Podcasts about Emotet

23rd Sep: Blockchain DXB Podcast

For our 50th episode of the Security Swarm Podcast, Andy and Eric Siron look back at the last 49 episodes of the show. They go through some core security topics and discuss whether they're still relevant, how they've changed in comparison to the evolving threat landscape and provide updates on some of the major stories discussed.  This is part 1 of a 2-part episode, with part 2 coming next week.  Key Takeaways: AI-powered tools are a double-edged sword, capable of both beneficial and malicious applications.  Botnets and malware continue to be a persistent threat, as attackers adapt and find new ways to circumvent disruptions.  Email-based social engineering remains a significant vulnerability, as human nature makes it a difficult problem to solve.  Immutability and backups are critical for protecting against ransomware and data loss.  Securing cloud-based platforms like Microsoft 365 requires a nuanced approach, as the responsibility is shared between the provider and the customer.  Security awareness training can be challenging to implement effectively, requiring a balance between engagement and cost.  Navigating the relationship between IT administrators and CISOs is crucial for effective security management.  Timestamps: (00:31) Using ChatGPT to create ransomware - still a relevant and evolving topic  (02:22) How tech pros should handle security news and zero-days  (09:09) The re-emergence of Emotet and the challenges of disrupting botnets  (12:04) The persistent problem of social engineering and email attacks  (13:25) The importance of immutability and backups against ransomware  (16:29) The security of Microsoft 365  (19:35) Deep dive on the QuickBot malware  (20:20) The necessity of advanced threat protection (ATP)  (22:58) Guidance on effective security awareness training  (25:41) Tips for IT admins on working with CISOs  (26:07) Microsoft's throttling of legacy on-premises Exchange servers  (28:11) Discussing Episodes 12 and 13, recorded live at InfoSecurity Europe, on compliance and security horror stories   

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Mandiant has linked a series of data breaches affecting hundreds of Snowflake instances to the use of infostealer malware, primarily targeting non-Snowflake systems to harvest credentials.Authorities have ramped up something they are calling Operation Endgame which is an effort to capture a fellow that goes by the handle "Odd," the alleged mastermind behind the Emotet botnet.McAfee has identified a fake Bahrain government Android app masquerading as the Labour Market Regulatory Authority app, and is designed to steal personal data for financial fraud.A technical deep-dive on Operation Crimson Palace performed by Sophos X-ops: the operation exposes a sophisticated cyberespionage campaign targeting a Southeast Asian government, attributed to Chinese state interests.

Emotet is misschien wel het meest beruchte botnet uit de geschiedenis. Een botnet is een verzameling van met malware geïnfecteerde apparaten dat op afstand wordt bediend. Met de malware hebben criminelen een belangrijk hulpmiddel om bijvoorbeeld wachtwoorden te ontfutselen of om met ransomware cruciale netwerken van bijvoorbeeld ziekenhuizen te gijzelen. De malware-besmetting is verspreid over de hele wereld en maakt dan ook internationaal miljoenen slachtoffers. De geschatte schade die door Emotet is aangericht, heeft de onwerkelijke omvang van minimaal 2,5 miljard dollar. Wanneer Team High Tech Crime het botnet in het vizier krijgt, zien ze gelijk hoe complex het in elkaar zit. Met het botnet, de hele infrastructuur om het botnet heen en command-and-control servers in Rusland lijkt het bijna onbegonnen werk om Emotet uit de lucht te halen. Maar het botnet ongemoeid laten is ook geen optie...Meer weten over deze aflevering? Check het hier.Team High Tech Crime heeft als doel om Nederland veiliger en minder aantrekkelijk maken voor cybercriminelen. De politie is daarvoor altijd op zoek naar nieuwe collega's. Nieuwsgierig? Bekijk jouw mogelijkheden.Wij zijn benieuwd wat jij van deze podcast vindt, vul hier onze korte enquête in.Takedown is een XTR branded podcast in samenwerking met audio agency Airborne en de politie.

In H1 2023, intrusion vectors were closing left and right. This forced many cybercriminals to search for alternative ways to compromise devices of their victims. While some of the attackers tried revisiting old routes such as brute-forcing MS SQL servers or distributing (AI-generated?) sextortion and text-based email messages, others kickstarted several Android apps running usury schemes. But there's also good news. Emotet botnet went quiet after a month of dwindling and ineffective campaigning, and Redline stealer – a notorious malware-as-a-service – has been disrupted by ESET researchers and their friends at Flare systems. Of course, this podcast episode can only cover so much of the ESET Threat report. If you wish to learn about other topics it covers, visit WeLiveSecurity. Discussed: Sextortion and text-based threats 1:46, brute force attacks on MS SQL servers 7:10, usury Android apps 9:20, Emotet activity 13:25, RedLine Stealer disruption 16:45. Host: Aryeh Goretsky, ESET Distinguished Researcher Guest: Ondrej Kubovic, Security Awareness Specialist Read more @WeLiveSecurity.com and @ESETresearch on Twitter ESET Threat Reports and ESET APT Activity Reports

