POPULARITY
PoC Exploit chain enables RCE attacks against Juniper firewalls.Attacks against Citrix Netscaler devices linked to FIN8.Qakbot botnet dismantled in aptly named “Operation Duck Hunt”
The US Federal government issues voluntary security guidelines. Possible privilege escalation within Google Cloud. An APT compromises JumpCloud. FIN8 reworks its Sardonic backdoor and continues its shift to ransomware. Ben Yelin looks at privacy legislation coming out of Massachusetts. Our guest is Alastair Parr of Prevalent discussing GDPR and third party risk. And some noteworthy Russian cyber crime–they don't seem to be serving any political masters; they just want to get paid. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/135 Selected reading. Biden-Harris Administration Announces Cybersecurity Labeling Program for Smart Devices to Protect American Consumers (The White House) The Biden administration announces a cybersecurity labeling program for smart devices (AP News)CISA Develops Factsheet for Free Tools for Cloud Environments (Cybersecurity and Infrastructure Security Agency CISA) Free Tools for Cloud Environments (CISA) NSA, CISA Release Guidance on Security Considerations for 5G Network Slicing (Cybersecurity and Infrastructure Security Agency CISA) ESF Members NSA and CISA Publish Second Industry Paper on 5G Network Slicing (National Security Agency/Central Security Service) Bad.Build: A Critical Privilege Escalation Design Flaw in Google Cloud Build Enables a Supply Chain Attack (Orca Security) Orca: Google Cloud design flaw enables supply chain attacks (Security | TechTarget) Google fixes ‘Bad.Build' vulnerability affecting Cloud Build service (Record) JumpCloud discloses breach by state-backed APT hacking group (BleepingComputer) JumpCloud: A 'state-sponsored threat actor' compromised our systems (Computing) JumpCloud says nation-state hackers breached its systems | TechCrunch (TechCrunch) JumpCloud, an IT firm serving 200,000 orgs, says it was hacked by nation-state (Ars Technica) [Security Update] Incident Details - JumpCloud (JumpCloud) July 2023 Incident Indicators of Compromise (IoCs) (JumpCloud) FIN8 Uses Revamped Sardonic Backdoor to Deliver Noberus Ransomware (Symantec by Broadcom) RedCurl hackers return to spy on 'major Russian bank,' Australian company (Record)
In this Weekly Wrap episode of “The Buzz” podcast, the Bank Automation News team looks at a new type of ransomware attack on a U.S. bank, along with an FBI warning cautioning consumers on quick response (QR) code payments. White Rabbit, a new family of ransomware, attacked a U.S. bank in December 2021. While details are lacking, the attack could have a connection to Fin8, a group of financially motivated cybercriminals which previously attacked the retail, hospitality and entertainment industries. The attack appears to be in the testing phase, according to cybersecurity firm Trend Micro. On the consumer side, the FBI released a warning in January on fraud threats in QR code payments. Fraudsters either manipulate existing QR codes or create new ones, tricking consumers into providing sensitive financial information through fraudulent payment terminals. Risks include malware, passcode and information theft, and consumers are warned to take heightened precautions. Listen in for a discussion of these topics, along with TD Bank Group's Azure-leveraged partnership with software company Databricks, in today's Weekly Wrap episode with BAN Deputy Editor Loraine Lawson and Associate Editor Alijah Poindexter.
Russian authorities claim to dismantle the entire REvil ransomware operation, and seize assets.Dark web card fraud platform shuts up shop after 8 years citing age of operators.New ransomware strain dubbed White Rabbit linked to Fin8 group.
MFA Bypass, Ukraine attack, NSO Group & QR Code Cybersecurity News CyberHub Podcast January 19th, 2022 Today's Headlines and the latest #cybernews from the desk of the #CISO: Office 365 phishing attack impersonates the US Department of Labor Multi-Factor Authentication Bypass Led to Box Account Takeover New White Rabbit ransomware linked to FIN8 hacking group Ukraine Attacks Involved Exploitation of Log4j, October CMS Vulnerabilities NSO Group “Pegasus” used against Israeli citizens by Police Crooks are using fake QR codes Story Links: https://www.bleepingcomputer.com/news/security/office-365-phishing-attack-impersonates-the-us-department-of-labor/ https://www.securityweek.com/multi-factor-authentication-bypass-led-box-account-takeover https://www.bleepingcomputer.com/news/security/new-white-rabbit-ransomware-linked-to-fin8-hacking-group/ https://www.securityweek.com/ukraine-attacks-involved-exploitation-log4j-october-cms-vulnerabilities https://www.timesofisrael.com/comptroller-to-probe-spyware-use-on-citizens-as-outraged-lawmakers-demand-inquiry/ https://www.zdnet.com/article/fbi-warning-crooks-are-using-fake-qr-codes-to-steal-your-passwords-and-money/ “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine The Practitioner Brief is sponsored by: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub ****** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Digital Debate, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.
This week's Threat Intel news in 7 minutes:Details emerge on Fin8's newly developed backdoorRazer products allow alarmingly easy local privilege escalationProxyshell attacks on the rise despite patch issued months ago
In today's podcast we cover four crucial cyber and technology topics, including: 1. Swiss town of Rolle exploited, citizen data stolen 2. BEC scam claims over 2 Million USD from New Hampshire town 3. FIN8 actor return with new, Sardonic malware 4. Eye and Retina Surgeons' customers impacted after ransomware attack I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Heff and Forrest analyze recent cybersecurity news, including the Verkada Security Camera Breach, WeLeakInfo Return, updates on the Microsoft Exchange Server, and an examination of hacker group FIN8.Hosted by Matthew Heffelfinger (Director of SIEM Operations, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Forrest Barth (SOC Analyst, CISSP, CMNO, Security+).Watch to learn more about: 150,000 of Verkada's AI-driven camera feeds exposed by hacktivists including private homes, prisons, hospitals, and businessesFormerly shut-down WeLeakInfo website domain lapses and a new hacker takes overAnalysis of phishing training campaign tactics and revisions on guidance by NISTResources: -https://www.latimes.com/business/tech...-https://www.businessinsider.com/molso...-https://www.infosecurity-magazine.com...-https://www.helpnetsecurity.com/2021/...-https://www.fireeye.com/content/dam/f...-https://thehackernews.com/2021/03/fin...-https://www.zdnet.com/article/dutch-p...
