POPULARITY
Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. You can watch the episode livestream here. The team from Splunk broke down the Follina/MSDT zero day vulnerability (CVE-2022-30190), rounded up the latest ransomware activity, and discussed supply chain risk related to Python and PHP libraries. Mick and Ryan competed in a 60 second charity challenge to explain LOLBins before taking a deep dive into the 2022 Verizon Data Breach Investigations Report. Microsoft Blog on CVE-2022-30190 REvil prosecution reportedly stalls in Russia Cl0p hits 21 victims in April Costa Rica suffers another cybersecurity incident Hacker claims hijacking libraries, stealing AWS keys was ethical research
Join the SURGe Team with a guest from the land down under, a recap of important news in the security landscape, a discussion on RSA, and a special interview with Danielle Jablanski of Nozomi Networks! You can watch the episode livestream here. This week Ryan Kovar, Audra Streetman, Mick Baccio, and Shannon Davis discussed CISA advisories about China state-sponsored threat actors and the data extortion group Karakurt plus an update on the Confluence and MSDT/Follina zero-days. Mick and Ryan competed in a 60 second charity challenge regarding Apple's plan to replace passwords with biometric authentication methods. The team also shared their takeaway from this year's RSA Conference in San Francisco. People's Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices (CISA) U.S. cybersecurity officials issue notice on Karakurt extortion group (CISA) SURGe Blog about Confluence Zero-Day SURGe Blog about Follina Zero-Day Apple Just Killed the Password—for Real This Time (WIRED)
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Albania suffers under another crippling Iranian attack Iran's APT42 using clever, multi-persona phishing State Department cyber snitching program paying off Former NSA director Gen. Keith Alexander sued over alleged IronNet pump and dump Mudge fronts US Senate Judiciary Committee Much, much more… This week's show is brought to you by Stairwell. Mike Wiacek, Stairwell's founder and CEO is this week's sponsor guest and he talks about why they've pushed their Inception platform beyond YARA hunting. You can see a demo of Inception on our YouTube product demo page. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Risky Biz News: Albania-Iran cyber drama far from over US sanctions Iran intelligence agency over Albania cyberattack - The Record by Recorded Future Tom Uren on Cyber Embuggerance Iranian military using spoofed personas to target nuclear security researchers - The Record by Recorded Future Iranian hackers spy on journalists and government officials, researchers warn - The Record by Recorded Future FBI, DOJ defend ‘offensive' actions against Chinese, Russian operations - The Record by Recorded Future State Department bounty program for cybercriminal tips has 'born fruit,' top FBI official says More than $30 million seized from North Korean hackers involved in Axie crypto-theft - The Record by Recorded Future $30 Million Seized: How the Cryptocurrency Community Is Making It Difficult for North Korean Hackers To Profit - Chainalysis Twitter whistleblower testifies to Congress, calls for tech regulation reforms - The Record by Recorded Future Twitter whistleblower testifies before Senate Former NSA Head Keith Alexander Accused of Pump-and-Dump Scheme Google: Conti repurposing tools for Ukraine attacks using Follina bug, Musk impersonation - The Record by Recorded Future Pro-Ukraine hackers claim attack on Russian TV broadcasts - The Record by Recorded Future Initial access broker or ransomware gang has 'exclusive' access to Mitel zero-day exploit: report - The Record by Recorded Future Cyberattacks against U.S. hospitals mean higher mortality rates, study finds Buenos Aires legislature announces ransomware attack - The Record by Recorded Future Ransomware attack knocked a Kentucky city-operated ISP offline before holiday - The Record by Recorded Future Ransomware attacks on retail increase, average retail payment grows to more than $200K - The Record by Recorded Future Cisco: Log4j vulnerability used to attack energy companies in Canada, US and Japan - The Record by Recorded Future Patreon security team layoffs cause backlash in creator community This Clever Anti-Censorship Tool Lets Russians Read Blocked News | WIRED Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED Catalin Cimpanu on Twitter: "They're still recruiting, btw" / Twitter Cyberfella on Twitter: "@campuscodi Please convince Patrick to have a segment about NAFO named "Shitposting Dogs on the Bird App are making Vatniks Seethe and Cope" on the next riskybizz ep
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Albania suffers under another crippling Iranian attack Iran's APT42 using clever, multi-persona phishing State Department cyber snitching program paying off Former NSA director Gen. Keith Alexander sued over alleged IronNet pump and dump Mudge fronts US Senate Judiciary Committee Much, much more… This week's show is brought to you by Stairwell. Mike Wiacek, Stairwell's founder and CEO is this week's sponsor guest and he talks about why they've pushed their Inception platform beyond YARA hunting. You can see a demo of Inception on our YouTube product demo page. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Risky Biz News: Albania-Iran cyber drama far from over US sanctions Iran intelligence agency over Albania cyberattack - The Record by Recorded Future Tom Uren on Cyber Embuggerance Iranian military using spoofed personas to target nuclear security researchers - The Record by Recorded Future Iranian hackers spy on journalists and government officials, researchers warn - The Record by Recorded Future FBI, DOJ defend ‘offensive' actions against Chinese, Russian operations - The Record by Recorded Future State Department bounty program for cybercriminal tips has 'born fruit,' top FBI official says More than $30 million seized from North Korean hackers involved in Axie crypto-theft - The Record by Recorded Future $30 Million Seized: How the Cryptocurrency Community Is Making It Difficult for North Korean Hackers To Profit - Chainalysis Twitter whistleblower testifies to Congress, calls for tech regulation reforms - The Record by Recorded Future Twitter whistleblower testifies before Senate Former NSA Head Keith Alexander Accused of Pump-and-Dump Scheme Google: Conti repurposing tools for Ukraine attacks using Follina bug, Musk impersonation - The Record by Recorded Future Pro-Ukraine hackers claim attack on Russian TV broadcasts - The Record by Recorded Future Initial access broker or ransomware gang has 'exclusive' access to Mitel zero-day exploit: report - The Record by Recorded Future Cyberattacks against U.S. hospitals mean higher mortality rates, study finds Buenos Aires legislature announces ransomware attack - The Record by Recorded Future Ransomware attack knocked a Kentucky city-operated ISP offline before holiday - The Record by Recorded Future Ransomware attacks on retail increase, average retail payment grows to more than $200K - The Record by Recorded Future Cisco: Log4j vulnerability used to attack energy companies in Canada, US and Japan - The Record by Recorded Future Patreon security team layoffs cause backlash in creator community This Clever Anti-Censorship Tool Lets Russians Read Blocked News | WIRED Apple Kills Passwords in iOS 16 and macOS Ventura | WIRED Catalin Cimpanu on Twitter: "They're still recruiting, btw" / Twitter Cyberfella on Twitter: "@campuscodi Please convince Patrick to have a segment about NAFO named "Shitposting Dogs on the Bird App are making Vatniks Seethe and Cope" on the next riskybizz ep
This was recorded live on 7/15/2022 Get ready for another exciting episode of #FortiGuardLIVE as Derek Manky and Aamir Lakhani discuss recent #cyberthreat research, #Follina, and the latest threat trends.
