Podcasts about iocs

Play Episode Listen Later Jan 24, 2025 108:59

Three Buddy Problem - Episode 31: Dennis Fisher steps in for Ryan Naraine to moderate discussion on a very busy week in cybersecurity. The cast dig into the wave of big research reports, the disbanding of the Cyber Safety Review Board (CSRB), the ongoing flood of exploits targeting security appliances from Ivanti and SonicWall, and the recent Lumen research on Juniper router backdoors. Plus, the challenges of coordinating disclosures, the tough realities of intelligence work, and the complex landscape of nation-state attacks -- especially around Chinese threat actors and Western defenses. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Dennis Fisher. Ryan Naraine (https://twitter.com/ryanaraine) in on work travel.

death chinese western fbi storms lumen router cisa zero days apts backdoors sonicwall ivanti iocs dennis fisher

Surveillance economics, Turla and Careto, and the AI screenshots nobody asked for

tiktok ai apple ukraine elections microsoft bitcoin iran economics quantum romania surveillance screenshots iran israel patch tuesday iocs claroty turla

Play Episode Listen Later Dec 13, 2024 134:07

Three Buddy Problem - Episode 25: An update on Romania's cancelled election, the implications of TikTok on democratic processes, and the broader issues around surveillance capitalism and micro-targeting. Plus, news on Turla piggybacking on cybercriminal malware to hit Ukraine, the return of Careto and the absence of IOCs, Claroty report on an Iran-linked cyberweapon targeting critical infrastructure, ethical considerations in cyberwarfare, and the implications of quantum computing on security and cryptocurrencies. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Ryan Naraine (https://twitter.com/ryanaraine).

T13X13 - Moebius -IOCs vs TTPs

CiberClick

Play Episode Listen Later Dec 11, 2024 47:39

¿Sabes qué es la cinta de Moebius? ¿Y las diferencias entre un IOC y un TTP? No te preocupes, te lo contamos en esta edición de nuestro programa.

sabes ioc moebius ttp ttps iocs

Typhoons and Blizzards: Cyberespionage and national security on front burner

art russia blizzard national security typhoons gchq noh ivanti iocs front burner

Play Episode Listen Later Oct 11, 2024 69:09

Three Buddy Problem - Episode 16: We break down the new GCHQ advisory on the history and tactics of Russia's APT29, the challenges of tracking and defending against these sophisticated espionage programs, the mysterious Salt Typhoon intrusions, the absence of technical indicators (IOCs), the risks of supply chain attacks. We also touch on the surge in zero-day discoveries, the nonstop flow of exploited Ivanti security bugs, and why the CSRB should investigate these network edge device and appliance vendors. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs) (SentinelLabs), Costin Raiu (https://twitter.com/craiu) (Art of Noh) and Ryan Naraine (https://twitter.com/ryanaraine) (SecurityWeek).

Ep8: Microsoft's zero-days and a wormable Windows TCP/IP flaw known to China

china chinese microsoft iran windows cybersecurity transparency palo alto crowdstrike flaw defcon black hat apt ipv6 tcp ip zero days noh patch tuesday iocs balkanization

Play Episode Listen Later Aug 17, 2024 77:45

Three Buddy Problem - Episode 8: This week's show digs into Microsoft's in-the-wild zero-day woes, Patch Tuesday and the absence of IOCs, a wormable Windows TCP/IP flaw that the Chinese government knew about for months, Iran's aggressive hacking US election targets, CrowdStrike v Qihoo360 and major problems with APT naming conventions. Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)

S2 Ep20: Top 5 Threat Hunting Headlines - 29 July 2024

guide training threats behavior command black hat threat hunting iocs

Play Episode Listen Later Jul 30, 2024 68:40

Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 29 July 2024 1. Bleeping Computer | Acronis Warns of Cyber Infrastructure Default Password Abused in Attacks https://www.bleepingcomputer.com/news/security/acronis-warns-of-cyber-infrastructure-default-password-abused-in-attacks/?&web_view=true 2. Guardio Labs | “EchoSpoofing” – A Massive Phishing Campaigns Exploiting Proofpoint's Email Protevtion to Dispatch Millions of Perfectly Spoofed Emails https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6?gi=b32e776ffab3 3. Esentire | Introducing Gh0stGambit: A Dropper for Deploying Gh0st RAT https://www.esentire.com/blog/a-dropper-for-deploying-gh0st-rat?&web_view=true 4. Check Point Research | Stargazers Ghost Network https://research.checkpoint.com/2024/stargazers-ghost-network/ 5. Help Net Security | Most CISO's Feel Unprepared for New Compliance Regulations https://www.helpnetsecurity.com/2024/07/26/cisos-compliance-regulations-preparedness/?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Ep6: After CrowdStrike chaos, should Microsoft kick EDR agents out of Windows kernel?

Play Episode Listen Later Jul 26, 2024 76:37

Three Buddy Problem - Episode 6: As the dust settles on the CrowdStrike incident that blue-screened 8.5 million Windows computers worldwide, we dig into CrowdStrike's preliminary incident report, the lack of transparency in the update process and the need for more robust testing and validation. We also discuss Microsoft's responsibility to avoid infinite BSOD loops, risks of deploying EDR agents on critical systems, and how an EU settlement is being blamed for EDR vendors having access to the Windows kernel. Other topics on the show include Mandiant's attribution capabilities, North Korea's gov-backed hacking teams launching ransomware on hospitals, KnowBe4 hiring a fake North Korean IT worker, and new developments in the NSO Group surveillance-ware lawsuit. Hosts: Costin Raiu (Art of Noh), Juan Andres Guerrero-Saade (SentinelLabs), Ryan Naraine (SecurityWeek)

chaos european union microsoft testing kick windows groups north korea validation detection crowdstrike exploits kernel nso group edr noh mandiant knowbe4 bsod iocs

S2 Ep19: Top 5 Threat Hunting Headlines - 22 July 2024

guide training threats behavior command black hat threat hunting iocs

Play Episode Listen Later Jul 25, 2024 61:12

Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" | Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 22 July 2024 1. Popular Ukrainian Telegram Channels Hacked to Spread Russian Propaganda https://therecord.media/ukrainian-news-telegram-channels-hacked-russian-propaganda?&web_view=true 2. New Play Ransomware Linux Variant Targets ESXI Shows Ties with Prolific Puma https://www.trendmicro.com/en_us/research/24/g/new-play-ransomware-linux-variant-targets-esxi-shows-ties-with-p.html 3. Dragos Frostygoop Report https://regmedia.co.uk/2024/07/23/dragos_frostygoop-report.pdf 4. Likely Ecrome Actor Capitalizing on Falcon Sensor Issues https://www.crowdstrike.com/blog/likely-ecrime-actor-capitalizing-on-falcon-sensor-issues/ 5. Internet Organised Crime Threat Assessment 2024 https://www.europol.europa.eu/cms/sites/default/files/documents/Internet%20Organised%20Crime%20Threat%20Assessment%20IOCTA%202024.pdf ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

S2 Ep18: Top 5 Threat Hunting Headlines - 15 July 2024

guide training focus threats behavior secure victims command black hat hacker news threat hunting iocs

Play Episode Listen Later Jul 17, 2024 39:32

Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 15 July 2024 1. Infosecurity Magazine | CISA Urges Software Makers to Eliminate OS Command Injection Flaws https://www.infosecurity-magazine.com/news/cisa-software-eliminate-command/?&web_view=true 2. Wazuh | Detecting Living Off the Land Attacks with Wazuh https://wazuh.com/blog/detecting-living-off-the-land-attacks-with-wazuh/ 3. ClickFIx Deception: A Social Engineering Tactic to Deploy Malware https://www.mcafee.com/blogs/other-blogs/mcafee-labs/clickfix-deception-a-social-engineering-tactic-to-deploy-malware/ 4. The Hacker News | 10,000 Victims a Day: Infostealer Garden of Low-Hanging Fruit https://thehackernews.com/2024/07/10000-victims-day-infostealer-garden-of.html?m=1 5. Blackberry | Coyote Banking Trojan Targets LATAM with a Focus on Brazillian Financial Institutions https://blogs.blackberry.com/en/2024/07/coyote-banking-trojan-targets-latam-with-a-focus-on-brazilian-financial-institutions?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

S2 Ep17: Top 5 Threat Hunting Headlines - 1 July 2024

guide training threats behavior secure command black hat threat hunting iocs

Play Episode Listen Later Jul 2, 2024 55:09

Threat Hunting Workshop: Hunting for Command and Control 31 July 2024 | 12:00 - 1:00 pm ET Register Here! Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: 3-4 Aug 2024: Sign Up Here! 5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 1 July 2024 1. Qualys Security Blog | Remote Unauthenticated Code Execution Vulnerability in OpenSSH Server https://blog.qualys.com/vulnerabilities-threat-research/2024/07/01/regresshion-remote-unauthenticated-code-execution-vulnerability-in-openssh-server?web_view=true 2. ZScaler | Kimsuky Deploys TRANSLATEXT to Target South Korean Academia https://www.zscaler.com/blogs/security-research/kimsuky-deploys-translatext-target-south-korean-academia 3. The Register | Police Allege 'Evil Twin' In-Flight WiFi Used to Steal Info & Australian Federal Police | Man Charged Over Creation of 'Evil Twin' Free WiFi Networks to Access Personal Data https://www.theregister.com/2024/07/01/australia_evil_twin_wifi_airline_attack/?&web_view=true https://www.afp.gov.au/news-centre/media-release/man-charged-over-creation-evil-twin-free-wifi-networks-access-personal 4. GitHub | JPCERTCC/LogonTracer https://github.com/JPCERTCC/LogonTracer 5. Help Net Security | 75% of New Vulnerabilities Exploited Within 19 Days https://www.helpnetsecurity.com/2024/06/27/nvd-vulnerabilities/?web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

S2 Ep16: Top 5 Threat Hunting Headlines - 24 June 2024

guide training threats behavior secure black hat threat hunting iocs

Play Episode Listen Later Jun 25, 2024 56:54

Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 25 June 2024 1. Positive Technologies | ExCobalt: GORed, the hidden-tunnel technique https://www.ptsecurity.com/ww-en/analytics/pt-esc-threat-intelligence/excobalt-gored-the-hidden-tunnel-technique/ 2. Cisco Talos | SneakyChef espionage group targets government agencies with SugarCh0st and more infection techniques https://blog.talosintelligence.com/sneakychef-sugarghost-rat/ 3. Help Net Security | 1 out of 3 breaches go undetected https://www.helpnetsecurity.com/2024/06/24/detecting-breaches-struggle-in-organizations/?web_view=true 4. Ars Technica | Dell said return to office or else - nearly half of the workers chose "or else" https://arstechnica.com/gadgets/2024/06/nearly-half-of-dells-workforce-refused-to-return-to-the-office/ 5. Infosecurity Magazine | Cybersecurity Burnout Costing Firms $700m+ Annually https://www.infosecurity-magazine.com/news/cybersecurity-burnout-costing-700m/?&web_view=true ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

OB EPO Use & Blood Salvage at CS (IOCS)

Dr. Chapa’s Clinical Pearls.