In today's episode, Andy and Umut are unravelling the transformative impact of AI in cybersecurity defense. Discover how AI empowers defenders with enhanced knowledge of setting up robust defense mechanisms, from firewalls to anomaly detection systems. Amidst the prevailing focus on AI's darker aspects, this episode illuminates its positive role in the security space, equipping blue teams to match wits with increasingly intelligent adversaries. Our hosts, Andy and Umut, both distinguished members of the Security Lab at Hornetsecurity, will provide expert insights into how Hornetsecurity's suite of products leverages AI to display a concrete example in the industry.  Join us as we shift the narrative from AI's potential for malicious use to how defensive toolsets and security experts are harnessing its power.   Timestamps:  3:12 – How has AI changed the threat landscape?  6:10 – How can AI help blue teams?  16:08 – An example of AI used defensively in a software stack  26:24 – What advancements in AI in the security space are we likely to see in the future?  Episode Resources: EP08: Advanced Threat Protection: A Must Have in Today's Ecosystem? EP03: The Reemergence of Emotet and Why Botnets Continue to Return Advanced Threat Protection Security Awareness Service OpenAI Cybersecurity Grant Program AI can steal data by listening to keystrokes with 95% accuracy Andy on LinkedIn, Twitter or Mastodon  Umut on LinkedIn 

In today's episode, Andy and Umut Alemdar explore one of the most malicious botnets in today's digital threat landscape: Qakbot. What makes Qakbot so dangerous?  Qakbot originally started out as an information stealer back in 2007. Over the years, it has undergone significant transformations, evolving into a multi-modular malware that poses a severe threat to businesses. In our discussion and analysis, we uncover its attack chain from infecting a system to downloading malicious payload.  Timestamps: 3:24 – What is Qakbot?  5:18 – An overview of Qakbot's attack chain and capabilities  14:38 – Mitigation and defence strategies for Qakbot   19:48 – What does the future look like for Qakbot?  Episode Resources: The Reemergence of Emotet and Why Botnets Continue to Return Security Awareness Service Advanced Threat Protection Find Andy on LinkedIn, Twitter or Mastadon Find Umut on LinkedIn 

Welcome back to the Security Swarm Podcast! In this episode, our host Andy Syrewicze talks with Umut Alemdar, Head of Security Lab here at Hornetsecurity, about the reemergence of Emotet and the pervasiveness of botnets. Why do they keep coming back?  Emotet, a well-known botnet for spreading malware and stealing personal information, had been dormant since December before reappearing in March 2023 with new tactics and capabilities. The Botnet has a modular architecture that allows threat actors to include any kind of payload that gets executed on the victim's device.  Tune in to hear Andy and Umut discuss the attack chain of Emotet, how it has evolved and the risks it may pose to your organization. They also explore why botnets such as Emotet persist despite efforts to shut them down.  Timestamps: 1:58 – What is Emotet?  6:25 – Emotet's Attack Chain  12:20 – How do Botnets continue to return?  14:44 – How can organizations guard against botnets like Emotet?  Episode resources: Hornetsecurity Article Regarding Emotet Hornetsecurity CyberSecurity Roundtable Discussion Advanced Threat Protection Security Awareness Services Andy on LinkedIn, Twitter, Mastadon Umut on LinkedIn

Welcome back for another episode of the Security Swarm Podcast, the podcast that brings you the insights and expertise straight from the Security Lab here at Hornetsecurity. In this episode, we'll be diving into recent security disclosures with Eric Siron, Microsoft MVP, and discussing how organizations should respond when vulnerabilities are discovered.  We'll focus on two major incidents as examples throughout this episode; the Outlook Vulnerability CVE-2023-23397, and the re-emergence of Emotet.  In today's digital landscape, threats are constantly evolving and becoming more sophisticated, making it critical to respond quickly and efficiently minimize the impact of such incidents. Whether you're a SysAdmin working in a small organization or the CISO of a large business, you have to be more vigilant, and have a plan.  Tune in to learn valuable insights into how tech professionals should handle security news.   Timestamps: 3:16 – A baseline example of a busy security news-cycle  8:00 – Keeping an eye on the security news-cycle and has it always been this way?  17:45 – What should organizations be doing to keep tabs on the security news-cycle?  23:21 – What can vendors be doing better to help SysAdmins handle security news?  Episode resources: CVE-2023-23397 The Re-Emergence of Emotet Hornetsecurity July 2022 Threat Review with Talk of Qakbot White House to Shift Cybersecurity Burden Andy on LinkedIn, Twitter, Mastadon Eric on Twitter

