POPULARITY
Forecast = Expect a 90% chance of phishing
We discuss the 20th anniversary of Apple's Safari web browser, look at more false positives on roller coasters and ski slopes with Apple's crash detection, then finish looking at our Apple security and privacy roundup for 2022. Show Notes: Apple's Safari browser is 20 years old Camino Canceled: Mac Browser Calls It Quits Dridex banking malware modified to spread using macOS ChatGPT is enabling script kiddies to write functional malware iPhone 14's Car Crash Detection Still Triggering False 911 Calls, Forcing Dispatchers to Reallocate Resources Away From Real Emergencies First responders ask iPhone users to disable Emergency SOS iPhone 14's Car Crash Detection Still Triggering False 911 Calls, Forcing Dispatchers to Reallocate Resources Away From Real Emergencies The Year in Apple Security & Privacy 2022 Intego Mac Premium Bundle X9 is the ultimate protection and utility suite for your Mac. Download a free trial now at intego.com, and use this link for a special discount when you're ready to buy.
In today's podcast we cover four crucial cyber and technology topics, including: 1.British Hospitality group offline after cyberattack 2.D-Link routers targeted by Moobot3.Researchers find new tool used by criminal group in the past 4.Ireland fines Meta 405 Million Euros for data privacy violation I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Twilio breach allowed attackers access to Okta single use sign on codes.Raspberry Robin USB malware linked to EvilCorp via Dridex similarities.Ransomware written in more obscure languages trend continues with Golang based “Agenda”
A daily look at the relevant information security news from overnight - 22 June, 2022Episode 250 - 22 June 2022Yodel Sings the Blues- https://www.bleepingcomputer.com/news/security/yodel-parcel-company-confirms-cyberattack-is-disrupting-delivery/ Chrome Release - https://www.securityweek.com/google-patches-14-vulnerabilities-release-chrome-103Acrobat Blocks PFD Checks- https://www.bleepingcomputer.com/news/security/adobe-acrobat-may-block-antivirus-tools-from-monitoring-pdf-files/Apple Removes the Stop Signs - https://www.zdnet.com/article/apples-ios-16-will-give-you-an-alternative-to-irritating-captcha-tests/Racoon Out - Dridex In - https://thehackernews.com/2022/06/rig-exploit-kit-now-infects-victims-pcs.htmlHi, I'm Paul Torgersen. It's Wednesday June 22nd, 2022, and once again from Chicago this is a look at the information security news from overnight. From BleepingComputer.comYodel delivery service company out of the UK says they have been disrupted due to a cyberattack. Deliveries were delayed and package tracking was down, but the company says that customer payment information has not been compromised. No word on the threat actor or specific malware used, but it is assumed to be a ransomware attack. From SecurityWeek.com:Google announced the release of Chrome 103 with patches for a total of 14 vulnerabilities, including nine reported by external researchers. The most severe of these bugs is a critical-severity use-after-free issue in Base. The company paid out $44,000 in bug bounties for this batch of fixes and said they have seen no indication that any of them have been exploited in the wild. From BleepingComputer.com:Adobe Acrobat is blocking security software from having visibility into the PDF files it opens, creating a security risk for users. These security tools work by injecting DLLs into software products being launched on a machine. Acrobat is actively checking if components from 30 security products are loaded into its processes and blocks them, essentially denying them from doing their job. Adobe says they are currently working with these vendors to address the issue. Details on the article. From ZDNet.com:In a move that will break absolutely nobody's heart, when Apple rolls out iOS 16 and MacOS Ventura, it will be the first to utilize Private Access Tokens instead of CAPTCHA challenges. Cloudflare estimates that up to 500 man-years are wasted each day looking for those grainy stop signs. No word from Google on when they will introduce this for Android, but they have been in the working group with Apple shaping the authentication standard. And last today, from TheHackerNews.comThe group behind the Raccoon Stealer malware have temporarily shuttered operations after the death of one of their team members. So the operators behind the Rig Exploit Kit have swapped the Raccoon out for the Dridex financial trojan. This little nasty has the capability to download additional payloads, steal customer login information from banking websites, capture screenshots, log keystrokes, and more. You can find additional details in the article. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
In today's podcast we cover four crucial cyber and technology topics, including: 1.RIG Exploit Kit replaces Raccoon Stealer with Dridex 2.Yodel parcels delayed amidst cyber attack 3.Kaspersky says newly dubbed ToddyCat abusing Microsoft Exchange 4.Microsoft says service outage related to power loss I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Two recent flaws can be combined to create very sophisticated phishing attacks.Dridex authors EvilCorp become a LockBit affiliate, likely in another effort to evade sanctions.POC code released for “trivial” to exploit Atlassian Confluence vulnerability.
