POPULARITY
Referências do EpisódioCritical Cisco Smart Licensing Utility flaws now exploited in attacksCisco Smart Licensing Utility Vulnerabilities (CVE-2024-20439 e CVE-2024-20440)CVE-2025-23120By Executive Order, We Are Banning Blacklists - Domain-Level RCE in Veeam Backup & Replication (CVE-2025-23120)RansomHub: Attackers Leverage New Custom BackdoorUnboxing Anubis: Exploring the Stealthy Tactics of FIN7's Latest BackdoorUAT-5918 targets critical infrastructure entities in TaiwanRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Silent Push's recent analysis reveals new tactics by the FIN7 cybercriminal group, which is leveraging AI-based “DeepNude Generators” as part of a phishing campaign to spread malware. Microsoft's Digital Crimes Unit (DCU), in partnership with the U.S. Department of Justice, has taken steps to dismantle cyber operations by Star Blizzard, a Russian state-affiliated actor also known as COLDRIVER.Aqua Security's detailed research on perfctl describes it as a highly stealthy malware that targets Linux servers using a range of sophisticated methods.Comcast recently disclosed that over 237,000 customers had their personal data compromised due to a ransomware attack targeting a former debt collection agency, Financial Business and Consumer Solutions (FBCS).TrustedSec's research on EKUwu sheds light on a significant Active Directory Certificate Services (AD CS) vulnerability that allows attackers to misuse version 1 certificate templates. Stats on business outcomes after breaches referenced by Matt.
Interpol arrests eight in an international cybercrime crackdown. A MedusaLocker variant targets financial organizations. Cloudflare mitigates a record DDoS attempt. Insights from the Counter Ransomware Initiative summit. Fin7 uses deepnudes as a lure for malware. Researchers discovered critical vulnerabilities in DrayTek routers. CISA issues urgent alerts for products from Synacor and Ivanti. A former election official gets nine years in prison for a voting system data breach. Microsoft and the DOJ seize domains used by Russia's ColdRiver hacking group. On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. to learn how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. Harvard students demonstrate glasses that can see through your privacy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices Segment On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. Eric talks about how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. You can check out Strata's blog on “Understanding the 7 A's of IAM” and their book on “Identity Orchestration for Dummies”. Selected Reading International police dismantle cybercrime group in West Africa (The Record) New MedusaLocker Ransomware Variant Deployed by Threat Actor (Infosecurity Magazine) Cloudflare Mitigates Record Breaking 3.8 Tbps DDoS Attack (Hackread) Recently patched CUPS flaw can be used to amplify DDoS attacks (Bleeping Computer) More frequent disruption operations needed to dent ransomware gangs, officials say (CyberScoop) FIN7 hackers launch deepfake nude “generator” sites to spread malware (Bleeping Computer) 14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries (Security Affairs) CISA Warns Active Exploitation of Zimbra & Ivanti Endpoint Manager Vulnerability (Cyber Security News) Former Mesa County clerk sentenced to 9 years for 2020 voting system breach (CyberScoop) Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (Bleeping Computer) Someone Put Facial Recognition Tech onto Meta's Smart Glasses to Instantly Dox Strangers (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Recorded Future - Inside Threat Intelligence for Cyber Security
The Russian-speaking cyber gang, FIN7, has fooled red team hackers into doing their dirty work by masquerading as legitimate cybersecurity companies just looking for talent. Silent Push's Zach Edwards talks about the scam.
Recorded Future - Inside Threat Intelligence for Cyber Security
Investigators have been chasing the Russian-speaking cyber gang for years — and they've stayed just one step ahead. Threat researcher Zach Edwards lays out why bringing gangs like this to justice has always been so hard.
[Referências do Episódio] FIN7: The Truth Doesn't Need to be so STARK - https://www.team-cymru.com/post/fin7-the-truth-doesn-t-need-to-be-so-stark WHD 12.8.3 Hotfix 1 - https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1 Cryptocurrency Lures and Pupy RAT: Analysing the UTG-Q-010 Campaign - https://cyble.com/blog/analysing-the-utg-q-010-campaign/ EastWind campaign: new CloudSorcerer attacks on government organizations in Russia - https://securelist.com/eastwind-apt-campaign/113345/ PrestaShop GTAG Websocket Skimmer - https://blog.sucuri.net/2024/08/prestashop-gtag-websocket-skimmer.html Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
Windows outage worldwide UK national blood stocks suffer the effects of ransomware Security flaws in SAP AI Core cloud-based platform Thanks to today's episode sponsor, Conveyor It's Friday and Conveyor hopes you don't have a meaty security questionnaire waiting for you on the other side of this podcast. If you do, you should check them out. As the market leader in instant, generative AI answers to entire security questionnaires, Conveyor helps you complete questionnaires fast, no matter the format they're in, so you don't feel like you're getting crushed by the wave of unfinished work. Learn why we're the software your infosec friends love at www.conveyor.com For the stories behind the headlines, head to CISOseries.com
Report highlights alarming speed PoC exploits are weaponized.Kaspersky offers 6 months free service as farewell to US market.Fin7 offers sophisticated evasion tool on underground markets.CrowdStrike botched update causes global havoc.