Play Episode Listen Later Jun 21, 2024 41:26

Respect for patient autonomy is a fundamental part of the clinician-patient relationship and discussion of healthcare interventions. Some patients decline transfusion of blood products, either for religious or non-religious reasons, but most frequently as part of the Jehovah's Witness faith. Acceptance of, and decision-making, surrounding blood products and human blood derived medications is complex, however, and some patients who decline certain blood products may still accept other interventions. Because childbirth can be associated with excess blood loss and need for resuscitation, it is important before delivery to clearly delineate which blood products will be accepted or declined, realizing that the patient can change her preferences at any time. One way proposed to address blood loss at cesarean section is the use is intraoperative cell saver (IOCS) for autologous infusion (re-infusion of blood). Is it appropriate to use cell savers to collect and re-infuse blood during a C-section? Does ACOG mention this as an option? And what about the use of erythropoietin antepartum to increase RBC capacity? These questions are the focus of this episode.

respect witness acceptance jehovah rbc iocs blood salvage

S2 Ep15: Top 5 Threat Hunting Headlines - 10 June 2024

guide training threats behavior secure black hat threat hunting iocs data theft

Play Episode Listen Later Jun 11, 2024 67:25

Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Regular Registration closes on July 19, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 10 June 2024 1. Google Cloud | UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion https://cloud.google.com/blog/topics/threat-intelligence/unc5537-snowflake-data-theft-extortion 2. Morphisec | Howling at the Inxos: Sticky Werewolf's Latest Malicious Aviation Attacks https://blog.morphisec.com/sticky-werewolfs-aviation-attacks 3. Vonahi Security | Automated Penetration Testing & Cyber Security Services - Top 10 Crticial Pentest Findings Report https://www.vonahi.io/pentest-report-2024?utm=source=701Rp00000B6bue 4. The DFIR Report | IcedID Brings ScreenConnect and CSharp Streamer to ALPHV Ransomware Deployment https://thedfirreport.com/2024/06/10/icedid-brings-screenconnect-and-csharp-streamer-to-alphv-ransomware-deployment/ 5. Zscaler | Technical Analysis of the Latest Variant of ValleyRAT https://www.zscaler.com/blogs/security-research/technical-analysis-latest-variant-valleyrat ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

S2 Ep14: Top 5 Threat Hunting Headlines - 22 May 2024

guide training threats behavior secure black hat threat hunting iocs

Play Episode Listen Later May 22, 2024 60:04

Black Hat 2024 Training with Lee Archinal "A Beginner's Guide to Threat Hunting: How to Shift Focus from IOCs to Behaviors and TTPs" Early registration closes on May 24, 2024! Secure your spot now at a discounted rate: *3-4 Aug 2024: Sign Up Here! *5-6 Aug 2024: Sign Up Here! ----- Top 5 Threat Hunting Headlines - 22 May 2024 1. Kandji | Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware https://blog.kandji.io/malware-cuckoo-infostealer-spyware 2. Rapid7 | Ongoing Malvertising Campaign Leads to Ransomware https://www.rapid7.com/blog/post/2024/05/13/ongoing-malvertising-campaign-leads-to-ransomware/ 3. Unit 42 | Payload Trends in Malicious OneNote Samples https://unit42.paloaltonetworks.com/payloads-in-malicious-onenote-samples/ 4. Check Point Research | Bad Karma, No Justice: Void Manticore Destructive Activities in Isreal https://research.checkpoint.com/2024/bad-karma-no-justice-void-manticore-destructive-activities-in-israel/ 5. Aqua Nautilus | Kinsing Demystified - A comprehensive Technical Guide https://1665891.fs1.hubspotusercontent-na1.net/hubfs/1665891/Threat%20reports/AquaSecurity_Kinsing_Demystified_Technical_Guide.pdf ----- Follow Us! Twitter: https://twitter.com/CyborgSecInc LinkedIn: https://www.linkedin.com/company/cyborg-security/ YouTube: https://www.youtube.com/cyborgsecurity Discord: https://discord.gg/DR4mcW4zBr TikTok: https://www.tiktok.com/@cyborgsecinc

Dating App Verification Scam, China’s DNS Reconnaissance, and Google’s Play Store Security Overhaul

The Daily Decrypt - Cyber News and Discussions

Play Episode Listen Later Apr 30, 2024

In today's episode, we dive into the sophisticated DNS activities of the China-linked threat actor known as Muddling Meerkat, who manipulates internet traffic and abuse DNS open resolvers. This cyber espionage endeavor has global implications as explained by Infoblox in an article at The Hacker News (https://thehackernews.com/2024/04/china-linked-muddling-meerkat-hijacks.html). Also, we discuss the FBI's warning about fake verification schemes targeting dating app users, uncovering the scam processes and providing tips to safeguard against such fraudulent activities as detailed in the BleepingComputer article (https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-verification-schemes-targeting-dating-app-users/#google_vignette). Lastly, we explore Google's efforts to enhance mobile security by preventing over 2 million malicious apps from entering the Play Store, highlighting their proactive measures and collaborations to safeguard user privacy. Read more about this at The Hacker News (https://thehackernews.com/2024/04/google-prevented-228-million-malicious.html). 00:00 Introduction 02:36 Dating App Scams 04:12 Google's Security Enhancements 06:47 Muddling Meerkat's DNS Manipulation Generate single use credit card numbers: https://app.privacy.com/join/GL3U7 Tags: Muddling Meerkat, DNS activities, reconnaissance, China, fake verification schemes, dating app users, FBI warning, fraudsters, Google, Play Store, security, review process Search Phrases: Muddling Meerkat DNS activities China Muddling Meerkat reconnaissance Fake verification schemes dating apps FBI warning fraudsters Protect from fake verification schemes Unauthorized credit card charges prevention Google Play Store security measures Prevent sensitive data access Google app review process Infiltration prevention in Play Store Apr30 The FBI is warning that dating app users are being targeted by fake verification scams that are leading to costly recurring subscription charges, as well as theft and misuse of personal information. How can users protect themselves while using dating apps? Google blocked over 2 million policy violating apps from the Play Store in 2023. In a proactive security measure that also saw over 790,000 apps guarded against sensitive data access. How has Google improved its security features and review process to prevent these malicious apps from infiltrating the Play Store? And finally, a China linked threat named Muddling Meerkat has been caught manipulating DNS activities globally to evade security measures. They've been conducting reconnaissance since 2019. What are these unique DNS activities that Muddling Meerkat are undertaking, and what is their end goal? You're listening to The Daily Decrypt. So the FBI is warning of a new scam that's targeting dating app users, which can lead to fraudulent recurring subscription charges and even identity theft. So basically, the scammers will develop a romantic connection with you on the dating app of your choice, whether that's Tinder or Bumble or Hinge or whatever you choose, then they're going to ask to move this conversation to a safer platform to verify that you are in fact a human. Well, we're all on dating apps to try to find someone, so of course I'm going to verify that I'm human. It's a valid request. Well, the only way to verify that you're human now is to provide a credit card number and some information. Can't do anything without that. And that's where they're going to get you. This is going to lead to maybe small, maybe large, but seemingly anonymous charges on your credit card bill. And if you're not paying close attention to that, you might miss them. So this attack, at its core, is not very complex, but it is remarkably effective, because remember, there are a few different situations that we put ourselves in where we're a little more desperate and a little less careful. than we normally are. For example, dating apps. You're really on there to look for connection. Also when you're applying for a job, you're pretty desperate for a job. And sometimes when you need groceries or when you're hungry and you need DoorDash, you might be a little more susceptible to this type of attack. It's no secret what everyone's looking for on a dating app. It's all pretty similar. And so it might not be that hard to convince. Someone that they're having a genuine romantic connection. So, the FBI has some advice. They advise you not to open any attachments from anybody. And to keep the conversations on the dating platform. As well as reporting any suspicious profiles. Now, an additional tip from the Daily Decrypt, I myself just signed up the other day for a service called privacy. com that is a free service at its core creates new credit card numbers for you to use with different services. So when you sign up for Netflix, this site will create a credit card number for you. You can set a spending limit on it and You can cancel it at any time. So if you're signing up Netflix and thats for 20 dollars a month, you limit that card to $20 a month. Now, if Netflix decides they want to upcharge you, it won't go through. You're good to go. And so in the case of this specific attack, if you were to give them one of these generated credit card numbers and you set the limit for 1, which is what it usually costs to verify your ID, even though you'll get it returned, And say, no recurring charges allowed. the attacker will have this dummy credit card number and won't be able to get anything out of you. I'd highly recommend using this for any subscription. It makes the process of canceling so much easier. And especially with the boom in subscription services, like, everything has a subscription, so Some of them might be less secure than others. And if for some reason that site is breached, they get the credit card numbers. They're only gonna have this dummy credit card. And you've already set limits on it, so Attackers who come into ownership of this credit card number can't make extra purchases besides the subscription charges you've allocated. Google has revealed that in 2023 they prevented 2. 28 million policy violating apps from being published on the Play Store by leveraging new security features, policy updates, and advanced machine learning processes. So that's a lot of apps. Apple Store is known for having pretty stringent requirements for apps, even though in recent news they've had some pretty big slip ups with LastPass. Imitation app that was harvesting all the credentials stored in your LastPass account, all the way down to fake crypto apps that will take your credentials for your crypto and drain your accounts. But this is a big deal because of how easy it is for fraudulent apps to take over your entire life. Like those examples I just mentioned, if you happen to download a fake banking app for Bank of America, it Then the attackers would have your credentials to log into your Bank of America account. And I haven't been on the Google Play Store in a while, but I'm sure you can buy ad space there, and you know how we feel about Google Ads on this podcast. Don't click them. But it is very easy to spend 30 bucks and get any website up to the top of your Google search results. So just stay away from Google ads and any ads you may see on the app store. And you'll seriously reduce the likelihood of clicking a bad link or downloading a bad app. But Google has blocked 333, 000 bad accounts in 2023 from attempting to distribute malware or violating policies on the Play Store. Google has partnered with SDK providers to restrict sensitive data access and sharing, as well as strengthen developer onboarding and review processes, mandating additional identity verification steps to prevent bad actors from exploiting the system to propagate malicious apps. Google's efforts to secure the Android ecosystem include real time scanning at the code level to combat new Android malware threats and the introduction of independent security review badge for VPN apps that have undergone a mobile application security assessment. So I know some of you out there are Apple haters, but I have no intention of ever switching away from Apple. Mostly because, up until this point, they seem to be the provider that cares about app security. Whether or not that's true, I don't know, but that's how it appears. But this step from Google is one in the right direction towards winning over Apple fanboys like myself. So keep up the good work Google, and hey, who knows, maybe I'll switch back. So, recently, a new cyber threat named Muddling Meerkat has been identified conducting sophisticated DNS activities globally since October 2019. And this specific threat is likely linked to China and is capable of manipulating, quote, the Great Firewall. So how does it work? Muddling Meerkat exploits OpenDNS resolvers to send queries from Chinese IP spaces demonstrating a high level of DNS expertise uncommon amongst most threat actors. The threat actor triggers DNS queries for various record types to domains not owned by them under popular top level domains like com and org, using fake DNS MX records to probe the target domain. Infoblox detected over 20 domains targeted by muddling meerkat. Receiving anomalous DNS MX record requests from customer devices, indicating a unique and unprecedented attack method. The purpose behind Muddling Meerkat's prolonged DNS operations remains unclear, but is suggesting potential motives such as internet mapping or undisclosed research efforts. And a quote from Dr. Rene Burton, Vice President of Threat Intelligence for Infoblox, Muddling Meerkat elicits a special kind of fake DNS MX record from the Great Firewall, which has never been seen before. For this to happen, Muddling Meerkat must have a relationship with the Great Firewall operators. And for those of you like me who aren't unfamiliar with the Great Firewall, Just pulling up their Wikipedia page and reading from it, it says it's the combination of legislative actions and technologies enforced by the People's Republic of China to regulate the internet domestically. So it's a critical role in internet censorship in China. And be sure to check the show notes for this episode for the domains that you might see DNS MX records from, and other IOCs of this type of scanning. I'm anticipating there to be more news to come on this topic. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.

