Podcasts about cisco talos

En este episodio el invitado especiales Abraham Pasamar, CEO de Incide. La discusión abarca diversas amenazas y eventos de ciberseguridad actuales, incluyendo una investigación de Cisco Talos sobre hacking patrocinado por estados, una operación de Microsoft contra malware ruso, y recientes brechas de datos que afectaron al club de fútbol Deportivo de La Coruña y a Adidas. La conversación también subraya la importancia de la preparación en ciberseguridad y la responsabilidad compartida en la protección de datos en la nube, antes de concluir con recomendaciones prácticas para usuarios de Panda Security, particularmente en relación con los riesgos asociados a los videojuegos online para niños. Twitter: @ciberafterwork Instagram: @ciberafterwork Panda Security: https://www.pandasecurity.com/es/ +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.vapasec.com/ VAPASEC https://www.vapasec.com/ https://www.vapasec.com/webprotection/

The episode begins with a musical tribute to a departing colleague, Víctor Nieva, before introducing regular contributor Pablo Sanemeterio and special guest Abraham Pasamar, the CEO of Incide. The discussion covers various current cybersecurity threats and events, including a Cisco Talos investigation into state-sponsored hacking, a Microsoft operation against Russian malware, and recent data breaches affecting the Deportivo de La Coruña football club and Adidas. The conversation also highlights the importance of cybersecurity preparedness and the shared responsibility for protecting data in the cloud, before concluding with practical user recommendations from Panda Security, particularly regarding the risks associated with online gaming for children. Twitter: @ciberafterwork Instagram: @ciberafterwork Panda Security: https://www.pandasecurity.com/es/ +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.vapasec.com/ VAPASEC https://www.vapasec.com/ https://www.vapasec.com/webprotection/

This episode is sponsored by Duo. Visit duo.com to learn more.Join Jim McDonald and Jeff Steadman on this sponsored episode of the Identity at the Center Podcast, brought to you by Duo! We welcome back Matt Caulfield, VP of Duo and Identity at Cisco, to discuss the ongoing "identity crisis" in security, where 60% of attacks have identity as a key component. Matt introduces Duo's new Security-First IAM, a revolutionary approach that prioritizes security by making it the default, enabling easy passwordless adoption, and building in phishing resistance from day zero.Discover how Duo is differentiating itself in a crowded market by focusing on end-to-end phishing resistance capabilities and user-centric security. Matt shares insights into Cisco's innovation culture, drawing from his experience as a founder and the integration of acquired technologies like ORT into Duo's identity intelligence, including a new trust scoring mechanism to identify compromised accounts.We also delve into the powerful insights from Cisco Talos, whose research on identity-based attacks directly influences Duo's product development, and how customer feedback is shaping the future of identity security. Explore the exciting innovations in authentication, including Duo's proximity verification for phishing-resistant, passwordless access, and the continuous authentication capabilities powered by Duo Desktop and Identity Intelligence.Finally, Matt discusses the impact of AI on identity security, both in enabling attackers and enhancing defense mechanisms like the new Duo AI assistant for administrators. The conversation concludes with a look into the future of identity, including the challenges and opportunities presented by machine and agentic AI identities, and the critical need for advanced authorization solutions.Don't forget to visit duo.com for more information!Chapter Timestamps:00:00:00 - Introduction to the Identity Crisis and Security First IAM00:02:22 - Welcome to the Identity at the Center Podcast & Sponsored Episode Introduction00:03:00 - Introducing Matt Caulfield and His Journey at Duo/Cisco00:04:35 - Defining the Digital Identity Crisis00:06:04 - Understanding Security-First IAM00:07:17 - Differentiating Duo's Identity Solution00:08:36 - Cisco's Acquisition Strategy and Continued Innovation00:10:55 - The Impact of Cisco Talos Intelligence00:14:39 - Customer Insights and Challenges in Identity00:16:50 - Is Authentication Solved? Innovation in Phishing Resistance00:19:32 - AI's Impact on Identity Security and Future Threats00:21:55 - How Duo is Leveraging AI Internally and for Customers00:24:00 - Duo's Repositioning: From MFA to Identity and Access Management00:25:27 - Shifting Metrics of Success for Duo Customers00:27:44 - Workforce, Extended Workforce, and B2B Use Cases for Duo IAM00:29:48 - Deep Dive into Proximity-Based Authentication00:32:31 - The Importance of Phishing Resistance in Duo's Strategy00:35:57 - Continuous Authentication and Shared Signals Framework00:39:07 - Identity as a Core Pillar of SASE00:40:32 - Why Shared Signals Framework is a Key Investment for Duo00:43:25 - Future Outlook for Identity Practitioners: Passwordless and AI00:46:27 - Agentic AI and the Future of Authorization00:48:53 - Jim's Swag Tips for Identiverse00:51:57 - Final Thoughts from Matt CaulfieldConnect with Matt: https://www.linkedin.com/in/mcaulfie/Learn more about Duo: https://duo.com/Connect with us on LinkedIn:Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/Visit the show on the web at idacpodcast.com#idac #IdentitySecurity #Cybersecurity #DuoSecurity

Enjoying the content? Let us know your feedback!In this week's episode, we are looking at the latest Cisco Talos' 2024 report.  In this comprehensive report, we will delve into the major cybersecurity trends and threats observed over the past year. Cisco Talos team, has compiled this report to provide valuable insights and guidance for organizations to enhance their security postures.But before we get in to the main topic, I have one security news for you and that is:- The European Union launches a new vulnerability Database - EUVD- https://euvd.enisa.europa.eu: EUVD- https://euvd.enisa.europa.eu/faq: EUVD FAQ- https://blog.talosintelligence.com: 2024 Year In Review Report- https://www.forbes.com: Why Quantum Computers Will Work Alongside Classical SystemsBe sure to subscribe! You can also stream from https://yusufonsecurity.comIn there, you will find a list of all previous episodes in there too.