Cisco has identified a critical security flaw in its SSM On-prem. The world's largest recreational boat and yacht retailer reports a data breach. The UK's NHS warns of critically low blood stocks after a ransomware attack. Port Shadow enables VPN person in the middle attacks. Ivanti patches several high-severity vulnerabilities. FIN7 is advertising a security evasion tool on underground forums. Indian crypto exchange WazirX sees $230 million in assets suspiciously transferred. Wiz documents vulnerabilities in SAP AI Core. DDoS for hire team faces jail time. Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins us to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software." Playing red-light green-light with traffic light controllers. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins us to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software." Selected Reading Cisco discloses a 10.0 CVSS rating vulnerability in SSM On-Prem (Stack Diary) Yacht giant MarineMax data breach impacts over 123,000 people (Bleeping Computer) UK national blood stocks in 'very fragile' state following ransomware attack (The Record) Port Shadow Attack Allows VPN Traffic Interception, Redirection (SecurityWeek) Ivanti Issues Hotfix for High-Severity Endpoint Manager Vulnerability (SecurityWeek) Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums (Security Affairs) WazirX reports security breach at crypto exchange following $230 million 'suspicious transfer' (TechCrunch) SAPwned: SAP AI vulnerabilities expose customers' cloud environments and private AI artifacts (Wiz Blog) Jail time for operators of DDoS service used to crash thousands of devices (Cybernews) Hackers could create traffic jams thanks to flaw in traffic light controller, researcher says (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
FIN7 is a highly active and capable cybercrime group also known as Carbanak that has been evolving and using its own tools such as AVNeutralizer for many years. SentinelOne researchers Antonio Cocomazzi helps us dig into the group's tactics and tools.Read Antonio's new research here: https://www.sentinelone.com/labs/fin7-reboot-cybercrime-gang-enhances-ops-with-new-edr-bypasses-and-automated-attacks/
Two swift responses to recent cyberattacks. Frontier Communications discloses cyberattack. Texas town repels water system cyberattack by unplugging. List of undesirables falls into the wrong hands. CryptoChameleon phishing kit impersonates LastPass. Ransomware payments trending down in Q1 2024 and a warning for small to medium-sized businesses. US auto manufacturers targeted by FIN7. Akira ransomware has made $42 million since March 2023. No more WhatsApp or Threads in China. Concerning drop in US cybersecurity job listings. Our guest is Zscaler's Chief Security Officer Deepen Desai exploring encrypted attacks amidst the AI revolution. Meghan Markle hacked by Kate supporters. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Deepen Desai, Chief Security Officer and SVP Security Engineering & Research at Zscaler, joins us to talk about exploring encrypted attacks amidst the AI revolution. Selected Reading Frontier Communications Shuts Down Systems Following Cyberattack (SecurityWeek) Tiny Texas City Repels Russia-Tied Hackers Eyeing Water System (Bloomberg) Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals (The Register) Advanced Phishing Kit Adds LastPass Branding for Use in Phishing Campaigns (LastPass) Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! (Help Net Security) FIN7 cybercriminals targeted large U.S. automotive manufacturer last year (The Record) Akira Ransomware Made Over $42 Million in One Year: Agencies (SecurityWeek) Apple pulls WhatsApp, Threads from China App Store following state order (TechCrunch) Alarming Decline in Cybersecurity Job Postings in the US (Infosecurity Magazine) Meghan Markle's new lifestyle website hijacked by anonymous user whose ‘thoughts are with Kate' (GB News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
In today's podcast we cover four crucial cyber and technology topics, including: 1. Cisco addresses flaw in IMC products 2. FIN7 gang targets U.S. car maker IT staff 3. Researches uncover stealthy backdoor, link to Russia4. North Korean actors increase campaign volume, abuse DMARC I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Join Ryan Kovar, Mick Baccio, and Audra Streetman for this week's Coffee Talk with SURGe where they'll discuss an update from CISA and the FTC regarding Log4Shell and a warning from the FBI about FIN7 packages with BadUSBs. The trio will also discuss the 2022 Global Risks Report from the World Economic Forum. Mick and Ryan compete in a charity countdown to explain if they think cyber issues should be part of a "global risk" report. Finally, Mick and Ryan discuss the need for more risk analysis within organizations.
