Podcasts about data theft

Overview: In this week's episode of the SMB Community Podcast, hosts James and Amy are back to discuss various aspects of running a successful MSP. They start by diving into the MSP question of the week about creating an org charts for small teams. Both hosts emphasize the importance of delineating responsibilities and using the EOS accountability chart for better team structure. They also talk about the challenges and opportunities in selling security solutions and the importance of offering a strategic value to clients. Later, James interviews Max Miller from Workland Partners about current M&A trends in the IT and cybersecurity sectors, offering valuable advice for MSPs considering selling their business. The episode wraps up with a reminder to stay connected and share questions or comments with the hosts.  --- Chapter Markers: 00:00 Introduction and Greetings  02:09 MSP Question of the Week: Creating an Org Chart 03:18 The Importance of Accountability Charts 09:40 Challenges in Selling Security 11:56 Value-Based Selling and Strategy 18:02 Data Security Concerns  21:12 Facebook Breaches and Data Theft  23:53 Retail Store Privacy Concerns 25:46 5 Minutes w/ a Smart Person: Max Miller of Worklyn Partners 26:10 Max Miller's Background and Workland Partners 30:46 M&A Activity in the MSP Space 34:06 Advice for MSP Owners Considering Selling 40:49 Final Thoughts and Contact Information 43:18 Podcast Wrap-Up and Future Plans --- New Book Release: I'm proud to announce the release of my new book, The Anthology of Cybersecurity Experts! This collection brings together 15 of the nation's top minds in cybersecurity, sharing real-world solutions to combat today's most pressing threats. Whether you're an MSP, IT leader, or simply passionate about protecting your data, this book is packed with expert advice to help you stay secure and ahead of the curve. Available now on Amazon! https://a.co/d/f2NKASI --- Sponsor Memo: Since 2006, Kernan Consulting has been through over 30 transactions in mergers & acquisitions - and just this past year, we have been involved in six (6). If you are interested in either buying, selling, or valuation information, please reach out. There is alot of activity and you can be a part of it. For more information, reach out at kernanconsulting.com

The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

Attackers swipe data from Pennsylvania teachers union Infosys settles $17.5M lawsuit after third-party breach Top U.S. sperm bank discloses data breach Thanks to this week episode sponsor, DeleteMe Data brokers bypass online safety measures to sell your name, address, and social security number to scammers. DeleteMe scours the web to find – and remove – your private information before it gets into the wrong hands by scanning for exposed information, and completing opt-outs and removals.   With over 100 Million personal listings removed, DeleteMe is your trusted privacy solution for online safety. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com/CISO and use promo code CISO at checkout.  For the stories behind the headlines, visit CISOseries.com.

Data theft is widespread now – and it's only going to become a bigger problem as the world becomes more and more connected. We have tips for how to keep you and your information safe. Plus, we talk often about the high costs of predatory towing – but some truckers say the cost of regular towing is getting pretty high, as well. And finally, a sheriff's deputy in Kentucky recounts the harrowing rescue of a truck driver in need. 0:00 – Newscast 10:04 – Hands off my data! 24:25 – Truckers concerned over rising towing bills 38:54 – Inmates and deputy save truck driver

In this new episode of The Clinic Boss Show, Rick sits down with Terry Davison to discuss the evolution of EMRs, AI replacing front desks, and how practitioners are stealing patient databases to start their own clinic. Terry is the Founder and President of Juvonno, a clinic management and EMR software. Juvonno is an all-in-one EMR solution that gives allied health professionals an easier way to manage their schedule, online booking, charting, billing, communication, and reports, from one flexible platform. In this conversation, Rick and Terry discuss topics such as: What are multi-location clinics looking for in software? Practitioners stealing patient databases to start their own clinics—what NOT to do. The future of AI in clinics: Charts, outcome reporting, AI agents, robots, kiosks, and replacing front desks. Why profit margins are decreasing—and what you can do to fix it. USA vs. Canada: The key differences between practice owners in both countries. What trends are showing up across 2,200 users? Online booking now requires credit cards. The rise of new clinic openings - why and what this means? The rise of solopreneurs and building profitable lifestyle businesses. The consolidation wave: Why big players are buying unprofitable $500K clinics. Top 3 biggest mistakes clinic owners are making with their software right now. Watch the episodes on YouTube: https://www.youtube.com/c/RickLauCallHero Follow on Instagram, new videos EVERY SINGLE DAY: instagram.com/thericklau/ Linkedin: https://www.linkedin.com/in/rick-lau/ Terry Davison: Website: juvonno.com Email: terry@juvonno.com Signup for the newsletter (22k+ clinic owners): clinicowner.com Sponsors: Callhero: mycallhero.com Apply to join #1 clinic owner community clinicaccelerator.com

Stock market update for January 29, 2025.

