more - The Record by Recorded Future Urlscan.io API unwittingly leaks sensitive URLs, data | The Daily Swig The Most Vulnerable Place on the Internet | WIRED So long and thanks for all the bits - NCSC.GOV.UK

Risky Business
Risky Business #684 -- DoJ seizes 50,000 stolen bitcoins from popcorn tin

Risky Business

Play Episode Listen Later Nov 9, 2022


On this week's show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week's security news, including: DoJ seizes 50k bitcoin stolen from Silk Road, charges thief Australian health insurer Medibank refuses to pay ransom, data leaked Inside Qatar's $386m world cup espionage operation EU Parliament report into spyware lands SolarWinds settles shareholder lawsuit, faces SEC enforcement action Much, much more This week's sponsor guest is Andrew Morris from Greynoise Intelligence. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace - The Record by Recorded Future U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud | USAO-SDNY | Department of Justice Medibank says it will not pay ransom in hack that impacted 9.7 million customers - The Record by Recorded Future Names, addresses, birthdays posted to dark web by hackers after Medibank ransom deadline passes - ABC News ‘Project Merciless': how Qatar spied on the world of football in Switzerland - SWI swissinfo.ch How Qatar hacked the World Cup — The Bureau of Investigative Journalism (en-GB) FBI probing ex-CIA officer's spying for World Cup host Qatar - The Washington Post EU governments accused of using spyware ‘to cover up corruption and criminal activity' - The Record by Recorded Future Press conference on draft findings of EP spyware inquiry | News | European Parliament SolarWinds says it's facing SEC ‘enforcement action' over 2020 hack | TechCrunch Microsoft accuses China of abusing vulnerability disclosure requirements - The Record by Recorded Future 工业和信息化部国家互联网信息办公室公安部关于印发网络产品安全漏洞管理规定的通知-中共中央网络安全和信息化委员会办公室 Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup Could a ‘digital Red Cross emblem' protect hospitals from cyber warfare? - The Record by Recorded Future TrustCor Systems verifies web addresses, but its address is a UPS Store - The Washington Post Cyber incident at Boeing subsidiary causes flight planning disruptions - The Record by Recorded Future FIN7 cybercrime cartel tied to Black Basta ransomware operation: report - The Record by Recorded Future More than 100 election jurisdictions waiting on federal cyber help, sources say $28 million stolen from cryptocurrency platform Deribit - The Record by Recorded Future Nigerian scammer sentenced to 11 years in US prison - The Record by Recorded Future Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more - The Record by Recorded Future Urlscan.io API unwittingly leaks sensitive URLs, data | The Daily Swig The Most Vulnerable Place on the Internet | WIRED So long and thanks for all the bits - NCSC.GOV.UK

Decipher Security Podcast
Source Code 11/4

Decipher Security Podcast

Play Episode Listen Later Nov 4, 2022 5:12


Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources. This week's podcast looks at a new analysis linking Black Basta ransomware to FIN7 tools, the release of a new OpenSSL version addressing high-severity flaws and top findings about the adoption of authentication methods highlighted in the 2022 Duo Trusted Access report.

The CyberWire
“Static expressway” tactics in credential harvesting. Emotet is back. Black Basta linked to Fin7. RomCom hits Ukrainian targets and warms up against the Anglo-Saxons. Cyber cooperation?