Ob Ransomware-, Supply Chain- oder Social Engineering-Attacken: Cyber-Kriminelle gehen immer professioneller vor, die Zahl der Angriffe steigt, das Risiko für Unternehmen nimmt stetig zu. Mehr denn je sind Systemhäuser und Managed Service Provider gefragt, ihre Kunden mit effizienten Lösungen und passgenauen Strategien zu schützen und zu unterstützen. Ein chancenreicher Markt – aber auch ein enorm komplexer. Hunderte Hersteller, unzählige Produkte: wo anfangen? Das Portfolio reicht längst über Antivirus und Firewall hinaus, Konzepte wie #ZeroTrust oder #SASE und Angebote wie #SOC-Services stellen mächtige Werkzeuge im Kampf gegen die Cyberkriminalität dar. Sie fordern aber auch Know-how, Erfahrung und nicht zuletzt Investitionen. Der #LiveBarTalk in München diskutiert, welche #ITSecurity-Produkte und -Services Systemhäuser und Managed Service Provider heutzutage anbieten können und sollten und wie ein sinnvoller IT-Security-Stack in Zeiten von Emotet, Dridex und Co. aussieht. Unser Gast Alexander Häusler vom #TÜV Süd gewährt zudem brandaktuelle Einblicke in die derzeitige Bedrohungslage und in Strategien, mit denen sich Unternehmen und ihre IT-Partner bestmöglich schützen können. Denn auch IT-Anbieter selbst rücken zusehends in den Fokus der Cyber-Kriminellen. Sie sollten ihre Infrastruktur ebenso sogfältig absichern, um nicht zum Risiko und zum Einfallstor in das Netzwerk ihrer Kunden zu werden. SHOW NOTES
Welcome back to Source Code, Decipher's weekly news podcast with input from our sources. Researchers this week uncovered similarities in the code of the Dridex malware and Entropy ransomware. In other news, Nitin Natarajan, deputy director for the Cybersecurity and Infrastructure Security Agency (CISA), talked to Decipher this week about the agency's top initiatives.
[Referências do Episódio] - Novos ataques contra a Ucrânia - https://www.reuters.com/world/europe/ukrainian-government-foreign-ministry-parliament-websites-down-2022-02-23/ - Criminosos tentando tirar proveito das tensões entre Rússia e Ucrânia - https://www.securityweek.com/cybercriminals-seek-profit-russia-ukraine-conflict - Screenlocker com nota de resgate em português - https://twitter.com/malwrhunterteam/status/1496215292984369160 - Análise do Backdoor Bvp47 - https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf - Cyclops Blink é atribuído ao Sandworm como novo VPNFilter - https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter - VPNFilter tinha roteadores comprometidos anos após a desativação da ameaça - trendmicro.com/en_us/research/21/a/vpnfilter-two-years-later-routers-still-compromised-.html - Semelhanças entre o Entropy e o Dridex - https://www.sophos.com/en-us/press-office/press-releases/2022/02/sophos-uncovers-code-similarities-in-dridex-botnet-and-entropy-ransomware [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto
In today's podcast we cover four crucial cyber and technology topics, including: 1. Dridex uses Omicron exposure lures in new phishing attacks 2. Inetum Group in France hit with BlackCat ransomware 3. Albania Prime Minister apologies for massive data leak 4. D.W. Morgan exposed client data via misconfigured cloud database I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Today's Headlines and the latest #cybernews from the desk of the #CISO: Log4j vulnerability now used to install Dridex banking malware Microsoft Urges Customers to Patch Recent Active Directory Vulnerabilities FBI: Hackers are actively exploiting this flaw on ManageEngine Desktop Central servers Secret Backdoors Found in German-made Auerswald VoIP System T-Mobile says it blocked 21 billion scam calls this year Story Links: https://www.bleepingcomputer.com/news/security/log4j-vulnerability-now-used-to-install-dridex-banking-malware/ https://www.securityweek.com/microsoft-urges-customers-patch-recent-active-directory-vulnerabilities https://www.zdnet.com/article/fbi-hackers-are-actively-exploiting-this-flaw-on-manageengine-desktop-central-servers/ https://www.bleepingcomputer.com/news/security/t-mobile-says-it-blocked-21-billion-scam-calls-this-year/ https://thehackernews.com/2021/12/secret-backdoors-found-in-german-made.html “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine The Practitioner Brief is sponsored by: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub **** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Digital Debate, Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ James on Parler: @realjamesazar Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
Was verbindet Wolfgang Amadeus Mozart, David Alaba und unseren aktuellen SKYTALE Podcast? Nun, es ist die Zahl 27. Mozart ist am 27. Januar geboren, Alaba hat die 27 auf dem Trikot und unser Podcast hat die laufende Nummer 27 erreicht. Zum 27. Mal wollen wir uns mit Pleiten, Pech und Pannen in der IT und im Internet beschäftigen und über Gefahrenpotentiale, Bedrohungen, Angriffe und Betrugsversuche diskutieren. Themen heute sind unter anderem gehackte Mailserver, falsche Impfzertifikate, natürlich die Ransomware, mobile Security und Fortbildungen für Hacker. SKYTALE Online Akademie für IT-Sicherheit List of botnet Command&Control servers (C&Cs) tracked by Feodo Tracker, associated with Dridex, TrickBot, QakBot (aka QuakBot/Qbot), BazarLoader (aka BazarBackdoor) and Emotet (aka Heodo) Folge direkt herunterladen
Evil Corp використовує вірус-вимагач Hades, бо Dridex потрапив під санкції. Росія та Іран намагалися вплинути на вибори у США, а Китай ні. Розвідка США не здатна захистити SolarWinds та MS Exchange. Та ще багато-багато іншого!
Nederlandse bedrijven hebben ICT-beveiliging niet op orde en zijn extra kwetsbaar als medewerkers in de thuissituatie inloggen op het bedrijfsnetwerk. Criminelen zetten geen koevoet meer in je deurpost, maar gebruiken botnets, Dridex-malware en scams als je zorgeloos op een datingsite of -app zit. Hoe gaan ze te werk en wat kun je doen?
In today's podcast we cover four crucial cyber and technology topics, including: 1. Cisco addresses high security flaw 2. Spanish Railway attacked by ransomware gang3. Garmin suffers large-scale attack, likely ransomware 4. Kenya to receive 4G Internet access via balloons I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
En México, se preveé que el comercio electrónico aumente un 40 por ciento anual gracias a la crisis sanitaria del coronavirus y todos los que han pedido a través de portales como Amazon, Wish, Mercado Libre, etc saben que el correo electrónico es una forma fundamental para avisar si su paquete ya se envió y está en camino. Pues al tener un alto nivel de posibilidades de ser abiertos, son un gancho ideal para propagar el malware llamado Dridex que busca obtener datos bancarios. Los correos supuestamente te entregan una factura y le piden a los usuarios que habiliten “Macros”, un comando común en las aplicaciones de Microsoft y es entonces cuando un archivo malicioso se descarga. Los hackers están evadiendo los anti-virus gracias a que modificaron el código y usan una herramienta relativamente nueva llamada “Evil Clippy”, un recurso usado por los equipos de sombrero rojo en 2019. Se cree que el primer correo con esta técnica se mandó el 20 de abril y se enfoca en usuarios generales en vez de empleados de algun empresa en específico.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Malspam with Links to ZIP Archives Pushes Dridex Malware https://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/ Ramsay Cyber Espionage Toolkit https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/ Windows DNS over HTTPS Preview https://techcommunity.microsoft.com/t5/networking-blog/windows-insiders-can-now-test-dns-over-https/ba-p/1381282# ISC Handler Series (SANSFIRE) https://www.sans.org/event/sansfire-2020/bonus-sessions/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Malspam with Links to ZIP Archives Pushes Dridex Malware https://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/ Ramsay Cyber Espionage Toolkit https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/ Windows DNS over HTTPS Preview https://techcommunity.microsoft.com/t5/networking-blog/windows-insiders-can-now-test-dns-over-https/ba-p/1381282# ISC Handler Series (SANSFIRE) https://www.sans.org/event/sansfire-2020/bonus-sessions/
This week, Matt Mosley and Kash Izadseta cover Ransomware, what it is, what does it do, how to protect and recover, and how it is simliar to our COVID-19 pandemic Ransomware - DopplePaymer, BitPaymer, Dridex Visser Precision SpaceX, Boeing, Lockheed Martin Links mentioned in this episode: https://www.forbes.com/sites/daveywinder/2020/03/02/lockheed-martin-spacex-and-tesla-caught-in-cyber-attack-crossfire/#72839b527b2d https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/ http://tevoratalks.com Instagram, Twitter, Facbook: @TevoraTalks