On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Germans charge FinFisher executives The got FBI busted misusing 702 data Special guest Chris Krebs talks China, new CISA mandates and more New research breaks Android fingerprint auth Much, much more This week's show is brought to you by Trail of Bits. Dan Guido is this week's sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Congress looks to expand CISA's role, adding responsibilities for satellites and open source software | CyberScoop Biden nominates Lt. Gen. Timothy Haugh for top position at NSA, Cyber Command Unsere Strafanzeige: Staatsanwaltschaft erhebt Anklage gegen FinFisher The Real Risks in Google's New .Zip and .Mov Domains | WIRED FBI misused controversial surveillance tool to investigate Jan. 6 protesters Suspicion stalks Genesis Market's competitors following FBI takedown Crimephones Are a Cop's Best Friend - by Tom Uren The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED Some Of Russia's Most Dangerous Cybercriminals Just Had Their Malware Dealer Unmasked Shifting tactics fuel surge in Business Email Compromise Treasury Department sanctions entities tied to North Korean IT scams, hacking | CyberScoop Chinese Labs Are Selling Fentanyl Ingredients for Millions in Crypto | WIRED Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption | WIRED Here's how long it takes new BrutePrint attack to unlock 10 different smartphones | Ars Technica It took 48 hours, but the mystery of the mass Asus router outage is solved | Ars Technica Popular Android TV boxes sold on Amazon are laced with malware | TechCrunch Teen hacker charged in scheme to siphon funds from sports betting accounts Researchers tie FIN7 cybercrime family to Clop ransomware German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack Dallas courts still closed 2 weeks post-ransomware attack | Cybersecurity Dive Health insurer says patients' information was stolen in ransomware attack Patients angered after Oklahoma allergy clinic blames cyberattack for shutdown UK steel industry supplier Vesuvius says ‘cyber incident' cost £3.5 million Researchers infiltrate Qilin ransomware group, finding lucrative affiliate payouts A different kind of ransomware demand: Donate to charity to get your data back | CyberScoop Joe Tidy on Twitter: "A bizarre one from Reading courts - an IT Security worker pleads guilty to piggy-backing off a cyber attack against his own firm. Liles switched the ransom payment details to his own Bitcoin wallet and changed the hacker's email to secretly apply pressured on bosses to pay up. https://t.co/Ze4yAJA6vM" / Twitter ChatGPT Scams Are Infiltrating Apple's App Store and Google Play | WIRED
On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Germans charge FinFisher executives The got FBI busted misusing 702 data Special guest Chris Krebs talks China, new CISA mandates and more New research breaks Android fingerprint auth Much, much more This week's show is brought to you by Trail of Bits. Dan Guido is this week's sponsor guest and he joins us to talk about the work Trail of Bits is doing in securing AI systems, and making them safe. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Congress looks to expand CISA's role, adding responsibilities for satellites and open source software | CyberScoop Biden nominates Lt. Gen. Timothy Haugh for top position at NSA, Cyber Command Unsere Strafanzeige: Staatsanwaltschaft erhebt Anklage gegen FinFisher The Real Risks in Google's New .Zip and .Mov Domains | WIRED FBI misused controversial surveillance tool to investigate Jan. 6 protesters Suspicion stalks Genesis Market's competitors following FBI takedown Crimephones Are a Cop's Best Friend - by Tom Uren The Underground History of Turla, Russia's Most Ingenious Hacker Group | WIRED Some Of Russia's Most Dangerous Cybercriminals Just Had Their Malware Dealer Unmasked Shifting tactics fuel surge in Business Email Compromise Treasury Department sanctions entities tied to North Korean IT scams, hacking | CyberScoop Chinese Labs Are Selling Fentanyl Ingredients for Millions in Crypto | WIRED Leaked EU Document Shows Spain Wants to Ban End-to-End Encryption | WIRED Here's how long it takes new BrutePrint attack to unlock 10 different smartphones | Ars Technica It took 48 hours, but the mystery of the mass Asus router outage is solved | Ars Technica Popular Android TV boxes sold on Amazon are laced with malware | TechCrunch Teen hacker charged in scheme to siphon funds from sports betting accounts Researchers tie FIN7 cybercrime family to Clop ransomware German arms company Rheinmetall confirms Black Basta ransomware group behind cyberattack Dallas courts still closed 2 weeks post-ransomware attack | Cybersecurity Dive Health insurer says patients' information was stolen in ransomware attack Patients angered after Oklahoma allergy clinic blames cyberattack for shutdown UK steel industry supplier Vesuvius says ‘cyber incident' cost £3.5 million Researchers infiltrate Qilin ransomware group, finding lucrative affiliate payouts A different kind of ransomware demand: Donate to charity to get your data back | CyberScoop Joe Tidy on Twitter: "A bizarre one from Reading courts - an IT Security worker pleads guilty to piggy-backing off a cyber attack against his own firm. Liles switched the ransom payment details to his own Bitcoin wallet and changed the hacker's email to secretly apply pressured on bosses to pay up. https://t.co/Ze4yAJA6vM" / Twitter ChatGPT Scams Are Infiltrating Apple's App Store and Google Play | WIRED
