Podcasts about DarkHotel

Coming to you from Dallas this week - we have Kacey, Harrison, Alex, and Charles. This week the team talks through third party app risks as they relate to COVID-19, as well as touch on security considerations for video conferencing platforms. We also talk through the latest story around the DarkHotel hackers using a VPN zero-day to compromise Chinese government agencies. Check out this week’s Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary And for all of our threat intel resources around COVID-19: https://resources.digitalshadows.com/coronavirus-threat-intelligence-resources ***Resources from this week*** Third party app risks blog from Kacey: https://www.digitalshadows.com/blog-and-research/covid-19-risks-of-third-party-apps/ Webinar: Threat Model of a Remote Worker (April 16th): https://info.digitalshadows.com/Webinar-Threat-Model-of-a-Remote-Worker.html?Source=podcast SANS webinar recording with Alex: https://www.sans.org/webcasts/archive/2020 DarkHotel news: https://www.zdnet.com/article/darkhotel-hackers-use-vpn-zero-day-to-compromise-chinese-government-agencies/

On this week’s show Patrick and Adam discuss the week’s security news, including: ASD launches offensive action against criminals Bio-tech firms working on COVID-19 targeted by ransomware Iran targets WHO Did you hear there’s a security issue with Zoom? You might not have heard. Don’t worry we’ll tell you about it Much, much more This week’s show is brought to you by Yubico, makers of the Yubikey devices. Yubico’s Chief Solutions Officer Jerrod Chong will be along in this week’s sponsor interview to talk through a few things: what is he seeing out there among users? As you’ll hear, he’s seeing what all of us are seeing, a massive rush to enable remote working. Jerrod also us through some new stuff Yubico is planning, from managed credential services through to biometric Yubikeys. Don’t miss it! You can subscribe to the new Risky Business newsletter, Seriously Risky Business, here. You can subscribe to our new YouTube channel here. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Australian government says it is hacking criminals who are exploiting the pandemic Hackers ‘Without Conscience’ Target Health-Care Providers - Bloomberg Exclusive: Hackers linked to Iran target WHO staff emails during coronavirus - sources - Reuters Iran’s ban on Telegram that was intended to facilitate domestic spying backfired DarkHotel hackers use VPN zero-day to breach Chinese government agencies | ZDNet NASA sees an “exponential” jump in malware attacks as personnel work from home | Ars Technica So Wait, How Encrypted Are Zoom Meetings Really? | WIRED Zoom admits some calls were routed through China by mistake | TechCrunch Zoom founder promises to remedy security, privacy concerns during a 'feature freeze' - CyberScoop New York City bans Zoom in schools, citing security concerns | TechCrunch DOJ says Zoom-bombing is a crime | ZDNet Video service Zoom taking security seriously: U.S. government memo - Reuters The Zoom Privacy Backlash Is Only Getting Started | WIRED The internet is now rife with places where you can organize Zoom-bombing raids | ZDNet Why Zoom Really Needs Better Privacy: $1.4 Million Orders Show The US Government’s COVID-19 Response Is Now Relying On It ‘War Dialing’ Tool Exposes Zoom’s Password Problems — Krebs on Security Microsoft Buys Corp.com So Bad Guys Can’t — Krebs on Security Experts agree: Internet voting isn’t ready for COVID-19 crisis - Risky Business Schiff wants ODNI to scrub out politics from election security briefs PayPal and Venmo Are Letting SIM Swappers Hijack Accounts - VICE Google backs Apple's SMS OTP standard proposal | ZDNet Microsoft announces IPE, a new code integrity feature for Linux | ZDNet Chrome 81 released with initial support for the Web NFC standard | ZDNet A Hacker Found a Way to Take Over Any Apple Webcam | WIRED Hardware microphone disconnect in Mac and iPad - Apple Support Hacking forum gets hacked for the second time in a year | ZDNet A hacker has wiped, defaced more than 15,000 Elasticsearch servers | ZDNet Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others | ZDNet Remote working security: Thousands of misconfigured Atlassian instances ripe for unauthorized access | The Daily Swig Cisco rations VPNs for staff as strain of 100,000+ home workers hits its network • The Register Twisted programming framework stung by brace of request smuggling vulnerabilities | The Daily Swig How we abused Slack's TURN servers to gain access to internal services | Communication Breakdown Phish of GoDaddy Employee Jeopardized Escrow.com, Among Others — Krebs on Security XSS vulnerability found in Mozilla’s XSS-prevention library | The Daily Swig On signing the Joint Statement of the Russian Federation and the Republic of Burundi on the non-deployment of weapons in space by the first - News - Ministry of Foreign Affairs of the Russian Federation Exclusive: Elite hackers target WHO as coronavirus cyberattacks spike - Reuters Seriously Risky Business

The COVID-19 pandemic continues to drive a spike in cybercrime. It’s also been the occasion for various state-operated disinformation campaigns, and for some surprisingly widespread popular delusions. Zoom’s acknowledgement that some traffic was mistakenly routed through China draws more scrutiny to the teleconferencing service. A possible BGP hijack is reported. DarkHotel is said to be back. Bad stuff in Google Play. And a sim-swapping risk. Malek Ben Salem from Accenture on CISO health concerns, guest is Dr. Celeste Paul from NSA on cognitive capacity and burnout. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/April/CyberWire_2020_04_06.html

Patrocinador: NordVPN es mi servicio de VPN favorito. Estos días lo estoy usando más que nunca. Los lectores de mixx.io tenéis una oferta por poco más de 3€ al mes. Entra en nordvpn.org/mixxio y disfruta de la navegación privada y segura en tu móvil y ordenador. El uso de Facebook y los VPN se dispara / Instagram comparte pantalla con tus amigos / Google Podcasts en Android / Más reducciones de vídeo / Cagar en alta mar is very complicado  El uso de Facebook sube más que nunca. La plataforma confirma “nuevos récords de uso cada día”, que se hacen complicados de gestionar con sus ingenieros trabajando en remoto. — Algunas estadísticas:  En los países más impactos por la pandemia, el uso de Messenger y WhatsApp aumentó un 50%. Sin especificar cuáles, pero España seguro.  En Italia el uso tiempo dentro de sus apps ha subido un 70%, y duplicado las emisiones en directo. Videollamadas en grupo multiplicadas por 10.  Instagram permitirá navegar por la app con nuestros amigos. Una nueva función llamada ‘co-watching' crea una videollamada entre los miembros de un grupo privado y compartir pantalla para comentar en tiempo real imágenes y vídeos.  Alguien encontró un prototipo prehistórico de Android. Es un dispositivo modelo Sooner, que el equipo de Android usó como prototipo antes de su primer móvil comercial, y con un software fechado en agosto de 2007, previo incluso a los emuladores para programadores.  Detectan un problema en los inodoros de los portaaviones. Su diseño no es correcto, y deben ser limpiados con ácido porque se atascan de forma regular. Cada desatasco cuesta 400.000 dólares, según un extenso informe sobre el coste de mantenimiento de la armada de EE.UU.  Google Podcasts “llega” a iPhone. Con una funcionalidad prácticamente a la par que la versión de Android y web, debería llegar en breve después de que ayer se filtrase por error.  Y YouTube Music ahora permite ver las letras de las canciones según vas escuchando la canción.  Más reducciones de calidad en vídeo digital YouTube reproducirá por defecto calidad 480p en todos sus vídeos, aunque los usuarios podrán subirlo. Lo mismo ha hecho TikTok, uniéndose a Facebook e Instagram en sus vídeos, todos ellos sin posibilidad de cambiarlo.  Ciberataque a la OMS con origen desconocido. Han detectado un intento fallido de acceder a los sistemas informáticos de la Organización Mundial de la Salud. El principal sospechoso es el grupo DarkHotel, un APT que tiene un historial de operaciones en Asia.  El coronavirus en general está siendo usado como método de campañas de engaño para instalar malware y ransomware. Máxima alerta estas semanas, sobre todo a los que trabajéis en remoto.  Los nuevos iPad Pro ya tienen reseñas. Con pocos cambios con respecto al modelo anterior, son un refinamiento de lo existente. Incluso su procesador, el nuevo A12Z apenas presenta una mejora de rendimiento frente al A12X de 2018. Assorties  Amazon Prime Video por fin añade soporte para diferentes perfiles que tendrán su historial y recomendaciones por separado.  Reddit añade soporte para encuestas en las publicaciones.  Operadoras están cambiando indicador de red para mostrar “Quédate en casa” en los móviles de sus clientes  Microsoft reduce el número de actualizaciones de Windows 10 temporalmente para dar más prioridad a los parches de seguridad.  El uso de las redes VPN se dispara en Europa por motivos de teletrabajo principalmente.  Nvidia prepara nuevas tarjetas gráficas para portátil de la gama RTX 20 Super, para presentarlas el 2 de abril, y llegarían al mercado semanas después. ¿Quieres colaborar con el programa? Colabora en Patreon Colabora en Ko-Fi (PayPal) ---- Ahora también tenemos un grupo de Telegram para oyentes: https://t.me/joinchat/AF0lVBd8RkeEM4DL-8qYfw ---- Sigue la publicación en: Newsletter diaria: http://newsletter.mixx.io Twitter: http://twitter.com/mixx_io o sigue a Álex directamente en: http://twitter.com/somospostpc Envíame un email: alex@barredo.es Telegram: https://t.me/mixx_io Web: https://mixx.io

WildPressure APT targets industrial systems in the Middle East. ICS attack tools show increasing commodification. TrickMo works against secure banking. Microsoft warns of RCE vulnerability in the way Windows renders fonts. Click fraud malware found in childrens’ apps sold in Google Play. DarkHotel attacks the World Health Organization. Ransomware hits Parisian hospitals and a British biomedical research firm. More COVID-19 phishbait. Ben Yelin from UMD CHHS on Coronavirus detecting cameras, guest is Allan Liska from Recorded Future on security in the time of Coronavirus. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/March/CyberWire_2020_03_24.html Support our show

Has Apple found a simple solution to SMS 2FA? Exactly how much data has Ring doorbell been tracking? Join us, as we lift the lid on a whole host of tech-news in Watchtower Weekly this week.Make a cup of tea with Matt, as we examine another exploit in our latest segment, "How It's Done". This week, we investigate DarkHotel, the infamous spear-phishing campaign. And while this may sound like some sort of horror-themed video game or physiological thriller... trust us it's not.It's giveaway time...Please leave us a review of the podcast, letting us know how much you love falling asleep to the show. Please leave a review on iTunes, or tweet your review @1Password using the #Ask1Password hashtag.This giveaway closes on Feb 29th. We will announce the winners on the following episode.WatchTower WeeklyRing doorbell gives Facebook and Google user dataMatt's blog post: Feedback first: Why customer input drives our product developmentGoogle ‘accidentally’ exports videos to unrelated users’ archivesApple proposes simple security upgrade for SMS 2FA codes DarkHotel: A sophisticated hacking attack targeting high-profile hotel guestsReal or Not Real?The five-second rule actually works. Read more here.Follow Us…Visit 1password.comCheck out our blogTweet us @1PasswordFind us on Facebook or InstagramPlease get in touch using #Ask1Password and let us know what you think of the show, you can also leave us a review on iTunes or wherever you listen to podcasts.

Mai Menü: A SztereoTrip podcast műsorvezetőjével, Andrással beszélgetünk arról, hogy utazás, nyaralás közben mire érdemes figyelni a cyberbiztonság szempontjából. SztereoTrip Crossplatform merevlemez titkosítás Mac titkosítás Darkhotel Rejtett kamera felderítése: https://toomanyadapters.com/find-hidden-cameras/ https://www.smartertravel.com/check-hidden-cameras-hotel-vacation-rental/ https://www.wikihow.com/Find-Hidden-Cameras https://reolink.com/how-to-detect-hidden-cameras/ Szupertáska Fizetés - Revolut

In today's podcast, we hear that an evolved DarkHotel campaign is under way. A new malware dropper is out and about thanks to the Necurs botnet. Researchers demonstrate proof-of-concept exploits. Cyber espionage follows trade. Notes on election meddling. Google and Facebook encounter some regulatory and legal headwinds over data collection. Connected cars know a lot about their drivers, and there's money in those data. Robert M. Lee from Dragos on the notion of cyber attacks as a distraction.  For links to all today's stories, check out our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/August/CyberWire_2018_08_20.html

On today's Latest Hacking News a Microsoft Zero-Day used by North Korean-linked Darkhotel, Canadian ISP's patch vulnerability and tracking cookies in decline post-GDPR.

In this week’s episode Shadow Talk we look at the Winnti Umbrella group, asking what this means for organizations. We discuss vulnerabilities in Microsoft Office (CVE-2018-8174) and basestriker. And, finally, we outline the fall out surrounding the Olympus dark web marketplace.

Patrick interviews several female professors about their career paths. Afterwards, Patrick, Scott, and Josh talk about new Apple products, snaggeless Cat5 cable snafus, and DarkHotel. Feedback @TalkonTechMCTC or email talkontech@gmail.com

The Social Network Show welcomes back Lance Cottrell to the November 25, 2014 episode. Lance Cottrell, an internet security expert and Chief Science Office at Ntrepid, reveals the latest online security threats and information about what happens to your online accounts when you die. Listen to the show to hear about the following topics: What happens to your online accounts and data when you die How can you delete an online account of someone who is deceased Why is there recent concern about some internet service providers (ISP) Is it more difficult now than before to protect your online privacy What are the latest threats by hackers What is Rootpipe and DarkHotel and what is a targeted attack Why has Uber been in the news lately Lance Cottrell is the founder and principle at Obscura Security. He founded Anonymizer Inc. in 1995.  Before that he created the Mixmaster anonymous remailer in 1993. He is a frequent public speaker at conferences such as the RSA Security Conference, Computers Freedom and Privacy Conference‚ the Organization for Economic Cooperation and Development in Europe‚ ISS World. He is principal author on multiple Internet privacy and security technology patent applications. He took Anonymizer to a very successful exit in 2008, and is now Chief Science Officer of Ntrepid, the acquiring company. He holds a MS in Physics from the University of California, San Diego and a BS in Physics from the University of California, Santa Cruz. Stay up-to-date with latest developments in security on Lance's site, The Privacy Blog

TecnoCasters Ep. 231 Redes sociales y la masacre en México con Pedro Ferriz de Con Por: Juan D. Guevara Torres, Pedro Ferriz de Con y Abrahan Bauza Para el 17 de Noviembre 2014 Las redes sociales y el conflicto de Ayotzinapa en México. La platica que tuvimos con Pedro Ferriz de Con. Amazon pone oídos en su sala de estar con Amazon Echo. Que representa para su privacidad? La operación DarkHotel – ¿qué es? En México los usuarios pueden portar su número de carriers celulares en 3 días. Y como digitalizar en segundos las tarjetas de presentación de sus Clientes.

AT&T Data Security Analysts discuss: DarkHotel APT, Mega Patch Tuesday, Masque Attack of iOS Apps, Smile, You're on Camera, Manual Account Hijacking and The Internet Weather Report. Originally recorded November 11, 2014.