Podcasts about gandcrab

In today's podcast we cover four crucial cyber and technology topics, including: 1.Lockbit slams Mandiant, denying link to EvilCorp 2.Qbot now abusing Follina to target Windows product users 3.Black Basta updates ability to target Vmware on Linux 4.FBI shutdown SSNDOB illegal marketplace with aid from Cyprus I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

In today's podcast we cover four crucial cyber and technology topics, including: 1.Flaw in Cisco Umbrella Virtual Appliance allows theft of admin credentials 2.Snort flaw could make security service unusable 3.PrivateBin flaw could allow XSS via image preview issue 4.REvil advertising services with an improved ransomware module I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: NSO Group tools found on US embassy staff phones in Uganda Mitto is up to shady bidnez Ubiquiti “whistleblower” charged over hack Hounds everywhere Planned Parenthood breached Much, much more This week's sponsor interview is with Andrew Morris of Greynoise. Greynoise has a bunch of sensors out there on the Internets, so they can tell you when and IP that's hitting you is also hitting everyone else. If you work in a SOC, you know this is very useful. Greynoise has just signed a $30m deal with the US Department of Defense. As Andrew will explain in just a moment, this means if you work in a DoD agency it's now very easy for you to get a subscription. In this interview I also talk to Andrew about his adventures chasing down one of the people spamming Internet attached receipt printers with the antiwork manifesto from Reddit. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes NSO Pegasus spyware used to hack U.S. diplomats' phones - The Washington Post This Swiss Firm Exec Is Said To Have Operated A Secret Surveillance Operation - Bloomberg Ubiquiti Developer Charged With Extortion, Causing 2020 “Breach” – Krebs on Security Cyber Command boss acknowledges US military actions against ransomware groups Canadian spy agency targeted foreign hackers to ‘impose a cost' for cybercrime - National | Globalnews.ca FBI seized $2.3M from affiliate of REvil, Gandcrab ransomware gangs gov.uscourts.2.2.million-ransom-seizure - DocumentCloud 400,000 Planned Parenthood users' data stolen in ransomware attack Canadian police arrest Ottawa resident for ransomware attacks - The Record by Recorded Future Ransomware tracker: the latest figures [December 2021] - The Record by Recorded Future Court hands Microsoft control of websites linked to spying by Chinese hackers NICKEL targeting government organizations across Latin America and Europe - Microsoft Security Blog A mysterious threat actor is running hundreds of malicious Tor relays - The Record by Recorded Future The Justice Department is ramping up its crackdown on money mules FIN7 hacker trialed in Russia gets no prison time - The Record by Recorded Future 1.5 million users joined Facebook Protect since September - The Record by Recorded Future Facebook Will Force More At-Risk Accounts to Use Two-Factor | WIRED Cyber incident reporting mandates suffer another congressional setback (5) Derek B Johnson on Twitter: "This statement from House Homeland Chair Bennie Thompson and Cyber Subcommittee Chair Yvette Clarke says process around incident reporting legislation was wracked with "dysfunction" and appears to firmly shut the door on the bill being reinserted into the NDAA. https://t.co/iBpmxAFJgQ" / Twitter BitMart loses $150 million in the second-largest crypto-heist of the year - The Record by Recorded Future Hacked Cryptocurrency Platform Begs Hacker to Please Return $119 Million Really stupid “smart contract” bug let hackers steal $31 million in digital coin | Ars Technica Received Some Random Cryptocurrency? It Might Be a Phishing Scam. Web skimmers hit 300+ sites hidden inside Google Tag Manager containers - The Record by Recorded Future New Payment Data Stealing Malware Hides in Nginx Process on Linux Servers Zoho warns of new zero-day vulnerability exploited in attacks - The Record by Recorded Future APT groups from China, Russia, and India adopt novel attack technique - The Record by Recorded Future Flaws in Tonga's top-level domain left Google, Amazon, Tether web services vulnerable to takeover | The Daily Swig Compromising Email Supply Chains | CanIPhish GitHub - SummitRoute/csp_security_mistakes: Cloud service provider security mistakes USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services - SentinelOne A different way to do PAM -- Paul Lanzi, Remediant - YouTube Material Security: Keeping email safe at rest - YouTube The Sweeney Background Music (1975-1978) - YouTube

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss some recent attack campaigns aimed at critical infrastructure organizations in several countries around the world, the possible return of the Emotet botnet, and some law enforcement activity that has led to the arrest of people involved with both the REvil and Gandcrab ransomware. We also discuss some new techniques being used by the BazarLoader gang, and an FBI system being compromised and used to send out fake information security alerts.

