Podcasts about group ib

Group-IB has released a fascinating case investigation on deep fake fraud. Group-IB's Fraud Protection team published a report on how threat actors use deepfake technology to bypass biometric security in financial institutions, including facial recognition and liveness detection. It also details how they recently assisted a major Indonesian financial institution in identifying over 1,100 deepfake fraud attempts. Criminals used AI-generated deepfake photos to bypass the institutions digital KYC process. Fraudsters are increasingly using deepfake technology to bypass biometric security systems in financial institutions. These criminals are using AI-altered deepfake images, emulators, app cloning, and even virtual cameras to breach multiple layers of security.We speak with Yuan Huang, Group-IB's Cyber Fraud Analyst for APAC and discuss the significant social and financial impact of deepfake fraud, with recent losses in Indonesia alone estimated at $138.5 million USD.The advanced deepfake techniques include app cloning, AI-powered face-swapping and virtual camera applications and we discuss the growing challenges financial institutions face in detecting AI-driven deepfakes and proactive measures financial institutions must take to mitigate risks caused by evolving deepfake technology.For more information visit https://www.group-ib.com/blog/deepfake-fraud/For more on the Women in Security ASEAN Region Awards visit https://womeninsecurityaseanregion.com/ #deepfakes #mysecuritytv #groupib #topwomeninsecurityASEAN

Vége az Nvidia szárnyalásának? ITBusiness     2024-12-18 06:06:59     Cégvilág Infotech Apple Részvény Nvidia Míg más nagy tech vállalatok részvényei az elmúlt hetekben továbbra is élvezték a piac optimista hangulatát – az Apple például hétfőn 251 dollárra emelkedett, ami 3,8 ezer milliárd dolláros piaci értéket jelent – addig az Nvidia részvényei éppen az ellenkező irányba mozogtak. Hétfőn 1,7 százalékot estek, 132 dollárra csökkentek, ami azt jelenti, ho Az MI-jogok miatt aggódnak a fékezhetetlen agyvelejű MI-fejlesztők Bitport     2024-12-18 09:00:00     Infotech Az Anthropic már olyan szakembert is alkalmaz, aki azt kutatja, hogy képes lehet-e szenvedni egy MI-modell. Összegyűjtötték a legfurcsább Nokiákat First Class     2024-12-18 08:03:57     Mobiltech Telefon Múzeum Nokia Aki még 3210-essel kezdte a mobilos létezést, annak szívszorító hír lehet, hogy ezek a telefonok és koruk tervei, megoldásai már saját múzeumot kapnak. A Google Térkép leplezte le a gyilkost 24.hu     2024-12-18 12:00:04     Infotech Google Térkép GPS Csavaros történet vezetett a gyilkossághoz, amelyet a Google-nek köszönhetően sikerült megoldani. Egerek és emberek a virtuális térben Mínuszos     2024-12-18 10:33:47     Tudomány Virtuális valóság Egerek számára optimalizált virtuális valóság (VR) szemüveget fejlesztett ki a BrainVisionCenter Kutatóintézet és Kompetenciaközpont (BVC) a Kísérleti Orvostudományi Kutatóintézettel (KOKI) együttműködve. A közös eredmény új távlatokat nyit az agyműködés kutatásában és a látást helyreállító agy-számítógép interfészek fejlesztésében. A viselkedés és Kifinomult adathalász támadásokkal próbálják megkerülni az e-mail védelmi szoftvereket a csalók ICT Global     2024-12-18 06:03:40     Infotech Kiberbiztonság E-mail Egy átfogó adathalász támadássorozat során próbálják ellopni különböző szervezetek alkalmazottainak hitelesítési adatait – állítják a Group-IB kiberbiztonsági vállalat kutatói. Ki vigyáz az adataidra, ha Te nem? refresher.hu     2024-12-18 11:19:00     Tudomány Felmérés Egy friss felmérés szerint a magyar fiatalok túlnyomó többsége az adathalászattól, személyazonosság-lopástól és a profiljai feltörésétől tart a neten, többségük azonban mégsem teszi meg a megfelelő óvintézkedéseket a veszélyek ellen. Szuperolcsó Mini LED tévével rúgja rá az ajtót a piacra a TCL TechWorld     2024-12-18 13:07:53     Infotech Kína Torta LED A TCL T6L Kínában már be is mutatkozott. Az ára a tudása alapján bombázónak tűnik. A feltörekvő kínai óriás, a TCL a jelek szerint továbbra is fő célkitűzésének tartja, hogy minél nagyobb részt harapjon ki a tv tortából. Legalábbis erre utal, hogy a vállalat egy újabb olyan televízióval robbant elő, ami sokak számára igen vonzó A demenciát az érintettek, a hozzátartozók, de még az orvosok sem ismerik fel könnyen Qubit     2024-12-18 09:47:33     Tudomány Háziorvos Demencia A háziorvosok nincsenek felkészülve a tünetek észlelésére, ráadásul a kognitív hanyatlást évekig is el lehet rejteni, így a család is csak későn szembesül a demencia jeleivel. De lehet-e tesztelni a demenciát, mire érdemes figyelni, és hová lehet segítségért fordulni? Hatéves ügy miatt fizethet 250 millió eurós bírságot a Meta HWSW     2024-12-18 09:45:34     Infotech A Facebook 2018-as adatszivárgási botránya 29 millió felhasználó személyes adatait érintette. Jöhet a Samsungokra is a dinamikus sziget a One UI 7-tel Android Portál     2024-12-18 08:33:13     Mobiltech Mesterséges intelligencia Samsung Android A Samsung One UI 7, amely az Android 15 alapjaira épül, jelenleg béta tesztelési szakaszban van, és a vállalat részletesen bemutatta legújabb mesterséges intelligencia-képességeit. A Samsung által kiemelt Now Bar a One UI 7 központi eleme, amely lényegében a Dynamic Island koncepció saját értelmezése. A vállalat megfogalmazásában a Now Bar “új dime Megy a sárdobálózás Elon Musk és Elizabeth Warren szenátor között, SFB családja áll mindennek a hátterében? KriptoMagazin     2024-12-18 12:29:06     Modern Gazdaság Elon Musk Szenátor Elon Musk élesen reagált Elizabeth Warren szenátor vádjaira, miszerint a milliárdos új kormányzati szerepvállalása összeférhetetlenséget jelenthet. Musk szerint Warren kritikáit Sam Bankman-Fried (SBF) családja ihlette, és azok mögött valójában az ő szülei állnak. „Ezeket a dolgokat valójában SBF szülei írják Pocahontas számára” – írta Musk a közös Kamu karácsonyi ajándék, kamu weboldal mmonline.hu     2024-12-18 04:23:34     Gazdaság Kampány Mesterséges intelligencia Ajándék Közösségi média Kiberbiztonság Hoax Karácsonyi vásár Fillérekből összerakott weboldal, mesterséges intelligenciával generált termékek, kevesebb mint ötvenezer forintnyi hirdetési költség – közel 600 „vásárló”. Ez a végső mérlege a Médiaunió „A kulcs te vagy” karácsonyi kiberbiztonsági kampányának, amelyből kiderült, hogy a közösségi média felületeken kis munkával is nagy bajt lehet okozni. Ha nekünk A további adásainkat keresd a podcast.hirstart.hu oldalunkon.

Vége az Nvidia szárnyalásának? ITBusiness     2024-12-18 06:06:59     Cégvilág Infotech Apple Részvény Nvidia Míg más nagy tech vállalatok részvényei az elmúlt hetekben továbbra is élvezték a piac optimista hangulatát – az Apple például hétfőn 251 dollárra emelkedett, ami 3,8 ezer milliárd dolláros piaci értéket jelent – addig az Nvidia részvényei éppen az ellenkező irányba mozogtak. Hétfőn 1,7 százalékot estek, 132 dollárra csökkentek, ami azt jelenti, ho Az MI-jogok miatt aggódnak a fékezhetetlen agyvelejű MI-fejlesztők Bitport     2024-12-18 09:00:00     Infotech Az Anthropic már olyan szakembert is alkalmaz, aki azt kutatja, hogy képes lehet-e szenvedni egy MI-modell. Összegyűjtötték a legfurcsább Nokiákat First Class     2024-12-18 08:03:57     Mobiltech Telefon Múzeum Nokia Aki még 3210-essel kezdte a mobilos létezést, annak szívszorító hír lehet, hogy ezek a telefonok és koruk tervei, megoldásai már saját múzeumot kapnak. A Google Térkép leplezte le a gyilkost 24.hu     2024-12-18 12:00:04     Infotech Google Térkép GPS Csavaros történet vezetett a gyilkossághoz, amelyet a Google-nek köszönhetően sikerült megoldani. Egerek és emberek a virtuális térben Mínuszos     2024-12-18 10:33:47     Tudomány Virtuális valóság Egerek számára optimalizált virtuális valóság (VR) szemüveget fejlesztett ki a BrainVisionCenter Kutatóintézet és Kompetenciaközpont (BVC) a Kísérleti Orvostudományi Kutatóintézettel (KOKI) együttműködve. A közös eredmény új távlatokat nyit az agyműködés kutatásában és a látást helyreállító agy-számítógép interfészek fejlesztésében. A viselkedés és Kifinomult adathalász támadásokkal próbálják megkerülni az e-mail védelmi szoftvereket a csalók ICT Global     2024-12-18 06:03:40     Infotech Kiberbiztonság E-mail Egy átfogó adathalász támadássorozat során próbálják ellopni különböző szervezetek alkalmazottainak hitelesítési adatait – állítják a Group-IB kiberbiztonsági vállalat kutatói. Ki vigyáz az adataidra, ha Te nem? refresher.hu     2024-12-18 11:19:00     Tudomány Felmérés Egy friss felmérés szerint a magyar fiatalok túlnyomó többsége az adathalászattól, személyazonosság-lopástól és a profiljai feltörésétől tart a neten, többségük azonban mégsem teszi meg a megfelelő óvintézkedéseket a veszélyek ellen. Szuperolcsó Mini LED tévével rúgja rá az ajtót a piacra a TCL TechWorld     2024-12-18 13:07:53     Infotech Kína Torta LED A TCL T6L Kínában már be is mutatkozott. Az ára a tudása alapján bombázónak tűnik. A feltörekvő kínai óriás, a TCL a jelek szerint továbbra is fő célkitűzésének tartja, hogy minél nagyobb részt harapjon ki a tv tortából. Legalábbis erre utal, hogy a vállalat egy újabb olyan televízióval robbant elő, ami sokak számára igen vonzó A demenciát az érintettek, a hozzátartozók, de még az orvosok sem ismerik fel könnyen Qubit     2024-12-18 09:47:33     Tudomány Háziorvos Demencia A háziorvosok nincsenek felkészülve a tünetek észlelésére, ráadásul a kognitív hanyatlást évekig is el lehet rejteni, így a család is csak későn szembesül a demencia jeleivel. De lehet-e tesztelni a demenciát, mire érdemes figyelni, és hová lehet segítségért fordulni? Hatéves ügy miatt fizethet 250 millió eurós bírságot a Meta HWSW     2024-12-18 09:45:34     Infotech A Facebook 2018-as adatszivárgási botránya 29 millió felhasználó személyes adatait érintette. Jöhet a Samsungokra is a dinamikus sziget a One UI 7-tel Android Portál     2024-12-18 08:33:13     Mobiltech Mesterséges intelligencia Samsung Android A Samsung One UI 7, amely az Android 15 alapjaira épül, jelenleg béta tesztelési szakaszban van, és a vállalat részletesen bemutatta legújabb mesterséges intelligencia-képességeit. A Samsung által kiemelt Now Bar a One UI 7 központi eleme, amely lényegében a Dynamic Island koncepció saját értelmezése. A vállalat megfogalmazásában a Now Bar “új dime Megy a sárdobálózás Elon Musk és Elizabeth Warren szenátor között, SFB családja áll mindennek a hátterében? KriptoMagazin     2024-12-18 12:29:06     Modern Gazdaság Elon Musk Szenátor Elon Musk élesen reagált Elizabeth Warren szenátor vádjaira, miszerint a milliárdos új kormányzati szerepvállalása összeférhetetlenséget jelenthet. Musk szerint Warren kritikáit Sam Bankman-Fried (SBF) családja ihlette, és azok mögött valójában az ő szülei állnak. „Ezeket a dolgokat valójában SBF szülei írják Pocahontas számára” – írta Musk a közös Kamu karácsonyi ajándék, kamu weboldal mmonline.hu     2024-12-18 04:23:34     Gazdaság Kampány Mesterséges intelligencia Ajándék Közösségi média Kiberbiztonság Hoax Karácsonyi vásár Fillérekből összerakott weboldal, mesterséges intelligenciával generált termékek, kevesebb mint ötvenezer forintnyi hirdetési költség – közel 600 „vásárló”. Ez a végső mérlege a Médiaunió „A kulcs te vagy” karácsonyi kiberbiztonsági kampányának, amelyből kiderült, hogy a közösségi média felületeken kis munkával is nagy bajt lehet okozni. Ha nekünk A további adásainkat keresd a podcast.hirstart.hu oldalunkon.