  For the 293rd episode of the Kaspersky Transatlantic Cable podcast, we are down to a two-man booth as both Dave and Jag are away on vacation. To kick things off, Ahmed and I take a look at a story that pulls the curtain back on one of the web's most notorious websites – 4Chan. We were kind of shocked when we saw who was one of the benefactors and am pretty sure that you will be as well.   We then climb out of the cesspool before falling into a story on a scam targeting taxpayers. From there, in the third story we look at a positive case for AI – yes, you read that right, we are positive on AI for once on the podcast. In this story, a university student uses AI to help get her out of a ticket.    The happy stories end there, as our next tale looks tragically at the use of airtags for vigilante justice in Texas. If you read the headline below, you know the story. To close things out, we talk about Elon Musk's weird move of adding the Dodge Coin logo to Twitter, replacing the very familiar bird.   If you liked what you heard, please consider subscribing. ·      Famed Japanese Toy Company Good Smile Has Reportedly Propped Up 4chan for Years ·      Emotet malware distributed as fake W-9 tax forms from the IRS ·      York student uses AI chatbot to get parking fine revoked ·      Texas man uses Apple AirTag to track down person who stole his truck, then kills him: Police Twitter replaces logo with doge as Musk seeks Dogecoin lawsuit dismissal

IcedID is evolving away from its banking malware roots. An Emotet phishing campaign spoofs IRS W9s. The FBI warns of BEC scams. A Fake booter service as a law enforcement honeypot. Phishing in China's nuclear energy sector. Reports of an OpenAI and a ChatGPT data leak. Does Iran receive Russian support in cyberattacks against Albania? My conversation with Linda Gray Martin and Britta Glade from RSAC with a preview of this year's conference. Our own Rick Howard takes a field trip to the National Cryptologic Museum. And De-anonymizing Telegram. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/58 Selected reading. Fork in the Ice: The New Era of IcedID (Proofpoint) Emotet malware distributed as fake W-9 tax forms from the IRS (BleepingComputer) Internet Crime Complaint Center (IC3) | Business Email Compromise Tactics Used to Facilitate the Acquisition of Commodities and Defrauding Vendors (IC3) Phishing Campaign Targets Chinese Nuclear Energy Industry (Intezer)  'Bitter' espionage hackers target Chinese nuclear energy orgs (BleepingComputer) UK Sets Up Fake DDoS-for-Hire Sites to Trap Hackers (PCMag Middle East) UK National Crime Agency reveals it ran fake DDoS-for-hire sites to collect users' data (Record) OpenAI: ChatGPT payment data leak caused by open-source bug (BleepingComputer) OpenAI says a bug leaked sensitive ChatGPT user data (Engadget) March 20 ChatGPT outage: Here's what happened (OpenAI) How Albania Became a Target for Cyberattacks (Foreign Policy)  Russia's Rostec allegedly can de-anonymize Telegram users (BleepingComputer)

NBA is warning fans of a data breach after a third-party newsletter service hack Emotet malware now distributed in Microsoft OneNote files to evade defenses Dutch shipping giant Royal Dirkzwager confirms Play ransomware attack Thanks to this week's episode sponsor, Conveyor Love security questionnaires? Then you're going to hate Conveyor: the end-to-end trust platform built to eliminate questionnaires. Infosec teams have reduced questionnaires by 80% by giving their customers access to our self-serve trust portal to download docs and answers.  For any remaining questionnaires that do come in, use our GPT-Questionnaire Eliminator response tool or white-glove questionnaire completion service to knock them off your to-do list.  Use all 3 parts of the platform to solve the questionnaire problem or start with one. Learn more at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.  

Heute mit: Emotet, Atomkraft für den Mond, Drohnenflüge, Original-iPhone

0:00 Classic Ides situation 0:10 GPT-4, Microsoft fires ethics team 1:35 Meta's LLaMA running amok 2:28 Windows 11 taskbar being fixed? 3:28 Vessi Footwear 4:09 QUICK BITS 4:16 Google's AI moves 4:57 Meta lays off another 10,000 people 5:43 Another Call of Duty deal 6:33 Emotet botnet is back 7:28 SpaceX Starship odds: 50/50 News Sources: https://lmg.gg/a1B62

In this episode, we sit down with Matt Bromiley to talk about some of the latest intel coming out of the LimaCharlie community Slack channel:A new Microsoft Word Vulnerability: CVE-2023-21716. The Emotet botnet is back spamming again.A previously undisclosed toolset used by Sharp Panda, a long-running Chinese cyber-espionage operation targeting Southeast Asian government entities.A SpaceX vendor has been compromised by a LockBit affiliate.Ring LLC, the home security and smart home company owned by Amazon, has been ransomed by ALPHV ransomware group.And an interview with Joe Schreiber, Co-founder and CEO of appNovi.Joe has been doing IT security since dial-up. He utilizes his knowledge and experience as a practitioner, software developer, and business developer to build highly functional, scalable, usable and quality software.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Coping with Silicon Valley Bank's collapse. BatLoader's abusing Google Search Ads. More on Emotet's re-emergence. Reflections on Medusa rising. An international law enforcement action against NetWire. Rob Shapland from Falanx Cyber on ethical hacking and red teaming. Bryan Ware from LookingGlass looks at exploited vulnerabilities in the US financial sector. And in Ukraine, it's more-or-less quiet on the cyber front (but in Estonia and Georgia, not so much). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/48 Selected reading. One of Silicon Valley's top banks fails; assets are seized (AP NEWS) US, UK try to stem fallout from Silicon Valley Bank collapse (AP NEWS) In abrupt reversal, regulators to cover Silicon Valley Bank, Signature uninsured deposits (American Banker) Silicon Valley Bank collapse will not trigger new financial crisis, insists Sunak (The Telegraph) ‘Banking system is safe': Joe Biden reassures markets in address on Silicon Valley Bank collapse – live updates (the Guardian)  BatLoader Continues to Abuse Google Search Ads to Deliver Vidar Stealer and Ursnif (eSentire)  BATLOADER Malware Uses Google Ads to Deliver Vidar Stealer and Ursnif Payloads (The Hacker News)  Emotet Again! The First Malspam Wave of 2023 (Deep Instinct)  Emotet attempts to sell access after infiltrating high-value networks (SC Media)  Medusa ransomware gang picks up steam as it targets companies worldwide (BleepingComputer) Alleged seller of NetWire RAT arrested in Croatia (Help Net Security) FBI and international cops catch a NetWire RAT (Register) How the FBI proved a remote admin tool was actually malware (TechCrunch) Estonia's Election Was More Than Just a Win for Kallas (World Politics Review)  Estonian official says parliamentary elections were targeted by cyberattacks (Record)