Europol et le département de la Justice américain ont annoncé le même jour, le 8 novembre, l'arrestation de plusieurs pirates liés à Sodinokibi/REvil ou son prédécesseur GandCrab. C'est le résultat de l'opération GoldDust, qui a impliqué 17 pays à travers le monde, ainsi qu'Interpol, Europol et Eurojust.Lire l'article sur Siècle Digital. Voir Acast.com/privacy pour les informations sur la vie privée et l'opt-out.

In today's podcast we cover four crucial cyber and technology topics, including:  1. Robinhood says data stolen after social engineering attack   2. EU electronics retailer reduced to cash transactions after ransomware attack  3. Europol officials arrest more GandCrab-associated ransomware operators  4. U.S. sanctions crypto exchange saying half of transactions were “high risk”  I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien are joined by Symantec threat researcher Alan Neville to discuss the biggest cyber security story of the last couple of weeks - the vulnerabilities in Microsoft Exchange Server. Alan gives a comprehensive overview of the vulnerabilities, what’s happened since they became public knowledge last week, and the steps you can take to keep your organization’s network safe. He also talks about some of the post-compromise activity that Symantec has seen. We also chat about some other topics: new research into the SolarWinds hack, and the arrest of an alleged GandCrab ransomware gang member.

In today's podcast we cover four crucial cyber and technology topics, including: 1. Alledged GandCrab affiliate arrested in Korea2. UnityMiner targeting vulnerable, but patchable QNAP NAS devices 3. University of Texas at El Paso suffering ransomware attack 4. Virgina passes new data protection act to take effect 2023 I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com

As the coronavirus pandemic wears on and back to school time is upon us, districts are facing decisions about reopening in person, offering virtual learning options, or doing both. To talk about the challenges of distance education including access, funding, student learning, and, of course, cybersecurity, we welcome Amy McLaughlin, Cybersecurity Project Director for the Consortium for School Networking – www.cosn.org. Amy discusses solutions some schools have come up with, why different age groups are better suited for virtual learning than others, why funding formulas are challenging, and her biggest concern with online education moving forward during COVID-19.Our cybersecurity headlines segment includes some scary news about email vulnerabilities, a GandCrabber getting caught, and updates on the Twitter hack and WastedLocker ransomware stories from our previous episode.Read along:Decades-Old Email Flaws Could Let Attackers Mask Their Identitieshttps://www.wired.com/story/decades-old-email-flaws-could-let-attackers-mask-identities/GandCrab ransomware hacker arrested in Belarushttps://nakedsecurity.sophos.com/2020/08/04/gandcrab-ransomware-hacker-arrested-in-belarus/Tampa teenager accused in Twitter hack pleads not guiltyhttps://abcnews.go.com/Technology/wireStory/tampa-teenager-accused-twitter-hack-pleads-guilty-72168491WastedLocker Ransomware abuses Windows feature to avoid detectionhttps://www.bleepingcomputer.com/news/security/wastedlocker-ransomware-abuses-windows-feature-to-evade-detection/Get info on all things network security through our new, improved blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are out every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!

Researchers at McAfee's Advanced Threat Research Team have been analyzing Sodinokibi ransomware as a service, also known as REvil. John Fokker is head of cyber investigations for McAfee Advanced Threat Research, and he joins us to share their findings. The research is here: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/ The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.

Researchers at McAfee's Advanced Threat Research Team have been analyzing Sodinokibi ransomware as a service, also known as REvil. John Fokker is head of cyber investigations for McAfee Advanced Threat Research, and he joins us to share their findings. The research is here: https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/

BlueKeep is being exploited in the wild, not too seriously, yet, but you should still patch. Nunavut’s government is recovering from a ransomware attack is sustained Saturday morning. The NSO Group controversy spreads into an Indian politcal dust-up. Different Magecart groups are found to be be independently hitting the same victims. GandCrab provided a new template for the cyber underworld. And US Cyber Command deploys to Montenegro. Joe Carrigan with thoughts on the Coalfire pentesters criminal case. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/November/CyberWire_2019_11_04.html  Support our show

A daily look at the relevant information security news from overnight.Episode 166 - 03 October 2019Vendor email compromise - https://www.bleepingcomputer.com/news/security/new-silent-starling-gang-targets-500-vendors-in-bec-scam-twist/Ghostcat - https://www.scmagazine.com/website-web-server-security/browser-hijacking-ghostcat-malware-haunts-online-publishers/Zendesk alerted to breach - https://www.zdnet.com/article/zendesk-discloses-2016-data-breach/Geost banking bot - https://threatpost.com/virus-bulletin-geost-android-botnet/148864/GandCrab to Sodinokibi - https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-builds-an-all-star-team-of-affiliates/