The EU fines Meta for transatlantic data transfers. FIN7 returns, bearing Cl0p ransomware. Python Package Index temporarily suspends new registrations due to a spike in malicious activity. Typosquatting and TurkoRAT. UNC3944 uses SIM swapping to gain access to Azure admin accounts. A Turla retrospective. Rick Howard tackles workforce development. Our guest is Andrew Peterson of Fastly to discuss the intricate challenges of secure software development. And the FBI was found overstepping its surveillance authorities. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/98 Selected reading. Meta Fined $1.3 Billion Over Data Transfers to U.S. (Wall Street Journal) Meta fined record $1.3 billion and ordered to stop sending European user data to US (AP News) Notorious Cyber Gang FIN7 Returns With Cl0p Ransomware in New Wave of Attacks (The Hacker News) Researchers tie FIN7 cybercrime family to Clop ransomware (The Record) Cybercrime gang FIN7 returned and was spotted delivering Clop ransomware (Security Affairs) PyPI new user and new project registrations temporarily suspended. (Python) PyPI repository restored after temporarily suspending new activity (Computing) RATs found hiding in the NPM attic (ReversingLabs) Legitimate looking npm packages found hosting TurkoRat infostealer (CSO Online) SIM Swapping and Abuse of the Microsoft Azure Serial Console: Serial Is Part of a Well Balanced Attack (Mandiant) Mozilla Explains: SIM swapping (Mozilla) The Underground History of Russia's Most Ingenious Hacker Group (WIRED) Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia's Federal Security Service (US Department of Justice) Hunting Russian Intelligence “Snake” Malware (CISA) FBI misused intelligence database in 278,000 searches, court says (Reuters) FBI misused controversial surveillance tool to investigate Jan. 6 protesters (The Record) FBI broke rules in scouring foreign intelligence on Jan. 6 riot, racial justice protests, court says (AP News)
Hey, it's 5:05 on Monday, May 22nd, 2023. From the Sourced Podcast Network in New York city, this is your host, Pokie Huang. Stories in today's episode come from Edwin Kwan in Sydney, Australia, Derek Weeks in Bethesda, Maryland, Kadi Grigg in Alexandria, Virginia, Katy Craig in San Diego, California, Marcel Brown in St. Louis, Missouri. Let's get to it.PyPI Struggling with High Volume of Malware
In today's podcast we cover four crucial cyber and technology topics, including: 1. Attackers targeting vulnerable backups 2. Cold Storage giant cancels orders following cyber attack 3. Banks in UK disrupted prior to payday 4. OpenAI allowed back in Italy following privacy concerns I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Github, FIN7, Banks, Minecraft, Google Authenticator, Qualcomm, TenCent, BlueSky, Derek Johnson talks about China and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn293
Github, FIN7, Banks, Minecraft, Google Authenticator, Qualcomm, TenCent, BlueSky, Derek Johnson talks about China and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn293
Github, FIN7, Banks, Minecraft, Google Authenticator, Qualcomm, TenCent, BlueSky, Derek Johnson talks about China and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn293
Github, FIN7, Banks, Minecraft, Google Authenticator, Qualcomm, TenCent, BlueSky, Derek Johnson talks about China and More on this episode of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn293
Google targets CryptBot malware infrastructure. FIN7 attacked Veeam servers to steal credentials. Ransomware-as-a-service offering threatens Linux systems. Evasive Panda targets NGOs in China. Anonymous Sudan is active against targets in Israel. Russian ransomware operations aim at disrupting supply chains into Ukraine. Our guest is Stuart McClure, CEO of Qwiet AI. Microsoft's Ann Johnson stops by with her take on the RSA conference. And bots want new kicks. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/81 Selected reading. Continuing our work to hold cybercriminal ecosystems accountable (Google) Google Disrupts Massive CryptBot Malware Operation (Decipher) Google disrupts malware that steals sensitive data from Chrome users (TechCrunch) FIN7 Hackers Caught Exploiting Recent Veeam Vulnerability (SecurityWeek) RTM Locker Ransomware as a Service (RaaS) Now on Linux (Uptycs) Evasive Panda APT group delivers malware via updates for popular Chinese software (WeLiveSecurity) NSA sees 'significant' Russian intel gathering on European, U.S. supply chain entities (CyberScoop) Ukraine at D+427: Russian cyberattacks and disinformation before Ukraine's spring offensive. (CyberWire) Releasing leak suspect a national security risk, feds say (AP NEWS) Pentagon leak suspect may still have access to classified info, court filings allege (the Guardian) Netacea Quarterly Index: Top 5 Scalper Bot Targets of Q1 2023 (Netacea)
New vulnerability found in WooCommerece Gift Cards Premium Wordpress plugin with CVSS score of 9.8.Fin7 has developed an AI-powered automated attacking tool called Checkmarks. Checkmarks is designed to auto-attack ms exchange systems, perform post exploitation actions, and grab enough data to allow FIN7 to understand their victim.Raspberry Robin has a new feature. This version of Raspberry Robin has two payloads, one designed to be discovered if the malware believes it's being analyzed in a sandbox. This fake payload look legit including looking at the registry on start up to check for infection, pulling down an adware named 'browserassist'. This payload has shellcode and a PE file with the MZ magic bytes removed to hide its not a PE file.Plus an interview with Jason Chan, former VP of Information Security at Netflix about how he helped build their security program from the ground up.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.