Microsoft confirms a critical Windows zero-day vulnerability. Global law enforcement agencies dismantle 27 DDoS platforms. Researchers compromise memory in AMD virtual machines. Ivanti reports multiple critical vulnerabilities in its Cloud Services Application. Group-IB researchers expose a sophisticated global phishing campaign. A zero-day vulnerability in Cleo's managed file transfer software is under active exploitation. The U.S. sanctions a Chinese firm for a 2020 firewall exploit. Congress looks to require the FCC to regulate telecom cybersecurity. Our guest is Malachi Walker, Security Strategist at DomainTools, discussing their role in ODNI's newly established Sentinel Horizon Program. SpartanWarriorz dodge a Telegram crackdown.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Malachi Walker, Security Strategist at DomainTools, about their role in ODNI's newly established Sentinel Horizon Program. Selected Reading New Windows 0Day Attack Confirmed—Homeland Security Says Update Now (Forbes) Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day (Infosecurity Magazine) Atlassian, Splunk Patch High-Severity Vulnerabilities (SecurityWeek) Chrome Security Update, Patch for 3 High-severity Vulnerabilities (Cyber Security News) ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others (SecurityWeek) Operation PowerOFF Takes Down DDoS Boosters (Infosecurity Magazine) AMD Chip VM Memory Protections Broken by BadRAM (Security Boulevard) Three more vulns spotted in Ivanti CSA, all critical, one 10/10 (The Register) Global Ongoing Phishing Campaign Targets Employees Across 12 Industries (Hackread) New Cleo zero-day RCE flaw exploited in data theft attacks (Bleeping Computer)  US Sanctions Chinese Firm at Center of Global Firewall Hack (Infosecurity Magazine) Wyden legislation would mandate FCC cybersecurity rules for telecoms (CyberScoop) Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down (Security Boulevard)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft describes a macOS vulnerability. A trio of healthcare organizations reveal data breaches affecting nearly three quarters a million patients. Group-IB infiltrates a ransomware as a service operation. Instagram rolls out new measures to combat sextortion schemes. Updates from Bitdfender address Man-in-the-Middle attacks. An Alabama man is arrested for allegedly hacking the SEC. In our Industry Voices segment, Gerry Gebel, VP of Strata Identity, describes how to ensure identity continuity during IDP disrupted, disconnected and diminished environments. CISOs want to see their role split into two positions. Game Freak's Servers Take Critical Hit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we have our Industry Voices segment with Gerry Gebel, VP of Products and Standards at Strata Identity, discussing how to ensure identity continuity during IDP disrupted, disconnected and diminished environments. Resources to learn more:  Identity Continuity™: How to have uninterrupted IDP access Resilience in extreme conditions: Why DDIL environments need continuous identity access Selected Reading macOS Vulnerability Could Expose User Data, Microsoft Warns (Infosecurity Magazine) Microsoft warns it lost some customer's security logs for a month (Bleeping Computer) 3 Longtime Health Centers Report Hacks Affecting 740,000 (GovInfo Security) Cicada3301 ransomware affiliate program infiltrated by security researchers (SC Media) Instagram Rolls Out New Sextortion Protection Measures (Infosecurity Magazine) Bitdefender Total Security Vulnerability Exposes Users to Man-in-the-Middle Attacks (Cyber Security News) Alabama Man Arrested in SEC Social Media Account Hack That Led the Price of Bitcoin to Spike (SecurityWeek) CISOs Concerned Over Growing Demands of Role (Security Boulevard) Pokémon video game developer confirms its systems were breached by hackers (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's episode, we look into the recent compromise of celebrity TikTok accounts through a zero-click attack and discuss the exploited vulnerabilities. We then explore the potential security pitfalls of Microsoft's Windows Recall feature, highlighting totalrecall.py by ethical hacker Alexander Hagenah. Finally, we examine the ransomware attacks executed by the Russian-speaking Qilin group on NHS medical services in London. For more details, check out these sources: https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.html https://github.com/xaitax/TotalRecall https://www.group-ib.com/blog/qilin-ransomware/ https://www.google.com/search?q=why+should+people+delete+tiktok&oq=why+should+people+delete+tiktok Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ 00:00 Introduction 01:18 TikTok's Troubling History of Security Flaws 04:58 Exploring Microsoft's Controversial Recall Feature 07:46 Quillin Ransomware: A Deep Dive Tags: Zero-click attack, TikTok, hackers, vulnerability, ethical hacker, TotalRecall, Windows Recall, vulnerabilities, Qilin, ransomware, defend, security measures, sensitive data, critical sectors, Russian-speaking gang, NHS hospitals, cybersecurity, celebrity accounts, platform security Search Phrases: How TikTok handles zero-click attacks Vulnerabilities in TikTok security Protecting TikTok accounts from hackers Ethical hacking and TotalRecall demonstration Securing data against Windows Recall threats Defending against Qilin ransomware Russian ransomware gang Qilin explained Health sector ransomware attacks prevention Cybersecurity tips for TikTok users Windows Recall vulnerabilities and precautions https://thehackernews.com/2024/06/celebrity-tiktok-accounts-compromised.html ---`Flash Briefing: Celebrity TikTok Accounts Compromised Using Zero-Click Attack via DMs Zero-Click Attack on TikTok: Threat actors have exploited a zero-click vulnerability in TikTok, allowing them to take over high-profile accounts via direct messages without user interaction. (Source: Semafor, Forbes) Actionable Insight: Stay vigilant even if you don't interact with suspicious messages. Update your app regularly to ensure you have the latest security patches. Scope of the Compromise: TikTok has not disclosed the exact number of affected users but claims that only a "very small" number of accounts were compromised. Engagement: Ask listeners, “Have you noticed any unusual activity on your social media accounts lately? Share your experiences with us.” Response and Mitigation: TikTok has implemented preventive measures to stop the attack and is working directly with impacted users to restore account access. Actionable Insight: If you suspect your account has been compromised, contact TikTok support immediately and follow their guidance for recovery. Historical Context of TikTok Security Issues: January 2021: Check Point identified a flaw allowing attackers to build a user database with associated phone numbers. (Source: Check Point) September 2022: Microsoft found a one-click exploit in TikTok's Android app that could take over accounts via a crafted link. (Source: Microsoft) Turkey Compromise: 700,000 accounts were compromised via intercepted SMS messages. (Source: Report) Invisible Challenge: Attackers used a viral challenge to spread information-stealing malware. Global Concerns and Actions: China Ties: Concerns about TikTok's Chinese ownership have led to proposed and enacted bans in several countries, including the U.S., U.K., Canada, and Australia on government devices. Legal Actions: TikTok has filed a lawsuit in the U.S. challenging a proposed ban,` TotalRecall shows how easily data collected by Windows Recall can be stolen https://github.com/xaitax/TotalRecall ---`- TotalRecall Tool: Ethical hacker Alexander Hagenah developed the TotalRecall tool to highlight security vulnerabilities in Windows' newly announced Recall feature. This tool can easily extract and expose sensitive data collected by Recall. Actionable Insight: Be vigilant when using new features and tools that collect data, as they may have hidden security risks. Recall Feature Overview: Microsoft announced the Recall feature on May 20, 2024, as part of the Copilot+ line of Windows 11-powered PCs. Recall takes screen snapshots every few seconds, uses OCR to extract information, and stores this data in an unencrypted SQLite database. Actionable Insight: Encrypt sensitive data locally and regularly audit new features for potential security risks. Security Pitfalls: Security researcher Kevin Beaumont demonstrated that exfiltration of Recall databases can be automated, making it easy for malware and hackers to access the data. He criticized Microsoft for enabling Recall by default and allowing it to be reactivated without user knowledge. Actionable Insight: Immediately disable features that pose security risks and monitor for unauthorized reactivation. TotalRecall Functionality: The tool copies Recall databases, extracts information like passwords and search terms, and summarizes this data. Hagenah does not plan to update the tool further, leaving its functionality as a proof of concept. Actionable Insight: Regularly review and understand the tools being used within your system to prevent potential data breaches. Microsoft's Response: Although Microsoft has emphasized security, their implementation of Recall falls short. The feature stores data locally in an unencrypted format, making it accessible to malware and unauthorized users. Actionable Insight: Push for vendors to improve security measures and hold them accountable for defaults that put user data at risk. Upcoming Release: Recall is` ---`scheduled for release on June 18, 2024. Security professionals hope Microsoft addresses the highlighted issues before the launch. Actionable Insight: Stay updated on new releases and security patches to ensure vulnerabilities are addressed before widespread adoption. Disabling Recall: Recall is enabled by default on Copilot+ devices, but users can disable it during initial setup or via Group Policy in enterprise environments. Actionable Insight: Ensure that all team members are aware of how to disable potentially risky features and implement these changes as part of security best practices. Engagement Suggestion: "Have you ever encountered a new feature that seemed more risky than beneficial? Share your experiences with us and let's discuss how to navigate these challenges together!"` Who are Qilin, the cybercriminals thought behind the London hospitals hack? https://www.group-ib.com/blog/qilin-ransomware/ ---`Flash Briefing: Qilin Ransomware Group NHS Attack: Cybercriminal group Qilin, a Russian-speaking ransomware gang, attacked NHS medical services provider Synnovis, disrupting hospital trusts and GPs across London. If based in Russia, British law enforcement faces challenges due to Russia's non-extradition policy and lack of cooperation on cybersecurity matters post-Ukraine invasion. [Source: The Guardian] Ransomware as a Service (RaaS): Qilin operates on a RaaS model, providing tools and infrastructure to independent hackers for a cut of the ransom, typically 15-20%. They demand ransoms ranging from $50,000 to $800,000, often using spear phishing for initial network access. [Source: Group-IB] Past Attacks: Since October 2022, Qilin has attacked over 50 organizations, including Robert Bernard in France and Dialog in Australia. Notable incidents include the Big Issue publisher attack, with 500GB of data leaked after a refused ransom. [Source: Group-IB] Rust and Go Languages: Qilin leverages Rust and Go programming languages for their ransomware, making it harder to detect and analyze. This allows them to customize attacks for different operating systems like Windows and Linux. [Source: Group-IB] Double Extortion Technique: Qilin uses double extortion, encrypting data and exfiltrating sensitive information to pressure victims into paying the ransom. They have a proprietary Dark Leak Site (DLS) for publishing stolen data. [Source: Group-IB] Affiliate Management: Qilin's affiliate panel includes sections for managing targets, creating ransomware samples, and coordinating attacks. Affiliates get 80-85% of the ransom, depending on the amount. [Source: Group-IB] Security Recommendations: Multi-Factor Authentication (MFA): Implement MFA and credential-based access solutions. Regular Backups: Conduct regular data backups. Email Protection: Use tools like Group-IB's Business Email Protection to [---]()counter phishing. Advanced Detection: Employ AI-based solutions for real-time intrusion detection. Patch Management: Regularly update and apply security patches. Employee Training: Educate employees about cybersecurity risks and phishing signs. Incident Response: Contact experts immediately if attacked; avoid paying ransoms. [Source: Group-IB] Listener Engagement: Question for Listeners: Have you ever encountered a phishing email at work? How did you handle it? Stay vigilant and keep your systems secure!`

