Podcasts about Carbanak

FIN7 is a highly active and capable cybercrime group also known as Carbanak that has been evolving and using its own tools such as AVNeutralizer for many years. SentinelOne researchers Antonio Cocomazzi helps us dig into the group's tactics and tools.Read Antonio's new research here: https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/

Kiew, mitten in der Nacht. Ein Mann betritt eine Bank - alle Geldautomaten beginnen zu blinken und spucken Geld aus. So lange, bis sie leer sind. Mit einer Sporttasche voller Bargeld verlässt der Mann unerkannt die Filiale. Als dasselbe auch bei einer zweiten Bank passiert, klingelt bei Jornt van der Wiel das Telefon. Der Spezialist für Cyber-Sicherheit sucht die Bande, die den größten digitalen Bankraub aller Zeiten begangen hat. Host: Ann-Kathrin Mittelstraß Reporter: Manuel Andre Redaktion: Marion Härtel, Constanze Radnoti und Reinhard Röde Regie: Niklas Gramann und Constanze Radnoti mit Leopold Zaak Audio-Produktion: Christoph Tampe Produzent: Reinhard Röde Redaktion FYEO: Tristan Lehmann Gesamtleitung FYEO: Luca Hirschfeld und Tristan Lehmann

In today's podcast we cover four crucial cyber and technology topics, including: 1.API flaw in financial firm could have allowed mass account takeovers 2.Hamas-linked threat actors target Israeli industries in large campaign 3.Fin7 criminal from Ukraine sentenced to prison 4.Microsoft begins disrupting Russian cyber criminal infrastructureI'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Det 151 avsnittet av IT-säkerhetspodden handlar om den framgångsrika (om man får säga så) attacken som kallas "Carbanak/Cobalt" attacken som spreds som en löpeld under 2013. Det skulle ta över fem år för polisen att utreda fallet men det är inte det som gör Mattias Jadesköld och Erik Zalitis nyfikna. Utan det är att attacken började med ett väldigt proffsigt och sofistikerat spear-phishing mail. Show notes här: https://www.itsakerhetspodden.se/151-spear-phishing-och-fallet-carbanak-cobalt/

Google doc comments leveraged as highly convincing phishing lures.Carbanak authors attempt ransomware infection by mailing disguised USBs to victims.8 year old Microsoft Defender flaw highlighted by security researchers.

In this episode, host Bidemi Ologunde talked about how a well-known organized cybercrime group has evolved its hacks and attacks, from the days of stealing card information and hacking ATMs, to creating custom-made ransomware and even setting up fake companies to recruit new employees.Please send questions, comments, and suggestions to bidemi@thebidpicture.com. You can also get in touch on LinkedIn, Twitter, the Clubhouse app (@bid), and the Wisdom app (@bidemi).

We open the show with a hidden gem of a crime. British authorities thought they were pursuing a cannabis operation only to find a mining operation. The next story is a look at the FBI integration with Have I Been Pwned and some new site features worth looking into. After that, I sit down with Rainer Bock of our team at Tomorrow Unlocked to learn about their latest — some cool videos are on the way, including an interactive one on Carbanak. Unfortunately, we also have to discuss the latest from SolarWinds and why the problem may not be going away as soon as we'd all like.

The latest MITRE ATT&CK vendor evaluations are due out soon. In advance of the new round, Uptycs’ Ganesh Pai and Amit Malik will discuss this evaluation round, which focuses on the threat groups Carbanak and FIN7. They’ll also talk about how organizations are translating endpoint and cloud workload telemetry to most effectively support MITRE ATT&CK detections and investigations.   This segment is sponsored by Uptycs. Visit https://securityweekly.com/uptycs to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw217

The latest MITRE ATT&CK vendor evaluations are due out soon. In advance of the new round, Uptycs’ Ganesh Pai and Amit Malik will discuss this evaluation round, which focuses on the threat groups Carbanak and FIN7. They’ll also talk about how organizations are translating endpoint and cloud workload telemetry to most effectively support MITRE ATT&CK detections and investigations.   This segment is sponsored by Uptycs. Visit https://securityweekly.com/uptycs to learn more about them!   Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw217

