Podcasts about botnets

In this episode of Cybersecurity Today, host David Shipley delves into alarming developments in the cybersecurity landscape. The FBI has flagged a massive malware campaign named Bad Box 2.0, which has compromised 1 million consumer devices globally, turning them into residential proxies. Additionally, a new variant of the Mirai malware is targeting DVR devices via a critical vulnerability. Meanwhile, criminals are shifting their operations from bulletproof hosts to harder-to-trace VPNs and residential proxy networks. The episode also covers urgent calls for post-quantum cryptography readiness amidst looming quantum computing threats, alongside a significant policy shift in the US. President Trump has signed an executive order dismantling former President Biden's extensive cybersecurity initiatives, including efforts focused on AI and quantum cryptography. These regulatory rollbacks emphasize minimal federal oversight and leave long-term digital defense strategies in question. 00:00 Introduction and Major Headlines 00:32 FBI Warns About Bad Box 2.0 Botnet 02:47 DVR Botnet Threats and Exploits 03:59 Shift in Cybercriminal Tactics 05:33 Quantum Computing and Encryption Concerns 07:08 Trump's Cybersecurity Policy Overhaul 11:36 Conclusion and Final Thoughts

Presidential cyber executive order signed Neuberger warns of U.S. infrastructure's cyberattack weakness Mirai botnet infects TBK DVR devices Huge thanks to our sponsor, Vanta Is your manual GRC program slowing you down? There's something more efficient than spreadsheets, screenshots, and manual processes — Vanta. With Vanta, GRC can be so. much. easier—while also strengthening your security posture and driving revenue for your business. Vanta automates key areas of your GRC program—including compliance, risk, and customer trust—and streamlines the way you manage information. The impact is real: A recent IDC analysis found that compliance teams using Vanta are one hundred and twenty nine percent more productive. Get back time to focus on strengthening security and scaling your business. Get started at  Vanta.com/headlines. Find the stories behind the headlines at CISOseries.com.

Forecast = Mostly cloudy with a chance of rogue SSH access—keep your patches up to avoid a phishy forecast! Welcome to Storm⚡️Watch, where we unpack the latest in cybersecurity threats, research, and the tools that keep the digital world safe. In this episode, we invite GreyNoise Security Architect and researcher Matthew Remacle (a.k.a., Remy) to kick things off with a deep dive into a fascinating and highly sophisticated botnet campaign targeting ASUS routers—a story that starts with a little help from machine learning and ends with some hard lessons for defenders everywhere. GreyNoise researchers spotted this campaign using SIFT, their AI-powered network traffic analyzer, which sifted through more than 23 billion network entries and managed to flag just 30 suspicious payloads targeting ASUS routers. What made this botnet stand out was its surgical precision and stealth—far from the usual noisy, attention-grabbing attacks. The attackers knew exactly what they were doing, focusing on disabling TrendMicro security features embedded in the routers, essentially breaking in by first turning off the alarm. The attack chain reads like a masterclass in persistence: brute force and clever authentication bypasses got them in the door, a null byte injection tricked the router's authentication system, and a command injection vulnerability allowed them to manipulate logging features in a way that opened up even more attack paths. The real kicker? The final backdoor was installed using legitimate ASUS features, meaning it could survive firmware updates and stay hidden from traditional detection methods. This campaign affected thousands of routers globally, with over 4,800 compromised devices detected and counting. Even after ASUS released a patch—adding character validation rather than fixing the underlying flaw—researchers found that the fundamental vulnerability remained, and attackers could potentially work around the patch. This story highlights the ongoing challenges in IoT security: complexity breeds vulnerability, persistence is a nightmare to detect and remove when attackers use legitimate features, and patches often address symptoms rather than root causes. It's a reminder that traditional signature-based detection is no longer enough—behavioral analysis and AI-driven anomaly detection are now essential for spotting these advanced threats. We also touch on the bigger picture: the evolving cat-and-mouse game between attackers and defenders, the importance of defense in depth, and why understanding normal network behavior is more critical than ever. Plus, we look at the human element—attackers who are patient, technically sophisticated, and deeply aware of how to evade detection. For organizations, the takeaways are clear: defense in depth, behavioral monitoring, asset management, and patch management are all non-negotiable. And for everyone else, it's a reminder that the devices we trust to protect us are themselves complex and potentially vulnerable computers. Later in the episode, we take a closer look at vulnerability scoring systems—CVSS, EPSS, and SSVC—and why reading between the scores is so important for risk management. We also highlight the value of fresh, actionable data from sources like Censys and VulnCheck, and round things out with a nod to the ongoing conversation happening on the GreyNoise blog. Thanks for tuning in to Storm⚡️Watch. Stay vigilant, keep learning, and remember: in cybersecurity, the difference between safe and compromised can be as subtle as a single null byte. Storm Watch Homepage >> Learn more about GreyNoise >>  

In this episode of the podcast, the hosts discuss the emergence of a new botnet that is launching targeted DDoS attacks on the gaming industry. They explore the implications of these attacks, particularly focusing on the financial impact on both large and small gaming companies. The conversation highlights the sophistication of the botnet and the challenges smaller companies face in maintaining security. The hosts also emphasize the importance of understanding the broader implications of cybersecurity threats in the gaming sector. Article: New HTTPBot Botnet Launches 200+ Precision DDoS Attacks on Gaming and Tech Sectors https://thehackernews.com/2025/05/new-httpbot-botnet-launches-200.html?m=1&fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExd2s2TnlNUWRkR24yNWFjdwEeo0zY934IpcUzdKz3zxJeQKcubB42gZUNAyR75WHTYHPpR3T3ulCyZBo6cGw_aem_NZKTa-tbuk1AHhuSAo73jg Please LISTEN

In this Marketing Over Coffee: Learn about Running Traffic, Coordinated Inauthentic Engagement, Finfluencers and more! Direct Link to File Fast Company Article Past Interview on Black Hat SEO and the Search Engine PR battleground Running Traffic Coordinated Inauthentic Engagement as a tool to lift organic traffic 9:02- 11:07 Insta360 X5 Camera. To bag a free […] The post Eric Schwartzman on BotNets and How To Market in the Post Facts World appeared first on Marketing Over Coffee Marketing Podcast.