When the next zero-day vulnerability hits, how can your security team prepare to detect and respond to the latest threats? In what ways can your organization reduce risk in a dynamic threat landscape? Our Cybrary Threat Intelligence Group (CTIG) is here to jumpstart the conversation on grounding your security training and decision-making on actionable research. Hear our CTIG experts, Ryan English and Matt Mullins, discuss the latest intel on the Follina vulnerability (CVE-2022-30190), the ZuoRAT report from Black Lotus Labs, and evolving tactics from initial access brokers like Prophet Spider. Take Matt's training course on the Follina vulnerability: ~https://www.cybrary.it/course/cve-series-follina-cve-2022-30190/ Subscribe to our forthcoming course campaign to detect behaviors of real-world initial access brokers: ~https://www.cybrary.it/catalog/spinning-a-web-shell-for-initial-access/ Check out the report on ZuoRat from the Cybray Threat Intelligence Group (CTIG): ~https://www.cybrary.it/blog/ctig-coverage-of-black-lotus-labs-zuorat-report/ Follow Cybrary on Social!! ~Twitter ~Instagram ~FaceBook ~YouTube ~LinkedIn
News & Updates: Window's Defender requires Free Subscription Zero-Day “Follina” patch is available Apple is adding LockDown option to iPhones, iPads, & Macs EU's new Digital Markets Act means new requirements for Big Tech Not many companies are requiring Multi-Factor Authentication Dish Network tries to stop Starlink and fails Starlink is approved to be used on moving vehicles Sand Battery store energy for months
Starting off the show this week, we are joined by Matt McGuirk, Solution Architect at Source Defense, to discuss web application client-side security. Finally in this week's Security News: Analyzing chat logs with Python, consumer reports for IoT, hypothetically BS, the year of the Linux desktop and the year of Linux malware are the same, do you trust Google to tell you open-source software is secure?, Twitter fines, WSL attack vector, Follina, UK Government still won't pay a bounty, ransomware that makes you a better person, & more! This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them! Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw743
Starting off the show this week, we are joined by Matt McGuirk, Solution Architect at Source Defense, to discuss web application client-side security. Finally in this week's Security News: Analyzing chat logs with Python, consumer reports for IoT, hypothetically BS, the year of the Linux desktop and the year of Linux malware are the same, do you trust Google to tell you open-source software is secure?, Twitter fines, WSL attack vector, Follina, UK Government still won't pay a bounty, ransomware that makes you a better person, & more! This segment is sponsored by Source Defense. Visit https://securityweekly.com/sourcedefense to learn more about them! Segment Resources: "Magecart 101" - a courseware-style overview of the problem for security practioners: https://www.youtube.com/watch?v=T4al8idAE_M A quick five minute explainer on the problem and Source Defense's solution: https://www.youtube.com/watch?v=f8MO45EQcKY Source Defense's brand new (as of 5/25/22) "State of the Industry" report for client-side security: https://info.sourcedefense.com/third-party-digital-supply-chain-report-white-paper Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw743
Podcast: Control Loop: The OT Cybersecurity Podcast (LS 26 · TOP 10% what is this?)Episode: The OT-CERT provides critical resources to the industrial community.Pub date: 2022-06-29ICEFALL affects OT devices. Thermal cameras and industrial processes. Sandworm spies on infrastructure. Ransomware hits auto parts manufacturer. Most electricity, oil & gas, manufacturing firms have seen cyberattacks. Nuclear facility cyber exercises. Connecticut Guard trains to defend utilities.Dawn Cappelli joins us to discuss how the OT Cyber Emergency Readiness Team is planning to address cybersecurity resource gaps for industrial infrastructure.And in the learning lab, Nick Shaw joins us for part two of OT fundamentals, where he explains the Purdue reference model for industrial cybersecurity.Control Loop News Brief.ICEFALL vulnerabilities affect OT devices OT:ICEFALL: 56 Vulnerabilities Caused by Insecure-by-Design Practices in OT (Forescout)Thermal camera vulnerabilities.Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera (SEC Consult)Vulnerabilities in access control panels.Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System (Trellix)Sandworm exploits Follina in phishing campaign.Russian hackers start targeting Ukraine with Follina exploits (BleepingComputer)Ransomware hits automotive hose manufacturer.US Subsidiary of Automotive Hose Maker Nichirin Hit by Ransomware (SecurityWeek)Most ransomware victims are attacked a second time.Ransomware: The True Cost to Businesses (Cybereason)89% of electricity, oil & gas, and manufacturing firms have been hit by cyberattacks.Cyber-Attacks on Industrial Assets Cost Firms Millions (Trend Micro)Control Loop Interview.Dawn Cappelli on how the OT Cyber Emergency Readiness Team (OT-CERT) is addressing the cybersecurity resource gaps that exist in industrial infrastructure. Follow Dawn on LinkedIn. OT-CERT is an Operational Technology – Cyber Emergency Readiness Team dedicated to addressing the OT resource gap that exists in industrial infrastructure. Designed to support asset owners and operators of industrial infrastructure, Dragos OT-CERT provides free cybersecurity resources for the Industrial Control System (ICS) /OT community. Learn more about OT-CERT here.Register here to join the OT-CERT community.Control Loop Learning Lab.Mark Urban is joined by Nick Shaw for part two of an intro to OT.A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity.Building security to achieve engineering and business requirements.Subscribe to the Control Loop Newsletter here with new editions published every month.The podcast and artwork embedded on this page are from CyberWire Inc., which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
A daily look at the relevant information security news from overnight - 30 June, 2022Episode 255 - 30 June 2022OpenSea Makes Waves- https://techcrunch.com/2022/06/30/nft-opensea-data-breach/ XFiles XPands - https://www.bleepingcomputer.com/news/security/xfiles-info-stealing-malware-adds-support-for-follina-delivery/8220 Miner Upgrade- https://www.zdnet.com/article/microsoft-warning-this-malware-that-targets-linux-just-got-a-big-update/Brocade Broken - https://www.securityweek.com/brocade-vulnerabilities-could-impact-storage-solutions-several-major-companiesAstraLocker Attack - https://www.bleepingcomputer.com/news/security/astralocker-20-infects-users-directly-from-word-attachments/Dangling Chromium - https://portswigger.net/daily-swig/chromium-browsers-vulnerable-to-dangling-markup-injectionHi, I'm Paul Torgersen. It's Thursday June 30th 2022, happy birthday Jayden, and this is a look at the information security news from overnight. From TechCrunch.comNFT marketplace OpenSea, has suffered a massive data breach. It seems a staffer at their vendor Customer.io shared the entire email database with a third party. If you have shared your email with OpenSea at any time in the past, you should assume you were impacted. Be on the lookout for targeted phishing emails coming your way. From BleepingComputer.com:These next two are quick hits on malware strains upgrading their exploits. The XFiles info-stealer has added a delivery module that exploits the Windows Follina vulnerability. On a side note, XFiles has also recruited new members recently and is launching new products. Details in the article. From ZDNet.com:Along those same lines, Microsoft is warning about notable updates to malware targeting Linux servers to install cryptominers and IRC bots. The 8220 gang has added new functionality to exploit the recent Confluence vulnerability, as well as an old 2019 WebLogic bug. Details in the article. From SecurityWeek.com:Broadcom revealed that the Brocade SANnav storage area network is affected by nine vulnerabilities, some of which could impact the products of their partner companies, such as HPE, NetApp, Oracle, Dell, Fujitsu, IBM, Lenovo and others. There is no evidence as of yet that these have been exploited in the wild, but get your patch on kids. From BleepingComputer.comThe ransomware strain called AstraLocker has recently released its second major version that drops its payload directly from email attachments. Specifically Word docs. Obviously this smash and grab type of attack is looking for quick payouts and not trying for persistence or lateral movement. Full write up in the article. And last today, from PortSwigger.netA recently-patched security hole in Chromium browsers allowed attackers to bypass safeguards against dangling markup injection, and extract sensitive information from webpages. While dangling markup injection is well-known and -addressed in Chrome, the new attack took advantage of an unaddressed case in how the browser upgrades unsafe HTTP connections. You know where to find the details. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
In today's podcast we cover four crucial cyber and technology topics, including: 1.XFiles malware adds Follina exploit 2.Researchers find malware aimed at YouTube content creators 3.Walmart denies Yanluowang group's claims of attack 4.Avaya IP insider and conspirators charged in 88 Million USD scam I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
ICEFALL affects OT devices. Thermal cameras and industrial processes. Sandworm spies on infrastructure. Ransomware hits auto parts manufacturer. Most electricity, oil & gas, manufacturing firms have seen cyberattacks. Nuclear facility cyber exercises. Connecticut Guard trains to defend utilities. Dawn Cappelli joins us to discuss how the OT Cyber Emergency Readiness Team is planning to address cybersecurity resource gaps for industrial infrastructure. And in the learning lab, Nick Shaw joins us for part two of OT fundamentals, where he explains the Purdue reference model for industrial cybersecurity. Control Loop News Brief. ICEFALL vulnerabilities affect OT devices OT:ICEFALL: 56 Vulnerabilities Caused by Insecure-by-Design Practices in OT (Forescout) Thermal camera vulnerabilities. Multiple Vulnerabilities in Infiray IRAY-A8Z3 thermal camera (SEC Consult) Vulnerabilities in access control panels. Trellix Threat Labs Uncovers Critical Flaws in Widely Used Building Access Control System (Trellix) Sandworm exploits Follina in phishing campaign. Russian hackers start targeting Ukraine with Follina exploits (BleepingComputer) Ransomware hits automotive hose manufacturer. US Subsidiary of Automotive Hose Maker Nichirin Hit by Ransomware (SecurityWeek) Most ransomware victims are attacked a second time. Ransomware: The True Cost to Businesses (Cybereason) 89% of electricity, oil & gas, and manufacturing firms have been hit by cyberattacks. Cyber-Attacks on Industrial Assets Cost Firms Millions (Trend Micro) Control Loop Interview. Dawn Cappelli on how the OT Cyber Emergency Readiness Team (OT-CERT) is addressing the cybersecurity resource gaps that exist in industrial infrastructure. Follow Dawn on LinkedIn. OT-CERT is an Operational Technology – Cyber Emergency Readiness Team dedicated to addressing the OT resource gap that exists in industrial infrastructure. Designed to support asset owners and operators of industrial infrastructure, Dragos OT-CERT provides free cybersecurity resources for the Industrial Control System (ICS) /OT community. Learn more about OT-CERT here. Register here to join the OT-CERT community. Control Loop Learning Lab. Mark Urban is joined by Nick Shaw for part two of an intro to OT. A Collection of Resources for Getting Started in ICS/SCADA Cybersecurity. Building security to achieve engineering and business requirements. Subscribe to the Control Loop Newsletter here with new editions published every month.