Magecart Group 5 is linked to the Carbanak gang. Another recently acquired reservation systems brings a headache to hospitality. Another app is found to carry the Joker malware. Some more notes from SecurityWeek’s ICS Cyber Security Conference in Atlanta, where the emphasis remains on attention to detail and taking care of first things first. And a list of the most dangerous celebrities offers a peek into the bad actors’ tackle box. Ben Yelin from UMD CHHS on a federal injunction against a company scraping user profiles from LinkedIn. Guest is Mandy Rogers from Northrop Grumman, on her own professional journey and the importance of diversity. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_23.html  Support our show

The Carbanak backdoor has been in use for many years by the infamous FIN7 attack team, and researchers at FireEye discovered files containing the source code for the malware on VirusTotal two years ago, but only recently published a detailed analysis of it. Dennis Fisher talks with Michael Bailey, who did much of the source code analysis, about the discovery, the work of pulling the code apart, and what makes Carbanak unique.Read the FireEye analysis here.

Sri Lanka investigates a homegrown jihadist group with possible international connections for the Easter massacres. New Zealand is preparing the Christchurch Call to exclude violent terrorist content from the Internet. ShadowHammer moves its supply chain attacks upstream. Carbanak source code seems to have been in VirusTotal for two years. Someone’s spoofing financial institutions. Bots surged upon the release of the Mueller report. ASD offers a counsel of perfection. Prof. Awais Rashid from University of Bristol on evidence based risk assessment. Guest is Michael P. Morris from Topcoder on the challenges of creating secure apps in the gig economy. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_24.html  Support our show

ATM hacking. Hollywood has been fantasizing about this since the 1980's. But is this a thing now? A security researcher named Barnaby Jack investigated ATMs and found them to be vulnerable. Once he published his data the ATM hacking scene rose in popularity and is is a very serious business today. One of the first big ATM robberies was done with the malware called Carbanak. Jornt v.d. Wiel joins us to discuss what this malware is. This episode was sponsored by Nucleus. Visit nucleussec.com to start your free trial. This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. For more show notes and links visit darknetdiaries.com. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this special episode of the Kaspersky Lab Transatlantic Cable podcast, we will continue to preview the upcoming Security Analyst Summit (#TheSAS2019). The conference will take place in Singapore on April 8-11. Today, my guest on the show is Sergey Lozhkin. Sergey is a senior security researcher on the company’s Global Research and Analysis Team (GReAT). During the course of our chat, we discuss a wide range of topics from what he is currently working on to what he expects heading to Singapore for the first time, insecurity of hospitals and his talk at the conference.  We also dive into his upcoming training at #TheSAS2019, entitled The God-Mode Practical Training in Static Analysis of APT Malware. This training session will cover most of the steps required to analyze a modern APT toolkit, from receiving the initial sample, all the way to producing a deep technical description with IOCs. The course material is based on many years of experience analyzing the most complex threats ever discovered in-the-wild, including: Equation, Red October, Sofacy, Turla, Duqu, Carbanak, ShadowPad, and many more. It’s time to set your static analysis game to God-Mode.

In this week's ShadowTalk, Digital Shadows’ Russian-speaking security specialist discovered files and source code allegedly related to the Carbanak organized criminal group. The Carbanak malware is a backdoor used by the Anunak (Carbanak) Group to infiltrate financial institutions and steal funds. Richard Gold and Simon Hall join Rafael Amado to discuss the implications for financial services from these revelations. We ask whether this leak represents a threat to organizations, and how businesses can best defend themselves from the techniques used by sophisticated financial criminal groups such as Carbanak. For more analysis from the Security Engineering Team, visit https://www.digitalshadows.com/blog-and-research/alleged-carbanak-files-and-source-code-leaked-digital-shadows-initial-findings/