The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

U.S. authorities indicted three Russians and one Kazakhstan national for hacking and selling access to a botnet made of vulnerable internet-connected devices. Learn more about your ad choices. Visit podcastchoices.com/adchoices

In this episode of the Other Side of the Firewall podcast, the hosts discuss the latest cybersecurity news, focusing on the dismantling of a major IoT botnet and the implications for device security. They emphasize the importance of keeping devices updated and the risks associated with neglected IoT devices. The conversation also explores the landscape of cybercrime, highlighting how bad actors operate and profit from vulnerabilities. The episode concludes with insights on the future of cybersecurity and the need for awareness and proactive measures. Article: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. - Dutch Operation https://thehackernews.com/2025/05/breaking-7000-device-proxy-botnet-using.html?m=1&fbclid=IwZXh0bgNhZW0CMTAAYnJpZBExUkZqNkM4QmEyTmNlM2VSUQEeU1Iac_fcz0QhlCPG5-TflrbhMyMF7RPU0m1R8S5-XhjmTEu7KUFg5oL0j5I_aem_DfY--ZYjuSC-BLvEvG6BxQ Please LISTEN

Referências do EpisódioStealthy .NET Malware: Hiding Malicious Payloads as Bitmap ResourcesBreaking the Sound Barrier Part I: Fuzzing CoreAudio with Mach MessagesClassic Rock: Hunting a Botnet that preys on the OldLumma Stealer, coming and goingVídeo que fiz sobre ClickFixRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

In this episode of the Cybersecurity Readiness Podcast, Dr. Dave Chatterjee sits down with Richard Hummel, Director of Threat Intelligence at NETSCOUT, to unpack the fast-evolving Distributed Denial of Service (DDoS) threat landscape. Richard shares unique insights from NETSCOUT's latest global threat intelligence report, discussing the strategic weaponization of DDoS attacks in geopolitical conflict, the role of AI in modern attack infrastructure, and why proactive preparation, not prevention, is key. Together, they explore how leaders must adopt a “resilience by design” mindset to secure their digital frontlines.To access and download the entire podcast summary with discussion highlights -- https://www.dchatte.com/episode-85-from-botnets-to-ai-defending-against-the-future-of-ddos-warfare/Connect with Host Dr. Dave Chatterjee and Subscribe to the PodcastPlease subscribe to the podcast so you don't miss any new episodes! And please leave the show a rating if you like what you hear. New episodes are released every two weeks. Connect with Dr. Chatterjee on these platforms: LinkedIn: https://www.linkedin.com/in/dchatte/ Website: https://dchatte.com/Cybersecurity Readiness Book: https://www.amazon.com/Cybersecurity-Readiness-Holistic-High-Performance-Approach/dp/1071837338https://us.sagepub.com/en-us/nam/cybersecurity-readiness/book275712Latest Publications & Press Releases:“Meet Dr. Dave Chatterjee, the mind behind the CommitmentPreparedness-Discipline method for cybersecurity,” Chicago Tribune, February 24, 2025."Dr. Dave Chatterjee On A Proactive Behavioral Approach To Cyber Readiness," Forbes, February 21, 2025.Ignorance is not bliss: A human-centered whole-of-enterprise approach to cybersecurity preparednessDr. Dave Chatterjee Hosts Global Podcast Series on Cyber Readiness, Yahoo!Finance, Dec 16, 2024Dr. Dave Chatterjee Hosts Global Podcast Series on Cyber Readiness, Marketers Media, Dec 12, 2024.

This week we dive into security headlines including a botnet bonanza that includes TP-Link routers, Chinese attackers targeting Juniper and Fortinet, and a case study of nation-state actors penetrating the operator of a small US electric utility. We also discuss ransomware attacks targeting critical infrastructure, a backdoor in an Android variant used in streaming devices,... Read more »

This week we dive into security headlines including a botnet bonanza that includes TP-Link routers, Chinese attackers targeting Juniper and Fortinet, and a case study of nation-state actors penetrating the operator of a small US electric utility. We also discuss ransomware attacks targeting critical infrastructure, a backdoor in an Android variant used in streaming devices,... Read more »

Forecast = Router-geddon: Ballista storms brewing with a chance of unforgivable vulnerabilities. Patch umbrella required. ‍ In this episode of Storm ⚡ ️Watch, the crew laments the sorry state of modern edge computing through the lens of Steve Coley's 2007 paper on "Unforgivable Vulnerabilities". The discussion examines security flaws that should never appear in properly developed software yet continue to plague systems today. These vulnerabilities demonstrate a systematic disregard for secure development practices and would be immediately obvious to anyone with basic security awareness. The team breaks down "The Lucky 13" vulnerabilities, including buffer overflows, cross-site scripting, SQL injection, and hard-coded credentials, while also exploring how modern AI tools might inadvertently introduce these same issues into today's codebase, and how one might go about properly and safely use them in coding and security engineering. The episode also features an in-depth analysis of the newly discovered Ballista botnet that's actively targeting TP-Link Archer routers through a vulnerability discovered two years ago. First detected on January 10, 2025, this botnet has already infected over 6,000 devices worldwide, with the most recent activity observed in mid-February. The threat actors behind Ballista, believed to be based in Italy, have targeted organizations across multiple sectors including manufacturing, healthcare, services, and technology in the US, Australia, China, and Mexico. The botnet exploits CVE-2023-1389 to spread malware that establishes encrypted command and control channels, enabling attackers to launch DDoS attacks and further compromise vulnerable systems. The team rounds out the episode with updates from their partner organizations. Censys shares insights on JunOS vulnerabilities and the RedPenguin threat actor, along with an investigation into server misidentification issues. RunZero discusses the importance of cybersecurity labeling for end-of-life and end-of-support consumer IoT devices. GreyNoise alerts listeners to a new surge in SSRF exploitation attempts reminiscent of the 2019 Capital One breach and promotes their upcoming webinar on March 24th. As always, the Storm⚡️Watch crew delivers actionable intelligence and expert analysis to help security professionals stay ahead of emerging threats in the ever-evolving cybersecurity landscape. Storm Watch Homepage >> Learn more about GreyNoise >>  

Sean Plankey nominated to head CISA Ballista Botnet hits TP-Link devices PowerSchool publishes breach report Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, And helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines

Hoje, temos um tema urgente e extremamente relevante: as botnets – redes de dispositivos comprometidos que podem ser usadas para ataques cibernéticos em larga escala. Nos últimos meses, vimos um aumento alarmante desse tipo de ameaça. A botnet VO1D comprometeu mais de 1,6 milhão de dispositivos Android TV, com um quarto dessas infecções acontecendo aqui no Brasil. Para entender melhor esse cenário e como podemos nos proteger, conversamos com Alex Soares, Partner Solution Engineer da Akamai, no Podcast Canaltech. Ele falou sobre o impacto das botnets, como elas operam e quais medidas podem ser tomadas para reduzir os riscos. Além disso, no nosso giro de notícias, comentamos sobre a suspensão da VOEPASS, a desativação do Skype após 22 anos, a mudança visual no iOS 19 e a decisão do Conselho Nacional de Educação sobre os bloqueadores de sinal de celulares nas escolas. Entre nas redes sociais do Canaltech buscando por @Canaltech Entre em contato pelo nosso e-mail: podcast@canaltech.com.br Entre no Canaltech Ofertas Acesse a newsletter do Canaltech Este podcast foi roteirizado e apresentado por Fernanda Santos e contou com reportagens de Paulo Amaral, Emanuele Almeida, Marcelo Fisher, Vinicius Moschen e Daniele Cassita. A trilha sonora é de Guilherme Zomer, a edição de Jully Cruz e a arte da capa é de Erick Teixeira. Você acompanha o Podcast Canaltech de segunda a sexta, a partir das 6h.See omnystudio.com/listener for privacy information.

This week, we talk about the problems with Hulu's Oscars live stream and why streaming cannot take the place of broadcast distribution in terms of scalability and dependability. We also point out the likelihood of MSG Networks and/or its affiliates declaring bankruptcy and the potential consequences for their streaming business. We discuss the announcement that all Elite Wrestling PPV events will soon be available on Prime Video, and Netflix plans to live stream another boxing match later in the year. Lastly, we discuss Fox Nation's new subscriber figures, the largest CTV device botnet ever discovered and made public, and MLB's commissioner's difficulties in getting all the teams to cooperate for a new DTC MLB service without blackout restrictions.Podcast produced by Security Halt Media

This week we are joined by Silas Cutler, Principal Security Researcher at Censys, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response to disruption attempts, while the botnet's operators have shown limited efforts to obscure their infrastructure. The research can be found here: Will the Real Volt Typhoon Please Stand Up? Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Silas Cutler, Principal Security Researcher at Censys, asking the important question of "Will the Real Volt Typhoon Please Stand Up?" The FBI's disruption of the KV Botnet in December 2023, attributed to the Chinese threat group Volt Typhoon, targeted infected systems but did not affect the botnet's control infrastructure. Despite law enforcement efforts and technical exposure, the botnet's infrastructure has remained largely stable, with only changes in hosting providers, raising questions about whether another party operates the botnet. Censys scanning data from 2024 shows a shift in the botnet's control servers, indicating a response to disruption attempts, while the botnet's operators have shown limited efforts to obscure their infrastructure. The research can be found here: Will the Real Volt Typhoon Please Stand Up? Learn more about your ad choices. Visit megaphone.fm/adchoices

Law enforcement shutters Garantex crypto exchange. NTT discloses breach affecting corporate customers. Malvertising campaign hits nearly a million devices. AI's role in Canada's next election. Scammers target Singapore's PM in AI fraud. Botnets exploit critical IP camera vulnerability. In our International Women's Day and Women's History Month special, join Liz Stokes as she shares the inspiring stories of women shaping the future of cybersecurity. And how did Insider threats turn a glitch into a goldmine? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In this special International Women's Day edition, we shine a spotlight on the incredible women in and around our network who are shaping the future of cybersecurity. Join Liz Stokes as we celebrate Selena Larson, Threat Researcher at Proofpoint, and co-host of Only Malware in the Building, Gianna Whitver, CEO & Co-Founder of the Cybersecurity Marketing Society and co-host of the Breaking Through in Cybersecurity Marketing podcast, Maria Velasquez, Chief Growth Officer & Co-Founder of the Cybersecurity Marketing Society and co-host of the Breaking Through in Cybersecurity Marketing podcast, Chris Hare, Project Management Specialist and Content Developer at N2K Networks, and host of CertByte, Ann Lang, Project Manager at N2K Networks, Jennifer Eiben, Executive Producer at N2K Networks, and Maria Varmazis, host of the T-Minus Space Daily show at N2K Networks for their achievements, resilience, and the invaluable contributions they make to keeping our digital world secure. Selected Reading Russian crypto exchange Garantex's website taken down in apparent law enforcement operation (The Record) Data breach at Japanese telecom giant NTT hits 18,000 companies (BleepingComputer) Malvertising campaign leads to info stealers hosted on GitHub (Microsoft) Canadian intelligence agency warns of threat AI poses to upcoming elections (The Record)  Deepfakes of Singapore PM Used to Sell Crypto, Residency Program (Bloomberg)  Edimax Camera Zero-Day Disclosed by CISA Exploited by Botnets (SecurityWeek) Magecart: How Akamai Protected a Global Retailer Against a Live Attack (Akamai)  Cybercrime 'crew' stole $635,000 in Taylor Swift concert tickets (BleepingComputer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Epidemia de BOTNET con IoT. Llamadas por WIFI: como son, consejos y problemas. El fermio de Majorana. Invitado: Óscar Monrió, CIO y CTO de CHC Energia.

Epidemia de BOTNET con IoT. Llamadas por WIFI: como son, consejos y problemas. El fermio de Majorana. Invitado: Óscar Monrió, CIO y CTO de CHC Energia.

Massive Botnet Targets M365 with Password Spraying A large botnet is targeting service accounts in M365 with credentials stolen by infostealer malware. https://securityscorecard.com/wp-content/uploads/2025/02/MassiveBotnet-Report_022125_03.pdf Mixing up Public and Private Keys in OpenID The complex OpenID specificiation and the flexibility it supports enables careless administrators to publich private keys instead or in addition to public keys https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html Healthcare Malware Hunt Part 1: Medial images are often encoded in the DICOM format, an image format unique to medical imaging. Patients looking for viewers for DICOM images are tricked into downloading malware. https://www.forescout.com/blog/healthcare-malware-hunt-part-1-silver-fox-apt-targets-philips-dicom-viewers/

