Podcasts about known exploited vulnerabilities catalog

Fortinet confirms a recently rumored zero-day. Officials investigate how restricted chips ended up in products from Huawei. The White House unveils a coordinated AI strategy for national security. Researchers jailbreak LLMs with Deceptive Delight. A new ransomware group exploits vulnerable device drivers. Sensitive documents from a UN trust fund are leaked online. Penn State pays over a millions dollars to settle allegations of inadequate security in government contracts. CISA adds a SharePoint vulnerability to its Known Exploited Vulnerabilities Catalog. A Microsoft report warns of growing election disinformation. On our industry voices segment, Eric Herzog, CMO of Infinidat, discusses merging cybersecurity and cyber storage resilience.  China is shocked - shocked! - that its space program has drawn the attention of foreign spies.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our industry voices segment, Eric Herzog, CMO of Infinidat, discusses merging cybersecurity and cyber storage resilience.  Selected Reading Mandiant says new Fortinet flaw has been exploited since June (Bleeping Computer) TSMC Cuts Off Client After Discovering Chips Sent to Huawei (Bloomberg) White House unveils plan for US government to keep its edge on AI development (The Record) FACT SHEET: Biden-Harris Administration Outlines Coordinated Approach to Harness Power of AI for U.S. National Security (The White House) New LLM jailbreak method with 65% success rate developed by researchers (SC Media) Embargo Ransomware Disables Security Defenses (GovInfo Security) Misconfigured UN Database Exposes 228GB of Gender Violence Victims' Data (Hackread) Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements (SecurityWeek) CISA Warns Active Exploitation of Microsoft SharePoint Vulnerability (Cyber Security News) As Election Looms, Disinformation ‘Has Never Been Worse' (The New York Times)  Microsoft Warns Foreign Disinformation Is Hitting the US Election From All Directions (WIRED) China's space programme targeted by ‘audacity' of foreign agents, anti-spy agency warns (South China Morning Post)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Crimson Palace targets Asian organizations on behalf of the PRC. Europe's AI Convention has lofty goals and legal loopholes. The NoName ransomware gang may be working as a RansomHub affiliate. Wisconsin Physicians Service Insurance Corporation, SLIM CD, and Acadian Ambulance Service each suffer significant data breaches. CISA adds three vulnerabilities to its Known Exploited Vulnerabilities Catalog. Researchers from Ben-Gurion University in Israel develop new techniques to exfiltrate data from air-gapped computers. In our latest Threat Vector segment, David Moulton, Director of Thought Leadership at Unit 42, sits down with Ryan Barger, Director of Offensive Security Services, to explore how AI is revolutionizing offensive security. Sextortion scammers have gone to the dogs.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, David Moulton, Director of Thought Leadership at Unit 42, sits down with Ryan Barger, Director of Offensive Security Services, to explore how AI is revolutionizing offensive security. Ryan delves into the practical applications of AI in tasks such as OSINT analysis, payload development, and evading endpoint detection systems. To listen to their full conversation, check out the episode here. You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network.  Selected Reading Chinese Tag Team APTs Keep Stealing Asian Gov't Secrets (Dark Reading) The AI Convention: Lofty Goals, Legal Loopholes, and National Security Caveats (SecurityWeek) NoName ransomware gang deploying RansomHub malware in recent attacks (Bleeping Computer) Wisconsin Insurer Discloses Data Breach Impacting 950,000 Individuals (SecurityWeek) Payment Gateway SLIM CD Data Breach: 1.7 Million Users Impacted (HACKREAD) Acadian Ambulance service is reporting data breach, exposing almost 3 Million people (Beyond Machines) CISA Warns of Three Vulnerabilities That Are Actively Exploited in the Wild (Cyber Security News) Researchers Detail Attacks on Air-Gapped Computers to Steal Data (Cyber Security News) Sextortion scams now use your "cheating" spouse's name as a lure (Bleeping Computer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Forecast = Expect a whirlwind of patches with a strong chance of phishing fronts moving in. In this episode of Storm⚡️Watch, we're exploring a plethora of cybersecurity topics that are as turbulent as the weather itself. First is a lively discussion with Nate Warfield from Eclypsium, where we dive into the intricacies of supply chain and firmware safety. Eclypsium's research is pivotal in highlighting critical areas listeners should be aware of, especially concerning supply chain vulnerabilities and firmware-level threats. We're also taking a deep dive into their approach to analyzing CISA's KEV data to understand the dangers lurking within. This week's Cyberside Chat is equally stormy as we pull out the popcorn and preview the Big (Tech) Trouble In Little China, discussing the recent sanctions on APT31 hackers, and the implications of China's newly expanded "Work Secrets" Law. We're also touching upon China's attacks on British MPs and the ongoing U.S. vs. TikTok saga and its broader cybersecurity implications. Tool Time features a look at VulnCheck KEV & Community Extended KEV + NVD APIs, providing listeners with valuable resources for vulnerability management. And in a segment of Shameless Self-Promotion, we're highlighting GreyNoise's innovative approach to the future of honeypots. Our Tag Roundup offers insights into recent tags, active campaigns, and a sneak peek at IP Intention Analysis, ensuring you're up-to-date with the latest cybersecurity trends. The KEV Roundup discusses the latest entries in CISA's Known Exploited Vulnerabilities Catalog, a crucial resource for cybersecurity professionals. Closing the episode, we ponder the possibilities of other dimensions, asking our guests and listeners what they hope to see on the other side. Episode Slides >> Storm Watch Homepage >> Learn more about GreyNoise >>  

In this episode of Storm⚡️Watch we're bracing for a tempest of cybersecurity insights. The Cyberside Chat segment takes a deep dive into the Department of Justice's recent announcement regarding AI in crimes, signaling harsher sentences akin to weapon-enhanced offenses. We explore the implications of AI's double-edged sword in criminal justice, the DOJ's Justice AI initiative, and the broader Artificial Intelligence Strategy. We also discuss federal actions to regulate AI, including the Algorithmic Accountability Act of 2022, and the Executive Order on Promoting the Use of Trustworthy Artificial Intelligence in the Federal Government. A study on AI-modified content in peer reviews at AI conferences is examined, highlighting the challenges of distinguishing AI-generated text from human-written content. In the Cyber Spotlight, we shine a light on the National Vulnerability Database (NVD) and its recent slowdown in updates. We discuss the implications for vulnerability management and the cybersecurity community's response, including NIST's efforts to form a consortium to address these issues. Tool Time introduces the Sunlight Certificate Transparency Log, a project aimed at enhancing the scalability and reliability of Certificate Transparency logs. We delve into the new tile-based architecture and its benefits for various stakeholders, including Certificate Authorities, CT monitors and auditors, web browsers, and security researchers. We also engage in some Shameless Self-Promotion, highlighting key insights from the 2024 State of Threat Hunting Report by Censys and tracking the aftermath of Atlassian's Confluence CVE-2023-22527 with GreyNoise. Our Tag Roundup covers recent tags and active campaigns, providing a snapshot of the current threat landscape. Finally, we wrap up the episode with our KEV Roundup, discussing the latest entries in CISA's Known Exploited Vulnerabilities Catalog, and close with a fun question about our dream fictional vehicles. Forecast = Expect a downpour of DDoS with a chance of ransomware gusts, and keep an umbrella handy for data breach drizzles. Episode Slides >> Storm Watch Homepage >> Learn more about GreyNoise >>  

Welcome to the latest episode of Storm Watch by GreyNoise Intelligence, hosted by Emily Austin, Kimber Duke, Glenn Thorpe, and boB Rudis. In this episode, we're excited to share some good news about the takedown of the IPStorm Botnet, a significant victory in the fight against cybercrime. The Russian and Moldovan national behind the illegal botnet proxy service has pleaded guilty, marking a significant step forward in international cybersecurity efforts. In breaking news, we discuss the recent SEC complaint filed by AlphV against MeridianLink for not disclosing a breach to the SEC. The breach was linked to Confluence, and we delve into the details of this incident and its implications. We also focus on the CrushFTP RCE. In our regular programming segment, we discuss how Clorox is cleaning house after a cyberattack, with the company's cyber chief leaving as recovery efforts continue. We also talk about Rackspace's hefty $11M ransomware recovery bill, which was linked to an OWASSRF vulnerability. Toyota also makes headlines with a breach confirmed after the Medusa ransomware group threatened to leak data, an incident tied to the CitrixBleed vulnerability. We also discuss the upcoming IRISSCON cybersecurity conference, where Russian cybersecurity experts are expected to present. We reflect on the 20th anniversary of Patch Tuesday, a monthly event that has become a staple in the cybersecurity world. We also give a nod to the upcoming CAMLIS conference, which we'll cover in more detail next week. In our tool time segment, we introduce MaxCVE, a useful tool for cybersecurity professionals, and discuss the importance of container vulnerability scanning awareness.  In our self-promotion segment, we share some of the latest updates and discoveries from Censys and GreyNoise, including the introduction of Censys Search Teams, the discovery of NTC Vulkan infrastructure, and how to get a leg up on initial access ransomware with CISA KEV and GreyNoise tags. We also showcase UX and feature improvements in Sift. Finally, we discuss the latest trends in GreyNoise tags and the importance of the Known Exploited Vulnerabilities Catalog from CISA. We also cover CISA's new initiative to expand scalable cybersecurity services to protect broader critical infrastructure and their recently released Health Sector Guidance Document.  Episode Slides >> Join our Community Slack >> Learn more about GreyNoise >>  