In this episode, we sit down with experienced CISO Gavin Reid to explore the escalating online threats to privacy, focusing on adversaries and companies illicitly scraping website data for profit. We dive into the implications of such unauthorized data collection and its impact on individual and organizational privacy. Reid also shares insights from his team's involvement in dismantling BadBox, a coordinated global attack exploiting connected TV (CTV) devices, highlighting the intersection of cybersecurity and privacy concerns. HUMAN's Satori threat intelligence team has published the following resources on BadBox: https://www.humansecurity.com/company/satori-threat-intelligence/badbox https://www.humansecurity.com/learn/blog/badbox-peachpit-and-the-fraudulent-device-in-your-delivery-box https://www.humansecurity.com/newsroom/human-disrupts-digital-supply-chain-threat-actor-scheme-originating-from-china Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-208

[Referências do Episódio] Cyberhaven's Chrome extension security incident and what we're doing about it - https://www.cyberhaven.com/blog/cyberhavens-chrome-extension-security-incident-and-what-were-doing-about-it  16 Chrome Extensions Hacked, Exposing Over 600,000 Users to Data Theft - https://thehackernews.com/2024/12/16-chrome-extensions-hacked-exposing.html  Inside FireScam : An Information Stealer with Spyware Capabilities - https://www.cyfirma.com/research/inside-firescam-an-information-stealer-with-spyware-capabilities/  Four-Faith Industrial Router CVE-2024-12856 Exploited in the Wild - https://vulncheck.com/blog/four-faith-cve-2024-12856  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

In a recent episode of Brand Story, Simon Wijckmans, founder and CEO of c/side, discussed the critical need to secure third-party scripts on websites, a frequently overlooked aspect of cybersecurity. Drawing on his experience with companies like Cloudflare and Vercel, Wijckmans outlined why traditional methods fall short in addressing dynamic threats and how c/side is redefining client-side security.Third-party scripts—commonly used for analytics, marketing, and chatbots—are vital for website functionality but come with inherent risks. These scripts operate dynamically, allowing malicious actors to inject harmful code under specific conditions, such as targeting particular users or timeframes. Existing security approaches, such as threat feeds or basic web crawlers, fail to detect these threats because they often rely on static assessments. As Wijckmans explained, these limitations result in a false sense of security, leaving businesses exposed to significant risks.C/side provides a proactive solution by placing itself between users and third-party script providers. This approach enables real-time analysis and monitoring of script behavior. Using advanced tools, including AI-driven analysis, c/side inspects the JavaScript code and flags malicious activity. Unlike other solutions, it offers complete transparency by delivering the full source code of scripts in a readable format, empowering organizations to investigate and address potential vulnerabilities comprehensively.Wijckmans stressed that client-side script security is an essential yet underrepresented aspect of the supply chain. While most security tools focus on protecting server-side dependencies, the browser remains a critical point where sensitive data is often compromised. C/side not only addresses this gap but also helps organizations meet compliance requirements like those outlined in PCI-DSS, which mandate monitoring client-side scripts executed in browsers.C/side's offerings cater to various users, from small businesses using a free tier to enterprises requiring comprehensive solutions. Its tools integrate seamlessly into cybersecurity programs, supporting developers, agencies, and compliance teams. Additionally, c/side enhances performance by optimizing script delivery, ensuring that security does not come at the cost of website functionality.With its innovative approach, c/side exemplifies how specialized solutions can tackle complex cybersecurity challenges. As Wijckmans highlighted, the modern web can be made safer with accessible, effective tools, leaving no excuse for neglecting client-side security. Through its commitment to transparency, performance, and comprehensive protection, c/side is shaping a safer digital ecosystem for businesses and users alike.Learn more about c/side: https://itspm.ag/c/side-t0g5Note: This story contains promotional content. Learn more.Guest: Simon Wijckmans, Founder & CEO, c/side [@csideai]On LinkedIn | https://www.linkedin.com/in/wijckmans/ ResourcesLearn more and catch more stories from c/side: https://www.itspmagazine.com/directory/c-sideAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Romanian energy giant battles ongoing attack Ransomware disrupts medical device maker Deloitte responds to data theft claims Thanks to today's episode sponsor, ThreatLocker Do zero-day exploits and supply chain attacks keep you up at night? Worry no more; you can harden your security with ThreatLocker. ThreatLocker helps you take a proactive, default-deny approach to cybersecurity and provides a full audit of every action, allowed or blocked, for risk management and compliance. Onboarding and operation are fully supported by their US-based support team. To learn more about how ThreatLocker can help keep your organization running efficiently and protected from ransomware, visit ThreatLocker.com. For the stories behind the headlines, head of CISOSeries.com.

