Podcasts about lokibot

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel. Cisco Talos has discovered a threat actor conducting several campaigns against government entities, military organizations, and civilian users in Ukraine and Poland.FortiGuard Labs investigation the researchers came across several Malicious Office documents designed to exploit known vulnerabilities.Cybersecurity vendor Sophos is being impersonated by a new ransomware-as-a-service called SophosEncrypt.CheckMarx is reporting the first known targeted OSS supply chain attacks against the banking sector.The LimaCharlie SecOps Cloud Platform provides organizations with comprehensive enterprise protection that brings together critical cybersecurity capabilities and eliminates integration challenges and security gaps for more effective protection against today's threats.Watch the SecOps Cloud Platform panel discussions here: Introducing the SecOps Cloud PlatformThe Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.

CISA and the FBI issue a joint Cybersecurity Advisory on exploitation of Microsoft Exchange Online. Implementing the US National Cybersecurity Strategy. FortiGuard discovers a new LokiBot campaign. Training code turns out to be malicious in a new proof-of-concept attack discovered on GitHub. Russia resumes its pursuit of a "sovereign Internet." The GRU's offensive cyber tactics. Chris Novak from Verizon discusses business email compromise and the 2023 DBIR. Our guest is Joy Beland of Summit 7 on the role of Managed Service Providers in the supply chain to the Defense Industrial Base. And a probable Ukrainian false-flag operation. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/132 Selected reading. CISA and FBI Release Cybersecurity Advisory on Enhanced Monitoring to Detect APT Activity Targeting Outlook Online (Cybersecurity and Infrastructure Security Agency CISA) Enhanced Monitoring to Detect APT Activity Targeting Outlook Online (Cybersecurity and Infrastructure Security Agency CISA) How a Cloud Flaw Gave Chinese Spies a Key to Microsoft's Kingdom (WIRED) Chinese hackers breached U.S. and European government email through Microsoft bug (Record) FACT SHEET: Biden-Harris Administration Publishes the National Cybersecurity Strategy Implementation Plan | The White House (The White House) National Cybersecurity Strategy Implementation Plan (White House) LokiBot Campaign Targets Microsoft Office Document Using Vulnerabilities and Macros (Fortinet Blog) New PoC Exploit Found: Fake Proof of Concept with Backdoor Malware (Uptycs) Russia Is Trying to Leave the Internet and Build Its Own (Scientific American) The GRU's Disruptive Playbook (Mandiant)  Hack Blamed on Wagner Group Had Another Culprit, Experts Say (Bloomberg) 

Cyber Security Episode #344 with Debi Carr (Covid Conference) You wouldn't give your keys, wallet, and phone to strangers — but you're giving personal information to strangers online! And you may be doing it unawares. Phishing emails, security questions, and even that game on Facebook could all compromise personal information. And to help you be proactive in protecting yourself, your patients, and your practice, Debi Carr is here to educate you on how to develop a culture of security, both in and out of the office. For expert advice and best practices for cyber security, listen to Episode 344 of The Best Practices Show! Main Takeaways: We are giving away more personal information than we realize. Always investigate when hit with ransomware. When buying supplies online, buy from reputable and known sites. If buying from lesser-known companies, investigate before giving your information. Be wary of links and be aware of what you are downloading and clicking on. Every practice should have a security manual, and a record of the training you've done. Always use two-factor authentication whenever it is available. Have an IT partner that fully understands security. For patients and employees, have guest Wi-Fi that is off your network. Be proactive and create a plan. Without a plan, it will take longer to recover. Security doesn't begin and end in the office. Practice this everywhere. Quotes: “While we've been living in fear, there is one group of people that have actually been thriving. This is their dream environment, because any time a hacker can create fear, can create chaos, they are going to profit. And they have done that. As we become desperate, they thrive.” (00:36—01:01) “In February alone, there were over 300,000 malicious websites that were listed with ICANN and with WHOIS. And this is where you claim your website domain — 300,000 of them. The FBI has identified, or actually, Google, has identified over 500,000 phishing emails, daily, being sent out. And over 200,000 of those have got malicious attachments with them. It's crazy, because they know that if they can create panic, if they can create fear, that we won't think. We'll just click, and we'll go with it.” (01:12—02:04) “We hear a lot about ransomware, but what we don't hear a lot about is the other viruses that can affect and infect a computer or a network system. And they are actually, as far as I'm concerned, do more damage. Because a ransomware attack, it's bad. I'm not going to lie to you. That can be a devastating attack. They get into your system with a ransomware, they encrypt your system, you know they're there.” (02:20—02:48) “Whenever you get hit with ransomware, you should always investigate, especially now. We've seen more sophistication in the attacks where not only are they attacking and encrypting the data, but they are actually exfiltrating the data now. So, it's really important that you have a forensic investigation and do the response to a ransomware attack in a methodical manner.” (02:52—03:21) “To me, the infection that is worse is infections such as keyloggers that sit in your system. We've seen LokiBot. That is a keylogger that sits in the system. And we know that it's coming from emails. There's a lot of talk and conversation out there about contact tracing. And so, the hackers have jumped on that bandwagon and they're sending emails out from the World Health Organization saying, ‘You've been around somebody who has been verified with COVID-19. Click here. Download this so you know what to do.'” (03:22—04:09) “What they're doing is they're allowing a keylogger, which is a type of virus that sits in your network, and it basically mimics everything and traces every time you hit a key on the keyboard. So, you go to your bank, you put in your password. You're putting in your username. You put in your password. You're giving that information away to the hacker that's sitting in your system watching everything you do.”...

Malspam with Lokibot vs. Outlook and RFCs https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/ SAP Attacks https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications QNAP Upates Older EOL Devices https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322 GIGASET Android Phones Infected by Compromised Update Server https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gibt-Raetsel-auf-6006464.html

Malspam with Lokibot vs. Outlook and RFCs https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/ SAP Attacks https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications QNAP Upates Older EOL Devices https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322 GIGASET Android Phones Infected by Compromised Update Server https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gibt-Raetsel-auf-6006464.html

ShadowTalk hosts Stefano, Adam, Kim, and Dylan bring you the latest in threat intelligence. This week they cover: - Adam and the team discuss more SolarWinds updates - what’s the latest? - Kim talks CISA security advisory - trends in recent attacks and cyber hygiene - Dylan dives into new ransomware attack on IObit - how threat actors spread the malware to its members Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-22-january ***Resources from this week’s podcast*** Cryptocurrency: https://www.bleepingcomputer.com/news/security/iobit-forums-hacked-to-spread-ransomware-to-its-members/ https://twitter.com/BleepinComputer/status/1351261442536861697 Lokibot: https://blog.talosintelligence.com/2021/01/a-deep-dive-into-lokibot-infection-chain.html 3 Takeaways from Forrester: https://www.digitalshadows.com/blog-and-research/top-3-takeaways-from-forrester-ti-nowtech-2020/ AzureAD: https://www.digitalshadows.com/blog-and-research/azure-ad-auto-validate-exposed-credentials/ Asset and Wealth Management: https://www.digitalshadows.com/blog-and-research/threats-to-asset-and-wealth-management-in-2020-2021/ Also, don’t forget to reach out to - shadowtalk@digitalshadows.com

Our Threat Intelligence team discovered several vulnerabilities present in XCloner Backup and Restore, a WordPress plugin installed on over 30,000 sites. These vulnerabilities could have allowed an attacker to modify arbitrary files, including PHP files. The US government Cybersecurity and Infrastructure Security Agency is warning of detected persistent malicious activity traced back to LokiBot infections. An upcoming API change will break Facebook and Instagram oEmbed links across the web beginning October 24. Google has launched the Web Stories for WordPress plugin with a drag-and-drop, WYSIWYG interface for making full-screen, tappable content. Drupal patches a critical reflected XSS vulnerability. And a critical stored XSS vulnerability in Instagram's Spark AR Studio nets a 14-year-old researcher $25,000.

This week, Dr. Doug talks the Tesla outage, Microsoft Redux, Lokibot, Wicked Panda, Maze, Facebook gone forever, Magic Swords, and enchanted codpieces!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://wiki.securityweekly.com/swn68

This week, Dr. Doug talks the Tesla outage, Microsoft Redux, Lokibot, Wicked Panda, Maze, Facebook gone forever, Magic Swords, and enchanted codpieces!   Show Notes: https://wiki.securityweekly.com/swn68 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, Dr. Doug talks the Tesla outage, Microsoft Redux, Lokibot, Wicked Panda, Maze, Facebook gone forever, Magic Swords, and enchanted codpieces!   Show Notes: https://wiki.securityweekly.com/swn68 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Facebook takes down coordinated inauthenticity. A ransomware-involved death is attributed to DoppelPaymer. CISA and the FBI warn of coming election disinformation. LokiBot is back in a big way. Operation DisrupTor collars a hundred-seventy Darknet contraband merchants. Joe Carrigan comments on the botched ransomware attack in Germany that led to a woman's death. Our guest is Matt Davey from 1Password on why single sign on isn’t a silver bullet for enterprise security. And patriotic hacktivism flares along the Blue Nile. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/185

Fox Kitten appears to combine three APTs linked to Iran. LokiBot is masquerading as an installer for Epic Games. Unsigned firmware found in multiple devices. Extortionists threaten to flood AdSense banners with bot traffic. China says the Empire of Hackers is in Washington, not Beijing. Iowa Democratic caucus IT post-mortems continue. Japan connects SoftBank breach to GRU. And more on that hacker-madness poster from the West Midlands. Ben Yelin from UMD CHHS on wireless carriers selling location data. Guest is Kaitlin Bulavinetz from Washington Cyber Roundtable on facilitating conversations among the industry.  For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2020/February/CyberWire_2020_02_18.html Support our show

A daily look at the relevant information security news from overnight.Episode 198 - 18 November 2019NextCry undetectable - https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/Sacm sites explode - https://threatpost.com/holiday-shoppers-malicious-sites-posing-retailers/150326/RAT two-fer - https://www.zdnet.com/article/when-one-isnt-enough-this-shady-malware-will-infect-your-pc-with-two-trojans/End-around the endpoint - https://threatpost.com/malware-steals-info-with-advanced-obfuscation/150280/Ad non blocker - https://www.zdnet.com/article/android-malware-disguises-as-ad-blocker-but-then-pesters-users-with-ads/

LokiBot Update (November 2019) https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/ Some Packet-Fu with Zeek https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/ TPM Leaks http://tpm.fail/ Zombieload 2.0 Vulnerability https://zombieloadattack.com/

LokiBot Update (November 2019) https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/ Some Packet-Fu with Zeek https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/ TPM Leaks http://tpm.fail/ Zombieload 2.0 Vulnerability https://zombieloadattack.com/

A daily look at the relevant information security news from overnight.Episode 170 - 09 October 2019Volusion breached - https://www.zdnet.com/article/hackers-breach-volusion-and-start-collecting-card-details-from-thousands-of-sites/LokiBot spear phish - https://www.bleepingcomputer.com/news/security/microsoft-blocks-credential-theft-attack-targeting-dozens-of-orgs/Quiet Patch Tuesday - https://www.scmagazine.com/home/security-news/vulnerabilities/microsoft-repairs-59-software-bugs-on-a-quiet-patch-tuesday/Catalina patches - https://threatpost.com/apple-tackles-a-dozen-bugs-in-catalina/148988/Joomla zero-day - https://www.zdnet.com/article/zero-day-published-for-old-joomla-cms-versions/

A daily look at the relevant information security news from overnight.Episode 127 - 08 August 2019Smominru expands - https://threatpost.com/smominru-cryptominer-scrapes-credentials-half-million-machines/147038/Clipsa the brute - https://www.zdnet.com/article/new-windows-malware-can-also-brute-force-wordpress-websites/LokiBot adds steganography - https://www.bleepingcomputer.com/news/security/lokibot-uses-image-files-to-hide-code-for-unpacking-routine/State Farm brute = https://www.zdnet.com/article/state-farm-says-hackers-confirmed-valid-usernames-and-passwords-in-credentials-stuffing-attack/Leapfrog too chatty - https://www.digitaltrends.com/news/leapfrog-flaw-could-have-exposed-childrens-info-and-location/

A new speculative execution processor flaw is addressed with software mitigations. LokiBot gets more persistent, and it adopts steganography for better obfuscation. The cyber-spies of APT41 seem to be doing some moonlighting. An accused criminal who bribed telco workers to unlock phones is in custody. Scammers are exploiting the tragedies in El Paso and Dayton. And a call at Black Hat for the security sector to bring in some safety engineers. Ben Yelin from UMD CHHS on Virginia updating legislation to address Deep Fakes. Guest is James Plouffe from MobileIron on the challenges of authentication and the legacy of passwords.  