Verizon and Mandiant call for layered defenses against evolving threats. Cisco Talos describes ToyMaker and Cactus threat actors. Researchers discover a major Linux security flaw which allows rootkits to bypass traditional detection methods. Ransomware groups are experimenting with new business models. Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division shares the latest on Salt Typhoon. Global censorship takes a coffee break. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dave sits down with Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division who shares  a PSA on Salt Typhoon. Selected Reading 2025 Data Breach Investigations Report (Verizon) Mandiant M-Trends 2025 Report (Mandiant) Introducing ToyMaker, an initial access broker working in cahoots with double extortion gangs (Ciso Talos) Linux 'io_uring' security blindspot allows stealthy rootkit attacks (bleepingcomputer) Ransomware groups test new business models to hit more victims, increase profits (the record) Cloudflare: Government-backed internet shutdowns plummet to zero in first quarter (the record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, our hosts Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. This week Joe's got some follow up about his chickens. Joe's story is on LLM-powered coding tools, and how they are increasingly hallucinating fake software package names, opening the door for attackers to upload malicious lookalike packages—a practice dubbed "slopsquatting"—that can compromise software supply chains when developers unwittingly install them. Dave's story is on Cisco Talos uncovering a widespread toll road smishing campaign across multiple U.S. states, where financially motivated threat actors—using a smishing kit developed by “Wang Duo Yu”—impersonate toll services to steal victims' personal and payment information through spoofed domains and phishing sites. Maria's got the story of how scammers are using fake banking apps to fool sellers with phony payment screens—and walking away with thousands in goods. Our catch of the day comes from listener John who writes in to share a suspicious text message he received. Resources and links to stories: LLMs can't stop making up software dependencies and sabotaging everything Unraveling the U.S. toll road smishing scams 'Scammers used fake app to steal from me in person' Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

In this episode Hazel chats with Omid Mirzaei, a security research lead in the email threat research team at Cisco Talos. Omid and several Talos teammates recently released a blog on hidden text salting (or poisoning) within emails and how attackers are increasingly using this technique to evade detection, confuse email scanners, and essentially try and get phishing emails to land in people's inboxes. Hidden text salting is a simple yet effective technique for bypassing email parsers, confusing spam filters, and evading detection engines that rely on keywords. The idea is to include some characters into the HTML source of an email that are not visually recognizable.For more, head to the Talos blog 

In dieser Folge geht es um Methoden, mit denen Staaten - und zwar längst nicht nur autoritäre - ihre Bürger bespitzeln. Dissidenten, Journalisten, Politiker und andere Bevölkerungsgruppen waren bereits Opfer von Smartphone-Malware, die im staatlichen Auftrag installiert wurde. Die Hersteller dieser Spionagesoftware sind geheimnistuerische Unternehmen, die viel Geld für ihre Dienste nehmen. Sylvester und Christopher nehmen alle Beteiligten unter die Lupe und klären auch die Frage, ob Whatsapp die NSA verklagt hat. - [Predator-Analyse von Cisco Talos](https://blog.talosintelligence.com/mercenary-intellexa-predator/) - [Google Project Zero zu FORCEDENTRY](https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html) - https://media.ccc.de/v/38c3-from-pegasus-to-predator-the-evolution-of-commercial-spyware-on-ios - https://securitylab.amnesty.org/latest/2024/12/serbia-a-digital-prison-spyware-and-cellebrite-used-on-journalists-and-activists/ - [Details zum iOS Lockdown Mode](https://support.apple.com/de-de/105120) - https://securitylab.amnesty.org/get-help/ - https://securitylab.amnesty.org/partners-and-support/ - [Mobile Verification Toolkit (MVT)](https://docs.mvt.re/en/latest/)

This week, we are joined by Asheer Malhotra and Vitor Ventura from Cisco Talos, and they are discussing "Operation Celestial Force employs mobile and desktop malware to target Indian entities." Cisco Talos revealed Operation Celestial Force, an espionage campaign by the Pakistani threat group "Cosmic Leopard," targeting Indian defense, government, and technology sectors. Active for at least six years, the operation has recently increased its use of mobile malware and commercial spyware for surveillance. The research can be found here: Operation Celestial Force employs mobile and desktop malware to target Indian entities Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Asheer Malhotra and Vitor Ventura from Cisco Talos, and they are discussing "Operation Celestial Force employs mobile and desktop malware to target Indian entities." Cisco Talos revealed Operation Celestial Force, an espionage campaign by the Pakistani threat group "Cosmic Leopard," targeting Indian defense, government, and technology sectors. Active for at least six years, the operation has recently increased its use of mobile malware and commercial spyware for surveillance. The research can be found here: Operation Celestial Force employs mobile and desktop malware to target Indian entities Learn more about your ad choices. Visit megaphone.fm/adchoices

Podcast: Error Code (LS 25 · TOP 10% what is this?)Episode: EP 50: Keeping The Lights On In UkrainePub date: 2024-11-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat would happen if your GPS signal were jammed? It would impact more than just navigation – you'd also lose access to financial data and power. Joe Marshall, Senior IoT Strategist and Threat Researcher at Cisco Talos, discusses an innovative solution to maintain the country's power grid operations in the event of GPS jamming, whether it's a precautionary measure or an act of war.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

What would happen if your GPS signal were jammed? It would impact more than just navigation – you'd also lose access to financial data and power. Joe Marshall, Senior IoT Strategist and Threat Researcher at Cisco Talos, discusses an innovative solution to maintain the country's power grid operations in the event of GPS jamming, whether it's a precautionary measure or an act of war.

We are joined by Yves Younan, Senior Manager, Talos Vulnerability Discovery and Research from Cisco, discussing their work on "How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions." Cisco Talos has uncovered eight vulnerabilities in Microsoft applications for macOS that could allow attackers to exploit the system's permission model by injecting malicious libraries. By leveraging permissions already granted to these apps, attackers could gain access to sensitive resources like the microphone, camera, and screen recording without user consent. While Microsoft considers these issues low risk and has declined to fix them, the vulnerabilities pose a potential threat to user privacy and security. The research can be found here: How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions Learn more about your ad choices. Visit megaphone.fm/adchoices

We are joined by Yves Younan, Senior Manager, Talos Vulnerability Discovery and Research from Cisco, discussing their work on "How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions." Cisco Talos has uncovered eight vulnerabilities in Microsoft applications for macOS that could allow attackers to exploit the system's permission model by injecting malicious libraries. By leveraging permissions already granted to these apps, attackers could gain access to sensitive resources like the microphone, camera, and screen recording without user consent. While Microsoft considers these issues low risk and has declined to fix them, the vulnerabilities pose a potential threat to user privacy and security. The research can be found here: How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions Learn more about your ad choices. Visit megaphone.fm/adchoices