Flashpoint Editorial Director Mike Mimoso talks to director of research Vitali Kremez about the recent leak of the TreasureHunter point-of-sale malware and builder source code, as well as the MaxiDed bulletproof hosting provider takedown.  Both events figure to have some impact on cybercrime activity.  The TreasureHunter is somewhat unique because rarely is source code for the malware payload and configuration leaked alongside its builder. This could simplify matters somewhat for criminals on the underground who wish to build variants of TreasureHunter. Flashpoint worked in collaboration with Cisco Talos on this disclosure and Talos provided updated Snort rules and ClamAV signatures to the public.  The MaxiDed takedown puts a huge dent in the underground cybercrime infrastructure hosting world. Known for hosting numerous nefarious groups' infrastructure, including Carbanak and others, MaxiDed is an example of the need for continued international cooperation among law enforcement and private sector researchers. 

This week in security we took a closer look at Fin7, also known as JokerStash, Carbanak, and a host of other names. The cybercrime group rakes in as much as $50 million a month by stealing credit card numbers, most recently from the company that owns Saks Fifth Avenue, Lord & Taylor, and more. They've got an interest in ATM hacks, too, and their professional acumen has turned them into what researchers estimate is a billion-dollar enterprise.

Security of Mainframes (with Cheryl Biswas & Tracy Maleeff) Advanced Persistent Security Podcast Episode 41 Guests: Cheryl Biswas and Tracy “Infosec Sherpa” Maleeff April 5, 2018 If you enjoy this podcast, ...

In our 210th episode of The Cyberlaw Podcast, Stewart Baker, Maury Shenk, Ben Wittes, and Nick Weaver discuss: the encryption debate heats up; the FBI revives push for solution; “FBI doesn’t understand math” argument hits roadblock: hard to say Ray Ozzie doesn’t; Left/liberals piles on the Inspector General’s (IG) report suggesting maybe FBI didn’t want to use national security tools in a criminal case; good week for attribution and retribution; Carbanak mastermind busted in Spain? Nikulin extradited to US; the US to require social media usernames, email addresses, and phone numbers from visa applicants; Julian Assange loses internet connection, Matt Green displays his cruel streak; update on Keeper libel suit, if we can confirm case was dropped. Our guest interview is with David Sanger, National Security Correspondent for The New York Times. As always The Cyberlaw Podcast is open to feedback. Send your questions, suggestions for interview candidates or topics to CyberlawPodcast@steptoe.com or leave a message at +1 202 862 5785. The Cyberlaw Podcast is hiring a part-time intern for our Washington, DC offices. If you are interested, visit our website at Steptoe.com/careers. The views expressed in this podcast are those of the speakers and do not reflect the opinions of the firm.

Flashpoint Editorial Director Mike Mimoso talks to director of research Vitali Kremez about the arrest of the leader of the Carbanak cybercrime gang. Carbanak was responsible for more than $1 billion USD in losses and the arrest is a victory for international law enforcement and cross-jurisdictional cooperation between authorities.  Mike and Vitali talk about the effects such a high-profile arrest on not only on Carbanak, but also on the rest of the cybercrime underground, as well as the tactics, techniques and procedures employed by Carbanak in their operations.  

In today's podcast we hear that Sixty Russian diplomats are now persona non grata in the US. It's the largest such retaliation so far for the Russian nerve agent attack in Salisbury, England. Fear of a Russian riposte against Western power grids remains high. Cambridge Analytica was raided over the weekend in the continuing Facebook data scandal. Facebook faces more difficulties over Android data collection. Notes on malware circulating in the wild. Iran objects to US indictments.  Daniel Prince from Lancaster University discussing risk management. And the alleged Carbanak "mastermind" is arrested in Spain. 

In today's podcast, we hear about how OAuth abuse rushed a worm around Google Docs, and how the good guys swiftly contained the attack. Bondnet discovered mining cryptocurrency. The Blackmoon financial malware gets an upgrade. Carbanak is still out there, trickier than ever. No-phishing season at Gannett. India's national biometric ID system runs into security and legal trouble. Rick Howard from Palo Alto Networks previews the Cyber Canon awards ceremony. Andrew Chanin describes the upcoming Cyber Investing Summit. And reflections on passwords yesterday, today, and tomorrow, both here on earth and in a galaxy far, far away.