Trust Stamp CTO Scott Francis joined Steve Darling from Proactive to issue a warning to financial institutions and their customers regarding the emerging dangers posed by Trojans targeting bank accounts. One such newly discovered Android Trojan, dubbed "GoldDigger," has raised concerns among cybersecurity experts. Furthermore, Group-IB's threat intelligence unit identified a cluster of aggressive banking Trojans, including GoldPickAxe, which is the first known iOS Trojan designed to harvest facial biometric data for unauthorized access to bank accounts. Francis emphasized the importance of safeguarding biometric data in light of rapidly evolving attacks like these Trojans. He highlighted Trust Stamp's revolutionary Stable IT2 TM technology and biometric multi-factor authentication, which do not store or retain any biometric data on vulnerable devices. Additionally, no identifying data is stored on the user's device. This biometric cryptographic system offers authentication without leaving behind any biometric breadcrumbs that could be exploited by cybercriminals. By combining biometric multi-factor authentication with device authentication, Trust Stamp disrupts the transaction flow used by attackers behind these Trojans. This approach not only utilizes biometric authentication with proof of life but also ensures that the user is in possession of the authorized device, thereby enhancing security and mitigating the risks associated with such attacks. #proactiveinvestors #truststamp #nasdaq #idai BiometricData #DataSecurity #TrustStamp #StableID #Cybersecurity #DigitalIdentity #DataProtection #Trojan #iOS #Technology #Interview #ExpertInsights #DataPrivacy #Biometrics #TechNews #CyberThreats #OnlineSecurity #IdentityProtection #Tokenization #DataBreach #PrivacyConcerns #TechInnovation #OnlineSafety #uk-youtube#invest #investing #investment #investor #stockmarket #stocks #stock #stockmarketnews

The global community confronts spyware. Canon patches critical vulnerabilities in printers. Barracuda recommends mitigations for Web Application Firewall issues. Group-IB warns of ResumeLooters. Millions are at risk after a data breach in France. Research from the UK reveals contradictory approaches to cybersecurity. Meta's Oversight Board recommends updates to Facebook's Manipulated Media policy. We've got a special segment from the Threat Vector podcast examining Ivanti's Connect Secure and Policy Secure products. And it's time to brush up on IOT security.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In a special segment from Palo Alto Networks' Threat Vector podcast, host David Moulton, Director of Thought Leadership at Unit 42, along with guests Sam Rubin, VP, Global Head of Operations, and Ingrid Parker, Senior Manager of the Intel Response Unit, dives deep into the critical vulnerabilities found in Ivanti's Connect Secure and Policy Secure products. You can check out the full conversation here.  Selected Reading US to restrict visas for those who misuse commercial spyware (Reuters) Britain and France assemble diplomats for international agreement on spyware (The Record) Israeli government absent from London spyware conference and pledge (The Record) Government hackers targeted iPhones owners with zero-days, Google says (TechCrunch) Google agrees to pay $350 million settlement in security lapse case (Washington Post) Canon Patches 7 Critical Vulnerabilities in Small Office Printers  (SecurityWeek) Barracuda Disclosed Critical Vulnerabilities in WAF, Affecting File Upload and JSON Protection (SOCRadar) ResumeLooters target job search sites in extensive data heist (Help Net Security) Millions at risk of fraud after massive health data hack in France (The Connexion) Fragmented cybersecurity vendor landscape is exacerbating risks and compounding skills shortages, SenseOn research reveals (IT Security Guru) Meta's Oversight Board Urges a Policy Change After a Fake Biden Video (InfoSecurity Magazine) Toothbrushes are a cybersecurity risk, too: millions participate in DDoS attacks (Cybernews) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

　ランサムウェア集団の取り締まり活動の詳細が明らかになることはまれである。シンガポールを拠点とする Group-IB の脅威インテリジェンスチームは、多数のランサムウェア集団やその関係先に潜入してきたがその全貌は明かされていない。どうやってサイバー犯罪者の集団に潜入し続けたのか？ そして、それぞれの活動の詳細とは？

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Securonix Threat Labs are reporting that threat actors working as part of the DB#JAMMER attack campaigns are compromising exposed MSSQL databases using brute force attacks. AhnLab's Security Emergency Response Center are reporting on threat actors using phishing emails to distribute some fileless malware.The researchers over at Group-IB have uncovered a covert business email compromise phishing campaign targeting Microsoft 365.NSFOCUS Security Labs captured a new APT34 phishing attack against enterprise targets that released a variant of the SideTwist Trojan to achieve long-term control of the victim host.Threat Analysis Group publicly disclosed a campaign from government-backed actors in North Korea who used 0-day exploits to target security researchers working on vulnerability research and development. The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

[Referências do Episódio] - THREAT PROFILE CHAE$ 4 MALWARE - https://www.morphisec.com/hubfs/Morphisec_Chae$4_Threat_Profile.pdf - ASUS ROUTERS ARE AFFECTED BY THREE CRITICAL REMOTE CODE EXECUTION FLAWS - https://securityaffairs.com/150399/iot/asus-routers-critical-rces.html - Bogus URL Shorteners Go Mobile-Only in AdSense Fraud Campaign - https://blog.sucuri.net/2023/09/bogus-url-shorteners-go-mobile-only-in-adsense-fraud-campaign.html  - W3LL oiled machine: Group-IB uncovers covert BEC phishing empire targeting Microsoft 365 – report - https://www.group-ib.com/media-center/press-releases/w3ll-phishing-report/ Roteiro e apresentação: Carlos Cabral  Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

[Referências do Episódio] - Group-IB detects Classiscam expansion: $64.5 million scam-as-a-service operation targets 251 brands in 79 countries - https://www.group-ib.com/media-center/press-releases/classiscam-2023/ - VMConnect supply chain attack continues, evidence points to North Korea - https://www.reversinglabs.com/blog/vmconnect-supply-chain-campaign-continues  - SapphireStealer: Open-source information stealer enables credential and data theft - https://blog.talosintelligence.com/sapphirestealer-goes-open-source/ Roteiro e apresentação: Carlos Cabral  Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Ilya Sachkov co-founded the cybersecurity company Group-IB to make the world safe from Russian-speaking cybercriminals. Then he asked Russian authorities to help round them up, and things went spectacularly wrong.

Siberin Günlüğü'nde bu hafta Tuğba Öztürk ve Kerem Kocaer, kamu kurumları ve acil hizmetlerde kullanılan radyo sistemi standardında bulunan arka kapıyı ve siber güvenlik şirketi Group-IB'nin kurucusu Iyla Sachkov'un Rusya tarafından hapse mahkum edilmesini yorumluyor. Görüntülü yayına https://www.youtube.com/siberingunlugu üzerinden ulaşabilirsiniz. Keyifli dinlemeler

Geopolitics has always played a role in prosecuting hackers. But it's getting a lot more complicated, as Kurt Sanger reports. Responding to a U.S. request, a Russian cybersecurity executive has been arrested in Kazakhstan, accused of having hacked Dropbox and Linkedin more than ten years ago. The executive, Nikita Kislitsin, has been hammered by geopolitics in that time. The firm he joined after the alleged hacking, Group IB, has seen its CEO arrested by Russia for treason—probably for getting too close to U.S. investigators. Group IB sold off all its Russian assets and moved to Singapore, while Kislitsin stayed behind, but showed up in Kazakhstan recently, perhaps as a result of the Ukraine war. Now both Russia and the U.S. have dueling extradition requests before the Kazakh authorities; Paul Stephan points out that Kazakhstan's tenuous independence from Russia will be tested by the tug of war.  In more hacker geopolitics, Kurt and Justin Sherman examine the hacking of a Russian satellite communication system that served military and civilian users. It's reminiscent of the Viasat hack that complicated Ukrainian communications, and a bunch of unrelated commercial services, when Russia invaded. Kurt explores the law of war issues raised by an attack with multiple impacts. Justin and I consider the claim that the Wagner group carried it out as part of their aborted protest march on Moscow. We end up thinking that this makes more sense as the Ukrainians serving up revenge for Viasat at a time when it might complicate Russian's response to the Wagner group.  But when it's hacking and geopolitics, who really knows? Paul outlines the legal theory—and antitrust nostalgia—behind the  FTC's planned lawsuit targeting Amazon's exploitation of its sales platform.   We also ask whether the FTC will file the case in court or before the FTC's own administrative law judge. The latter may smooth the lawsuit's early steps, but it will also bring to the fore arguments that Lina Khan should recuse herself because she's already expressed a view on the issues to be raised by the lawsuit. I'm not Chairman Khan's biggest fan, but I don't see why her policy views should lead to recusal; they are, after all, why she was appointed in the first place. Justin and I cover the latest Chinese law raising the risk of doing business in that country by adopting a vague and sweeping view of espionage.  Paul and I try to straighten out the EU's apparently endless series of laws governing data, from General Data Protection Regulation (GDPR) and the AI Act to the Data Act (not to be confused with the Data Governance Act). This week, Paul summarizes the Data Act, which sets the terms for access and control over nonpersonal data. It's based on a plausible idea—that government can unleash the value of data by clarifying and making fair the rules for who can use data in new businesses. Of course, the EU is unable to resist imposing its own views of fairness, thus upsetting existing commercial arrangements without really providing any certainty about what will replace them. The outcome is likely to reduce, not improve, the certainty that new data businesses want.  Speaking of which, that's the critique of the AI Act now being offered by dozens of European business executives, whose open letter slams the way the AI Act kludged the regulation of generative AI into a framework where it didn't really fit. They accuse the European Parliament of “wanting to anchor the regulation of generative AI in law and proceeding with a rigid compliance logic [that] is as bureaucratic …  as it is ineffective in fulfilling its purpose.” And you thought I was the EU-basher.  Justin recaps an Indian court's rejection of Twitter's lawsuit challenging the Indian government's orders to block users who've earned the government's ire. Kurt covers a matching story about whether Facebook should suspend Hun Sen's Facebook account for threatening users with violence. I take us to Nigeria and question why social media thinks governments can be punished for threatening violence. Finally, in two updates, I note that Google has joined Facebook in calling Canada's bluff by refusing to link to Canadian news media in order to avoid the Canadian link tax.  And I do a victory lap for the Cyberlaw Podcast's Amber Alert feature. One week after we nominated the Commerce Department's IT supply chain security program for an Amber Alert, the Department answered the call by posting the supply chain czar position in USAJOBS. Download 466th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.  