On the latest episode of the Security Sprint, Andy bails Dave out on some technology issues and they work through it to cover the following topics. FBI IC3 Report:  FBI Internet Crime Report 2022 (PDF) & Report Statistics  Risky Biz News: BEC loses top spot in FBI Internet Crime report, 12 Mar  Physical Security: NJ [.] com:  Man yelled ‘white lives matter,' threw smoke bombs at N.J. church's anti-racism concert, 06 Mar  Michigan Man Arrested and Charged For Illegally Possessing Firearms While Making Threats to Kill Government Officials, 10 Mar Florida neo-Nazis who projected a swastika on a downtown building say the hysteria over drag queens is helping them recruit people, 10 Mar ODNI Annual Threat Assessment:  'ODNI Releases 2023 Annual Threat Assessment of the U.S. Intelligence Community and see here, PDF report, and U.S. Senate Hearing 08 Mar  Risky Biz News: ODNI report highlights China as the US' biggest cyber threat, 09 Mar  SVB:  Statement from President Joe Biden on Actions to Strengthen Confidence in the Banking System  READOUT: Financial Stability Oversight Council Meeting on March Federal Reserve Board - Federal Reserve Board announces it will make available additional funding to eligible depository institutions to help assure …  Federal Reserve Board - Joint Statement by Treasury, Federal Reserve, and FDIC  Silicon Valley Bank: why did it collapse and is this the start of a banking crisis?  In historic last-minute deal, HSBC acquires Silicon Valley Bank UK, says all depositors' money is safe  Silicon Valley's surreal weekend  SVB's ventures are taken apart in China, UK after US bank's collapse  Other Cybersecurity Updates:  Cyber Incident Reporting Framework: Global Edition (PDF)  NBC: Data breach hits ‘hundreds' of lawmakers and staff on Capitol Hill, 08 Mar  CNN: Hundreds of US lawmakers and staff affected by data breach, 08 Mar  WaterISAC: Threat Awareness – Keep Our Eyes on Emotet, 09 Mar  Cofense: Emotet Sending Malicious Emails After Three-Month Hiatus, 07 Mar  WIRED: The Era of Faked CCTV Has Truly Arrived, 07 Mar  Washington Post: Cyberattacks Are Just One Part of Hybrid Warfare, 07 Mar  Ransomware:  WIRED: Ransomware Attacks Have Entered a ‘Heinous' New Phase, 13 Mar  Security Scorecard: ESXi Ransomware - A case study of Royal Ransomware Prepared by: Vlad Pasca, Senior Malware & Threat Analyst  Sentinel Labs: IceFire Ransomware Returns; Now Targeting Linux Enterprise Networks, 09 Mar  John Cena: Cybersecurity Enthusiast (?): @CenaOnSecurity  Gate 15's upcoming Blue Jeans Workshop: Addressing MDM Threats While Protecting Free Speech

A wormable version of the PlugX USB malware is found. Compromised webcams as a security threat. Emotet botnet out of hibernation. Proof-of-concept: AI used to generate polymorphic keylogger. Turning to alternatives as conventional tactics fail. Dave Bittner speaks with Eve Maler of ForgeRock to discuss how digital identity can help create a more secure connected car experience. Johannes Ullrich from SANS on configuring a proper time server infrastructure. And Phishing messages via legitimate Google notifications. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/46 Selected reading. A border-hopping PlugX USB worm takes its act on the road (Sophos News) BitSight identifies thousands of global organizations using insecure webcams and other IoT devices, finding many susceptible to eavesdropping (BitSight)  Emotet malware attacks return after three-month break (BleepingComputer) BlackMamba: Using AI to Generate Polymorphic Malware (HYAS)  Russian Cyberwar in Ukraine Stumbles Just Like Conventional One (Bloomberg) Australian official demands Russia bring criminal hackers ‘to heel' (The Record by Recorded Future) Russia will have to rely on nukes, cyberattacks, and China since its military is being thrashed in Ukraine, US intel director says (Business Insider)  BEC 3.0 - Legitimate Sites for Illegitimate Purposes  (Avanan)

Bipartisan bill allows for US ban of TikTok EU concerned with Twitter's content moderation plans Emotet malware returns after three-month hiatus Thanks to today's episode sponsor, Packetlabs Looking for the right cybersecurity service provider can be a daunting task. How do you know if they're trustworthy and reliable? Packetlabs has made it easier for you with our free Penetration Testing buyers guide. We've compiled a list of the top 20 questions you should ask potential providers to ensure you make an informed decision. Download the guide today at ciso.packetlabs.net. For the stories behind the headlines, visit CISOseries.com.