SHA-1 is broken, for real. Grizzly Steppe threat actors seem to have a lot in common with the Carbanak gang. Bitcoin exchange hit by DDoS. Linux patches an old vulnerability. Reuters says Symantec was in talks to buy FireEye, but the companies backed away from a deal. An arrest in the Deutsche Telekom hack. Dr. Charles Clancy from Virginia Tech's Hume Center explores the designation of election systems as critical infrastructure. Jason Porter from AT&T decribes the newly formed IoT Cybersecurity Alliance. And what the vulnerability researchers found when they looked at connected cars.

On this episode we talk about the return of carbanak and an individual facing jail time for creating keyloggers.

In today's podcast, we hear about how the Carbank cyber gang is getting trickier and more ambitious. In other cybercrime news, ransomware takes off after more databases. There's a new ransomware-as-a-service offering in the black market. Emily Wilson from Terbium Labs addresses perceptions of terrorists on the dark web. Simone Petrella from CyberVista provides her perspective on cyber security workforce issues. A new strain of Android ransomware hits Russian-speaking users. Locky's back, but in a feeble sort of way. Cybercriminals lock files at a cancer service not-for-profit. Russian policy wonks seem to suggest that we're not at the point in history where 2016 yielded to 2017. Instead—calling all Cold Warriors—1948 just ticked over into 1949. 

Carbanak is back, and in the cloud. GhostAdmin quietly assembles a few good bots. Malware writers troll security researchers on VirusTotal. Oracle issues a big patch; Apple is said to be preparing a smaller one. M&A activity is in the news. Australia investigates fallout from the Yahoo! breaches. Experts warn European election officials and politicians to be on the lookout for Bears. Rick Howard from Palo Alto Networks seeks a unified theory of security. David Bianco from Sqrrl offers advice on threat hunting. And US President Obama issues some pardons and commutations—General Cartwright and Private Manning are on the list. Not so Mr. Snowden.

In today's podcast, we hear about some lawful intercept tools that have been found prospecting Android. Synack calls shenanigans on Shazam, but maybe no harm, no foul. Carbanak turns from banks to hospitality. Insider threats and how to mitigate them—if you've got a facility clearance, you've got a deadline coming up, and Steven Grossman from Bay Dynamics explains what it means. Arlington Capital merges three of its companies into a new cyber shop, Polaris Alpha. Symantec is rumored to be sniffing at LifeLock. Cyber policy discussions in Germany and the US sound a lot alike. Jonathan Katz from the University of Maryland explains the pros and cons of photonic encryption. A teenager cops to the TalkTalk hack, and, if you're asking for a friend, the tally of accounts affected by the AdultFriendFinder breach hits 412 million.