Video Episode: https://youtu.be/oMptm-Oi1R4 In today's episode of The Daily Decrypt, we tackle a high-profile case involving the City of Columbus and security researcher David Leroy Ross. Ross is facing a lawsuit and restraining order after revealing the true extent of a ransomware attack that the city had downplayed. Despite claims by Mayor Andrew Ginther that the stolen 6.5 terabytes of sensitive data were unusable due to encryption, Ross proved otherwise—highlighting that personal information like Social Security numbers and details from domestic violence cases were fully intact and accessible on the dark web. 00:00 - Intro 00:37 - Updates from The Daily Decrypt 01:45 - Columbus, OH vs Security Researcher 09:23 - More News We dive into the legal and ethical complexities that arise when a researcher discloses illegally obtained data in the name of public interest. What happens when the desire to protect people's privacy clashes with responsible disclosure protocols? Ross bypassed these procedures, opting instead to expose the city's misinformation by going directly to the media, leading to legal consequences that reflect a challenging gray area for security researchers. In the second half, we discuss how Columbus's reaction—suing the very person who pointed out the severity of their data breach—sends a chilling message to those working in cybersecurity. Are they discouraging future researchers from revealing vulnerabilities, even when it's for the public good? We also explore: How Columbus mishandled the attack. The city's controversial decision to sue Ross. The broader implications for security researchers who choose to challenge powerful organizations. Stick around for our lightning round of cybersecurity headlines, including a busted one-time password fraud service in the UK, a former engineer's attempt to extort Bitcoin, and new vulnerabilities in Microsoft's macOS applications. Links to the articles discussed: https://thehackernews.com/2024/09/new-flaws-in-microsoft-macos-apps-could.html https://thehackernews.com/2024/09/ex-engineer-charged-in-missouri-for.html https://krebsonsecurity.com/2024/09/owners-of-1-time-passcode-theft-service-plead-guilty/ https://arstechnica.com/security/2024/08/city-of-columbus-sues-man-after-he-discloses-severity-of-ransomware-attack/ Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ vulnerabilities, Microsoft, Cisco Talos, macOS, Bitcoin, extortion, insider, Missouri, OTP Agency, interception, passcodes, scammers, ransomware, Columbus, dark web, restraining order What are today's top cybersecurity news stories, how can macOS users safeguard their devices from vulnerabilities, what tactics did the ex-employee use for Bitcoin extortion, what precautions can individuals take against OTP interception scams, what legal implications arise from disclosing ransomware attack details, what are the latest threats in cybersecurity, how does insider knowledge contribute to cyber crimes, what are the impacts of ransomware on local governments, how can companies protect themselves from extortion, what measures can be taken to enhance online security against scams

Cisco Talos discovers vulnerabilities in Microsoft applications for macOS. OpenAI disrupts an Iranian influence campaign. Jewish Home Lifecare discloses a data breach affecting over 100,000. Google tests an auto-redaction feature in Chrome for Android. Unicoin informs the SEC that it was locked out of G-Suite for four days. House lawmakers raise concerns over China-made WiFi routers. Moody's likens the switch to post-quantum cryptography to the Y2K bug. Diversity focused tech nonprofits grapple with flagging support. Tim Starks of CyberScoop is back to discuss his investigation of a Russian hacking group targeting human rights groups. Smart phones get some street smarts. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We welcome Tim Starks of CyberScoop back to discuss his story "Russian hacking campaign targets rights groups, media, former US ambassador." Selected Reading Vulnerabilities in Microsoft's macOS apps could help hackers access microphones and cameras (The Record) OpenAI Disrupts Iranian Misinformation Campaign (The New York Times) 100,000 Impacted by Jewish Home Lifecare Data Breach (SecurityWeek) Chrome will redact credit cards, passwords when you share Android screen (Bleeping Computer) Crypto firm says hacker locked all employees out of Google products for four days (The Record) House lawmakers push Commerce Department to probe Chinese Wi-Fi router company (CyberScoop) Moody's sounds alarm on quantum computing risk, as transition to PQC ‘will be long and costly' (Industrial Cyber) The movement to diversify Silicon Valley is crumbling amid attacks on DEI (Washington Post) Google's Stunning New Android AI Feature Instantly Locks Phone Thieves Out (Forbes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

He's been here since the beginning, and now he's ready to reflect on the past 10 years of Cisco Talos. Matt Watchinski, the Vice President of Talos for Cisco, joins Jon this week to talk about Talos' recently celebrated 10th birthday and talk about the company's origins, how we've managed to balance growth and culture, and his favorite memories from the past 10 years. 

This week, we are joined by Asheer Malhotra and Vitor Ventura from Cisco Talos, and they are discussing "Operation Celestial Force employs mobile and desktop malware to target Indian entities." Cisco Talos revealed Operation Celestial Force, an espionage campaign by the Pakistani threat group "Cosmic Leopard," targeting Indian defense, government, and technology sectors. Active for at least six years, the operation has recently increased its use of mobile malware and commercial spyware for surveillance. The research can be found here: Operation Celestial Force employs mobile and desktop malware to target Indian entities Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Asheer Malhotra and Vitor Ventura from Cisco Talos, and they are discussing "Operation Celestial Force employs mobile and desktop malware to target Indian entities." Cisco Talos revealed Operation Celestial Force, an espionage campaign by the Pakistani threat group "Cosmic Leopard," targeting Indian defense, government, and technology sectors. Active for at least six years, the operation has recently increased its use of mobile malware and commercial spyware for surveillance. The research can be found here: Operation Celestial Force employs mobile and desktop malware to target Indian entities Learn more about your ad choices. Visit megaphone.fm/adchoices

Multi-factor authentication (MFA) is a critical form of defense for organizations, and threat actors are recognizing that: According to the latest Cisco Talos Incident Response Quarterly Trends report, instances related to MFA were involved in some capacity in half of all security incidents that the Talos team responded to in the first quarter of 2024.Hazel Burton with Cisco Talos talks about how threat actors are using targeted social engineering techniques to try to skirt by MFA, how phishing kits are increasingly incorporating MFA bypass tactics, and what businesses can do.

In this episode of The Daily Scoop Podcast, Eric Mill, GSA's Executive Director for Cloud Strategy, shares comprehensive updates on the modernization of the FedRAMP program, including strategic hires and a new partnership approach aligned with the Department of Defense to enhance cloud authorizations. Additionally, the episode delves into a recent DHS report that discusses the imperative of mitigating AI's potential threats in chemical and biological security. It also features insights from a Cisco Talos report on a Chinese cyberespionage group targeting international ministries and embassies, showcasing the evolving landscape of global cybersecurity threats.