The CyberWire

Play Episode Listen Later Nov 3, 2022 32:39


Leveraging Microsoft Dynamics 365 Customer Voice for credential harvesting. Emotet is back. Black Basta ransomware linked to Fin7. A Russophone gang increases activity against Ukrainian targets. Betsy Carmelite from Booz Allen Hamilton on adversary-informed defense. Our guest is Tom Gorup of Alert Logic with a view on cybersecurity from a combat veteran. And Russia regrets that old US lack of cooperation in cyberspace–things would be so much better if the Anglo-Saxons didn't think cyberspace was the property of the East India Company. Or something like that. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/212 Selected reading. Abusing Microsoft Customer Voice to Send Phishing Links (Avanan)  Emotet botnet starts blasting malware again after 5 month break (BleepingComputer)  Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor (SentinelOne)  RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom (BlackBerry)  Russia cyber director warns no U.S. cooperation risks "mutual destruction" (Newsweek)

Cyber Morning Call
Cyber Morning Call - #185 - 21/10/2022

Cyber Morning Call

Play Episode Listen Later Oct 21, 2022 5:14


[Referências do Episódio] - Gremlins' prey, secrets, and dirty tricks: the ransomware gang OldGremlin set new records - https://www.group-ib.com/media-center/press-releases/oldgremlin-2022/ - Damaged cable leaves Shetland cut off from mainland - https://www.bbc.com/news/uk-scotland-north-east-orkney-shetland-63326102 - European cable cut may impact transoceanic routes - https://trust.zscaler.com/zscloud.net/posts/12256 - Black Basta and the Unnoticed Delivery - https://research.checkpoint.com/2022/black-basta-and-the-unnoticed-delivery/ [Ficha técnica] Apresentação: Carlos Cabral Roteiro: Carlos Cabral e Daniel Venzi Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

Defending The Edge
017. We Didn't Start the Cyber Fire

Defending The Edge

Play Episode Listen Later Sep 29, 2022 81:45


Ransomware has become more advanced, we see troubling cyber threat trends in the wake of COVID-19, we discuss Black Basta with W/TH Secure, and we have a CEO and Director's round table discussion.  Special guest "Not Billy Joel."

Cyber and Technology with Mike
28 September 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Sep 28, 2022 11:58


In today's podcast we cover four crucial cyber and technology topics, including: 1.        Co-founder of Crypto fund wanted; millions in assets frozen 2.        Elbit Systems of America details June ransomware attack 3.        Lockbit ransomware builder stolen, used in new groups tool 4.        Meta shuts down large Russian disinformation network I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

The CyberWire
A Black Basta update. Okta talks Scatter Swine. Nobelium's MagicWeb. Wartime stress in the cyber underworld. LastPass security incident. CISA adds to its Known Exploited Vulnerabilities Catalog.

The CyberWire

Play Episode Listen Later Aug 26, 2022 27:29


Palo Alto describes the Black Basta ransomware-as-a-service operation. Okta on Scatter Swine, the threat actor that compromised Twilio. Microsoft describes Nobelium's new approach to establishing persistence. Russia's war against Ukraine has induced stresses in the cyber underworld. LastPass discloses a security incident. Josh Ray from Accenture on cyber crime and the cost-of-living crisis. Our own Dave Bittner sits down with Chris Handman from TerraTrue to discuss how he works to transform legal teams into advocates and collaborators that can ensure privacy is baked in every step of the way. And CISA adds ten entries to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/165 Selected reading. Threat Assessment: Black Basta Ransomware (Palo Alto Networks Unit 42) MagicWeb: NOBELIUM's post-compromise trick to authenticate as anyone (Microsoft Threat Intelligence Center) Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers (The Hacker News) Microsoft: Russian hackers gain powerful 'MagicWeb' authentication bypass (ZDNET) Detecting Scatter Swine: Insights into a relentless phishing campaign (Okta Security) Twilio hackers hit over 130 orgs in massive Okta phishing attack (BleepingComputer) Twilio says breach also compromised Authy two-factor app users (TechCrunch) How the war in Ukraine is reshaping the dark web (New Statesman) Notice of Recent Security Incident (The LastPass Blog) LastPass Says Source Code Stolen in Data Breach (SecurityWeek) LastPass developer systems hacked to steal source code (BleepingComputer)

Cyber Coast to Coast Podcast
Black Basta ransomware, GPS tracker security bugs, Russian hackers trick Ukranians

Cyber Coast to Coast Podcast

Play Episode Listen Later Jul 25, 2022 43:01


Scott and Craig discuss building materials giant Knauf hit by Black Basta ransomware gang, Unpatched GPS Tracker Bugs Could Let Attackers Disrupt Vehicles Remotely, Russian Hackers Tricked Ukrainians with Fake "DoS Android Apps to Target Russia” and Cyber Tip of the Week involving Crypto scams via PayPal. This episode is sponsored by www.DarkCryptonite.com https://www.bleepingcomputer.com/news/security/building-materials-giant-knauf-hit-by-black-basta-ransomware-gang/ https://thehackernews.com/2022/07/unpatched-gps-tracker-bugs-could-let.html https://thehackernews.com/2022/07/russian-hackers-tricked-ukrainians-with.html

Cyber Morning Call
Cyber Morning Call - #122 - 21/07/2022

Cyber Morning Call

Play Episode Listen Later Jul 21, 2022 4:54


[Referências do Episódio] - July 2022: Atlassian Security Advisories Overview - https://confluence.atlassian.com/security/july-2022-atlassian-security-advisories-overview-1142446703.html - LockBit: Ransomware Puts Servers in the Crosshairs - https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockbit-targets-servers - Luna and Black Basta — new ransomware for Windows, Linux and ESXi - https://securelist.com/luna-black-basta-ransomware/106950/ - Oracle Critical Patch Update Advisory - July 2022 - https://www.oracle.com/security-alerts/cpujul2022.html - Cisco Security Advisories - https://tools.cisco.com/security/center/publicationListing.x - Apple Patches Everything Day - https://isc.sans.edu/diary/Apple+Patches+Everything+Day/28862 [Ficha técnica] Apresentação: Carlos Cabral Roteiro: Carlos Cabral e Daniel Venzi Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

InfoSec Overnights - Daily Security News
Knauf Knocked Out, Rusty Luna, Magecart Skim, and more.

InfoSec Overnights - Daily Security News

Play Episode Listen Later Jul 20, 2022 3:03


A daily look at the relevant information security news from overnight - 20 July, 2022Episode 269 - 20 July 2022Knauf Knocked Out- https://www.bleepingcomputer.com/news/security/building-materials-giant-knauf-hit-by-black-basta-ransomware-gang/Rusty Luna - https://thehackernews.com/2022/07/new-rust-based-ransomware-family.htmlGPS Over-Tracking - https://www.zdnet.com/article/flaws-in-a-popular-gps-tracker-could-allow-hackers-to-track-or-stop-vehicles-say-security-researchers/Oracle Patchfest- https://www.securityweek.com/oracle-releases-349-new-security-patches-july-2022-cpu Magicart Skim - https://docs.google.com/document/d/1Kse6lMi7hJEg1wDnVS_ZEND2pZOEMT4a9We3erCPsXE/editHi, I'm Paul Torgersen. It's Wednesday July 20th, 2022, and from Victoria, this is a look at the information security news from overnight. From BleepingComputer.com:The Knauf Group, a large Germany based building materials company, has announced it has been the target of a cyberattack that has disrupted its business operations. Their global IT team has shut down all systems to isolate the incident. Knauf has not confirmed it is a ransomware attack, but the Black Basta group has claimed responsibility for the attack on their extortion site. So far they claim to have released about 20% of the information they stole, which indicates they are likely still hopeful to receive a ransom from the victim. From TheHackerNews.com:Researchers have disclosed a brand-new ransomware family written in Rust, that Kaspersky Labs has named Luna. The ransomware is fairly simple and appears to be in its early development. It is designed to be used by Russian speaking threat actors, and can run on Windows, Linux, and ESXi systems. From ZDNet.com:Critical security vulnerabilities in the MiCODUS MV720 vehicle GPS tracker could be used to remotely track, stop or even take control of vehicles in which it is installed. These devices are popular with large companies and government entities, with approximately 1.5 million of them currently in use in 169 countries. Researchers at BitSight, who found the flaws, say these devices should not be used until patches are available. No word from MiCODUS on when that might be. From SecurityWeek.com:Oracle's quarterly Critical Patch Update has a total of 349 new security patches, including 230 for vulnerabilities that can be exploited by remote, unauthenticated attackers. 64 of the vulnerabilities are rated critical, with four of those scoring a ten out of ten. Financial Services Applications received the largest number of fixes, followed by Oracle Communications, then Fusion Middleware. Get your patch on kids. And last today, from ThreatPost.com:A Magecart campaign has been skimming payment-card credentials from customers using three online restaurant-ordering systems. The attack has affected over 300 restaurants and compromised at least 50,000 cards so far, which have already been offered up for sale on the dark web. The platforms impacted are MenuDrive, Harbortouch, and InTouchPOS. That's all for me today. Have a great rest of your day. Like and subscribe, and until next tomorrow, be safe out there.

Cyber and Technology with Mike
20 July 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Jul 20, 2022 10:31


In today's podcast we cover four crucial cyber and technology topics, including: 1.GPS manufacturer fails to fix six critical flaws in device 2.Gang 8220 abusing cloud services to grow crypto mining botnet 3.German firm Knauf victim of Black Basta Ransomware gang 4.Google, Oracle services in UK disrupted due to heat I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

CiberAfterWork: ciberseguridad en Capital Radio
Episodio 178. Las mujeres y el emprendimiento en Ciberseguridad

CiberAfterWork: ciberseguridad en Capital Radio

Play Episode Listen Later Jun 17, 2022 51:13


En este programa hablamos con Daniela Kominsky, miembro de la Junta directiva de Women4Cyber y con Nazareth Rodrigáñez del área de Alianzas Estratégicas de Tetuan Valley Con Daniela y Nazareth pudimos hablar de una iniciativa muy interesante en la que Woman4Cyber y Tetuan Valley han unido esfuerzos. Esta iniciativa es fomentar el emprendimiento de las mujeres en el mundo de la ciberseguridad. Es un hecho que en las áreas STEM la participación de las mujeres no es algo mayoritario y sin la diversidad de pensamiento y puntos de vista que aportan las mujeres, el mundo STEM y en concreto el mundo Ciber pierde un importante valor. En nuestro apartado de noticias hablamos de varias noticias importantes que han ocurrido en esta semana. Por un lado parece que el buscador duckduckgo tiene alguna fisura en su privacidad, esto es importante ya que su principal eslogan es que no utilizan los datos que generan los usuarios en su uso. Hablamos de dos vulnerabilidades importantes, una encontrada en la popular aplicación Zoom y otra en un elemento quizás mas desconocido para el publico en general como es el gestor de arranque U-Boot. Por último nos hacemos eco de un caso en el que el grupo “Black Basta” ha sido capaz de cifrar los ficheros de un servidor ESXi de VMWare, paralizando así el uso de las máquinas virtuales que contenía A lo largo de la entrevista con Daniela y con Nazareth estuvimos conversando sobre los distintos elementos que favorecen o perjudican el emprendimiento en general, pero también sobre las causas especificas que afectan más a las mujeres que en ocasiones no encuentran referentes en el mundo Cyber otras veces las obligaciones familiares les impiden afrontar los retos que supone el emprendimiento. También hablamos sobre algunas circunstancias que pueden hacer más fácil emprender en otras partes del mundo. Pero sobre todo nos centramos en la iniciativa que tanto Women4Cyber como Tetuan Valley han lanzado y que gracias a la Startup School estan ayudando a emprendedores con sus proyectos y el día 30 de Junio podremos ver todo el trabajo que llevan haciendo desde finales de Mayo en el DemoDay al que os invitamos a apuntaros. Twitter: @ciberafterwork Instagram @ciberafterwork +info: https://psaneme.com/ https://bitlifemedia.com/ Noticias: https://unaaldia.hispasec.com/2022/06/duckduckgo-no-es-tan-privado-como-piensas.html https://unaaldia.hispasec.com/2022/06/ejecucion-de-codigo-remoto-en-zoom-sin-que-el-usuario-llegue-a-interactuar.html https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/ https://securityaffairs.co/wordpress/132037/hacking/black-basta-ransomware-vmware-esxi.html?web_view=true Píldora SASE: https://www.netskope.com/ Women4Cyber: https://www.women4cyberspain.es/ https://www.eventbrite.es/e/entradas-w4c-startup-school-demo-day-335242067047 Tetuan Valley: https://www.tetuanvalley.com/

The Cyber Threat Perspective
June 10th 2022 CTP Week in Review: Dogwalk - Qakbot - Follina - ESXi Ransomware

The Cyber Threat Perspective

Play Episode Listen Later Jun 10, 2022 23:15


In this week's review:A DFIR Report with no Ransomware and no Cobalt StrikePath Traversal & MOTW Bypass - DIAGCAB Windows Zero-day aka "Dogwalk"Linux version of Black Basta ransomware targets VMware ESXi serversTA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com

InfoSec Overnights - Daily Security News
Linux Symbiote, Black Basta hearts Qbot, China hacking telecoms, and more.

InfoSec Overnights - Daily Security News

Play Episode Listen Later Jun 9, 2022 2:41


A daily look at the relevant information security news from overnight - 09 June, 2022Episode 241 - 09 June 2022Linux Symbiote- https://www.zdnet.com/article/this-new-linux-malware-is-almost-impossible-to-detect/Black Basta hearts Qbot - https://threatpost.com/black-basta-ransomware-qbot/179909/Emotet gets Chromed- https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-credit-cards-from-google-chrome-users/Cuba upgrade - https://www.bleepingcomputer.com/news/security/cuba-ransomware-returns-to-extorting-victims-with-updated-encryptor/China hacking telecoms - https://www.securityweek.com/us-details-chinese-attacks-against-telecoms-providersHi, I'm Paul Torgersen. It's Thursday June 9th, 2022, and from Chicago, this is a look at the information security news from overnight. From ZDNet.comA joint research effort has discovered a new form of Linux malware they've called Symbiote that is almost impossible to detect. Instead of attempting to compromise running processes, Symbiote instead acts as a shared object library that is loaded on all running processes via LD_PRELOAD. It appears to have been developed to target financial institutions in Latin America, although that is not definitive. Details and a link to the research blog post in the article. From ThreatPost.com:Here's a mashup I never wanted to hear: Black Basta is now leveraging the Qbot network to spread its ransomware and move laterally through the infected networks. You can link to the NCC Group research for all the nasty details in the article. From BleepingComputer.com:The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. In an odd twist, once card details are collected they were exfiltrated to a different C2 server than the module loader. Details in the article. Also from BleepingComputer.com:The Cuba ransomware group has returned to regular operations with a new and improved version of its malware. Cuba ransomware's activity reached a peak last year when it partnered with the Hancitor malware gang for initial access, breaching 49 US organizations. This year has seen much lower activity from them, but that appears to be changing with the upgrade to the malware. And last today, from SecurityWeek.comThe NSA, CISA and FBI have issued a joint cybersecurity advisory warning of China-linked threat actors compromising telecom companies and network services providers. The advisory details some of the techniques and tactics the APTs use, as well as specify many of the vulnerabilities they have been targeting. See the article for details and a link to that advisory. That's all for me today. Have a great rest of your day. Like and subscribe. Tell a friend. And until tomorrow, be safe out there.

Cyber and Technology with Mike
08 June 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Jun 8, 2022 9:13


In today's podcast we cover four crucial cyber and technology topics, including: 1.Lockbit slams Mandiant, denying link to EvilCorp 2.Qbot now abusing Follina to target Windows product users 3.Black Basta updates ability to target Vmware on Linux 4.FBI shutdown SSNDOB illegal marketplace with aid from Cyprus I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Cyber and Technology with Mike
07 June 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Jun 7, 2022 8:33


In today's podcast we cover four crucial cyber and technology topics, including: 1.Researcher discloses potential Word Press flaw 2.Italian municipality shuts down networks amidst cyber attack 3.Qbot operators partner with Black Basta ransomware 4.LockBit claims attack against Mandiant, Mandiant investigating I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Cyber Morning Call
Cyber Morning Call - #92 - 07/06/2022

Cyber Morning Call

Play Episode Listen Later Jun 7, 2022 4:05


[Referências do Episódio] - Rússia eleva o tom com os Estados Unidos - https://mid.ru/ru/foreign_policy/news/1816353/ - Black Basta - https://research.nccgroup.com/2022/06/06/shining-the-light-on-black-basta/ - Suposto ataque do Lockbit contra a Mandiant - https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/ - Vulnerabilidades em firewalls Zyxel - https://security.humanativaspa.it/multiple-vulnerabilities-in-zyxel-zysh/ - SVCReady - https://threatresearch.ext.hp.com/svcready-a-new-loader-reveals-itself/ [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

Security Squawk
Two Universities Hit with Cyber Attack- Yuma Regional Medical Center Coming Back Slowly- Black Basta linked to the Conti Group

Security Squawk

Play Episode Listen Later May 4, 2022 43:35


In this weeks episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss two universities that are dealing with a cyberattack, Austin Peay State University and Kellog Community College. The team talks about how these were announced and what happened with both? Moving along, the crew goes over Yuma Regional Medical Center's computer systems that are slowly returning after an attempted cyberattack. Then, the experts go over the new Black Basta ransomware that possibly linked to the Conti Group and what is going on there? Lastly, the cyber experts go over Blume Global whose platform went down after a 'cyber incident' and how they are trying to come back on?

Cyber Security with Bob G
Breaking Security News Flash - Black Basta -Ransomware Gang

Cyber Security with Bob G

Play Episode Listen Later Apr 30, 2022 2:07


New or maybe just re-branded. They steal and encrypt your data. If you don't pay, they leak your data. See BleepingComputer for the full story. https://bit.ly/3s3ZIvP --- Support this podcast: https://anchor.fm/norbert-gostischa/support

InfoSec Overnights - Daily Security News
Bumblebee sting, Russian attacks, Black Basta rises, and more.

InfoSec Overnights - Daily Security News

Play Episode Listen Later Apr 28, 2022 2:29


A daily look at the relevant information security news from overnight.Episode 228 - 28 April 2022Bumblebee sting - https://www.bleepingcomputer.com/news/security/new-bumblebee-malware-takes-over-bazarloaders-ransomware-delivery/Russian attacks - https://www.zdnet.com/article/microsoft-russia-has-launched-hundreds-of-cyberattacks-against-ukraine/QNAP snap - https://www.bleepingcomputer.com/news/security/qnap-warns-users-to-disable-afp-until-it-fixes-critical-bugs/GitHUb flub - https://threatpost.com/github-repos-stolen-oauth-tokens/179427/Journalists phished -https://threatpost.com/hackers-target-journalists-goldbackdoor/179389/Black Basta rises- https://www.bleepingcomputer.com/news/security/new-black-basta-ransomware-springs-into-action-with-a-dozen-breaches/

Cyber and Technology with Mike
27 April 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Apr 27, 2022 8:49


In today's podcast we cover four crucial cyber and technology topics, including: 1.Microsoft finds 2 flaws in Linux that could lead to take-over 2.Aroepost asks customers to delete payment data following hack 3.ADA suffers attack, Black Basta takes credit posts alleged leaked data 4.U.S. overs ten Million USD for information on 6 SandWorm hackers