“We’re all in this together,” says Wes Spencer of Perch Security. Wes discusses the scope and nature of recent MSP-focused ransomware attacks and the practical steps you can take right now to protect yourselves, your clients, and the managed services industry.  Find show notes at https://www.auvik.com/franklymsp/051

Sobinokibi ransomware looks more like the child of GandCrab, and McAfee has some thoughts on how ransomware-as-a-service operates. FakeUpdates are back, and they’re installing ransomware, too. The Adwind RAT is back and infesting a new set of targets: it’s moved on from hospitality and retail and into the oil industry. Maliciously crafted ODT files are appearing in the wild. And a big database about Russian taxpayers has appeared in an unsecured Elasticsearch cluster. Ben Yelin from UMD CHHS on a California town implementing a robot police patrol unit. Guest is Daniel Garrie from Law & Forensics on eDiscovery. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/October/CyberWire_2019_10_02.html  Support our show

On this week's news wrap podcast, Threatpost editors Tara Seals and Lindsey O'Donnell break down the top news, including: Despite claiming they were retiring, GandCrab's authors have been linkedto the REvil/Sodinokibi ransomware via a technical analysis. A spearphishing campaign, first spotted in Julytargeting three U.S. utility companies with a new malware variant, has evolved its tactics and extended its targetingto include nearly 20 companies. A known threat actor, Tortoiseshell, is targeting U.S. military veteranswith a fake veteran hiring website that hosts malware.

Tortoiseshell is trolling for military veterans. There’s been a fresh Fancy Bear sighting. The transcript of a conversation between the US and Ukrainian presidents has been released. Citizen Lab warns that Poison Carp is actively working against Tibetan groups. A zero-day afflicting vBulletin forum software is out. GandCrab comes out of retirement. And there’s an odd spam campaign in circulation that looks like phishing but seems not to be.  Ben Yelin from UMD CHHS on the White House blocking Congress from auditing its offensive hacking strategy. Guest is Tim Keeler from Remediant looking at lateral movement in the context of the NotPetya attacks. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/September/CyberWire_2019_09_25.html  Support our show

Bei GandCrab handelt es sich um einen Verschlüsselungstrojaner- und er ist mittlerweile die am weitesten verbreitete Ransomware der Welt. Die GandCrab-Ransomware-Familie trat im Januar 2018 zum ersten Mal in Erscheinung. Die gefährliche Ransomware arbeitet nach einem „Affiliate-Modell“: Das bedeutet, dass die GrandCrab- Entwickler die Ransomware interessierten Kunden als „Ransomware-as-a-Service“ zur Verfügung stellen und dafür einen Teil des Gewinns erhalten. Die beliebte Ransomware-Familie wird mittlerweile über unterschiedliche Wege verbreitet. Zu den häufigsten Angriffsvektoren gehören Spam-E-Mails, Exploit-Kits und zugehörige Malware-Kampagnen. Doch in den meisten Fällen versteckt sich GrandCrab in gefälschten Bewerbungsanschreiben, denen eine verschlüsselte Archivdatei (etwa .rar oder .zip) und eine als angebliche .pdf-Datei getarnte .exe-Datei beigefügt ist. Den Empfängern wird dann das zum Öffnen der Archivdatei nötige Passwort im Text der E-Mail oder einer ebenfalls beigefügten .txt-Datei mitgeteilt Ähnlich wie beim Vorgänger GoldenEye, der im Jahr 2016 nach ganz ähnlichem Prinzip agierte, geben sich die Angreifer als Jobsuchende aus. Doch während die Bewerbungsanschreiben bei GoldenEye noch massenhaft Rechtschreib- und Grammatikfehler aufwiesen, sieht dies bei GandCrab ganz anders aus: Die E-Mails sind tadellos und lassen keine Annahme zum Betrug zu. Wie auch schon bei GoldenEye, werden bei GrandCrab-Angriffen die Empfänger dazu verleitet, das gefälschte Bewerbungsanschreiben im Anhang zu öffnen. Dabei handelt es sich in der Regel um eine .doc, sprich eine veraltete Word-Datei. Sobald die Empfänger das Dokument öffnen, erscheint ein täuschend echter Hinweis im Microsoft Office Design. Darin werden die Empfänger aufgefordert, den Kompatibilitätsmodus zu aktivieren, da es sich bei diesem vermeintlichen Dokument um ein veraltetes Format handelt. Sobald die Empfänger dieser Aufforderung nachkommen, wird die Ausführung von Makros zugelassen und mithilfe von Windows-Bordmitteln die eigentliche Ransomware von einer zuvor gekaperten Webseite heruntergeladen und ausgeführt. GrandCrab wiederum verschlüsselt die Festplatte und ersetzt den Desktop-Hintergrund mit einem Bild der Lösegeldforderung. Im vergangenen Jahr übertraf GrandCrab andere Ransomware-Varianten in ihrer Popularität und Viralität. Einige GandCrab-Nutzer begannen Unternehmen über exponierte Remote-Desktop-Protocol-Instanzen anzugreifen oder sich direkt mit gestohlenen Domänen-Anmeldeinformationen anzumelden. Nach der Authentifizierung auf einem kompromittierten PC führten die Angreifer die Ransomware manuell aus und wiesen sie an, sich über ein ganzes Netzwerk zu verteilen. Sobald das Netzwerk infiltriert war, beseitigten sie ihre Spuren und kontaktieren die Betroffenen mit einem Entschlüsselungsangebot. Schon damals veröffentlichte das Bundesamt für Sicherheit in der Informationstechnik eine Warnung. Darin heißt es: Ransomware ist und bleibt eine ernstzunehmende Bedrohung. Das Vorgehen der Cyber-Kriminellen im aktuellen Fall zeigt zudem, dass technische Gegenmaßnahmen konsequent und durchdacht umgesetzt werden müssen. Sensibilisierungsmaßnahmen für Mitarbeiterinnen und Mitarbeiter sollten außerdem zum Standardfortbildungsprogramm in Unternehmen gehören, insbesondere dort, wo auch E-Mails von unbekannten Absendern mit unbekannten Dateianhängen geöffnet werden müssen, wie es in Personalabteilungen der Fall ist. Viele Unternehmen leiden unter dem Fachkräftemangel und freuen sich über jede Bewerbung, die sie erhalten. Dies sollte jedoch nicht zu Nachlässigkeiten bei der Cyber-Sicherheit führen." Bevor wir nun zum Ende unsere heutigen Podcasts kommen, möchte ich Ihnen noch einige Tipps zum Schutz vor Ransomware mit auf den Weg geben: Implementieren Sie eine Sicherheitslösung mit mehrschichtiger Anti-Ransomware-Abwehr, um eine GrandCrab- Infektion sowie andere Malware-Infektionen zu verhindern. Sichern Sie Ihre Daten regelmäßig Vermeiden Sie das Öffnen von E-Mail-Anhängen unbekannter E-Mails   Und im Falle einer gelungenen Infektion, sollten Sie den Forderungen der Angreifer auf keiner Weise nachkommen. Sichern Sie stattdessen die verschlüsselten Informationen und verständigen Sie die Polizei. Kontakt: Ingo Lücker, ingo.luecker@itleague.de

Mai menü: beszélgetünk kicsit a szteganográfiáról, ninja megmutatja hogy lehet őt egy éjszakai felvételen megtalálni iOS app-in-the-middle sérülékenység Kihangosított hangszoró rezgésével hallgatnak le az appok Apple féle adó-vevő nem elérhető egy bug miatt AgentSmith aki nem a Man in Blackből van Slack úgy dönt, majd ő reseteli a jelszavad, ha te nem tetted meg 4 éve... A GandCrab csapata úgy tűnik mégse vonul nyugdíjba Új tool, Kali a RasberryPi-n Biztonságos kommunikáció és információ megosztás a gonosz gnómok a linux desktop évét veszélyeztetik Facebookot megbüntették!

Bu hafta FBI’ın yayımladığı Gandcrab fidye virüsü anahtarları, Bulgaristan Maliye Bakanlığı’nın hacklenmesi, Trickbot virüsünün 250M e-posta hesabını ele geçirmesi ve bluetooth ile çalışan saç düzleştiricilerinin hacklenebilmesi üzerine konuştuk. Keyifli dinlemeler, #siberingunlugu Tuğba Öztürk & Murat Lostar

Sprint warns of data breach. Eclypsium announces discovery of server firmware supply chain problems. Bluetooth Low Energy may be less secure than thought. Congress hears about US census cybersecurity. Ransomware and continuity of operations. The FBI offers help decrypting GandCrab-affected files. Venafi on why financial services are especially affected by certificate issues. Congress asks to see NSPM 13. And an arrest is made in Bulgaria’s tax agency hack. Ben Yelin from UMD CHHS on the DOJ being required to make public attempts to break encryption in Facebook Messenger. Tamika Smith speaks with Alex Guirakhoo from Digital Shadows about scammers registering fake domains to try to capitalize on Facebook’s Libra cryptocurrency plans. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_17.html  Support our show