Hello everyone! This will be an episode about the Microsoft vulnerabilities that were released on June Patch Tuesday and also between May and June Patch Tuesdays. On June Patch Tuesday, June 14, 56 vulnerabilities were released. Between May and June Patch Tuesdays, 38 vulnerabilities were released. This gives us 94 vulnerabilities in the report. Watch the video version of this episode on my YouTube channel. Read the full text of this episode with all links on avleonov.com blog.
In today's podcast we cover four crucial cyber and technology topics, including: 1.QNAP reportedly fixing 3 year old flaw in NAS devices 2.APT28 now abusing Follina flaw in attacks against Ukraine 3.Conti report shows groups high operational tempo in late 2021 4.Chinese group target beginning hackers with “free” tool I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Join SureCloud's Craig Moores and Hugh Raynor for our latest Cyber Threat Briefing. Craig and Hugh will be discussing the recently recent zero-day Follina and Confluence vulnerabilities, in addition to talking about cybersecurity and vulnerability management best practice and the rise of SMSing in the corporate world.
A daily look at the relevant information security news from overnight - 23 June, 2022Episode 251 - 23 June 2022Russian Bears- https://threatpost.com/fancy-bear-nuke-threat-lure/180056/ Auto Supplier Hosed - https://www.reuters.com/technology/japanese-automotive-hose-maker-nichirin-hit-by-ransomware-attack-2022-06-22/NIMble Trooper- https://thehackernews.com/2022/06/chinese-hackers-distributing-sms-bomber.htmlSMA UNIX Root - https://www.securityweek.com/sma-technologies-patches-critical-security-issue-workload-automation-solutionParse Bug No Game - https://portswigger.net/daily-swig/severe-parse-server-bug-impacts-apple-game-centerHi, I'm Paul Torgersen. It's Thursday June 23rd, 2022, and from Chicago‘s O'Hare airport, this is a look at the information security news from overnight. From ThreatPost.comRussian APT group Fancy Bear is targeting Ukranians with a phishing campaign that uses the threat of nuclear war to exploit the Microsoft Follina vulnerability. The goal is to deliver a .Net stealer that can nab credentials from the Chrome, Firefox and Edge browsers. The group is strongly believed to be working at the behest of Russian Intelligence. From Reuters.com:Japanese automotive hose maker Nichirin said that a U.S. subsidiary had been hit by a ransomware attack that has forced it to entirely shut down its computerized production controls. The company has switched to manual production and shipping in order to keep parts flowing to customers. No word on the threat actor or malware strain. From The HackerNews.com:A threat cluster out of China with ties to a hacking group called Tropic Trooper has been spotted using a previously undocumented malware coded in Nim language. The novel loader, dubbed Nimbda, is bundled with a Chinese language 'SMS Bomber' tool that is most likely illegally distributed in the Chinese-speaking web. The Nim loader has the same executable icon as the SMS Bomber, so the entire bundle works as a trojanized binary. More details in the article. From SecurityWeek.com:A critical vulnerability in the SMA Technologies OpCon UNIX agent results in the same SSH key being deployed with all installations. The installation files also include a corresponding, unencrypted private key named “sma_id_rsa.” An attacker with access to that key can gain SSH access as root on affected systems. The key even remains on the system after the OpCon software has been removed. Details and a link to the advisory in the article. And last today, from PortSwigger.netA vulnerability in Parse Server software has led to the discovery of an authentication bypass impacting Apple Game Center. Exploitation of this 8.6 severity bug could result in authentication being bypassed by making a fake certificate accessible via certain Apple domains and providing the URL to that certificate in an authData object. Attack complexity is considered low and no privileges are required. A fix has been issued, so get your patch on kids. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
This episode was recorded live on 06/22/22 Tune in to another edition of #FortiGuardLabs' Threat Intelligence Podcast with Jonas Walker and Aamir Lakhani as they discuss in detail the recent Follina vulnerability as well as zero-click and macro enabled attacks. Listen to hear about how to protect against these types of cyberattacks.
[Referências do Episódio] - OT:ICEFALL - The legacy of “insecure by design” and its implications for certifications and risk management - https://www.forescout.com/resources/ot-icefall-report/ - Unveiling an unknown APT actor attacking high-profile entities in Europe and Asia - https://securelist.com/toddycat/106799/ - Russia's APT28 uses fear of nuclear war to spread Follina docs in Ukraine - https://blog.malwarebytes.com/threat-intelligence/2022/06/russias-apt28-uses-fear-of-nuclear-war-to-spread-follina-docs-in-ukraine/ - Are Blockchains Decentralized? Unintended Centralities in Distributed Ledgers - https://assets-global.website-files.com/5fd11235b3950c2c1a3b6df4/62af6c641a672b3329b9a480_Unintended_Centralities_in_Distributed_Ledgers.pdf - Cloudflare outage on June 21, 2022 - https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/?utm_source=pocket_mylist [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto
Claudia hat extra ihren Urlaub unterbrochen, damit wir die neue Folge aufnehmen können. Der wilde Ritt beginnt mit einem Update zu Follina (man beachte die Korrektur zu Beginn des Podcasts), wir schneiden kurz AppLocker und Software Restriction Policies an, um uns dann eine schöne Zukunft mit Exchange vNext und Active Directory auszumalen. Danach wird es etwas netzwerklastig. Wir sprechen über die aktuelle Liefersituation von Netzwerk-Equipment und greifen dabei das Thema "Whitebox Switches" auf. Wusstet ihr, dass Facebook eigene Switches baut?? Zum Ende hin werfen wir einen Blick die Ankündigungen der VeeamOn 2022. Der Aufreger der Woche ist ein Sonnenbrand und ein bockiges Horizon View Update. Viel Spaß mit der neuen Folge. :) Und nicht vergessen: Auf iTunes und anderen Plattformen bewerten! Herzlichen Dank!
ShadowTalk host Stefano alongside Ivan, Nicole, and Rick bring you the latest in threat intelligence. This week they cover: * Cybersecurity researchers disclosed a new Windows zero-day vulnerability * Conti shuts down affiliate program * Cybercriminals discuss LockBit vs Mandiant ***Resources from this week's podcast*** Weak Credentials Are Fueling A New Generation Of Cyber Threats https://www.digitalshadows.com/blog-and-research/weak-credentials-are-fueling-a-new-generation-of-cyber-threats/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don't forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.
0:00 you need it to live 0:09 Internet Explorer is over 1:02 Hertzbleed side-channel attack 2:01 Ethereum mining not profitable 2:49 OnePlus 10 Pro 5G 3:26 QUICK BITS 3:36 Intel Arc 380 launches in China 4:14 Microsoft patches "Follina" flaw 4:36 Nreal Air Steam game streaming 4:59 Kentucky shoplifter charged with 'hacking' 5:36 Floppotron 3.0 News Sources: https://lmg.gg/XGeyC
In this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss how Russian espionage actors are exploiting the Follina vulnerability, the release of the latest version of Metasploit, and a new phishing campaign that’s been underway on Facebook. We also discuss ransomware extensively, including what authorities were able to find when they took down the Netwalker ransomware gang, the increasing activity of the BlackCat ransomware, and some new research into the Hello XD ransomware. We also speculate about the impact turmoil on the cryptocurrency markets may have on the types of payment ransomware actors might demand.