Forecast: Murdoc botnet storms hit IoT devices, Mastercard's DNS flaw clouds visibility, and DHS shutdowns leave security in the dark. ‍ In this episode of Storm⚡️Watch, we explore a major DNS misconfiguration at Mastercard that went undetected for over four years. Security researcher Philippe Caturegli uncovered a simple but critical typo in Mastercard's DNS nameserver records where "akam.net" was written as "akam.ne". This error affected one in five DNS requests to Mastercard's infrastructure and could have allowed attackers to intercept emails, capture Windows authentication credentials, and distribute malware through trusted domains. The cybersecurity community was rocked by news that several crucial Department of Homeland Security advisory committees have been terminated. The Cyber Safety Review Board, which was actively investigating the Salt Typhoon hacks targeting U.S. telecommunications companies, was among the disbanded groups. This move has interrupted ongoing investigations into communications targeting high-profile political figures and raised concerns about gaps in information sharing and policy recommendations. A sophisticated new variant of the Mirai malware called the Murdoc Botnet has emerged, targeting IoT devices worldwide. With over 1,300 compromised devices and more than 100 command-and-control servers, this botnet specifically exploits vulnerabilities in AVTECH IP cameras and Huawei HG532 routers. Between December 2024 and January 2025, the botnet has launched significant DDoS campaigns against Japanese corporations, banks, and organizations across multiple sectors in various countries. The 2022 HIPAA Breach Report reveals concerning trends in healthcare security. There were 626 incidents affecting over 41 million people, with hacking and IT incidents accounting for 74% of all large breaches. Surprisingly, paper records remain a significant vulnerability, especially in smaller breaches. The report highlights persistent issues with weak authentication practices, insufficient audit controls, and incomplete risk analyses, resulting in major settlements totaling over $2.4 million. Join us for an in-depth discussion of these critical cybersecurity developments and their implications for the industry. Don't forget to check out the upcoming GreyNoise University Live event for more insights into threat intelligence and network security. Storm Watch Homepage >> Learn more about GreyNoise >>  

Summary In this enlightening conversation, Scott Schober, a cybersecurity expert, shares his extensive knowledge on the evolution of hacking, the intersection of cybersecurity and wireless technology, and the various threats individuals and organizations face today. He discusses the importance of education in cybersecurity, especially for different age groups, and the role of technology in enhancing security measures. The conversation also touches on the ethical implications of hacking, exploring the fine line between hacking for good and hacking for malicious purposes. Scott emphasizes the need for proactive measures and continuous learning to stay safe in an increasingly digital world. Takeaways Cybersecurity is a critical aspect of modern technology. Hacking has evolved from innocent mischief to serious threats. Botnets and DDoS attacks are prevalent and can be devastating. Education is key to improving cybersecurity awareness. Different age groups face unique cybersecurity challenges. Apple devices are generally more secure but not infallible. Common practices like password reuse increase vulnerability. Cyber hygiene is essential for personal and organizational security. Hacking can be used for good, but it raises ethical questions. Proactive measures and continuous learning are vital for cybersecurity. Chapters 00:00 Introduction to Cybersecurity and Scott Schober's Background 01:27 Understanding Hacking: Definitions and Perspectives 04:20 The Reality of Cyber Attacks: DDoS and Botnets 07:04 Common Cyber Threats: Keyloggers and Password Security 10:22 Cyber Hygiene: Best Practices for Individuals 13:10 Cybersecurity for Different Generations: Seniors vs. Youth 31:47 The Importance of Cybersecurity Education 39:14 Mobile Technology and Security Concerns 48:14 Hacking: Good vs. Evil 55:15 Cybersecurity in Critical Infrastructure Credits: Hosted by Michael Smith and Ryan Roghaar Produced by Ryan Roghaar Theme music: "Perfect Day" by OPM  The Carton: ⁠⁠⁠⁠⁠⁠⁠https://medium.com/the-carton-by-eggs⁠⁠⁠⁠⁠⁠⁠ Feature with Zack Chmeis of Straight Method up now!  ⁠⁠⁠⁠⁠⁠⁠https://medium.com/the-carton-by-eggs/zack-chmeis-35dae817ac28⁠⁠⁠⁠⁠⁠⁠   The Eggs Podcast Spotify playlist: bit.ly/eggstunes The Plugs: The Show: eggscast.com @eggshow on twitter and instagram On iTunes: itun.es/i6dX3pCOn Stitcher: bit.ly/eggs_on_stitcher Also available on Google Play Music! Mike "DJ Ontic": Shows and info: ⁠⁠⁠⁠⁠⁠⁠djontic.com⁠⁠⁠⁠⁠⁠⁠ @djontic on twitter Ryan Roghaar: ⁠⁠⁠⁠⁠⁠⁠http://rogha.ar⁠⁠⁠⁠⁠⁠

Researchers ID a new Mirai-based botnet. Android devices get their first round of updates for the new year. Criminals exploit legitimate Apple and Google services in sophisticated voice phishing attacks. Japan attributes over 200 cyberattacks to the Chinese hacking group MirrorFace. A PayPal phishing scam exploits legitimate platform functionality. SonicWall addresses critical vulnerabilities in its SonicOS software. CISA warns of active exploitation of vulnerabilities in Mitel MiCollab. A new government backed labelling program hopes to help consumers choose more secure devices. On today's CertByte segment, Chris Hare and Steven Burnley unpack a question from N2K's ISC2® Certified in Cyber Security (CC) Practice Test. Streaming license plate readers - no password required. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Steven Burnley to break down a question targeting the CC - Certified in Cyber Security certification by ISC2®. Today's question comes from N2K's ISC2® Certified in Cyber Security (CC) Practice Test. The CC(SM) - Certified in Cyber Security is an entry-level, ANAB accredited exam geared towards anyone who wants to prove their foundational skills, knowledge, and abilities. To learn more about this and other related topics under this objective, please refer to the following resource: ISC2 (n.d.). https://www.isc2.org/landing/cc-etextbook   Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isc2.org/certifications/cc  Selected Reading New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices (Infosecurity Magazine) First Android Update of 2025 Patches Critical Code Execution Vulnerabilities (SecurityWeek) A Day in the Life of a Prolific Voice Phishing Crew (Krebs on Security) Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data (AP News) Casio says hackers stole personal data of 8,500 people during October ransomware attack (TechCrunch) New PayPal Phishing Scam Exploits MS365 Tools and Genuine-Looking Emails (Hackread) Multiple Sonicwall VPN Vulnerabilities Let Attackers Bypass Authentication (Cyber Security News) CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks (SecurityWeek) New Labels Will Help People Pick Devices Less at Risk of Hacking (SecurityWeek) Researcher Turns Insecure License Plate Cameras Into Open Source Surveillance Tool (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

State Department's disinformation office to close after funding terminated Pittsburgh Regional Transit suffers ransomware attack Another Mirai botnet targets NVRs and TP-Link routers Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. For the story behind the headlines, go to CISOSeries.com

