Russian hacker group
POPULARITY
Cybersecurity Today: Allegations Against Elon Musk, Microsoft Lockout Issues, Cozy Bear's New Malware, and Canada's Anti-Fraud Proposals In this episode of Cybersecurity Today, hosted by David Shipley, we examine several major cybersecurity stories. A whistleblower accuses Elon Musk's team's involvement in a significant cyber breach at the National Labor Relations Board. Administrators face challenges with Microsoft's Mace feature, causing widespread account lockouts over the Easter weekend. The Russian hacking group Cozy Bear targets European diplomats using wine-themed phishing tactics. Canadian Conservative leader Pierre Poilievre proposes stringent measures against online fraud, including hefty fines and criminal charges for companies failing to act against digital scammers. 00:00 Breaking News: Doge and the US Labor Watchdog Cyber Breach 03:30 Microsoft Security Feature Causes Weekend Chaos 06:08 Russian Hackers Target European Diplomats with Wine-Themed Phishing 07:30 Canadian Conservative Leader Proposes Anti-Fraud Measures 09:25 Conclusion and Contact Information
In this Episode, we are exposing the APT 29 Cozy Bear Conspiracy that nobody talks about! APT 29, also known as Cozy Bear, is a sophisticated hacking group with alleged ties to Russian intelligence. You'll learn about their covert operations, the methods they use, and the conspiracies surrounding their activities that have gone under the radar for far too long. This is an eye-opening journey into the world of cyber espionage, revealing the dark secrets that even the experts hesitate to discuss.
Andy Thompson, CyberArk Labs Offensive Security Research Evangelist returns to Trust Issues for a deep dive into the recent APT29 breach of Microsoft. In conversation with host David Puner, Thompson explores the intricate details of the January 2024 attack, dissecting the tactics employed by the APT29 threat actor, also known as Cozy Bear, Cozy Car, The Dukes – or, as Microsoft refers to the group: Midnight Blizzard. From the initial password spray technique to the exploitation of OAuth applications, listeners are taken on a journey through the breach's timeline – and learn how, ultimately, it all boils down to identity. The discussion touches upon the nuances of threat actor nomenclature, the significance of various bear-themed aliases and the professional nature of state-sponsored cyber espionage groups. Throughout the episode, practical insights and cybersecurity best practices are shared, offering organizations valuable strategies to bolster their defenses against evolving cyber threats. For a comprehensive analysis of the APT29 Microsoft data breach and detailed recommendations for improving cybersecurity posture, check out the accompanying blog post written by Andy Thompson.
Mother of All Breaches. The Midnight Blizzard attack. Nation state cyber conflicts. January 2024 has seen a blitz in cyber attacks. In this week's episode, hosts Stan Wisseman and Rob Aragao delve into the alarming start to the new year.1. Mother of All Breaches (MOAB):· Unprecedented Scale: Over 26 billion records compromised, impacting major platforms like Twitter, LinkedIn, Adobe, and Dropbox, along with government agencies worldwide.· Data Complexity: The breach includes not only credentials but also sensitive data, creating substantial value for malicious actors.· Organization: The breach was meticulously organized, posing a significant threat to data security and privacy.2. Midnight Blizzard Attack:· Notorious Group: Midnight Blizzard, also known as Cozy Bear and APT29, resurfaces · Targeted Organizations: Microsoft and HPE were among the targets, with a focus on compromising Office 365 exchange environments.· Attack Strategy: Utilizing password spraying and brute force, the attackers gained access to a legacy test nonproduction account, subsequently creating malicious OAuth applications.· Specific Targeting: The attackers selectively targeted executives, cybersecurity teams, and legal teams, aiming to gather intelligence on Microsoft's activities.3. State-Sponsored Cyber Warfare (Russia vs. Ukraine):· Escalating Tensions: Ongoing cyber warfare activities between Russia and Ukraine intensify, with a warning of disruptive and destructive attacks.· Advanced Tactics: Russian cyber forces, particularly Midnight Blizzard, demonstrate advanced capabilities, impacting Ukrainian e-services, utility companies, and online banking.· AI Integration: Ukraine effectively employs AI in its defense, utilizing facial recognition and cyber capabilities to counter cyber threats.The hosts emphasize the importance of proactive measures, including password changes, multi-factor authentication adoption, and vigilant identity governance. The discussion underscores the evolving landscape of cyber warfare, encompassing both kinetic and cyber threats. Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com
Cozy Bear breaches Hewlett Packard Enterprise. An investigation reveals global surveillance based on digital advertising. Cisco patches critical vulnerabilities. Meta aims to enhance the online safety of minors. iOS notifications are exploited for tracking. EquiLend's systems go offline after a cyberattack. A DC theater faced financial crisis after seeing their bank account drained. Critical infrastructure is targeted in Ukraine. The latest insights on ransomware. Guest Lance Hood joins us from TransUnion to share how fraud attacks on financial industry call centers are rising. And Teslas get POwned in Tokyo. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Lance Hood joins us from TransUnion to share how fraud attacks on financial industry call centers are rising. Selected Reading Hewlett Packard Enterprise tells SEC it was breached by Russia's 'Cozy Bear' hackers (The Record) Inside a Global Phone Spy Tool Monitoring Billions (404 Media) Cisco Patches Critical Vulnerability in Enterprise Collaboration Products (SecurityWeek) Instagram and Facebook will now prevent strangers from messaging minors by default (The Verge) Research Reveals How iPhone Push Notifications Leak User Data (MacRumors) Financial tech firm EquiLend says recovery after cyberattack ‘may take several days' (The Record) 'No gift is too small' | GALA Hispanic Theater asking for donations after hackers drain bank accounts (WUSA9) Ukrainian energy giant, postal service, transportation agencies hit by cyberattacks (The Record) The 2024 Ransomware Threat Landscape (Symantec Enterprise Blogs) Who pays, and why: A researcher examines the ransomware victim's mindset (The Record) Tesla Hack Earns Researchers $100,000 at Pwn2Own Automotive - SecurityWeek (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Tesla, TikTok, Karakurt, VISS, Volt Typhoon, Cozy Bear, GambleForce, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-349