Big Thank You to Cisco for sponsoring my trip to Cisco Live and this video! // Joe Marshall's SOCIALS // X: https://x.com/immortanjo3 LinkedIn: / joeics Cisco Blogs: https://blogs.cisco.com/author/joemar... Cisco Talos: https://www.talosintelligence.com/ // Webpages REFERENCE // https://blog.talosintelligence.com/pr... https://edition.cnn.com/2023/11/21/po... https://blog.talosintelligence.com/ho... // David's SOCIAL // Discord: discord.com/invite/usKSyzb Twitter: www.twitter.com/davidbombal Instagram: www.instagram.com/davidbombal LinkedIn: www.linkedin.com/in/davidbombal Facebook: www.facebook.com/davidbombal.co TikTok: tiktok.com/@davidbombal // MY STUFF // https://www.amazon.com/shop/davidbombal // SPONSORS // Interested in sponsoring my videos? Reach out to my team here: sponsors@davidbombal.com Please note that links listed may be affiliate links and provide me with a small percentage/kickback should you use them to purchase any of the items listed or recommended. Thank you for supporting me and this channel! Disclaimer: This video is for educational purposes only.

Microsoft makes Recall opt-in. The Senate holds hearings on federal cybersecurity standards. Snowflake's scrutiny snowballs. New York Times source code is leaked online. Ransomware leads to British hospitals' desperate need for blood donors. Cisco Talos finds 15 serious vulnerabilities in PLCs. Sticky Werewolf targets Russia and Belarus. Frontier Communications warns 750,000 customers of a data breach. Chinese nationals get prison time in Zambia for cybercrimes. N2K's CSO Rick Howard speaks with Danielle Ruderman, Security GTM Leader, AWS about what keeps CISOs up at night. DIY cell towers can land you in hot water.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K's CSO Rick Howard speaks with Danielle Ruderman, Security GTM Leader, AWS about what keeps CISOs up at night and learnings from AWS CISO Circles. Today, our team is at the AWS re:Inforce this week. Stay tuned for our coverage. Selected Reading Windows won't take screenshots of everything you do after all — unless you opt in (The Verge)  US Senate Committee holds hearing on harmonizing federal cybersecurity standards to address business challenges (Industrial Cyber) What Snowflake isn't saying about its customer data breaches (TechCrunch) New York Times source code stolen using exposed GitHub token (Bleeping Computer) London Hospitals Seek Biologics Backup After Ransomware Hit (GovInfo Security) Cisco Finds 15 Vulnerabilities in AutomationDirect PLCs (SecurityWeek) Sticky Werewolf targets the aviation industry in Russia and Belarus (Security Affairs) Frontier warns 750,000 of a data breach after extortion threats (Bleeping Computer) 22 Chinese Nationals Sentenced to Long Prison Terms in Zambia for Multinational Cybercrimes (SecurityWeek) Two arrested in UK over fake cell tower smishing campaign (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Ukrainian hackers claim to have breached the Russian drone developer Albatross, leaking 100 gigabytes of data, including internal documentation, technical data and drawings of various types of unmanned aerial vehicles.A critical vulnerability in Atlassian Confluence Data Center and Server was used to deploy a Linux variant of Cerber ransomware.Cisco Talos are actively monitoring a global increase in brute-force attacks against a variety of targets, including VPN services, web application authentication interfaces and SSH services since at least March 18, 2024. An emerging threat campaign named ArcaneDoor, orchestrated by a previously unknown actor identified as UAT4356, now also known as STORM-1849 by Microsoft.The MITRE Corporation reported a significant security breach within one of its specialized networks, the Networked Experimentation, Research, and Virtualization Environment - or NERVE.

https://youtu.be/GnxViRW1A24 This week on the podcast, we cover a nation-state backed attack against Cisco ASA appliances which Cisco TALOS themselves have dubbed "ArcaneDoor." After that, we discuss a phishing tookit being used to target LastPass users before ending with a new way to deliver malware payloads using legitimate services.

Today, we discuss the deceptive world of the "Financial Hardship Department Scam," where unsuspecting Americans are tricked into revealing personal data with the false promise of government aid. Explore the intricacies of this scam and how to protect yourself from becoming a victim. This episode also sheds light on the alarming strategies of Russian Sandworm hackers and global brute-force attacks targeting VPN and SSH services, revealing a complex cybersecurity landscape. Original URLs: Financial Hardship Department Scam: https://cyberguy.com/privacy/the-unsubscribe-email-scam-is-targeting-americans/, https://malwaretips.com/blogs/financial-hardship-department-email-scam-explained/ Russian Sandworm Hackers: https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-pose-as-hacktivists-in-water-utility-breaches/ Cisco Warning on Brute-Force Attacks: https://thehackernews.com/2024/04/cisco-warns-of-global-surge-in-brute.html Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for the Episode: Financial Hardship Department Scam, cybersecurity, Russian Sandworm hackers, brute-force attacks, VPN, SSH, email scams, government subsidies scam, cyber threats, cyber protection, Mandiant, Cisco Search Phrases: How to protect against Financial Hardship Department Scam What is the Financial Hardship Department Scam Russian Sandworm hackers in US utilities Cisco alert on brute-force attacks Cybersecurity threats in 2024 Email scams involving government aid Preventing cyber attacks on VPN and SSH How Russian hackers disguise as hacktivists Identifying and preventing email scams Latest cybersecurity reports from Cisco and Mandiant Transcript Apr18 Americans are being targeted by a sophisticated scam from the Financial Hardship Department, which promises government subsidies and stimulus checks as a facade to steal personal information and money. Stick around cause we're gonna give them a call. Russian sandworm hackers, disguised as hacktivist groups, have infiltrated water utilities in the United States and Europe, executing sophisticated cyberattacks that manipulate public narratives in favor of Russia according to recent findings by Mandiant. And finally, Cisco has issued an alert on a sharp rise in global brute force attacks targeting VPN and SSH services, revealing a sophisticated threat landscape that exploits Tor exit nodes and various anonymizing proxies since March 18th of 2024. What steps can organizations take to protect their networks from these global brute force attacks? So in recent news, a concerning scam from the Financial Hardship Department is targeting Americans across the country. This was actually brought to my attention from my mother. She reported something suspicious to her IT department, which is me. She received an email with the subject that was her full name, and inside the email was a very compelling argument. That she was entitled to some sort of student loan forgiveness plan, and the money is available right away. And this specific scam isn't necessarily breaking news, but this type of scam, this category of scam, is very effective and very prevalent. And this is because of a thing called OSINT, or Open Source Intelligence, where people can use information they find online about you in order to get you to do things. So, if someone wrote you an email And they knew exactly how much student debt you had, and they knew your full name, and they knew you ran to school. You might be more enticed to give them a call, respond to the email, or even click a link. If you're interested in seeing this email and walking through all of the key indicators that this is not a legit email, and it is in fact a scam, I'm going to be posting a reel a little bit later today on our Instagram that we'll have the email and we're going to go through each one of the indicators that this is a scam so that you can help protect yourself against this scam. But just a high level, the email came from someone at hotmail. com. Nobody with any clout is going to email you from a personal email address. Step one. All right. Number two, there's a sense of urgency. It says that you have a case open, but for only one more day. So give us a call back at this number. And just for fun, I went ahead and gave this number a call using my google voice number and was ready to record it and talk to them and see what they were gonna try to get out of me and maybe give them some fake information. The email was received yesterday and since then the number has been decommissioned. Calling the scammer. Bummer. There are also some weird formatting issues with this email. And then at the bottom, it says you opted into advertising services, provides an address, and then it provides a URL to unsubscribe. This specific email is formatted so poorly that the URL doesn't even become clickable. But they're trying to get you on two directions here. They're trying to get you to call and give up your information. And they're trying to get you to click this unsubscribe link. Now that kind of gets your wheels turning, doesn't it? Most emails have unsubscribe links, and most of them are from emails you might not even recognize. You just want to get them out of your inbox. Now trust me, I am all for inbox sanitization and organization, but clicking unsubscribe links as a habit is a bad one. Clicking any links in an email is a bad habit. And yes, unsubscribe is URL that could take you wherever you want. And usually, when you're about to click it, you're kind of in a hurry, you're not really checking, you're not thinking about it. So attackers know this, and they're going to send you something you really don't want, and they're going to provide a link to unsubscribe. Probably don't click it. Instead, send it to spam. Send it to junk. Train your inbox to send that somewhere else where you don't have to worry about it. Even if the unsubscribe link isn't malicious, it can serve a different purpose. It can let attackers or scammers know that that email address is active. And might actually ramp up the amount of spam, scam emails, or newsletters you may get because people are interested in buying your email address if they know it's an active email address. So now you've just confirmed it, they might go sell it to some other people. It might actually increase the amount of spam you get. There is a service called unroll. me that can help consolidate and manage email subscriptions efficiently. It allows you to view all your subscriptions in one place and makes it easy to unsubscribe from them. Another thing you can do is use alias emails. So if you're an iPhone user, The iPhone will often prompt you to mask your email address. It's a good idea because you can delete that email address at any time. If you start getting spam from it, you can also use tools like fast mail or start mail, and just generate a new email address that forwards to your normal email address. This will also help protect you and your privacy online because they're not just mapping one email address to your identity. Now they have to map tons and tons to keep track of you. So it'll help reduce trackers on Google. It'll help reduce. The efficacy of certain attacks when your password is breached on the dark web. So for more tips and tricks, and for a further analysis on these scam emails, be Instagram later today. Cybersecurity firm Mandiant has exposed how the notorious Sandworm hacking group linked to Russian military intelligence, has camouflaged its cyberattacks by masquerading as hacktivist groups. The Russian ensemble, known by aliases such as Black Energy, Seashell Blizzard, and Voodoo Bear, has been active since 2009, and their operations are accredited to Unit 74455 of Russian's GRU. Mandian's latest findings suggest that Sandworm operates under several online personas to launch data leaks and disrupt operations. Notably, three hacktivist branded telegram channels named Zaxnet Team, Cyber Army of Russia Reborn, and SolSopec, that's Russian, have been instrumental in disseminating pro Russian narratives and misleading the audience about the origin of the cyberattacks. These personas act independently, yet share a common goal of aligning their activities with Russian interests. So, before we move on, just a quick note on hacktivism. There are a few main motivators for attackers when placing an attack. Money, power, fame. And activism is a pretty popular one. So to help give an idea of what a hacktivist organization would be like, it's maybe a pro Ukraine organization that's working to spread the truth about what's going on in a foreign war, and so they might be trying to actually hack the Russian government to help Ukraine, or something like that. Their motivation is not money, so they're not out there trying to get credentials to their bank accounts and stuff like that. They're trying to work towards their organization's mission, which is to spread the truth about foreign wars in favor of a certain country. So these Russian attackers that are responsible for many attacks on U. S. critical infrastructure, especially water utilities, are gaining footholds by pretending to be a hacktivist group. Maybe they're pro Russia, maybe they're pro Ukraine. They're doing what they can to try to sway public opinion in Russia's favor, which involves all sorts of propaganda that I'm not even aware of. But Mandiant's report extends beyond the facade of hacktivism. They have traced back multiple cyber incidents to Sandworm, including attacks on water utilities in the U. S. and Poland, and hydroelectric facilities in France. The authenticity of these intrusion remains under investigation, but confirmation of related malfunctions by U. S. utility officials lends proof. Furthermore, Sandworm's influence operations are designed to bolster Russian wartime objectives by seeding misinformation and creating an illusion of widespread support for the war. The sophistication of these tactics illustrates a strategic shift from direct sabotage in Ukraine, where they targeted critical infrastructure like state networks and the power grid, to a more nuanced cyber espionage and intrusion. influence operations. Mandiant also highlights APT44's activities over the past year including targeting NATO countries electoral systems and engaging in intelligence collection to aid Russian military efforts. The threat posed by APT44 is severe, with ongoing operations focused on Ukraine and an elevated risk of interference in upcoming national elections and significant political events worldwide. So this election season, especially in the United States, is going to be absolutely crazy. The simplicity of access that these foreign, quote, hacktivists or propaganda pushers have over the United States is huge. It's palpable. They can just create TikToks about something you're interested in, which is Ukraine and the things that are happening in this foreign war, and you share it, and the more it gets shared, the more validity it accumulates in people's eyes. And this rapid consumption of social media has almost completely forgotten about citing sources or doing any sort of further research into what you just saw on a 60 second video clip. So I encourage you personally to, I mean, first of all, don't spend too much time on social media. If you get, if you catch yourself doom scrolling, try to get off and go on a walk. And second of all, think about everything you watch as if it were a lie. How could this video be lying to you right now? How could this video be stretching the truth? You know, are these videos actually shot where they are? Are they in front of a green screen? What sources do these people have? to claim what they're saying. Is what they're saying promoting a specific narrative? Maybe for Russia, maybe for Ukraine. And if so, that increases the likelihood that what they're saying is stretched or slightly untrue. So just as we have to look at every email with a lot of scrutiny, make sure we don't click any bad links, we also have to look at everything we consume because our brains are very vulnerable to what we see. And the internet right now is just pushing what we already believe, further enforcing our misbeliefs. There's been a notable spike in brute force attacks globally, as reported by Cisco. Specifically targeting devices such as VPNs, or virtual private networks, web application authentication interfaces, and SSH services. Cisco Talos experts pinpointed that these attacks have been originating from Tor exit nodes and various anonymizing tunnels and proxies since at least March 18th of 2024. The implication of these attacks are serious, potentially leading to unauthorized network access, account lockouts, or even denial of service conditions. A range of devices have come under siege, including popular VPN solutions like Cisco Secure Firewall VPN, Checkpoint, Fortinet, SonicWall, along with RD web services and brands such as Mikrotik, Draytek, and Ubiquiti. Stomp's foot on Ubiquiti. Cisco Talos has identified that the brute forcing attempts not only utilize generic credentials, but Also valid usernames tied to specific organizations, indicating a methodical approach to this cybersecurity threat. The attack traffic, as analyzed, predominantly flows through known proxy services such as TOR, VPNgate, IPDEA proxy, BigMama proxy, SpaceProxies, NexusProxy, ProxyRack, etc. And details on the IP addresses and the credentials used in these attacks have been compiled and made accessible for the concerned parties to bolster their defenses. So check out the show notes if you want more IOCs of this, so that you can maybe set up some signature detections or behavior detections, etc. In parallel to these brute force incidents, Cisco has raised alarms about password spray attacks, etc. targeting remote access VPN services as well. This trend was highlighted alongside a recent disclosure from Fortinet FortiGuard labs reporting the exploitation of a patched vulnerability in TP Link Archer AX21 routers by DDoS botnet malware facilities. Which brings us back to our SoHo days, right? If you're running one of these routers, make sure it's patched. Make sure your home router is up to date. You don't want to be getting DDoS'd by a botnet. Or you don't want to be part of the botnet that does the de tossing, excuse me. Security researchers, Cara Lin and Vincent Lee from FortiGuard Labs underscore the continuous threat posed by botnets, which exploit IOT vulnerabilities relentlessly. They strongly advise users to remain vigilant against DDoS botnets and to apply patches promptly. Cisco has provided several recommendations to mitigate the risks associated with these type of cyberattacks. These include enabling logging, okay, securing default remote access VPN profiles, and blocking connection attempts from identified malicious sources. Specific guidance involves implementing interface level ACLs using the shun command and configuring control plane ACLs to further fortify network defenses against unauthorized access attempts. Moreover, Cisco suggests considering additional hardening implementations for RAVPN, such as adopting certificate based authentication to enhance the security posture against these ongoing cyber threats. So I will definitely be taking a. Much deeper look at these IOCs for my own personal network, because yeah, this can apply to enterprises and this can apply to tech enthusiasts who set up VPNs to access their own home network. So let's, uh, not to point any fingers at myself, but that's definitely something I want to avoid being compromised. So if you're hearing this, IOCs in the show notes and let's stay ahead of this. And that's all we got for you today. Tomorrow, we're going to be releasing just a discussion episode about the key takeaways from HackspaceCon, which occurred last weekend. The two co hosts from this podcast were lucky enough to be able to attend and boy, were we inspired. So if you're interested in hacking satellites or what kind of vulnerabilities satellites have. Or other things that I never considered from a non space background. Be sure to check that episode out tomorrow.