This episode reports on protecting Exchange Servers and Exchange Online, a report on the FIN7 ransomware gang and more bad Android apps
Daily Cybersecurity News: Inglis Resigns, Guardian hit by Ransomware, FIN7 Target Exchange & More Cybersecurity News CyberHub Podcast December 22nd, 2022 Today's Headlines and the latest #cybernews from the desk of the #CISO: Critical Vulnerabilities Found in Passwordstate Enterprise Password Manager Guardian newspaper hit by suspected ransomware attack Godfather Android Banking Trojan Targeting Over 400 Applications FIN7 hackers create auto-attack platform to breach Exchange servers White House cyber adviser to resign Story Links: https://www.securityweek.com/critical-vulnerabilities-found-passwordstate-enterprise-password-manager https://therecord.media/guardian-newspaper-hit-by-suspected-ransomware-attack-staff-told-not-to-come-to-office/ https://www.securityweek.com/godfather-android-banking-trojan-targeting-over-400-applications https://www.bleepingcomputer.com/news/security/fin7-hackers-create-auto-attack-platform-to-breach-exchange-servers/ https://thehill.com/policy/cybersecurity/3783867-white-house-cyber-adviser-to-resign/ Apply now to be a featured partner on the show: https://www.cyberhubpodcast.com/contact ****** Find James Azar Host of CyberHub Podcast, CISO Talk, and Goodbye Privacy James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/c/TheCyberHubPodcast Rumble: https://rumble.com/c/c-1353861 Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel! #cybernews #infosec #cybersecurity #cyberhubpodcast #practitionerbrief #cisotalk #ciso #infosecnews #infosec #infosecurity #cybersecuritytips #podcast #technews #tinkertribe #givingback...
In this week's episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss an Austrailian bank, Medibank who faces possible class action after a devastating data breach that left millions of customers exposed. Who is allegdly behind this hack? Meanwhile, they continue to dive deeper into why Austrailia is considering banning the payment of ransoms to cybercriminals because of Medibank. Next, the crew talks about a Canadian food retail giant, Sobeys, who was hit by Black Basta ransomware. What should the grocery store have in place so their IT systems don't disrupt their operations again? Tune in. Meanwhile, the experts get into another ransomware attack that shut down two counties, Jackson and Hillsdale in Michigan because of a systems outage. What's going on here? Lastly, the cyber experts talk about 42,000 web domains that impersonate well-known brands to redirect users to sites promoting adware apps, dating sites, or 'free' giveaways. Like and share the show! Articles that were used: https://www.news.com.au/technology/online/hacking/medibank-faces-possible-class-action-after-hack-leaves-millions-of-customers-exposed/news-story/aa73c71740879c524b6dc01bfe268350 https://www.reuters.com/technology/australia-consider-banning-paying-ransoms-cyber-criminals-2022-11-12/ https://nbc25news.com/news/local/jackson-and-hillsdale-counties-close-due-to-ransomware-attack https://www.bleepingcomputer.com/news/security/canadian-food-retail-giant-sobeys-hit-by-black-basta-ransomware/ https://www.bleepingcomputer.com/news/security/42-000-sites-used-to-trap-users-in-brand-impersonation-scheme/
Welcome back to Source Code, Decipher's weekly news wrap podcast with input from our sources. This week's podcast looks at a new analysis linking Black Basta ransomware to FIN7 tools, the release of a new OpenSSL version addressing high-severity flaws and top findings about the adoption of authentication methods highlighted in the 2022 Duo Trusted Access report.
Leveraging Microsoft Dynamics 365 Customer Voice for credential harvesting. Emotet is back. Black Basta ransomware linked to Fin7. A Russophone gang increases activity against Ukrainian targets. Betsy Carmelite from Booz Allen Hamilton on adversary-informed defense. Our guest is Tom Gorup of Alert Logic with a view on cybersecurity from a combat veteran. And Russia regrets that old US lack of cooperation in cyberspace–things would be so much better if the Anglo-Saxons didn't think cyberspace was the property of the East India Company. Or something like that. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/212 Selected reading. Abusing Microsoft Customer Voice to Send Phishing Links (Avanan) Emotet botnet starts blasting malware again after 5 month break (BleepingComputer) Black Basta Ransomware | Attacks Deploy Custom EDR Evasion Tools Tied to FIN7 Threat Actor (SentinelOne) RomCom Threat Actor Abuses KeePass and SolarWinds to Target Ukraine and Potentially the United Kingdom (BlackBerry) Russia cyber director warns no U.S. cooperation risks "mutual destruction" (Newsweek)
Ransomware attacks impacted 66% of organizations in 2021. As threat actor groups like FIN7 take advantage of expanded networks, security weaknesses, and human trust, it's more important than ever to keep up with their level of prowess. Cybrary's "enterprise defender," Owen Dubiel, and "chief thief," Matt Mullins, discuss how their cybersecurity work experiences informed their Ransomware for Financial Gain course series modeled after FIN7's techniques. Follow each part of their attack scenario that lets you emulate adversaries before enhancing your detections to reduce your risk of being the next ransomware victim. Why choose between the red and blue teams when you can do both? Check Owen and Matt's Threat Actor Campaign series, where you'll learn the tactics and techniques used by real-world adversaries! ~Threat Actor Campaigns Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
L'orizzonte di un mondo in cui potremo riparare da soli (o quasi) gli smartphone, le novità di GitHub sulla sicurezza, l'arresto di un pirata informatico del gruppo Fin7 e le novità legate a Twitter. Nella seconda parte, intervista con Andrea Daniele Signorelli sul “fenomeno” Elon Musk.