In a recent episode of Brand Story, Simon Wijckmans, founder and CEO of c/side, discussed the critical need to secure third-party scripts on websites, a frequently overlooked aspect of cybersecurity. Drawing on his experience with companies like Cloudflare and Vercel, Wijckmans outlined why traditional methods fall short in addressing dynamic threats and how c/side is redefining client-side security.Third-party scripts—commonly used for analytics, marketing, and chatbots—are vital for website functionality but come with inherent risks. These scripts operate dynamically, allowing malicious actors to inject harmful code under specific conditions, such as targeting particular users or timeframes. Existing security approaches, such as threat feeds or basic web crawlers, fail to detect these threats because they often rely on static assessments. As Wijckmans explained, these limitations result in a false sense of security, leaving businesses exposed to significant risks.C/side provides a proactive solution by placing itself between users and third-party script providers. This approach enables real-time analysis and monitoring of script behavior. Using advanced tools, including AI-driven analysis, c/side inspects the JavaScript code and flags malicious activity. Unlike other solutions, it offers complete transparency by delivering the full source code of scripts in a readable format, empowering organizations to investigate and address potential vulnerabilities comprehensively.Wijckmans stressed that client-side script security is an essential yet underrepresented aspect of the supply chain. While most security tools focus on protecting server-side dependencies, the browser remains a critical point where sensitive data is often compromised. C/side not only addresses this gap but also helps organizations meet compliance requirements like those outlined in PCI-DSS, which mandate monitoring client-side scripts executed in browsers.C/side's offerings cater to various users, from small businesses using a free tier to enterprises requiring comprehensive solutions. Its tools integrate seamlessly into cybersecurity programs, supporting developers, agencies, and compliance teams. Additionally, c/side enhances performance by optimizing script delivery, ensuring that security does not come at the cost of website functionality.With its innovative approach, c/side exemplifies how specialized solutions can tackle complex cybersecurity challenges. As Wijckmans highlighted, the modern web can be made safer with accessible, effective tools, leaving no excuse for neglecting client-side security. Through its commitment to transparency, performance, and comprehensive protection, c/side is shaping a safer digital ecosystem for businesses and users alike.Learn more about c/side: https://itspm.ag/c/side-t0g5Note: This story contains promotional content. Learn more.Guest: Simon Wijckmans, Founder & CEO, c/side [@csideai]On LinkedIn | https://www.linkedin.com/in/wijckmans/ ResourcesLearn more and catch more stories from c/side: https://www.itspmagazine.com/directory/c-sideAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Cybersecurity Today: From Data Theft to Total Destruction In today's episode, we cover the latest shifts in cybercrime as hackers move from data theft to complete system destruction, impacting businesses on a massive scale. We discuss Palo Alto Networks' insights on these damaging attacks, Veeam's critical vulnerability patches, and a major breach affecting thousands in Saskatchewan. Additionally, we report on Russia's life sentence for a notorious cyber criminal leader and a significant European takedown of a cybercrime network. Stay informed with the latest in cybersecurity and learn about the steps being taken to counter these escalating threats. 00:00 Introduction: Cybersecurity Headlines 00:26 Evolving Cyber Threats: From Ransomware to Destruction 02:42 Veeam's Critical Vulnerability Patch 04:17 Saskatchewan Data Breach and Privacy Concerns 05:14 Massive Data Breach at SL Data Services 06:29 Russia's Crackdown on Cybercrime 08:21 Operation Passionflower: Dismantling Matrix 10:11 Conclusion and Show Notes

[Referências do Episódio] TEMPEST TALKS - https://www.even3.com.br/tempest-talks-2024-497677/  CyberVolk | A Deep Dive into the Hacktivists, Tools and Ransomware Fueling Pro-Russian Cyber Attacks - https://www.sentinelone.com/labs/cybervolk-a-deep-dive-into-the-hacktivists-tools-and-ransomware-fueling-pro-russian-cyber-attacks/  Guess Who's Back - The Return of ANEL in the Recent Earth Kasha Spear-phishing Campaign in 2024 - https://www.trendmicro.com/en_us/research/24/k/return-of-anel-in-the-recent-earth-kasha-spearphishing-campaign.html  Dozens of Machines Infected: Year-Long NPM Supply Chain Attack Combines Crypto Mining and Data Theft - https://checkmarx.com/blog/npm-supply-chain-attack-combines-crypto-mining-and-data-theft/  Zyxel firewalls targeted in recent ransomware attacks - https://securityaffairs.com/171382/cyber-crime/zyxel-firewall-ransomware-attacks.html  QNAP addresses critical flaws across NAS, router software - https://www.bleepingcomputer.com/news/security/qnap-addresses-critical-flaws-across-nas-router-software/   Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Stay ahead of evolving risks and mitigate vulnerabilities with Microsoft Purview Data Security Posture Management (DSPM). Gain prioritized visibility into data security risks, track unprotected sensitive information, and receive actionable insights. With built-in classifiers, automated risk assessments, and AI-powered capabilities like Security Copilot, you can identify and mitigate threats, ensuring a compliant data security environment. Talhah Mir, Microsoft Purview's Principal Group Product Manager, shows how to transform your data security strategy with automated, intelligent risk management and maintain continuous protection across your organization.   ► QUICK LINKS: 00:00 - Build and maintain a strong data security posture 01:25 - Start in Microsoft Purview Portal 02:14 - Microsoft Purview solutions 03:39 - Analytic reports 04:39 - Take action 05:30 - AI app-focused view 06:13 - View trends 06:59 - Add Security Copilot capabilities 09:37 - Wrap up   ► Link References Get started at https://aka.ms/DSPM   ► Unfamiliar with Microsoft Mechanics?  As Microsoft's official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. • Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries • Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog • Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast   ► Keep getting this insider knowledge, join us on social: • Follow us on Twitter: https://twitter.com/MSFTMechanics  • Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ • Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ • Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Guest:  Travis Lanham, Uber Tech Lead (UTL) for Security Operations Engineering, Google Cloud Topics: There's been a ton of discussion in the wake of the three SIEM week about the future of SIEM-like products. We saw a lot of takes on how this augurs the future of disassembled or decoupled SIEMs. Can you explain what these disassembled SIEMs are all about? What are the expected upsides of detaching your SIEM interface and security capabilities from your data backend? Tell us about the early days of SecOps (nee Chronicle) and why we didn't go with this approach? What are the upsides of a tightly coupled datastore + security experience for a SIEM? Are there more risks or negatives of the decoupled/decentralized approach?  Complexity and the need to assemble “at home” are on the list, right? One of the 50 things Google knew to be true back in the day was that product innovation comes from technical innovation, what's the technical innovation driving decoupled SIEMs? So what about those security data lakes? Any insights? Resources: EP139 What is Chronicle? Beyond XDR and into the Next Generation of Security Operations EP190 Unraveling the Security Data Fabric: Need, Benefits, and Futures EP184 One Week SIEM Migration: Fact or Fiction? Hacking Google video series Decoupled SIEM: Brilliant or …. Not :-) UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion So, Why Did I Join Chronicle Security? (2019)