This week on the Security Weekly News, Checkpoint Global Threat Index moved Dridex to third place, Dutch Telco towers damaged by 5G protestors, CyberCube reports indicate Increased targeting of C-Suite employees, Cybercrime may be the world's third-largest economy by 2021, and Jason Wood joins for the Expert Commentary on how WooCommerce Falls to Fresh Card-Skimmer Malware! Show Notes: https://wiki.securityweekly.com/SWNEpisode25 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week on the Security Weekly News, Checkpoint Global Threat Index moved Dridex to third place, Dutch Telco towers damaged by 5G protestors, CyberCube reports indicate Increased targeting of C-Suite employees, Cybercrime may be the world's third-largest economy by 2021, and Jason Wood joins for the Expert Commentary on how WooCommerce Falls to Fresh Card-Skimmer Malware! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://wiki.securityweekly.com/SWNEpisode25
This week on the Security Weekly News, Checkpoint Global Threat Index moved Dridex to third place, Dutch Telco towers damaged by 5G protestors, CyberCube reports indicate Increased targeting of C-Suite employees, Cybercrime may be the world's third-largest economy by 2021, and Jason Wood joins for the Expert Commentary on how WooCommerce Falls to Fresh Card-Skimmer Malware! Show Notes: https://wiki.securityweekly.com/SWNEpisode25 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Dridex Update https://isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/ Covid-19 Ransom https://twitter.com/johullrich/status/1242983197555789824 HP Enterprise SSD Firmware Bug https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00097382en_us Fake Google Chrome Update https://news.drweb.com/show/?i=13746&lng=en TrickBot Pushing a 2FA Bypass App in Germany https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Dridex Update https://isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/ Covid-19 Ransom https://twitter.com/johullrich/status/1242983197555789824 HP Enterprise SSD Firmware Bug https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00097382en_us Fake Google Chrome Update https://news.drweb.com/show/?i=13746&lng=en TrickBot Pushing a 2FA Bypass App in Germany https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/
12/13/19 Dridex; Vmware ESXi Escape; VPN Hijack; Internet Weather
Ocean Lotus puts down more roots in automobile manufacturing. Ransomware hits dentists’ IT providers as well as a Rhode Island town. The US is offering a reward of $5 million for information leading to the arrest or--and we stress “or”--conviction of Dridex proprietor Maksim Yakubets. Russian influence operations seem to be aiming at stirring things up over this week’s British election. And an awful lot of Windows 7 machines still seem to be out there. Joe Carrigan from JHU ISI on McAfee predictions of two-stage ransomware extortion. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/December/CyberWire_2019_12_09.html Support our show
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Increased Scans on Port 26 https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/ Recent Ursnif Malspam https://isc.sans.edu/forums/diary/Ursnif+infection+with+Dridex/25566/ Windows 7 Extended Security Updates https://www.microsoft.com/microsoft-365/partners/news/article/announcing-paid-windows-7-extended-security-updates QNAP Patches Photo Station https://www.qnap.com/en/security-advisory/nas-201911-25
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Increased Scans on Port 26 https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/ Recent Ursnif Malspam https://isc.sans.edu/forums/diary/Ursnif+infection+with+Dridex/25566/ Windows 7 Extended Security Updates https://www.microsoft.com/microsoft-365/partners/news/article/announcing-paid-windows-7-extended-security-updates QNAP Patches Photo Station https://www.qnap.com/en/security-advisory/nas-201911-25
A daily look at the relevant information security news from overnight.Episode 99 - 01 July 2019Dridex evolving - https://www.zdnet.com/article/new-dridex-malware-strain-avoids-antivirus-software-detection/Bad Squirrel - https://www.bleepingcomputer.com/news/security/microsoft-teams-can-be-used-to-download-and-run-malicious-packages/MongoDB leak - https://threatpost.com/mongodb-leak-exposed-millions-of-medical-insurance-records/146125/Microsoft Excel vuln - https://fortune.com/2019/06/27/microsoft-excel-security-vulnerability/“Ultra’ lock - https://threatpost.com/smart-lock-turns-out-to-be-not-so-smart-or-secure/146091/