Developments in the case of China's cyberespionage against government Exchange users. Industrial controller vulnerabilities pose a risk to critical infrastructure. USB attacks have risen three-fold in the first half of 2023. CISA adds two vulnerabilities to its Known Exploited Vulnerabilities Catalog. Ghostwriter's continued activity focuses on Poland and Ukraine. Hacktivist auxiliaries swap DDoS attacks. Awais Rashid from University of Bristol shares insights on threat modeling. Our guest is Chris Cochran from Huntress on the challenges small and medium sized businesses face with cyber security. And lessons learned from cyber warfare in Russia's war. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/133 Selected reading. UK says it's working with Microsoft to understand impact of Chinese email hack (Reuters)  What we know (and don't know) about the government email breach (Washington Post) Yet Another MS CVE: Don't Get Caught In The Storm! (Cynet) China Hacking Was Undetectable for Some Who Had Less Expensive Microsoft Services (Wall Street Journal) Security flaws in Honeywell devices could be used to disrupt critical industries (TechCrunch) APT Exploit Targeting Rockwell Automation Flaws Threatens Critical Infrastructure (SecurityWeek) Rockwell Automation ControlLogix Bugs Expose Industrial Systems to Remote Attacks (The Hacker News)  USB drive malware attacks spiking again in first half of 2023 (BleepingComputer) CISA Adds Two Known Vulnerabilities to Catalog (Cybersecurity and Infrastructure Security Agency CISA) Malicious campaigns target government, military and civilian entities in Ukraine, Poland (Cisco Talos Blog) Belarus-linked hacks on Ukraine, Poland began at least a year ago, report says (Record) Crowdsourced Cyber Warfare: Russia and Ukraine Launch Fresh DDoS Offensives (CEPA). Cyber Operations during the Russo-Ukrainian War (CSIS)

CISA adds three entries to its Known Exploited Vulnerabilities Catalog. "Hydrochasma" is a new cyberespionage threat actor. IBM claims the biggest effect of cyberattacks in 2022 was extortion. Social network hijacking in the C2C market. A credential theft campaign against data centers. LockBit claims an attack on a water utility in Portugal. Tim Starks from the Washington Post describes calls to focus on harmonizing cyber regulations. Our guest is Luke Vander Linden, host of the RH-ISAC Podcast. Disrupting Mr. Putin's speech, online, and what the hybrid war suggests about the future of cyber auxiliaries. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/35 Selected reading. CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) Hydrochasma: Previously Unknown Group Targets Medical and Shipping Organizations in Asia (Symantec) IBM Security X-Force Threat Intelligence Index 2023 (IBM) S1deload Stealer – Exploring the Economics of Social Network Account Hijacking (Bitdefender Labs)  Cyber Attacks on Data Center Organizations (Resecurity) Hackers Scored Data Center Logins for Some of the World's Biggest Companies (Bloomberg) LockBit gang takes credit for attack on water utility in Portugal (The Record from Recorded Future News)  Ukraine Suffered More Data-Wiping Malware Last Year Than Anywhere, Ever (WIRED)  Ukrainian hackers claim disruption of Russian TV websites during Putin speech (The Record from Recorded Future News)  Ukraine's volunteer cyber army could be model for other nations: experts (Newsweek)  Ukraine's largest charity wants to raise $1.3 million for ‘cyber offensive' (The Record from Recorded Future News)

CISA adds to its Known Exploited Vulnerabilities Catalog. Cl0p claims responsibility for GoAnywhere exploitation. Victims mine for gold; attackers use pig butchering tactics. Hacktivists disrupt Iranian television during Revolution Day observances. Killnet claims a DDoS attack against NATO earthquake relief efforts. CyberWire UK Correspondent Carole Theriault asks what can we learn from the recent Roomba privacy snafu? Rick Howard looks at first principles we considered along the way. And can you name and shame the shameless? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/29 Selected reading. CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA)  GoAnywhere MFT Zero-Day Exploitation Linked to Ransomware Attacks (SecurityWeek)  Clop ransomware claims it breached 130 orgs using GoAnywhere zero-day (BleepingComputer)  Fool's Gold: dissecting a fake gold market pig-butchering scam (Sophos) Iranian State TV Hacked During President's Speech on Revolution Day (HackRead)  Russian hackers disrupt Turkey-Syria earthquake relief (The Telegraph) Hacking marketplace emerges from Killnet partnership, seeks pro-Russia donations (SC Media) Russian Government evaluates the immunity to hackers acting in the interests of Russia (Security Affairs) Russia's Ransomware Gangs Are Being Named and Shamed (WIRED)

An update on the takedown of the Hive ransomware gang, plus insights from CrowdStrike's Adam Meyers. If you say you're going to unleash the Leopards, expect a noisy call from Killnet. Our guest is ExtraHop CISO Jeff Costlow talking about nation-state attackers in light of ongoing Russian military operations. CISA has released eight ICS advisories, and the agency has also added an entry to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/18 Selected reading. Cybercriminals stung as HIVE infrastructure shut down (Europol) U.S. Department of Justice Disrupts Hive Ransomware Variant (U.S. Department of Justice) Director Christopher Wray's Remarks at Press Conference Announcing the Disruption of the Hive Ransomware Group (Federal Bureau of Investigation) Taking down the Hive ransomware gang. (CyberWire) US hacks back against Hive ransomware crew (BBC News) Cyberattacks Target Websites of German Airports, Admin (SecurityWeek)  Delta Electronics CNCSoft ScreenEditor (CISA)  Econolite EOS (CISA)  Snap One Wattbox WB-300-IP-3 (CISA)  Sierra Wireless AirLink Router with ALEOS Software (CISA). Mitsubishi Electric MELFA SD/SQ series and F-series Robot Controllers (CISA)  Rockwell Automation products using GoAhead Web Server (CISA) Landis+Gyr E850 (CISA)  Mitsubishi Electric MELSEC iQ-F, iQ-R Series (CISA)  CISA Has Added One Known Exploited Vulnerability to Catalog (CISA)

DragonSpark conducts "opportunistic" cyberattacks in East Asia. ProxyNotShell and OWASSRF exploit chains target Microsoft Exchange servers. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. CISA adds an entry to its Known Exploited Vulnerabilities Catalog. A Cisco study finds organizations see positive returns from investment in privacy. What's the hacktivist's postwar future? Joe Carrigan tracks a romance scam targeting seniors. Our guest is Pete Lund of OPSWAT to discuss the security of removable media devices. And a retired G-Man is indicted on multiple charges. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/15 Selected reading. DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation (SentinelOne) Technical Advisory: Proxy*Hell Exploit Chains in the Wild  (Bitdefender) Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (Unit 42) CISA Adds One Known Exploited Vulnerability to Catalog (CISA)   2023 Data Privacy Benchmark Study (Cicso) Hacktivism Is a Risky Career Path (WIRED) Retired FBI Executive Charged With Concealing $225,000 In Cash Received From An Outside Source (Department of Justice, U.S. Attorney's Office, District of Columbia)  Former Special Agent In Charge Of The New York FBI Counterintelligence Division Charged With Violating U.S. Sanctions On Russia (Department of Justice, U.S. Attorney's Office, Southern District of New York) Former Senior F.B.I. Official in New York Charged With Aiding Oligarch (New York Times)

Loved this episode? Please leave us a review and rating on your favorite podcast platform!After leaving the CPA industry and becoming a computer trainer, Roger worked his way into the cybersecurity industry, Roger Grimes, a data-driven evangelist, is determined to protect organizations from malicious social engineering attacks, but finds that even his advanced tools are no match for the crafty hackers."Organizations need to defend their infrastructure by identifying their critical data to recognize and respond to threats. Utilizing a data driven defense allows you to detect and respond to threats more quickly and accurately than traditional methods." -Roger GrimesRoger Grimes is a cybersecurity expert and data driven defense evangelist for KnowBe4. He has held a variety of roles throughout his career, and his focus is on fixing the internet and protecting organizations from social engineering attacks.In this episode, you will learn the following:1. How did Roger Grimes go from being a CPA to becoming a cybersecurity expert?2. What was it like to work with John McAfee?3. How did Roger Grimes successfully bluff his way into the cybersecurity industry?About Roger Grimes, CPA, CISSPLinkedIn: https://www.linkedin.com/in/rogeragrimes/eMail: rogerg@knowbe4.comTwitter: https://twitter.com/rogeragrimesShow Notes / Links:Cuckoo's Egg book - https://www.amazon.com/dp/B0083DJXCM?ref_=cm_sw_r_cp_ud_dp_FK52CJS8J6DAJ6JMZJTFData Killers, John McAfee - https://www.amazon.com/dp/031202889X?ref_=cm_sw_r_cp_ud_dp_7N07KYGNG9GGSKMW5Q07FidoNet - https://www.fidonet.org/index.htmlPeter Norton's Guide to the IBM PC - https://www.amazon.com/dp/0136619010?ref_=cm_sw_r_cp_ud_dp_FJ7E13ENVAFXZWR139YDCISA's Known Exploited Vulnerabilities Catalog - https://www.cisa.gov/known-exploited-vulnerabilities-catalogConnect with us:Website: securitymasterminds.buzzsprout.comKnowBe4 Resources:KnowBe4 Blog: https://blog.knowbe4.comErich Kron - https://www.linkedin.com/in/erichkronJelle Wieringa - https://www.linkedin.com/in/jellewieringaJames McQuiggan - https://www.linkedin.com/in/jmcquigganJavvad Malik: https://www.linkedin.com/in/javvadMusic Composed by: Brian Sanyshyn - https://www.briansanyshynmusic.comAnnouncer: Sarah McQuiggan - https://www.sarahmcquiggan.comThis show's sound is edited by ProPodcastSolutions - https://propodcastsolutions.com/ShowNotes created with Capsho (www.capsho.com)

Patch Tuesday. CISA releases two ICS Advisories and makes some additions to its Known Exploited Vulnerabilities Catalog. Dark Pink APT is active against Asian targets. Kinsing cryptojacking targets Kubernetes instances. Ukrainian hacktivists conduct DDoS against Iranian sites. Risk exposure and a hospital's experience with ransomware. The Health3PT initiative seeks to manage 3rd-party risk. Tim Starks from the Washington Post's Cyber 202 on cyber rising to the level of war crime. Our guest is Connie Stack, CEO of Next DLP, on the path to leadership within cyber for women. And phishing with Pokémon NFTs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/7 Selected reading. The Daily 202 (Latest Cybersecurity 202) Microsoft Releases January 2023 Security Updates (CISA) > Adobe Releases Security Updates for Multiple Products (CISA)  Black Box KVM (CISA) Delta Electronics InfraSuite Device Master (CISA) Known Exploited Vulnerabilities Catalog (CISA) Dark Pink (Group-IB) New Dark Pink APT group targets govt and military with custom malware (BleepingComputer) Kinsing cryptojacking. (CyberWire) Ukraine at D+321: "Difficult in places." (CyberWire) Iranian websites impacted by pro-Ukraine DDoS attacks (SC Media)  Ransomware attack against SickKids said to be unusual. (CyberWire) Health3PT seeks a uniform approach to healthcare supply chain issues. (CyberWire) Breaking the glass ceiling: My journey to close the leadership gap. (CyberWire, Creating Connections) Pokémon NFTs used as malware vectors. (CyberWire)

Recent DPRK cyber operations: spying and theft. Twitter's data incident. 3Commas breached. Poland warns of increased Russian offensive cyber activity. Port of Lisbon hit by ransomware. DHS announces SBIR topics. New additions to the Known Exploited Vulnerabilities Catalog. Ben Yelin on the legal conundrum of AI generated code. Our guest is Tanya Janca from She Hacks Purple with insights on API security. And, news flash! LockBit says they have a conscience. (Yeah, right.) For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/1 Selected reading. Recent DPRK cyber operations: spying and theft. (CyberWire) Twitter targeted in extortion hack. (CyberWire) 3Commas' API compromised. (CyberWire) Russian cyberattacks (Special Services)  LockBit activity over the holidays. (CyberWire) CISA Adds Two Known Exploited Vulnerabilities to Catalog (CISA)  DHS Small Business Innovation Research (SBIR) Program FY23 Solicitation (SAM.gov) The SBIR and STTR Programs. (SBIR/STTR)

[Referências do Episódio] - Mustang Panda Uses the Russian-Ukrainian War to Attack Europe and Asia Pacific Targets - https://blogs.blackberry.com/en/2022/12/mustang-panda-uses-the-russian-ukrainian-war-to-attack-europe-and-asia-pacific-targets - KNOWN EXPLOITED VULNERABILITIES CATALOG - https://www.cisa.gov/known-exploited-vulnerabilities-catalog#top - Cyber-Espionage in the Middle East: Investigating a New BackdoorDiplomacy Threat Actor Campaign - https://www.bitdefender.com/files/News/CaseStudies/study/426/Bitdefender-PR-Whitepaper-BackdoorDiplomacy-creat6507-en-EN.pdf - DEV-0139 launches targeted attacks against the cryptocurrency industry - https://www.microsoft.com/en-us/security/blog/2022/12/06/dev-0139-launches-targeted-attacks-against-the-cryptocurrency-industry/ - Android Security Bulletin—December 2022 - https://source.android.com/docs/security/bulletin/2022-12-01?hl=en&utm_source=pocket_reader [Ficha técnica] Apresentação: Carlos Cabral Roteiro: Carlos Cabral e Daniel Venzi Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

A Chinese cyberespionage campaign is believed to be active in the Middle East. Poor quality control turns ransomware into a wiper, and a typo crashes a cryptojacker. A large DDoS attack is reported to have hit a Russian state-owned bank. Privateers compromise Western infrastructure to stage cyberattacks. Cyber operations against national morale. A look at the Vice Society. Ben Yelin on the growing concerns over TicTok. Ann Johnson from Afternoon Cyber Tea speaks with Charles Blauner about the evolution of the CISO role. And CISA has added an entry to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/232 Selected reading. BackdoorDiplomacy Wields New Tools in Fresh Middle East Campaign (Bitdefender Labs)  The Story of a Ransomware Turning into an Accidental Wiper | FortiGuard Labs (Fortinet Blog)  Syntax errors are the doom of us all, including botnet authors (Ars Technica)  Russia's No. 2 bank VTB suffers largest DDoS in history (Computing)  Russia compromises major UK and US organisations to attack Ukraine (Lupovis)  Russia's online attacks target Ukrainians' feelings (POLITICO)  Vice Society: Profiling a Persistent Threat to the Education Sector (Unit 42) CISA Adds One Known Exploited Vulnerability to Catalog (CISA)

[Referências do Episódio] - MIT Technology Review - The Cyber Defense Index 2022/23 - https://mittrinsights.s3.amazonaws.com/CDIreport.pdf - KNOWN EXPLOITED VULNERABILITIES CATALOG - https://www.cisa.gov/known-exploited-vulnerabilities-catalog - ATTACKER USES A POPULAR TIKTOK CHALLENGE TO LURE USERS INTO INSTALLING MALICIOUS PACKAGE - https://checkmarx.com/blog/attacker-uses-a-popular-tiktok-challenge-to-lure-users-into-installing-malicious-package/ - Hackers Exploit RCE Vulnerability in Windows Internet Key Exchange - https://cyware.com/news/hackers-exploit-rce-vulnerability-in-windows-internet-key-exchange-ce908a01/?web_view=true - Critical Flaw Exploited to Bypass Fortinet Products and Compromise Orgs - https://www.hackread.com/authentication-bypass-flaw-fortinet-products/ [Ficha técnica] Apresentação: Carlos Cabral Roteiro: Carlos Cabral e Daniel Venzi Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

US midterm elections proceed without cyber disruption. Communications security lessons learned. CISA publishes new entries to its Known Exploited Vulnerabilities Catalog. Patch Tuesday notes. Carole Theriault examines cross border money laundering. The FBI's Bryan Vorndran offers guidance on how companies should think about their exposure in china. And a recent study finds reasons to be concerned about off-boarding. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/216 Selected reading. Taking a look at election security on US midterm Election Day. (CyberWire) Communications Security: Lessons Learned From Ukraine (BlackBerry) CISA Adds Seven Known Exploited Vulnerabilities to Catalog (CISA) Microsoft November 2022 Patch Tuesday (SANS Institute)  November Patch Tuesday Updates | 2022 (Syxsense Inc)  Microsoft Fixes Six Actively Exploited Flaws (Decipher)  Microsoft fixes ProxyNotShell Exchange zero-days exploited in attacks (BleepingComputer) Microsoft Scrambles to Thwart New Zero-Day Attacks (SecurityWeek)  Infrastructure access and security. (CyberWire)

US Department of Justice unseals three indictments in PRC spying cases. CERT-UA warns of Cuba ransomware group phishing campaign. Varonis discovers two Windows vulnerabilities. Mr Security Answer Person John Pescatore on security through obscurity. Ben Yelin on the DOJ's spying cases against China. CISA expands its Known Exploited Vulnerabilities Catalog with six new entries. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/205 Selected reading. Two Arrested and 13 Charged in Three Separate Cases for Alleged Participation in Malign Schemes in the United States on Behalf of the Government of the People's Republic of China (US Department of Justice) U.S. Justice Department Fires Warning Shot at Chinese Spies (Foreign Policy) Chinese spies charged with trying to thwart Huawei investigation (Quartz) DOJ Charges 13 Over Chinese Interference In US Affairs (Law360)  U.S. Says Chinese Tried to Obstruct Huawei Prosecution (Wall Street Journal) U.S. charges Chinese nationals with schemes to steal info, punish critics and recruit spies (CBS News) Cuba ransomware affiliate targets Ukrainian govt agencies (BleepingComputer) Unattributed RomCom Threat Actor Spoofing Popular Apps Now Hits Ukrainian Militaries (BlackBerry) The Logging Dead: Two Event Log Vulnerabilities Haunting Windows (Varonis)  CISA Adds Six Known Exploited Vulnerabilities to Catalog (CISA)

Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader. My name is G. Mark Hardy, and today we are going to discuss how nation state conflict and sponsored cyberattacks can affect us as non-combatants, and what we should be doing about it. Even if you don't have operations in a war zone, remember cyber has a global reach, so don't think that just because you may be half a world away from the battlefield that someone is not going to reach out and touch you in a bad way. So, listen for what I think will be a fascinating episode, and please do us a small favor and give us a "like" or a 5-star review on your favorite podcast platform -- those ratings really help us reach our peers. It only takes a click -- thank you for helping out our security leadership community. I'm not going to get into any geopolitics here; I'm going to try to ensure that this episode remains useful for quite some time. However, since the conflict in Ukraine has been ongoing for over two hundred days, I will draw examples from that. The ancient Chinese military strategist Sun Tzu wrote: “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” That's a little more detailed than the classic Greek aphorism, "know thyself," but the intent is the same even today. Let me add one more quote and we'll get into the material. Over 20 years ago, when he was Secretary of Defense, Donald Rumsfeld said: "As we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don't know we don't know. And if one looks throughout the history of our country and other free countries, it is the latter category that tends to be the difficult ones. So, knowledge seems extremely important throughout the ages. Modern governments know that, and as a result all have their own intelligence agencies. Let's look at an example. If we go to the CIA's website, we will see the fourfold mission of the Central Intelligence Agency: Collecting foreign intelligence that matters Producing objective all-source analysis Conducting effective covert action as directed by the President Safeguarding the secrets that help keep our nation safe. Why do we mention this? Most governments around the world have similar Nation State objectives and mission statements. Additionally, it's particularly important to understand what is wanted by "state actors" (note, I'll use that term for government and contract intelligence agents.). What are typical goals for State Actors? Let's look at a couple: Goal 1: Steal targeting data to enable future operations. Data such as cell phone records, banking statements or emails allow countries to better target individuals and companies when they know that identifying information. Additionally, targeting data allows Nation state organizations to understand how individuals are connected. This can be key when we are looking for key influencers for targets of interest. All targeting data should not be considered equal. Generally, Banking and Telecom Data are considered the best for collecting so be mindful if that is the type of company that you protect. State Actors target these organizations because of two factors:The Importance of the Data is the first factor. If one party sends a second party an email, that means there is a basic level of connection. However, it's not automatically a strong connection since we all receive emails from spammers. If one party calls someone and talks for 10 minutes to them on a phone call, that generally means a closer connection than an email. Finally, if one party sends money to another party that either means a really strong connection exists, or someone just got scammed. The Accuracy of the Data is the second factor. Many folks sign up for social media accounts with throw away credentials (i.e., fake names and phone numbers). Others use temporary emails to attend conferences, so they don't get marketing spam when they get home. However, because of Anti Money Laundering (or AML) laws, people generally provide legitimate data to financial services firms. If they don't, then they risk not being able to take the money out of a bank -- which would be a big problem. A second goal in addition to collecting targeting data, is that State Actors are interested in collecting Foreign Intelligence. Foreign Intelligence which drives policy-making decisions is very impactful. Remember, stealing secrets that no one cares about is generally just a waste of government tax dollars. If governments collect foreign intelligence on sanctioned activity, then they can inform policy makers on the effectiveness of current sanctions, which is highly useful. By reporting sanctioned activity, the government can know when current sanctions are being violated and when to update current sanctions. This can result in enabling new intelligence collection objectives. Examples of this include:A country may sanction a foreign air carrier that changes ownership or goes out of business. In that case, sanctions may be added against different airlines. This occurred when the US sanctioned Mahan Air, an Iran's airline. Currently the US enforces sanctions on more than half of Iran's civilian airlines. A country may place sanctions on a foreign bank to limit its ability to trade in certain countries or currencies. However, if sanctioned banks circumvent controls by trading with smaller banks which are not sanctioned, then current sanctions are likely ineffective. Examples of sanctioning bank activity by the US against Russia during the current war with Ukraine include:On February 27th sanctions were placed against Russian Banks using the SWIFT international payment systems On February 28th, the Russian Central Bank was sanctioned On March 24th, the Russian Bank Sberbank CEO was sanctioned On April 5th, the US IRS suspended information exchanges with the Russian tax authorities to hamper Moscow's ability to collect taxes. On April 6th, the US sanctioned additional Russian banks. These sanctions didn't just start with the onset of hostilities on 24 February 2022. They date back to Russia's invasion of Crimea. It's just that the US has turned up the volume this time. If sanctions are placed against a country's nuclear energy practices, then knowing what companies are selling or trading goods into the sanctioned country becomes important. Collecting information from transportation companies that identify goods being imported and exported into the country can also identify sanction effectiveness. A third goal or activity taken by State Actors is covert action. Covert Action is generally intended to cause harm to another state without attribution. However, anonymity is often hard to maintain.If we look at Russia in its previous history with Ukraine, we have seen the use of cyber attacks as a form of covert action. The devastating NotPetya malware (which has been generally accredited to Russia) was launched as a supply chain attack. Russian agents compromised the software update mechanism of Ukrainian accounting software M.E. Doc, which was used by nearly 400,000 clients to manage financial documents and file tax returns. This update did much more than the intended choking off of Ukrainian government tax revenue -- Maersk shipping estimates a loss of $300 million. FedEx around $400 million. The total global damage to companies is estimated at around $10 billion. The use of cyberattacks hasn't been limited to just Russia. Another example is Stuxnet. This covert action attack against Iranian nuclear facilities that destroyed nearly one thousand centrifuges is generally attributed to the U.S. and Israel. Changing topics a little bit, we can think of the story of two people encountering a bear. Two friends are in the woods, having a picnic. They spot a bear running at them. One friend gets up and starts running away from the bear. The other friend opens his backpack, takes out his running shoes, changes out of his hiking boots, and starts stretching. “Are you crazy?” the first friend shouts, looking over his shoulder as the bear closes in on his friend. “You can't outrun a bear!” “I don't have to outrun the bear,” said the second friend. “I only have to outrun you.” So how can we physically outrun the Cyber Bear? We need to anticipate where the Bear is likely to be encountered. Just as national park signs warn tourists of animals, there's intelligence information that can inform the general public. If you are looking for physical safety intelligence you might consider:The US Department of State Bureau of Consular Affairs. The State Department hosts a travel advisory list. This list allows anyone to know if a country has issues such as Covid Outbreaks, Civil Unrest, Kidnappings, Violent Crime, and other issues that would complicate having an office for most businesses. Another example is the CIA World Factbook. The World Factbook provides basic intelligence on the history, people, government, economy, energy, geography, environment, communications, transportation, military, terrorism, and transnational issues for 266 world entities. Additionally you might also consider data sources from the World Health Organization and The World Bank If we believe that one of our remote offices is now at risk, then we need to establish a good communications plan. Good communications plans generally require at least four forms of communication. The acronym PACE or Primary, Alternate, Contingency, and Emergency is often usedPrimary Communication: We will first try to email folks in the office. Alternate Communication: If we are unable to communicate via email, then we will try calling their work phones. Contingency Communication: If we are unable to reach individuals via their work phones, then we will send a Text message to their personal cell phones. Emergency Communication: If we are unable to reach them by texting their personal devices, then we will send an email to their personal emails and next of kin. Additionally, we might purchase satellite phones for a country manager. Satellite phones can be generally purchased for under $1,000 and can be used with commercial satellite service providers such as Inmarsat, Globalstar, and Thuraya. One popular plan is Inmarsat's BGAN. BGAN can usually be obtained from resellers for about $100 per month with text messaging costing about fifty cents each and calls costing about $1.50 per minute. This usually translates to a yearly cost of $1,500-2K per device. Is $2K worth the price of communicating to save lives in a high-risk country during high political turmoil? Let your company decide. Note a great time to bring this up may be during use-or-lose money discussions at the end of the year. We should also consider preparing egress locations. For example, before a fire drill most companies plan a meetup location outside of their building so they can perform a headcount. This location such as a vacant parking lot across the street allows teams to identify missing personnel which can later be communicated to emergency personnel. If your company has offices in thirty-five countries, you should think about the same thing, but not assembling across the street but across the border. Have you identified an egress office for each overseas country? If you had operations in Ukraine, then you might have chosen a neighboring country such as Poland, Romania, or Hungary to facilitate departures. When things started going bad, that office could begin creating support networks to find local housing for your corporate refugees. Additionally, finding job opportunities for family members can also be extremely helpful when language is a barrier in new countries. If we anticipate the Bear is going to attack our company digitally, then we should also look for the warning signs. Good examples of this include following threat intelligence information from: Your local ISAC organization. ISAC or Information Sharing Analysis Centers are great communities where you can see if your vertical sector is coming under attack and share your experiences/threats. The National Council of ISACs lists twenty-five different members across a wide range of industries. An example is the Financial Services ISAC or FS-ISAC which has a daily and weekly feed where subscribers can find situational reports on cyber threats from State Actors and criminal groups. InfraGard™ is a partnership between the Federal Bureau of Investigation and members of the private sector for the protection of US Critical Infrastructure. Note you generally need to be a US citizen without a criminal history to join AlienVault offers a Threat Intelligence Community called Open Threat Exchange which grants users free access to over nineteen million threat indicators. Note AlienVault currently hosts over 100,000 global participants, so it's a great place to connect with fellow professionals. The Cybersecurity & Infrastructure Security Agency or CISA also routinely issues cybersecurity advisories to stop harmful malware, ransomware, and nation state attacks. Helpful pages on their websites include the following:Shields Up which provides updates on cyber threats, guidance for organizations, recommendations for corporate Leaders and CEOs, ransomware responses, free tooling, and steps that you can take to protect your families. There's even a Shields Technical Guidance page with more detailed recommendations. CISA routinely puts out Alerts which identify threat actor tactics and techniques. For example, Alert AA22-011A identifies how to understand and mitigate Russian State Sponsored Cyber Threats to US Critical Infrastructure. This alert tells you what CVEs the Russian government is using as well as the documented TTPs which map to the MITRE ATT&CK™ Framework. Note if you want to see more on the MITRE ATT&CK mapped to various intrusion groups we recommend going to attack.mitre.org slant groups. CISA also has notifications that organizations can sign up for to receive timely information on security issues, vulnerabilities, and high impact activity. Another page to note on CISA's website is US Cert. Here you can report cyber incidents, report phishing, report malware, report vulnerabilities, share indicators, or contact US Cert. One helpful page to consider is the Cyber Resilience Review Assessment. Most organizations have an IT Control to conduct yearly risk assessments, and this can help identify weaknesses in your controls. Now that we have seen a bear in the woods, what can we do to put running shoes on to run faster than our peers? If we look at the CISA Shield Technical Guidance Page we can find shields up recommendations such as remediating vulnerabilities, enforcing MFA, running antivirus, enabling strong spam filters to prevent phishing attacks, disabling ports and protocols that are not essential, and strengthening controls for cloud services. Let's look at this in more detail to properly fasten our running shoes. If we are going to remediate vulnerabilities let's focus on the highest priority. I would argue those are high/critical vulnerabilities with known exploits being used in the wild. You can go to CISA's Known Exploited Vulnerabilities Catalog page for a detailed list. Each time a new vulnerability gets added, run a vulnerability scan on your environment to prioritize patching. Next is Multi Factor Authentication (MFA). Routinely we see organizations require MFA access to websites and use Single Sign On. This is great -- please don't stop doing this. However, we would also recommend MFA enhancements in two ways. One, are you using MFA on RDP/SSH logins by administrators? If not, then please enable immediately. You never know when one developer will get phished, and the attacker can pull his SSH keys. Having MFA means even when those keys are lost, bad actor propagation can be minimized. Another enhancement is to increase the security within your MFA functionality. For example, if you use Microsoft Authenticator today try changing from a 6 digit rotating pin to using security features such as number matching that displays the location of their IP Address. You can also look at GPS conditional policies to block all access from countries in which you don't have a presence. Running antivirus is another important safeguard. Here's the kicker -- do you actually know what percentage of your endpoints are running AV and EDR agents? Do you have coverage on both your Windows and Linux Server environments? Of the agents running, what portion have signatures updates that are not current? How about more than 30 days old. We find a lot of companies just check the box saying they have antivirus, but if you look behind the scenes you can see that antivirus isn't as effective as you think when it's turned off or outdated. Enabling Strong Spam Filters is another forgotten exercise. Yes, companies buy solutions like Proofpoint to secure email, but there's more that can be done. One example is implementing DMARC to properly authenticate and block spoofed emails. It's the standard now and prevents brand impersonation. Also please consider restricting email domains. You can do this at the very top. Today, the vast majority of legitimate correspondents still utilize one of the original seven top-level domains: .com, .org, .net, .edu, .mil, .gov, and .int, as well as two-letter country code top-level domains (called ccTLDs). However, you should look carefully at your business correspondence to determine if communicating with all 1,487 top-level domains is really necessary. Let's say your business is located entirely in the UK. Do you really want to allow emails from Country codes such as .RU, .CN, and others? Do you do business with .hair, or .lifestyle, or .xxx? If you don't have a business reason for conducting commerce with these TLDs, block them and minimize both spam and harmful attacks. It won't stop bad actors from using Gmail to send phishing attacks, but you might be surprised at just how much restricting TLDs in your email can help. Note that you have to be careful not to create a self-inflicted denial of service, so make sure that emails from suspect TLDs get evaluated before deletion. Disabling Ports and Protocols is key since you don't want bad actors having easy targets. One thing to consider is using Amazon Inspector. Amazon Inspector has rules in the network reachability package to analyze your network configurations to find security vulnerabilities in your EC2 Instances. This can highlight and provide guidance about restricting access that is not secure such as network configurations that allow for potentially malicious access such as mismanaged security groups, Access Control Lists, Internet Gateways, etc. Strengthening Cloud Security- We won't go into this topic too much as you could spend a whole talk on strengthening cloud security. Companies should consider purchasing a cloud security solution like Wiz, Orca, or Prisma for help in this regard. One tip we don't see often is using geo-fencing and IP allow-lists. For example, one new feature that AWS recently created is to enable Web Application Firewall protections for Amazon Cognito. This makes it easier to protect user pools and hosted UIs from common web exploits. Once we notice there's likely been a bear attack on our peers or our infrastructure, we should report it. This can be done by reporting incidents to local governments such as CISA or a local FBI field office, paid sharing organizations such as ISAC, or free communities such as AlienVault OTX. Let's walk through a notional example of what we might encounter as collateral damage in a cyberwar. However, to keeps this out of current geopolitics, we'll use the fictitious countries Blue and Orange. Imagine that you work at the Acme Widget Corporation which is a Fortune 500 company with a global presence. Because Acme manufactures large scale widgets in their factory in the nation of Orange, they are also sold to the local Orange economy. Unfortunately for Acme, Orange has just invaded their neighboring country Blue. Given that Orange is viewed as the aggressor, various countries have imposed sanctions against Orange. Not wanting to attract the attention of the Orange military or the U.S. Treasury department, your company produces an idea that might just be crazy enough to work. Your company is going to form a new company within Orange that is not affiliated with the parent company for the entirety of the war. This means that the parent company won't provide services to the Orange company. Additionally, since there is no affiliation between the companies then the legal department advises that there will not be sanction evasion activity which could put the company at risk. There's just one problem. Your company has to evict the newly created Orange company (Acme Orange LLC) from its network and ensure it has the critical IT services to enable its success. So where do we start? Let's consider a few things. First, what is the lifeblood of a company? Every company really needs laptops and Collaboration Software like Office 365 or GSuite. So, if we have five hundred people in the new Acme Orange company, that's five hundred new laptops and a new server that will host Microsoft Exchange, a NAS drive, and other critical Microsoft on premises services. Active Directory: Once you obtain the server, you realize a few things. Previous Acme admin credentials were used to troubleshoot desktops in the Orange environment. Since exposed passwords are always a bad thing, you get your first incident to refresh all passwords that may have been exposed. Also, you ensure a new Active Directory server is created for your Orange environment. This should leverage best practices such as MFA since Orange Companies will likely come under attack. Let's talk about other things that companies need to survive: Customer relations management (CRM) services like Salesforce Accounting and Bookkeeping applications such as QuickBooks Payment Software such as PayPal or Stripe File Storage such as Google Drive or Drop Box Video Conferencing like Zoom Customer Service Software like Zendesk Contract Management software like DocuSign HR Software like Bamboo or My Workday Antivirus & EDR software Standing up a new company's IT infrastructure in a month is never a trivial task. However, if ACME Orange is able to survive for 2-3 years it can then return to the parent company after the sanctions are lifted. Let's look at some discussion topics. What IT services will be the hardest to transfer? Can new IT equipment for Acme Orange be procured in a month during a time of conflict? Which services are likely to only have a SaaS offering and not enable on premises during times of conflicts? Could your company actually close a procurement request in a one-month timeline? If we believe we can transfer IT services and get the office up and running, we might look at our cyber team's role in providing recommendations to a new office that will be able to survive a time of turmoil. All laptops shall have Antivirus and EDR enabled from Microsoft. Since the Acme Orange office is isolated from the rest of the world, all firewalls will block IP traffic not originating from Orange. SSO and MFA will be required on all logins Backups will be routinely required. Note if you are really looking for effective strategies to mitigate cyber security incidents, we highly recommend the Australian Essential Eight. We have a link in our show notes if you want more details. Additionally, the ACME Orange IT department will need to create its own Incident Response Plan (IRP). One really good guide for building Cyber Incident Response Playbooks comes from the American Public Power Association. (I'll put the link in our show notes.) The IRP recommends creating incident templates that can be used for common attacks such as: Denial of Service (DoS) Malware Web Application Attack (SQL Injection, XSS, Directory Traversal, …) Cyber-Physical Attack Phishing Man in the middle attack Zero Day Exploit This Incident Response Template can identify helpful information such as Detection: Record how the attack was identified Reporting: Provide a list of POCs and contact information for the IT help desk to contact during an event Triage: List the activities that need to be performed during Incident Response. Typically, teams follow the PICERL model. (Preparation - Identification - Containment - Eradication - Recovery - Lessons Learned) Classification: Depending on the severity level of the event, identify additional actions that need to occur Communications: Identify how to notify local law enforcement, regulatory agencies, and insurance carriers during material cyber incidents. Additionally describe the process on how communications will be relayed to customers, employees, media, and state/local leaders. As you can see, there is much that would have to be done in response to a nation state aggression or regional conflict that would likely fall in your lap. If you didn't think about it before, you now have plenty of material to work with. Figure out your own unique requirements, do some tabletop exercises where you identify your most relevant Orange and Blue future conflict, and practice, practice, practice. We learned from COVID that companies that were well prepared with a disaster response plan rebranded as a pandemic response plan fared much better in the early weeks of the 2020 lockdown. I know my office transitioned to remote work for over sixty consecutive weeks without any serious IT issues because we had a written plan and had practiced it. Here's another one for you to add to your arsenal. Take the time and be prepared -- you'll be a hero "when the bubble goes up." (There -- you've learned an obscure term that nearly absent from a Google search but well-known in the Navy and the Marine Corps.) Okay, that's it for today's episode on Outrunning the Bear. Let's recap: Know yourself Know what foreign adversaries want Know what information, processes, or people you need to protect Know the goals of state actors:steal targeting data collect foreign intelligence covert action Know how to establish a good communications plan (PACE)Primary Alternate Contingency Emergency Know how to get out of Dodge Know where to find private and government threat intelligence Know your quick wins for protectionremediate vulnerabilities implement MFA everywhere run current antivirus enable strong spam filters restrict top level domains disable vulnerable or unused ports and protocols strengthen cloud security Know how to partition your business logically to isolate your IT environments in the event of a sudden requirement. Thanks again for listening to CISO Tradecraft. Please remember to like us on your favorite podcast provider and tell your peers about us. Don't forget to follow us on LinkedIn too -- you can find our regular stream of low-noise, high-value postings. This is your host G. Mark Hardy, and until next time, stay safe. References https://www.goodreads.com/quotes/17976-if-you-know-the-enemy-and-know-yourself-you-need https://en.wikipedia.org/wiki/There_are_known_knowns https://www.cia.gov/about/mission-vision/ https://www.cybersecurity-insiders.com/ukraines-accounting-software-firm-refuses-to-take-cyber-attack-blame/ https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/ https://www.nationalisacs.org/member-isacs-3 https://attack.mitre.org/groups/ https://data.iana.org/TLD/tlds-alpha-by-domain.txt https://www.publicpower.org/system/files/documents/Public-Power-Cyber-Incident-Response-Playbook.pdf

[Referências do Episódio] - CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer - https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/ - Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server - https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ - Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 - https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/ - Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium - https://www.welivesecurity.com/2022/09/30/amazon-themed-campaigns-lazarus-netherlands-belgium/ - KNOWN EXPLOITED VULNERABILITIES CATALOG - https://www.cisa.gov/known-exploited-vulnerabilities-catalog [Ficha técnica] Apresentação: Carlos Cabral Roteiro: Carlos Cabral e Daniel Venzi Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

Palo Alto describes the Black Basta ransomware-as-a-service operation. Okta on Scatter Swine, the threat actor that compromised Twilio. Microsoft describes Nobelium's new approach to establishing persistence. Russia's war against Ukraine has induced stresses in the cyber underworld. LastPass discloses a security incident. Josh Ray from Accenture on cyber crime and the cost-of-living crisis. Our own Dave Bittner sits down with Chris Handman from TerraTrue to discuss how he works to transform legal teams into advocates and collaborators that can ensure privacy is baked in every step of the way. And CISA adds ten entries to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/165 Selected reading. Threat Assessment: Black Basta Ransomware (Palo Alto Networks Unit 42) MagicWeb: NOBELIUM's post-compromise trick to authenticate as anyone (Microsoft Threat Intelligence Center) Microsoft Uncovers New Post-Compromise Malware Used by Nobelium Hackers (The Hacker News) Microsoft: Russian hackers gain powerful 'MagicWeb' authentication bypass (ZDNET) Detecting Scatter Swine: Insights into a relentless phishing campaign (Okta Security) Twilio hackers hit over 130 orgs in massive Okta phishing attack (BleepingComputer) Twilio says breach also compromised Authy two-factor app users (TechCrunch) How the war in Ukraine is reshaping the dark web (New Statesman) Notice of Recent Security Incident (The LastPass Blog) LastPass Says Source Code Stolen in Data Breach (SecurityWeek) LastPass developer systems hacked to steal source code (BleepingComputer)

[Referências do Episódio] - A Tale of PivNoxy and Chinoxy Puppeteer - https://www.fortinet.com/blog/threat-research/pivnoxy-and-chinoxy-puppeteer-analysis - Escanor Malware Delivered In Weaponized Microsoft Office Documents - https://resecurity.com/blog/article/escanor-malware-delivered-in-weaponized-microsoft-office-documents - Known Exploited Vulnerabilities Catalog - https://www.cisa.gov/known-exploited-vulnerabilities-catalog - Doctor Web identifies attack on WhatsApp and WhatsApp Business messengers installed on counterfeit Android devices - https://news.drweb.com/show/?i=14542&lng=en - GAIROSCOPE: Injecting Data from Air-Gapped Computers to Nearby Gyroscopes - https://arxiv.org/abs/2208.09764 - Vídeo demonstrando o GAIROSCOPE - https://www.youtube.com/watch?v=5sUQ0jG01dw&t=12s [Ficha técnica] Apresentação: Carlos Cabral Roteiro: Carlos Cabral e Daniel Venzi Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

Killnet claims a DDoS campaign against Estonia. The head of GCHQ calls Russian cyber operations a failure. US Cyber Command concludes its "hunt forward" mission in cooperation with Croatia. A criminal gang targets the travel and hospitality sectors. Thomas Pace of NetRise shares insights on firmware vulnerabilities. Daniel Floyd from BlackCloak on Quantifying the Business Need for Digital Executive Protection. CISA issues five ICS security advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/157 Selected reading. Estonia says it repelled major cyber attack after removing Soviet monuments (Reuters) There's a chance regular people didn't even notice: expert on Russian cyber attack (TVP World)  Estonia says it repelled a major cyberattack claimed by Russian hackers. (New York Times) The head of GCHQ says Vladimir Putin is losing the information war in Ukraine (The Economist) Cyber Command deployed 'hunt forward' defenders to Croatia to help secure systems (The Record by Recorded Future) U.S. Cyber Command completes defensive cyber mission in Croatia (CyberScoop) You Can't Audit Me: APT29 Continues Targeting Microsoft 365 (Mandiant) Reservations Requested: TA558 Targets Hospitality and Travel (Proofpoint) Cybercrime Group TA558 Ramps Up Email Attacks Against Hotels (Decipher) CISA Adds Seven Known Exploited Vulnerabilities to Catalog (CISA)  Siemens Linux-based Products (Update G) (CISA) Siemens Industrial Products LLDP (Update B) (CISA) Siemens OpenSSL Affected Industrial Products (CISA) Mitsubishi Electric MELSEC Q and L Series (CISA) Mitsubishi Electric GT SoftGOT2000 (CISA)

Critical flaws in Emergency Alert System and in some Cisco SOHO routers, new IoT threat, CISA adds Zimbra vulnerability to its Known Exploited Vulnerabilities Catalog, and what you need to do to land a six-figure cybersecurity job. https://www.threatshub.org/blog/warning-critical-flaws-found-in-us-emergency-alert-system/ https://www.theregister.com/2022/08/05/cisco_smb_routers_critical_flaws/ https://thehackernews.com/2022/08/new-iot-rapperbot-malware-targeting.html https://thehackernews.com/2022/08/cisa-adds-zimbra-email-vulnerability-to.html https://fortune.com/education/business/articles/2022/07/27/what-you-need-to-land-a-six-figure-cybersecurity-job/ https://youtube.com/playlist?list=PLZkMMBCZshiO0gu44pAZUM__fpHOrvTcv --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message Support this podcast: https://anchor.fm/virtual-ciso-moment/support

[Referências do Episódio] - [CVE-2022-36123] Publish CVE-2022-36123 - https://github.com/sickcodes/security/blob/master/advisories/SICK-2022-128.md - KNOWN EXPLOITED VULNERABILITIES CATALOG - https://www.cisa.gov/known-exploited-vulnerabilities-catalog - Countdown Timer: Ransomware Themed Phishing Attack - https://cofense.com/blog/countdown-timer-ransomware-themed-phishing-attack - Examining New DawDropper Banking Dropper and DaaS on the Dark Web - https://www.trendmicro.com/en_us/research/22/g/examining-new-dawdropper-banking-dropper-and-daas-on-the-dark-we.html - Brisbane teenager built spyware used by domestic violence perpetrators across world, police allege - https://www.theguardian.com/australia-news/2022/jul/30/brisbane-teenager-built-spyware-used-by-domestic-violence-perpetrators-across-world-police-allege [Ficha técnica] Apresentação: Carlos Cabral Roteiro: Carlos Cabral e Daniel Venzi Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

Kicking off the show, John Pescatore joins for an interview & will go through his mostly random career choices that led to a long and fun career in information/cybersecurity - and how that ties into today's demand to secure the increase complex supply web of chains. Finally, this week in the Security News: Chaining Zoom bugs is possible to hack users in a chat by sending them a message, Microsoft vulnerabilities down for 2021, CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog, Using NMAP to Assess Hosts in Load Balanced Clusters, Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover, & more! Segment Resources: SANS Cyberstart initiative - https://www.cyberstartamerica.org Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Show Notes: https://securityweekly.com/psw742

Kicking off the show, John Pescatore joins for an interview & will go through his mostly random career choices that led to a long and fun career in information/cybersecurity - and how that ties into today's demand to secure the increase complex supply web of chains. Finally, this week in the Security News: Chaining Zoom bugs is possible to hack users in a chat by sending them a message, Microsoft vulnerabilities down for 2021, CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog, Using NMAP to Assess Hosts in Load Balanced Clusters, Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover, & more! Segment Resources: SANS Cyberstart initiative - https://www.cyberstartamerica.org Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Show Notes: https://securityweekly.com/psw742

This week in the Security News: Chaining Zoom bugs is possible to hack users in a chat by sending them a message, Microsoft vulnerabilities down for 2021, CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog, Using NMAP to Assess Hosts in Load Balanced Clusters, Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover, & more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw742

This week in the Security News: Chaining Zoom bugs is possible to hack users in a chat by sending them a message, Microsoft vulnerabilities down for 2021, CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog, Using NMAP to Assess Hosts in Load Balanced Clusters, Critical Vulnerability in Premium WordPress Themes Allows for Site Takeover, & more!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw742

Distributed denial-of-service attacks against Lithuania. Dark Crystal RAT described. Iranian steel mill suspends production due to cyberattack. Bumblebee rising. CISA adds to its Known Exploited Vulnerabilities Catalog. Music pirate sites brought down by US and Brazilian authorities. Joe Carrigan looks at Apple's private access tokens. Mister Security Answer Person John Pescatore drops some sboms. And where do Russian intelligence officers go after they've been PNGed? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/123 Selected reading. Lithuania targeted by massive Russian cyberattack over transit blockade (Newsweek) Russia's Killnet hacker group says it attacked Lithuania (Reuters) Killnet, Kaliningrad, and Lithuania's Transport Standoff With Russia (Flashpoint) Ukraine Targeted by Dark Crystal RAT (DCRat) | FortiGuard Labs (Fortinet Blog) Cyberattack Forces Iran Steel Company to Halt Production (SecurityWeek) Iran's steel industry halted by cyberattack (Jerusalem Post) Bumblebee: New Loader Rapidly Assuming Central Position in Cyber-crime Ecosystem (Broadcom Software Blogs) CISA Adds Eight Known Exploited Vulnerabilities to Catalog (CISA)  US, Brazil seize 272 websites used to illegally download music (BleepingComputer)  Swiss intel service: Watch out for redeployed Russian spies (AP News)

US officials continue to rate the threat of Russian cyberattack as high. Civilians in cyber war. Broadcast interference and propaganda. A Joint CISA/FBI warning of Chinese cyberespionage. What gets a vulnerability into the Known Exploited Vulnerabilities Catalog? Andrea Little Limbago from Interos and Mike Sentonas from Crowdstrike join us with previews of their RSA conference presentations. And, finally, some Jersey-based cyber campaigns (that's the Bailiwick, not the Garden State). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/110 Selected reading. Russian Cyber Threat Remains High, U.S. Officials Say (Wall Street Journal) Shields Up: The New Normal (CyberScoop) Russian Government, Cybercriminal Cooperation a 'Force Multiplier' (Decipher)  Opinion The U.S.-Russia conflict is heating up — in cyberspace (Washington Post)  Smartphones Blur the Line Between Civilian and Combatant (Wired) Russian Cyberattack Hits Wales-Ukraine Football Broadcast (Gov Info Security)  People's Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices (CISA) US agencies detail the digital ‘plumbing' used by Chinese state-sponsored hackers (The Record by Recorded Future)  CISA Provides Criteria and Process for Updates to the KEV Catalog (CISA) Reducing the Significant Risk of Known Exploited Vulnerabilities (CISA) Jersey computers used in international cyber-attacks (Jersey Evening Post)

Moscow wants attention to be paid to its messengers. Western support for Ukraine in cyberspace. US remains on alert for Russian cyberattacks. Iran: anti-government hacktivism and Tehran-sponsored cyber ops. Rebranding as sanctions evasion. A gangland threat to firmware. Johannes Ullrich from SANS on security of browsers caching passwords. Dave Bittner sits down with Perry Carpenter to discuss his new book, "The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer,''co-author was Kai Roer.. And CISA adds an Atlassian issue to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/107 Selected reading. Russia summons heads of U.S. media outlets, warns of 'stringent measures' (Reuters) US confirms military hackers have conducted cyber operations in support of Ukraine (CNN)  Advancing security across Central and Eastern Europe (Google)  US Justice Department Braces for More Russian Cyberattacks (VOA) Russia, backed by ransomware gangs, actively targeting US, FBI director says (Cybersecurity Dive)  Exiled Iran Group Claims Tehran Hacking Attack (SecurityWeek) Exposing POLONIUM activity and infrastructure targeting Israeli organizations (Microsoft Security)  To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions (Mandiant) Russia-Linked Ransomware Groups Are Changing Tactics to Dodge Crackdowns (Wall Street Journal)  Conti Targets Critical Firmware (Eclypsium) Atlassian: Unpatched critical Confluence flaw under attack (Register)  CISA Adds One Known Exploited Vulnerability (CVE-2022-26134) to Catalog (CISA)

"Pantsdown" in QCT Baseboard Management Controllers. A warning on ChromeLoader. Conti updates. Ransomware's effect on SpiceJet. CISA's Known Exploited Vulnerabilities Catalog expands, again. Kyiv honors Google. Josh Ray from Accenture reminds us it's military appreciation month. Our guest is Melissa Bischoping of Tanium with lessons learned from the American Dental Association ransomware attack. And a poacher turned gamekeeper? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/102 Selected reading. Critical 'Pantsdown' BMC Vulnerability Affects QCT Servers Used in Data Centers (The Hacker News) ChromeLoader: a pushy malvertiser (Red Canary)  Conti leaks data stolen during January attack on Oregon county (The Record by Recorded Future)  Is the Conti Ransomware Gang Stronger Apart Then Together? (OODA Loop)  SpiceJet: Passengers stranded as India airline hit by ransomware attack (BBC News)  SpiceJet's woes continue as ransomware attack delays flights (The Loadstar) . SpiceJet's brush with ransomware is a timely reminder to protect yourself against this cyber menace (cnbctv18.com CISA Adds 34 Known Exploited Vulnerabilities to Catalog (CISA)  Mykhailo Fedorov presented the first "Peace prize" to Google (Digital Gov)   Notorious Vietnamese hacker turns government cyber agent (France 24)

Hacktivisim and privateering in Moscow, Kyiv, and Minsk. Log4j vulnerabilities are more widespread than initially thought. US Cyber Command deployed a "hunt forward" team to Lithuania. CISA adds five vulnerabilities to its Known Exploited Vulnerabilities Catalog. Jen Miller-Osborn from Palo Alto Networks discusses the findings from the Center for Digital Government's survey on Getting Ahead of Ransomware. Grayson Milbourne of Webroot/OpenText discusses OpenText's 2022 BrightCloud Threat Report. And Anonymous leaks emails allegedly belonging to the Nauru Police Force. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/87 Selected reading. Russian ally Belarus launches military quick-response drills (Washington Post) Putin's Ukraine War: Desperate Belarus dictator strikes back (Atlantic Council) Russian ransomware group claims attack on Bulgarian refugee agency (CyberScoop) Russia and Ukraine Conflict Q&A | Cybersixgill (Cybersixgill) Threat Advisory: New Log4j Exploit Demonstrates a Hidden Blind Spot in the Global Digital Supply Chain (Cequence) Anonymous Leak 82GB of Police Emails Against Australia's Offshore Detention (HackRead)

A Shuckworm update. Pegasus spyware found in UK government officials' phones. CISA issues six ICS security alerts and adds three entries to its Known Exploited Vulnerabilities Catalog. Gangs succeed when criminals run them like a business. Julian Assange moves closer to extradition to the US. Tim Eades from Cyber Mentor Fund on cyber valuations. Our guest is Wes Mullins from deepwatch discussing adversary simulations. And a guilty plea in a high-profile cyberstalking case. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/76 Selected reading. Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine UK Government Reportedly Infected With NSO Group Spyware ‘CatalanGate' Spyware Infections Tied to NSO Group Pegasus Spyware and Citizen Surveillance: What You Need to Know Julian Assange extradition order issued by London court, moving WikiLeaks founder closer to US transfer . Former eBay executive to plead guilty to cyberstalking campaign targeting couple

Preparing for the spread of cyberattacks. A look at Cyber operations in the hybrid war. C3 and electronic warfare. The Republic of the Marshall Islands suffers rolling DDoS attacks. Okta gives a detailed account of its experience with the Lapsus$ Group. Lapsus$ under the law enforcement microscope. The FCC sanctions Kaspersky. Malek Ben Salem from Accenture on getting full potential from deception systems. Our guest is Greg Scasny of Blueshift Cybersecurity with remote workforce security concerns. And CISA adds to its Known Exploited Vulnerabilities Catalog. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/59 Selected reading. ‘Preparation, not panic': Top US cyber official asks Americans to look out for Russian hacking efforts CNN Russia hacked Ukrainian satellite communications, officials believe BBC News Chinese cyberattacks on NATO countries increase 116% since Russia's invasion of Ukraine: study Fox Business Why hasn't Russia used its 'full scope' of electronic warfare?Breaking Defense Russian troops' tendency to talk on unsecured lines is proving costly Washington Post Marshall Islands telecom service hit by cyber attack RNZ Okta: "We made a mistake" delaying the Lapsus$ hack disclosure BleepingComputer Who is LAPSUS$, the Big, Bad Cybercrime Gang Hacking Tech's Biggest Companies? Gizmodo FCC puts Kaspersky on security threat list, says it poses “unacceptable risk“ Ars Technica U.S. FCC adds Russia's Kaspersky, China telecom firms to national security threat list Reuters CISA Adds 66 Known Exploited Vulnerabilities to Catalog CISA

The Cybersecurity and Infrastructure Security Agency is a recently new agency focused on the security of the nation's infrastructure. A new resource, the Known Exploited Vulnerability Catalog is updated with vulnerabilities that are seen to be actively exploited by hackers. This episode goes into the details. Source - https://www.cisa.gov/known-exploited-vulnerabilities-catalog Be aware, be safe. Get ExpressVPN, Secure Your Privacy And Support The Show Become A Patron! Patreon Page *** Support the podcast with a cup of coffee *** - Ko-Fi Security In Five —————— Where you can find Security In Five —————— Security In Five Reddit Channel r/SecurityInFive Binary Blogger Website Security In Five Website Security In Five Podcast Page - Podcast RSS Twitter @securityinfive iTunes, YouTube, TuneIn, iHeartRadio,

This first TCE episode of 2022 (and first video - on Spotify) includes a few gentle and some not-so-gentle reminders on cybersecurity best practices and practices for better cyber hygiene. I start with a few cybersecurity controls for businesses to buckle down on this year, including identifying assets, vetting vulnerabilities, and pursuing more potent password policies. Then, I actually persist on the password point with some pontification about our predilection for problematic passwords and propose pointers for a more polished password posture. While there's probably nothing new in this episode, I hope it serves as a gentle nudge to promote better cyber hygiene habits – not just resolutions for 2022, but positive habits to develop for all-time toward a more cyber secure you! I also evangelize for a new CISA resource - the Known Exploited Vulnerabilities Catalog. Other resource mentioned in this episode: https://www.consumer.ftc.gov/articles/password-checklist

PerSwaysion phishing campaign still ongoing, and pervasive FBI: FatPipe VPN zero-day exploited by APT for 6 months RedCurl corporate espionage hackers resume attacks with updated tools Thanks to our episode sponsor, Vulcan Cyber The fact that CISA felt the need to release the massive “Known Exploited Vulnerabilities Catalog” recently says everything we need to know about the state of our collective cyber debt. Attend the Vulcan Cyber virtual summit on December 9th and learn how your peers are working to take on cyber risk and mitigate known vulnerabilities at scale. Go to vulcan.io and click the button at the top of the screen to register for the event. For the stories behind the headlines, head to CISOseries.com.  

Link to Blog Post This week's Cyber Security Headlines - Week in Review, Nov 8-12, is hosted by Rich Stroffolino with our guest, John Overbaugh, CISO, Alpine Software Group Thanks to our episode sponsor, Vulcan Cyber The fact that CISA felt the need to release the massive “Known Exploited Vulnerabilities Catalog” recently says everything we need to know about the state of our collective cyber debt. Attend the Vulcan Cyber virtual summit on December 9th and learn how your peers are working to take on cyber risk and mitigate known vulnerabilities at scale. Go to vulcan.io and click the button at the top of the screen to register for the event. All links and the video of this episode can be found on CISO Series.com      

EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms Gmail accounts are used in 91% of all baiting email attacks Microsoft warns of uptick in HTML smuggling Thanks to our episode sponsor, Vulcan Cyber The fact that CISA felt the need to release the massive “Known Exploited Vulnerabilities Catalog” recently says everything we need to know about the state of our collective cyber debt. Attend the Vulcan Cyber virtual summit on December 9th and learn how your peers are working to take on cyber risk and mitigate known vulnerabilities at scale. Go to vulcan.io and click the button at the top of the screen to register for the event. For the stories behind the headlines, head to CISOseries.com.

On this week's episode of the podcast, we cover a newly discovered method for hiding malicious source code in plain sight, CISA's new Known Exploited Vulnerabilities Catalog, and action from the US Department of Commerce on the Pegasus spyware manufacturer NSO Group.