A Russian hacker group boldly targets critical infrastructure. The Change Healthcare ransomware attack is projected to cost over a billion dollars. Three hundred bucks is the going rate for a SIM swap. PuTTY potentially reveals private keys. Cisco Talos reports a surge in brute-force attacks. Ivanti updates its MDM product. Omni Hotels & Resorts confirm a data breach. Financially motivated hackers target Businesses in Latin America with steganography. A prolific cryptojacker faces decades in prison. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. The ransomware equivalent of a Saturday night special.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K's comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss content and study strategies for Domain 2, Asset Security.  Resources: Domain 2, Asset Security Identify and securely provision information assets, establish handling requirements, manage the data lifecycle, and apply data security controls to comply with applicable laws. 2.1 Identify and classify information and assets 2.2 Establish information and asset handling requirements 2.3 Provision resources securely 2.4 Manage data lifecycle 2.5 Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS)) 2.6 Determine data security controls and compliance requirements Are you studying for the CISSP exam, considering taking the test soon, or did you have an unsuccessful exam experience? Here are some CISSP exam pitfalls to avoid so that you're confident and successful on exam day. Selected Reading Hackers Linked to Russia's Military Claim Credit for Sabotaging US Water Utilities (WIRED) T-Mobile, Verizon workers get texts offering $300 for SIM swaps (Bleeping Computer) PuTTY SSH client flaw allows recovery of cryptographic private keys (Bleeping Computer)  Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials (Talos Intelligence) Ivanti Patches Two Critical Avalanche Flaws in Major Update (Infosecurity Magazine) Omni Hotels confirms data compromise in apparent ransomware attack (SC Media) Steganography Campaign Targets Global Enterprises (GovInfo Security) Nebraska man allegedly defrauded cloud providers of millions via cryptojacking (The Record) Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion (The Record) ‘Junk gun' ransomware: Peashooters can still pack a punch (Sophos News)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Podcast: Beers with Talos Podcast (LS 43 · TOP 1% what is this?)Episode: Stories from the Power GridPub date: 2024-04-11Power grid security expert Joe Marshall joins the crew today to talk all things, well, power grid security. But not before he gets an impromptu pop quiz from Matt in the roundtable.Joe then tells some stories from his days working in electric utility,  deploying new systems and his experiences with pentesting teams ("Wow, y'all need to stop!"). Plus, the team ask Joe about  the risks with both aging infrastructure versus newer, smarter based infrastructure. And what happens when threat actors target critical infrastructure?The podcast and artwork embedded on this page are from Cisco Talos, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Beers with Talos Podcast (LS 44 · TOP 1% what is this?)Episode: Stories from the Power GridPub date: 2024-04-11Power grid security expert Joe Marshall joins the crew today to talk all things, well, power grid security. But not before he gets an impromptu pop quiz from Matt in the roundtable.Joe then tells some stories from his days working in electric utility,  deploying new systems and his experiences with pentesting teams ("Wow, y'all need to stop!"). Plus, the team ask Joe about  the risks with both aging infrastructure versus newer, smarter based infrastructure. And what happens when threat actors target critical infrastructure?The podcast and artwork embedded on this page are from Cisco Talos, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Law enforcement from 10 countries - in a joint operation called ‘Operation Cronos' - have disrupted the criminal operation of the LockBit ransomware group.FortiGuard has identified a grouping of malware droppers used to deliver various final-stage payloads through 2023 they are calling the TicTacToe dropper.Cisco Talos researchers have observed a significant increase in the volume of malicious emails leveraging the Google Cloud Run service to infect potential victims with banking trojans. A massive leak from a Chinese Ministry of Public Security contractor called I-Soon shows that Bejing's intelligence and military groups are attempting large-scale, systemic cyber intrusions against foreign governments, companies, and infrastructure.

Jaeson Schultz, Technical Leader from Cisco Talos, is discussing "Spammers abuse Google Forms' quiz to deliver scams." Dave's story discusses the disturbing new trick up a scammers sleeve to get you to fall for their schemes. Joe has two stories this week, the first a warning to those who pick up scammers phone calls and what that can lead to after gaining access to your voice. Joe's second story follows a band of organized thieves and how they have been targeting high-end homes across Metro Detroit. Our catch of the day comes from listener Van, who writes in to share a fun catch from a scammer who left a voicemail. Links to the stories: Spammers abuse Google Forms' quiz to deliver scams Scammers are stealing people's faces for live video calls All it takes is one sentence for AI to clone your voice Expert says alleged recording of racist, antisemitic rant by Pikesville High principal could be fake Videos: Organized crews smash glass, use jammers to break into high-end Metro Detroit homes Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Ransomware groups have bifurcated with some doing pure ransomware and others going straight to extortion; it's whether the data is ransomed on your network or theirs. Nick Biasini from Cisco Talos talks about the threats he's seeing, in particular, SapphireStealer which is open source and using GitHub to crowdsource new features.

Biden prepares executive order on foreign access to data. Britain's NCSC warns of a significant ransomware increase. Cisco Talos confirms ransomware surge. BuyGoods.com leaks PII and KYC data. Fortra faces scrutiny over slow disclosure. AI fights financial fraud. Intel471 highlights bulletproof hosting. NSO Group lobbies to revamp their image. Tussling in Missouri over election security. Integrating cyber education. Our guests are N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talking about a new partnership for a comprehensive Cyber Talent Study. And the moral panic of Furbies. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guests are N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talking with Dave Bittner about a new partnership for a comprehensive Cyber Talent Study to deepen the collective understanding of cybersecurity competencies within the industry. Selected Reading Biden Seeks to Stop Countries From Exploiting Americans' Data for Espionage (Bloomberg) British intelligence warns AI will cause surge in ransomware volume and impact (The Record) Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors (Talos) Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data (HACKREAD) Fortra blasted over slow response to critical GoAnywhere file transfer bug (SC Media) Gen AI Expected to Bring Big Changes to Banking Sector (GovInfo Security) Why Bulletproof Hosting is Key to Cybercrime-as-a-Service (Infosecurity Magazine) Notorious Spyware Maker NSO Group Is Quietly Plotting a Comeback (WIRED) Missouri secretary of state accused of withholding cybersecurity reviews of election authorities (StateScoop) Cybersecurity education from childhood is a vital tool: 72% of children worldwide have experienced at least one type of cyber threat (Check Point)  These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children's Toy (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

AB kicks off 2024 with a fun episode featuring Nick Biasini, Head of Outreach, Cisco Talos. This is a great conversation that highlights some of the top cyber threats from 2023, while looking to what the trends in cybersecurity may be in 2024, from AI to ransomware to social engineering, and more. AB also presses Nick on his passion and commitment to making the best cup of coffee possible. Check it out!

AB kicks off 2024 with a fun episode featuring Nick Biasini, Head of Outreach, Cisco Talos. This is a great conversation that highlights some of the top cyber threats from 2023, while looking to what the trends in cybersecurity may be in 2024, from AI to ransomware to social engineering, and more. AB also presses Nick on his passion and commitment to making the best cup of coffee possible. Check it out!

Guilherme Venere from Cisco Talos joins to discuss their research on "A deep dive into Phobos ransomware, recently deployed by 8Base group." Cisco Talos discovered that 8Base's Phobos ransomware payload contains an embedded configuration, which is a significant difference between 8Base's Phobos variant and other Phobos samples that have been observed in the wild since 2019.  In this 2-part research series, Talos conducts a deep dive into the Phobos ransomware, including its affiliate structure, activity and capabilities, as well as the one private key that could enable decryption of all the samples analyzed.  The research can be found here: A deep dive into Phobos ransomware, recently deployed by 8Base group Understanding the Phobos affiliate structure and activity

Guilherme Venere from Cisco Talos joins to discuss their research on "A deep dive into Phobos ransomware, recently deployed by 8Base group." Cisco Talos discovered that 8Base's Phobos ransomware payload contains an embedded configuration, which is a significant difference between 8Base's Phobos variant and other Phobos samples that have been observed in the wild since 2019.  In this 2-part research series, Talos conducts a deep dive into the Phobos ransomware, including its affiliate structure, activity and capabilities, as well as the one private key that could enable decryption of all the samples analyzed.  The research can be found here: A deep dive into Phobos ransomware, recently deployed by 8Base group Understanding the Phobos affiliate structure and activity Learn more about your ad choices. Visit megaphone.fm/adchoices

The government collection of push notification metadata Facebook Messenger sets end to end encryption as the default Iran's Cyber Av3ngers Cisco's Talos Top 10 cyber security exploits this year Over 30% of apps are still using a using a vulnerable version the Log4J library Quad 9 speaks on their legal victory against Sony What are the "Clear Web", "Dark Web", and "Deep Web"? A Flaw in Telegram Xfinity Mobile wants you to accept a root CA, DO NOT Hardware VPN alternative A breakthrough in quantum computing Show Notes - https://www.grc.com/sn/SN-952-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT lookout.com bitwarden.com/twit

The government collection of push notification metadata Facebook Messenger sets end to end encryption as the default Iran's Cyber Av3ngers Cisco's Talos Top 10 cyber security exploits this year Over 30% of apps are still using a using a vulnerable version the Log4J library Quad 9 speaks on their legal victory against Sony What are the "Clear Web", "Dark Web", and "Deep Web"? A Flaw in Telegram Xfinity Mobile wants you to accept a root CA, DO NOT Hardware VPN alternative A breakthrough in quantum computing Show Notes - https://www.grc.com/sn/SN-952-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT lookout.com bitwarden.com/twit

The government collection of push notification metadata Facebook Messenger sets end to end encryption as the default Iran's Cyber Av3ngers Cisco's Talos Top 10 cyber security exploits this year Over 30% of apps are still using a using a vulnerable version the Log4J library Quad 9 speaks on their legal victory against Sony What are the "Clear Web", "Dark Web", and "Deep Web"? A Flaw in Telegram Xfinity Mobile wants you to accept a root CA, DO NOT Hardware VPN alternative A breakthrough in quantum computing Show Notes - https://www.grc.com/sn/SN-952-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT lookout.com bitwarden.com/twit