Microsoft has started blocking the execution of XLL add-ins downloaded from the Internet. The hacking group DragonSpark is leveraging Golang source code interpretation to evade detection. Threat actors are turning to Sliver to replace more popular frameworks Cobalt Strike and Metasploit. Over 4,500 WordPress sites have been hacked and Emote malware makes a comeback. Emotet is back with new evasion techniques in MS Excel.We also sit down with Michael Argast, Co-founder and CEO of Kobalt.io. We learn about Kobalt's approach to scaling cybersecurity services for small and medium-sized businesses, and also some great advice on what it takes to build services for this part of the market. A great conversation that is full of tidbits of wisdom for anybody looking to start a security services company.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

Hello World! It's February 01, 2023. Welcome to a new edition of Cyber Briefing by CyberMaterial. Let's review the latest cybersecurity alerts and incidents. Cyber Alerts: Hackers Use TrickGate software to deploy Emotet, REvil and other malwares Prilex malware modification now targeting contactless credit card transactions Pro-Palestine hackers threaten Israeli chemical companies Microsoft disables verified partner accounts used for OAuth phishing Cyber Incidents Latvia confirms phishing attack on Ministry of Defense, linking it to Russian hacking group GitHub revokes code signing certificates stolen in repo hack Charter Communications says vendor breach exposed some customer data Southern Arizona's largest school district hit by cyber attack This Cyber Briefing was brought to you by SAINT, your Artificial Intelligence Newscaster! Stay tuned for our next Cyber Briefing! For more, visit cybermaterial.com Subscribe and Comment. Copyright © 2023 CyberMaterial. All Rights Reserved. Listen to Cyber Briefing on Apple Podcasts and Spotify. Follow CyberMaterial on LinkedIn, Twitter, Reddit, Instagram, Facebook, Youtube, and Medium.

Cyber attack disrupts esport event Qbot overtakes Emotet CircleCI breach caused by infostealer Thanks to today's episode sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don't support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com.

Five Minute Forecast for the week of November 28th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. Massive data breach at Twitter exposes millions of phone numbers U.S. authorities seize pig butchering sites Pro-Russia “hacktivists” take down the European Parliament website And senior reverse engineer Pim Trouerbach shares the latest developments with Emotet.

Emotet's return. LodaRAT improvements. Callback phishing leads to data theft extortion.

Emotet returns with a malspam vengeance Google publishes YARA rules for Cobalt Strike Ticketmaster blames “bot attacks” for ticketing fiasco Thanks to today's episode sponsor, Compyl This thanksgiving, sit around the table and be thankful for Compyl. Compyl is an all-in-one platform that supercharges your security program and takes control of your compliance and audits. Automate workflows, audit collection, compliance management, and all the boring security stuff. Learn about Compyl today at www.compyl.com.

Welcome back to the Source Code news wrap podcast. This week, we discuss recent changes to the Emotet malware and vulnerabilities disclosed in F5 BIG-IP appliances.

Meta employees, contractors compromised customer accounts. Nemesis Kitten found in US Government network. Unpatched Magento instances hit with "TrojanOrders." Emotet has returned after three quiet months. DDoS attacks in game servers by RapperBot. Carole Theriault looks at long term lessons learned from the 2019 Capital One breach. FBI Cyber Division AD Bryan Vorndran updates us on cyber threats. And an alleged "Zeus" cybercrime boss has been arrested in Switzerland. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/221 Selected reading. Meta Employees, Security Guards Fired for Hijacking User Accounts (Wall Street Journal) CISA Alert AA22-320A – Iranian government-sponsored APT actors compromise federal network, deploy crypto miner, credential harvester. (CyberWire) Iranian Government-Sponsored APT Actors Compromise Federal Network, Deploy Crypto Miner, Credential Harvester (CISA) Iranian government-linked hackers got into Merit Systems Protection Board's network (Washington Post) Iranian hackers compromise US government network in cryptocurrency generating scheme, officials say (CNN) Magento stores targeted in massive surge of TrojanOrders attacks (BleepingComputer)  A Comprehensive Look at Emotet's Fall 2022 Return (Proofpoint)  Notorious Emotet botnet returns after a few months off (Register)  Updated RapperBot malware targets game servers in DDoS attacks (BleepingComputer)  Russia's cyber forces ‘underperformed expectations' in Ukraine: senior US official (The Hill) Suspected Zeus cybercrime ring leader ‘Tank' arrested by Swiss police (BleepingComputer)