Follina's Tuesday Patch, Hertzbleed Attack, Mighty Bot, and more.A daily look at the relevant information security news from overnight - 15 June, 2022Episode 245 - 15 June 2022Follina's Tuesday PAtch- https://www.zdnet.com/article/microsoft-june-2022-patch-tuesday-55-fixes-remote-code-execution-in-abundance/Hertzbleed Attack - https://www.securityweek.com/new-hertzbleed-remote-side-channel-attack-affects-intel-amd-processorsTravis Exposed Tokens- https://www.bleepingcomputer.com/news/security/thousands-of-github-aws-docker-tokens-exposed-in-travis-ci-logs/Citrix ADM Error - https://www.securityweek.com/attackers-can-exploit-critical-citrix-adm-vulnerability-reset-admin-passwordsLinux Panchan Bot - https://www.bleepingcomputer.com/news/security/new-go-botnet-panchan-spreading-rapidly-in-education-networks/Mighty Bot - https://www.zdnet.com/article/a-tiny-botnet-launched-the-largest-ddos-attack-on-record/Hi, I'm Paul Torgersen. It's Wednesday June 15th, 2022, and this is a look at the information security news from overnight. From ZDNet.comJune Patch Tuesday is a popular one with everyone from Siemens to Schneider to Adobe to SAP rolling out updates. In fact, 141 updates just from those four. The one I am going to call out is Microsoft. Redmond rolled out 55 fixes, That's down from 74 last month, and only three of which are critical, but one of those is a fix for the Follina zero-day. At long last. Get your patch on kids. From SecurityWeek.com:Researchers have identified a new side-channel attack that can allow hackers to remotely extract sensitive information from a targeted system through a CPU timing attack they are calling Hertzbleed. This impacts devices powered by Intel and AMD and possibly others. Details on the article. From BleepingComputer.com:The Travis CI platform, which is used for software development and testing, has exposed user data containing tens of thousands of authentication tokens for GitHub, AWS, and Docker Hub. Aqua Security, who discovered the flaw, shared their findings with Travis hoping for a fix, but they were told that the issue was “by design” and left the data exposed. From SecurityWeek.com:Citrix has warned of a critical vulnerability in their Citrix Application Delivery Management that could essentially allow an attacker to trigger an administrator password reset at the next reboot. The vulnerabilities impact all supported versions of Citrix ADM server and Citrix ADM agent. Customers will need to update the server as well as all associated agents. The company says it has already taken care of the ADM cloud service and no additional action is required there. From BleepingComputer.comA new peer-to-peer botnet named Panchan has popped up targeting Linux servers in the education sector to mine crypto. It is empowered with SSH worm functions to move laterally within the compromised network, and has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically detecting process monitoring to pause the mining module. And last today, from ZDNet.comSpeaking of botnets, Cloudflare says it mitigated a DDoS attack that peaked at 26 million requests per second, and was caused by a botnet of only just over 5,000 devices. Rather than being based in IoT devices, this botnet was hiding in cloud service providers. For this particular attack, each device was averaging 5,200 requests per second, which is about 4,000 times more than a typical IoT botnet can generate. Details on the article. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
Kontynuujemy specjalną edycję naszego podcastu w nowej formule codziennych raportów. Od poniedziałku do piątku relacjonujemy dla Was najważniejsze wydarzenia z zakresu działań podejmowanych w cyberprzestrzeni. Dzisiejszy odcinek poprowadziła Ewa Matusiak. Dzisiejsze tematy: Microsoft łata błąd Follina Luki Fujitsu Cloud Storage mogą narazić kopie zapasowe na ataki Firefox domyślnie blokuje teraz śledzenie między witrynami dla wszystkich More
Computer Science in the 1800s. Fixing Follina. AirTag stalking. ID theft site seizure. And the Law of Big Numbers versus SMS scams. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity
Dealing with the GRU's exploitation of the Follina vulnerabilities. SeaFlower uses stolen seed phrases to rifle cryptocurrency wallets. Ukraine moves sensitive data abroad. Anonymous claims to have hacked Russia's drone suppliers and to have hit sensitive targets in Belarus. Rick Howard reports on an NSA briefing at the RSA Conference. Our guest is Ricardo Amper from Incode with a look at biometrics in sports stadiums. And the effects of war on the cyber underworld. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/114 Selected reading. Follina flaw being exploited by Russian hackers, info stealers (Computing) Chinese Hackers Adding Backdoor to iOS, Android Web3 Wallets in 'SeaFlower' Campaign (SecurityWeek) How SeaFlower...installs backdoors in iOS/Android web3 wallets to steal your seed phrase (Medium) Ukraine Has Begun Moving Sensitive Data Outside Its Borders (Wall Street Journal) Anonymous claims hack on Russian drones (Computing) How the Cybercrime Landscape has been Changed following the Russia-Ukraine War (Kela)
A Chinese APT deploys a new cyberespionage tool. Hacktivism roils India after a politician's remarks about the Prophet. Ukraine reports a "massive" spam campaign against the country's media organizations. A Russian court fines Wikimedia for "disinformation." From the NSA's Cybersecurity Collaboration Center our guests are Morgan Adamski and Josh Zaritsky. Rick Howard sets the cyber sand table on Colonial Pipeline. And the Martians haven't landed, and the Right Honorable Mr. Johnson is still PM. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/113 Selected reading. CERT-UA warns of cyberattack on Ukrainian media (Interfax-Ukraine) Russian hackers start targeting Ukraine with Follina exploits (BleepingComputer) Massive cyber attack on media organizations of Ukraine using the malicious program CrescentImp (CERT-UA # 4797) (CERT-UA) Wikimedia Foundation appeals Russian fine over Ukraine war articles (The Verge) GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool (Unit42) Prophet remark: Slew of cyber attacks on Indian govt, private sites (The Times of India) 70 Indian government, private websites face international cyber attacks over Prophet row (The Times of India) Channel 4 faces Ofcom probe over 'emergency news' stunt to promote cyber attack drama The Undeclared War (INews)
In den Online-Nachrichten berichtet Achim Killer, was das Netz bewegt: Die Apple-Gemeinde diskutiert die Ankündigungen der World Wide Developers Conference. Die Security-Community Follina, ein Windows-Sicherheitsproblem.
The one constant them of this ever expanding threat landscpare is the creativity of the cybercrooks and their ability of improvising existing tools and techology. One case in point is the use of a combination of HTML5 and JavaScript to avade existing business defenses.Other top top trending security news include:GDPR turns 4Follina is Being Actively Exploited to Spread Malware- www.securityweek.com: 'Follina' Vulnerability Exploited to Deliver Qbot, AsyncRAT, Other Malware- www.theregister.com: Now Windows Follina zero-day exploited to infect PCs with Qbot-https://gdpr.eu/tag/gdpr: GDPR-https://www.onetrust.com: How four years of GDPR has changed the privacy landscape- https://info.menlosecurity.com: Evaluating evasive threats in todays cyber landscape report-https://microsoft.com: HTML smuggling surges highly evasive loader technique increasingly used in banking malware targeted attacksBe sure to subscribe!If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.comYou will find a list of all previous episodes in there too.
Un nuevo artículo sobre las publicaciones en Wikileaks de herramientas de hacking desarrolladas por la C.I.A, arroja más luz sobre cómo operan los hackers que trabajan para esta agencia de inteligencia y en concreto la persona detrás de las filtraciones. Si abres documentos de Word en Windows, vigila... la nueva vulnerabilidad de día 0 llamada "Follina" puede permitir a cibercriminales robar tus datos, comprometer tu sistema o añadirlo a redes botnet. Notas y referencias en tierradehackers.com Youtube: youtube.com/tierradehackers Twitch: twitch.tv/tierradehackers Si te gusta lo que hacemos, considera apoyarnos en Patreon para que podamos seguir creciendo y crear aun más contenido: patreon.com/tierradehackers No olvides unirte a nuestra comunidad de discord: tierradehackers.com/discord Gracias a Monad por esponsorizarnos: monad.com Gracias a onBRANDING por esponsorizarnos: onbranding.es
In this week's review:A DFIR Report with no Ransomware and no Cobalt StrikePath Traversal & MOTW Bypass - DIAGCAB Windows Zero-day aka "Dogwalk"Linux version of Black Basta ransomware targets VMware ESXi serversTA570 Qakbot (Qbot) tries CVE-2022-30190 (Follina) exploit (ms-msdt)Blog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
In this week's episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss this exploit, this vulnerability, that is running rampant right now no patch for it and its a type of zero day that is known as MIcrosoft: Follina. The crew will explain what this is and what you shouldn't be clicking on, on your computers. Then, the team gets into two countries Costa Rica and Italy who are dealing with being pawned by cybercriminals. Could this start creeping into the United States? Next, the experts go into a retreat where cybercriminals believe that ransomware is not the best route to go nowadays. They will get into some detail about what they think these cybercriminals are going to change it to, to get more money? Briefly, the crew will get into a article on Qbot which is like Trickbot, who combine their forces together to spread these viruses quicker than normal. Lastly, the cyber experts will go into some targeted healthcare statistics and what they need to do to be secure? Tune in for more information!
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
TA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/ Analysis of a Facebook Phishing Campaign https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/ Zyxel Security Advisory https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml Fujitsu Centricstor Vulnerability https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/ Meeting Owl Vulnerablities https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
TA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/ Analysis of a Facebook Phishing Campaign https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/ Zyxel Security Advisory https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml Fujitsu Centricstor Vulnerability https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/ Meeting Owl Vulnerablities https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf
The company continues to downplay the severity of the Follina vulnerability, which remains present in all supported versions of Windows.
The company continues to downplay the severity of the Follina vulnerability, which remains present in all supported versions of Windows.
