Podcasts about Microsoft Exchange

  • 275PODCASTS
  • 388EPISODES
  • 37mAVG DURATION
  • 1MONTHLY NEW EPISODE
  • Jan 24, 2023LATEST

POPULARITY

20152016201720182019202020212022


Best podcasts about Microsoft Exchange

Latest podcast episodes about Microsoft Exchange

The CyberWire
Disentangling cybercrime from cyberespionage. A threat to the IoT supply chain. What do you do with the hacktivists when they stop being hacktivists? A retired FBI Special Agent is indicted.

The CyberWire

Play Episode Listen Later Jan 24, 2023 29:47


DragonSpark conducts "opportunistic" cyberattacks in East Asia. ProxyNotShell and OWASSRF exploit chains target Microsoft Exchange servers. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. CISA adds an entry to its Known Exploited Vulnerabilities Catalog. A Cisco study finds organizations see positive returns from investment in privacy. What's the hacktivist's postwar future? Joe Carrigan tracks a romance scam targeting seniors. Our guest is Pete Lund of OPSWAT to discuss the security of removable media devices. And a retired G-Man is indicted on multiple charges. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/15 Selected reading. DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation (SentinelOne) Technical Advisory: Proxy*Hell Exploit Chains in the Wild  (Bitdefender) Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (Unit 42) CISA Adds One Known Exploited Vulnerability to Catalog (CISA)   2023 Data Privacy Benchmark Study (Cicso) Hacktivism Is a Risky Career Path (WIRED) Retired FBI Executive Charged With Concealing $225,000 In Cash Received From An Outside Source (Department of Justice, U.S. Attorney's Office, District of Columbia)  Former Special Agent In Charge Of The New York FBI Counterintelligence Division Charged With Violating U.S. Sanctions On Russia (Department of Justice, U.S. Attorney's Office, Southern District of New York) Former Senior F.B.I. Official in New York Charged With Aiding Oligarch (New York Times)

Root Causes: A PKI and Security Podcast
Root Causes 252: Sidestepping Microsoft Email Encryption

Root Causes: A PKI and Security Podcast

Play Episode Listen Later Oct 31, 2022 14:11


A recently revealed vulnerability in Microsoft Exchange encryption can be used potentially to break the encryption on stored emails. In this episode we explain ECB (Electronic Code Book) encryption and how this attack can occur.

WIRED Security: News, Advice, and More
Your Microsoft Exchange Server Is a Security Liability

WIRED Security: News, Advice, and More

Play Episode Listen Later Oct 25, 2022 9:03


Endless vulnerabilities. Widespread hacking campaigns. Slow and technically tough patching. It's time to say goodbye to on-premise Exchange.

La Minute Crooner Attitude
La société Suisse Infomaniak lance une alternative mondiale à Microsoft et Google

La Minute Crooner Attitude

Play Episode Listen Later Oct 20, 2022 5:43


Der Datenschutz Talk
US Präsident macht ersten Schritt zu neuem Datenschutzabkommen - DS News KW 41/2022

Der Datenschutz Talk

Play Episode Listen Later Oct 14, 2022 28:50


Was ist in der KW41 in der Datenschutzwelt passiert, was ist für Datenschutzbeauftragte interessant? Wir geben einen kurzen Überblick der aktuellen Themen: Wichtiger Schritt für ein neues Datenschutzabkommen mit den USA (PDF der Executive Order) Zero-Day-Lücke in MS Exchange: Regelwerkänderung für Microsoft Exchange, kein Patch für Sicherheitslücke Windows-Update soll vor Brute-Force-Angriffen auf Administratorenkonten schützen Generalanwalt beim EuGH spricht sich gegen niedrige Voraussetzungen bei immateriellem DSGVO-Schadenersatz aus Themfolge mit Tim Wybitul LG Berlin: Schmerzensgeld nach unzulässiger Videoüberwachung (Urteil vom 15.07.2022 - 63 O 213/20) Öffentliche Fachaussagen dürfen in Werbung zitiert werden (Az. I ZR 171/21) Permanente Webcam-Pflicht verstößt gegen Grund- und Menschenrechte Datenschutzbestimmungen bei vernetzten Autos unzulässig (Az.: 6 Ob 106/22i) Berlin hat eine neue Datenschutzbeauftragte - Sachsen-Anhalt nicht Schufa-Simulator soll den Score transparenter machen

Security Squawk
A Major Cyberattack on US Hospital Chain- Microsoft Exchange Servers Hacked - Intel confirms leaked Alder Lake BIOS Source Code-Caffeine Service Launches Microsoft 365 Phishing Attacks- Cyberattacks Force Over a Dozen US Airport Websites Offline

Security Squawk

Play Episode Listen Later Oct 13, 2022 60:35


In this week's episode, the cybersecurity experts Bryan Hornung, Reginald Andre, Randy Bryan, and Ryan O'Hara discuss a major cyber attack that delays patient care at a US hospital chain. What are experts saying? Next, the experts talk about Microsoft Exchange servers that were hacked to deploy a LockBit ransomware. Wondering if you should move away from Microsoft Exchange email servers? Then, some hardware vendors had some issues lately and why that could have major implications for a cyberdefenders/ people trying to keep their network secure down the road. Tune In! Also, the crew talks on some Cloud services out there that are making hacking easier. Laslty, the experts will talk on some minor cyberattacks, which might be a nucance to some, but people should know those have a major impact too. Why? Tune into the show! Like and Share! Articles used: https://www.theverge.com/2022/10/11/23398707/cyberattack-hospital-system-patient-care-issues?fbclid=IwAR27gxamTbY6C1R9zAinlpd7ff2a9e1RM1QNe5KPZvOVsEJ0LSjGXv4QN9s https://www.bleepingcomputer.com/news/security/microsoft-exchange-servers-hacked-to-deploy-lockbit-ransomware/ https://www.bleepingcomputer.com/news/security/intel-confirms-leaked-alder-lake-bios-source-code-is-authentic/ https://www.bleepingcomputer.com/news/security/caffeine-service-lets-anyone-launch-microsoft-365-phishing-attacks/ https://www.theguardian.com/us-news/2022/oct/10/cyberattacks-disrupt-us-airport-websites

Paul's Security Weekly TV
Detecting Deepfake Audio, Supply PHP Attack, UMAS Secrets, & Pixel 6 Bootloader - PSW #759

Paul's Security Weekly TV

Play Episode Listen Later Oct 13, 2022 139:23


This week in the Security News: The secrets of Schneider Electric's UMAS protocol, Pixel 6 bootloader: Emulation, Securing Developer Tools: A New Supply Chain Attack on PHP, Microsoft Exchange double zero-day – “like ProxyShell, only different”, Tech Journalists Offered Bribes to Write Articles for Major Outlets, & Detecting Deepfake Audio!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw759

Paul's Security Weekly
PSW #759 - Ismael Valenzuela

Paul's Security Weekly

Play Episode Listen Later Oct 13, 2022 197:17


As Vice President of Threat Research & Intelligence at BlackBerry, Ismael Valenzuela leads threat research, intelligence, and defensive innovation. Ismael has participated as a security professional in numerous projects around the world for over the past two decades. In this episode, Ismael discusses his journey to become a top cybersecurity expert. We also explore the cybersecurity trends he and his team are seeing, and how cyber attackers are gaining a foothold and maintaining persistence. Segment Resources: https://www.blackberry.com/us/en/company/research-and-intelligence https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat   This week in the Security News: The secrets of Schneider Electric's UMAS protocol, Pixel 6 bootloader: Emulation, Securing Developer Tools: A New Supply Chain Attack on PHP, Microsoft Exchange double zero-day – “like ProxyShell, only different”, Tech Journalists Offered Bribes to Write Articles for Major Outlets, & Detecting Deepfake Audio!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw759

Paul's Security Weekly (Podcast-Only)
PSW #759 - Ismael Valenzuela

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Oct 13, 2022 197:17


As Vice President of Threat Research & Intelligence at BlackBerry, Ismael Valenzuela leads threat research, intelligence, and defensive innovation. Ismael has participated as a security professional in numerous projects around the world for over the past two decades. In this episode, Ismael discusses his journey to become a top cybersecurity expert. We also explore the cybersecurity trends he and his team are seeing, and how cyber attackers are gaining a foothold and maintaining persistence. Segment Resources: https://www.blackberry.com/us/en/company/research-and-intelligence https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat   This week in the Security News: The secrets of Schneider Electric's UMAS protocol, Pixel 6 bootloader: Emulation, Securing Developer Tools: A New Supply Chain Attack on PHP, Microsoft Exchange double zero-day – “like ProxyShell, only different”, Tech Journalists Offered Bribes to Write Articles for Major Outlets, & Detecting Deepfake Audio!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw759

Paul's Security Weekly (Video-Only)
Detecting Deepfake Audio, Supply PHP Attack, UMAS Secrets, & Pixel 6 Bootloader - PSW #759

Paul's Security Weekly (Video-Only)

Play Episode Listen Later Oct 13, 2022 139:23


This week in the Security News: The secrets of Schneider Electric's UMAS protocol, Pixel 6 bootloader: Emulation, Securing Developer Tools: A New Supply Chain Attack on PHP, Microsoft Exchange double zero-day – “like ProxyShell, only different”, Tech Journalists Offered Bribes to Write Articles for Major Outlets, & Detecting Deepfake Audio!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw759

MSP Dispatch (Video)
MSP Dispatch 10/7/22: Exchange Server Zero Days, Defense Orgs Infiltrated Per CISA, Job Reductions? (Video)

MSP Dispatch (Video)

Play Episode Listen Later Oct 7, 2022 26:28


MSP Dispatch is your source for news, community events, and commentary in the MSP channel.  Hosted by: Tony Francisco and Ray Orsini Give us your feedback by emailing news@mspmedia.tv   In today's MSP Dispatch we cover Microsoft Exchange Server Zero Days, Half of CEOs Considering Workforce Reductions Soon and Defense Orgs Infiltrated Per CISA. Register for Huntress's hack_it 22 at https://www.huntress.com/hack-it-2022 Apply for a chance to win one of five free 0-day sessions courtesy of MMN at https://go.oit.co/hackit2022 Story Links: Exchange Server Zero Dayshttps://www.darkreading.com/remote-workforce/microsoft-updates-mitigation-for-exchange-server-zero-days Half of CEOs Considering Workforce Reductions Soonhttps://www.marketwatch.com/story/more-than-half-of-ceos-consider-workforce-reductions-over-the-next-6-months-and-remote-workers-may-be-the-first-go-to-11664907913Defense Orgs Infiltrated Per CISAhttps://www.darkreading.com/attacks-breaches/cisa-multiple-apt-groups-infiltrate-defense-organizationElon Wants Twitter (Again)https://techcrunch.com/2022/10/04/elon-intends-buy-twitter/?utm_source=tldrnewsletter USB-C Standard for IOS in 2024https://www.thurrott.com/mobile/274214/eu-usb-c-standard-charging-port-2024Competitive fishermen disqualified from Ohio tournament after getting caught adding weights to their fishhttps://www.cbssports.com/general/news/competitive-fisherman-disqualified-from-ohio-tournament-after-get-caught-adding-weights-to-their-fish/ Community Events: 10/7 @ 5:00 pm ET | 38 at 38 Ep. 5 featuring Tony Francisco10/10 - 10/12 In Person Event | GlueX: Miami Beach, FL10/12 @ 12:00 pm ET | Build IT Better Discussion Presented by Everything MSP10/13 - 10/14 In Person Event | GrrCON: Grand Rapids, MI10/14 @ 10:00 am ET | MSP Dispatch Week Wrap Up Presented by The MSP Media Network Connect with our hosts:  - Tony Francisco: https://www.linkedin.com/in/tonyjfrancisco/ - Ray Orsini: https://www.linkedin.com/in/rayorsini/ Be sure to follow us on social media:  Facebook: https://www.facebook.com/mspmediatv/ Twitter: https://twitter.com/mspmediatv LinkedIn: https://www.linkedin.com/company/mspmediatv/ Instagram: https://www.instagram.com/mspmediatv   Reddit: https://www.reddit.com/r/mspmedia Discord: https://discord.gg/Hc7b55cJPF 0:00 Intro 5:05 Exchange Server Zero Days 10:24 Half of CEOs Considering Workforce Reductions Soon 16:28 Defense Orgs Infiltrated Per CISA 20:48 Notable Mentions 21:37 Feedback 23:23 Community Events 24:41 Sign-off 26:02 Outtakes

MSP Dispatch (Audio)
MSP Dispatch 10/7/22: Exchange Server Zero Days, Defense Orgs Infiltrated Per CISA, Job Reductions? (Audio)

MSP Dispatch (Audio)

Play Episode Listen Later Oct 7, 2022 26:28


MSP Dispatch is your source for news, community events, and commentary in the MSP channel.  Hosted by: Tony Francisco and Ray Orsini Give us your feedback by emailing news@mspmedia.tv   In today's MSP Dispatch we cover Microsoft Exchange Server Zero Days, Half of CEOs Considering Workforce Reductions Soon and Defense Orgs Infiltrated Per CISA. Register for Huntress's hack_it 22 at https://www.huntress.com/hack-it-2022 Apply for a chance to win one of five free 0-day sessions courtesy of MMN at https://go.oit.co/hackit2022 Story Links: Exchange Server Zero Dayshttps://www.darkreading.com/remote-workforce/microsoft-updates-mitigation-for-exchange-server-zero-days Half of CEOs Considering Workforce Reductions Soonhttps://www.marketwatch.com/story/more-than-half-of-ceos-consider-workforce-reductions-over-the-next-6-months-and-remote-workers-may-be-the-first-go-to-11664907913Defense Orgs Infiltrated Per CISAhttps://www.darkreading.com/attacks-breaches/cisa-multiple-apt-groups-infiltrate-defense-organizationElon Wants Twitter (Again)https://techcrunch.com/2022/10/04/elon-intends-buy-twitter/?utm_source=tldrnewsletter USB-C Standard for IOS in 2024https://www.thurrott.com/mobile/274214/eu-usb-c-standard-charging-port-2024Competitive fishermen disqualified from Ohio tournament after getting caught adding weights to their fishhttps://www.cbssports.com/general/news/competitive-fisherman-disqualified-from-ohio-tournament-after-get-caught-adding-weights-to-their-fish/ Community Events: 10/7 @ 5:00 pm ET | 38 at 38 Ep. 5 featuring Tony Francisco10/10 - 10/12 In Person Event | GlueX: Miami Beach, FL10/12 @ 12:00 pm ET | Build IT Better Discussion Presented by Everything MSP10/13 - 10/14 In Person Event | GrrCON: Grand Rapids, MI10/14 @ 10:00 am ET | MSP Dispatch Week Wrap Up Presented by The MSP Media Network Connect with our hosts:  - Tony Francisco: https://www.linkedin.com/in/tonyjfrancisco/ - Ray Orsini: https://www.linkedin.com/in/rayorsini/ Be sure to follow us on social media:  Facebook: https://www.facebook.com/mspmediatv/ Twitter: https://twitter.com/mspmediatv LinkedIn: https://www.linkedin.com/company/mspmediatv/ Instagram: https://www.instagram.com/mspmediatv   Reddit: https://www.reddit.com/r/mspmedia Discord: https://discord.gg/Hc7b55cJPF 0:00 Intro 5:05 Exchange Server Zero Days 10:24 Half of CEOs Considering Workforce Reductions Soon 16:28 Defense Orgs Infiltrated Per CISA 20:48 Notable Mentions 21:37 Feedback 23:23 Community Events 24:41 Sign-off 26:02 Outtakes

Chill Chill Security
EP1164: Chill Chill Security - Microsoft Exchange 0day (Updated)

Chill Chill Security

Play Episode Listen Later Oct 7, 2022 6:30


Sponsor by SEC Playground แบบสอบถามเพื่อปรับปรุง Chill Chill Security Channel: https://forms.gle/e5K396JAox2rZFp19 --- