Podcasts about blackenergy

In today's podcast we cover four crucial cyber and technology topics, including: 1. Nefilim ransomware operators leak victim data after apparent failure to pay 2. U.S. charges Russian GRU members with cyber crimes dating back to 20153. Google Waze vulnerability may have allowed tracking of individuals 4. Cryptocurrency mixing service found charged by U.S. treasury for money laundering I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com

L'artiste dans sa dimension et son rituel, est-ce naturel?

The evening before Christmas Eve in 2015 saw a widespread blackout of the power grid across the Ukraine. We look at how a cyber-attack on electric utility companies in Europe, changed how cyber-security is regarded in control systems, forever. Links of potential interest: December 2015 Ukraine Power Grid Cyber-attack Analysis of the Cyber Attack on the Ukrainian Power Grid [PDF] Ukraine Report: When The Lights Went Out [PDF] Inside the Cunning, Unprecedented Hack of Ukraine’s Power Grid Cyber-Attack Against Ukrainian Critical Infrastructure Everything We Know About Ukraine’s Power Plant Hack BlackEnergy BlackEnergy, Grid-Disrupting Malware, Has a Successor, Researchers Warn Scary Questions in Ukraine Energy Grid Hack Ukraine Cyber Induced Power Outage: Analysis And Practical Mitigation Strategies [PDF] New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction Industroyer: An in-depth Look At The Culprit Behind Ukraine’s Power Grid Blackout Ukrainian Power Grids Cyber-attack Russian Translation: Obelnergo Message to Consumers MOXA UC-7408-LX Plus MOXA UC-7408-LX Plus Firmware Overwrite Vulnerability iRZ RUH2 IRZ RUH2 3G Firmware Overwrite Vulnerability NCCIC: Ukrainian Power Attack US Wants To Isolate Power Grids With ‘Retro’ Technology To Limit Cyber-attacks LinkedIn Is A Hacker’s Dream Tool   Support Causality on Patreon Episode Silver Producers: Carsten Hansen, John Whitlow, Joseph Antonio and Kevin Koch. Episode Gold Producer: 'r'.

In today's podcast, we hear about election security, and two ways of hacking the vote. DHS points out that the states are getting better about sharing election security information. ISIS sets the template for terrorist information operations. BlackEnergy is back, in Poland and Ukraine, with new, "GreyEnergy" malware. Diplomatic targets prospected in Central Asia. North Carolina, recovering from hurricane damage, also faces some ransomware. Silicon Valley governance receives scrutiny. Craig Williams from CISCO Talos on dealing with FUD. New York Times writer Kim Zetter on election security. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_17.html Support our show

In today's podcast, we hear that Iran's OilRig cyberespionage campaign seems to employing Russian hoods, and BlackEnergy. WannaCry recovery continues, but there may be worse to come. Still talking funny, the ShadowBrokers say you'll be able to subscribe to an Equation Group leak service next month. The US Senate considers putting the Vulnerability Equities Process on a legal foundation. NIST issues draft guidance on cyber Executive Order implementation. Level 3 Communications' Dale Drew predicts there's more ransomware in our futures. Mandeep Khera from Arxan Technologies outines vulnerabilities in mobile apps. And political parties in Western Europe still stink at email security, for all their worries about Fancy Bear.

In today's podcast, in addition to notes from RSA, we hear some fresh accusations of Russian government hacking from Ukraine. Threat actors adapt. ASLR bypass exploit demonstrated. Yahoo!'s acquisition by Verizon appears likely to be deeply discounted. From RSA, notes on coming industry consolidation. Dale Drew from Level 3 Communications offers a strategy for choosing security vendors. James Lyne from Sophos provides his take of the RSA conference from the show floor. An update on the Popr-D3 Android malware. How they name the bears.

Daily: RSA wraps up. Naikon disappears, BlackEnergy is scrutinized, and mobile threats get sophisticated.

Intro / Outro Alex - Drive http://dig.ccmixter.org/files/AlexBeroza/43098 0:01:54 Чтобы превратить iPhone в "кирпич", достаточно сменить системную дату на 1 января 1970 года - ITC.ua http://goo.gl/TblQCe 0:04:23 There's a lot of vulnerable OS X applications out there. https://goo.gl/OLWEiy VLC unsigned updates over http https://goo.gl/OIevQP 0:09:09 Fake Flash Player Update Infects Macs with Scareware https://goo.gl/5uhPXG 0:10:09 Nexus Security Bulletin - February 2016 http://goo.gl/lDS1ZV Google fixes multiple Wi-Fi flaws, mediaserver bugs in Android http://goo.gl/zESjhg Google plugs Android vulns http://goo.gl/eX6Lbm 0:10:47 Google calls out Comodo's Chromodo Chrome-knockoff as insecure crapware http://goo.gl/OrTlUv 0:12:02 Every version of Windows hit by 'critical' security vulnerability http://goo.gl/gYVDPY 0:12:52 Опубликованы новые подробности о том, как троян BlackEnergy атакует Украину https://goo.gl/5GbPmR Міненерговугілля має намір утворити групу за участю представників усіх енергетичних компаній, що входять до сфери управління Міністерства, для вивчення можливостей щодо запобігання несанкціонованому втручанню в роботу енергомереж http://goo.gl/FRXKUd 0:18:47 Hackers mirror 250GB of NASA files on the web http://goo.gl/2RXmr4 OpNasaDrones Zine #Anonsec http://pastebin.com/pm1WLXQj 0:24:12 Privilege Escalation + Remote Code Execution in Apache Jetspeed 2.2.0 - 2.3.0 https://vimeo.com/154475767 Default settings in Apache may decloak Tor hidden services http://goo.gl/hlaHrJ 0:26:02 Brit spies want rights to wiretap and snoop on US companies' servers http://goo.gl/VZC7Ve 0:26:52 Smart toys spring dumb vulns. Again. This time: Cuddly bears, watches http://goo.gl/y3w72D Hacked Toy Company VTech’s TOS Now Says It’s Not Liable for Hacks http://goo.gl/XVTPk9 0:30:30 Big Question: What does the Julian Assange case have to do with human rights? http://goo.gl/QWO1mk The Working Group on Arbitrary Detention Deems the deprivation of liberty of Mr. Julian Assange as arbitrary http://goo.gl/ptB4eH 0:31:08 New Safe Harbor Data “Deal” May Be More Politicking Than Surveillance Reform https://goo.gl/y8s2OS Safe Harbor ripped and replaced with Privacy Shield in last-minute US-Europe deal http://goo.gl/wf8uEr 0:32:27 OpenSSL fixes bug, gets dissed by German gov: That's so random ... not http://goo.gl/EYiOtp OpenSSL study https://goo.gl/yf08LN 0:34:41 White House seeks its first ever chief information security officer http://goo.gl/5uRDdL 0:35:39 Safeway Self-Checkout Skimmer Close Up http://goo.gl/zBUZaJ 0:36:39 Взломать PayPal за 73 секунды https://habrahabr.ru/company/pt/blog/276459/ 0:37:46 AST-2016-001: BEAST vulnerability in HTTP server http://seclists.org/fulldisclosure/2016/Feb/9 0:38:44 For Cyberattackers, Time Is The Enemy http://goo.gl/DFrKim 0:39:29 Mysterious spike in WordPress hacks silently delivers ransomware to visitors http://goo.gl/jvKRO9 0:40:13 KeePassLogger - KeePass Two-Channel Auto-Type Obfuscation Bypass http://goo.gl/KGgQQq 0:40:48 Samsung warns customers not to discuss personal information in front of smart TVs http://goo.gl/AcCP7g 0:41:21 Twitter Says There’s No “Magical Algorithm” to Find Terrorists https://goo.gl/u6FDhg Combating Violent Extremism | Twitter Blogs https://goo.gl/SdFZHO 0:42:06 Malware Museum! https://archive.org/details/malwaremuseum Roll up, roll up to the Malware Museum! Run classic DOS viruses in your web browser http://goo.gl/sVkJSN  О сколько нам открытий чудных готовит Office Microsoft https://habrahabr.ru/post/264313/ Видео-запись эпизода на нашем канале https://www.youtube.com/channel/UCGYHYOm_J3zpyE5jCNzAHJg

In December 2015, a power outage in the Ukraine left over 700,000 citizens without electricity. Security researchers confirmed that the outage was caused by BlackEnergy malware and there’s been a lot of speculation that Russia was behind the cyber attack. What lessons can U.S. critical infrastructure providers learn from these attacks? Listen to our latest Security […]… Read More The post Security Slice: BlackEnergy Blackouts appeared first on The State of Security.

Intro / Outro BRUTTO - Просперо (Piano Cover) https://www.youtube.com/watch?v=NwsISaGo_PU 00:03:31 Интервью с Виктором Жорой об атаке на объекты электроэнергетики УкраиныПричиною вчорашнього знеструмлення половини Івано-Франківщини була хакерська атака http://goo.gl/yxFlrD СБУ попередила спробу російських спецслужб вивести з ладу об'єкти енергетики України http://goo.gl/px5umB First known hacker-caused power outage signals troubling escalation http://goo.gl/KxqQsf Хакери погрожують українським енергомережам. За кібератакою на обленерго читається російський почерк http://goo.gl/PG3Gxk США підозрюють Росію у причетності до кібератак на електромережі України http://goo.gl/GPtka5 Malware 'clearly' behind Ukraine power outage, SANS utility expert says http://goo.gl/s4DGoc iSIGHT Partners: Sandworm Team and the Ukrainian Power Authority Attacks http://www.isightpartners.com/?p=5305 Троян BlackEnergy используется в кибератаках на СМИ и промышленные объекты Украины http://goo.gl/bUKvOG BlackEnergy Disrupt Matrix - SOC Prime https://goo.gl/rIJuD XPotential Sample of Malware from the Ukrainian Cyber Attack Uncovered https://goo.gl/KAuM5i BlackEnergy .XLS Dropper http://bit.ly/1JQV1fa Штаб: У "Борисполі" попередили ймовірну хакерську атаку з боку РФ http://goo.gl/TZUvVG Special Publication 800-82 Guide to Industrial Control Systems (ICS) Security (pdf) http://goo.gl/cv4mzk Cyber war in perspective (pdf) https://goo.gl/RjPuqU 00:58:41 Казусы наших 1с01:01:15 Герб мининформполитики http://goo.gl/R9ETMK 01:02:02 Суд дозволив прокуратурі обшукати український офіс Google http://goo.gl/9E83F2 01:04:04 SSH Backdoor for FortiGate OS Version 4.x up to 5.0.7 http://goo.gl/o7UiyH Someone Just Leaked Hard-Coded Password Backdoor for Fortinet Firewalls http://goo.gl/p17WSL Fortinet says backdoor found in FortiOS is "a management authentication issue" http://goo.gl/b0m1tU 01:07:03 Facebook spars with researcher who says he found “Instagram’s Million Dollar Bug” https://goo.gl/SfUpSB 01:08:43 iOS 9.3 brings multi-user mode to iPads, along with more features and fixes http://goo.gl/Gjl9bl 01:11:10 How Nvidia breaks Chrome Incognito https://goo.gl/fZRwuQ Nvidia: Chrome 'Incognito' Porn Leakage Is on Apple, Not Us http://goo.gl/g3dk0Q 01:14:11 Roaming through the OpenSSH client: CVE-2016-0777 and CVE-2016-0778 https://goo.gl/Mbd8eY Evil OpenSSH servers can steal your private login keys to other systems – patch now http://goo.gl/GUaBfa How To Fix OpenSSH's Client Bug CVE-0216-0777 and CVE-0216-0778 by Disabling UseRoaming https://goo.gl/pkVRra 01:15:29 Microsoft Gives Details About Its Controversial Disk Encryption https://goo.gl/bTCfJr 01:17:21 Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key https://goo.gl/Rikium 01:18:11 Microsoft ends support for Windows 8, IE8 through 10: What does this mean for you? http://goo.gl/tLKJiM 01:18:40 The Tor Project Is Starting a Bug Bounty Program http://goo.gl/FKaraF 01:18:55 Linode: back at last after ten days of hell http://goo.gl/0pCRSF Linode Blog » Security Notification and Linode Manager Password Reset https://goo.gl/A2ee0q 01:19:21 Cisco admins gear up for a late night – hardcoded password in wireless points nuked http://goo.gl/W8XfvK 01:19:29 Про ДДоС говнокод.ру через JS в посте на хабре https://goo.gl/QNxvWG 01:21:21 TrendMicro node.js HTTP server listening on localhost can execute commands https://goo.gl/u8yMDh 01:23:37 Debug code cracked case in hunt for mystery Silverlight zero day http://goo.gl/oW4B5d 01:24:44 Software bug granted early release to more than 3,200 US prisoners http://goo.gl/1ke6sV 01:25:32 Massive bug at online gaming platform exposes users' sensitive data http://goo.gl/YS7Ja0 01:26:19 Turkish carder scores record 332-year jail term http://goo.gl/7gGxpe     01:26:50 Vulnerability allows to permanently delete any skype account by support request http://goo.gl/fbF6y1 01:29:28 French say 'Non, merci' to encryption backdoors http://goo.gl/W4mh04 01:30:13 Database leak exposes 3.3 million Hello Kitty fans http://goo.gl/10lH0a 01:30:23 250 Hyatt hotels hacked via PoS malware http://goo.gl/Vobx0i 01:30:42 Trustwave failed to spot casino hackers right under its nose – lawsuit http://goo.gl/4CpA7i 01:31:51 Stranger talks to a kid through this hacked baby monitor http://goo.gl/KK9Xey 01:32:38 Holiday hack challenge https://holidayhackchallenge.com/ Security weekly #444 http://goo.gl/PdY9C3 01:41:07 drduh/OS-X-Security-and-Privacy-Guide https://goo.gl/TihhlC