CIBERDELITOS | ADRIÁN ARIAS Estafas, secuestro de información, sabotajes, apagones masivos, ciberacoso, tráfico de drogas y de órganos, son algunos ejemplos que integran la kilométrica lista de ciberdelitos, que son aquellas acciones ilegales que se cometen en internet. Hay miles de formas de delinquir en la red y aquí te presentamos los cuatro ciberdelitos más peligrosos: Phishing Las estafas de Phisihng consisten en obtener información sensible o personal de un usuario de computadora para obtener contraseñas bancarias, dirección de casa o incluso el número de seguridad social. Los hackers se han valido de muchas maneras para lograr este objetivo, desde crear páginas bancarias falsas, hasta enviar correos apócrifos en nombre de instituciones bancarias- El caso más conocido de Phishing sucedió entre 2013 y 2015 cuando la banda de hackers Carbanak robó mil millones de dólares a 100 bancos en diversos países. Robo de Identidad Sucede cuando los cibercriminales han tenido acceso a tu tarjeta de crédito o cuenta bancaria y la usan para hacer compras en tu nombre. En México la Condusef registró hasta 100 mil quejas por este delito en 2015, en donde los usuarios fueron defraudados con un monto que sumó los 250 millones de pesos. El Acoso en Línea Consiste en amenazas a través del correo o redes sociales. Normalmente, es muy sencillo denunciarlo, pero los niños son los más vulnerables a este crimen, ya que se han dado casos de suicidios ante la presión psicológica que esto genera. Aquí entra otra variante conocida como sextorsión, en donde los criminales amenazan con publicar videos íntimos si la persona afectada no les paga cierta cantidad de dinero. Acecho Cibernético Sucede cuando los hackers tratan de controlar la actividad en línea de las víctimas. Esto puede incluir infectar la computadora de una persona con un software malicioso que sea capaz de registrar las actividades del equipo. Aquí entra una variante conocida como Ransomware que consiste en bloquear la computadora de una persona y pedir dinero por su desbloqueo. Se estima que los ciberdelitos generan costos de hasta 3 mil millones de dólares al año en México para las instituciones y los usuarios. Tenga cuidado, siempre protéjase con un buen antivirus no confíe en desconocidos. En Internet no todo lo que brilla es oro. EL MERCADO DE LOS OTTS | CLAUDIA JUÁREZ No me decido qué hacer. Estoy entre poner una película en Netflix y verla en la tableta, o hacer un nuevo playlist en Spotify y descargarlo en mi celular… A esa posibilidad de tener acceso a contenido de video o música en cualquier dispositivo que tenga una conexión a internet como computadoras, consolas de videojuegos, smartphones, tabletas o Smart TVs, y a cualquier hora del día se les conoce como servicios Over The Top. Estos servicios los ofrecen empresas como Netflix, Claro Video, HBO GO, CLICK Cinépolis, Spotify, Google Play, Apple Music, Claro Música, que no requirieron de elevadas inversiones ni de infraestructura o espectro radioeléctrico y tampoco están sujetos al marco regulatorio de los operadores. De acuerdo con la empresa de consultoría The Competitive Intelligence Unit, hace poco menos de un lustro, conocimos del lanzamiento de estas plataformas en el mercado mexicano, sin embargo, Soonora empresa que implementa este tipo de plataformas, dijo que éstas están siendo desaprovechadas pues no sólo pueden ser usadas para distribuir series y películas, sino que también pueden aprovecharse por parte de instituciones deportivas como la Federación Mexicana de Futbol y la CONADE para dar difusión a sus eventos y competencias. ROBOTS SEXUALES | SAMUEL PRIETO ¿Desafortunado en el amor? ¿Estás harto de utilizar tu mano o cualquier suerte de otros artilugios? Bueno, no se trata de juzgar a nadie. Pero si te interesa una solución, ahorra un poco más de 280 mil pesos mexicanos y tu problema, prácticamente podría terminar resuelto. Con la ventaja adicional de no tener que lidiar con la pareja dramática y conflictuada a quien, a la hora de la hora, casi siempre le duele la cabeza. Abyss Creations es la empresa europea que puede venderte un muy candente, apasionado y seductor... robot. Sí, un robot. Las ventajas: puedes personalizarlo para que se sea muy parecido a esa persona que te arranca suspiros. Tiene un mínimo de inteligencia artificial que usa, por ejemplo, para espolearte con una serie de palabras pre programadas que te pongan en ambiente. También incluye realidad virtual, para que la experiencia sea lo más parecida al sexo de tus más pervertidas fantasías. Bueno, ¿y los genitales? El fabricante promete que estarán calientes como los reales. Y a eso no le agregan mucha más ciencia. Básicamente imitan a los órganos reales con vibración. Es decir, la línea entre la masturbación y el sexo, simplemente se vuelve mucho más delgada pero, ya entrados en calor, ¿a quién le importa?

Cyber attacks are one of the biggest issues for banks. Last year Carbanak, a cybergang, robbed one institution of $1bn – the largest heist in history

Neste episódio fazemos uma análise crítica de alguns pontos da proposta de decreto regulamentador do Marco Civil. ShowNotes Resumo de Notícias Especial APT-style bank robberies increase with Metel, GCMAN and Carbanak 2.0 attacks (Via SecureList)Continue reading

On this week's episode we discuss a new version of the Carbanak malware, a new malware breaks impenetrable corporate defenses, internet of things and vulnerable baby monitors, and malware construction kits.