ShadowTalk host Chris alongside guests Kim gives you the latest in threat intelligence. This week they cover: -British Government Scanning UK Devices -Twitter's Verification Process -Latest Emotet Return Get this week's intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-11-nov ***Resources from this week's podcast*** Cyber Threats to the FIFA World Cup Qatar 2022 https://www.digitalshadows.com/blog-and-research/cyber-threats-to-the-fifa-world-cup-qatar-2022/ Dark Web Recruitment: Malware, Phishing and Carding https://www.digitalshadows.com/blog-and-research/dark-web-recruitment-malware-phishing-and-carding/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don't forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

ShadowTalk host Nicole alongside guests Ivan give you the latest in threat intelligence. This week they cover: -APT10 leveraging antivirus to deploy LODEINFO malware -New Azov data wiper attempting to frame security researchers -New Emotet malicious spam campaign Get this week's intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-04-nov ***Resources from this week's podcast*** Q3 2022 Vulnerability Roundup https://www.digitalshadows.com/blog-and-research/q3-2022-vulnerability-roundup/ 2023 Cyber Threat Predictions https://www.digitalshadows.com/blog-and-research/2023-cyber-threat-predictions/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don't forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

Leveraging Microsoft Dynamics 365 Customer Voice for credential harvesting. Emotet is back. Black Basta ransomware linked to Fin7. A Russophone gang increases activity against Ukrainian targets. Betsy Carmelite from Booz Allen Hamilton on adversary-informed defense. Our guest is Tom Gorup of Alert Logic with a view on cybersecurity from a combat veteran. And Russia regrets that old US lack of cooperation in cyberspace–things would be so much better if the Anglo-Saxons didn't think cyberspace was the property of the East India Company. Or something like that. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/212 Selected reading. Abusing Microsoft Customer Voice to Send Phishing Links (Avanan)  Emotet botnet starts blasting malware again after 5 month break (BleepingComputer)  Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor (SentinelOne)  RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom (BlackBerry)  Russia cyber director warns no U.S. cooperation risks "mutual destruction" (Newsweek)

This episode reports on Emotet, new phishing scams and a heat scanner that researchers say can deduce your passwords from a keyboard

Emotet ups its game. COVID-19 small business grants as phishbait. Google Translate is spoofed for credential harvesting. Research on the Budworm espionage group. Kevin Magee from Microsoft shares why cybersecurity professionals should join company boards. Our guest is Chris Niggel from Okta with a look at identity shortfalls. And Internet outages during missile strikes, and the prospects of Russia's hybrid war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/197 Selected reading. Emotote's evolution. (ESET) Fresh Phish: Small Business COVID-19 Grants Designed for Disaster (INKY) Spoofing Google Translate to Steal Credentials (Avanan)  Budworm: Espionage Group Returns to Targeting U.S. Organizations (Symantec Blog)  Internet outages hit Ukraine following Russian missile strikes (Bitdefender) Starlink helped restore energy, communications infrastructure in parts of Ukraine - official (Reuters) Ukraine's Vice PM Thanks Starlink for Help to Restore Connections After Missile Attack from Russia (Tech Times) We must tackle Europe's winter cyber threats head-on (POLITICO) The conflict in Ukraine makes us rethink cyberwar (The Japan Times)

ShadowTalk host Nicole alongside Stefano give you the latest in threat intelligence. This week they cover: -LockBit Builder leak, -Lapsus$ breaches Rockstar Games and Uber, -Emotet pushes Quantum and Alphv ransomware Get this week's intelligence summary at: resources.digitalshadows.com/weekly-int…ry-23-sept

This episode reports on browser malware, a data breach at American Airlines and ransomware

Preventing ISO Malware https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062 State of Emotet https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022 Undermining Microsoft Teams Security by Mining Tokens https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens

Preventing ISO Malware https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062 State of Emotet https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022 Undermining Microsoft Teams Security by Mining Tokens https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens

An update on the Uber breach. Emotet and other malware delivery systems. Belarusian Cyber Partisans work against the regime in Minsk. Grayson Milbourne of Webroot on the arms race for vulnerabilities. Rick Howard continues his exploration of cyber risk. And risky piracy sites–that's on the Internet, kids, not the high seas. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/180 Selected reading. Developments in the case of the Uber breach. (CyberWire) Preliminary lessons from the Uber breach. (CyberWire) Uber says “no evidence” user accounts were compromised in hack (The Verge) Uber Claims No Sensitive Data Exposed in Latest Breach… But There's More to This (The Hacker News) Uber apparently hacked by teen, employees thought it was a joke (The Verge) Uber hacker claims to have full control of company's cloud-based servers (9to5Mac) The Uber Hack's Devastation Is Just Starting to Reveal Itself (WIRED)  Uber was breached to its core, purportedly by an 18-year-old. Here's what's known (Ars Technica) Uber hacked by teen who annoyed employee into logging them in - report (Jerusalem Post) 18-year-old allegedly hacks Uber and sends employees messages on Slack (Interesting Engineering) Uber Investigating Massive Security Breach by Alleged Teen Hacker (Gizmodo) Uber cyber attack: protecting against social engineering (Information Age) Threat actor breaches many of Uber's critical systems (Cybersecurity Dive) Uber hacker claims to have full control of company's cloud-based servers (9to5Mac) Uber confirms hack in the the latest access and identity nightmare for corporate America (SC Media) Uber hacked, attacker tears through the company's systems (Help Net Security) Uber confirms it is investigating cybersecurity incident (The Record by Recorded Future) UBER HAS BEEN HACKED, boasts hacker – how to stop it happening to you (Naked Security) Emotet and other malware delivery systems. (CyberWire) Emotet botnet now pushes Quantum and BlackCat ransomware (BleepingComputer) AdvIntel's State of Emotet aka "SpmTools" Displays Over Million Compromised Machines Through 2022 (AdvIntel) August's Top Malware: Emotet Knocked off Top Spot by FormBook while GuLoader and Joker Disrupt the Index (Check Point Software) How Belarusian hacktivists are using digital tools to fight back (The Record by Recorded Future) Malvertising on piracy sites. (CyberWire) Unholy Triangle (Digital Citizens' Alliance) Piracy Advertising Researchers Fall Victim to Ransomware Attacks (TorrentFreak)

SANSFIRE Keynote Stream https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/ Extracting URLs from Emotet with Cyberchef https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/ Microsoft rolling Back Macro Policy Change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Checkmate Ransomware Affected Poorly Configured QNAP NAS https://www.qnap.com/en/security-advisory/QSA-22-21 PyPi Requires 2FA for critical packages https://pypi.org/security-key-giveaway/

SANSFIRE Keynote Stream https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/ Extracting URLs from Emotet with Cyberchef https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/ Microsoft rolling Back Macro Policy Change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Checkmate Ransomware Affected Poorly Configured QNAP NAS https://www.qnap.com/en/security-advisory/QSA-22-21 PyPi Requires 2FA for critical packages https://pypi.org/security-key-giveaway/

Welcome to this week's episode of the PEBCAK Podcast! We've got four amazing stories this week so sit back, relax, and keep being awesome! Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”

This episode reports on the continued rise of the Emotet botnet, more malware going after vulnerabilities in Confluence and a Facebook scam

Another hacked broadcast in a hybrid war. Hunting forward as an exercise in threat intelligence collection and sharing. Cyber threats to the US midterm elections. Phishing for cryptocurrency. FakeCrack delivers a malicious payload to the unwary. Vacations are back. So is travel-themed phishbait. Ann Johnson from Microsoft shares insights on the trends she's tracking here at RSA. Johannes Ullrich brings highlights from his RSA conference panel discussion. And Emotet returns, in the company of some old familiar criminal collaborators. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/111 Selected reading. Hacked Russian radio station broadcasts Ukrainian anthem (Washington Post)  Ukraine Successfully Defends Its Cyberspace While Russia Leans Heavily on Guns, Bombs (CNET) Ukraine war: US cyber chief on Kyiv's advantage over Russia (Sky News) NSA Director Confirms Cyber Command 'Hunt Forward' Approach Applies to Russia (ClearanceJobs)  Experts, NSA cyber director say ransomware could threaten campaigns in 2022 (CyberScoop) Ransomware, botnets could plague 2022 midterms, NSA cyber director says (The Record by Recorded Future) How Cyber Criminals Target Cryptocurrency (Proofpoint) Crypto stealing campaign spread via fake cracked software (Avast) Threat Actors Prepare Travel-Themed Phishing Lures for Summer Holidays (Hot for Security) Emotet Malware Returns in 2022 (Deep Instinct)

Killnet hits Italian targets. Access to RuTube is restored. Hacktivism in the hybrid war. Emotet surges. Clearing up the confusion of NPM dependency confusion attacks. Tim Eades from Cyber Mentor Fund on finding the right investors. Our guest is Michael DeBolt of Intel 471 on the growing interest in Biometrics in the criminal underground. And cybercrime and punishment, Florida-man edition. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/92 Selected reading. Ukraine maps reveal how much territory Russia has lost in just a few days (Newsweek)  Pro-Russian hackers target Italy institutional websites -ANSA news agency (Reuters)  Russian cyber experts restore RuTube access after three-day outage (Reuters)  They Fled Ukraine to Keep Their Cyber Startup Alive. Now, They're Hacking Back. (Wall Street Journal) Ukraine hacktivism 'problematic' for security teams says NSA cyber chief (Tech Monitor) HP Wolf Security Threat Insights Report Q1 2022 | HP Wolf Security (HP Wolf Security) npm supply chain attack targets Germany-based companies with dangerous backdoor malware (JFrog) SaaS App Vanity URLs Can Be Spoofed for Phishing, Social Engineerin (SecurityWeek) Trio Of Cybercriminals Sentenced For Conspiracy To Commit Fraud And Aggravated Identity Theft (US Attorney for the Middle District of Florida)