Herzlich willkommen zum 32. SKYTALE-Podcast, in dem wir uns wie gewohnt mit Pleiten, Pech und Pannen in der IT und im Internet beschäftigen und über Gefahrenpotentiale, Bedrohungen, Angriffe und Betrugsversuche diskutieren. Und Ihnen natürlich auch zeigen, wie Sie sich da absichern oder Fehler vermeiden können. Unsere heutigen Themen sind unter anderem die aktuelle Follina-Schwachstelle in Microsoft Office, Call-ID-Spoofing, alte und neue Betrugsmaschen bei Ebay und Whatsapp sowie Robin-Hood-Ransomware. Links: Webseite Skytale Microsoft Workaround für Follina Bundesnetzagentur zum Thema Call-ID-Spoofing Folge direkt herunterladen
Messenger Phishing, Altassian & Follina updates, Passwordless & China Cybersecurity News CyberHub Podcast June 9th, 2022 Today's Headlines and the latest #cybernews from the desk of the #CISO: Massive Facebook Messenger phishing operation generates millions Apple Just Killed the Password—for Real This TimeLinux botnets now exploit critical Atlassian Confluence bug Hackers using Follina Windows zero-day to spread Qbot malware Chinese hacking group Aoqin Dragon quietly spied orgs for a decade Study Finds Eighty Percent of Ransomware Victims Attacked Again Story Links: https://www.bleepingcomputer.com/news/security/massive-facebook-messenger-phishing-operation-generates-millions/ https://www.bleepingcomputer.com/news/security/linux-botnets-now-exploit-critical-atlassian-confluence-bug/ https://therecord.media/hackers-using-follina-windows-zero-day-to-spread-qbot-malware/ https://www.bleepingcomputer.com/news/security/chinese-hacking-group-aoqin-dragon-quietly-spied-orgs-for-a-decade/ https://www.wired.com/story/apple-passkeys-password-ios16-ventura/ https://www.securityweek.com/it-doesnt-pay-pay-study-finds-eighty-percent-ransomware-victims-attacked-again “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine The Practitioner Brief is sponsored by: Your BRAND here - Contact us for opportunities today! ****** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Digital Debate, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/c/TheCyberHubPodcast Rumble: https://rumble.com/c/c-1353861 s Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel! #cybernews #infosec #cybersecurity #cyberhubpodcast #practitionerbrief #cisotalk #ciso #infosecnews #infosec #infosecurity #cybersecuritytips #podcast #technews #tinkertribe #givingback #securitytribe #securitygang #informationsecurity
Picture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones". Ransomware sanctions are causing trouble. Conti spotted compromising motherboard firmware. Errata. Closing the Loop. Passkeys, Take 2. We invite you to read our show notes at https://www.grc.com/sn/SN-874-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 cloud.jumpcloud.com/securitynow bitwarden.com/twit
Picture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones". Ransomware sanctions are causing trouble. Conti spotted compromising motherboard firmware. Errata. Closing the Loop. Passkeys, Take 2. We invite you to read our show notes at https://www.grc.com/sn/SN-874-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 cloud.jumpcloud.com/securitynow bitwarden.com/twit
Picture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones". Ransomware sanctions are causing trouble. Conti spotted compromising motherboard firmware. Errata. Closing the Loop. Passkeys, Take 2. We invite you to read our show notes at https://www.grc.com/sn/SN-874-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 cloud.jumpcloud.com/securitynow bitwarden.com/twit
Picture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones". Ransomware sanctions are causing trouble. Conti spotted compromising motherboard firmware. Errata. Closing the Loop. Passkeys, Take 2. We invite you to read our show notes at https://www.grc.com/sn/SN-874-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 cloud.jumpcloud.com/securitynow bitwarden.com/twit
Picture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones". Ransomware sanctions are causing trouble. Conti spotted compromising motherboard firmware. Errata. Closing the Loop. Passkeys, Take 2. We invite you to read our show notes at https://www.grc.com/sn/SN-874-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 cloud.jumpcloud.com/securitynow bitwarden.com/twit
Picture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones". Ransomware sanctions are causing trouble. Conti spotted compromising motherboard firmware. Errata. Closing the Loop. Passkeys, Take 2. We invite you to read our show notes at https://www.grc.com/sn/SN-874-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 cloud.jumpcloud.com/securitynow bitwarden.com/twit
Picture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones". Ransomware sanctions are causing trouble. Conti spotted compromising motherboard firmware. Errata. Closing the Loop. Passkeys, Take 2. We invite you to read our show notes at https://www.grc.com/sn/SN-874-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 cloud.jumpcloud.com/securitynow bitwarden.com/twit
In today's podcast we cover four crucial cyber and technology topics, including: 1.Lockbit slams Mandiant, denying link to EvilCorp 2.Qbot now abusing Follina to target Windows product users 3.Black Basta updates ability to target Vmware on Linux 4.FBI shutdown SSNDOB illegal marketplace with aid from Cyprus I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
Picture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones". Ransomware sanctions are causing trouble. Conti spotted compromising motherboard firmware. Errata. Closing the Loop. Passkeys, Take 2. We invite you to read our show notes at https://www.grc.com/sn/SN-874-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: itpro.tv/securitynow promo code SN30 cloud.jumpcloud.com/securitynow bitwarden.com/twit
[Referências do Episódio] - Sobre a bagunça causada pelo Lockbit contra a Mandiant - https://www.vice.com/en/article/7k8z4x/lockbit-ransomware-group-evil-corp-beef-alert - Kinsing, Hezb e a botnet dark.iot explorando a CVE-2022-26134 - https://malware.news/t/kinsing-dark-iot-botnet-among-threats-targeting-cve-2022-26134/60803 - Pesquisa da cybereason sobre os efeitos do ransomware nas empresas - https://www.cybereason.com/blog/report-ransomware-attacks-and-the-true-cost-to-business-2022 - TA570 explorando a Follina para instalar a Qakbot - https://twitter.com/threatinsight/status/153422744491548262 - Novo exploit para a CVE-2022-23222 - https://securityonline.info/poc-exploit-released-for-linux-kernel-privilege-escalation-cve-2022-23222/ [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto
A daily look at the relevant information security news from overnight - 07 June, 2022Episode 239 - 07 June 2022Mandiant not locked- https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/Google patches - https://www.securityweek.com/google-patches-critical-android-vulnerabilities-june-2022-updatesKarakut phones it in- https://www.zdnet.com/article/fbi-warning-this-gang-steals-data-for-ransom-then-makes-harassing-phone-calls-to-pile-on-the-pressure/Not so smart scale baddie - https://portswigger.net/daily-swig/unpatched-bug-chain-poses-mass-account-takeover-threat-to-yunmai-weight-monitoring-appFollina phishing - https://www.bleepingcomputer.com/news/security/windows-zero-day-exploited-in-us-local-govt-phishing-attacks/Hi, I'm Paul Torgersen. It's Tuesday June 7th, 2022, which means a good chunk of you are probably at RSA, and this is a look at the information security news from overnight. From BleepingComputer.comThe LockBit ransomware group published a new page on its data leak website, saying that they have 356,000 files they allegedly stole from Mandiant, and will be leaked online. Mandiant says, no way dude. They can find no evidence of any sort of breach. Mandiant, if you recall, is being acquired by Google in an all cash deal valued at $5.4 billion. From SecurityWeek.com:Google's Patch Tuesday resolves a total of 40 Android vulnerabilities, including at least four rated critical. The company also announced it addressed roughly 80 vulnerabilities in its Pixel devices. Get your patch on kids. From ZDNet.com:A cyber-criminal gang, Karakut, is stealing sensitive data from businesses and demanding a ransom payment in exchange for deleting the stolen information. Pretty standard stuff, right? Well, these guys don't stop there. According to an advisory from the FBI and CISA, next comes an extensive harassment campaign, with emails and even phone calls to employees, business partners, and clients with warnings that the company needs to pay the ransom. From PortSwigger.net:Several zero-day vulnerabilities in the Yunmai Smart Scale app could be chained together and exploited for full account takeover and access to all user details. The company, Zhuhai Yunmai Technologies, had tried to patch one of the flaws, but it was unsuccessful. The app currently has about a half a million downloads. And last today, from BleepingComputer.comPhishing campaigns against European governments and US local governments have ramped up recently using malicious Rich Text Format documents to exploit the unpatched critical Windows zero-day vulnerability known as Follina. The threat actor is suspected to be a State sponsored group, but no attribution has been confirmed as of yet. Details in the article. That's all for me today . Have a great rest of your day. Like and subscribe. And until tomorrow, be safe out there.