Student Loan Forgiveness Scam, Thwarting Russian Sandworm, and Defending Against Cisco-Reported Brute-Force Attacks

The Daily Decrypt - Cyber News and Discussions

Play Episode Listen Later Apr 18, 2024

Today, we discuss the deceptive world of the "Financial Hardship Department Scam," where unsuspecting Americans are tricked into revealing personal data with the false promise of government aid. Explore the intricacies of this scam and how to protect yourself from becoming a victim. This episode also sheds light on the alarming strategies of Russian Sandworm hackers and global brute-force attacks targeting VPN and SSH services, revealing a complex cybersecurity landscape. Original URLs: Financial Hardship Department Scam: https://cyberguy.com/privacy/the-unsubscribe-email-scam-is-targeting-americans/, https://malwaretips.com/blogs/financial-hardship-department-email-scam-explained/ Russian Sandworm Hackers: https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-pose-as-hacktivists-in-water-utility-breaches/ Cisco Warning on Brute-Force Attacks: https://thehackernews.com/2024/04/cisco-warns-of-global-surge-in-brute.html Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for the Episode: Financial Hardship Department Scam, cybersecurity, Russian Sandworm hackers, brute-force attacks, VPN, SSH, email scams, government subsidies scam, cyber threats, cyber protection, Mandiant, Cisco Search Phrases: How to protect against Financial Hardship Department Scam What is the Financial Hardship Department Scam Russian Sandworm hackers in US utilities Cisco alert on brute-force attacks Cybersecurity threats in 2024 Email scams involving government aid Preventing cyber attacks on VPN and SSH How Russian hackers disguise as hacktivists Identifying and preventing email scams Latest cybersecurity reports from Cisco and Mandiant Transcript Apr18 Americans are being targeted by a sophisticated scam from the Financial Hardship Department, which promises government subsidies and stimulus checks as a facade to steal personal information and money. Stick around cause we're gonna give them a call. Russian sandworm hackers, disguised as hacktivist groups, have infiltrated water utilities in the United States and Europe, executing sophisticated cyberattacks that manipulate public narratives in favor of Russia according to recent findings by Mandiant. And finally, Cisco has issued an alert on a sharp rise in global brute force attacks targeting VPN and SSH services, revealing a sophisticated threat landscape that exploits Tor exit nodes and various anonymizing proxies since March 18th of 2024. What steps can organizations take to protect their networks from these global brute force attacks? So in recent news, a concerning scam from the Financial Hardship Department is targeting Americans across the country. This was actually brought to my attention from my mother. She reported something suspicious to her IT department, which is me. She received an email with the subject that was her full name, and inside the email was a very compelling argument. That she was entitled to some sort of student loan forgiveness plan, and the money is available right away. And this specific scam isn't necessarily breaking news, but this type of scam, this category of scam, is very effective and very prevalent. And this is because of a thing called OSINT, or Open Source Intelligence, where people can use information they find online about you in order to get you to do things. So, if someone wrote you an email And they knew exactly how much student debt you had, and they knew your full name, and they knew you ran to school. You might be more enticed to give them a call, respond to the email, or even click a link. If you're interested in seeing this email and walking through all of the key indicators that this is not a legit email, and it is in fact a scam, I'm going to be posting a reel a little bit later today on our Instagram that we'll have the email and we're going to go through each one of the indicators that this is a scam so that you can help protect yourself against this scam. But just a high level, the email came from someone at hotmail. com. Nobody with any clout is going to email you from a personal email address. Step one. All right. Number two, there's a sense of urgency. It says that you have a case open, but for only one more day. So give us a call back at this number. And just for fun, I went ahead and gave this number a call using my google voice number and was ready to record it and talk to them and see what they were gonna try to get out of me and maybe give them some fake information. The email was received yesterday and since then the number has been decommissioned. Calling the scammer. Bummer. There are also some weird formatting issues with this email. And then at the bottom, it says you opted into advertising services, provides an address, and then it provides a URL to unsubscribe. This specific email is formatted so poorly that the URL doesn't even become clickable. But they're trying to get you on two directions here. They're trying to get you to call and give up your information. And they're trying to get you to click this unsubscribe link. Now that kind of gets your wheels turning, doesn't it? Most emails have unsubscribe links, and most of them are from emails you might not even recognize. You just want to get them out of your inbox. Now trust me, I am all for inbox sanitization and organization, but clicking unsubscribe links as a habit is a bad one. Clicking any links in an email is a bad habit. And yes, unsubscribe is URL that could take you wherever you want. And usually, when you're about to click it, you're kind of in a hurry, you're not really checking, you're not thinking about it. So attackers know this, and they're going to send you something you really don't want, and they're going to provide a link to unsubscribe. Probably don't click it. Instead, send it to spam. Send it to junk. Train your inbox to send that somewhere else where you don't have to worry about it. Even if the unsubscribe link isn't malicious, it can serve a different purpose. It can let attackers or scammers know that that email address is active. And might actually ramp up the amount of spam, scam emails, or newsletters you may get because people are interested in buying your email address if they know it's an active email address. So now you've just confirmed it, they might go sell it to some other people. It might actually increase the amount of spam you get. There is a service called unroll. me that can help consolidate and manage email subscriptions efficiently. It allows you to view all your subscriptions in one place and makes it easy to unsubscribe from them. Another thing you can do is use alias emails. So if you're an iPhone user, The iPhone will often prompt you to mask your email address. It's a good idea because you can delete that email address at any time. If you start getting spam from it, you can also use tools like fast mail or start mail, and just generate a new email address that forwards to your normal email address. This will also help protect you and your privacy online because they're not just mapping one email address to your identity. Now they have to map tons and tons to keep track of you. So it'll help reduce trackers on Google. It'll help reduce. The efficacy of certain attacks when your password is breached on the dark web. So for more tips and tricks, and for a further analysis on these scam emails, be Instagram later today. Cybersecurity firm Mandiant has exposed how the notorious Sandworm hacking group linked to Russian military intelligence, has camouflaged its cyberattacks by masquerading as hacktivist groups. The Russian ensemble, known by aliases such as Black Energy, Seashell Blizzard, and Voodoo Bear, has been active since 2009, and their operations are accredited to Unit 74455 of Russian's GRU. Mandian's latest findings suggest that Sandworm operates under several online personas to launch data leaks and disrupt operations. Notably, three hacktivist branded telegram channels named Zaxnet Team, Cyber Army of Russia Reborn, and SolSopec, that's Russian, have been instrumental in disseminating pro Russian narratives and misleading the audience about the origin of the cyberattacks. These personas act independently, yet share a common goal of aligning their activities with Russian interests. So, before we move on, just a quick note on hacktivism. There are a few main motivators for attackers when placing an attack. Money, power, fame. And activism is a pretty popular one. So to help give an idea of what a hacktivist organization would be like, it's maybe a pro Ukraine organization that's working to spread the truth about what's going on in a foreign war, and so they might be trying to actually hack the Russian government to help Ukraine, or something like that. Their motivation is not money, so they're not out there trying to get credentials to their bank accounts and stuff like that. They're trying to work towards their organization's mission, which is to spread the truth about foreign wars in favor of a certain country. So these Russian attackers that are responsible for many attacks on U. S. critical infrastructure, especially water utilities, are gaining footholds by pretending to be a hacktivist group. Maybe they're pro Russia, maybe they're pro Ukraine. They're doing what they can to try to sway public opinion in Russia's favor, which involves all sorts of propaganda that I'm not even aware of. But Mandiant's report extends beyond the facade of hacktivism. They have traced back multiple cyber incidents to Sandworm, including attacks on water utilities in the U. S. and Poland, and hydroelectric facilities in France. The authenticity of these intrusion remains under investigation, but confirmation of related malfunctions by U. S. utility officials lends proof. Furthermore, Sandworm's influence operations are designed to bolster Russian wartime objectives by seeding misinformation and creating an illusion of widespread support for the war. The sophistication of these tactics illustrates a strategic shift from direct sabotage in Ukraine, where they targeted critical infrastructure like state networks and the power grid, to a more nuanced cyber espionage and intrusion. influence operations. Mandiant also highlights APT44's activities over the past year including targeting NATO countries electoral systems and engaging in intelligence collection to aid Russian military efforts. The threat posed by APT44 is severe, with ongoing operations focused on Ukraine and an elevated risk of interference in upcoming national elections and significant political events worldwide. So this election season, especially in the United States, is going to be absolutely crazy. The simplicity of access that these foreign, quote, hacktivists or propaganda pushers have over the United States is huge. It's palpable. They can just create TikToks about something you're interested in, which is Ukraine and the things that are happening in this foreign war, and you share it, and the more it gets shared, the more validity it accumulates in people's eyes. And this rapid consumption of social media has almost completely forgotten about citing sources or doing any sort of further research into what you just saw on a 60 second video clip. So I encourage you personally to, I mean, first of all, don't spend too much time on social media. If you get, if you catch yourself doom scrolling, try to get off and go on a walk. And second of all, think about everything you watch as if it were a lie. How could this video be lying to you right now? How could this video be stretching the truth? You know, are these videos actually shot where they are? Are they in front of a green screen? What sources do these people have? to claim what they're saying. Is what they're saying promoting a specific narrative? Maybe for Russia, maybe for Ukraine. And if so, that increases the likelihood that what they're saying is stretched or slightly untrue. So just as we have to look at every email with a lot of scrutiny, make sure we don't click any bad links, we also have to look at everything we consume because our brains are very vulnerable to what we see. And the internet right now is just pushing what we already believe, further enforcing our misbeliefs. There's been a notable spike in brute force attacks globally, as reported by Cisco. Specifically targeting devices such as VPNs, or virtual private networks, web application authentication interfaces, and SSH services. Cisco Talos experts pinpointed that these attacks have been originating from Tor exit nodes and various anonymizing tunnels and proxies since at least March 18th of 2024. The implication of these attacks are serious, potentially leading to unauthorized network access, account lockouts, or even denial of service conditions. A range of devices have come under siege, including popular VPN solutions like Cisco Secure Firewall VPN, Checkpoint, Fortinet, SonicWall, along with RD web services and brands such as Mikrotik, Draytek, and Ubiquiti. Stomp's foot on Ubiquiti. Cisco Talos has identified that the brute forcing attempts not only utilize generic credentials, but Also valid usernames tied to specific organizations, indicating a methodical approach to this cybersecurity threat. The attack traffic, as analyzed, predominantly flows through known proxy services such as TOR, VPNgate, IPDEA proxy, BigMama proxy, SpaceProxies, NexusProxy, ProxyRack, etc. And details on the IP addresses and the credentials used in these attacks have been compiled and made accessible for the concerned parties to bolster their defenses. So check out the show notes if you want more IOCs of this, so that you can maybe set up some signature detections or behavior detections, etc. In parallel to these brute force incidents, Cisco has raised alarms about password spray attacks, etc. targeting remote access VPN services as well. This trend was highlighted alongside a recent disclosure from Fortinet FortiGuard labs reporting the exploitation of a patched vulnerability in TP Link Archer AX21 routers by DDoS botnet malware facilities. Which brings us back to our SoHo days, right? If you're running one of these routers, make sure it's patched. Make sure your home router is up to date. You don't want to be getting DDoS'd by a botnet. Or you don't want to be part of the botnet that does the de tossing, excuse me. Security researchers, Cara Lin and Vincent Lee from FortiGuard Labs underscore the continuous threat posed by botnets, which exploit IOT vulnerabilities relentlessly. They strongly advise users to remain vigilant against DDoS botnets and to apply patches promptly. Cisco has provided several recommendations to mitigate the risks associated with these type of cyberattacks. These include enabling logging, okay, securing default remote access VPN profiles, and blocking connection attempts from identified malicious sources. Specific guidance involves implementing interface level ACLs using the shun command and configuring control plane ACLs to further fortify network defenses against unauthorized access attempts. Moreover, Cisco suggests considering additional hardening implementations for RAVPN, such as adopting certificate based authentication to enhance the security posture against these ongoing cyber threats. So I will definitely be taking a. Much deeper look at these IOCs for my own personal network, because yeah, this can apply to enterprises and this can apply to tech enthusiasts who set up VPNs to access their own home network. So let's, uh, not to point any fingers at myself, but that's definitely something I want to avoid being compromised. So if you're hearing this, IOCs in the show notes and let's stay ahead of this. And that's all we got for you today. Tomorrow, we're going to be releasing just a discussion episode about the key takeaways from HackspaceCon, which occurred last weekend. The two co hosts from this podcast were lucky enough to be able to attend and boy, were we inspired. So if you're interested in hacking satellites or what kind of vulnerabilities satellites have. Or other things that I never considered from a non space background. Be sure to check that episode out tomorrow.