Geopolitics has always played a role in prosecuting hackers. But it's getting a lot more complicated, as Kurt Sanger reports. Responding to a U.S. request, a Russian cybersecurity executive has been arrested in Kazakhstan, accused of having hacked Dropbox and Linkedin more than ten years ago. The executive, Nikita Kislitsin, has been hammered by geopolitics in that time. The firm he joined after the alleged hacking, Group IB, has seen its CEO arrested by Russia for treason—probably for getting too close to U.S. investigators. Group IB sold off all its Russian assets and moved to Singapore, while Kislitsin stayed behind, but showed up in Kazakhstan recently, perhaps as a result of the Ukraine war. Now both Russia and the U.S. have dueling extradition requests before the Kazakh authorities; Paul Stephan points out that Kazakhstan's tenuous independence from Russia will be tested by the tug of war.  In more hacker geopolitics, Kurt and Justin Sherman examine the hacking of a Russian satellite communication system that served military and civilian users. It's reminiscent of the Viasat hack that complicated Ukrainian communications, and a bunch of unrelated commercial services, when Russia invaded. Kurt explores the law of war issues raised by an attack with multiple impacts. Justin and I consider the claim that the Wagner group carried it out as part of their aborted protest march on Moscow. We end up thinking that this makes more sense as the Ukrainians serving up revenge for Viasat at a time when it might complicate Russian's response to the Wagner group.  But when it's hacking and geopolitics, who really knows? Paul outlines the legal theory—and antitrust nostalgia—behind the  FTC's planned lawsuit targeting Amazon's exploitation of its sales platform.   We also ask whether the FTC will file the case in court or before the FTC's own administrative law judge. The latter may smooth the lawsuit's early steps, but it will also bring to the fore arguments that Lina Khan should recuse herself because she's already expressed a view on the issues to be raised by the lawsuit. I'm not Chairman Khan's biggest fan, but I don't see why her policy views should lead to recusal; they are, after all, why she was appointed in the first place. Justin and I cover the latest Chinese law raising the risk of doing business in that country by adopting a vague and sweeping view of espionage.  Paul and I try to straighten out the EU's apparently endless series of laws governing data, from General Data Protection Regulation (GDPR) and the AI Act to the Data Act (not to be confused with the Data Governance Act). This week, Paul summarizes the Data Act, which sets the terms for access and control over nonpersonal data. It's based on a plausible idea—that government can unleash the value of data by clarifying and making fair the rules for who can use data in new businesses. Of course, the EU is unable to resist imposing its own views of fairness, thus upsetting existing commercial arrangements without really providing any certainty about what will replace them. The outcome is likely to reduce, not improve, the certainty that new data businesses want.  Speaking of which, that's the critique of the AI Act now being offered by dozens of European business executives, whose open letter slams the way the AI Act kludged the regulation of generative AI into a framework where it didn't really fit. They accuse the European Parliament of “wanting to anchor the regulation of generative AI in law and proceeding with a rigid compliance logic [that] is as bureaucratic …  as it is ineffective in fulfilling its purpose.” And you thought I was the EU-basher.  Justin recaps an Indian court's rejection of Twitter's lawsuit challenging the Indian government's orders to block users who've earned the government's ire. Kurt covers a matching story about whether Facebook should suspend Hun Sen's Facebook account for threatening users with violence. I take us to Nigeria and question why social media thinks governments can be punished for threatening violence. Finally, in two updates, I note that Google has joined Facebook in calling Canada's bluff by refusing to link to Canadian news media in order to avoid the Canadian link tax.  And I do a victory lap for the Cyberlaw Podcast's Amber Alert feature. One week after we nominated the Commerce Department's IT supply chain security program for an Amber Alert, the Department answered the call by posting the supply chain czar position in USAJOBS. Download 466th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.  

03rd July: Crypto & Coffee at 8

Grab a cup of coffee and join Ryan Kovar, Mick Baccio, and Audra Streetman for another episode of Coffee Talk with SURGe. You can watch the episode livestream here.    The team from Splunk will discuss the latest security news including: - Twitter whistleblower Peter Zatko will testify at a Senate hearing on Sept. 13. - Group-IB published a blog about a phishing campaign targeting Okta identity credentials that they're calling "Roasting Oktapus."  - Montenegro is dealing with cyberattacks targeting critical infrastructure.  - Lloyd's plans to exclude catastrophic nation-backed cyberattacks from insurance coverage.  Mick and Ryan competed in a 60 second charity challenge to explain why they think password managers are still your best option for password security. The team also discussed data privacy after the FTC announced it is suing a data broker for selling geolocation data. Meanwhile, the FCC is launching an investigation into mobile carriers' geolocation data practices.

A recent scam saw a visitor visited a bubble tea shop and saw a sticker pasted on its glass door, encouraging customers to do an online survey to get a free cup of milk tea. The victim scanned the QR code and downloaded a third-party app onto phone. Scammers later via the app, took over her device and moved $20,000 from her bank account. Hwei Qiang Tan, Fraud Protection Solution Engineer, Group-IB helps us understand QR Code scams better using the bubble tea QR scam case as an example.   See omnystudio.com/listener for privacy information.

When businesses and consumers go digital, the cyber crooks follow as well. So what are the new digital threats in the post-pandemic world? Sona Remesh is joined by Gene Yu, founder and CEO of Blackpanda, Stephen Topliss, vice president of fraud and identity strategy at LexisNexis Risk Solutions, and Feixiang He, adversary intelligence research lead at Group-IB.See omnystudio.com/listener for privacy information.

When businesses and consumers go digital, the cyber crooks follow as well. So what are the new digital threats in the post-pandemic world? Sona Remesh is joined by Gene Yu, founder and CEO of Blackpanda, Stephen Topliss, vice president of fraud and identity strategy at LexisNexis Risk Solutions, and Feixiang He, adversary intelligence research lead at Group-IB.See omnystudio.com/listener for privacy information.

"Blender" reappears as "Sinbad." A Tonto Team cyberespionage attempt against Group-IB is thwarted. DarkBit claims responsibility for a ransomware attack on Technion University. An overview of ICS and OT security. Ben Yelin looks at surveillance oversight at the state level. Ann Johnson from Afternoon Cyber Tea speaks with Marene Allison about the CISO transformation. And it's Valentine's Day, that annual holiday of love, chocolate, flowers, and online scams. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/30 Selected reading. Has a Sanctioned Bitcoin Mixer Been Resurrected to Aid North Korea's Lazarus Group? (Elliptic Connect) Nice Try Tonto Team (Group-IB) Hackers attack Israel's Technion University, demand over $1.7 million in ransom (ARN) Israel's top tech university postpones exams after ransomware attack (The Record from Recorded Future News) Russian hackers ‘disrupt Turkey-Syria earthquake aid' in cyber attack on Nato (The Independent)  Killnet DDoS attacks disrupt Nato websites (ComputerWeekly.com) Russian Hackers Disrupt NATO Earthquake Relief Operations (Dark Reading) What Happened to #OpRussia? (Dark Reading) Russian-linked malware was close to putting U.S. electric, gas facilities ‘offline' last year (POLITICO) 2022 ICS/OT Cybersecurity Year in Review Executive Summary (Dragos) What's love got to do with it? 4 in 5 Valentine's Day-themed spam emails are scams, Bitdefender Antispam Lab warns (Hot for Security)

Ransomware attacks remain the number one cyber threat in the Asia Pacific, with groups adopting corporate structures and using zero-day vulnerabilities and supply-chain attacks to infect victims.On Tech Talk, Prime Time's Timothy Go and Bharati Jagdish speak with Feixiang He, Adversary Intelligence Research Lead, Group-IB to find out his forecasts on the biggest threats we should be looking out for in 2023.See omnystudio.com/listener for privacy information.

Rackspace reacts to ransomware. Third-party incidents in New Zealand and the Netherlands. Russian intelligence goes phishing. Mustang Panda uses Russia's war as phishbait. A Malicious package is found in PyPi. Kevin Magee from Microsoft Canada shares thoughts on cybersecurity startups in an economic downturn. Our guest is IDology's Christina Luttrell to discuss how consumers feel about digital identity, fraud, security and data privacy. And a French-speaking investment scam. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/233 Selected reading. Rackspace Technology Hosted Exchange Environment Update (Rackspace Technology)  Multiple government departments in New Zealand affected by ransomware attack on IT provider (The Record by Recorded Future)  Antwerp's city services down after hackers attack digital partner (BleepingComputer)  Russian hacking group spoofed Microsoft login page of US military supplier: report (The Record by Recorded Future) Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets (BlackBerry)  Inside the Face-Off Between Russia and a Small Internet Access Firm (New York Times)  Apiiro's AI engine detected a software supply chain attack in PyPI (Apiiro | Cloud-Native Application Security)  Anatomizing CryptosLabs: a scam syndicate targeting French-speaking Europe for years (Group-IB)

Has LockBit 3.0 been reverse engineered? A COVID lure contains a Punisher hook. A Chinese cyberespionage campaign uses compromised USB drives. Lilac Wolverine exploits personal connections for BEC. Killnet claims to have counted coup against the White House. Tim Starks from the Washington Post has the FCC's Huawei restrictions and ponders what congress might get done before the year end. Our guest is Tom Eston from Bishop Fox with a look Inside the Minds & Methods of Modern Adversaries. And, of course, scams, hacks, and other badness surrounding the World Cup. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/228 Selected reading. LockBit 3.0 ‘Black' attacks and leaks reveal wormable capabilities and tooling (Sophos News) Punisher Ransomware Spreading Through Fake COVID Site (Cyble) Always Another Secret: Lifting the Haze on China-nexus Espionage in Southeast Asia (Mandiant) BEC Group Compromises Personal Accounts and Pulls Heartstrings to Launch Mass Gift Card Attacks (Abnormal Security) Killnet Claims Attacks Against Starlink, Whitehouse.gov, and United Kingdom Websites (Trustwave) Scammers on the pitch: Group-IB identifies online threats to fans at FIFA World Cup 2022 in Qatar (Group-IB)

According to Check Point Research, global attacks increased by 28%in the third quarter of 2022 compared to same period in 2021. The average weekly attacks per organization worldwide reached over 1,130.Complicating the situation is the talent shortage, especially for experienced cybersecurity professionals. According to the 2022 Cybersecurity Workforce Study by ISC(2) there is a shortfall of 2.2 million cybersecurity workers in Asia Pacific. This means that the current 859,000 security professionals are likely stressed and burnout at their place of work. It can also be argued that CIOs, CISOs and CHROs are themselves frustrated as they look to fill in missing posts while stressed at trying to keep existing staff from leaving.In today's PodChat for FutureCISO, we are joined by Anastasia Tikhonova, Head of APT Research, Group-IB, to shed light on what it takes and means to become a security researcher or getting started as a security researcher. 1.                   With you as our guest expert, I'm sure our audience it will find our session today most interesting. For starters, what is a Security Researcher?2.                   What qualities, characteristics and perhaps credentials does one need to become a security researcher?3.                   How do you avoid burnout?4.                   For best results, how should CISOs and security teams work with a Researcher?5.                   When does it make sense to build your own “Research” team or when to outsource?6.                   What is your advice for those interested in a career as a security researcher?