The retirement of GandCrab’s hoods may have been exaggerated. Video conferencing tools RingCentral and Zhumu may have picked up Zoom’s issues in the tech they licensed. Broadcom’s projected acquisition of Symantec is on hold, at least for now. One Silicon Valley executive calls another company “treasonous.” The US FCC wants to reign in robo-calls. And there’s a free decryptor out for Ims0rry ransomware. Emily Wilson from Terbium Labs on recent Terbium research on transnational crime. Guest is Wim Coekaerts from Oracle on security in the age of AI. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_16.html  Support our show

We continue our discussion from last week about the new world of subscribing to everything and what some of our most valuable subscriptions are. After that we have all kinds of technology news and tips including Walmart, child trackers, and Harry Potter. Enjoy! Make sure to join the Notnerd Facebook Group and let us know how you tech better. We're also looking for your ProTips and Picks of the Week. Show Notes and Links: Subscription followup (01:10) Palm’s tiny phone now available unlocked (07:05) Walmart Grocery offers a $98/year delivery unlimited subscription (07:25) Walmart is tracking checkout theft with “AI-powered” cameras in 1000 stores (09:10) Amazon leases 15 more Boeing planes to expand air cargo network by 28% (11:15) Public Betas available (12:20) Cryptowatch: Facebook announces new Libra cryptocurrency (14:10) Dave’s Pro Tip of the Week: Google’s Inactive Account Manager (17:45) Sprint is the latest telecom to offer a tracking device that uses LTE (22:05) Best child trackers (24:00) New Circle Home Plus device for parental control (26:15) Where users click after searching on Google (27:05) Apple expands authorized repairs to 1000 Best Buy stores (29:55) Apple recalls battery on some 2015 15” MacBook Pros (31:30) Robocalls are overwhelming hospitals and patients (31:55) Harry Potter Wizards Unite now available on iOS and Android (33:35) Security/Privacy: New free tool to decrypt GandCrab ransomware (34:55) Florida city pays $600k to hackers (35:35) NASA hacked by Raspberry Pi (35:50) Raspberry Pi 4 now available (36:20) Bonus Odd Take: How to factory reset your GE light bulbs (37:50) Picks of the Week: Dave: Fire TV full price (39:55) Nate: https://unapp.li (43:00) Ramazon™ purchase (45:10) Check out the Notnerd YouTube channel for great videos Leave an iTunes Review and be featured on the Podcast ** Nate’s video about how to listen to podcasts ** Support Notnerd on Patreon and get cool stuff Brought to you by #OneBackupIsNoneBackup Shop Amazon: Amazon.Notnerd.com Subscribe and Review in iTunes Contact Info: www.Notnerd.com Twitter - @N0tnerd, Nate - @NetBack, Dave - @DavyB Notnerd Youtube Channel Notnerd Facebook Email - info@Notnerd.com Call or text 608.618.NERD(6373) If you would like to help support Notnerd financially, mentally or physically, please contact us via any of the methods above. Consider any product/app links to be affiliate links.

Emsion #15 Firefox Lockwise te puede ayudar a guardar tus contraseñas. ¿Qué pasaría si pudieras romper todo tipo de criptografía? Software en las bombas de gasolina para robar combustible. Hackean el sitio de noticias Flipboard El Ransomware “GandCrab” cerró sus servicios después de recaudar $ 2,500 millones de dólares. BlueKeep, la vulnerabilidad en el Protocolo de Escritorio Remoto

On this week’s Cyber Security Brief, we chat about our report looking into the Internet Research Agency's disinformation campaign targeting the 2016 US presidential election. We also talk about the apparent retirement of the operators behind GandCrab, and red faces in both the New Zealand government and the Dutch Data Protection Authority.

6/6/19 Quest Breach; BlueKeep; GandCrab; Internet Weather | AT&T ThreatTraq

Google’s cloud services recover from network congestion. GandCrab’s proprietors say they’re retiring rich at the end of the month. BlackSquid delivers the XMRig Monero miner. Updates on the Baltimore ransomware incident. Too many machines not yet patched against BlueKeep. CEO sentenced for providing criminals crypto. The US Justice Department is said to be preparing an antitrust investigation of Google. And “The Persistence of Chaos” has been sold for $1.3 million.  Joe Carrigan from JHU ISI on Google restricting ad-blocking in upcoming versions of Chrome. Tamika Smith speaks with Washington Post writer Geoffrey Fowler on his recent article “It’s the middle of the night. Do you know who your iPhone is talking to?” For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_03.html  Support our show

Il Ransomware continua a mietere vittime. Il numero di attacchi diminuisce ma il giro d’affari dei cybercriminali è in aumento. Attacchi sempre più specifici e targettizzati sulle caratteristiche dei sistemi vittima: che fare per mitigare il rischio dei clienti. Tutti i dettagli sul sito di RadioAchab.

Zero-Days in Counter Strike client could be used to build a major botnet, huge aluminum plants hit by 'severe' ransomware attack, Myspace loses 50 million songs in server migration, wifi signals can reveal your password, and PuTTY in your hands: an SSH client gets patched after RSA key exchange memory vulnerability was spotted! Ralf Hund from VMRay joins us for expert commentary to discuss the Evolution of GandCrab! To learn more about VMRay, visit: https://securityweekly.com/vmray Full Show Notes: https://wiki.securityweekly.com/HNNEpisode211

This week, Zero-Days in Counter Strike client could be used to build a major botnet, huge aluminum plants hit by 'severe' ransomware attack, Myspace loses 50 million songs in server migration, wifi signals can reveal your password, and PuTTY in your hands: an SSH client gets patched after RSA key exchange memory vulnerability was spotted! Ralf Hund from VMRay joins us for expert commentary to discuss the Evolution of GandCrab!   To learn more about VMRay, visit: https://securityweekly.com/vmray Full Show Notes: https://wiki.securityweekly.com/HNNEpisode211 Visit https://www.securityweekly.com/hnn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly  

This week, Zero-Days in Counter Strike client could be used to build a major botnet, huge aluminum plants hit by 'severe' ransomware attack, Myspace loses 50 million songs in server migration, wifi signals can reveal your password, and PuTTY in your hands: an SSH client gets patched after RSA key exchange memory vulnerability was spotted! Ralf Hund from VMRay joins us for expert commentary to discuss the Evolution of GandCrab!   To learn more about VMRay, visit: https://securityweekly.com/vmray Full Show Notes: https://wiki.securityweekly.com/HNNEpisode211 Visit https://www.securityweekly.com/hnn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

The scope of Iran-linked APT33 cyberattacks has been revealed. GandCrab criminals are using more sophisticated tactics. A new type of malware was using Slack to communicate. Chrome gets an important update. Huawei sues the US, and Germany sets tougher security rules for telecom companies. And people who invest in cryptocurrency often don't know what they're getting into. David Dufour from Webroot with his thoughts on RSA Conference. Guest is Asaf Cidon from Barracuda Networks on account takeover vulnerabilities. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_07.html  Support our show

Flashpoint Director of Research Chris "Tophs" Elisan discusses the development and business structure behind the GandCrab ransomware. Elisan, along with co-presenters from Microsoft and F5 Networks, discussed GandCrab and other malware and exploits turning a profit for criminal gangs during a talk this week at RSA Conference 2019 in San Francisco. Hear Elisan describe the evolution of GandCrab, services and partnership aspects to the operation, and the profits generated from these attacks. 

This week, Phil and Alex join Harrison to discuss a new malware delivery technique using the Outlook preview panel. Also, threat actor Gnosticplayers was offering large data sets for sale on Dream Market, the Blind Eagle APT group swooped into the news, and Gandcrab is back trying to pinch its victims in new ways. Finally, the guys try to find a new nickname for Alex. Full Intelligence Summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-14-feb-21-feb-2019

In today’s podcast, we hear that Microsoft has disclosed a Fancy Bear sighting, snuffling around Atlanticist think tanks in Europe. Ukraine says, in effect, see, we told you so. Speaking of bears, it seems that North Korea’s Hidden Cobra may be striking at the biggest bear of them all, going after Russian targets. There’s new decryptor available for GandCrab ransomware. Citizen Lab and NSO Group’s new partial owner exchange notes. A look at a ransomware help desk. Mike Benjamin from CenturyLink with an update on the Necurs botnet. Guest is Tommy McDowell from the R-CISC (the retail ISAC) on the importance of sharing threat data.

A daily look at the relevant information security news from overnight.Episode 88 - 20 February 2019Malware via FB messenger and Skype - https://www.zdnet.com/article/rietspoof-malware-spreads-via-facebook-messenger-and-skype-spam/StreetEasy hacked - https://therealdeal.com/2019/02/19/a-million-streeteasy-accounts-hacked/GandCrab help available - https://threatpost.com/gandcrab-decryptor-ransomware/141973/Hackers after European think tanks - https://www.cnbc.com/2019/02/20/microsoft-says-hackers-attacked-european-think-tanks-last-year.htmlBanks phishing banks - https://www.bleepingcomputer.com/news/security/hackers-use-compromised-banks-as-starting-points-for-phishing-attacks/

In today’s podcast, we hear that GandCrab has been scuttling through unpatched holes. Independent testing as an alternative to banning specific vendors as security risks. Big Tech gets some Congressional scrutiny over content moderation. Facebook takes down inauthentic accounts working to influence the Moldovan elections. The Federal Trade Commission is rumored to be queuing up a record privacy fine. Defending forward from disillusioned Bears. And happy birthday, GCHQ. Craig Williams from Cisco Talos on router vulnerabilities. Guest is Amanda Berlin, founder of Mental Health Hackers on her efforts to address mental health issues in infosec. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_15.html  Support our show

A daily look at the relevant information security news from overnight.Episode 85 - 15 February, 2019GandCrab hits via remote - https://www.zdnet.com/article/gandcrab-ransomware-gang-infects-customers-of-remote-it-support-firms/Emotet continues to evolve - https://threatpost.com/emotet-evasion-tactic-xml/141862/Proof of oncept for Intel flaw - https://www.scmagazine.com/home/security-news/researchers-developed-a-proof-of-concept-attack-which-allows-them-to-hide-malware-in-intels-software-guard-extensions-sgx/Chinese Muslim tracking database exposed - https://www.zdnet.com/article/chinese-company-leaves-muslim-tracking-facial-recognition-database-exposed-online/Coffee Meets Bagel schmeared - https://gizmodo.com/dating-apps-reputation-schmeared-by-data-breach-1832621624

Investigadores de seguridad han descubierto dos nuevas campañas de malware, una de las cuales distribuye el troyano Ursnif, mientras que la otra además de propagar el mismo malware, infecta al objetivo con el ransomware GandCrab. Aunque ambas campañas parecen ser trabajo de grupos de ciberdelincuentes separados, hay muchas similitudes en su ‘modus operandi‘. Ambos ataques comienzan con correos electrónicos en la que suplantan la identidad de un conocido para adjuntar un documento de Microsoft Word. Este documento contiene macros de VBS maliciosas que hacen uso de Powershell para ejecutar su carga útil e infectar al objetivo. La primera carga útil es una línea de Powershell codeada en base64 la cual evalúa la arquitectura del sistema objetivo y, dependiendo de la misma, descarga una carga adicional de Pastebin. Esta se ejecuta en memoria para hacer bypass de los antivirus comunes. Finalmente, la carga útil instala una variante del ransomware GandCrab en el sistema de la víctima, bloqueándolo hasta que pague el rescate pertinente. Ursnif es una familia malware bastante avanzado que perfecciona las técnicas de fileless al máximo. En las últimas muestras, se propaga a través de documentos Word con macros muy ofuscadas, con código fundamentalmente inútil y solo una línea funcional. De ahí descarga no un ejecutable, sino un comando que a su vez descargará el ejecutable. Talos ha cubierto Ursnif en el pasado, ya que es uno de los programas maliciosos más populares que los atacantes han implementado recientemente. En abril, detectaron que Ursnif se estaba enviando a través de correos electrónicos maliciosos junto con el troyano bancario IceID. Este ejecutable escribirá en una zona del registro la información necesaria para recrear un binario ofuscado en memoria. Y luego será invocado a través de un comando WMIC (con la salida redirigida al portapapeles) que a su vez llamará a un PowerShell que reconstruirá el binario. Y la infección continuará con la subida al Command and Control de comandos comprimidos en formato .CAB. En anteriores episodios te he hablado de este tipo de ataques de macros en Documentos de Microsoft Word, así que te daré unos tips para evitar la infección con este tipo de archivos: 1) Si no estas seguro del contenido del archivo, NO LO EJECUTES, ya que alguno de ellos puede aprovechar vulnerabilidades en Office y reproducir el malware una vez abierto el archivo. 2) Manten tus herramientas de antivirus y antimalware ACTUALIZADAS! 3) Una vez descargado el archivo confirma con tu antivirus si no tiene malware consigo, sí no te sientes seguro con el resultado puedes optar por la opción de la pagina www.virustotal.com en donde tendrás un antivirus online con una base de datos actualizada de los virus actuales que están propandose por redes sociales y correos electrónicos, ofreciéndote una mayor certeza en la detención del malware. 4) Si no reconoces a la persona que te ha enviado el archivo, elimina el email o el enlace que te han enviado a través de las redes sociales y para tu mayor tranquilidad puedes bloquear el contacto ó en el caso del correo electrónico, colocarlo en la carpeta de SPAM.