Tesla, TikTok, Karakurt, VISS, Volt Typhoon, Cozy Bear, GambleForce, Aaran Leyland, and More News on the Security Weekly News. Show Notes: https://securityweekly.com/swn-349
Tesla, TikTok, Karakurt, VISS, Volt Typhoon, Cozy Bear, GambleForce, Aaran Leyland, and More News on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-349
Tesla, TikTok, Karakurt, VISS, Volt Typhoon, Cozy Bear, GambleForce, Aaran Leyland, and More News on the Security Weekly News. Show Notes: https://securityweekly.com/swn-349
A look back at Patch Tuesday. BlackCat uses malicious Google ads. Social engineering in the third quarter of 2023. Are small businesses in denial about ransomware? Molerats have some new tools. Israel turns to NSO Group's Pegasus to search for hostages taken by Hamas. Tim Starks from the Washington Post examines the potential aftermath of a Russian group hitting a Chinese bank. In our Learning Layer, Sam Meisenberg helps a student understand and create a strategy for the CISSP CAT. And a cyberespionage campaign is attributed to Russia's SVR. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/218 Selected reading. Adobe Releases Security Updates for Multiple Products | CISA (Cybersecurity and Infrastructure Security Agency CISA) Fortinet Releases Security Updates for FortiClient and FortiGate (Cybersecurity and Infrastructure Security Agency | CISA) VMware Releases Security Update for Cloud Director Appliance (Cybersecurity and Infrastructure Security Agency | CISA) CISA Releases Two Industrial Control Systems Advisories (Cybersecurity and Infrastructure Security Agency | CISA) Microsoft Releases October 2023 Security Updates (Cybersecurity and Infrastructure Security Agency | CISA) Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws (BleepingComputer) SAP Security Patch Day for November 2023 (Onapsis) The ALPHV/BlackCat Ransomware Gang is Using Google Ads to Conduct… (eSentire) Q3 2023 Threat Landscape Report: Social Engineering Takes Center Stage (Kroll) OpenText Cybersecurity 2023 Global Ransomware Survey: The risk perception gap (OpenText Blogs) TA402 Uses Complex IronWind Infection Chains to Target Middle East-Based Government Entities (Proofpoint) Israel's NSO unleashes controversial spyware in Gaza conflict (Axios) APT29 Attacks Embassies Using CVE-2023-38831 (NCSCC) Cyber-espionage operation on embassies linked to Russia's Cozy Bear hackers (Record) Learn more about your ad choices. Visit megaphone.fm/adchoices
The StormWatch podcast episode from October 31, 2023, began with the hosts in a light-hearted mood, donning costumes for Halloween. The hosts discussed the latest happenings in the cybersecurity world, focusing on the latest phones, developments at Censys and GreyNoise, and important cybersecurity news. They also touched on conspiracy theories. The hosts were in costumes, with one host dressed as the Invisible Man, another as Louise Belcher from Bob's Burgers, and another as Cozy Bear, a reference to APT 29, a cyber espionage group. They also discussed their "scariest vulnerabilities," with one host mentioning the mercenary spyware like Pegasus as a significant concern. The hosts then discussed the recent security breaches involving Okta, Beyond Trust, and 1Password. They praised 1Password for their transparent and detailed response to the incident. They also discussed the recent vulnerabilities found in SolarWinds and the subsequent charges filed by the SEC against SolarWinds and their Chief Information Security Officer for fraud and internal control failures. The hosts also discussed a tool called cvecrowd.com, which tracks CVE mentions on Mastodon, a social network. They praised the tool for its usefulness in tracking cybersecurity vulnerabilities and incidents. They also mentioned an upcoming event at a brewery where they would discuss threat hunting techniques and tips. The hosts then discussed the recent vulnerabilities found in Cisco IOS, with one host sharing her findings from her investigation into the vulnerabilities. They also discussed the importance of patching and updating systems to protect against these vulnerabilities. This Episodes Slides >> Join our Community Slack >> Learn more about GreyNoise >>
What is Cozy Bear? --- Support this podcast: https://podcasters.spotify.com/pod/show/wikipediaread/support
What is Cozy Bear? --- Support this podcast: https://podcasters.spotify.com/pod/show/wikipediaread/support
An update on Barracuda ESG exploitation. Camaro Dragon's current cyberespionage tools spread through infected USB drives. The Mirai botnet is spreading through new vectors. Midnight Blizzard is out and about . Ukraine is experiencing a "wave" of cyberattacks during its counteroffensive. Karen Worstell from VMware shares her experience with technical debt. Rick Howard speaks with CJ Moses, CISO of Amazon Web Services. And Anonymous Sudan turns out to be no more anonymous or Sudanese than your Uncle Louie. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/120 Selected reading. Barracuda ESG exploitation (Proofpoint) Beyond the Horizon: Traveling the World on Camaro Dragon's USB Flash Drives (Check Point Research) Chinese malware accidentally infects networked storage (Register) Akamai SIRT Security Advisory: CVE-2023-26801 Exploited to Spread Mirai Botnet Malware (Akamai). Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (BleepingComputer) Neuberger: Ukraine experiencing a ‘surge' in cyberattacks as it executes counteroffensive (Record) Microsoft warns of rising NOBELIUM credential attacks on defense sector (HackRead). Anonymous Sudan: neither anonymous nor Sudanese (Cybernews)
We get a RSA Conference wrap-up from David Spark, ask why there's no standardized threat actor naming convention, and Reddit began testing persistent chat channels with 25 volunteer subreddits. Starring Sarah Lane, Rich Stroffolino, David Spark, Roger Chang, JoeShow notes here Become a member at https://plus.acast.com/s/dtns. Hosted on Acast. See acast.com/privacy for more information.