The government collection of push notification metadata Facebook Messenger sets end to end encryption as the default Iran's Cyber Av3ngers Cisco's Talos Top 10 cyber security exploits this year Over 30% of apps are still using a using a vulnerable version the Log4J library Quad 9 speaks on their legal victory against Sony What are the "Clear Web", "Dark Web", and "Deep Web"? A Flaw in Telegram Xfinity Mobile wants you to accept a root CA, DO NOT Hardware VPN alternative A breakthrough in quantum computing Show Notes - https://www.grc.com/sn/SN-952-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT lookout.com bitwarden.com/twit

The government collection of push notification metadata Facebook Messenger sets end to end encryption as the default Iran's Cyber Av3ngers Cisco's Talos Top 10 cyber security exploits this year Over 30% of apps are still using a using a vulnerable version the Log4J library Quad 9 speaks on their legal victory against Sony What are the "Clear Web", "Dark Web", and "Deep Web"? A Flaw in Telegram Xfinity Mobile wants you to accept a root CA, DO NOT Hardware VPN alternative A breakthrough in quantum computing Show Notes - https://www.grc.com/sn/SN-952-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT lookout.com bitwarden.com/twit

The government collection of push notification metadata Facebook Messenger sets end to end encryption as the default Iran's Cyber Av3ngers Cisco's Talos Top 10 cyber security exploits this year Over 30% of apps are still using a using a vulnerable version the Log4J library Quad 9 speaks on their legal victory against Sony What are the "Clear Web", "Dark Web", and "Deep Web"? A Flaw in Telegram Xfinity Mobile wants you to accept a root CA, DO NOT Hardware VPN alternative A breakthrough in quantum computing Show Notes - https://www.grc.com/sn/SN-952-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT lookout.com bitwarden.com/twit

The government collection of push notification metadata Facebook Messenger sets end to end encryption as the default Iran's Cyber Av3ngers Cisco's Talos Top 10 cyber security exploits this year Over 30% of apps are still using a using a vulnerable version the Log4J library Quad 9 speaks on their legal victory against Sony What are the "Clear Web", "Dark Web", and "Deep Web"? A Flaw in Telegram Xfinity Mobile wants you to accept a root CA, DO NOT Hardware VPN alternative A breakthrough in quantum computing Show Notes - https://www.grc.com/sn/SN-952-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: GO.ACILEARNING.COM/TWIT lookout.com bitwarden.com/twit

Joe Marshall, a central figure in the story of how Cisco Talos and other teams within Cisco worked together to protect the Ukrainian power grid, joins the show this week. He recaps a recent CNN story highlighting the new piece of equipment he and a group of volunteers worked on together to ensure the clocks that power the Ukrainian electric grid can withstand GPS disruption in the face of Russian cyber attacks and kinetic warfare. 

Asheer Malhotra from Cisco Talos discussing their research and findings on "Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan." Cisco Talos' research team, released research attributing the work of the espionage-focused threat actor, YoroTrooper, to individuals based in Kazakhstan. The research states "YoroTrooper attempts to obfuscate the origin of their operations, employing various tactics to make its malicious activity appear to emanate from Azerbaijan, such as using VPN exit nodes local to that region." They also found that the YoroTrooper continues to rely heavily on phishing emails that direct victims to credential harvesting sites. The research can be found here: Kazakhstan-associated YoroTrooper disguises origin of attacks as Azerbaijan Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode sponsors: Binarly (https://binarly.io) FwHunt (https://fwhunt.run) Nick Biasini has been working in information security for nearly two decades. In his current role as head of outreach for Cisco Talos Intelligence Group, he leads a team of threat researchers tasked with tracking nation-state APTs, mercenary hacker groups and ransomware cybercriminals. In this episode, Biasini talks about the cryptic world of threat actor attribution, the rise of PSOAs (private sector offensive actors) and why network edge devices are a happy hunting ground for attackers.

David Liebenberg from Cisco Talos joins to discussing Talos' discovery of cracked Microsoft Windows software being downloaded by enterprise users across the globe. Downloading and running this compromised software not only serves as an entry point for threat actors, but can serve as a gateway to access control systems and establish backdoors. Talos identified additional malware, including RATs, on endpoints running this cracked software, which allows an attacker to gain unauthorized remote access to the compromised system, providing the attacker with various capabilities, such as controlling the system, capturing screenshots, recording keystrokes and exfiltrating sensitive information. This research article was not published by Cisco Talos' team. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Intel471 are reporting on a campaign utilizing Bumblebee, a type of a loader that has increasingly been used by threat actors affiliated with ransomware.ESentire are reporting on several attacks conducted by the Russia-linked LockBit Gang.Permiso reporting on LUC-3 who overlaps with Scattered Spider.Cisco Talos has discovered a new malware family they have dubbed HTTPSnoop being deployed against telecommunication providers in the Middle East. WeLiveSecurity have stumbled upon a previously unknown backdoor being deployed in the Middle East that they have named DeadGlyph. Unit42 have started investigating a series of espionage attacks targeting a government in Southeast Asia.LimaCharlie's Office Hours, where we break down some TTPs in-depth, take place every Friday at 9.00 AM PT / 12.00 PM ET. You can find more information here: limacharlie.io/office-hoursThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Play ransomware's new tools. Fancy Bear is out and about. Updates on Sandworm. Ransomware in Russia's war against Ukraine. The US Air Force opens an investigation into the alleged leaker's Air National Guard wing. The Washington Post's Tim Starks joins us with insights on the Biden administration's attempts to better secure the water supply. Carole Theriault chats with Cisco Talos' Vanja Svacjer about the threat landscape, now and tomorrow. And KillNet's in the education business with a new hacker course: “Dark School.”  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/75 Selected reading. Play Ransomware Group Using New Custom Data-Gathering Tools (Symantec) NCSC-UK, NSA, and Partners Advise about APT28 Exploitation of Cisco Routers (National Security Agency/Central Security Service) APT28 exploits known vulnerability to carry out reconnaissance and deploy malware on Cisco routers (NCSC) State-sponsored campaigns target global network infrastructure (Cisco Talos Blog)  Ukraine remains Russia's biggest cyber focus in 2023 (Google) Fog of War: How the Ukraine Conflict Transformed the Cyber Threat Landscape (Google Threat Analysis Group) M-Trends 2023: Cybersecurity Insights From the Frontlines (Mandiant) Faltering against Ukraine, Russian hackers resort to ransomware: Researchers (Breaking Defense)  Air Force unit in document leaks case loses intel mission (AP NEWS) Pentagon Details Review of Policies for Handling Classified Information (New York Times)  Ukraine at D+419: GRU cyber ops scrutinized. (CyberWire)