Google+ now to be shut down in April following second data leak and recent "sextortion" email scam includes GandCrab ransomware on episode 181 of our daily podcast.

In today's podcast, we hear that Bleeding Bit flaws leave Wi-Fi access points open to war drivers and other malefactors within a hundred meters of your equipment. US Cyber Command continues its attempts to dissuade foreign influence operations against midterm elections. Social networks have difficulty identifying who's buying ads. Canada's data privacy law takes effect today. GandCrab crooks take a million-dollar bath. And if you go to Soulmates in Google Play, you're looking for love in all the wrong places. Johannes Ullrich from the ISC Stormcast podcast on hiding malware in benign files. Guest is Tara Combs from Alfresco on coming US cyber regulations. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2018/November/CyberWire_2018_11_01.html Support our show

In today's podcast, we hear that British Airways' breach has gotten bigger. Mexico's financial institutions say they've contained the anomalies in interbank transfer systems. "Demonbot" is infesting poorly secured Hadoop servers. Google receives criticism for slow action against ad fraud. Bitdefender and Romanian police produce a decryptor for GandCrab ransomware. Discussion of a "Civilian Cybersecurity Corps:" are white hats the radio hams of the Twenty-first Century? Daniel Prince from Lancaster University joins us to talk about quantum hardware primitives. And Britney Hommertzheim, director of information security at AMC Theaters, sits down with Dave to talk about building partnerships within your organization to strengthen security’s role. For links to all the stories mentioned in today' podcast, check out today's Daily Briefing: https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_26.html

5/17/18 GPON Flaws; GandCrab; Password Re-Use; Internet Weather | AT&T ThreatTraq

Recorded 5/11/18 - First and foremost, we recorded this EP one day before our “birthday”. We want to thank everyone, especially you (the listeners), who have let us do this for the last year racking up over half a million downloads! In this EP, we welcome special guest Nick Biasini from Talos Outreach - we set out to talk about several topics, but spend most of our time with Nick around the idea of building a stronger culture of cybersecurity and what it would take to raise the baseline. We are missing Matt this week, and hope he had an amazing time following the DMB tour up to Burlington or whatever he was doing.

"Gandcrab" virus hits State of Connecticut Judicial branch, but no damage was caused. California proposes "right to repair" legislation for tech gadgets, which Apple opposes. "Flippy," an automated hamburger flipping robot, makes his debut in California restaurant. Documentary film sheds light on brilliant tech savvy actress Hedy Lamarr. A caller asks about when Malwarebytes should be used if he already has antivirus from his Internet provider; we review best security practices. How to access a love one's password protected computer after they die. Troubleshooting e-mail access problems Bell South with Microsoft Outlook. More information on actress Hedy Lamarr's contributions with "frequency hopping" technology which kept U.S. torpedos safe during World War II. How to properly recover a lost Microsoft or Yahoo account password, and how to secure these accounts even further using a technique called "two factor authentication." Does Windows Defender provide adequate protection for a home user? A caller wants to know if there are any recommended home automation products for use with Amazon Echo.

Ransomware News: GlobeImposter Gets A Facelift, GandCrab is Still Out there https://isc.sans.edu/forums/diary/Ransomware+news+GlobeImposter+gets+a+facelift+GandCrab+is+still+out+there/23417/ How to Break Encryption https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to-break-encryption/ Bypassing Adobe Flash Security Protections https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/ Hundreds of Bitcoin Mining Servers Stolen in Iceland https://www.theguardian.com/world/2018/mar/07/hundreds-of-bitcoin-mining-servers-stolen-in-iceland Several Android Mail Apps Send Password To Developer (article in German) https://www.kuketz-blog.de/mail-apps-zahlreiche-android-apps-uebermitteln-login-passwort/

Ransomware News: GlobeImposter Gets A Facelift, GandCrab is Still Out there https://isc.sans.edu/forums/diary/Ransomware+news+GlobeImposter+gets+a+facelift+GandCrab+is+still+out+there/23417/ How to Break Encryption https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to-break-encryption/ Bypassing Adobe Flash Security Protections https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/ Hundreds of Bitcoin Mining Servers Stolen in Iceland https://www.theguardian.com/world/2018/mar/07/hundreds-of-bitcoin-mining-servers-stolen-in-iceland Several Android Mail Apps Send Password To Developer (article in German) https://www.kuketz-blog.de/mail-apps-zahlreiche-android-apps-uebermitteln-login-passwort/