"Read the Manual" and the ransomware-as-a-service market. Bitter APT may be targeting Asia-Pacific energy companies. A Cozy Bear sighting. Hacktivist auxiliaries hit Canadian targets. Deepen Desai of Zscaler describes job scams following tech layoffs. Our guest is Kelly Shortridge from Fastly with insights on the risks from bots. And there's been an arrest in the Discord Papers case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/72 Selected reading. Read The Manual Locker: A Private RaaS Provider (Trellix) Phishing Campaign Targets Chinese Nuclear Energy Industry (Intezer) Espionage campaign linked to Russian intelligence services (Baza wiedzy) Russian cyberspies hit NATO and EU organizations with new malware toolset (CSO Online) Pro-Russia hackers say they were behind Hydro-Quebec cyberattack (Montreal CTV News - 04-13-2023) Cyberattack knocks out website and mobile app for Quebec's hydro utility (Toronto Star) F.B.I. Arrests National Guardsman in Leak of Classified Document (New York Times) DOD Calls Document Leak 'a Criminal Act' (U.S. Department of Defense)
This Episode will give you a glance of Threat Intelligence and the world of APTsin this episode we will talk in general about different APT Groups, specificallyabout APT 29 aka Cozy Bear and how they achieve stealthiness while hiding in the shadows Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com
This Episode will give you a glance of Threat Intelligence and the world of APTsin this episode we will talk in general about different APT Groups, specificallyabout APT 29 aka Cozy Bear and how they achieve stealthiness while hiding in the shadows Twitter: @almorabeaTwitter: @CyberRiddlerWebsite: https://thecyberriddler.com
There's no sign that cyberattacks affected US vote counts. NATO meets to discuss the Atlantic Alliance's Cyber Defense Pledge. A new APT41 subgroup has been identified. FSB phishing impersonates Ukraine's SSCIP. A look at Cozy Bear's use of credential roaming. Caleb Barlow shares tips on removing implicit bias from your hiring process. Our guests are Valerie Abend and Lisa O'Connor from Accenture with a look at the difference in how women and men pursue the top cyber leadership roles. And an update on Phishing trends and API threats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/217 Selected reading. Statement from CISA Director Easterly on the Security of the 2022 Elections (Cybersecurity and Infrastructure Security Agency): No ‘Specific or Credible' Cyber Threats Affected Integrity of Midterms, CISA Says (Nextgov.com) U.S. vote counting unaffected by cyberattacks, officials say (PBS NewsHour) What's 'Putin's chef' cooking up with talk on US meddling? (AP NEWS) NATO's 2022 Cyber Defense Pledge Conference - United States Department of State (United States Department of State) Japan joins NATO cyber defense centre (Telecoms Tech News) China casts wary eye as Japan signs up for Nato cybersecurity platform (South China Morning Post) Hack the Real Box: APT41's New Subgroup Earth Longzhi (Trend Micro) New hacking group uses custom 'Symatic' Cobalt Strike loaders (BleepingComputer) They See Me Roaming: Following APT29 by Taking a Deeper Look at Windows Credential Roaming (Mandiant) APT29 Exploited a Windows Feature to Compromise European Diplomatic Entity Network (The Hacker News) CAUTION‼️ russian hackers are sending emails with malicious links from the SSSCIP (State Service of Special Communications and Information Protection of Ukraine) Russian hackers send out emails under the name of Ukraine's State Service of Special Communications and Information Protection (Yahoo) Research Report | The State of Email Security 2022 (Tessian) DevOps Tools & Infrastructure Under Attack (Wallarm)
Bu hafta Tuğba Öztürk, Rus APT grubu Cozy Bear'ın Microsoft 365'i hedef almasını ve Havrita uygulamasının bilgi güvenliği boyutunu ele alıyor. Keyifli dinlemeler
State-backed attacks excluded from cyber insurance LockBit hit with DDoS Cozy Bear using Microsoft accounts to bypass MFA Thanks to today's episode sponsor, Code42 Have you been thinking about launching an Insider Risk Management program? You don't need to be Big Brother to effectively address Insider Risk. Code42 believes that the Three Es should define any IRM program: expertise, education, and enforcement. Shift your security culture from “watchdog” to “guide dog” and everyone wins. Learn more at Code42.com/showme.