Largest Solar Plant FAILS!

Energy News Beat Podcast

Play Episode Listen Later Apr 15, 2024 34:10

In this episode of the Energy News Beat Daily Standup, the host, Michael Tanner and Stuart Turley, discuss a variety of energy-related topics. They begin with controversial comments from the Duke of Edinburgh criticizing wind farms, before moving on to discuss rising US gasoline prices, challenges with electric vehicle (EV) repairs due to a mechanic shortage, and a failed large-scale renewable energy project in Morocco. Additionally, they touch on geopolitical tensions, such as an Iranian drone attack on Israel and adjustments in oil production affecting global markets. They also explore domestic US issues including the Biden administration's decision to raise royalties and leasing costs for drilling on federal lands, and the potential consequences of a project in South Texas on local water supplies. Throughout the episode, they intertwine financial insights, market trends, and political critiques, particularly concerning energy policy and environmental impacts.Highlights of the Podcast00:00 - Intro02:06 - Wind farms are useless, says Duke of Edinburgh04:21 - Investors Bet On Further Rise In US Gasoline Prices07:10 - EVs Head for Junkyard as Mechanic Shortage Inflates Repair Costs11:00 - The largest renewable energy project in history fails: only desert is left and we have lost $2 billion14:08 - Water scarcity and clean energy collide in South Texas21:20 - U.S. Drilling Activity Continues to Drop Off22:51 - Oil and gas companies must pay more to drill on federal lands under new Biden administration rule28:47 - ADNOC considered acquiring bp following major purchases by IOCs like ExxonMobil, Chevron32:46 - OutroPlease see the links below or articles that we discuss in the podcast.Wind farms are useless, says Duke of EdinburghApril 14, 2024 Stu TurleyIn a withering assault on the onshore wind turbine industry, the Duke said the farms were “a disgrace”. He also criticised the industry's reliance on subsidies from electricity customers, claimed wind farms would “never work” […]Investors Bet On Further Rise In US Gasoline PricesApril 14, 2024 Stu TurleyBy John Kemp, senior energy analyst at Reuters Portfolio investors have amassed one of the largest bullish positions in U.S. gasoline futures and options since before the coronavirus pandemic, anticipating that prices will continue climbing over […]EVs Head for Junkyard as Mechanic Shortage Inflates Repair CostsApril 14, 2024 Stu TurleyElectric car sales already are in a funk in key markets around the globe. Challenges finding enough repair technicians threatens to further stifle demand in the UK, whereThe largest renewable energy project in history fails: only desert is left and we have lost $2 billionApril 13, 2024 Stu TurleyA renewable energy project that promised to change history seems to have failed. At the moment, there is only desert and an apparent loss of 2 billion dollars. Human beings are going through a period of energy […]Water scarcity and clean energy collide in South TexasApril 13, 2024 Stu TurleyChemical company Avina Clean Hydrogen Inc. has purchased the last available water supply from the Nueces River of South Texas, raising concerns of regional scarcity as reservoirs dwindle and drought persists. Avina's Nueces Green Ammonia plant plans […]U.S. Drilling Activity Continues to Drop OffApril 12, 2024 Stu TurleyThe total number of active drilling rigs for oil and gas in the United States fell again this week, according to new data that Baker Hughes published on Friday, falling by 3. U.S. drillers saw […]Oil and gas companies must pay more to drill on federal lands under new Biden administration ruleApril 12, 2024 Mariel AlumitWASHINGTON (AP) — Oil and gas companies will have to pay more to drill on federal lands and satisfy stronger requirements to clean up old or abandoned wells under a final rule issued Friday by […]ADNOC considered acquiring bp following major purchases by IOCs like ExxonMobil, ChevronApril 11, 2024 Mariel Alumit(WO) – On Thursday, April 11, Reuters reported that Abu Dhabi National Oil Company (ADNOC), the UAE's state-owned oil and gas company, previously pursued acquiring Britan's energy giant, bp. According to “people familiar with the […]Follow Stuart On LinkedIn and TwitterFollow Michael On LinkedIn and TwitterENB Top NewsEnergy DashboardENB PodcastENB Substack– Get in Contact With The Show –

40,000 Home Routers Compromised, Critical Infrastructure Reporting Mandate, Midnight Blizzard Microsoft Breach Recap with Dogespan – CyberSecurity News and Discussions