Hey there, tech detectives and cyber sleuths! Grab your headphones and get ready for another wild ride through the digital jungle with Erich and Javvad. This week, we're diving into a hot mess at Hot Topic (pun totally intended) that's left 57 million people saying 'Uh-oh!' Plus, we'll take you on a typhoon-fueled adventure as China's notorious Volt Typhoon crew makes a shocking comeback. It's like a cyber soap opera, but with way more zeroes and ones! So, buckle up, buttercup – it's time to unravel these tangled webs of tech drama! Stories from the show: HIBP notifies 57 million people of Hot Topic data breach https://www.bleepingcomputer.com/news/security/hibp-notifies-57-million-people-of-hot-topic-data-breach/ China's Volt Typhoon crew and its botnet surge back with a vengeance https://www.theregister.com/2024/11/13/china_volt_typhoon_back/ Amazon MOVEit Leaker Claims to Be Ethical Hacker https://www.infosecurity-magazine.com/news/amazon-moveit-leaker-claims/

Volt Typhoon rebuilding botnet Chinese group targets Tibetan media DoD leaker sentenced Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. Get the stories behind the headlines at CISOSeries.com

In this episode, Rob Aragao talks about a recent joint cybersecurity advisory highlighting People's Republic of China-linked actors compromising routers and IoT devices for botnet operations. The advisory points to over 260,000 IoT devices, impacted by a botnet called Raptor Train.It's being alleged that Integrity Technology Group (Integrity Tech) are behind the incident. The report says “[Integrity Technology Group is a] company based in the PRC with links to the PRC government. Integrity Tech has used China Unicom Beijing Province Network IP addresses to control and manage the botnet described in this advisory. In addition to managing the botnet, these same China Unicom Beijing Province Network IP addresses were used to access other operational infrastructure employed in computer intrusion activities against U.S. victims. FBI has engaged with multiple U.S. victims of these computer intrusions and found activity consistent with the tactics, techniques, and infrastructure associated with the cyber threat group known publicly as Flax Typhoon, RedJuliett, and Ethereal Panda.”Detected by Lumen's Black Lotus Labs, the advisory was issued by the FBI, NSA, and Cyber National Mission Force.Rob explains that the botnet leverages code from the notorious Mirai malware, designed to exploit IoT devices running Linux-based systems, which has been in circulation for nearly a decade. He breaks down the architecture of the botnet, including its three-tier structure, and the role of compromised IoT devices, command-and-control servers, and management layers.Additionally, the discussion explores China's growing focus on cybersecurity talent recruitment, including the Matrix Cup, a hacking competition co-sponsored by Integrity Technology Group. The episode also offers recommendations for mitigating IoT device vulnerabilities, such as strong password management, patch updates, and network segmentation.Don't forget to rate, review, and subscribe to stay updated on future episodes!Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com

Harping on the Russian influence, but also making time for what China is up to these days according to the NSA. You may want to throw out your old smart toaster just to be safe from the botnet.  Topics include: Russian influence on alternative media, Post Truth Movement World, shared interests, global propaganda matrix, governments, taking offense to more, social media, justifying being online, surveillance of everyone, Tenet Media, Tim Pool the world's biggest moron, Canada, Foreign content creators exerting influence over our national politics, paranoid alt media creators, defense of independent editorial control, other media companies shutting down, financial backers pulled out, guise of free speech, hosts and creators who don't tow company line are dropped, RFK and Don Jr piece about Ukraine long range missiles, $100K per episode, promotion of civil war, sense that Justice may be done, exploding pagers, Israel, cell phones, future terrorism, NSA Twitter post, PRC botnets, hacking, IoT devices, DDoS attacks, cybersecurity, update devices and get rid of old ones, smart devices, consumer culture creates security risks, Communism vs Capitalism, Cold War 2.0, questions of grey areas concerning war, geopolitics, dystopia, historical perspective, confusion, cognitive dissonance, confidence in knowing what is real, work of podcasting vs manual labor, tools of alt media

The US government disrupts China's Raptor Train botnet. A phishing campaign abuses GitHub repositories to distribute malware.Ransomware group Vanilla Tempest targets U.S. healthcare providers.Hackers demand $6 million for stolen airport data. The FCC opens applications for a $200 million cybersecurity grant program. GreyNoise Intelligence tracks mysterious online “Noise Storms”. Scammers threaten Walmart shoppers with arrest. CISA adds five critical items to its known exploited vulnerabilities list. Craigslist founder will donate $100 million to strengthen US cybersecurity. Our guest today is Victoria Samson, Chief Director at Secure World Foundation, talking about space security and stability. Cybercriminals fall prey to very infostealers they rely on. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Victoria Samson, Chief Director at Secure World Foundation, talking with N2K's T-Minus Space Daily podcast host Maria Varmazis about space security and stability. For some additional detail about space sustainability, visit Secure World Foundation's Space Sustainability 101.   Selected Reading US Disrupts 'Raptor Train' Botnet of Chinese APT Flax Typhoon (SecurityWeek) Clever 'GitHub Scanner' campaign abusing repos to push malware (Bleeping Computer) Microsoft warns of ransomware attacks on US healthcare (CSO Online) Sea-Tac refuses to pay 100-bitcoin ransom after August cyberattack (The Seattle Times) FCC $200m Cyber Grant Pilot Opens Applications for Schools and Libraries (Infosecurity Magazine) GreyNoise Reveals New Internet Noise Storm: Secret Messages and the China Connection (GreyNoise) Walmart customers scammed via fake shopping lists, threatened with arrest (Malwarebytes) CISA Warns of Five Vulnerabilities Actively Exploited in the Wild (Cyber Security News) Craigslist Founder Pledges $100 Million to Boost U.S. Cybersecurity (Wall Street Journal) Criminals Keep Hacking Themselves, Letting Researchers Unmask Them (404 Media)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

There was widespread chaos in Lebanon for the second day in a row on Wednesday as another round of explosions ripped through the country, killing more than 20 and injuring hundreds of people. This time hundreds of the two-way radios used by Hezbollah operatives exploded. Federal authorities are warning of efforts to sow division in the United States, as well as efforts to influence the upcoming elections. The FBI says Iranian hackers sent material stolen from the Trump campaign to Harris's campaign staff. We have reactions from the presidential campaigns. The federal funds rate was high to curb inflation, but inflation has been coming down. With a lower federal rate, are we at risk of inflation increasing again? ⭕️ Watch in-depth videos based on Truth & Tradition at Epoch TV

House Fails to Pass Stopgap to Avoid Shutdown; U.S. Disrupts Chinese Regime Linked Botnet | NTD Good Morning

Columbus Ohio gas-lighting their residents and silencing a researcher who is simply calling them out. AI Projects failing at 80% , Local Police using AI to reduce reporting time allowing them to be back on the streets, US sues Georgia Tech for lying about its NIST Score and not using Anti-Malware when they said they were,  Gonetspeed, Cams used in Botnet, Using Junk email for sites you don't care about, Can't get my solitaire to work, Erik's Outlook issue.