Исследователи безопасности постоянно сообщают о появлении новых техник, используемых злоумышленниками. Важно отметить, что в ходе атаки злоумышленники не ограничиваются одной или двумя техниками, а применяют комбинацию разнообразных методов. Это дает защитникам множество возможностей для обнаружения атак. Более того, существует небольшой ограниченный список техник, которыми пользуются почти все злоумышленники независимо от уровня квалификации. И это дает нам возможности для обнаружения атак даже в том случае, когда данных очень мало. Олег Скулкин, руководитель лаборатории цифровой криминалистики и исследования вредоносного кода Group-IB, проанализировал этот небольшой список техник на основе реальных сценариев атак.Смотреть доклад: https://www.youtube.com/watch?v=OQTgwU4Z4kY

The latest episode of the Risk Roundtable brings a familiar voice to talk about the impact of her work. Homeland Security Today Managing Editor Bridget Johnson joins Andy, Jen and Dave to talk about her addition to "The List" - an accelerationist "hit list" based on her work on rooting out extremism and their propaganda. Bridget talks about the dual edged sword of safety while also knowing that her work is hitting the right spots with these hate-based actors. After Bridget left to handle matters connected to this threat, Dave, Andy, and Jen talked about the Multi-Factor Authentication and how it's important to implement but to also take appropriate care. Finally Dave took control and led the Roundtable through a new game of "Over-rated / Under-rated / Properly Rated". The team assessed where three security threats were rated and the reasons why. Andy finished things off with three questions that included Alf, Matthew McConaughey, and word association. Some of the topics discussed in this episode include: 0ktapus campaign: Twilio, Cloudflare, and over 130 more victims discovered by Group-IB: https://www.group-ib.com/media/0ktapus-campaign/ The Human Factor Report: https://www.proofpoint.com/us/resources/threat-reports/human-factor 

Brand impersonation is an increasingly common problem on social media that thousands of brands are forced to deal with each day. Facebook's annual report in 2014 revealed that fake accounts make up 5.5 to 11.2 percent of its monthly active users. So how exactly does a brand impersonation work and how bad is the situation here in APAC? Ilia Rozhnov, Head of Digital Risk Protection, Asia-Pacific, Group-IB provides us with insights on this matter.See omnystudio.com/listener for privacy information.

Хакеры все чаще атакуют промышленные предприятия, блокируют их работу с помощью программ-вымогателей, а вскоре защита от таких угроз может понадобиться каждому из нас. Значит ли это, что время инвестировать в кибербезопасность?  Гость эпизода — гендиректор компании Positive Technologies Денис Баранов. 

Initial Access Brokers (IABs)The growth and professionalisation of the Initial Access Market has fascinated many in recent years. Few know as much about who the threat actors operating in these markets are, and how the market of providing others with remote access to corporate networks work as   Dmitry Shestakov, Head of Cybercrime Research at the cyber intelligence company Group-IB. In his conversation with Robby, Dmitry shares some of his findings after researching these underground communities over several years. He also goes into how his team of researchers work with Initial Access Brokers, and shares some light onto some of their on-going investigations.They also discuss where these groups operate from, how many of them manage to remain uncovered, and who they actually sell their information to.Producer: Paul Jæger

SideCopy, a Pakistani APT, is phishing for information in both India and Afghanistan. A Colorado electrical utility continues to recover from a cyber incident it sustained early last month. The GAO tells the US Congress that the nation still lacks a comprehensive cybersecurity strategy. The Missouri Highway Patrol continues, for some reason, to investigate a responsible disclosure as a criminal hack. Dinah Davis from Arctic Wolf on hackers targeting Minecraft. Our guest is Blake Darché from Area 1 Security with research on phishing. And it appears Moscow thinks a Group-IB leader outed Fancy Bear to the US.  For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/231

Гостем 16 выпуска стал Андрей Бусаргин, руководитель департамента защиты от цифровых рисков в компании Group-IB. Group-IB – международная компания, которая занимается защитой интеллектуальной собственности в сети и раскрытием киберпреступлений. сайт: www.group-ib.ru В этом выпуске мы обсуждаем пиратскую деятельность в сфере кино: почему пиратство одинаково плохо как для зрителей, так и для создателей фильмов, почему в России так развито пиратство и будут ли нас штрафовать за потребление пиратского контента. Откуда легче всего украсть фильм и на чём зарабатывают пираты. Таймлайн: 00:00 Приветствие 2:22 Европейский опыт борьбы с пиратством: в Германии штрафуют пользователей 4:28 Санкции против пользователей пиратского контента в России 5:08 Почему в России такой высокий уровень пиратства 9:18 Откуда легче всего украсть фильм? 12:33 Как мы боремся с пиратством в офлайне 14:36 Как боролись с пиратством Group-IB в начале своего пути 19:28 Как зарабатывает пиратский бизнес 24:46 Как Group IB относятся к изобретательности пиратов 27:03 На каком этапе стоит обращаться за защитой фильма дистрибьюторам 29:30 Интересные кейсы по защите фильмов. как мы защищали «Жаркие летние ночи» с Тимоти Шаламе 35:30 Как Group-IB пособничают пиратам 37:45 Как защищаются стриминги 40:20 Насколько сильно телеграм поспособствовал пиратству и как бороться с пиратством в мессенджерах 42:15 как Covid-19 повлиял на деятельность пиратов и какой доход они получили в 2020 году Мы в соц. сетях Istagram www.instagram.com/aonefilms Telegram t.me/aonefilms VK vk.com/a_onefilms FB www.facebook.com/aonefilms Следите за нашими релизами на сайте a-onefilms.com

An apparent cyberespionage campaign targets the Iranian diaspora. Babadeda is an emerging crypter seeing use against alt-coin and NFt speculators. RATDispenser is out in the wild, a malware-as-a-service operation. Proofs-of-concept published for Microsoft exploits. Apple sues NSO Group. Group-IB's founder asks President Putin for clemency. Caleb Barlow on the difference between working for a company that is funded by VCs, PEs, angels or is public. Our guest today is Karl Sigler from Trustwave on the results of the 2021 Trustwave SpiderLabs Telemetry Report. And there's a guilty plea in the Wolf of Sophia case. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/226

Ransomware as a service (RaaS) is a subscription-based model that enables affiliates to use already-developed ransomware tools to execute ransomware attacks. Affiliates earn a percentage of each successful ransom payment. Ransomware as a Service (RaaS) is an adoption of the Software as a Service (SaaS) business model. Ransomware Group Quits International Feds Going After Renting Ransomware Attacks Every day Big Tech and Mass Media make it hard to find out what is going on with the internet. The suppression of information is a danger to all of us. Social media attempts to shape news and information by over-amplification of disinformation. This podcast hope to give information and provide insights from Join our community!! Subscribe to the Insecurity Brief podcast now on every platform we can find Follow me on Twitter @trip_elix Links Our Website: https://www.tripelix.com/insecurity/ransomware-group-quits-international-feds-going-after-renting-ransomware-attacks/ Youtube: https://youtu.be/Wr_4zFKFxI8 Rumble: https://rumble.com/vooxnh-ransomware-group-quits-international-feds-going-after-renting-ransomware-at.html iTunes: https://podcasts.apple.com/us/podcast/ransomware-group-quits-international-feds-going-after/id1583788677?i=1000540718566 Spotify: https://open.spotify.com/episode/5J56Z3RQyTyQlTKDkEndDC Trip’s books https://www.tripelix.com/merch #Ransomware BlackMatter Ransomware Reportedly Shutting Down; Latest Analysis Released An analysis of new samples of BlackMatter ransomware for Windows and Linux has revealed the extent to which the operators have continually added new features and encryption capabilities in successive iterations over a three-month period. No fewer than 10 Windows and two Linux versions of the ransomware have been observed in the wild to date, Group-IB threat researcher Andrei Zhdanov said in a report shared with The Hacker News, pointing out the changes in the implementation of the ChaCha20 encryption algorithm used to encrypt the contents of the files. https://thehackernews.com/2021/11/blackmatter-ransomware-reportedly.html RANSOMWARE AS A SERVICE (RAAS) EXPLAINED Ransomware as a Service (RaaS) is a business model used by ransomware developers, in which they lease ransomware variants in the same way that legitimate software developers lease SaaS products. RaaS gives everyone, even people without much technical knowledge, the ability to launch ransomware attacks just by signing up for a se

Maxim is a Managing Director at Atlas Ventures, an early-stage venture capital fund based in Singapore. Atlas Ventures backs ambitious founders at the earliest stages of their entrepreneurial journey. The fund primarily focuses on Southeast Asian startups in fast-growing, largely overlooked industries. Maxim has led investments in Group IB (one of the global leaders in providing high-fidelity threat intelligence and anti-fraud solutions), Tier One (the first esports and gaming talent agency in SEA), Medsolutions (Russia's leading medical database), Mighty Bear (a Singapore-based studio building the next generation of massively multiplayer online mobile games) and HealthifyMe (India's largest health and fitness app). Prior to joining Atlas Ventures, Maxim spent five years as an investor at Frontier Ventures, a US$50M early-stage venture fund focused on startups with strong network effects globally. Maxim helped spearhead investments into a number of leading players in various spaces and geographies, including ivi.ru (largest “over the top” online video company in Russia and CIS), Profi (leading online services marketplace company in Russia, Ukraine, and Kazakhstan), Chope.com (biggest restaurant reservation platform in SEA) and Expert360.com (the largest online marketplace for professional consultants in APAC). Maxim holds a Double Bachelor's Degree in Business Administration and Management from The Russian Presidential Academy of National Economy and Public Administration (RANEPA) and Burgundy School of Business, and a Master's degree in Business from RANEPA. Read more about Atlas Ventures here https://atlas.ventures/ and connect with Maxim on Linkedin here https://www.linkedin.com/in/maximshkvaruk/ If you enjoyed this podcast, would you consider leaving a short review on Apple Podcasts here? It takes less than 30 seconds, and it really makes a difference in helping to convince new amazing guests to come on the show, and on top of that, I love reading the reviews! Connect with Andrew: Email: hello@andrewsenduk.com Website: https://andrewsenduk.com/ Instagram: https://www.instagram.com/andrew.senduk/ Linkedin: https://www.linkedin.com/in/andrew-senduk-1980/

In this episode, host Bidemi Ologunde provided new details and some plausible theories regarding the recent arrest of Ilya Sachkov, the Russian CEO of a leading cybersecurity company, Group-IB. Please send questions, comments, and suggestions to bidemi@thebidpicture.com. You can also get in touch on LinkedIn, Twitter, the Clubhouse app (@bid), and the Wisdom app (@bidemi).

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Group-IB CEO arrested in Russia for treason Lawsuit alleges ransomware contributed to hospitalised baby's death Nakasone outs self as hound release advocate Syniverse owned, but we don't know how badly Why Google keyword warrants are awesome Much, much more… Nucleus co-founder Scott Kuffer is this week's sponsor guest and the topic is actually a bit hilarious. They've found a killer use case that customers are clamouring for: Being able to map vulnerabilities to org groups within your enterprise so you can see who's slacking off when it comes to patching. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Group-IB founder arrested in Moscow on state treason charges - The Record by Recorded Future Baby died because of ransomware attack on hospital, suit says Conti gang threatens to dump victim data if ransom negotiations leak to reporters - The Record by Recorded Future US to work with 30 countries to tackle ransomware problem - The Record by Recorded Future Two ransomware operators arrested in Ukraine - The Record by Recorded Future Ransomware gangs are starting more drama on cybercrime forums, upending 'honor among thieves' conventions Ransomware attack disrupts hundreds of bookstores across France, Belgium, and the Netherlands - The Record by Recorded Future NSA chief predicts U.S. will face ransomware 'every single day' for years to come - The Record by Recorded Future Company That Routes Billions of Text Messages Quietly Says It Was Hacked Hackers bypass Coinbase 2FA to steal customer funds - The Record by Recorded Future The Rise of One-Time Password Interception Bots – Krebs on Security FCC to work on rules to prevent SIM swapping attacks - The Record by Recorded Future Exclusive: Government Secretly Orders Google To Identify Anyone Who Searched A Sexual Assault Victim's Name, Address And Telephone Number How a Secret Google Geofence Warrant Helped Catch the Capitol Riot Mob | WIRED EXCLUSIVE U.S. lawmakers push for new controls on ex-spies working overseas | Reuters DHS and NIST release post-quantum cryptography guidance - The Record by Recorded Future New emergency cyber regulations lay out ‘urgently needed' rules for pipelines but draw mixed reviews - The Washington Post Rep. Katko introduces bill that would prioritize security for key US critical infrastructure Let's Encrypt root cert update catches out many big-name tech firms | The Daily Swig Academics discover hidden layer in China's Great Firewall - The Record by Recorded Future Bandwidth.com is latest victim of DDoS attacks against VoIP providers A Simple Bug Is Leaving AirTag Users Vulnerable to an Attack | WIRED Apache fixes actively exploited web server zero-day - The Record by Recorded Future Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords Around the world with the NSA's cyber chief - The Record by Recorded Future Facebook blames 'faulty configuration change' for major outages Report: New PCR test intelligence around Wuhan suggests COVID-19 was virulent earlier than thought - The Record by Recorded Future Does This Exposed Chinese Database Pose a Security Threat?

Video: Útočník dokáže ze zamčeného iPhonu provádět nepovolené platby – SecurityCast Ep#78 - YouTube Apple Pay společně s kartou VISA umožňuje útočníkům provést platby z uzamčených iPhonů; CEO známé společnosti zabývající se kybernetickou bezpečností Group-IB byl v Rusku zatčen kvůli obvinění ze zrady; GPSD čas se posune o 1024 týdnů zpět; Microsoft vydal nový nástroj Emergency Mitigation; TLS 1.3 a SSL - aktuální stav; Konec starého Let's Encrypt certification chainu; Doporučení pro manažery KB k nákupu systémů. Sledujte nás také na Twitteru @Jk0pr a @AlefSecurity.

Save Meduza!https://support.meduza.io/enOur main story this week is the treason case against Ilya Sachkov, the 35-year-old CEO of the cybersecurity firm Group-IB. On Wednesday morning, September 29, hours after officials raided the company's Moscow office, a local court jailed Sachkov for the next two months, pending trial. That will likely be extended several times, as the authorities collect more evidence. The Naked Pravda explores why Sachkov may have been arrested and asks what his case means for Russia's cybersecurity industry and Moscow's troubled cooperation with the United States against cybercrime. Timestamps for this week's episode: (2:12) Developments in Russia's expanding regulation of “foreign agents” (7:57) A blogger's scandalous offense, plus RT enlists the might of Russia's federal censor in its battle with YouTube (13:00) Dr. Josephine Wolff, an associate professor of cybersecurity policy at the Tufts University Fletcher School of Law and Diplomacy (16:58) Dr. Julien Nocetti, an associate fellow at the French Institute of International Relations (19:45) RFE/RL journalist Mike Eckel “The Naked Pravda” comes out on Saturdays (or sometimes Fridays). Catch every new episode by subscribing at Apple Podcasts, Spotify, Google Podcasts, or other platforms. If you have a question or comment about the show, please write to Kevin Rothrock at kevin@meduza.io with the subject line: “The Naked Pravda.”

Ilya Sachkov, the co-founder and CEO of the cybersecurity company Group-IB, was arrested in Moscow on suspicion of treason. On Wednesday morning, Moscow's Lefortovo Court jailed him for two months pending trial. A day earlier, police raided the company's Moscow headquarters -- spokespeople said the search ended in the evening, but according to RTVi, men in masks and camouflage uniforms were still on duty near the office overnight. Kommersant reported that the office resumed work as usual on Wednesday morning. Original Article: https://meduza.io/en/feature/2021/09/29/nothing-to-do-with-business

Heute mit: Bundesnetzagentur, Group-IB, Bookmarks, Schwarzmarkt ***SPONSOR-HINWEIS*** Geoinformationssysteme und Digital Twins sind der Schlüssel zu mehr Effizienz und Erfolg, aber auch zu mehr Nachhaltigkeit. Sie helfen bei Klima- und Katastrophenschutz, Ressourcen- und Stadtplanung und Space Management. Bei der Esri Konferenz vom elften bis zum vierzehnten Oktober erfahren Sie alles darüber und Sie erleben dort Speaker wie Polarforscher Markus Rex, KI-Expertin Kenza Ait Si Abbou und Astronaut Matthias Mauer. Zur virtuellen Konferenz können Sie sich anmelden unter www.esri.de ***SPONSOR-HINWEIS ENDE***

GriftHorse will subscribe afflicted Android users to premium services they never knew they'd signed up for (and wouldn't want if they did). Facebook releases a static analysis tool it uses internally to check apps for security issues. Speculation about what put Group-IB's CEO in hot water with the Kremlin. A look from NSA about where the major nation-state cyberthreats currently stand. Malek Ben Salem from Accenture has thoughts on quantum security. Our guest is author and Wired editor at large Steven Levy joins us with insights on Facebook's internal research teams. And a short census of ransomware strains. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/189

Distributed denial-of-service attacks have been making a comeback, and many of them represent criminal extortion attempts. A major British payroll provider is recovering from a cyberattack, but it's not providing much information on the nature of that attack. Russian authorities arrest the founder of Group-IB on treason charges. Johannes Ullrich from SANS on Out of Band Phishing Using SMS messages. Our UK correspondent Carole Theriault wonders how online trolling is still a thing. And NSA and CISA release guidelines on secure use of virtual private networks. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/188

Russia's widespread vaccine hesitancy has given birth to a thriving black market for counterfeit documents proving "immunity" to COVID-19. Since the start of 2021, the Russian authorities have opened dozens of criminal cases over the falsification of vaccination certificates, medical disqualification certificates, PCR test results, and even QR-codes. The cybersecurity firm Group-IB even declared the sale of fake vaccination certificates "the most widespread form of online fraud" in Russia during the pandemic. On July 27, MBK Media published an investigation into how the black market for forged medical certificates works, revealing that the organizers behind these schemes are allegedly making millions of rubles (sometimes in a matter of days). Meduza summarizes the investigation's main findings here. Original Article: https://meduza.io/en/feature/2021/07/27/there-s-a-lot-of-money-in-this-business

Entrevistamos en Mercado Abierto a Álvaro Ladoux, responsable de España y Latinoamérica en Group IB para hablar sobre la ciberseguridad y cómo se defienden las empresas de los ciberataques.

In this episode of The Gate 15 Interview, Andy Jabbour talks with James Whalen, SVP, Chief Information & Technology Officer, Boston Properties. In this podcast we address: Jim's background Changes in facilities; changes in security Threats facing facilities and broader implications Security and collaboration And more! James Whalen: James Whalen serves as Senior Vice President, Chief Information & Technology Officer for Boston Properties where he is responsible for the direction and implementation of technology services and solutions. Prior to joining the Company in March 1998, he served as Vice President, Information Systems of Beacon Properties. He is a graduate of the University of Notre Dame and a recipient of the New York City Urban Fellowship. Mr. Whalen is a current trustee and past President of the Boston Chapter of the Society for Information Management (SIM) and serves on the Real Estate Cyber Consortium, Realcomm Advisory Council, Commercial Facilities Cyber Working Group, TechHire Boston and Boston Private Industry Council. LinkedIn. A few references mentioned in or relevant to our discussion include: · The Real Estate Information Sharing and Analysis Center (RE-ISAC). “The Real Estate Information Sharing and Analysis Center (RE-ISAC), a not-for-profit information sharing entity organized by The Real Estate Roundtable in February 2003, is a public-private partnership between the US commercial facilities sector and federal homeland security officials which serves as the primary conduit of terrorism, cyber and natural hazard warning and response information between the government and the commercial facilities sector.” · InfraGardNCR: Commercial Facilities Cyber Working Group (CCWG) · FBI IC3 Cyber Crime Report: FBI Releases the Internet Crime Complaint Center 2020 Internet Crime Report & PDF: 2020 Internet Crime Report, 17 Mar 21 · Palo Alto Networks: Highlights from the 2021 Unit 42 Ransomware Threat Report & Ransomware Threat Assessments: A Companion to the 2021 Unit 42 Ransomware Threat Report, 17 Mar 21 · Group-IB: ransomware empire prospers in pandemic-hit world. Attacks grow by 150%, 04 Mar 21 · Realcomm Advisory Council

This week on Moscow Mules and NOP Slides, we have we Nick Palmer. This is our second transatlantic podcast filled with great conversation and laughter! Nick sips on Russian's finest Beluga Vodka. Nick gives us a little insight into living in Moscow the last few years before he jets out to the Netherlands. Nick walks us through his process of how he landed his role at Group-IB. We talk how collaboration leads to disruption when chasing cyber criminals. We then dive into the important of intelligence gathering before landing on everyone's favorite topic of attribution.  Dave drinks on a White Russian Nitro from Left Hand Brewing Company out of a Street Fighter glass from Answer Brewing. Kyle sips on a Dragon Milk White Stout from New Holland Brewing out of a Pour Character Biggie "Sicker Than Your Average" glass. Thank you to Nick for being a guest and the great conversation! We hope you enjoy. Please don't forget to subscribe! Disclaimer: The views and expressions of the guests and hosts are their own and not of their employers.

Anglický fotbalový velkoklub Manchester United řeší ransomware útok na své systémy; útočníci pomocí credential stuffing útoku získali přístup už k 300 000 Spotify účtům; INTERPOL, Group-IB a Nigerijská policie zatkli v Nigérii 3 členy BEC skupiny; starší zranitelnost ve VPN Fortinetu stále ohrožuje systémy i v ČR.