Kevin Beaumontin blogikirjoitus Follina-haavoittuvuudestahttps://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629eFollina-haavoittuvuutta käytetty hyväksi Ukrainassahttps://cert.gov.ua/article/40559Verkkorikollisuus on kallista suomalaisillehttps://www.is.fi/digitoday/tietoturva/art-2000008857482.htmlKryptohuijausten uhrit menettäneet miljoonia myös yhdysvalloissahttps://www.hs.fi/talous/art-2000008864526.htmlEuropolin yhteisoperaatiossa on saatu Flubotin komentopalvelimet alashttps://www.europol.europa.eu/media-press/newsroom/news/takedown-of-sms-based-flubot-spyware-infecting-android-phonesKRP:n mukaan myös Kyberturvallisuuskeskuksella iso rooli Flubottiin liittyvissä tiedoissahttps://poliisi.fi/-/tekstiviestihuijausten-takana-ollut-flubot-vakoiluhaittaohjelma-ajettiin-alas-viranomaisyhteistyolla
This week, Adam and Andy talk about Windows Defender Exploit Guard. This is a set of protections built into Windows Server and 10/11 operating systems that provide additional device hardening rules. This conversation was spawned by the current Follina vulnerability (CVE-2022-30190) where an Attack Surface Reduction (ASR) rule can prevent the attack from happening. ASR rules are part of Window Defender Exploit Guard. Dive in to learn all about it! ------------------------------------------- Youtube Video Link: https://youtu.be/ldFWF9GuMZY ------------------------------------------- Documentation: https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/ https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/controlled-folders?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/exploit-protection?view=o365-worldwide https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/network-protection?view=o365-worldwide ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com --- Send in a voice message: https://anchor.fm/blue-security-podcast/message
Ukraine offers an update on the cyber phases of Russia's hybrid war. Atlassian patches a Confluence critical vulnerability. CISA releases ICS advisory on voting systems. A "State-aligned" phishing campaign tried to exploit Follina. Is Electronic warfare a blunt instrument in the ether? Verizon's Chris Novak stops by with thoughts on making the most of your trip to the RSA conference. Our guest is Tom Garrison from Intel with a look at hardware security. And a Russia-aligned group says they're not just hacktivists; they're "Cyber Spetsnaz." For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/108 Selected reading. Remarks by Victor Zhorov, deputy head of SSSCIP. (SSSCIP) US military hackers conducting offensive operations in support of Ukraine, says head of Cyber Command (Sky News) Russian ministry website appears hacked; RIA reports users data protected (Reuters) Confluence Security Advisory 2022-06-02 (Atlassian) Atlassian Releases New Versions of Confluence Server and Data Center to Address CVE-2022-26134 (CISA) Patch released for exploited Atlassian zero-day vulnerability (The Record by Recorded Future) CISA Releases Security Advisory on Dominion Voting Systems Democracy Suite ImageCast X (CISA) State-Backed Hackers Exploit Microsoft 'Follina' Bug to Target Entities in Europe and U.S (The Hacker News) Deadly secret: Electronic warfare shapes Russia-Ukraine war (AP NEWS) Exclusive: Pro-Russia group ‘Cyber Spetsnaz' is attacking government agencies (Security Affairs)
Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support
Una buona notizia dal mondo del crimine informatico: il diffusissimo malware bancario FluBot è stato completamente bloccato da un intervento di polizia coordinato da Europol. Intanto però si affaccia il nuovo malware che si diffonde tramite documenti Word semplicemente guardandoli in anteprima. Occhio agli acquisti vocali: una donna ha chiesto ad Alexa di pregare con lei e si è trovata un addebito permanente. Ecco come bloccare questa funzione.I testi di questa puntata, con i link e le fonti di riferimento, sono disponibili sul blog di Attivissimo.
A daily look at the relevant information security news from overnight - 03 June, 2022Episode 237 - 03 June 2022Windows opatch- https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/UNISOC DoS - https://www.securityweek.com/millions-budget-smartphones-unisoc-chips-vulnerable-remote-dos-attacksAsian app attack - https://www.bleepingcomputer.com/news/security/chinese-luoyu-hackers-deploy-cyber-espionage-malware-via-app-updates/Atlassian critical - https://www.securityweek.com/atlassian-confluence-servers-hacked-zero-day-vulnerabilityGitLb patch - https://www.bleepingcomputer.com/news/security/gitlab-security-update-fixes-critical-account-take-over-flaw/Hi, I'm Paul Torgersen. It's Friday, June 3rd, 2022, and this is a look at the information security news from overnight. From BleepingComputer.comWhile Microsoft has still not released a patch for the Windows critical vulnerability known as Follina, our friends at opatch have. Instead of just disabling the MSDT URL protocol handler which is the Microsoft suggested mitigation for the issue, opatch has added sanitization of the user-provided path to avoid rendering the Windows diagnostic wizardry inoperable across the Operating System for all applications. Details in the article. From SecurityWeek.com:Millions of budget smartphones that use UNISOC chipsets could have a critical vulnerability that leads to a denial of service attack. UNISOC has about 11% of the smartphone chip market, with the majority of these chips sold in Asia and Africa. The company has already issued the appropriate patch. Google will also address this flaw in an upcoming Android patch. From BleepingComputer.com:Chinese hacking group LuoYu is infecting victims with the WinDealer information stealer by switching legitimate app updates with a man-on-the-side attack. They are currently targeting popular Asian apps such as QQ, WeChat, and WangWang. Details in the article. From SecurityWeek.com:Atlassian Confluence Servers and Data Centers are affected by a critical vulnerability that can be leveraged for remote code execution and is being actively exploited in the wild. All supported versions of Confluence Server and Data Center are affected. Until a patch becomes available, users have been advised to prevent access to their Confluence servers from the internet, or simply disable these instances. The company hopes to have a patch ready by the end of today. And last today, from BleepingComputer.comGitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which that could lead to account takeover. That 9.9 severity vulnerability affects all GitLab versions 11.10 through 14.9.4, 14.10 through 14.10.3, and version 15.0. Get your patch on kids. That's all for me today . Have a great rest of your day. Like and subscribe. And until next time, be safe out there.
Una buona notizia dal mondo del crimine informatico: il diffusissimo malware bancario FluBot è stato completamente bloccato da un intervento di polizia coordinato da Europol. Intanto però si affaccia il nuovo malware che si diffonde tramite documenti Word semplicemente guardandoli in anteprima. Occhio agli acquisti vocali: una donna ha chiesto ad Alexa di pregare con lei e si è trovata un addebito permanente. Ecco come bloccare questa funzione.I testi di questa puntata, con i link e le fonti di riferimento, sono disponibili sul blog di Attivissimo.
LIVE: Tune into another edition of #FortiGuardLIVE as Derek Manky and Aamir Lakhani from #FortiGuardLabs discuss recent threat research highlights, give an analysis of “Follina”, and what to expect at #RSAC in San Francisco.
This week in the Security News: Analyzing chat logs with Python, consumer reports for IoT, hypothetically BS, the year of the Linux desktop and the year of Linux malware are the same, do you trust Google to tell you open-source software is secure?, Twitter fines, WSL attack vector, Follina, UK Government still won't pay a bounty, and ransomware that makes you a better person! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw743
Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 Music by https://www.bensound.com/ --- Support this podcast: https://anchor.fm/chillchillsecurity/support
This week in the Security News: Analyzing chat logs with Python, consumer reports for IoT, hypothetically BS, the year of the Linux desktop and the year of Linux malware are the same, do you trust Google to tell you open-source software is secure?, Twitter fines, WSL attack vector, Follina, UK Government still won't pay a bounty, and ransomware that makes you a better person! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw743
Una buona notizia dal mondo del crimine informatico: il diffusissimo malware bancario FluBot è stato completamente bloccato da un intervento di polizia coordinato da Europol. Intanto però si affaccia il nuovo malware che si diffonde tramite documenti Word semplicemente guardandoli in anteprima. Occhio agli acquisti vocali: una donna ha chiesto ad Alexa di pregare con lei e si è trovata un addebito permanente. Ecco come bloccare questa funzione.I testi di questa puntata, con i link e le fonti di riferimento, sono disponibili sul blog di Attivissimo.
On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss the recently discovered Follina vulnerability in Microsoft Office, as well as some recent ransomware stories. One thing we talk about is the apparent break up of the Conti ransomware gang, with evidence pointing to the group folding itself into other ransomware gangs, including Hive, which carried out a recent attack on the health service in Costa Rica. The Clop and REvil names have also appeared in news reports in recent weeks, but are these ransomware gangs really back? And what are the signs of pre-ransomware activity that organizations need to look out for on their networks because they may indicate a ransomware attack in preparation?