ShadowTalk host Chris alongside Ivan and Austin bring you the latest in threat intelligence. This week they cover: * Spring4Shell: The Internet security disaster that wasn't * New Borat remote access malware is no laughing matter * FIN7 hackers evolve toolset, work with multiple ransomware gangs ***Resources from this week's podcast*** Intelligence Collection Plans: Preparation Breeds Success https://www.digitalshadows.com/blog-and-research/intelligence-collection-plans-preparation-breeds-success/ Team A Vs Team B: What Is Motivating Lapsus$? https://www.digitalshadows.com/blog-and-research/team-a-vs-team-b-what-is-motivating-lapsus/ Five Things We Learned From The Conti Chat Logs https://www.digitalshadows.com/blog-and-research/five-things-we-learned-from-the-conti-chat-logs/ Explaining Spring4Shell: The Internet security disaster that wasn't https://arstechnica.com/information-technology/2022/04/explaining-spring4shell-the-internet-security-disaster-that-wasnt/ New Borat remote access malware is no laughing matter https://www.bleepingcomputer.com/news/security/new-borat-remote-access-malware-is-no-laughing-matter/ FIN7 hackers evolve toolset, work with multiple ransomware gangs https://www.bleepingcomputer.com/news/security/fin7-hackers-evolve-toolset-work-with-multiple-ransomware-gangs/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don't forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.
Welcome back to Source Code, Decipher's weekly news podcast with input from our sources. In this week's podcast, a Ukrainian man was sentenced to five years in jail this week for his work with the financially motivated FIN7 cybercrime group, which researchers with Mandiant in an analysis revealed continues to evolve its tactics for initial access, first-stage malware delivery and more. Also this week, Meta announced it disrupted two separate cyberespionage groups from Iran that were using a variety of tactics on its platforms to target academics, activists, journalists and other victims.
In today's podcast we cover four crucial cyber and technology topics, including: 1.API flaw in financial firm could have allowed mass account takeovers 2.Hamas-linked threat actors target Israeli industries in large campaign 3.Fin7 criminal from Ukraine sentenced to prison 4.Microsoft begins disrupting Russian cyber criminal infrastructureI'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/ Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks New Security Features for Windows 11 https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/ Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7 https://www.mandiant.com/resources/evolution-of-fin7
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Why Spring4Shell isn't all hype How Viasat actually got owned Russian war crimes likely extend to coercing sysadmis Why lighter fluid and a box of matches is more effective than cyber in Belarus Much, much more This week's sponsor interview is with Bernard Brantley, Corelight's Chief Information Security Officer. Corelight makes a network sensor you can use to plug in to your SIEM, among other things. It's based on Zeek, the open source network sensor that Corelight maintains. Corelight is absolutely the industry standard for this sort of thing. And they've just become the standard for something else, too: Microsoft Defender for IoT can now accept Corelight feeds. Bernard fills us in on that. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Explaining Spring4Shell: The Internet security disaster that wasn't | Ars Technica VMware sprung by Spring4shell vulnerability - Security - iTnews Viasat confirms report of wiper malware used in Ukraine cyberattack - The Record by Recorded Future VIASAT incident: from speculation to technical details. AcidRain | A Modem Wiper Rains Down on Europe - SentinelOne EXCLUSIVE Hackers who crippled Viasat modems in Ukraine are still active- company official | Reuters Kevin Collier on Twitter: "In a Zoom presser earlier today, UKR Telecom CIO Kirill Goncharuk said the hack on his ISP started with compromised credentials from an employee in a territory Russia recently occupied. Declined to address the potential implication that the employee was physically coerced." / Twitter Ukrainian CERT details Russia-linked phishing attacks targeting government officials - The Record by Recorded Future The Belarus ‘railway rebels', who dare stop Vladimir Putin's invasion in its tracks German wind turbine maker shut down after cyberattack - The Record by Recorded Future Hacker accessed 319 crypto- and finance-related Mailchimp accounts, company said - The Record by Recorded Future Trezor cryptocurrency wallets targeted with phishing attacks following Mailchimp compromise | The Daily Swig Two alleged Lapsus$ teens appear in London court IT giant Globant discloses hack after Lapsus$ leaks 70GB of stolen data | Ars Technica Notorious hacking group FIN7 adds ransomware to its repertoire NSA employee indicted for mishandling Top Secret information - The Record by Recorded Future Debate erupts at news the White House may scale back DOD cyber-ops authorities Legislators rail against potential rollback of flexible DOD cyber powers ‘Dangerous' EU web authentication plan threatens to undercut browser-led certification system, detractors claim | The Daily Swig Trend Micro warns of active attacks against Apex Central console | The Daily Swig Apple releases fixes for two zero-days affecting Macs, iPhones and iPads - The Record by Recorded Future Zyxel patches critical vulnerability that can allow Firewall and VPN hijacks | Ars Technica GitLab addresses critical account hijack bug | The Daily Swig Ola Finance DeFi platform hacked, nearly $5 million stolen - The Record by Recorded Future Bank that lacked basic security suffers predictable fate • The Register Corelight Announces Integration for Microsoft Defender for IoT as a Data Source for the Platform