A Cozy Bear sighting. Shaking up Ukraine's intelligence services. Albania's national IT networks continue to work toward recovery. US Justice Department seizes $500k from DPRK threat actors. The FBI warns of apps designed to defraud cryptocurrency speculators. A White House meeting today addresses the cyber workforce. Ben Yelin looks at our right to record police. Our guest is Tim Knudsen, Director of Product Management for Zero Trust at Google Cloud, speaking with Rick Howard. And another trend we'd like to be included out of. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/136 Selected reading. Russian APT29 Hackers Use Online Storage Services, DropBox and Google Drive (Unit 42) Russian hacking unit Cozy Bear adds Google Drive to its arsenal, researchers say (CyberScoop) Russian SVR hackers use Google Drive, Dropbox to evade detection (BleepingComputer) Ukraine's spy problem runs deeper than Volodymyr Zelensky's childhood friend (The Telegraph) Albanian government websites go dark after cyberattack (Register) On Google Play, Joker, Facestealer, & Coper Banking Malware (Zscaler) Justice Department seizes $500K from North Korean hackers who targeted US medical organizations (CNN) Cyber Criminals Create Fraudulent Cryptocurrency Investment Applications to Defraud US Investors (US Federal Bureau of Investigation) Announcement of White House National Cyber Workforce and Education Summit | The White House (The White House) Fortinet Announces Free Training Offering for Schools at White House Cyber Workforce and Education Summit (Fortinet) Not your average side hustle: the women making thousands from 'pay pigs' who enjoy being financially dominated (Business Insider)
The FBI and MI-5 warn of Chinese industrial espionage. Revelations of Trickbot's privateering role. Russian influence operations target France, Germany, Poland, and Turkey. Chinese APTs target Russian organizations in a cyberespionage effort. Robert M. Lee from Dragos on CISA expanding the Joint Cyber Defense Collaborative. Ben Yelin speaks with Matt Kent from Public Citizen about the American Innovation and Online Choice Act. And who would guess it, but NFT scams are pestering Ukraine. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/129 Selected reading. Heads of FBI, MI5 Issue Joint Warning on Chinese Spying (Wall Street Journal) FBI and MI5 leaders give unprecedented joint warning on Chinese spying (the Guardian) FBI and MI5 bosses: China cheats and steals at massive scale (Register) FBI director suggests China bracing for sanctions if it invades Taiwan (Washington Post) Unprecedented Shift: The Trickbot Group is Systematically Attacking Ukraine (Security Intelligence) Trickbot may be carrying water for Russia (Washington Post) Russia Info Ops Home In on Perceived Weak Links (VOA) Targets of Interest | Russian Organizations Increasingly Under Attack By Chinese APTs (SentinelOne) Chinese hackers targeting Russian government, telecoms: report (The Record by Recorded Future) Near-undetectable malware linked to Russia's Cozy Bear (Register) Russia's Cozy Bear linked to nearly undetectable malware (Computing) When Pentest Tools Go Brutal: Red-Teaming Tool Being Abused by Malicious Actors (Unit 42) NFT scammers see an opportunity in Ukraine donations (The Record by Recorded Future)
A daily look at the relevant information security news from overnight - 06 July, 2022Episode 259 - 06 July 2022Spring Data Bad SpEL- https://portswigger.net/daily-swig/spring-data-mongodb-hit-by-another-critical-spel-injection-flaw Hive Gets Rust-ed - https://thehackernews.com/2022/07/hive-ransomware-upgrades-to-rust-for.htmlSilent Shadow Fix - https://www.bleepingcomputer.com/news/microsoft/microsoft-quietly-fixes-shadowcoerce-windows-ntlm-relay-bug/Google to Delete Sensitive Tracking- https://www.infosecurity-magazine.com/news/british-army-social-media-accounts/Cozy Bear Leverages BRc4 - https://thehackernews.com/2022/07/hackers-abusing-brc4-red-team.htmlHi, I'm Paul Torgersen. It's Wednesday July 6th 2022, and this is a look at the information security news from overnight. From PortSwigger.netA critical SpEL injection vulnerability has been patched in Spring Data MongoDB. The 9.8 severity bug could be exploited to achieve remote code execution. First.org has ranked the flaw among the top 10 CVEs likely to be used in the wild over the last 30 days. The ease-of-exploitation and the number of proof of concepts available will likely make this vulnerability very popular. Get your patch on kids. From TheHackerNews.com:The operators of the Hive ransomware have completely rewritten the malware, moving from the Go language to Rust. This gains them the benefit of memory safety and deeper control over low-level resources as well as making use of a wide range of cryptographic libraries. It also makes it more difficult to reverse engineer. These changes continue to show Hive as one of the fastest evolving ransomware families out there. From ZDNet.com:Four more Android apps have been removed from the Google Play store after it was discovered they were being used to deliver the Joker malware to smartphones. The apps, which have over 100,000 downloads between them are: Smart SMS Messages, Blood Pressure Monitor, Voice Language Translator and Quick Text SMS. They join at least 11 other apps that have been removed recently for the same issue. Details in the article. From BleepingComputer.comMicrosoft has confirmed that they silently patched the ShadowCoerce vulnerability as part of their June 2022 updates. They say the vuln was mitigated along with CVE-2022-30154 because they both affect the same component. The question is, why have they not yet publicly provided any details, or even assigned a CVE ID. Strange actions for a vulnerability of this magnitude. No clarification yet from Redmond. And last today, from TheHackerNews.comMalicious actors have been observed abusing Brute Ratel C4, a relatively new and quite sophisticated toolkit designed to avoid detection by EDR and AV capabilities. BRc4 is a customized command-and-control center for red team and adversary simulation. Evidently the bad guys thought it was ready for prime time. The bad guys in this case probably being APT29, or Cozy Bear. You may remember them from the SolarWinds supply chain attack last year. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
A disastrous cyberattack on the country of Ukraine that had worldwide ramifications. NotPetya was something far more sinister than a case of ransomware. This was an act of war perpetrated by Russia. Support us on Patreon! Start your own podcast today with LibSyn. Use the code “FRIEND” for your first month free! Created, Produced & Hosted by Keith Korneluk Written & Researched by Jim Rowley Edited, Mixed & Mastered by Greg Bernhard Theme Song You Are Digital by Computerbandit Listen to True Crime Guys podcast
An upswing in malware deployed against targets in Eastern Europe. Cozy Bear is typosquatting. CuckooBees swarm around intellectual property. Tracking the DPRK's hackers. Quiet persistence in corporate networks. CISA issues an ICS advisory. Caleb Barlow on backup communications for your business during this period of "shields up." Duncan Jones from Cambridge Quantum sits down with Dave to discuss the NIST algorithm finalist Rainbow vulnerability. And, hey, officer, honest, it was just a Squirtle…. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/86 Selected reading. Update on cyber activity in Eastern Europe (Google) Multiple government hacking groups stay busy targeting Ukraine and the region, Google researchers say (CyberScoop) Google: Nation-state phishing campaigns expanding to target Eastern Europe orgs (The Record by Recorded Future) SolarWinds hackers set up phony media outlets to trick targets (CyberScoop) SOLARDEFLECTION C2 Infrastructure Used by NOBELIUM in Company Brand Misuse (Recorded Future) Experts discover a Chinese-APT cyber espionage operation targeting US organizations (VentureBeat) Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation (Cybereason Nocturnus) Operation CuckooBees: Deep-Dive into Stealthy Winnti Techniques (Cybereason) Chinese hackers cast wide net for trade secrets in US, Europe and Asia, researchers say (CNN) Researchers tie ransomware families to North Korean cyber-army (The Record by Recorded Future) The Hermit Kingdom's Ransomware Play (Trellix) New espionage group is targeting corporate M&A (TechCrunch) Cyberespionage Group Targeting M&A, Corporate Transactions Personnel (SecurityWeek) UNC3524: Eye Spy on Your Email (Mandiant) Yokogawa CENTUM and ProSafe-RS (CISA) Cops ignored call to nearby robbery, preferring to hunt Pokémon (Graham Cluley)
Cyber-security expert Tony Grasso joins Kathryn to talk about the new spear-phishing email doing the rounds from Chinese state-sponsored hacking group Override Panda. He'll also look at how Russian hacking group, Cozy Bear, has been targeting diplomats around the globe and how the CIA is using a variety of social media platforms to give instruction on how Russians can send information to them via a secure browser over the Dark Web.
Cable sabotage in France remains under investigation. Spearphishing by Cozy Bear. Widespread and damaging Russian cyberattacks have yet to appear, but criminals find a new field of activity. Hacktivism and privateering. The legal and prudential limits to hacktivism. Applying lessons learned from an earlier cyberwar. Romanian authorities say last week's DDoS incident was retaliation for Bucharest's support of Kyiv. Rick Howard is dropping some SBOMS. Carole Theriault reports on virtual kidnappings. REvil seems to be back after all. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/84 Selected reading. How the French fiber optic cable attacks accentuate critical infrastructure vulnerabilities (CyberScoop) Russian hackers compromise embassy emails to target governments (BleepingComputer) Ukraine's defense applies lessons from a 15-year-old cyberattack on Estonia (NPR) Feared Russian cyberattacks against US have yet to materialize (C4ISRNet) Hacking Russia was off-limits. The Ukraine war made it a free-for-all. (Washington Post) A YouTuber is promoting DDoS attacks on Russia — how legal is this? (BleepingComputer) Ukraine's Digital Fight Goes Global (Foreign Affairs) Romanian government says websites attacked by pro-Russian group (The Record by Recorded Future) REvil ransomware returns: New malware sample confirms gang is back (BleepingComputer)
Members of the hacker gang may act in Russia's interest, but their links to the FSB and Cozy Bear hackers appear ad hoc.
Members of the hacker gang may act in Russia's interest, but their links to the FSB and Cozy Bear hackers appear ad hoc.