Sources name a Shi’ite militia aligned with Iran as one target of last week’s US cyberattacks. Myanmar shuts down mobile networks in its Rakhine province, where the Buddhist insurgents of the Arakan Army have been using Facebook for coordination and inspiration. A major spam campaign is distributing LokiBot and NanoCore. Finite State finds bugs in Huawei gear. Election security notes. And paying the ransom to ransomware extortionists. David Dufour from Webroot on the different trends they are tracking in Europe vs. the US. Guest is David Politis from BetterCloud with a warning about information sprawl. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/June/CyberWire_2019_06_26.html  Support our show

This week, cryptomining malware that launches Linux VMs on Windows and macOS, Oracle patches another actively-exploded WebLogic 0-day, LokiBot and NanoCore malware distributed in ISO image files, and an anonymous hacker that was exposed after dropping a USB drive while throwing a Molotov cocktail! In the expert commentary, we welcome Tyler Hudak, Practice Lead of Incident Response to talk about TrickBot malware!   Learn more about TrustedSec, visit: https://securityweekly.com/trustedsec Full Show Notes: https://wiki.securityweekly.com/HNNEpisode224   Visit https://www.securityweekly.com/hnn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, cryptomining malware that launches Linux VMs on Windows and macOS, Oracle patches another actively-exploded WebLogic 0-day, LokiBot and NanoCore malware distributed in ISO image files, and an anonymous hacker that was exposed after dropping a USB drive while throwing a Molotov cocktail! In the expert commentary, we welcome Tyler Hudak, Practice Lead of Incident Response to talk about TrickBot! Learn more about TrustedSec, visit: https://securityweekly.com/trustedsec Full Show Notes: https://wiki.securityweekly.com/HNNEpisode224 Visit http://hacknaked.tv to get all the latest episodes!

This week, cryptomining malware that launches Linux VMs on Windows and macOS, Oracle patches another actively-exploded WebLogic 0-day, LokiBot and NanoCore malware distributed in ISO image files, and an anonymous hacker that was exposed after dropping a USB drive while throwing a Molotov cocktail! In the expert commentary, we welcome Tyler Hudak, Practice Lead of Incident Response to talk about TrickBot malware!   Learn more about TrustedSec, visit: https://securityweekly.com/trustedsec Full Show Notes: https://wiki.securityweekly.com/HNNEpisode224   Visit https://www.securityweekly.com/hnn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Fake Ransomware Decryption Service https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/ Latest Lokibot Malspam https://isc.sans.edu/forums/diary/Malspam+pushing+Lokibot+malware/24372/ Chrome 71 Released https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/ RSA Followup Webcast https://www.rsaconference.com/videos/virtual-session-the-5-most-dangerous-new-attack-techniques-and-whats-to-come

Fake Ransomware Decryption Service https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/ Latest Lokibot Malspam https://isc.sans.edu/forums/diary/Malspam+pushing+Lokibot+malware/24372/ Chrome 71 Released https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/ RSA Followup Webcast https://www.rsaconference.com/videos/virtual-session-the-5-most-dangerous-new-attack-techniques-and-whats-to-come

In today's podcast we hear that MysteryBot is under development and presumably being prepared for sale on the black market. Satan ransomware gets a makeover and a new name. Apple has taken measures to make iOS traffic less accessible to snooping, but lawful snoops may already have a way around that security. Kasperky will no longer work with Europol. The US Justice Department IG reports on the FBI. And a former Jeopardy champion cops a hacking plea. Robert M. Lee from Dragos, on his efforts to educate through the use of comic strips. Guest is Scott Petry from Authentic8 discussing their FAKE booth at the RSA conference.  

More Malspam Pushing Lokibot https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/ Ethereum JSON RPC Theft https://twitter.com/360Netlab/status/1006065566728085504 CryptoCurrency Miner Plays hide-and-seek https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/ Apple Outlaws Crypto Currency Miners in App Store https://developer.apple.com/app-store/review/guidelines/#hardware-compatibility FBI Arrests Suspect in BEC Investigation https://www.fbi.gov/news/stories/international-bec-takedown-061118

More Malspam Pushing Lokibot https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/ Ethereum JSON RPC Theft https://twitter.com/360Netlab/status/1006065566728085504 CryptoCurrency Miner Plays hide-and-seek https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/ Apple Outlaws Crypto Currency Miners in App Store https://developer.apple.com/app-store/review/guidelines/#hardware-compatibility FBI Arrests Suspect in BEC Investigation https://www.fbi.gov/news/stories/international-bec-takedown-061118