Emotet malware, medical device insecurity, digital signing with HID Global, and more. Emotet Malware evolving its install techniques, now uses PowerShell Tenable's Bit Discovery buy underscores demand for deeper visibility of IT assets Early discovery of Pipedream malware a success story for industrial security Many Medical Device Makers Skimp on Security Practices  HID Global Director of Product Management Mrugesh Chandarana talks about digital signatures Hosts: Louis Maresca and Curt Franklin Co-Host: Heather "Mo" Williams Guest: Mrugesh Chandarana Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: canary.tools/twit - use code: TWIT plextrac.com/twit Compiler - TWIET

This week on the Security Weekly News: Owl grease, Docker, Nimbuspwn, Edge, Emotet, NPM, as well as all the Show Wrap Ups for this week! Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn208

Heightened cyber tension as Quds Day approaches. Costa Rican electrical utility suffers from Conti ransomware. Emotet's operators seem to be exploring new possibilities. North Korean cyber operators target journalists who cover the DPRK. A guilty plea in a strange case of corporate-connected cyberstalking. Bel Yelin ponders the potential Twitter takeover. Mr. Security Answer Person John Pescatore addresses questions about vendors. And cybercrime, run like a business. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/80 Selected reading. Russia's invasion of Ukraine: List of key events from day 62 (Al Jazeera)  Ukraine takes war behind enemy lines as Russian fuel depots set ablaze (The Telegraph)  Russia pounds eastern Ukraine as West promises Kyiv new arms (AP NEWS)  Finland, Sweden to begin NATO application in May, say local media reports (Reuters)  ‘Thanks, Putin': Finnish and Swedish Lawmakers Aim for NATO Membership (Foreign Policy)  World War Three now a 'real' danger, Russian foreign minister Sergei Lavrov warns (The Telegraph)  Moscow cites risk of nuclear war as U.S., allies pledge heavier arms for Ukraine (Reuters)  Russia Warns of Nuclear War Risk as Ukraine Talks Go On (Bloomberg)  From Jordan to Japan: US invites 14 non-NATO nations to Ukraine defense summit (Breaking Defense) State TV says Iran foiled cyberattacks on public services (AP NEWS) State TV Says Iran Foiled Cyberattacks on Public Services (SecurityWeek) Iranian hackers claim they've hit the Bank of Israel - but ‘no proof,' cyber authority says (Haaretz) North Korean hackers targeting journalists with novel malware (BleepingComputer) The ink-stained trail of GOLDBACKDOOR (Stairwell) Conti ransomware cripples systems of electricity manager in Costa Rican town (The Record by Recorded Future)  Emotet Tests New Delivery Techniques (Proofpoint)  Ex-eBay exec pleads guilty to harassing couple whose newsletter raised ire (Reuters) Mastermind of Natick couple's harassment pleads guilty (Boston Globe)  Former eBay Executive Pleads Guilty to His Role in Cyberstalking Campaign (US Department of Justice)  Cyberkriminelle bieten Schadsoftware kostenlos an (IT-Markt)

In a hybrid war, sometimes it's about the timing. Not quite all quiet on the cyber front. Pyongyang is phishing for crypto wallets (and your NFTs, and other blockchained valuables). Emotet really likes those malicious macros. Joe Carrigan looks at prompt bombing. Bec McKeown from Immersive Labs explains human cyber capabilities. And it's our anniversary this week: celebrate with us. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/75 Selected reading. Ukraine Update: Zelenskiy Says Battle for Donbas Has Begun (Bloomberg)  Ukraine at D+50: Russian reconstitution continues as shields stay up for ICS attacks. (The CyberWire) Military intel chief believes Russia not to achieve any wins in Ukraine by Easter as Kremlin wishes (Ukrinform) Ukraine War Divides Orthodox Faithful (New York Times)  US officials ramp up warnings about Russian cyberattacks (The Hill)  NATO Plays Cyberwar to Prep for a Real Russian Attack (Gizmodo)  FS-ISAC Leads Financial Sector in Global Live-Fire Cyber Exercise Locked Shields (PR Newswire)  If anyone understands Russian cyber dangers, it's Estonia's former president (Washington Post) North Korean State-Sponsored APT Targets Blockchain Companies (CISA)   TraderTraitor: North Korean State-Sponsored APT Targets Blockchain Companies (CISA)  US warns of Lazarus hackers using malicious cryptocurrency apps (BleepingComputer)  Trends in the Recent Emotet Maldoc Outbreak | FortiGuard Labs (Fortinet Blog)

Example of Cobalt Strike form Emotet Infection https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Intel Updates https://www.intel.com/content/www/us/en/security-center/default.html NaturalFreshMall: A Mass Store Attack https://sansec.io/research/naturalfreshmall-mass-hack

0.0.0.0 in Emotet Spambot Traffic https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/ Linux Patch to Make 0.0.0.0/8 Routable https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96125bf9985a WebKit Patch for Cross Origin Database Name Leak https://trac.webkit.org/changeset/288078/webkit ACER Care Center Privilege Escalation https://aptw.tf/2022/01/20/acer-care-center-privesc.html Imporper Input Validation Vulnerability in Serv-U https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247