Restrictions: This media asset is free for editorial broadcast, print, online and radio use. It is restricted for use for other purposes. This video includes ITN Source copyrighted library material purchased by NATO which cannot be used as part of a new production without consent of the copyright holder. Please contact http://www.itnsource.com/en/contactus to clear this material. Story Synopsis: Four fatal flaws? Ukraine's key challenges today are more than the war fought in its east. How do you fight against an attack that can’t be traced definitively to a person or even a nation? NATO experts, Ukrainian politicians and journalists talk about how to defend Ukraine from hackers, who target key infrastructure like nuclear and chemical plants and have even tried to derail the Presidential elections. About the four-part series Ukraine: The Unseen Attacks Fighting in the east has come to characterize Ukraine. But Ukraine’s struggle for survival and self-determination, free of corrupt governments and Russian influence is fought on many other fronts. From cyber defence to internal defence, fixing its forces to telling the truth – Ukraine faces challenges that may determine its very survival. Full script =VOICEOVER = Fighting in the east has come to characterize Ukraine. But Ukraine’s struggle for survival and self-determination, free of corrupt governments and Russian influence is fought on many other fronts. In this program, we’ll look at four distinct challenges Ukraine faces in addition to fighting on its borders. From cyber defense to internal defense, fixing its forces to telling the truth – Ukraine faces challenges that may determine its very survival. =GRAPHIC= UKRAINE – THE UNSEEN ATTACKS =GRAPHIC= CYBER ATTACK =VOICEOVER= The day before the Ukrainian Presidential election results were announced, a hacker group calling themselves Cyber Berkut infiltrated Ukraine’s central election computer systems. According to Ukraine officials, if the malicious software they installed had not been discovered and removed, it would have portrayed that ultra-nationalist Right Sector leader Dmytro Yarosh had won with 37 per cent of the vote instead of the one percent he actually received. Moderate Petro Poroshenko, the actual winner with a majority of the vote, would have been placed in second with 29 percent. Cyber Berkut’s aim? To feed into the Russian myth that Ukraine had fallen to a fascist coup. That evening Russian Channel One aired a bulletin declaring Mr Yarosh the winner, quoting these exact percentages. But cyber attacks can be more sinister than pushing Russian propaganda. BlackEnergy is a well-known cyber-crime toolkit that’s been in use since 2007, but over the summer of 2014, as tensions rose between Russia and Ukraine, a new version of the malware was detected being used by a mysterious group of hackers targeting Ukrainian government officials to harvest information. =SOUNDBITE IN ENGLISH= Tekin Kabasakal, Turkish Army, NATO Cyber Security Advisor to Ukraine “It’s not easy to define the main source of cyber attacks, but when we think about the results and the aim of the attacks, we can guess that these are caused by Russians.” =VOICEOVER= The Black Energy hackers targeted government infrastructure like the Ukrainian Railway, creating proxy servers at key locations to divert traffic, which could have resulted in commuter deaths. =SOUNDBITE IN RUSSIAN= Serhiy Kandaurov, cyber defence expert, Director-General of Institute of International Research. “Ukraine has a lot of serious and dangerous facilities in the chemical, nuclear sectors and also gas pipelines. Any debilitation of these facilities could lead to very serious ecological consequences for Ukraine and for Europe.” =VOICEOVER= The pattern of these attacks follows political events with chilling predictability. For example, a day after the recent announcement of an IMF loan to Ukraine, Ukrainian banks were attacked. For Russian myth busting site Stop Fake, attacks not only follow a pattern, hackers and their junior cousins, trolls, become familiar faces. =SOUNBITE IN UKRAINIAN= Mykhailo Koltsov, Stop Fake webmaster “The more popular the post, the more acute it is, especially after we published evidence of Russian forces in Ukraine, we noticed. After that we got a DDoS (denial of service) attack. They don’t even try to hide behind proxy servers, they come straight from Russia – Moscow, St. Petersburg and Novosibirsk. We have some old faces, as we call them and they can be recognized by their mistakes. They can change their IP address, but the grammar gives them away.” =VOICEOVER= While cyber defence experts can usually tell whether attacks are so called “patriotic hacking”, by lone actors or organized cyber-crime by large institutions, the answer remains the same. Vigilant and coordinated cyber defense. Ukraine doesn’t lack in expertise, but years of neglect and corruption in government institutions have led to a significant brain drain. =SOUNDBITE IN ENGLISH= Tekin Kabasakal, Turkish Army, NATO Cyber Security Advisor to Ukraine “They have enough cyber security experts, for me I think, but they’re currently working in the private sector, because he earns much money in that. This is the main problem Ukrainian government and Ukrainian institutions faces.” =VOICEOVER= NATO has promised money for developing Ukraine’s cyber defense capabilities. It’s a project led by Allied countries Romania and Hungary and helped by Estonia, a Baltic country who had their own massive cyber attack in 2007, that most believe originated in Russia. Eight years later Allied countries like Estonia are well-placed to help Ukraine with a tactic they and other nearby countries find so familiar. ==SOUNDBITE IN RUSSIAN== Serhiy Kandaurov, cyber defense expert, Director-General of Institute of International Research. “Ukrainian politicians and experts in the field of cyber defense thought we could find some middle ground, between the western position and the eastern position, which is represented by Russia. But the latest historical events happening here, they confirm very precisely that we don’t have any choice. We have to use the existing experience of the United States and NATO countries to protect critical infrastructure.” This version includes voiceover and graphics.