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/ Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks New Security Features for Windows 11 https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/ Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7 https://www.mandiant.com/resources/evolution-of-fin7
Kontynuujemy specjalną edycję naszego podcastu w nowej formule codziennych raportów. Od poniedziałku do piątku relacjonujemy dla Was najważniejsze wydarzenia z zakresu działań podejmowanych w cyberprzestrzeni. W dzisiejszym odcinku wystąpili Piotr Kępski i Kamil Gapiński. Dzisiejsze tematy: Borat, nowy RAT o szerokich funkcjonalnościach; Źródło 2 Chińscy hakerzy wykorzystują VLC Media Player do wstrzykiwania malware‘u W Stanach Zjednoczonych More
Disinformation at the UN. Russian cyber operations against Ukraine. Bravo, BKA: German police take down a major contraband market. Under arrest but still in business? At least someone's carrying on for Lapsus$. Compromise at Mailchimp. Joe Carrigan describes Javascript vulnerabilities. Carole Theriault with an eye on romance scams through the lens of Netflix's "The Tinder Swindler". And a well-known gang branches out. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/65 Selected reading. Live Updates: U.N. Security Council to Meet as Evidence of War Crimes Mounts (New York Times) Elephant Framework Delivered in Phishing Attacks against Ukrainian Organizations (Intezer) Germany takes down Hydra, world's largest darknet market (BleepingComputer) LAPSUS$ hacks continue despite two hacker suspects in court (Naked Security) FIN7 hackers evolve toolset, work with multiple ransomware gangs (BleepingComputer) Notorious hacking group FIN7 adds ransomware to its repertoire (CyberScoop) Hackers breach MailChimp's internal tools to target crypto customers (BleepingComputer) Email marketing giant Mailchimp has confirmed a data breach (TechCrunch)
[Referências do Episódio] - Novo estudo sobre o FIN7 - https://www.mandiant.com/resources/evolution-of-fin7 - Incidente na MailChimp esteve no contexto do ataque contra a Trezor - https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/ - CVE-2022-22965 em produtos da VMware - https://www.vmware.com/security/advisories/VMSA-2022-0010.html - Push Protection do GitHub - https://github.blog/2022-04-04-push-protection-github-advanced-security/ - Anti-tampering no DLP da Forcepoint - https://mrd0x.com/tampering-with-forcepoint-dlp/ - CVE-2022-27608 no ForcePoint - https://help.forcepoint.com/security/CVE/CVE-2022-27608.html - CVE-2022-27609 no ForcePoint - https://help.forcepoint.com/security/CVE/CVE-2022-27609.html [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto
This week Dave (https://dgshow.org/hosts/dave) and Gunnar (https://dgshow.org/hosts/gunnar) talk about automating ransomware, automating prosecution, automating defense attorneys, and a bridge “Sent from my iPhone”: 5 Helpful Tips on How to Write Emails from Your Phone (https://www.grammarly.com/blog/how-to-write-emails-from-mobile/) Air Conditioning test in Allendale (https://www.atlasobscura.com/places/austin-air-conditioned-village) FBI: FIN7 hackers target US companies with BadUSB devices to install ransomware (https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/) See also: D&G 138 (https://dgshow.org/138) (from 2017!) Almost related: Remote staff are using ‘mouse movers' to keep their computer awake and fool the boss (https://metro.co.uk/2021/12/09/remote-staff-use-mouse-movers-to-keep-laptops-awake-and-fool-bosses-15741764/) Chinese scientists develop AI ‘prosecutor' that can press its own charges (https://www.scmp.com/news/china/science/article/3160997/chinese-scientists-develop-ai-prosecutor-can-press-its-own) "A computer can never be held accountable. Therefore, a computer must never make a management decision." (https://photos.app.goo.gl/Mi2jpYcpsCfiQKfH8) DoNotPay: This 'Robot Lawyer' Might Save Your Banned Social Media Account (https://gizmodo.com/this-robot-lawyer-might-save-your-banned-social-media-a-1848260777) Akron police investigating after 58-foot bridge goes missing (https://fox8.com/news/akron-police-investigating-after-58-foot-bridge-went-missing/) Suspect charged after 58-foot bridge stolen in Akron (https://fox8.com/news/suspect-charged-after-58-foot-bridge-stolen-in-akron/) Cutting Room Floor * Blower (https://apps.apple.com/us/app/blower/id335862325): Blow out candles with iPhone! * How Does This App Blow Out Candles? (https://www.youtube.com/watch?v=tX6XSs2T5Go) * Henry Kissinger fulfilling his dream of being a weatherman. (http://www.weirduniverse.net/blog/comments/henry_kissinger_weatherman) * What your favorite sad dad band says about you (https://www.mcsweeneys.net/articles/what-your-favorite-sad-dad-band-says-about-you) We Give Thanks * The D&G Show Slack Clubhouse for the discussion topics!
What's up, everyone! In this episode, Ryan, Shannon, and LeVon discuss the FBI's flash warning concerning the cybercrime group, FIN7, and their clever use of ransomware-ridden USB drives. Please LISTEN
The FIN7 ransomware group has been sending malware laden BadUSB devices to targets in the United States. https://therecord.media/fbi-fin7-hackers-target-us-companies-with-badusb-devices-to-install-ransomware/ Yealink phones are communicating with Chinese based servers three times a day and are able to review and log all network traffic flowing through the headset. https://www.defenseone.com/technology/2022/01/common-office-desk-phone-could-be-leaking-info-chinese-government-report-alleges/360500/ 0:00 - Intro 0:38 - Yealink handsets calling home to Chinese servers 4:20 - Mitigating Yealink concerns 8:55 - FIN7 sending LilyGo branded malware laden BadUSB drives to American companies and agencies 12:00 - How to mitigate these two threats 21:36 - Outro Eric Taylor https://www.linkedin.com/in/ransomware/ https://twitter.com/barricadecyber https://www.barricadecyber.com https://www.buymeacoffee.com/erictaylor Shiva Maharaj https://www.linkedin.com/in/shivamaharaj https://twitter.com/kontinuummsp https://www.kontinuum.com/ https://www.buymeacoffee.com/shivaemmvaemm --- Support this podcast: https://anchor.fm/amplifiedandintensified/support
CISA describes progress toward remediating Log4shell. Other open-source libraries are found to have similar issues, in one case problems deliberately introduced by the developer. Concerns are expressed over undersea cable security. FIN7's BadUSB campaign. Security questions about another Chinese-made phone. Our guest is Bob Maley from Black Kite on their report - The Government Called, Are You Ready to Answer? Chris Novak from Verizon on PCI 4.0. And Russo-American talks open in Geneva. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/6
Video - https://youtu.be/eo0UXNI35nA The hacking groupe FIN7, has gone to great lengths to make their parcels appear innocuous. --- Support this podcast: https://anchor.fm/norbert-gostischa/support
In this episode, host Bidemi Ologunde talked about how a well-known organized cybercrime group has evolved its hacks and attacks, from the days of stealing card information and hacking ATMs, to creating custom-made ransomware and even setting up fake companies to recruit new employees.Please send questions, comments, and suggestions to bidemi@thebidpicture.com. You can also get in touch on LinkedIn, Twitter, the Clubhouse app (@bid), and the Wisdom app (@bidemi).
Drones, seguimiento, Anonymous… las protestas en EEUU no sólo tienen un componente político. Bancos y comercios online escanean tu sistema sin tu conocimiento. Un hacktivista decide acabar con una empresa dedicada al espionaje y lo consigue. Hacking Team is dead. Fallo en el sistema de “Inicio de sesión de Apple” valorado en $100,000 dólares. Arrestan a un miembro de Fin7. El grupo de ciberdelicuentes que ya se ha embolsado un billón de dólares hackeando bancos. Cibercriminales abusan del “sal” para comprometer a servidores de Cisco el mismo día en que son desplegados. Cuidado con tus aplicaciones móviles, una nueva vulnerabilidad en Android podría modificar su comportamiento. El grupo malicioso Blue Mockingbird ataca sistemas para minar la criptomoneda Monero. Notas y referencias en tierradehackers.com
The Fin7 hacking group has leeched, by at least one estimate, well over a billion dollars from companies around the world. In the United States alone, Fin7 has stolen more than 15 million credit card numbers from over 3,600 business locations. On Wednesday, the Justice Department revealed that it had arrested three alleged members of the group—and even more important, detailed how it operates.
This week in security we took a closer look at Fin7, also known as JokerStash, Carbanak, and a host of other names. The cybercrime group rakes in as much as $50 million a month by stealing credit card numbers, most recently from the company that owns Saks Fifth Avenue, Lord & Taylor, and more. They've got an interest in ATM hacks, too, and their professional acumen has turned them into what researchers estimate is a billion-dollar enterprise.
This week, Saks Fifth Avenue, Saks Off 5th, and Lord & Taylor department stores—all owned by The Hudson's Bay Company—acknowledged a data breach impacting more than five million credit and debit card numbers. The culprits? The same group that's spent the last few years pulling off data heists from Omni Hotels & Resorts, Trump Hotels, Jason's Deli, Whole Foods, Chipotle: A mysterious group known as Fin7.