Observers see a shift in Russia’s influence tactics, but prank calls are (probably) not among those tactics. An event site suffers a data breach, and warns customers to be alert for spoofing. COVID-19 contact tracing continues to arouse privacy concerns. Joe Carrigan has tips for safe online shopping during the holidays. Our guest is Dmitry Volkov from Group-IB with insights from their latest Hi-Tech Crime Trends report. Ransomware hits another US school district, and social media are being used to intimidate cooperating witnesses. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/228

Interview with Jane Lo, Singapore Correspondent, MySecurity Media, Dr Magda Chelly, Organiser and Judge, founder of Women of Security (WoSEC) Singapore Chapter and one of the winners of the Top 20 Women in Cyber Security in Singapore - Shuchen Hu, Blackpanda, Digital Forensics & Incident Response Specialist. Dr Magda Chelly, co-organiser and Judge of the Top 20 Women in Cyber Security in Singapore program speaks about the awards and the importance of these initiatives and also other events she is working on - including a Capture the Flag for Girls event - CTF Girls 2nd Edition, in association with the Cyber Security Agency of Singapore. Amongst the winners of the Top 20 Women in Cyber Security in Singapore were representatives of leading government and industry firms, from banking, finance, automotive, consulting and includes the Cyber Security Agency of Singapore, with judges also representative of leading cyber security identities in Singapore, Malaysia and Australia. We introduce Shuchen Hu of Blackpanda and get insights into her background and how she got into the industry, her aspirations and how the awards assist her and others into the future. We also highlight another winner, Astha Keshariya, PhD, MSC[Honours], MBA, who has been in the field of Information Security and Cryptography for over 16 years has written a new article, Neurodiversity in Cybersecurity skillsets which examines the “bad cyber-actors” behind cyberattacks and what motivates them. Read here And we catch up with Jane Lo, Singapore Correspondent for MySecurity Media and highlight her recent podcast interviews in Singapore, including: Episode 215 - Virtual Reality, 5G and other innovation trends - Interview with Leslie Shannon, Head of Ecosystem and Trend Scouting, Nokia Episode 219 - Dr Paola A. Magni is a Senior Lecturer in Forensic Science at Murdoch University (Perth, WA) and the Deputy Dean at Murdoch University Singapore Episode 220 - (Yet to be released) Joshua McCloud, National Cybersecurity Officer, Security and Trust Organisation, CISCO Episode 188 - Hi-Tech Crime Trends of 2019 - Interview with Group-IB CTO & Co-Founder, Moscow - noting that one of the Top 20 Women in Cyber Security in Singapore is Vesta Matveeva, Head of Cyber Investigation Department at Group-IB. Finally, the main purpose of the podcast is also to open the 'Top Women in Security in Malaysia Awards' which opens today - Monday September 7 - nominations can now be submitted here. Nominations are scheduled to close on October 23, 2020 where they will be judged by an esteemed group of panellists and winners will be announced and recognized in early December with a virtual awards ceremony. Previous Women in Security episodes (12) Episode 171 - Interview with SheLeadsTech founding ISACA Director, Jo Stewart-Rattray Episode 170 - RSA APJ Conference Podcast Series - Dr Magda Chelly on Cybersecurity, Career Transition & Women in Cyber Episode 151 - Interview with Jacqui Loustau, Founder of the 'Australian Women in Security Network' (AWSN) Episode 123 - Interview with Jane Frankland and answering the Gender Bias Question - #KLNext Series Episode 122 - Kaspersky Lab insights from Europe and Women in Cyber program - #KLNext Series Episode 118 - Meet cyber twins @noushinshbb @NegarShbb #womenincyber #malware #analysis #appsec Episode 104 - A Cyber Murder Mystery? A unique approach to raising awareness by #WomeninCyber at Blue Phish Episode 63 – SPECIAL EDITION - Women in Cyber Panel, Australian Cyber Security Centre Conference #2018ACSC Episode 31 – Women in Cyber – Sandra Ragg, Office of the Cyber Security Special Adviser for the Prime Minister and Cabinet & Heide Young, National Events Manager, Australian Women in Security Network Episode 26 – Women in Cyber – Sandra Ragg, Office of the Cyber Security Special Adviser for the Prime Minister & Cabinet and Narelle Devine, Australian Federal Department of Human Services Episode 10 - #WomeninCyber Mentoring with Sandra Ragg, Erica Hardinge, Michelle Price & Megan Haas Episode 2 - Interview with Bonnie Butlin, keynote speaker at #AISACON17

Карантинный выпуск. Узнали, помимо прочего, как не попасться на удочку хакеров, почему на «черной стороне» быть больше не круто, ну и кого и как берут в индустрию, конечно же. Гости: Юрий Наместников (Kaspersky Lab); Алексей Поляков и Влад Лазарев (BI.ZONE); Дмитрий Волков и Сергей Никитин (Group IB) Ведущие выпуска: Дмитрий Чебанов, Лилия Лучик Музыка, использованная в подкасте: Slagsmålsklubben - Fox Goes To Japan (In Order To Meet Other Ninja Foxes In the Tribe of Hokkaido) Звукорежиссёр: Fesikl Mikensky

On this week’s show Patrick and Adam discuss the week’s security news, including: Two Exabeam engineers sick with Coronavirus following RSA attendance Hung jury in Joshua Schulte Vault7 trial Qihoo 360 tries to “pull an APT1” but it was just weird and awkward instead Corellium releases Android for iPhone hardware toolkit Much, much more. This week’s sponsor interview is with Scott Kuffer of Nucleus Security. They have built a web application that pulls together feeds from all your vulnscanners and vulnerability-related software (Snyk, Burp, whatever), normalises it then lets you slice it, dice it, and send it through to the most relevant project owner/dev team. It’s insanely popular stuff, and Scott pops along this week to talk about vulnerability management and what his last year has looked like as Nucleus’s business has boomed. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that’s your thing. Show notes Two People Who Attended Cyber Event Contract Coronavirus The EARN IT Act Is a Sneak Attack on Encryption | WIRED Vault 7 court case ends in mistrial on most serious charges Energy Organizations Continue to be Compromised Globally | Dragos Chinese security firm says CIA hacked Chinese targets for the past 11 years | ZDNet Exclusive: This Hack Turns Apple’s iPhone Into An Android Apple Just Demanded Santander And A $50 Billion US Intelligence Contractor Reveal How They Use iPhone Hacking Tech NSO Group works to explain no-show in court for WhatsApp suit, plots defense Facebook sues Namecheap to unmask hackers who registered malicious domains | ZDNet Clearview AI Reports Breach of Customer List - VICE Clearview AI, Facial Recognition Company That Works With Law Enforcement, Says Entire Client List Was Stolen Apple has blocked Clearview AI’s iPhone app for violating its rules | TechCrunch London Police Just Turned On Facial Recognition In One Of The World’s Busiest Shopping Districts This Small Company Is Turning Utah Into a Surveillance Panopticon - VICE Surveillance Firm Banjo Used a Secret Company and Fake Apps to Scrape Social Media - VICE Defense contractor CPI knocked offline by ransomware attack | TechCrunch Visser, a parts manufacturer for Tesla and SpaceX, confirms data breach | TechCrunch Ryuk ransomware hits Fortune 500 company EMCOR | ZDNet One of Roman Abramovich's companies got hit by ransomware | ZDNet Legal services giant Epiq Global offline after ransomware attack | TechCrunch Big health care analytics firm infected with ransomware Croatia's largest petrol station chain impacted by cyber-attack | ZDNet US Railroad Contractor Reports Data Breach After Ransomware Attack DoppelPaymer Hacked Bretagne Télécom Using the Citrix ADC Flaw Zyxel 0day Affects its Firewall Products, Too — Krebs on Security The strange, unexplained journey of ToTok in Google Play fuels user suspicions | Ars Technica Message to our ToTok community Indictment names Group-IB executive in scheme to sell hacked data Chrome 80 update cripples top cybercrime marketplace | ZDNet Brave to generate random browser fingerprints to preserve user privacy | ZDNet Firefox to enable DNS-over-HTTPS by default to US users | TechCrunch Let’s Encrypt deploys new domain validation technology to mitigate BGP hijacking risks | The Daily Swig Microsoft Exchange Server admins urged to treat crypto key flaw as ‘critical’ | The Daily Swig Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu | ZDNet Zoho zero-day published on Twitter | ZDNet (12) Thijs Alkemade on Twitter: "Last week, I was thinking back about this discussion from @riskybusiness. I decided to have a look at how it works. While doing that, I found a vulnerability that could have been used to gain unauthorized access to an iCloud account. https://t.co/szfFBNWZmy" / Twitter 5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable | Ars Technica Positive Technologies - learn and secure : Intel x86 Root of Trust: loss of trust AMD processors from 2011 to 2019 vulnerable to two new attacks | ZDNet Intel CPUs vulnerable to new LVI attacks | ZDNet A Flaw in Billions of Wi-Fi Chips Let Attackers Decrypt Data | WIRED Hackers Can Clone Millions of Toyota, Hyundai, and Kia Keys | WIRED GadgetProbe: New tool simplifies the exploitation of Java deserialization vulnerabilities | The Daily Swig FBI Warned Of Fraudster’s Paradise: Up To 130,000 Hacked Asus Routers On Sale For A Few Dollars Porn, gore, and gambling habits aired in Virgin Media breach | Ars Technica Hackers Were Inside Citrix for Five Months — Krebs on Security The Case for Limiting Your Browser Extensions — Krebs on Security Hackers are targeting other hackers by infecting their tools with malware | TechCrunch Who's Hacking the Hackers: No Honor Among Thieves Google could have fixed 2FA code-stealing flaw in Authenticator app years ago | ZDNet New action to disrupt world’s largest online criminal network - Microsoft on the Issues This Chinese Whale Lost $45 Million in Bitcoin and BCH Overnight: How it Happened

Jane Lo, Singapore Correspondent interviews Mr Dmitry Volkov, CTO and Co-Founder of Group IB on Hi-Tech Crime Trends of 2019. Group IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has analyzed key recent changes to the global cyberthreat landscape.  The report examines attacks conducted for espionage and sabotage purposes.  The report contain chapters devoted to the main industries attacked and covers the period from H2 2018 and H1 2019.  Group-IB analysts highlight key high-tech crime rends and conclude that 2019 heralds a new era of cyberattacks.   The annual report was presented at CyberCrime Con 2019 international Threat Hunting and intelligence conference in Singapore (29th Nov 2019). As a CTO, Dmitry is responsible for all the aspects of the company's technological development and transformation.  Dmitry helped to establish Group-IB’s unique Cyber Intelligence department, which provides Threat Intelligence to companies around the world.  As a CTO and Head of Threat Intelligence at Group-IB, Dmitry holds extensive experience in computer forensics, investigation of botnets, fraud, carding, DDoS attacks and other high tech crimes. In 2015, Dmitry was listed by Business Insider as one of the top 7 professionals behind influential security companies. Recorded remotely with Group IB’s Mosow Office on 24th Dec 2019.  