The Daily Decrypt - Cyber News and Discussions

Play Episode Listen Later Mar 28, 2024

The growth of TheMoon malware and its contribution to the Faceless proxy network, shining a light on the vital role of cybersecurity in safeguarding critical infrastructure. Featuring insights from Lumen Technologies' Black Lotus Labs and CISA's new reporting mandates. [00:02:53] The Moon Malware [00:07:37] Critical Infrastructure Cybersecurity Updates [00:17:08] Personal Cybersecurity Tips & Encouragement Original URLs: https://blog.lumen.com/the-darkside-of-themoon/ https://krebsonsecurity.com/2023/04/giving-a-face-to-the-malware-proxy-service-faceless/ https://www.cybersecuritydive.com/news/cisa-notice-critical-infrastructure/711506/ https://www.cisa.gov/news-events/news/cisa-marks-important-milestone-addressing-cyber-incidents-seeks-input-circia-notice-proposed https://thehackernews.com/2024/03/key-lesson-from-microsofts-password.html Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: cybersecurity, TheMoon malware, Faceless network, Lumen Technologies, CISA, critical infrastructure, cyber incident reporting, Microsoft, Midnight Blizzard, NOBELIUM, password spray hack, IoT security, proxy services, cyber threats, router vulnerabilities Search Phrases: Exploring TheMoon malware and its impact on cybersecurity Understanding Faceless proxy service and cyber anonymity Lumen Technologies' fight against cyber threats CISA's new cyber incident reporting rules for critical infrastructure Microsoft's response to Midnight Blizzard cyber attacks NOBELIUM's tactics in cyber espionage How to protect routers from cyber attacks The significance of cybersecurity in safeguarding critical infrastructure Cybersecurity best practices for IoT devices Strategies to counter password spray hacks Importance of secure accounts in preventing cyber attacks Analyzing the growth of proxy networks in cybercrime The role of critical infrastructure in national cybersecurity Updates and insights from CISA on cyber incident management Microsoft's investigation into state-sponsored cyber threats Transcript: Transition (Short) Low Energy [00:00:00] Welcome & Introduction offsetkeyz: Welcome back to the Daily Decrypt. Fly me to the moon. [00:00:08] The Rise of The Moon Malware offsetkeyz: The Moon malware is now covertly amassing over 7, 000 SOHO routers and IoT devices each week into the faceless proxy network, as unveiled by Black Lotus Labs at Lumen Technologies, signaling a worrying escalation in cybercriminal capabilities. What steps can be taken to prevent devices from falling prey to the moon malware and contributing to the expansion of the faceless proxy network? Critical infrastructure entities such as power and water are now mandated to swiftly report cyber incidents and ransom payments following new rules proposed by the cybersecurity and infrastructure security agency known as CISA. Marking a crucial advancement in bolstering the nation's cybersecurity defenses. And finally, we've got the expert dogespan back to discuss some lessons learned from the recent midnight Blizzard Microsoft breach. So stick around for that juicy goodness. So recently we reported on Soho routers, which is small home. What is small, dogespan: small, office, home office. offsetkeyz: small home office office, small. Is it small office, home office? dogespan: Yeah. South of Houston street, offsetkeyz: So yeah, recently there's been some news on Soho routers being vulnerable to these malwares. pulling them into proxy networks. And so this isn't necessarily breaking news, but there has been some recent research coming out that shows some pretty staggering numbers. So the latest findings by Lumen Technologies Black Lotus Labs spotlight a startling expansion of the faceless proxy network, with the moon malware enrolling over 7, 000 new users. per week into its ranks. That's a lot of routers. dogespan: ISP routers right there? offsetkeyz: I would hope not, but your ISP has no incentive whatsoever to replace that router and you're paying a rental fee. So dogespan: Yep. offsetkeyz: There's a little bit more information linked in the show notes below, but. An aggressive campaign in early March of 2024 saw over 6, 000 ASUS routers compromised in less than 72 hours. So at this rate, they're well over 40, 000 last we checked in February, plus 7, 000 each week. The Moon malware continues to refine its infection methods, targeting devices with accessible shell environments before implementing a series of IP table modifications. This prepares the compromised device to serve as a proxy facilitating anonymous internet usage for malicious actors through the faceless service. [00:02:53] The Moon Malware offsetkeyz: First of all, we can talk about what a proxy network is. It's essentially just. It's essentially just tens of thousands of devices that cybercriminals are able to route their traffic through. So that's bad news for you, whether you're trying to avoid people snooping on you, or you're trying to protect your privacy, or you're trying to not be an accomplice in cybercrime. In the article linked in the show notes below, you'll be able to see some indicators of compromise, but the biggest thing is that's the gateway to the internet for you. So everything going in and everything coming out of your house. is now accessible to these attackers. They're probably not interested in that. They're interested in just having the power to route their criminal activity through 40, 000 routers. But when you hand criminals a bunch of free data, they're probably going to get around to using it. So what can you do to prevent your router from being part of this proxy network? Make sure it's up to date. And that's kind of tricky for most users. You're going to actually have to go into the router, which is a bit of a process. You also really want to make sure the username and passwords to your router are changed because they're probably accessible via the internet. Like I could go Google your router model number and find out what the username and password is, enter it in, and B boom. dogespan: There's a number of them, just out on the internet, you can throw creds at them at any point in time. offsetkeyz: Yeah. Once you start getting into cybersecurity, you'll quickly come across the sites that just index all vulnerable routers, what, what's the site that I'm thinking of? Do you remember? Doja Span. dogespan: Shodan. Shodan. offsetkeyz: If you just go on there, you can, first of all, you can check your IP and see what the deal is. But yeah there, there's a lot of 'em. So this proxy network is growing quickly. Probably thanks to Shodan, but mostly because there's a lot of vulnerable routers out there, even if they're not end of life People just don't change their password. They don't know. So tell your mom, tell your friends, tell your grandpa, change your router password it's a big deal. Honestly. dogespan: Yeah, it's interesting, we like, of course there is the proxy implication, so the attacker is like you said, most likely just using it to hide and cover their tracks, and one of the things that could come out of that, I think you did mention it, that you could be legally implicated. for certain types of activity. And while you're not the person doing it, if you are like the exit node or close enough in the chain for beginning or end, you might get picked up. So Definitely see if this is something that is affecting you, a lot of this malware, you can just reboot the router, like give it an unplug for 10 seconds, 30 seconds, and plug it back in, a lot of the malware will will die off, but then of course, make sure it's updated. One thing you can do is request that your ISP updates your router. So if you have been paying that monthly lease, if it's been two years, call them and tell them that you want a new one. offsetkeyz: Yeah, I'm sure it's even built into your contract that you're entitled to a new router after X amount of months, and it probably isn't more than 18. dogespan: Mm hmm. offsetkeyz: know they're not updating it, they're not forcing updates, and they know you're not updating it. so they probably legally have to offer you a new one. So all you have to do is call, and you might be on hold for a while, but just, yeah, get a new router if you've inherited an ISP router and you feel really proud of yourself because you're not paying the 7 a month anymore, and you've had the same router for five years. this right here serves as your official notice to not do that. Go get a new one. So yeah, to wrap this up, the article linked in the show notes recommends a couple things. They recommend first of all blocking botnet traffic based on certain indicators of compromise. So if you're a network defender, see that article for those IOCs. But consumers with SOHO routers should follow best practices of regularly rebooting routers, as dogespan said, and installing security updates and patches. And they provide a full link on how to do that. offsetkeyz: by the Canadian Center for Cybersecurity. So thanks, Canadia. And, for organizations that manage SOHO routers, make sure the devices do not rely upon common default passwords. They should also ensure the management interfaces are properly secured and not accessible via the internet. And again, another article explaining exactly how to do that. So, do those things, call your ISP, and you should be good to go. transition: DOG. DOG. DOG. DOG. [00:07:37] Critical Infrastructure Cybersecurity Updates offsetkeyz: So one of the common themes, if you've been listening for a while, is critical infrastructure. The White House has been releasing guidance to critical infrastructure IT departments. There's been a real emphasis on securing critical infrastructure. Turns out that's because it's constantly under attack and it's our Achilles heel. If attackers can get our critical infrastructure, they can probably shut down our internet, and then we have no way of protecting ourselves. They can shut down our power, we have no security cameras, you know, We have no food, can't nourish our bodies, to go to cyber war. the most recent step in this effort is the Cybersecurity and Infrastructure Security Agency, known as CISA, introduced a proposed rule mandating that critical infrastructure entities report significant cyber incidents within 72 hours and ransom payments within 24 hours. So this is pretty huge because we don't really have the data. We don't know how these critical infrastructures are getting attacked, if they're paying, if they're not paying. We're all kind of guessing. So It's gonna suck a little. Another checklist item while you're under attack. but it's going to help overall critical infrastructure stay secure. dogespan: Yeah, Critical Infrastructure definitely needs to be reporting that up as soon as possible. It's such a big deal. And I do like that they're imposing that on Critical Infrastructure. It's a really good step in the right direction. 72 hours? offsetkeyz: Yeah, that's a little generous and yeah, there's a lot of conflicting feelings about this, especially if. you're under ransomware attack, attackers are telling you not to report it, attackers are saying they're going to shred your data, they're going to destroy it if you report it up, and when you're under attack, you're afraid, and you might have the money, and you might just pay them, and you might forget to report, and that might cause fines or whatever, so that's just one of the cons to this, but we really need this data, It's going to help keep critical infrastructure more secure. It looks like this rule is expected to affect over 316, 000 entities with an estimated cost of 2. 6 billion. There is some debate as to what qualifies as critical infrastructure, and I'm surprised that this guidance came out with gray area at all. It should be pretty exhaustive, but it According to the article linked in the show notes, which we always encourage you to read for yourself, don't just listen to what we're saying as truth go read it for yourself. The U. S. recognizes 16 critical infrastructure sectors, but debates continue about the scope of entities required to comply. For example, UnitedHealthcare group. qualifies under the current definitions, but the status of change healthcare, which was recently breached, is kind of gray. It's uncertain, which doesn't make sense to me, if there's uncertainty, people aren't going to report and then they're going to claim they didn't know. So let's figure that out. dogespan: Yeah, definitely like to see them move in the direction of just, when in doubt, report. Because if you're getting CISA involved, they're going to lend that expert help. If you're not equipped to do the investigation, you're better off just letting them know and cooperating with them. Even with ransomware and you going and paying it, you're hoping that they live up to their word? And that's a criminal. offsetkeyz: Yeah, exactly. It's a lesson in all facets of life. from big enterprises down to personal as well. If you need help, ask for it. If you did something wrong, tell the people it impacts. Any smart person receiving this information is going to try to help as hard as they can, and they're not going to hold it against you. Simply telling the truth always wins, so do it, dogespan: That's exactly what I tell my kids. offsetkeyz: and they need to hear it, and so do many others. dogespan: Alright, so the last one. Midnight Blizzard, also known as Nobellium, a Russian state sponsored actor, got into Microsoft and they did so through the use of password sprays. So password spray being they just go down the line hitting as many passwords as they can on any account and hoping for the best. Well, this was against Microsoft and it ended up being successful. Nobelium got access to a dev account and This account ended up having elevated privileges. Throughout the stages of this attack, they ended up going up higher and higher and higher through privilege escalation. . This one was a privileged account, but it was in a development environment. They ended up getting access to an account and started sending off phishing emails across the board to their executives. Well, they ended up getting a couple of hits and there was no MFA. on those higher up accounts. That's probably the most shocking aspect of that. We know that. This was all previous information. So, what's happening now? Microsoft has gotten them out and they have been doing all their recursive investigations. So the evidence of this is that they got access to, well, source code and internal systems. Luckily, no customer facing systems were compromised. They did have access to source code, but nothing customer related, so we are still in the clear. However, go change your passwords. Now, being that they've had access to this stuff, they've been able to start probing at systems a little bit more in depth, and these Well, Microsoft has noticed since this that password sprays have increased by a tenfold. offsetkeyz: What? Against Microsoft, or in general? dogespan: Probably Microsoft systems since they have access to that kind of data, but they, it does say here that they are increasing their security investments. Good, good, good. cross enterprise coordination and enhanced defense capabilities against this persistent threat. So that sounds like they are working with customers to make sure that everybody's safe and sound. Good on them. Overall, I think they've done a good job with this response. In recent weeks, they have seen that Midnight Blizzard is using the information that they originally exfiltrated to attempt to gain more unauthorized access. This comes from two different sources. One was directly from Microsoft's blog and then the other was a summary from the Hacker News. I'd like how the Hacker News, they've gone and broken little bits of it and kind of translated it more targeted at a smaller organization and not so much, you know, how Microsoft got hit by this stuff. And one of the things that they mentioned is the importance of protecting all accounts. this ended up being an attack against a privileged developer account or an developer environment. And a lot of times what happens in larger organizations is you kind of create accounts, you create stuff, and it serves its purpose, and you never delete it. So it's super important to make sure that you're either, have good security on it in the first place, or you delete it as soon as you're done with it. Now, how does that translate to the regular user? You mentioned this yesterday's podcast. when you're downloading an app for a single purpose, do you typically leave it on your system or do you delete it afterwards? One of the things that I try to think about is, ordering food. a lot of them, you cannot order food through a web browser, unless you're actually like physically on a computer. it's going to be so persistent to try to get you to go to that app. A lot of times it won't even let you like McDonald's is one of those good ones. You are automatically rerouted to that app. Every single time I download that app, order my food, pick up my food, and then I delete that app. And it's not so much. That it's McDonald's, but you just don't know what else is involved in that. And McDonald's is all about food, not data security. offsetkeyz: No, I mean, they are a fortune five company, probably. so hopefully they have a good security system, but yeah, you'd be surprised at the permissions the McDonald's app asks for. And Hawkrow Farmer and I were discussing this a week or two ago. when you're hungry, there is a serious sense of urgency. And attackers know. Under what circumstances there's a sense of urgency. So if you're on DoorDash and you're having a hard time getting the food, you might pivot over to some other delivery service by Googling it, clicking on an ad, and then downloading the app from that ad. Because you're really hungry and you're just trying to get your food. So now you've downloaded the wrong app, you create an account, username, same password you use on your bank, same email you use on your bank, they now have that, they go to your bank, they get you, whatever. Now you're in a proxy network because you left that app. There's so many bad things that happen, but, but the one thing about, that's a good example, doges, is urgency. And when you're hungry, things feel very urgent. dogespan: Very, very urgent. If an attacker has access to a password and it's associated with an email, they're going to try it anywhere and everywhere. And one of the key areas that they're going to try it is your email provider, because that is clear evidence that you have an account there. So that's the main takeaway with it from this, even on a large enterprise scale, is all accounts need to be protected. [00:17:08] Personal Cybersecurity Tips & Encouragement dogespan: If you can't protect those accounts Use them for what you need to and remove it. Whether that's just getting an app on your phone or creating an account just for the purpose of ordering some food. Delete it afterwards. offsetkeyz: Yeah, we'd like to just harp on not reusing passwords. Um, if someone can get into your email, they can reset any password on any account that you have, because, I mean, what's the first step? I think I talked about it in yesterday's episode. When you click the reset password button, what does it do? It sends you an email to click on a link to go reset your password. And that's all it is. So if, if the attacker has access to your email address, they can reset any password, including your bank, including your Instagram. You know, the more I talk to people about password reuse and password managers and multifactor authentication, the more I met with fear and shame. Shame is really the key one, and the shame doesn't quite outweigh the fear. like it never is enough to get them going, but it is a negative feeling associated with passwords. And what I mean by that is people are just always ashamed that they haven't done this, or they haven't done that, whatever. They reuse their password. They're really ashamed. Well, this can serve as a good example for you that even executives at Microsoft haven't enabled multi factor authentication. You're doing okay. Just try to chip away at it. one piece at a time, try to enable multi factor authentication. Don't surrender to the shame. dogespan: It doesn't have to be something that you, you know, you decide Today when you wake up. That. I'm going to go enable MFA on all of my accounts. How I handle that is when I log in and I don't get prompted to authenticate myself, I think, is there a way to get MFA? Put a little sticky note somewhere that says, go check your security settings on this website when you're done with what you're doing. So you don't have to break focus, just real quick, security settings. Go back to it after you've checked your balance or whatever it is you went to. And then the next time you log into something else and you don't get prompted for MFA, offsetkeyz: it's a slow process. and that's okay. It's okay to be a slow process. Really focus on the important things to start and the more you get going, the easier it gets. But right now, if you haven't started, it seems like it's going to be really painful, but think about it. What happens when you accomplish really painful, really hard tasks? You get a flood of dopamine. Look forward to that dopamine hit when you actually enable MFA and change your password and download that pass password manager It sounds impossible right now. It will feel so good I still get that dopamine hit every time I make a little chip away at my security dogespan: Leave a comment. Let us know that you did it and we will praise you. offsetkeyz: We will we will I'll make a freaking whole podcast episode about you Dude, I was talking to my parents this week. Shout out to my parents my dad Unprompted made his first passkey for Amazon. dogespan: Oh, offsetkeyz: Yeah. and my dad is an electrical engineer and he actually informed me that he has some patents in encryption algorithms. And so I said, dad, I don't know how passkeys work. I spent two hours banging my head against the desk trying to figure it out. So if you figure it out, I'm bringing you on the podcast. You get to explain it to my listeners. So, really excited. You guys get to meet my dad, but he was so excited when he enabled his passkey and you too can share that joy. So yeah, to bring it back to the Microsoft thing, and I don't want to make this an ethics podcast per se, but it is always So it ignites fire within both me and DogeSpan, uh, just personal security and how easy it actually is, not to shame you by any means, but you can take certain easy steps to drastically improve your security. But Microsoft here is doing exactly what we were preaching in the previous segment, which is reporting things. They're doing a great job. They're saying they messed up and, hey, we're kind of on board. We're like, wow, great. Thank you so much. It's when. It's when companies try to hide it, like LastPass, for example. Um, I was a diehard LastPass user and hey, LastPass is better than nothing, even still, but it was really the fact that they hid their breach and tried to downplay their breach that ultimately got me to switch off of LastPass. I think their service now is great. It's fine. I would trust it a lot. So if you have LastPass, great. But it's ultimately. the way that LastPass makes you feel. Like, no more warm fuzzies. More like cold sharpies. You know, it's just stabbing me when I think about LastPass. So, good on Microsoft for just reporting and continuing to uncover new things, and we can all learn something from them. I dogespan: close to a month now, about how consumers are actually taking that into consideration more and more. Where I was under the impression that it was just us tech nerds that were looking at it and going, ew, you got a, you got a breach and you didn't handle it poorly, but more consumers are looking at that and everybody is going to get hacked. If you haven't been hacked yet, you just don't know it. It has happened. Own up to it, it's fine. Handle it well. Go the appropriate steps. offsetkeyz: mean, this story is evidence of that more than anything, that Microsoft just got hacked. I mean, they, they made the, they made the first computer. They made the internet. So yeah, no shame, especially nowadays when the weekly breaches are, it's a very long list of breaches out there. I like this article from the Hacker News. Another great thing is it has a section titled defend against password spray attacks. and it has four actionable steps. I'm surprised multi factor authentication isn't the first one. Should be the first one. but if you're in an organization and you have access to the Active Directory domain controller or admin rights there, you can run password audits. Have any of the passwords for any account on your Active Directory shown up on the dark web? there's search engines that just list passwords on the dark web. There's search engines that list email addresses, which is probably more applicable for the day to day user, but you can just, yeah, search. I think it's even Have I Been Pwned. Like they have a password search feature and Have I Been Pwned has an API, so you can set up using an API and automate it. but that's something I haven't considered. is just audits. That could have saved it if they're unwilling to enable multi factor authentication. Multi factor authentication, we talk about it like it's a, like a silver bullet, but it is susceptible to attacks too, especially MFA bombing or MFA fatigue. The weakest link in anything, in anything security is the human element. So even if you have enabled MFA, You can still do these password audits. You can only secure yourself more. So yeah, that's, those are just some of the action items you can take either as an individual or as a corporation. And yeah, the point of bringing this up was just to kind of recap on this big attack and have a discussion. So, got anything else for us dogespan? dogespan: No. Get a password manager. offsetkeyz: And as always, get a password manager. I'm gonna, it's like a drinking game around my house. How many times do I say password manager in a night? And I'm heading to a bar after this where you better believe I will be talking about password managers. [00:24:57] Closing Thoughts & Thanks offsetkeyz: But that's all we got for you today. Thanks so much to Dogespan for coming back. We've missed you. Our editing software has missed you and we hope you'll be more of a frequent guest. Oh, he's back, baby. And I hope your work or organization place where you work lets you have Friday off like mine does. Uh, so TBD, if we'll have an episode tomorrow, probably because I'm an addict, but if we don't have a great weekend, we'll talk to you later.