In today's podcast we cover four crucial cyber and technology topics, including: 1.        OnePoint Patient Care victim of INC Ransomware Group  2.        Researchers find ransomware group using TEAMS in new attacks 3.        Ireland fines LinkedIn 310 million Euros 4.        Russia sentences 2 cyber criminals to 4.5, 5 years in prison I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

In today's podcast we cover four crucial cyber and technology topics, including: 1.        Researchers disclose fixed flaw in Apple devices 2.        Bumblebee and Latrodectus malware return 3.        Cypress pressed by wave of hacktivist attacks 4.        SolarWinds 2020 hack generates millions in fines via SEC I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

https://noahgift.com/articles/ldt-chp7-an-eyeball-for-data-theft/

VW says IT infrastructure unaffected after alleged data theft Finland seizes servers of 'Sipultie' dark web market Calgary Public Library services limited after cyberattack Thanks to today's episode sponsor, Conveyor  Does the thought of a whopper 300 question security questionnaire in your most dreaded portal give you nightmares?   Conveyor can help you sleep peacefully.   How? They are the market leaders in instant and accurate AI answers to any format of security questionnaire.   They even offer a zero-touch option for portal-based questionnaires—just paste the URL, and ConveyorAI automatically answers the questions and exports them back to the portal for you.   End the nightmares. Try it for free at www.conveyor.com. Get the story behind the headlines at CISOSeries.com.

Prime Minister Visits Noto Amid Ongoing Recovery Efforts; Former TDK Researcher Charged with Data Theft, & more… English news from Japan for October 5th, 2024. Transcription available at https://japandailynews.com/2024/10/05/news.html

Lawrence Gentilello, the co-founder and CEO of Optery talks about the growing scandal around breaches at data brokers that have exposed the sensitive data on hundreds of millions of Americans to cyber criminals and how firms like Optery are helping people fight back. The post Episode 258: Broken Brokers – Optery’s Fight To Claw Back Your Personal Data appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesChina Calls Out U.S. For Hacking. The Proof? TBD!A Digital Lock Maker Tried To Squash A DEF CON Talk. It Happened Anyway. Here’s Why.Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk

Steve Grzanich has the business news of the day with the Wintrust Business Minute. CDK Global, the suburban software firm that serves U.S. car dealerships, says the cyberattack that impacted its operations earlier this year does not appear to have involved the theft of dealership employee or consumer data. The Hoffman Estates-based company was hit […]

In a bold move, Arkansas Attorney General Tim Griffin has filed a lawsuit against Temu's parent companies, labeling the popular online platform as a "data-theft business" rather than a mere e-commerce marketplace. Griffin's lawsuit accuses Temu, known for its extensive app downloads and millions of shipments, of egregious privacy violations. https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/arkansas-ag-files-suit-labels-temu-a-data-theft-business Paul Singer psinger@kelleydrye.com (202) 342-8672 www.kelleydrye.com/Our-People/Paul-L-Singer Abigail Stempson astempson@kelleydrye.com (202) 342-8678 www.kelleydrye.com/Our-People/Abigail-Stempson Beth Chun bchun@kelleydrye.com (202) 342-8671 www.kelleydrye.com/Our-People/Beth-Bolen-Chun Hosted by Simone Roach Subscribe to the Ad Law Access blog - www.kelleydrye.com/subscribe Subscribe to the Ad Law News Newsletter - www.kelleydrye.com/subscribe View the Advertising and Privacy Law Resource Center - www.kelleydrye.com/advertising-and-privacy-law Find all of our links here linktr.ee/KelleyDryeAdLaw

Darren is the Co-Founder and CEO of Carbide. This cyber security firm provides businesses of all sizes with the tools they need to adopt a robust cybersecurity and privacy posture, enabling them to protect their data from cybercriminals, transform security from a potential liability to a competitive advantage, and accelerate their growth.   A TechStars alum, Carbide has raised 7M+, and its clientele is quickly growing in highly regulated markets, including e-commerce, FinTech, healthcare, and insurtech.   Darren has 15+ years of experience as the CEO and Chief Information Security Officer (CISO) of several businesses that handle sensitive data. This experience has given him a solid grasp of evaluating and managing risk according to organizational goals while fostering growth.   Before starting Carbide, he Co-Founded Marcato, an innovative event management platform that managed 300+ music and cultural events, including Burning Man and Coachella, in 27 countries worldwide. Darren ran the business as CEO and CISO for ten years until it was acquired by Patron Technology in 2018. At that point, he decided to go into the cybersecurity industry.   He is a Certified Information Privacy Manager (CIPM) and Certified Information Systems Security Professional (CISSP).   On the podcast, Darren would love to talk about:   How to engage your team in cybersecurity to build a secure by-default company in a way that enables you to breeze through audits and assessments while, at the same time, being something your team enjoys.  How to showcase your company's cybersecurity posture in a way that helps you close deals faster and earn greater customer trust. How to make cybersecurity and data privacy a part of your service or product offering. This topic would interest startups and service companies that provide tools and services outside of IT and security and service companies like MSPs that can benefit from adding security products and services to their offerings. How fast-growing organizations achieve enterprise-class security and privacy.   To get a sense of Darren, here's an episode he did on the Privacy Please Podcast, where he shared advice for founders on securing their startups.   Quick recap Summary Darren's Cybersecurity Journey and Insights Darren and Michael discussed Darren's background and experience in cybersecurity and data privacy. Darren shared his unconventional entry into the field, having previously worked in various leadership roles before focusing on security. He emphasized the importance of security no longer being a "bolt-on" but an essential component of leadership and business operations. He also mentioned his current role as a board member for the International Information System Security Certification Consortium and his upcoming plans for the quarter. Michael showed interest in understanding more about Darren's insights. Turbine's AI Integration and Business Model Shift darrengallop, the CEO and co-founder of Turbine cyber security and data privacy company, discussed the company's development and future plans in the meeting. He elaborated on how they have been using AI and machine learning (ML) as a component of their product, which was launched in December after about a year of development. Darren also shared that they have shifted their business model to encompass AI to enhance the human experience and better support their customers. He further discussed his passion for cyber security and data privacy, especially in healthcare and manufacturing industries. The conversation then moved to the fast-paced world we live in, with Michael jokingly relating his recent stress test experience to the ever-accelerating speed of technology. Cybersecurity Leadership and Prioritization Michael emphasized the critical importance of cybersecurity and the need for it to be a top priority within organizations, arguing that it's as crucial as accounting and customer service departments. He also touched on the significance of leadership in cybersecurity, stating that it's a skill that can be learned and that he, as an accountant, had successfully transitioned into the tech space due to his curiosity and leadership ability. Darren agreed with Michael's points, asserting that effective leadership is essential for the proper use and management of cybersecurity and data privacy within an organization. Leadership Engagement in IT Security Challenges darrengallop discussed the challenges IT security teams face in organizations where leadership is not engaged or committed to ensuring security. He noted that many organizations prioritize sales and fiscal responsibilities over security, leading to a reactive approach dubbed "security theater." Darren emphasized the need for leadership to prioritize security and recognize the evolving threat landscape, including the increasing profitability of cybercrime. Michael concurred, pointing out the lower overheads and ease of recruitment in cybercrime, compared to traditional criminal activities like drug cartels. Attracting Younger Generations to Computer Activities Michael and Darren discussed the attraction of computer-based activities for younger generations, likening it to a game or a puzzle that they find engaging and challenging. Michael suggested that this behavior could lead to criminal activities like hacking, especially for those in difficult economic situations. However, he emphasized the possibility of separating the criminal aspect from these activities and using their skills for legitimate purposes, setting them up for future success. Darren agreed with Michael's points. Organized Crime and Human Trafficking Discussion Michael and Darren discussed the prevalence of certain criminal activities within their borders and worldwide. Darren elaborated on the operations of organized criminal groups, mentioning cases in poor countries where people are exploited and demonized as targets. He also introduced the concept of human trafficking for hacking camps, where individuals are forced to conduct social engineering scams. Darren estimated that over 200,000 people are in captivity conducting these types of operations, making it difficult for law enforcement to have a meaningful impact on stopping and catching the perpetrators. AI Fraud and Preventive Measures Michael discussed the potential dangers of AI technology being used for fraudulent activities, such as scam phone calls using cloned voices. He suggested the use of code words and education as preventive measures. darrengallop agreed, emphasizing the importance of educating individuals at all levels to identify and prevent such criminal activities. He also highlighted the potential futility of relying solely on law enforcement to combat this issue, given the vast scope and complexity of the problem. Identity Theft and Financial Vulnerability Discussion darrengallop and Michael discussed the potential risks of identity theft and financial loss in today's world. Darren emphasized the importance of understanding the various factors contributing to vulnerability, such as owning property or having good credit, and noted how these factors could be used against individuals. Michael shared his experience managing his mother's estate and highlighted the need to freeze credit applications for the deceased. Both acknowledged the growing use of AI and other tools to automate finding weaknesses and vulnerabilities and how criminals could exploit this. They also discussed the possibility of identity theft through obituaries and the physical theft of mail. Data Theft, Hacking, and Customer Expectations Michael and Darren discussed the creative and often criminal activities surrounding data theft and hacking. They highlighted the need for organizations to monitor their systems and data closely and emphasized the importance of protecting sensitive information. Darren noted customers' increasing awareness and expectation regarding privacy and security, with many technology providers now implementing these concepts by default. However, he also pointed out the ongoing risks posed by social engineering and criminal activities, which have been refined over time. Both agreed on the need for these issues to be part of an organization's DNA, not an add-on, to prevent future breaches. Cybersecurity, Global Impact, and Resources darrengallop and Michael discussed the changing global landscape and its impact on businesses, emphasizing the importance of cybersecurity and data protection. Darren introduced his website, carbidesecure.com, as a resource for companies seeking cybersecurity implementation and maintenance assistance. 

00:00 - PreShow Banter™ — Louie is Live04:53 - BHIS - Talkin' Bout [infosec] News 2024-06-1007:09 - Story # 1: UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion18:39 - Story # 2: Stealing everything you've ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.39:02 - Story # 3: TikTok fixes zero-day bug used to hijack high-profile accounts41:34 - Story # 4: The Age of the Drone Police Is Here52:07 - Story # 5: London hospitals declare emergency following ransomware attack54:45 - Story # 6: Former Senior Executive and Former Sales Manager Convicted of Selling Data on Millions of U.S. Consumers to Perpetrators of Mail Fraud Schemes56:40 - Story # 7: FBI Kicks Hackers In The Teeth With Free 7,000 Ransomware Key Giveaway57:32 - Story # 8: FCC OKs pilot to bolster school, library cybersecurity 

Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 10 June 2024 1. Google Cloud | UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion 2. Morphisec | Howling at the Inxos: Sticky Werewolf's Latest Malicious Aviation Attacks https://blog.morphisec.com/sticky-werewolfs-aviation-attacks 3. Vonahi Security | Automated Penetration Testing & Cyber Security Services - Top 10 Crticial Pentest Findings Report https://www.vonahi.io/pentest-report-2024?utm=source=701Rp00000B6bue 4. The DFIR Report | IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment https://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment/ 5. Zscaler | Technical Analysis of the Latest Variant of ValleyRAT https://www.zscaler.com/blogs/security-research/technical-analysis-latest-variant-valleyrat ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

This episode reports on Anit-Ransomware Day , big tech companies vowing to make their products and services Secure By Design, and more

From malware developers targeting child exploiters with ransomware, to major cloud services exposing credentials, learn how digital vigilantes and technological oversights shape online security. Featuring insights on the United Nations' latest ransomware dilemma, uncover the intricate web of cybersecurity challenges faced globally. URLs for Reference: Malware Dev lures child exploiters into honeytrap to extort them AWS, Google, and Azure CLI Tools Could Leak Credentials in Build Logs United Nations agency investigates ransomware attack, data theft Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: cybersecurity, ransomware, malware, cloud security, digital threats, cyber vigilantes, tech giants, United Nations, cyber attack, data theft, CryptVPN, AWS, Google Cloud, Azure, CLI tools, BleepingComputer, The Hacker News Search Phrases: Cyber vigilante justice malware extortion Cloud CLI tools security vulnerabilities United Nations cyberattack investigation CryptVPN ransomware against child exploiters AWS, Google, and Azure CLI tools leaking credentials Impact of ransomware on global organizations Cybersecurity threats in cloud computing Cybersecurity tactics against illegal online activities Data breach at United Nations agency New trends in cyber threats and digital security Transcript: Apr22 Malware developers are now targeting individuals seeking child exploitation material, employing cryptVPN ransomware to extort them by locking their systems and demanding payment, as revealed by Bleeping Computer. What methods are these developers using, and why do I want them to succeed? Leaky CLI, a vulnerability discovered by Orca in AWS, Google, and Azure CLI tools, is exposing sensitive credentials in build logs, putting countless organizations at risk of cyber attacks. What measures can organizations take to prevent sensitive credentials from being exposed by build logs? Finally, hackers have infiltrated the United Nations Development Program's IT systems, stealing sensitive human resources data from its global network dedicated to fighting poverty and inequality. You're listening to the Daily Decrypt. Malware developers are now turning their tactics against individuals seeking child exploitation material, specifically targeting them with ransomware designed to extort money by feigning legal action. This new strain of malware, dubbed CryptVPN, was recently analyzed by Bleeping Computer after a sample was shared with the cybersecurity researcher MalwareHunterTeam. CryptVPN tricks users into downloading a seemingly harmless software, which then locks the user's desktop and changes their wallpaper to a menacing ransom note. The ploy begins with a decoy website that impersonates. Usenet Club, a purported subscription service offering uncensored access to downloadable content from Usenet, which is an established network used for various discussions, which unfortunately also includes illegal content. The site offers several subscription tiers, but the trap is set with the free tier, which requires the installation of the CryptVPN software to access the supposed free content. Now to be honest, I feel like I don't even want to give away these clues to any child predators that may be listening. So I'm going to stop there as far as how the attack works, but I'm really glad that attackers have found this vector because people who are partaking in illegal activities have a lot to lose and are often pretty scared, you know, unless they're complete psychopaths. And and so if someone's able to get the information or lure people into these websites You know, this reminds me of something that happened to me back in my single days. And those of you who know me personally can validate the authenticity of this story, but it might sound a little crazy to just an average listener. But swiping on Tinder, matched with someone, they didn't really want to chat too much, they just wanted to start sending nude photographs. And I personally, it's not my thing, but let's just say I'm not going to unmatch this person for offering. And so nude photographs came through, there was no exchange, but they did ask for photographs of myself, which I was not interested in sending. And in fact, I wasn't really interested in pursuing anyone who would just jump in and send nude photographs. So I stopped talking to them. And about a couple of days later, I got a phone call from a Someone claiming to be the police department, saying that they had gotten my number from this girl's dad, and she's underage, and now they have proof that I've been sending nude photographs to this underage person. Well, I don't know. They accused me of that and that never happened. So immediately I knew it was a scan. But let's just say hypothetically that I had sent pictures to this person. I would be pretty scared receiving this threat. Because my whole life would change, right? If I became a child predator or a sexual predator or whatever it's called, then like a lot of stuff changes. And at the time I was in the military, so that was the end of my military career or whatever. So it's a very similar to that. If you're doing something wrong. And you get caught in a trap, you're very likely to pay the ransom. So first of all, don't mess around with children online. Don't do illegal sexual things. And you have nothing to worry about with this scam. So please stop doing that. Don't do that. And you've got nothing to worry about, it's been recently unveiled that command line interface tools from the tech giants such as Amazon Web Services and Google Cloud are susceptible to exposing sensitive credentials in the build logs, presenting a substantial security hazard to enterprises. This vulnerability is a Which the cloud security firm Orca has dubbed Leaky CLI, involves certain commands on the Azure CLI, AWS CLI, and Google Cloud CLI that could reveal environment variables. Roy Nizmi, a prominent security researcher, highlights in a report to the Hacker News that, quote, some commands can expose sensitive information in the form of environment variables, which can be collected by adversaries when published by tools such as GitHub Actions. In response, Microsoft has proactively addressed this security lapse in its November 2023 update, designating it with the CVE identifier 2023 36052, which carries a critical CVSS score of 8. 6 out of 10. Conversely, Amazon and Google view the exposure of environment variables as an anticipated behavior, advising organizations to refrain from storing secrets within these variables. Instead, they recommend using specialized services like AWS Secrets Manager or Google Cloud Secret Manager, which is a great recommendation. Furthermore, Google has advised users of its CLI tools to employ the dash dash no dash user output enabled option, which prevents the printing of command output to the terminal, thereby mitigating the risk of data leaks. Orca has also identified several instances on GitHub where projects inadvertently leaked access tokens and other sensitive data through continuous integration and deployment tools, including GitHub actions, CircleCI, TravisCI, and CloudBuild, which is always going to be a problem. Take those. Pull request reviews, seriously. Nimzy warns, if bad actors get their hands on these environment variables, this could potentially lead to view sensitive information, including credentials, such as passwords, usernames, and keys, which could allow them to access any resources that the repository owners can. He added that CLI commands are by default assumed to be running in a secure environment. But coupled with CICD pipelines or continuous integration, continuous development, they may pose a security threat. This ongoing issue underscores the critical need for heightened security measures within cloud computing environments. Go out there, get you a new cloud job, my guys. Finally, the United Nations Development Program, or UNDP, has launched an investigation into a significant cyber attack where intruders compromised its IT systems, resulting in the theft of critical human resources data. So, human resources data sounds It's pretty benign to me, like, the way that that's framed seems like nothing, but think about what the data Human Resources has. It's the crown jewels. They've got your social security number for your W 2 form, they've got your previous jobs, they've got your address, they've got your email address, they've got everything. So Human Resources data is nothing to bat an eye at. The agency, which is a cornerstone of the United Nations efforts to combat poverty and inequality worldwide. Confirmed the breach occurred in late March within the local IT infrastructure for the United Nations. Following the detection of the breach on March 27th, thanks to a threat intelligence alert, UNDP acted swiftly. Quote, actions were immediately taken to identify a potential source and contain the effective server as well. As to determine the specifics of the exposed data and who was impacted. The ongoing investigation seeks to fully understand the incident's nature and scope, as well as its impact on individuals whose information was compromised, but to further complicate some matters, the eight base ransomware gang, a group known for its broad attacks on various industries, claimed responsibility for the data theft. On the same day as the breach, they added a new entry for UNDP on their dark web leak site. The documents leaked, according to the attackers, contain a huge amount of confidential information, ranging from personal data to financial records and employment contracts. This cyberattack is not the first the United Nations has suffered. Previous breaches have struck the United Nations Environmental Program and key United Nations networks in Geneva and Vienna, showcasing ongoing vulnerabilities within UNIT systems. Meanwhile, the 8Base group, which claims to target companies neglecting data privacy, continues its surge of attacks, having listed over 350 victims on its data leak site to date. So if you're listening and you know your company is rejecting some data privacy protocols, maybe use this story as incentive to get them to pay more attention to this. That's all we got for you today. Happy Monday. Thanks so much for listening. Please head over to our social media accounts, Instagram, Twitter, Twitter. com. Youtube Give us a follow, give us a like, and send us a comment. We'd love to talk. And we'll be back tomorrow with some more news.

This episode reports on security updates from Delinea and PuTTY, and reports on bad bots and threat actors going after Zoom meetings

In this eye-opening episode of Exploit Brokers, we delve deep into the world of cybercrime, dissecting the sinister Phemedrone Stealer malware and its ability to pilfer your precious data. Join us as we explore the chilling reality that just one click on a seemingly harmless URL can lead to a catastrophic data breach. Discover the insidious tactics used by cybercriminals, from leveraging unpatched Windows flaws to social engineering techniques that lure unsuspecting users into clicking malicious links. Find out how this open-source information stealer, Phemedrone Stealer, targets web browsers, cryptocurrency wallets, and messaging apps like Telegram, Steam, and Discord. This episode serves as a stark reminder of the importance of keeping your systems updated with the latest patches. Don't be one of the countless individuals who remain vulnerable to these cyber threats long after patches are released. Protect yourself against data theft, cryptocurrency loss, and identity compromise. Join us as we shine a light on the dark world of cybercrime and provide you with the knowledge to safeguard your digital life.  

Jon apologizes for how he sounds in this episode, he was having mic troubles we discovered only during post-production. But outside of that, we continue the series of episodes recapping 2023 with our Year in Review report. This week, Aliza Johnson from the Talos Threat Intelligence & Interdiction team comes on the show to talk about data theft extortion. She shares why her team saw such a spike in this type of activity in 2023, what can be done to stop it, and which ransomware actors are pivoting to this tactic. 

Insurance firm sees cyberattacks as more likely than fire or theft North Korean hackers steal anti-aircraft system data Vulnerability discovered in fleet management software Huge thanks to our sponsor, Barricade Cyber Solutions Is ransomware affecting your business? Contact Barricade Cyber Solutions at recoverfromransomware.com. Barricade Cyber Solutions are elite DFIR experts who come to the rescue for businesses like yours daily. The trusted team at Barricade Cyber traces the source of infiltration and fortifies your defenses. Depend on Barricade Cyber Solutions for your data and system security. Remember recoverfromransomware.com, that's recoverfromransomware.com. For the stories behind the headlines, head to CISOseries.com.

In today's podcast we cover four crucial cyber and technology topics, including: 1.        Fidelity National attack delays home closings 2.        Qilin Ransomware impact shutdowns North American Auto Maker 3.        Police arrest Ukraine based ransomware gang; raid 30 locations 4.        Ukrainian Ministry says they hacked Russian Ministry of Transport    I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

The Cybercrime Wire, hosted by Scott Schober, provides boardroom and C-suite executives, CIOs, CSOs, CISOs, IT executives and cybersecurity professionals with a breaking news story we're following. If there's a cyberattack, hack, or data breach you should know about, then we're on it. Listen to the podcast daily and hear it every hour on WCYB. The Cybercrime Wire is sponsored by KnowBe4. To learn more about our sponsor, visit https://knowbe4.com • For more breaking news, visit https://cybercrimewire.com

In today's podcast we cover four crucial cyber and technology topics, including: 1.        Toyota victim of Medusa Ransomware who demands 8 million USD 2.        U.S. teen guilty of accessing over 60 thousand sports betting accounts 3.        Israeli man sentenced to prison for role in phishing, data theft 4.        OpenAI relieves CEO after allegations of failure to communicate  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

This episode reports on several newly revealed hacks, including the theft of the names and ranks of 47,000 London police and staff stolen after a hacker got into the IT systems of a firm that prints police warrant cards and staff passes

Cisco Talos Incident Response observed data theft extortion more than any other type of cyber attack last quarter. So why has it become so popular? And what makes it different from ransomware? Jacob Finn from the Talos Threat Intelligence and Interdiction Team joins Jon this week to discuss the basics of data theft extortion. He just worked on an overview of this threat for Talos researchers and works closely with Talos IR on their quarterly trends reports. Jacob discusses why threat actors are choosing data theft extortion over ransomware and how this makes defense and detection more difficult. For more on this topic, read our one-page overview here.

Apple's source code and materials used in ballistic missiles—these secrets could soon fall into Beijing's hands. The Justice Department announced criminal cases against individuals allegedly moving U.S. tech secrets to foreign adversaries like China. Those facing charges were found living in California and hiding out in China. Will the recent slew of criminal charges stem the flow of intellectual property theft? ⭕️ Watch in-depth videos based on Truth & Tradition at Epoch TV

Apple Engineer Charged over Alleged Data TheftPentagon Report on Virus Origins LeakedChina Gains Double from 'Developing Country' Tag: ExpertCanada, S. Korea Meet, Agree to Boost CooperationBiden Shortens Overseas Trip, a Win for China?Top Taiwanese Lawmaker Visits U.S. CapitolFormer UK Prime Minister Visits TaiwanStrengthening Ties to Counter China: ReportEconomic Nato 'Good' Idea: UK PoliticianFormer Captain: U.S. Advantage on Russia, China Is at Sea

Google expands TensorFlow open-source tooling for accelerated machine learning development CISA addresses 'Cyber Poor' small biz, local government Wendy's drive-through orders to be taken by a chatbot The future of real-world evidence and data analytics - self-service mode Ex-Ubiquiti engineer behind "breathtaking" data theft gets 6-year prison term Mike Wagner, co-founder of Metify talks about bringing the Mojo (Platform) to Major League Baseball. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Mike Wagner Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT GO.ACILEARNING.COM/TWIT

Google expands TensorFlow open-source tooling for accelerated machine learning development CISA addresses 'Cyber Poor' small biz, local government Wendy's drive-through orders to be taken by a chatbot The future of real-world evidence and data analytics - self-service mode Ex-Ubiquiti engineer behind "breathtaking" data theft gets 6-year prison term Mike Wagner, co-founder of Metify talks about bringing the Mojo (Platform) to Major League Baseball. Hosts: Louis Maresca, Brian Chee, and Curtis Franklin Guest: Mike Wagner Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT GO.ACILEARNING.COM/TWIT

Threat group with novel malware operates in Southeast Asia. Data theft extortion on the rise. Key findings of Cisco's Cybersecurity Readiness Index. iPhones are no longer welcome in the Kremlin. Russian cyber auxiliaries and privateers devote increased attention to the healthcare sector. Chris Eng from Veracode shares findings of their Annual Report on the State of Application Security. Johannes Ullrich from SANS Institute discusses scams after the failure of Silicon Valley Bank. And BreachForums seems to be under new management.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/54 Selected reading. NAPLISTENER: more bad dreams from developers of SIESTAGRAPH (Elastic Blog)  Unit 42 Ransomware and Extortion Report Highlights: Multi-Extortion Tactics Continue to Rise (Palo Alto Network) Ransomware and extortion trends. (CyberWire) Cisco Cybersecurity Readiness Index (Cisco) A look at resilience: companies' ability to fight off cyberattacks. (CyberWire) Putin to staffers: throw out your iPhones over security (Register) Black Basta, Killnet, LockBit groups targeting healthcare in force (SC Media) After BreachForums arrest, new site administrator says the platform will live on (Record) 

Emotet's return. LodaRAT improvements. Callback phishing leads to data theft extortion.