Send us a Text Message.Dave Lewis, the global advisory CISO at OnePassword, shares his fascinating journey from the music industry to a thriving career in cybersecurity. With a background in music and a natural curiosity for computers, Dave's unconventional path highlights the diverse entry points into the cybersecurity field. His extensive experience, spanning various industries and roles, offers valuable insights into the evolving landscape of cybersecurity and its critical importance in our everyday lives. Dave's engaging narrative style, combined with his technical expertise, makes his journey an inspiring example for individuals considering a career change to cybersecurity, providing a unique perspective and practical insights into this dynamic field.We have to be okay with failure as long as we're learning from it. If somebody says their failure is not an option, they're not learning. - Dave LewisConnect with Dave Lewisemail: gattaca@1password.comWebsite: https://www.liquidmatrix.orgTwitter / X: https://x.com/gattacaLiquidMatrix: (Apple):  https://podcasts.apple.com/ca/podcast/liquidmatrix-security-digest-podcast/id533166516Connect with usWebsite: securitymasterminds.buzzsprout.comKnowBe4 Resources:KnowBe4 Blog: https://blog.knowbe4.comJames McQuiggan - https://www.linkedin.com/in/jmcquigganErich Kron: https://www.linkedin.com/in/erichkron/Music Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.comShow Notes created with Capsho - www.capsho.comSound Engineering - Matthew Bliss, MB Podcasts.If you'd like to ask Matt what he can do for your podcast, visit https://www.mbpod.com and schedule a consultation today! 

After a long investigation, the FBI and many international partners recently arrested the cyber criminal responsible for running the 911 S5 botnet, which is a global network of more than 19 million computers that have been infected with malicious software. That malware might be loaded after you click on a malicious link or open an attachment in a phishing email, or it might be bundled with pirated software or movies that you've downloaded. Once your computer has been added to the botnet, its operators sell cyber criminals access to your computer so they can use it to send phishing emails, launder money, distribute child exploitation materials, engage in identity theft, mine cryptocurrency, target companies or governments with distributed denial of service (DDoS) attacks, and more. It's not just computers that can be recruited into a botnet – any connected device is potentially at risk – and you might not even know that your device has been hijacked. Be suspicious, however, if you notice your computer suddenly running slower than usual, crashing more frequently, running out of memory, losing Internet access regularly, or showing you pop-up ads even when you're not using your web browser. If you suspect you've been compromised, talk with your IT staff so they can scan your system for malware before things get worse. The 60-second "Security Nudge" is brought to you by CybSafe, developers of the Human Risk Management Platform. Learn more at https://cybsafe.com

Kath tells Pat about the Mirai Botnet, supercharged form malware that caused such disastrous denial of service attacks that it managed to bring down internet service for the entire US eastern seaboard in 2016. Was this the work of a foreign actor, hoping to influence a crucial US election? The truth is even weirder.

We got a lot of messages about the Ticketmaster hack that went down since our last episode. We dive into all the weird angles of that evolving story, a strange real time news update about the AT&T hack, and spend a surprising amount of time hyping a Canadian movie about Blackberry.  Learn more about your ad choices. Visit podcastchoices.com/adchoices

Topic 1: Massive Botnet Network Taken Down Police coordinated by the European Union's justice and police agencies have taken down computer networks responsible for spreading ransomware via infected emails, in what they called the biggest-ever international operation against the lucrative form of cybercrime. The European Union's judicial cooperation agency, Eurojust, said that police arrested four “high value” suspects, took down more than 100 servers and seized control of over 2,000 internet domains. Related Link: https://abcnews.go.com/Business/wireStory/massive-international-police-operation-takes-ransomware-networks-arrests-110667670 -- -- -- Topic 2: AI Update, because We Have To Are strategies emerging?  Amazon is a brokerage for models Microsoft is doing CoPilot OpenAI is everywhere Apple just announced Apple Intelligence Cisco announces a pile of stuff Is there a “killer app” coming soon?  -- -- --  Topic 3: How is the M&A Frenzy affecting SMB IT? Google “m&a in it consulting” and you'll find articles, events, advice, and a whole lot people scrambling for the almighty dollar. Are the KPIs used in business acquisition really the KPIs you should be using to run a solid, long-term business? The most common way that small businesses “end” are 1) Walk away, and 2) Sell the client list. None of those people are getting 3x profit or even 3x EBITDA. Should they change their business or just keep doing what they're doing? -- -- -- Sponsor Memo: IT Service Provider University  This episode is Sponsored by Karl's next big class at IT Service Provider University. The five-week course, Core Standard Operating Procedures for Small IT Service Providers, starts July 2nd and costs only $399. This class walks through the most important processes and procedures you need to run a successful, profitable IT company. And best of all, you get massive handouts as a "first draft" for your own SOP library. More information at https://www.itspu.com/all-classes/classes/core-operating-procedures/ :-)

Take a Network Break! Johna fills in for Drew this week. We start with HPE adapting to the 5G market and unloading BSS/OSS tools to HCLTech. Dell financial results suggest AI problems. ISP Windstream replaces 600,000 routers destroyed by malware. France, Germany and the Netherlands lead the largest-ever police action against botnets with the help... Read more »

Take a Network Break! Johna fills in for Drew this week. We start with HPE adapting to the 5G market and unloading BSS/OSS tools to HCLTech. Dell financial results suggest AI problems. ISP Windstream replaces 600,000 routers destroyed by malware. France, Germany and the Netherlands lead the largest-ever police action against botnets with the help... Read more »

Take a Network Break! Johna fills in for Drew this week. We start with HPE adapting to the 5G market and unloading BSS/OSS tools to HCLTech. Dell financial results suggest AI problems. ISP Windstream replaces 600,000 routers destroyed by malware. France, Germany and the Netherlands lead the largest-ever police action against botnets with the help... Read more »

Ticket Master breach…great, Worlds largest Botnet master under arrest, DRM goes crazy on YouTube, External HD locks up when I move the data, Backup using Acronis, How do I use OpenDNS?  Why does OpenDNS break after an outage? So the US Treasury thinks NFTs are a fraud…ya don't say.