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
HTML Phishing Attachments - Now With Anti-Analysis Features https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/ Unofficial Patch for CVE-2022-30190 (Follina) https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html Windows Search Vulnerability https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/ Call Forwarding Used to Compromise WhatsApp Accounts https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf/?utm_source=linkedin_share&utm_medium=member_desktop_web Badkeys in Fuji Xerox and Canon Printers https://fermatattack.secvuln.info
Microsoft conocía Follina desde abril y no hizo nada / Caos en las fábricas de aerogeneradores / Cripto-millonario donará cientos de millones a políticos / Primeras imágenes del James Webb en julio
[Referências do Episódio] - Alerta sobre o Karakurt - https://www.cisa.gov/uscert/ncas/alerts/aa22-152a - Extorsão contra donos de repositórios Elasticsearch vulneráveis - https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note - Estudo sobre ataques de DDoS em 2021 - https://www.helpnetsecurity.com/2022/06/01/ddos-attacks-trends/ - Takedown da Flubot - https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-sms-based-flubot-spyware-infecting-android-phones - CVE-2022-30287 no Horde Webmail - https://blog.sonarsource.com/horde-webmail-rce-via-email/ - Golpes com o tema da guerra da Ucrânia - https://www.ic3.gov/Media/Y2022/PSA220531?&web_view=true - Micropatch para a Follina - https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
HTML Phishing Attachments - Now With Anti-Analysis Features https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/ Unofficial Patch for CVE-2022-30190 (Follina) https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html Windows Search Vulnerability https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/ Call Forwarding Used to Compromise WhatsApp Accounts https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf/?utm_source=linkedin_share&utm_medium=member_desktop_web Badkeys in Fuji Xerox and Canon Printers https://fermatattack.secvuln.info
[Referências do Episódio] - FÓRUM DA INTERNET DO BRASIL (FIB) TRANSMISSÃO - https://forumdainternet.cgi.br/programacao/detalhe/2/2298/ - Novidades sobre a CVE-2022-30190 (Follina) - https://twitter.com/GossiTheDog/status/1531608245009367040?cxt=HHwWgIC-rbDlrsEqAAAA - Medidas de mitigação da Microsoft para a Follina (CVE-2022-30190) - https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ - Ataques com a Follina - https://www.darkreading.com/endpoint/attackers-actively-exploiting-new-microsoft-zero-day - Rússia anula acusações dos EUA contra réus do REvil - https://www.scmagazine.com/analysis/ransomware/russia-nixes-us-charges-against-revil-defendants-as-cooperation-fizzles - 3,6 milhões de servidores MySQL estão expostos à internet - https://www.shadowserver.org/news/over-3-6m-exposed-mysql-servers-on-ipv4-and-ipv6/ - Banco Central pretende responsabilizar bancos por contas de laranjas - https://www1.folha.uol.com.br/mercado/2022/05/bc-quer-responsabilizar-bancos-por-contas-laranjas-usadas-em-golpe-do-pix.shtml - Ameaça usa lei dos grandes números para esconder endereço do C2 - https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/ [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto
Por ahora Microsoft no ha anunciado en lanzamiento de ningún parche, ni existe ninguna solución oficial a la vulnerabilidad, pero sí se ha difundido una forma efectiva, aunque algo chapucera, de evitar que los documentos maliciosos puedan hacer uso de la vulnerabilidad. Dicha solución, difundida por Benjamin Delpy —otro experto en ciberseguridad— consiste en desactivar los asistentes de solución de problemas a través de Regedit, accediendo a HKLMSOFTWAREPoliciesMicrosoftWindowsScriptedDiagnostics y asignando el valor '0' (deshabilitado) a la variable 'EnableDiagnostics'. Si ésta no existe, deberás crear una variable de tipo REG_DWORD con dicho nombre. Además, si eres usuario de Defender for Endpoint (una versión avanzada de Microsoft Defender) puedes guardar el siguiente código en las reglas de detección personalizadas del software para que sea capaz de detectar la ejecución del código malicioso que haga uso de esta vulnerabilidad: DeviceProcessEvents| where ProcessCommandLine contains “msdt.exe”| where InitiatingProcessFileName has_any (@”WINWORD.EXE”, @”EXCEL.EXE”, @”OUTLOOK.EXE”) Fuente #tecnología en 1 minuto. http://la.azotea.co Ahora también en: Instagram Reels: https://www.instagram.com/la.azotea.co/ Tik Tok: https://www.tiktok.com/@la.azotea.co Twitter: https://twitter.com/laazoteaco #podcast #micropodcast #ciencia y #culturadigital
Follina vulnerability under active exploitation Tension inside Google over conduct of fired researcher IBM to pay $1.6 billion for poaching customer account Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com. For the stories behind the headlines, head to CISOseries.com
In today's podcast we cover four crucial cyber and technology topics, including: 1.Over 3 million exposed MySQL databases found exposed 2.Magniber upgrades tools to target Windows 11 users 3.Costa Rica suffers ransomware attack from second group 4.China-linked APT exploiting Microsoft Office flaw within days I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
The sky IS NOT falling with this one. Is it important? Yes. Does it highlight an area that's under-researched and likely contains additional attack vectors and techniques? Absolutely. Resourceshttps://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30190https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629ehttps://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bughttps://github.com/NVISOsecurity/nviso-cti/blob/master/advisories/29052022%20-%20msdt-0-day.mdJohn Hammond's Excellent CVE-2022-30190 VideoBlog: https://offsec.blog/Youtube: https://www.youtube.com/channel/UCCWmudG_CTNAFBaV48vIcfwTwitter: https://twitter.com/cyberthreatpov
Microsoft “Follina” Zeroday,, Zyxel Warning, VMWare & Iran targets cybersecurity experts Cybersecurity News CyberHub Podcast May 31st, 2022 Today's Headlines and the latest #cybernews from the desk of the #CISO: Microsoft Confirms Exploitation of 'Follina' Zero-Day VulnerabilityDocument Exploiting New Microsoft Office Zero-Day Seen in the Wild Zyxel warns of flaws impacting firewalls, APs, and controllers Exploitation of VMware Vulnerability Imminent Following Release of PoC Iranian outlet names five Israeli intel and tech experts as potential targets Story Links: https://www.securityweek.com/microsoft-confirms-exploitation-follina-zero-day-vulnerability https://www.securityweek.com/document-exploiting-new-microsoft-office-zero-day-seen-wild https://www.bleepingcomputer.com/news/security/zyxel-warns-of-flaws-impacting-firewalls-aps-and-controllers/ https://www.securityweek.com/exploitation-vmware-vulnerability-imminent-following-release-poc https://www.timesofisrael.com/iranian-outlet-names-five-israeli-intel-and-tech-experts-as-potential-targets/ “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine The Practitioner Brief is sponsored by: Your BRAND here - Contact us for opportunities today! ****** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Digital Debate, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ Telegram: CyberHub Podcast ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/c/TheCyberHubPodcast Rumble: https://rumble.com/c/c-1353861 s Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure. Thank you for watching and Please Don't forget to Like this video and Subscribe to my Channel! #cybernews #infosec #cybersecurity #cyberhubpodcast #practitionerbrief #cisotalk #ciso #infosecnews #infosec #infosecurity #cybersecuritytips #podcast #technews #tinkertribe #givingback #securitytribe #securitygang #informationsecurity
Sanctions, blockades, and their effects on the world economy. Western nations remain on alert for Russian cyber attacks. REvil prosecution has reached a dead end. Microsoft issues mitigations for a recent zero-day. John Pescatore's Mr. Security Answer Person is back, looking at authentication. Joe Carrigan looks at new browser vulnerabilities. Notes from the underworld. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/104 Selected reading. In big bid to punish Moscow, EU bans most Russia oil imports (AP NEWS) EU, resolving a deadlock, in deal to cut most Russia oil imports (Reuters The E.U.'s embargo will bruise Russia's oil industry, but for now it is doing fine. (New York Times) Russia's Black Sea Blockade Will Turbocharge the Global Food Crisis (Foreign Policy) Russia's Invasion Unleashes ‘Perfect Storm' in Global Agriculture (Foreign Policy) ‘War in Ukraine Means Hunger in Africa' (Foreign Policy) Afghanistan's Hungry Will Pay the Price for Putin's War (Foreign Policy) Remote bricking of Ukrainian tractors raises agriculture security concerns (CSO Online) Major supermarkets 'uniquely vulnerable' as Russian cyber attacks rise (ABC) Italy warns organizations to brace for incoming DDoS attacks (BleepingComputer) Whitepaper - PIPEDREAM: CHERNOVITE's Emerging Malware Targeting Industrial Environments (Dragos). Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks (IT Security News) Putin horror warning over 'own goal' attack on UK coming back to haunt Kremlin (Express.co.uk) Putin plot: UK hospitals at risk of chilling ‘sleeper cell' attack by Russia (Express) Will Russia Launch a New Cyber Attack on America? (The National Interest) Hackers wage war on Russia's largest bank (The Telegraph) REvil prosecutions reach a 'dead end,' Russian media reports (CyberScoop) Microsoft Office zero-day "Follina"—it's not a bug, it's a feature! (It's a bug) (Malwarebytes Labs). Microsoft Word struck by zero-day vulnerability (Register) Clop ransomware gang is back, hits 21 victims in a single month (BleepingComputer) Conti ransomware explained: What you need to know about this aggressive criminal group (CSO Online)
A daily look at the relevant information security news from overnight.Episode 234 - 27 May 2022Word backdoor- https://www.zdnet.com/article/this-zero-day-windows-flaw-opens-a-backdoor-to-hackers-via-microsoft-word-heres-how-to-fix-it/WSL attack surface - https://www.bleepingcomputer.com/news/security/new-windows-subsystem-for-linux-malware-steals-browser-auth-cookies/Killnet warns Italy - https://www.thesundaily.my/world/italy-on-alert-over-killnet-cyber-attack-threat-DA9266005Spirit Super suckered - https://portswigger.net/daily-swig/data-breach-at-australian-pension-provider-spirit-super-impacts-50k-victims-following-phishing-attackEnemyBot adapting - https://threatpost.com/enemybot-malware-targets-web-servers-cms-tools-and-android-os/179765/Hi, I'm Paul Torgersen. It's Monday May 31st, 2022, and this is a look at the information security news from overnight. From ZDNet.comSecurity researchers discovered a zero-day flaw called Follina that enables a malicious Word document to execute code via the Microsoft Support Diagnostic Tool, even when macros are disabled. There is no patch yet. For mitigation, Microsoft recommends disabling a protocol used for troubleshooting Windows bugs. Details and links in the article. From BleepingComputer.com:Hackers are showing an increased interest in the Windows Subsystem for Linux, or WSL, as an attack surface for new malware. Some of the more advanced samples are suitable for espionage and downloading additional modules. After the first malicious Linux binary for WSL was discovered just over a year ago, Black Lotus Labs says that since last fall, they have tracked more than 100 samples of WSL-based malware. From TheSunDaily.my:Italy is on high alert after the pro-Russian ‘Killnet' hacker group said it would launch a cyber attack that would inflict “irreparable” damage on the country. Killnet has staged several attacks on Italian public institutions in recent weeks, including on the websites of the Senate and the defense ministry. All this in response to Italy backing Western sanctions on Russia following its invasion of Ukraine. From PortSwigger.net:A phishing attack on Australian pension provider Spirit Super has resulted in PII being leaked on some 50,000 customers. The personal data includes names and other sensitive information, but according to the company, does not include birthday, tax ID or driver's license numbers, or bank account details. And last today, from ThreatPost.comA rapidly evolving IoT malware dubbed EnemyBot is targeting content management systems, web servers and Android devices, taking advantage of recently disclosed vulnerabilities in VMWare, Adobe, WordPress and others. The threat actor group Keksec is believed to be behind the distribution of the malware, which borrows code heavily from other botnets, such as Mirai, Qbot and Zbot. Details in the article. That's all for me today . Have a great rest of your day. And until tomorrow, be safe out there.