Matt Miller’s #Assembly and #Reverse #Engineering class $150USD for each class, 250USD for both classes Syllabus : https://docs.google.com/document/d/1alsTUhGwAAnR6BA27gGo3OdjEHFnq2wtQsynPfeWzd0/edit?usp=sharing Please state which class you'd like to take when ordering in the "Notes" field in Paypal https://paypal.me/BDSPodcast/150usd To sign up for both classes: https://paypal.me/BDSPodcast/250usd Stories: https://threatpost.com/orbitz-warns-880000-payment-cards-suspected-stolen/130601/ TLS1.3 - https://www.theregister.co.uk/2018/03/27/with_tls_13_signed_off_its_implementation_time/ https://slate.com/technology/2018/03/facebook-acknowledges-it-kept-records-of-calls-and-texts-from-android-users.html https://www.csoonline.com/article/3264654/security/atlanta-officials-still-working-around-the-clock-to-resolve-ransomware-attack.html https://timtaubert.de/blog/2015/11/more-privacy-less-latency-improved-handshakes-in-tls-13 Sign up for Jay Beale's class at Black Hat 2018: https://www.blackhat.com/us-18/training/aikido-on-the-command-line-linux-lockdown-and-proactive-security.html #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite Join our #Slack Channel! Email us at bds.podcast@gmail.com or DM us on Twitter @brakesec #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
In today's podcast, we hear that hackers have looted cryptocurrency exchange Coincheck to the tune of about $530 million. Experty's ICO speculators get phished by crooks. Jackpotting hits American ATMs. The Dridex banking Trojan apparently has a ransomware sibling: FriedEx. Transduction attacks could hit IoT sensors. Steganographic app "Muslim Crypt" is designed for jihadist communication. North Korea tells Britain to mind its own business about WannaCry. Zulfikar Ramzan from RSA with his perspective on Spectre and Meltdown. Strava fitness app reveals locations of user activity.
The Digital Shadows Research Team provides an update on Dridex malware, Dark Caracal, Turla, and Cozy Bear.
In today's podcast, we hear about how a Word zero-day is spreading the Dridex banking Trojan. Amazon third-party sellers bitten by reused passwords. IBM catches Mirai mining Bitcoins. Symantec discerns Longhorn tools in WikiLeaks' Vault 7. Tensions over Syria's civil war seem to be behind the Shadow Brokers' return. ISIS is now attempting to recruit women to the Caliphate. Germany considers a cyber first-use doctrine. Crypto wars flare in Europe as French Presidential candidate Macron takes a strong anti-encryption line. The University of Maryland Center for Health and Homeland Security’s Ben Yelin weighs in on the FCC’s rollback of ISP privacy rules. Dario Forte from DF Labs cautions against AI hype. A Penn State professor takes the 2017 Gödel Prize for his work on differential privacy.
In today's podcast, we hear that yesterday's Internet outages were due to errors in Amazon's S3 servers. Dridex has evolved to become more evasive. The Necurs botnet acquires a DDoS capability. Web cache deception attack technique is described. Austrian authorities think they have a suspect in the attempted cyberattack on Vienna's airport. Palo Alto buys LightCyber. Companies continue to grapple with GDPR compliance. Uncertainty about US policy direction expected to drive an increase in foreign cyber espionage. The University of Maryland's Jonathan Katz reviews encryption types. Jon Gross from Cylance explains Snake Wine. Congress thinks about casus belli in cyberspace. And in the IoT, people are worried about everything from Terminators to Teddy bears.
In today's podcast we hear about patching: the good, the bad, and the ugly. But mostly the good. Dridex is back. Brussels airport hacker turns out to be a literal script-kiddie, with the emphasis on the "kiddie." Moscow treason trials shut down Russian cooperation with Western law enforcement. Robert Lord from Protenus returns to share their Breach Barometer Report results. Ben Yelin from the University of Maryland Center for Health and Homeland Security revisits the Playpen case. Industry notes, a look ahead to RSA, and some Valentine's Day advice.
In today's podcast, we hear that LeakedSource is down, maybe for good. DoubleFlag seems to be selling bogus data on the black market. (And where, we ask, is the Ripper review? If you can't trust a criminal, who can you trust these days? Sad.) Fancy Bear is back—actually, she never really left—now snuffling at British and German networks. Saudi Arabia remains on Shamoon alert. The Dridex banking Trojan has reappeared, in an improved version. Dale Drew from Level 3 Communications shares findings on the Asia Pacific region. Vince Crisler from Dark Cubed puts Grizzly Steppe in perspective. And tech support scammers get scammed—don't try this at home.
In today's podcast, we hear about an industrial espionage campaign against Germany's steel industry. Turkish hacktivists' Sledgehammer gamifies DDoS (and installs backdoors in its gamers). The Floki Bot Trojan is a cheap and evasive addition to the Zeus family. Dridex is back. GPS gets a cybersecurity upgrade. Too many people are still using Windows XP. Joe Carrigan from the Johns Hopkins University Information Security Institute reports back from the Grace Hopper conference. ZScaler's Deepen Desai describes the Stampado strain of ransomware. NSA is said to be struggling to compete with the private sector for cyber talent.
In today's podcast we review the bidding over responsibility for the DNC hack—most observers still think signs point toward Moscow. Wikileaks promises more DNC documents to come. Suspicions revive that the Cyber Caliphate may be a false-flag operation and other notes on the difficulty of attribution. Dridex may be present in some SWIFT-related bank fraud. Angler seems gone for good (but replaced by other exploit kits). UK MPs suggest holding CEO's responsible for breaches by hitting their pay. Tanium and FireEye and their rejected suitors. DoJ responds to the Silk Road appeal. Jonathan Katz from the University of Maryland explains the Etherium/DAO cryptocurrency heist, and Ryan Stolte from Bay Dynamics share results from a report on board room engagement with cyber.
AT&T Data Security Analysts, along with Rob Gresham of Intel Security, discuss ransomware, Dridex, Firefox vulnerabilities, and the Internet Weather Report. Originally recorded April 11, 2016.
In today's Daily Podcast we follow up on the Panama Papers' fallout. Leaker "John Doe" remains unidentified, and the scandal is roiling politics in Ukraine. Some observers think the Russian Financial Monitoring Service is behind the leaks. Dridex evolves into new lines of cyber crime. Juniper patches a suspect random number generator. GCHQ is said to have helped publishers stop the new Harry Potter book from leaking. And CyberWire editor John Petrik reviews an interesting price list from Dell SecureWorks.
More on Buhtrap and its sophisticated spearphishing of Russian banks. There are more reasons (as if they were needed) not to jailbreak your iPhones and iPads. Also, stay away from "adult" apps on your Android. And we hear from the University of Maryland's Ben Yelin, who brings us up to date on the lingering fallout of the Snowden leaks.
Dridex, Locky, PadCrypt, and extortion. Hollywood vs. ISIS? ISIS vs. ISIS? Apple vs. FBI.
Dridex & Locky, macro-spread malware. Apple, FBI, spar in & out of court. Dark Reading watches 20 startups.
AT&T Data Security Analysts discuss an Ebay vulnerability, fake download buttons, Android malware, securing web services, Dridex, Dyer, the Security Quiz, and the Internet Weather Report. Originally recorded February 9, 2016.
Zapraszamy do wysłuchania kolejnego podcastu. Adam Haertle (UPC Polska), Sergiusz Bazański (Dragon Sector) i Mirosław Maj (Fundacja Bezpieczna Cyberprzestrzeń) komentują ostatnie wydarzenia ze świata bezpieczeństwa teleinformatycznego. Dzisiejsze tematy to: – Wyciek danych z TalkTalk, – Walki z botnetem Dridex, – Atak na PageFair, – iPhone bug bounty, – Aresztowania w polskim underground, – HelloBarbie – prywatność https://www.cybsecurity.org/wp-content/uploads/2015/11/CyberCyber_9.mp3 RSS: https://www.cybsecurity.org/feed/podcast/ iTunes: https://itunes.apple.com/pl/podcast/cyber-cyber…/id988807509?mt=2 More