Sean Martin and Marco Ciappelli chat with Kate Healy, Principal Cybersecurity Strategist at Telstra, and Aleksandr Lazarenko, Head of R&D at Group-IB, as part of their RSA Conference 2019 APJ event coverage from the Marina Bay Sands in Singapore. There's also a video version of this chat which can be viewed here: https://vimeo.com/349633634 ________ We'd like to thank our conference coverage sponsors for their support. Be sure to visit their directory pages on ITSPmagazine to learn more about them. Bugcrowd: https://www.itspmagazine.com/company-directory/bugcrowd Devo: https://www.itspmagazine.com/company-directory/devo STEALTHbits: https://www.itspmagazine.com/company-directory/stealthbits ________ Want more from RSA Conference 2019 in Singapore? Follow all of our coverage here: https://www.itspmagazine.com/rsa-conference-apj-2019-event-coverage-singapore-cybersecurity-news-coverage-and-podcasts Looking for our chats on the road to RSA Conference Singapore? You can find those here: https://www.itspmagazine.com/itsp-chronicles/chats-on-the-road-to-rsa-conference-2019-singapore

    亲爱的朋友们下午好，欢迎收听本期的BlockCC币须知道。这里有你不愿错过的币圈生猛资讯，如果你想知道币圈动向、趋势分析、新币资讯及更多有趣又有营养的内容的话，BlockCC就在这儿等你。 GTC退市风波    GTC的瓜，吃了好几天依然意犹未尽。昨夜OKEX发出公告，将于8月6日12:00下线GTC交易。公告发出不久，GTC半小时内跌幅22.85%。虽说GTC退市是徐乐主动提出的，但是他和标准共识（评级机构）、OKEX之间的爱恨情仇，却并没有因为一纸公告而戛然而止。今日凌晨，徐乐朋友圈暗指OKEx工作人员利用公职之便要钱！至于证据是什么，什么时候发出来，徐乐却只字未提。人在币圈走，锅从天上来，面对徐乐的“索贿”指控，OKEX显得相当淡定，喊话这是徐乐故意抹黑。凌晨2点15分，OKEx徐明星再次做出回复，希望徐乐拿证据说话，不要诋毁。目前，徐乐没有做出回复。 比特大陆正式完成Pre-IPO轮签约    屏幕的另一边，比特大陆吴忌寒滑动着手机，和我们一样吃了几口瓜，便匆匆赶往了自己的主场。据IPO早知道消息，比特大陆正式完成Pre-IPO轮签约，本轮投资者包括腾讯、软银和中金。本轮融资10亿美元，投前估值140亿美元，投后估值150亿美元，本轮融资将于近期交割。同时，比特大陆将于9月在港交所交表，并于年内在香港正式上市，预计市值300亿美元。 俄罗斯，中国和美国成为数字货币黑客的首要目标    徐乐和OKEx之间硝烟弥漫，吃瓜人事吴忌寒成了今日最大赢家，但无论是谁，都面临这同一个敌人——黑客。据悉，俄罗斯，中国和美国是数字货币黑客的首要目标。这个消息来自Group-IB最新研究，其为一家从事网络犯罪调查和预防工作的公司。其最新论文显示，俄罗斯，中国和美国是加密货币黑客的首要目标，每三个受害者中有一个来自美国。他们的研究，基于对2016年和2017年间19个最大的加密货币交易所遭网络攻击的历史数据。研究显示，与2016年相比，2017年加密货币交易平台网站上被入侵的账户数量增加了369％。2018年1月的攻击事件数量比2017年的月平均值飙升了689％。 币圈今天的瓜一个接一个，不知道大家吃得过不过瘾呢？今日值得关注的新闻热点还有：1.黑客为挖矿攻击路由器 降维提示用户注意互联网安全2.DFUND创始人赵东发微博称：熊市还有16个月结束3.CMC网站出现数据异常 今日凌晨 Tether曾与Bitfinex互转大额USDT4.CDC创始人杨宁在首尔嘉年华上展示了全新CDC DAPP应用界面    好了，说完今天的币圈事件，再来讲讲今日的币种行情。时间截止至8月4日16:00，BlockCC数据显示：    BTC目前价格为5.1500万元，相比昨天涨了1.68%，交易量达到了317.57亿元，净流入资金达到了2.5605亿元    ETH现在售价2897.6元，总体涨了3.1%，交易量达到了40.812亿，净流入资金达到了6275.7万市值前200币种各种排行榜冲进涨幅排行榜前三的NEWOS、BCX、MD跌幅排行榜前三的是YOU，BUC，FNKOS24H净流入排行榜净流入排行榜前三分别是DASH、BTC、ETC净流出排行榜前三则是IOTA、VET、BTM    感谢收听今日的BlockCC币须知道，想知道当天新鲜生动，营养又有料的币圈资讯。就在这等我，或者登陆BlockCC官方网站：https://block.cc/了解更多资讯。我们明天再见！

A recent news was about hackers hacked into a Russian bank because of outdated routers. When I saw the keyword “router”, I felt that I must dig further about what really happened.What I have understood nowThe victim is PIR Bank. One of the suspects is MoneyTaker. After the breach, PIR Bank hired company Group-IB to do the clean-ups, recovery, and investigating how the hackers got into their internal network.Up to this moment, Group-IB disclosed hackers exploited the outdated routers of PIR Bank. The model of the routers was Cisco 800 series routers, which was already declared publicly that the End of Support date would be someday in Year 2016, by Cisco. The running Cisco IOS version was 12.4.My understandingAll the routers involved in this incident in my opinion must had been deployed as Internet VPN routers. They must connect directly to the public Internet. Suppose those routers were purely internal routers without public Internet connections at all, hackers can only have access to them by getting through layers of firewalls. Suppose hackers already had broken through layers of firewalls, then hackers could have attacked directly without exploiting any of those outdated routers.I believe the VPN protocol used should be IPSec. However, IPSec was not to blame for this incident. Vulnerabilities were in the software or the hardware of those installed routers. It might be some discovered vulnerabilities and hackers took advantages of Zero-day Exploits to hack into the network. Hackers either used the hijacked router as a hopping location or changed the access rules so hackers had backdoor accesses to the internal network.I also want to emphasize that Cisco is not to blame. Cisco had already announced End of Support long time ago. If a customer insisted to keep using the old outdated routers, customers should take most of the responsibilities.It was a pity for a loss of nearly 1 Million US Dollars. One million dollars is enough to buy and replace a lot of new routers to prevent this loss.Enterprises should take actions, my suggestionsCreate a complete inventory of routers, especially for those connected to public Internet.Confirm with network hardware providers which routers are being or getting out of support. Create schedules to replace them as early as possible.Make sure all supported routers are running most up-to-date patched operating systems and software.Sun flowers in Taoyuan Agriculture Expo (桃園農業博覽會) 2018.Taoyuan City, TaiwanOne more thing…I don't think we should worry about the architecture of Internet VPN and IPSec protocol itself. Many new technologies are relying on Internet VPN and IPSec. For example, Software-defined Wide Area Network (SD WAN) is built on top of Internet VPN and IPSec.If we make sure all running VPN routers are in healthy condition, Internet VPN architecture is still a cost-effective WAN solution with great flexibilities for enterprises.

這幾天我在ITHOME看到這則新聞。因為這則新聞，和路由器有關，我自己花了一些時間去深入理解。我目前的理解受害的銀行，是俄羅斯的PIR Bank。有嫌疑的駭客集團是MoneyTaker。事件發生過後，PIR Bank 請Group-IB公司進行入侵事件後的修復和調查。目前Group-IB已公開的資訊指出，駭客是透過停止支援的路由器的漏洞進入。駭客的步驟細節尚未公開。PIR Bank的路由器的型號是 Cisco 800系列路由器。這款路由器的軟硬體，已經在2016年停止支援。作業系統版本是Cisco IOS 12.4.我的解讀這些路由器，我判斷，應該是連接在Internet上面的VPN路由器。如果是封閉在內部網路的路由器，駭客必須穿過好多道防火牆才到的了路由器。假設駭客都能穿過防火牆了，當然也不需要透過路由器的缺陷。VPN加密的保護協定，應該就是IPSec，在這個事件中，本身並沒有被發現缺陷。有缺陷的是路由器軟硬體。駭客應該是透過了Cisco IOS的缺陷，例如針對某個缺陷，作「零時差攻擊」(Zero-day Exploit)，控制了路由器之後，將路由器當成攻擊跳板，或是開後門讓駭客從 Internet 進入到內部網路中。這個事件的責任，主要也不在於Cisco，因為Cisco已經公告停止支援了。客戶如果硬要使用停止支援的路由器，客戶需要承擔大部分的風險。好可惜！所損失的一百萬美金，足夠買好多好多全新的路由器了。我給企業的建議立刻盤點現有的路由器，尤其是連結到、暴露在Internet上面的。立刻跟硬體供應商確認，哪些路由器已經停止支援的，或者是即將停止支援的，應該立刻、儘快更換。仍然有支援的路由器，需要逐一確認，上面的作業系統已經是最新修補過的版本。銀杏大道(イチョウ並木)，日本北海道大學One More Thing…我建議大家不需要對於Internet VPN架構，或是IPSec協定，有任何恐慌。事實上，好多的網路新架構，例如軟體定義廣域網(Software-defined Wide Area Network, SD WAN)，也都是基於Internet VPN和IPSec這樣的技術。只要能夠確保這些路由器隨時維持在最健康的狀態，軟體需要更新就隨時更新，硬體需要更換就隨時更換，Internet VPN架構還是一個同時能夠降低成本，和提升部署彈性的，企業內部智慧型廣域網路的方案。

A group of Russian-speaking hackers have stolen nearly $10 million from banks around the world. Group-IB, a company with expertise in computer forensics, information security and, specifically, Russian‑speaking criminal groups, have named these thieves MoneyTaker. Nicholas Palmer is the director of international business development at Group-IB, and he's joined by their head of threat intelligence, Dmitry Volkob to explain the MoneyTaker group's schemes. The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Learn more at https://www.hewlett.org/cyber/

A group of Russian-speaking hackers have stolen nearly $10 million from banks around the world. Group-IB, a company with expertise in computer forensics, information security and, specifically, Russian‑speaking criminal groups, have named these thieves MoneyTaker. Nicholas Palmer is the director of international business development at Group-IB, and he's joined by their head of threat intelligence, Dmitry Volkob to explain the MoneyTaker group's schemes.

In today's podcast, we hear that WikiLeaks has dumped "Dumbo" project documents. Separation of agencies as a way of rendering leaks less likely. HBO's hack is getting bigger, apparently. Group IB outs members of the United Islamic Cyber Force to Interpol. Cerber goes after Bitcoin. WannaCry ransom payments are being moved, perhaps laundered. Lawsuits loom over NotPetya as more companies warn the malware had a material effect. The FBI says you can't exercise your right to be forgotten by DDoS. Election fraud in Venezuela. Markus Rauschecker from UMD CHHS on large companies like FaceBook and Google being vulnerable to privacy and antitrust concerns. Jim Pflaging from the Chertoff Group, promoting their upcoming Security in the Boardroom event, speaking to the role of the board director when it comes to cyber security.And your guests can eavesdrop on you through your Amazon Echo. (But why would you have those people over anyway?)

In today's podcast, we hear that the ShadowBrokers open their exploit-of-the-month club at the low, low price of $22,000 in Zcash. Group-IB finds more evidence that the Lazarus Group is a North Korean intelligence unit. Extortion, both real and bluffing, grows in underworld popularity, but carders are with us still, alas. President Macron tells President Putin everyone's on to his use of Russia Today and Sputnik News for disinformation. Accenture's Justin Harvey explains red-teaming. Ely Kahn from Sqrrl outlines NIST's call for comments on their cybersecurity framework. And if you're a regular Joe or Jane looking for some Android action, take this advice straight from the shoulder: steer clear of Star Hop and Candy Link.