Harnessing the Power of Community in Cybersecurity with Darren Spruell

The BlueHat Podcast

Play Episode Listen Later Jan 24, 2024 42:20

Leading Threat Intelligence at InQuest, Darren Spruell joins Wendy Zenone and Nic Fillingham on this week's episode of The BlueHat Podcast. Darren explains InQuest's focus on Deep File Inspection® technology to identify malicious traits in files and talks about their role in serving public and private sector companies. Darren shares his cybersecurity journey, passion for combating malware and criminal activities, and his presentation at BlueHat. Wendy, Nic, and Darren highlight the evolution of threat information sharing over the years and the value of intelligence advantage over adversaries. The conversation delves into the significance of threat indicators such as IP addresses, file hashes, domain names, and much more! In This Episode You Will Learn: The challenges of exchanging threat intelligence and person-to-person sharing Balancing technical expertise and leadership responsibilities The importance of evolving manual threat intelligence sharing practices Some Questions We Ask: How can practitioners enhance the effectiveness of threat intelligence? What types of security roles are sharing IOCs back and forth? Why is community engagement in the cybersecurity industry so necessary? Resources: View Darren Spruell on LinkedIn View Wendy Zenone on LinkedIn View Nic Fillingham on LinkedIn Related Microsoft Podcasts: Microsoft Threat Intelligence Podcast Afternoon Cyber Tea with Ann Johnson Uncovering Hidden Risks Discover and follow other Microsoft podcasts at microsoft.com/podcasts Hosted on Acast. See acast.com/privacy for more information.

community microsoft balancing acast cybersecurity ip harnessing nic inquest iocs bluehat some questions we ask how

SQUAWK BOX, TUESDAY 3RD OCTOBER, 2023

Squawk Box Europe Express

Play Episode Listen Later Oct 3, 2023 22:59

Asia equities are at a 10-month low as the new quarter begins while in the U.S. the Russell 2K turns negative for the year. Crude prices also remain negative, touching on a 3-week low. We are live at ADIPEC in Abu Dhabi where the CEOs of some of the world's largest IOCs talk to us about the difficulty of maintaining price security while also keeping the pace of the energy transition. Trading in Chinese property developer Evergrande resumes following a two-day hiatus as police launch an official investigation into the firm's billionaire founder. In autos news, Tesla fails to hit its delivery target – its first decline in more than a year – as high rates and factory upgrades weigh in the third quarter. And German sandal-maker Birkenstock is due to list in New York next week with an IPO valued at more than $9bn.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

S4 - Episode 9 - Interview with Myles Caggins, Spokesperson for the APIKUR

Kurdistan in America

Play Episode Listen Later Sep 25, 2023 30:11

Welcome to another engaging episode of the Kurdistan in America podcast: our ninth episode of Season Four. We're honored to host a seasoned guest, Myles B. Caggins III.Myles, a retired U.S. Army colonel, has transitioned into a crucial role as the spokesperson for The Association of the Petroleum Industry of Kurdistan, known as APIKUR. His shift from a military realm to a pivotal voice in Kurdistan's oil sector is truly remarkable.In this episode, we discuss the impactful halt in Kurdistan's oil exports via the Iraq-Turkey Pipeline, following the International Chamber of Commerce ruling earlier this year. Myles explains its adverse impacts on both the Kurdistan Region's economy and the international oil firms operating in Kurdistan, while also shedding light on the broader geopolitical repercussions.We delve further into discussing the essential steps required to mitigate these challenges, emphasizing Washington's potential role in fostering a conducive environment towards resolution.Representing APIKUR, Myles extends a message of strategic resilience to the people of Kurdistan, illuminating hope during such economic challenges.Join us, as Myles shares practical steps to help Kurdistan's oil sector find stability in a challenging global setting.

america washington washington dc army economy commerce baghdad spokesperson kurdish oil and gas kurds kurdistan erbil international chamber iocs krg

221: The Biggest Innovator in SFTP in 30 Years? Amazon Web Services!

The Cloud Pod

Play Episode Listen Later Aug 7, 2023 53:37

Welcome episode 221 of The Cloud Pod podcast - where the forecast is always cloudy! This week your hosts, Justin, Jonathan, Ryan, and Matthew look at some of the announcements from AWS Summit, as well as try to predict the future - probably incorrectly - about what's in store at Next 2023. Plus, we talk more about the storm attack, SFTP connectors (and no, that isn't how you get to the Moscone Center for Next) Llama 2, Google Cloud Deploy and more! Titles we almost went with this week: Now You Too Can Get Ignored by Google Support via Mobile App The Tech Sector Apparently Believes Multi-Cloud is Great… We Hate You All. The cloud pod now wants all your HIPAA Data The Meta Llama is Spreading Everywhere The Cloud Pod Recursively Deploys Deploy A big thanks to this week's sponsor: Foghorn Consulting, provides top-notch cloud and DevOps engineers to the world's most innovative companies. Initiatives stalled because you have trouble hiring? Foghorn can be burning down your DevOps and Cloud backlogs as soon as next week.

google ai news microsoft manage cloud outlook saas exchange shared files arm jenkins innovators titles parallel macro aws initiatives llama apis devops azure amazon web services indicators wiz google cloud csp onedrive sharepoint bloke new relic on call pytorch amazon s3 ec2 oracle cloud foghorn apache spark google cloud next csps iocs sftp moscone center openid intel amd sagemaker aws summit cloud next amazon redshift google support aws glue oracle java oracle linux aws regions cloud pod foghorn consulting

2456: CyberArk - Unearthing the Hidden Dangers in Communication Platforms

The Tech Blog Writer Podcast

Play Episode Listen Later Jul 27, 2023 21:54

In this intriguing episode, I welcome David El, Malware Researcher at CyberArk, to discuss the underbelly of popular communication platforms like Discord. While the recent Pentagon document leaks via Discord have alerted us to the platform's potential misuse, new research from CyberArk Labs has shed light on the magnitude of these threats. David delves into the specifics of the newly discovered malware, its operations, the implications it poses, and the indicators of compromise (IOCs) organizations should watch out for. He takes us behind the scenes, narrating how they unearthed a burgeoning cybercrime group while infiltrating their Discord server. As more large enterprises adopt Discord for their strategic communications, this malware heightens the risk of opening up networks to command and control attacks. David enlightens us on this increasing threat and the advanced preventative measures required to guard against it. Throughout the episode, we also discuss the attractiveness of Discord and similar platforms for cybercriminals, owing to their casual nature and vulnerability to impersonation and social engineering attacks. As we foresee the complexity and capabilities of malware to advance in line with Discord's growth, David equips us with knowledge on how we can stay one step ahead. Join us on this enlightening journey through the maze of cybersecurity, where we unmask the dark side of popular chat platforms and discuss how to defend against their misuse.

discord pentagon platforms unearthing hidden dangers cyberark david el iocs

CISA Alert AA23-158A – #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.

CISA Cybersecurity Alerts

Play Episode Listen Later Jun 9, 2023 2:41

FBI and CISA are releasing this joint CSA to disseminate known CL0P ransomware IOCs and TTPs identified through FBI investigations as recently as June 2023. AA23-158A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft | Mandiant MOVEit Transfer Critical Vulnerability (May 2023) - Progress Community MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response (huntress.com) No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

fbi vulnerability gang resource ransomware csa exploits cisa rapid response move it dib ttps iocs

CISA Alert AA23-158A – #StopRansomware: CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability.

Play Episode Listen Later Jun 9, 2023 2:41

FBI and CISA are releasing this joint CSA to disseminate known CL0P ransomware IOCs and TTPs identified through FBI investigations as recently as June 2023. AA23-158A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. Zero-Day Vulnerability in MOVEit Transfer Exploited for Data Theft | Mandiant MOVEit Transfer Critical Vulnerability (May 2023) - Progress Community MOVEit Transfer Critical Vulnerability CVE-2023-34362 Rapid Response (huntress.com) No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

fbi vulnerability gang resource ransomware csa exploits cisa rapid response move it dib ttps iocs

The Transatlantic Cable Podcast #300

Transatlantic Cable Podcast

Play Episode Listen Later May 24, 2023 53:13

Episode 300 kicks off with a bang, with discussion around Meta's record breaking fine for sending EU citizens' data to the United States. From there discussion moves to A.I and fake ChatGPT apps on mobile stores. The team also discuss news around Neeva's closure, the search engine that asked for a donation instead of selling your search-history – is there really no room for innovation in the search market? It seems not, sadly. To wrap up the team sat down with Victor Sergeev, incident response team lead in SOC at Kaspersky to talk about his recent work with IOCs and ChatGPT. If you liked what you heard, please consider subscribing! · Meta fined $1.3 billion & ordered to stop sending European user data to US · Generative AI that can change anyone's race is probably not a great idea · ChatGPT Scams Are Infiltrating the App Store and Google Play · Neeva: Ad-free search engine shuts down · IoC detection experiments with ChatGPT

united states ai european european union chatgpt privacy app store cable fines ioc soc transatlantic kaspersky neeva iocs

CISA Alert AA23-136A – #StopRansomware: BianLian Ransomware Group. [CISA Cybersecurity Alerts]

CISA Cybersecurity Alerts

Play Episode Listen Later May 18, 2023 2:52

FBI, CISA, and the Australian Cyber Security Centre are releasing this joint Cybersecurity Advisory to disseminate known BianLian ransomware and data extortion group IOCs and TTPs identified through FBI and ACSC investigations as of March 2023. AA23-136A Alert, Technical Details, and Mitigations AA23-136A.STIX_.xml Stopransomware.gov, a whole-of-government approach with one central location for U.S. ransomware resources and alerts. cyber.gov.au for the Australian Government's central location to report cyber incidents, including ransomware, and to see advice and alerts. The site also provides ransomware advisories for businesses and organizations to help mitigate cyber threats. CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide for guidance on mitigating and responding to a ransomware attack No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

fbi businesses cybersecurity mid ransomware alerts msp australian government cisa msps stix dib ttps iocs acsc

CISA Alert AA23-136A – #StopRansomware: BianLian Ransomware Group.

Play Episode Listen Later May 18, 2023 2:52

FBI, CISA, and the Australian Cyber Security Centre are releasing this joint Cybersecurity Advisory to disseminate known BianLian ransomware and data extortion group IOCs and TTPs identified through FBI and ACSC investigations as of March 2023. AA23-136A Alert, Technical Details, and Mitigations AA23-136A.STIX_.xml Stopransomware.gov, a whole-of-government approach with one central location for U.S. ransomware resources and alerts. cyber.gov.au for the Australian Government's central location to report cyber incidents, including ransomware, and to see advice and alerts. The site also provides ransomware advisories for businesses and organizations to help mitigate cyber threats. CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide for guidance on mitigating and responding to a ransomware attack No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

fbi businesses mid ransomware msp australian government cisa msps stix dib ttps iocs acsc

The Institute for Orthodox Christian Studies

Ancient Faith Presents...

Play Episode Listen Later Apr 4, 2023

In this episode Bobby Maddex interviews Fr.Dragos ; principal of the Institute for Orthodox Christian studies that has existed in Cambridge in the United Kingdom for 25 years. IOCS is a pan-Orthodox place of education, of outreach with a mission to provide Orthodox postgraduate studies. If you would like to donate please visit iocs.com.ac.uk.

united kingdom institute cambridge orthodox orthodox christians dragos iocs bobby maddex orthodox christian studies

The Institute for Orthodox Christian Studies

Ancient Faith Presents...

Play Episode Listen Later Apr 4, 2023 31:43

In this episode, Bobby Maddex interviews Fr. Dragos, principal of the Institute for Orthodox Christian Studies (IOCS) in Cambridge. IOCS is a pan-Orthodox place of education and outreach, with a mission to provide Orthodox postgraduate studies. If you would like to donate, please visit iocs.com.ac.uk.

interview talk religion institute spirituality cambridge orthodox orthodox christians dragos iocs bobby maddex orthodox christian studies

CISA Alert AA23-075A – #StopRansomware: LockBit 3.0.

The MUFG Global Markets Podcast

Play Episode Listen Later Mar 18, 2023 2:39

CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint advisory to share known LockBit 3.0 ransomware IOCs and TTPs identified through FBI investigations as recently as March 2023. AA23-075A Alert, Technical Details, and Mitigations Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

fbi businesses resource mid msp cisa msps lockbit dib ttps iocs analysis center

National oil companies journey to net-zero – Performing and transforming: The MUFG Global Markets Podcast

Play Episode Listen Later Mar 17, 2023 7:51

Much of the airtime in the energy industry to lower emissions has been centred on international oil companies (IOCs). Yet, national oil companies (NOCs) account for the largest proportion of absolute upstream emissions. Successful energy transition will depend in large part on NOCs, who possess unparalleled access to competitive natural resources and capital, compared to the more constrained IOCs. Ehsan Khoman, Head of Commodities, ESG and Emerging Markets Research (EMEA), discusses MUFG's latest ESG report, entitled, “National oil companies journey to net zero – performing and transforming”, that was published earlier this week (see here for the full report). Disclaimer: www.mufgresearch.com (PDF)

head national transforming esg performing commodities net zero global markets oil companies mufg iocs nocs markets podcast

CISA Alert AA23-074A – Threat actors exploit progress telerik vulnerability in U.S. government IIS server. [CISA Cybersecurity Alerts]

Play Episode Listen Later Mar 16, 2023 2:48

CISA, FBI, and the Multi-State Information Sharing and Analysis Center are releasing this joint Cybersecurity Advisory to provide IT infrastructure defenders with TTPs, IOCs, and methods to detect and protect against recent exploitation against Microsoft Internet Information Services web servers. AA23-074A Alert, Technical Details, and Mitigations AA23-074A STIX XML MAR-10413062-1.v1 Telerik Vulnerability in U.S. Government IIS Server Telerik: Exploiting .NET JavaScriptSerializer Deserialization (CVE-2019-18935) ACSC Advisory 2020-004 Bishop Fox CVE-2019-18935: Remote Code Execution via Insecure Deserialization in Telerik UI Volexity Threat Research: XE Group GitHub: Proof-of-Concept Exploit for CVE-2019-18935 Microsoft: Configure Logging in IIS GitHub: CVE-2019-18935 No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

government progress fbi businesses threats vulnerability cybersecurity actors mid server exploit alerts msp cisa cve msps dib ttps iocs analysis center remote code execution telerik insecure deserialization

CISA Alert AA23-061A – #StopRansomware: Royal ransomware.

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Mar 3, 2023 2:52

CISA and FBI are releasing this joint advisory to disseminate known Royal ransomware IOCs and TTPs identified through recent FBI threat response activities. AA23-061A Alert, Technical Details, and Mitigations AA23-061A STIX XML Royal Rumble: Analysis of Royal Ransomware (cybereason.com) DEV-0569 finds new ways to deliver Royal ransomware, various payloads - Microsoft Security Blog 2023-01: ACSC Ransomware Profile - Royal | Cyber.gov.au See Stopransomware.gov, a whole-of-government approach, for ransomware resources and alerts. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

fbi businesses mid ransomware dev msp cisa msps dib ttps iocs

ISC StormCast for Wednesday, February 22nd, 2023

Play Episode Listen Later Feb 22, 2023 4:56

Phishing Page Branded with Your Corporate Website https://isc.sans.edu/diary/Phishing%20Page%20Branded%20with%20Your%20Corporate%20Website/29570 Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/ Apache Commons FileUpload Vulnerability https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy VMWare Windows Server 2022 Fix https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues

business internet news network security deep dive computers cybersecurity cyber hacking fix infosec iocs vmware vsphere isc stormcast

ISC StormCast for Wednesday, February 22nd, 2023

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Feb 22, 2023 4:56

Phishing Page Branded with Your Corporate Website https://isc.sans.edu/diary/Phishing%20Page%20Branded%20with%20Your%20Corporate%20Website/29570 Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/ Apache Commons FileUpload Vulnerability https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy VMWare Windows Server 2022 Fix https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues

business internet news network security deep dive computers cybersecurity cyber hacking fix infosec iocs vmware vsphere isc stormcast

CISA Alert AA23-025A – Protecting against malicious use of remote monitoring and management software

Digital Forensic Survival Podcast

Play Episode Listen Later Jan 26, 2023 2:41

CISA, NSA, and the MS-ISAC are releasing this alert to warn network defenders about malicious use of legitimate remote monitoring and management software. AA23-025A Alert, Technical Details, and Mitigations For a downloadable copy of IOCs, see AA23-025.stix Silent Push uncovers a large trojan operation featuring Amazon, Microsoft, Geek Squad, McAfee, Norton, and Paypal domains No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. See CISA Insights Mitigations and Hardening Guidance for MSPs and Small- and Mid-sized Businesses for guidance on hardening MSP and customer infrastructure. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

amazon management microsoft fbi businesses software protecting mid nsa norton mcafee msp malicious cisa msps geek squad isac dib remote monitoring iocs

DFSP # 361 - Powershell Breakdown

Play Episode Listen Later Jan 17, 2023 15:53

This week I talk about Powershell attack IOCs.

powershell iocs

CISA Alert AA22-335A – #StopRansomware: Cuba Ransomware [CISA Cybersecurity Alerts]

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Dec 7, 2022 2:40

The FBI and CISA are releasing this alert to disseminate known Cuba Ransomware Group indicators of compromise and TTPs identified through FBI investigations. FBI and CISA would like to thank BlackBerry, ESET, The National Cyber-Forensics and Training Alliance (NCFTA), and Palo Alto Networks for their contributions to this CSA. AA22-335A Alert, Technical Details, and Mitigations For a downloadable copy of IOCs, see AA22-335A.stix Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. Resource to mitigate a ransomware attack: CISA-Multi-State Information Sharing and Analysis Center (MS-ISAC) Joint Ransomware Guide. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. U.S. DIB sector organizations may consider signing up for the NSA Cybersecurity Collaboration Center's DIB Cybersecurity Service Offerings, including Protective Domain Name System services, vulnerability scanning, and threat intelligence collaboration for eligible organizations. For more information on how to enroll in these services, email dib_defense@cyber.nsa.gov To report incidents and anomalous activity or to request incident response resources or technical assistance related to these threats, contact CISA at report@cisa.gov, or call (888) 282-0870, or report incidents to your local FBI field office.

fbi cuba cybersecurity resource blackberry ransomware csa alerts cisa palo alto networks eset dib ttps iocs national cyber forensics

ISC StormCast for Friday, November 11th, 2022

Play Episode Listen Later Nov 11, 2022 6:49

Do you collect "Observables" or "IOCs" https://isc.sans.edu/diary/Do%20you%20collect%20%22Observables%22%20or%20%22IOCs%22%3F/29238 Android Update fixes Lock Screen Bypass https://source.android.com/docs/security/bulletin/2022-11-01 https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/ libxml Vulnerability Details https://gitlab.gnome.org/GNOME/libxml2/-/issues/381 CVE-2022-45063: xterm remote code execution vulnerability https://www.openwall.com/lists/oss-security/2022/11/10/1

business internet news network security computers cybersecurity cyber hacking gnome infosec iocs observables isc stormcast

ISC StormCast for Friday, November 11th, 2022

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Nov 11, 2022 6:49

Do you collect "Observables" or "IOCs" https://isc.sans.edu/diary/Do%20you%20collect%20%22Observables%22%20or%20%22IOCs%22%3F/29238 Android Update fixes Lock Screen Bypass https://source.android.com/docs/security/bulletin/2022-11-01 https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/ libxml Vulnerability Details https://gitlab.gnome.org/GNOME/libxml2/-/issues/381 CVE-2022-45063: xterm remote code execution vulnerability https://www.openwall.com/lists/oss-security/2022/11/10/1

business internet news network security computers cybersecurity cyber hacking gnome infosec iocs observables isc stormcast

CISA Alert AA22-223A – #StopRansomware: Zeppelin Ransomware.

Play Episode Listen Later Aug 11, 2022 3:16

Zeppelin ransomware functions as a ransomware-as-a-service (RaaS), and since 2019, actors have used this malware to target a wide range of businesses and critical infrastructure organizations. Actors use remote desktop protocol (RDP), SonicWall firewall vulnerabilities, and phishing campaigns to gain initial access to victim networks and then deploy Zeppelin ransomware to encrypt victims' files. AA22-223A Alert, Technical Details, and Mitigations Zeppelin malware YARA signature What is Zeppelin Ransomware? Steps to Prepare, Respond, and Prevent Infection Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts. No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness Assessment. This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed TTPs and IOCs to help organizations protect against ransomware. Visit stopransomware.gov to see all #StopRansomware advisories and to learn more about other ransomware threats and no-cost resources. All organizations should report incidents and anomalous activity to CISA's 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.

fbi respond actors ransomware zeppelin cisa rdp raas sonicwall ttps iocs operations center

Notes on the underworld: emerging, enduring, and vanishing gangs, and their C2C markets. More spearphishing of Ukrainian targets. US CYBERCOM releases IOCs obtained from Ukrainian networks.