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: The msdt/office lolbinapalooza Microsoft to introduce sensible defaults to Azure Twitter fined $150m for sms 2fa spam It turns out npm got owned in that Heroku/Travis CI thing AWS cred-stealing supply chain attack was research your honour, I swear! Much, much more We'll be chatting with Airlock Digital co-founder and CTO Daniel Schell in this week's sponsor interview. He'll be walking us through some of his own research into how to own Microsoft boxes via document-embedded office add-ins. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes nao_sec on Twitter: "Interesting maldoc was submitted from Belarus. It uses Word's external link to load the HTML and then uses the "ms-msdt" scheme to execute PowerShell code. https://t.co/hTdAfHOUx3 https://t.co/rVSb02ZTwt" / Twitter Follina — a Microsoft Office code execution vulnerability | by Kevin Beaumont | May, 2022 | DoublePulsar Kevin Beaumont on Twitter: "Additional Follina issue, if you use wget in Powershell, it blindly executes any code via MSDT as it trusts all MS Protocol URIs. So to clarify, if you wget a webpage you don't control and the webpage adds Follina exploit string, your server the runs the code." / Twitter Microsoft Office Remote Code Execution - “Follina” MSDT Attack Raising the Baseline Security for all Organizations in the World - Microsoft Tech Community npm security update: Attack campaign using stolen OAuth tokens | The GitHub Blog Twitter fined $150 million by FTC for alleged privacy violations - The Record by Recorded Future REvil prosecutions reach a 'dead end,' Russian media reports Multiple flights across India grounded after SpiceJet airline hit with ransomware - The Record by Recorded Future Exclusive: Russian hackers are linked to new Brexit leak website, Google says | Reuters Российские компании начали увольнять украинских ИT-специалистов — РБК Hacker Leaks Mountain of Files From Inside Xinjiang Camps Spain set to strengthen oversight of secret services after NSO spying scandal | The Times of Israel No evidence of exploitation of Dominion voting machine flaws, CISA finds - The Washington Post Researchers identify FIDO2 protocol vulnerabilities - Security - iTnews 756.pdf Security ‘researcher' hits back against claims of malicious CTX file uploads | The Daily Swig Israeli private detective used Indian hackers in job for Russian oligarchs, court filing says | Reuters Hacker Steals Database of Hundreds of Verizon Employees GarWarner on Twitter: "Last month the US Department of Justice petitioned the court to be allowed to seize Mr. Woodbery's Bitcoin. 151.885720427 BTC is 11,930,370 Naira or $4,364,299 USD currently. (Thread 1/? ) https://t.co/Xh39FTLQUV" / Twitter Malcolm Herbert on Twitter: "@riskybusiness @Metlstorm ... for some reason I never pictured you guys as doing a recording session before sunup, but then I guess with @Metlstorm being in NZ that kinda makes sense now that I think about it ... I'll see myself out ..." / Twitter Darknet market Versus shuts down after hacker leaks security flaw Omnipotent BMCs from Quanta remain vulnerable to critical Pantsdown threat | Ars Technica Red Canary Managed Detection and Response - YouTube Airlock Digital Demo - YouTube
China censoring open-source code Follina zero-day hits Office EnemyBot botnet acts fast Thanks to today's episode sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Inspector and Pageguard, Feroot's automated data protection solutions, increase code visibility, facilitate threat analysis, and detect and protect from dangerous client-side attacks, such as Magecart, cross-site scripting, e-skimming, and other threats focused on front-end JavaScript and web applications. Learn more at www.feroot.com.
[Referências do Episódio] - Follina - https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e - Script que gera documentos prontos para explorar a Follina - https://github.com/chvancooten/follina.py - Medidas de mitigação para a Follina (CVE-2022-30190) - https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ - Operation Killer Bee - https://www.interpol.int/News-and-Events/News/2022/Online-scamming-fraud-three-Nigerians-arrested-in-INTERPOL-Operation-Killer-Bee - Falhas na interação com arquivos tiff pelo SUSE - https://linuxsecurity.com/advisories/suse/suse-2022-1882-1-important-tiff-14-18-37 - Mais de 70 vulns no catálogo da CISA - https://www.itsecurityguru.org/2022/05/30/cisa-adds-75-vulnerabilities-to-catalogue-in-3-days/ - O catálogo da CISA - https://www.cisa.gov/known-exploited-vulnerabilities-catalog [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto
" Senza Esperienza " Clochard Aforisma Vita & Scrittura Rap 2021
In Episode 31, Jamie talks to Contemporary Dance Artist Jorja Follina about everything from getting into Dance, being a freelancer, movement & wellbeing, being part of 'The Norm Project' and much much more. Jorja Follina: Jorja's Website: https://jorjafollina.wixsite.com/dancefitness Jorja's Dance and Fitness Classes: https://jorjafollina.wixsite.com/dancefitness/online-class-schedule Jorja on Instagram: https://www.instagram.com/jay_follina/ 'The Norm Project' on Instagram: https://www.instagram.com/the_norm_project/ 'The Norm Project' Linktree: https://linktr.ee/thenorm The National Youth Dance Company of Scotland (NYDCS): https://ydance.org/talent-development/nydcs/overview/ Check out our website!: https://www.justgetarealjob.com Donate to our Patreon page ☺️: www.patreon.com/justgetarealjob Follow us on... Facebook: https://www.facebook.com/justgetarealjob/ Instagram: https://www.instagram.com/justgetarealjob/ Twitter: https://twitter.com/justgetarealjob Spotify: https://open.spotify.com/show/5jhVdYlNMU8jrFUQxShMit Apple Podcasts: https://podcasts.apple.com/gb/podcast/just-get-a-real-job/id1540434153 Artwork by Aimee Dinsdale: https://www.instagram.com/artbyaimeead/ Like and Subscribe ❤
We are joined by Jorja Follina in this episode. Jorja is a freelance contemporary dance artist and fitness instructor based in Edinburgh. We chat through mindfulness and it's impact on Jorja's practice, her internship with Scottish Dance Theatre, somatic research in contemporary dance and Jorja's experience of the coronavirus lockdown. Follow Jorja on Facebook (https://www.facebook.com/jorjadanceandfitness/) and Instagram (https://www.instagram.com/jay_follina/) This episode was produced under the podcast's original name, the sportpsych podcast.