Reuters reports that TikTok is developing a US-only version of its recommendation algorithm, but the company disputes the report's accuracy. Plus, could AI make your next favorite TV show?See omnystudio.com/listener for privacy information.

Global authorities take down what they say is the biggest botnet of all time. More big AI deals for big media. More on the delicate dance between OpenAI and Microsoft. Why aren't there more smartwatches for tweens? And the AR laptop that might give the Apple Vision Pro a run for its money.Links:US dismantles 911 S5 botnet used for cyberattacks, arrests admin (BleepingComputer)Exclusive: The Atlantic, Vox Media ink licensing, product deals with OpenAI (Axios)OpenAI CEO Cements Control as He Secures Apple Deal (The Information)Internal divisions linger at OpenAI after November's attempted coup (Financial Times)Amazon to Expand US Drone Service After Getting Regulator's Nod (Bloomberg)Apple Signals That It's Working on TV+ App for Android Phones (Bloomberg)Google announces Fitbit Ace LTE for kids with Wear OS, Pixel Watch 2 specs (9to5Google)The Spacetop G1 Arrives This Fall. We Try the AR Laptop With No Screen (Wired)See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Welcome to Discover Daily, where we bring you the latest in tech, science, and culture. In today's episode, we start with the takedown of the 911 S5 botnet by the U.S. Department of Justice and FBI, which was responsible for a wide range of cybercrimes, including the theft of $5.9 billion in COVID-19 relief funds. The botnet, managed by YunHe Wang, hacked into over 19 million IP addresses globally, using malicious VPN applications to push malware onto victims' devices.Next, we explore Mistral AI's launch of Codestral, a generative AI model designed to assist developers in writing and interacting with code across more than 80 programming languages. This model, with its high performance and broad language support, is set to revolutionize the coding process by completing coding functions, writing tests, and filling in partial code. We also discuss BYD's new plug-in hybrid sedans, the Qin L and Seal 06, which boast an impressive driving range of over 1,300 miles on a single tank of fuel and a fully charged battery, thanks to their advanced DM-i 5.0 plug-in hybrid platform.We then dive into the innovative use of cosmic rays to date archaeological sites, highlighting a prehistoric settlement in northern Greece dated to between 5328 and 5140 BC. This method combines dendrochronology and radiocarbon dating with the identification of cosmic ray events, providing precise chronological reference points. Finally, we address the global myopia epidemic, discussing its causes, consequences, and preventive measures. The rise in myopia is attributed to factors like excessive near work and reduced outdoor time, with high myopia leading to severe vision-threatening conditions.From Perplexity's Discover feed:World's Largest Botnet Dismantled https://www.perplexity.ai/search/Worlds-largest-botnet-Odbwu7R9TXO2mNH1ahAsbQMistral Releases Codestral Model https://www.perplexity.ai/page/Mistral-releases-Codestral-4ELwgzmjQ9OMbBOExqikiA#eae99bc8-db91-4225-bdb5-f3eb73225e7fBYD Unveils 1300-Mile Range Hybrid https://www.perplexity.ai/page/BYD-Unveils-1300Mile-stl6Hma_THe5CKybgx_vRg Cosmic Rays Date Archaeological Sitehttps://www.perplexity.ai/page/Cosmic-Rays-Date-4EenruEKRSq57H7yZ7ATsgThe myopia epidemichttps://www.perplexity.ai/search/The-myopia-epidemic-9iyrncRiSO61E12zWVHpiQPerplexity is the fastest and most powerful way to search the web. Perplexity crawls the web and curates the most relevant and up-to-date sources (from academic papers to Reddit threads) to create the perfect response to any question or topic you're interested in. Take the world's knowledge with you anywhere. Available on iOS and Android Join our growing Discord community for the latest updates and exclusive content. Follow us on: Instagram Threads X (Twitter) YouTube Linkedin

In today's episode, we explore how cybercriminals exploited StackOverflow to promote the malicious Python package "pytoileur" aimed at cryptocurrency theft (https://thehackernews.com/2024/05/cybercriminals-abuse-stackoverflow-to.html). We also examine the FBI's takedown of the 911 S5 botnet and its massive impact on online fraud and cybercrime (https://krebsonsecurity.com/2024/05/is-your-computer-part-of-the-largest-botnet-ever/). Lastly, we introduce RansomLord, an open-source anti-ransomware tool that leverages DLL hijacking to block ransomware attacks pre-encryption (https://github.com/malvuln/RansomLord). FBI Botnet: https://www.fbi.gov/investigate/cyber/how-to-identify-and-remove-vpn-applications-that-contain-911-s5-backdoors 00:00 Introduction to Ransomware Defense 01:12 Ransom Lord: A Game Changer 03:55 How to Check for Botnet Infections 06:47 Malicious Python Package Alert 09:19 Conclusion and Final Thoughts Tags: Cybercriminals, Python Package Index, pytoileur, cryptocurrency theft, malicious packages, StackOverflow, open source security, botnet, VPN, YunHe Wang, 911 S5, cybersecurity, RansomLord, exploits, vulnerabilities, ransomware protection Search Phrases: Cybercriminal infiltration of Python Package Index pytoileur malicious package on StackOverflow Cryptocurrency theft using pytoileur How to protect against malicious Python packages Largest botnet disguised as VPN service Arrest of YunHe Wang for cybercrime 911 S5 botnet detection methods Protecting computers from 911 S5 botnet RansomLord tool against ransomware Ransomware vulnerabilities exploited by RansomLord May30 There is a new proof of concept. Open source tool called ransom Lord. attacks, the malware that launches ransomware. In order to defeat it before it can encrypt your files. I'm a little blown away by this one, but we'll get to that in a sec. How can ransom Lord change the game for ransomware defenders? And what tactics does it use to defeat ransomware? The largest botnet ever operating under the guise of free VPN services. Has been dismantled with the arrest of its alleged mastermind for orchestrating cyber crimes, totalling billions of dollars in fraudulent losses. How can you check if your computer is part of the nine 11 s5 botnet and what steps can you take to protect yourself in the future? The Python package index has been infiltrated with a malicious package named PI told earlier. Which has now found to facilitate cryptocurrency theft by leveraging reputable platforms, such as stack overflow. What measures can developers take to protect themselves from being deceived by malicious packages? Like this one. You're listening to the daily decrypt. . Alright. So as defenders, we are constantly thinking about how to defeat ransomware. But I haven't seen much come out other than detection capabilities. So we're still focused on detecting. Indicators of compromise that might lead to ransomware. But just yesterday health net security released an article on an open source. Anti ransomware tool that essentially attacks the ransomware malware Using DLL hijacking. and automates the creation of PE files. Which are used to exploit. Ransomware before it can encrypt your files.. So even the thought of this type of defense makes me so excited. The idea that there can be more than just detecting indicators of compromise for ransomware prevention. When we can actually go in and attack the ransomware itself. And get rid of it before it even has the opportunity to encrypt your files. It's a breath of fresh air. So. This tool, which is free and open source and available on get hub. The link is in the show notes below. Deploys exploits in order to defend the network. Which is a novel strategy for defeating ransomware. It also uses vulnerability intelligence. That maps, threats to vulnerable DLLs. In order to target specific threats that you may believe may target your organization or industry. This tool in its current state has been shown to be effective. To defend against 49 ransomware families, including. Caliente. Loki locker. And many more. It can also target Trojans and info Steelers. The author of this tool writes. I created ransom Lord to demonstrate that ransomware is not invincible. And that it has vulnerabilities and its developers make mistakes and can write bad code, just like anyone else.. And I love this framing of ransomware itself being vulnerable to exploits. Because it's essentially just software on your computer and. It has vulnerabilities of its own.. And even though this is technically just a proof of concept, it is effective against current versions of these ransomware tools, though, the developers of these tools will likely patch. And it'll be a continuous cat and mouse game, but imagine if there was an entire company with thousands of employees. Whose sole purpose was to maintain the software to defeat ransomware strains. Any time a ransomware was successful. They would ship that source code off to this company and that company would analyze it and create the exploits for the vulnerabilities found in that ransomware file. I personally don't have enough time to handle this type of company and start it myself. But if you're listening and you're an entrepreneur in the cybersecurity space, I highly encourage you to get going and seek some investing and figure this company out, make it happen. So there was a giant botnet, potentially one of the biggest botnets of all time named 9 1 1 S five. Botnet. That has been masquerading around as a free VPN service. Well just recently authorities have arrested. And Hey Wang at 35 year old, Chinese national behind this entire botnet. They've also seized the 9 1 1 S five website and its infrastructure. This specific botnet has facilitated billions of dollars in online fraud and cyber crime. To include over 560,000 fraudulent unemployment claims. Causing a $5.9 billion loss. This botnet spanned more than 19 million computers across 190 countries. And. was responsible for enabling cybercriminals to route malicious traffic. Through any of those 19 million computers. Which of course allowed them to remain anonymous while they continued to partake in their cyber criminal activities. This bot net company or. Individual also sold access to compromised PCs. Within the botnet because they. Also provided a free VPN service.. And for those of you who might not know the intricacies of how a VPN works. At a high level, essentially, it's just a pathway or a tunnel. To access a network that you're not physically in. So for example, I have a VPN set up at my house. Anytime I'm out at a coffee shop. I access that VPN. Which essentially gives me access to all the devices in my house. So this bot net. Infected computers through the guise of a free VPN service. Installing and signing up for this free VPN service. Not only put your computer in part of this botnet, but gave. The botnet operators access to your computer. So, how can you check if your computer is infected by this botnet? Well, first of all, have you downloaded any free VPN services? In the last few years, if you can't remember. The FBI. Has created a webpage to help identify compromise systems. Which essentially just gives you steps to check if your computer has been infected such as checking for the running services. Such as mask VPN, do VPN proxy, gate shield, VPN shine, VPN and pallet and VPN. It gives you the step-by-step on how to do that on your own computer. It then gives you the steps you'll need to follow, to remove. The malicious free VPN service. And then also to confirm that that service has been removed. If you. We're compromised by this botnet. Please go check out the link. To the FBI site at the end, they're trying to collect a little bit of data to see what your experience was so that they can help. Detect and prevent this type of thing from happening again. And finally there has been a new malicious Python package. Found in the Python package index. This package is named PI Toya. It looks a little French. P Y T O Y L E U R. And it was designed to facilitate cryptocurrency theft. This package had only 316 downloads before the Python package index removed it. But. The developer of this package quickly uploaded a new version with the identical malicious functionality. So it will continue to go back and forth. And what's interesting about this is that. This package is being promoted by. Users. Across stack overflow. Which is a very popular. Platform where developers turn to get their questions answered. Or to provide tips for other developers to follow. So if you go on there and you are seeking. A specific package that might do something. Another stack overflow user can then suggest this malicious package. And maybe in turn, they will be rewarded or something like that. So, It seems like the whole internet at this point is a SEO. Competition doing what you can to get your search results up. And as a developer myself, I know the influence that stack overflow has on many developers. If you're a contributor to stack overflow, you have so much sway, especially if the questions you're answering are common questions, which often involve Python packages or Python coding. Tactics. You have a lot of influence on that platform. So, yeah, it makes sense that malicious actors would go on there. And maybe they buy a reputable stack overflow account for a lot of money. And then use it to promote malicious tools and packages. If you are a developer and you are out there looking for new packages to use for your organization. Especially for your organization, make sure you check out the documentation, check out the website, look for anything fishy in the metadata of that package. And look for. Reviews from verified developers. And trust me. I know the temptation as a developer, especially for personal projects at home to just get the job done as quickly as you can. If you find a stack overflow post. That might work. You tend to just copy the code, copy the imports, try it out. And see if it works, because at that point you're essentially just. Troubleshooting. In production, right. You're seeing if that code will work on your, on your little personal projects. So. No, that some of those Python packages can install malicious malware on your computer and be used to hijack your cryptocurrency. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.

In today's podcast, we'll hear from Christin Cifaldi, Director of Product Development & Analytics, on the topic of botnets in cyber security. What is a botnet, and what role does it play in the security landscape? Listen in to learn more.

Toothbrush Botnet "There are too many damn Honeypots!" Remotely accessing your home network securely Going passwordless as an ecommerce site Facebook "old password" reminders Browsers on iOS More UPnP Issues A password for every website? "Free" accounts Keeping phones plugged in Running your own email server in 2024 iOS app sizes SpinRite 6.1 running on an iMac SpinRite update Bitlocker's encryption cracked in minutes Show Notes - https://www.grc.com/sn/SN-961-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: joindeleteme.com/twit promo code TWIT bitwarden.com/twit kolide.com/securitynow robinhood.com/boost