ShadowTalk hosts Stefano, Adam, Kim, and first-timer Chris bring you the latest in threat intelligence. This week they cover: -Kim takes us through the return of FIN8 - what are the updates to the “BadHatch” backdoor -Chris discusses DarkSides recent resurgence after a quiet period - what’s the latest? -Microsoft Exchange exploit update - the team discuss -How are threat actors and cybercriminals using ProxyLogon vulnerabilities? Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-19-march ***Resources from this week’s podcast*** FIN8: https://labs.bitdefender.com/2021/03/fin8-group-is-back-in-business-with-improved-badhatch-kit/ DarkSide: https://www.infosecurity-magazine.com/news/darkside-20-ransomware-fastest/ ProxyLogon: https://www.welivesecurity.com/2021/03/10/exchange-servers-under-siege-10-apt-groups/ https://www.vice.com/en/article/n7vpaz/researcher-publishes-code-to-exploit-microsoft-exchange-vulnerabilities-on-github AC Features: https://www.vice.com/en/article/pkdnkz/escape-zoom-meetings-by-faking-technical-issues-and-crying-with-this-app https://attack.mitre.org/techniques/T1090/003/ https://attack.mitre.org/software/S0398/ Mapping MITRE to Microsoft Blog: https://www.digitalshadows.com/blog-and-research/mapping-mitre-attack-to-microsoft-exchange-zero-day-exploits/ Revisiting Spectre Blog: https://www.digitalshadows.com/blog-and-research/revisiting-the-spectre-and-meltdown-vulnerabilities/ Monitoring for Supplier Risks Blog: https://www.digitalshadows.com/blog-and-research/monitoring-for-risks-coming-from-suppliers/ FBI IC3 Blog: https://www.digitalshadows.com/blog-and-research/fbi-ic3-2020/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com
A daily look at the relevant information security news from overnight.Episode 217 - 16 December 2019WordPress vulnerability - https://threatpost.com/critical-bug-in-wordpress-plugins-open-sites-to-hacker-takeovers/151123/Visa warning - https://www.scmagazine.com/home/retail/visa-warns-against-new-pos-attacks-fin8-fingered-as-the-culprit/Rooster Teeth breached - https://www.bleepingcomputer.com/news/security/attackers-steal-credit-cards-in-rooster-teeth-data-breach/Facebook leak - https://www.theregister.co.uk/2019/12/13/facebook_data_loss/New Orleans ransom - https://www.zdnet.com/article/new-orleans-hit-by-ransomware-city-employees-told-to-turn-off-computers/
A daily look at the relevant information security news from overnight.Episode 115 - 24 July 2019APT34 phishes LinkedIn - https://www.scmagazine.com/home/security-news/apts-cyberespionage/fireeye-researchers-identified-a-phishing-campaign-conducted-by-apt34-masquerading-as-a-member-of-cambridge-university-to-gain-their-victims-trust-to-open-malicious-documents/FIN8 resurfaces - https://www.zdnet.com/article/cybercrime-gang-adds-new-tactics-to-credit-card-data-stealing-campaign/New Wordpress flaws exploited - https://threatpost.com/wordpress-plugin-flaws-exploited-in-ongoing-malvertising-campaign/146629/VLC Player critical - https://www.techradar.com/news/vlc-player-has-critical-security-flawAndroid accelerates vuln - https://threatpost.com/samsung-lg-android-spearphone-eavesdropping/146625/
Free Decryptor for the LooCipher Ransomware, FIN8 is Distributing New Malware, VLC Media Player Vulnerability Today's Agenda is as follows Free Decryptor for the LooCipher Ransomware FIN8 is Distributing New Malware VLC Media Player Vulnerability If you would like to add the podcast to your Alexa flash briefings you can do so here.
This week Harrison (@pseudohvr) is joined by Travis (@puppyozone) and Alec to discuss the security stories of the week including a fileless malware attack delivers cryptocurrency miner to China, a return from FIN8 with a backdoor for the hospitality industry, a popular flaw exploited in a tailored spam campaign, and MuddyWater expanding tactic repertoire in Middle Eastern attacks. Then Digital Shadows CISO Rick Holland (@rickhholland) joins Harrison to chat with principal security strategist at Splunk, Ryan Kovar (@meansec) on Ryan's research around machine learning and attacks against Office 365. Download the full Intelligence Summary at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-06-jun-13-jun-2019 Blog on Infosec Burnout: https://www.digitalshadows.com/blog-and-research/managing-infosec-burnout-the-hidden-perpetrator/
TA505 and Fin8 are both up to their old ways, with some new tricks in their criminal bag. A reminder about social engineering and Google Calendar. A new assertiveness is promised in US cyber operations, as the Administration “widens the aperture.” Updates on the security concerns that surround Huawei and ZTE. And Radiohead takes a different approach to online extortion--just render what they’re holding for ransom valueless. Craig Williams from Cisco Talos on the Jasper Loader. Guest is Lisa Sotto from Hunton Andrews Kurth LLP on the report Seeking Solutions: Aligning Data breach Notification rules across borders. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_12.html Support our show