Cryptocurrency exchange loses almost $200 million as two hot wallets are compromised. Phones belonging to US State Department personnel concerned with Uganda are found to have been infected with NSO Group's Pegasus surveillance technology. Mandiant reports recent activity by the threat group thought responsible for the SolarWinds compromise. Cybersecurity will be on the agenda at tomorrow's Russo-US summit. Caleb Barlow outlines threats to the Winter Olympics. Rick the-toolman Howard looks at the marketing hype-cycle. And US Cyber Command says it's been imposing costs. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/232
In today's podcast we cover four crucial cyber and technology topics, including: 1. Ransomware impacts employee pay in the UK 2. Criminals exploiting flaw in confluence servers to deploy cryptominers 3. Twitter experienced technical glitch, users logged out 4. Attackers behind SolarWinds continued attacks with different tool I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
In today's podcast we cover four crucial cyber and technology topics, including: 1. AutoDesk reveals they were victims of SolarWinds hack 2. New York Credit Union impacted by former employee 3. Researchers confirm TV remotes can be hacked from over 60 feet way 4. China arrests Mozi Botnet operators I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
For little decisions interview #6, Victoria sits down with her first Marigold Market vendor! Deijhon Yearby aka Cozy is the owner and operator of Cozy Bear Market Garden in Nicholson & host of Cozybear Farms podcast! As a solo farmer of a quarter acre of land, this is Cozy's 2nd year as a vendor at the Marigold Market. On my first Saturday visiting the market, Cozy was incredibly welcoming and kind, he even offered to be one of my first interviews. Cozy uses his podcast, Cozybear Farms, to help small scale farmers and gardeners to become more independent by learning some tips and tricks Cozy has acquired in his over 10 years of farming. Cozy is an independent minded, spirited entrepreneur. Cozy Bear Market Garden is Naturally grown which means he uses no synthetic conventional chemicals. Our interview at Pittard Park started with us talking shop about farm life as a solo farmer. Our Conversation quickly turned to DC VS Marvel, comic books and super heros! I'll spare you the over 30 minutes of discussion and offer some highlights! As our conversation got around to the experience of going to the movies, an experience we all miss, Cozy shared an endearing story about friendship and kindness. Let's listen to the story of the date that wasn't a date. Here's the rest of my interview with marigold market vendor Cozy of Cozy Bear Market Farms. Enjoy! Support the show (https://www.paypal.com/donate?business=3ETJ2WW4FUWSY&no_recurring=0&item_name=Podcast+fundraising¤cy_code=USD)
In today's podcast we cover four crucial cyber and technology topics, including: 1. Cozy Bear accessed 27 US State Attorney's offices in 2021 2. Kaspersky uncoveres GhostEmperor threat actor targeting Exchange 3. Estonia arrests man who stole citizen IDs 4. MeteorExpress malware responsible for Iranian train hack I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Cozy Bear's active command-and-control servers are found, and people conclude that Moscow's not too worried about American retaliation after all. Spyware found in an app for companies doing business in China. What to make (and not make) of the Iranian documents Sky News received. Phishing with Crimean bait. HTML smuggling may be enjoying a moderate surge. DoppelPaymer rebrands. Andrea Little Limbago from Interos on growing the next-gen of cyber. Our guest is Jamil Jaffer from IronNet Cybersecurity protecting the BlackHat Network Operations Center. And good news--that blackmailing bot really doesn't know what you did this summer. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/146
Photo: A soldier stands guard over the ancient city built by Alexander the Great at Khujand, Tajikistan. Russia and Cozy Bear check NATO, Washington and the Taliban. @ Felix_Light @CBSNews (Reuters) - Tajikistan on Wednesday called on members of a Russian-led military bloc to help it deal with security challenges emerging from Afghanistan, hours after Moscow pledged to defend its regional allies affected by the unrest. https://www.themoscowtimes.com/2021/07/07/russia-says-ready-to-activate-tajik-military-base-amid-us-pullout-taliban-advance-in-afghanistan-a74450 Permissions: 13 June 2008, 09:25 Source | Tajikistan Author | Steve Evans from Citizen of the World This file is licensed under the Creative Commons Attribution 2.0 Generic license. | You are free:to share – to copy, distribute and transmit the work; to remix – to adapt the work Under the following conditions:attribution – You must give appropriate credit, provide a link to the license, and indicate if changes were made. You may do so in any reasonable manner, but not in any way that suggests the licensor endorses you or your use.
Ukrainian government websites may have come under an unspecified cyberattack early this week. Kaseya delays its VSA patch until Sunday, and offers assistance to victims of VSA exploitation by REvil. The US continues to mull its response to Russia over REvil and Cozy Bear. A small electric utility's business systems go offline after a ransomware attack. Microsoft continues to grapple with PrintNightmare. Caleb Barlow from CynergisTek on the changing Cyber Insurance landscape. Our guest is Kwame Yamgnane from Qwasar on how he seeks to inspire minority kids to code. And the US will try again to get Julian Assange extradited. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/130
Kaseya continues to work on patching its VSA products. The US mulls retaliation for the Kaseya ransomware campaign, as well as for Cozy Bear's attempt on the Republican National Committee and Fancy Bear's brute-forcing efforts. (Russia denies any wrongdoing.) Current events phishbait. Microsoft patches PrintNightmare. Joe Carrigan looks at recent updates to Google's Scorecards tool. Our guest Umesh Sachdev of Uniphore describes his entrepreneurial journey. And the Lazarus Group is back, phishing for defense workers. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/129
In today's podcast we cover four crucial cyber and technology topics, including: 1. SolarWinds hackers had access to Denmark's Central Bank for six months 2. POC for Microsoft Print Spool issue released, patch available 3. Law enforcement seizes Russia-based DoubleVPN service4. Battle in Ohio over legal ability of government to operate broadband continues I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Microsoft warns about a hacking gang that is far from cuddly, algorithms rather than managers are firing people, and our guest receives a surprising email from "Amazon"... And you will NOT want to miss checking out a very special "Pick of the week"! All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by David Bisson. Visit https://www.smashingsecurity.com/234 to check out this episode's show notes and episode links. Follow the show on Twitter at @SmashinSecurity, or on the Smashing Security subreddit, or visit our website for more episodes. Remember: Follow us on Apple Podcasts, or your favourite podcast app, to catch all of the episodes as they go live. Thanks for listening! Warning: This podcast may contain nuts, adult themes, and rude language. Theme tune: "Vinyl Memories" by Mikael Manvelyan. Assorted sound effects: AudioBlocks. Special Guest: David Bisson.
Bill Curtis and Jane Albrecht continue their discussion on cybersecurity with author and tech-wiz, David Holtzman. What’s a Zombie Bot? Has a Trojan attacked your computer? How can we protect ourselves from Hackers? This episode will both scare and enlighten you to all matters of personal and business cybersecurity. David Holtzman is a world-class information technologist, currently working with global block chain companies, with deep expertise in privacy, encryption, ethics, cybersecurity, digital registries and intellectual property. Episode Timestamps: 00:52 Hacking, Phishing, and Personal Attacks 1:52 How Hackers Attack YOU 4:07 Antivirus Software 5:34 No Real Protection Against Hacking 6:55 Real Life Hacking Examples 7:43 Things you can check before being Hacked 10:37 Hacking Cases during Covid 11:48 What not to do to stay safe from Hackers and VPN 13:07 Passwords 15:07 Password Lockers and Hacks 15:52 Positive Takeaways and Hacking 19:42 Insider Threats and Business 21:48 Individual Responsibility and Old-World Business Tactics 24:06 Final Words ---------------------- Learn More: https://www.curtco.com/meetmeinthemiddle Follow Us on Twitter: https://www.twitter.com/politicsMMITM Hosted by: Bill Curtis and Jane Albrecht Edited and Sound Engineering by: Joey Salvia Theme Music by: Celleste and Eric Dick A CurtCo Media Production https://www.curtco.com See omnystudio.com/listener for privacy information.
Bill Curtis and Jane Albrecht discuss cybersecurity with author and tech-wiz, David Holtzman. They dive deep into the Colonial Pipeline Hack, ransomware, and Solar Winds. You’ll learn about the capabilities of Russia, China, and other nations in the cyber-wars. Do you want to know what Zero Day means, who’s DarkSide, Fancy Bear and Cozy Bear?... which software is the safest, Apple or Microsoft? And how wars will be fought in the future? This two-part series on cyber-intelligence will certainly deliver. Episode Timestamps: 3:16 Why do countries get hacked? David Holtzman is a world-class information technologist, currently working with global block chain companies, with deep expertise in privacy, encryption, ethics, cybersecurity, digital registries and intellectual property. 5:05 The Colonial Pipeline Hack 6:16 Panic Buying and Hacks (DarkSide) 9:19 Two Types of Hackers 10:30 Negotiating with Hackers 11:08 The Solar Winds Hack and Russia 12:54 Deduction and knowing who’s the Hacker 14:34 Tracking what information was hacked 16:16 How to handle the backdoor second hack attack 17:45 Lessons Learned from Hackers and USA Cyber intelligence 20:36 Trump and classified intelligence 21:36 Do we have proof that Trump passed info onto the Russians? 23:36 What is Zero Day? 24:54 Apple vs Microsoft and Hacking 28:02 Mutual assured annihilation 29:50 Ramifications of Hacking 32:44 Cold War References and destruction 34:00 Defending against Russian Aggression ---------------------- Learn More: https://www.curtco.com/meetmeinthemiddle Follow Us on Twitter: https://www.twitter.com/politicsMMITM Hosted by: Bill Curtis and Jane Albrecht Edited and Sound Engineering by: Joey Salvia Theme Music by: Celleste and Eric Dick A CurtCo Media Production https://www.curtco.com See omnystudio.com/listener for privacy information.
The News: A joint advisory was published on Friday, May 7, 2021 by the Cybersecurity & Infrastructure Security Agency (CISA) and the UK's National Cyber Security Centre, the FBI, and the NSA focused on Russian Foreign Intelligence Service (SVR) and their tactics, techniques and procedures used to target victims. These reports focus on threats posted by APT29, how its methods have evolved, and provides best practices to defend against the threat actor. Read the Joint Advisory here. The US/UK Governments Issue Cybersecurity Advisory on Russian Threat Actor Activity Analyst Take: This past Friday was a big day for cybersecurity advisories related to Russian Foreign Service (SVR) threat actors. The threat group APT29 has been attributed to Russia's SVR and have operated since about 2008, largely targeting government networks in Europe and NATO member countries, research institutes, and think tanks. APT29 is also known by the names Dark Halo, StellarParticle, NOBELLIUM, UNC2452, YTTRIUM, The Dukes, Cozy Bear, and Cozy Duke. In the recently issued joint advisory, the US and UK governments outlined tactics and techniques that the Russians are using in their hacking efforts and outlined how they are targeting their victims. In an earlier alert issued the week prior, SVR operations were outlined, along with trends and some recommended best practices for network defenders. These reports also provide more details on the SolarWinds attack spearheaded by those same Russian SVR threat actors. The SolarWinds attack saw malicious updates from compromised SolarWinds systems breaching hundreds of organizations – and we don't yet know the full scope of the damage. Last year we also saw that same SVR group targeting vaccine R&D operations, which involved malware tracked as WellMesshttps://us-cert.cisa.gov/ncas/analysis-reports/ar20-198c and WellMail. What caught my eye here and what is highlighted in the report is that threat actors embrace best practices for digital transformation. They are agile and adaptable. Once they are detected, they pivot. For instance, once the WellMess/WellMail breach was detected, APT29 pivoted. And this pivot was a really pretty brilliant. The threat actors began using Sliver, which is a security testing tool developed by Bishop Fox, an offensive security assessment firm. Sliver is a legitimate tool used for adversary simulation. This new report focuses on helping threat hunters detect Sliver, but here's the rub: just because it's detected doesn't necessarily mean it's malicious. Have a headache yet? I do. My colleague Fred McClimans and I covered this jointly issued report in our Cybersecurity Shorts series on the Futurum Tech Webcast this past week. Threat Actors Make It Their Job to Know When Servers Are Vulnerable The newly published warning report said that threat actors are actively scanning the internet for vulnerable servers, including vulnerabilities affecting VMware's vCenter Server product and Microsoft Exchange servers, which have already been exploited by many. There are five vulnerabilities the government warns that need immediate attention in addition to the newest Microsoft Exchange Server updates just made available in mid-April. These five are: CVE-2018-13379 Fortinet FortiGate VPN CVE-2019-9670 Synacor Zimbra Collaboration Suite (advisory here) CVE-2019-11510 Pulse Secure Pulse Connect Secure VPN CVE-2019-19781 Citrix Application Delivery Controller and Gateway CVE-2020-4006 VMware Workspace ONE Access A final note that organizations have been slow to apply the available fixes, leaving organizations massively at risk. Access the full Joint NCSC-CISA-FBI-NSA Cybersecurity Advisory on Russian CyberSecurity here: Advisory: Further TTPs Associated with SVR Cyber Actors The government also released Fact Sheet: Russian SVR Activities Related to SolarWinds Compromise that they recommend all security personnel familiarize themselves with.
A supply chain attack against IT company SolarWinds has exposed as many as 18,000 companies to Cozy Bear's attacks.
Major Russian hack compromises computers all over the world, including Federal agencies like Treasury, Commerce, Homeland Security, and more.
Russian intelligence unit Cozy Bear hacked FireEye, SolarWinds, the U.S. Treasury, Homeland Security, and Dept. of Commerce. But how can companies protect their networks against the unlimited resources of hostile nation cyber threats? Watch Episode: https://youtu.be/b_IbG6ahAdM Presented by: The Quarter-Life Investor (https://quarterlifeinvestor.com/quarterly-learnings-podcast/) --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app
Hacking, leaking, and the spreading of chaos. How Russian Government hackers timed a Democratic National Committee email leak with Hillary Clinton's biggest scandal. This week, we find out how Russia stepped over the line and tried to influence the outcome of the 2016 US Presidential Election. This is the ninth episode of Russia, If You're Listening. Each week, host Matt Bevan brings the story of a character involved in the investigation. You can get in touch at russia@abc.net.au.
When representatives from the Democratic National Committee reached out to a silicon valley cybersecurity company, to investigate a potential breach in their computer system, it's hard to imagine what they might have expected to come of it. It didn't take long to discover that something was amiss. Red flags were popping up all over the […] The post Fancy Bear, Cozy Bear appeared first on Malicious Life.Advertising Inquiries: https://redcircle.com/brands
De Amerikaanse verkiezingen, Wikileaks en hackende beren. Waren het wel de Russen die midden in de Amerikaanse verkiezingsstrijd compromitterende e-mails van de Democraten aan Wikileaks doorspeelden?Wikileaks publiceerde in de zomer van 2016, middenin de Amerikaanse verkiezingsstrijd, duizenden interne e-mails van de top van de Democratische Partij. Dit leidde tot commotie en zelfs tot het opstappen van de partijvoorzitter, omdat uit de mails bleek dat de partijtop kandidaat Bernie Sanders had benadeeld ten opzichte van Hillary Clinton.“Het zijn de Russen!”, riep de campagnemanager van de Democraten nog dezelfde dag op televisie. “Ze willen Trump bevoordelen omdat ze een hekel hebben aan Clinton.”Enkele maanden eerder was inderdaad ontdekt dat Fancy Bear en Cozy Bear, twee hackersgroepen die in verband worden gebracht met de Russische inlichtingendiensten, hadden ingebroken in de netwerken van de Democratische Partij. Maar is een en een echt twee? Het verhaal over de hackende Russen is inmiddels gemeengoed. Clinton zegt dat ze hierdoor de verkiezingen heeft verloren. Senator McCain noemt het een oorlogsdaad. In Nederland wordt de Russische hack gebruikt om te bepleiten dat de WIV, de nieuwe Wet op de Inlichtingen en Veiligheidsdiensten, er echt moet komen. Maar welk bewijs is er nou echt? Waarom gaf de Democratische Partij geen toestemming aan de FBI om de geïnfecteerde computers te onderzoeken? Argos spreekt met twee voormalig medewerkers van de NSA, de Amerikaanse afluisterdienst. En duikt zelf ook in de technische details.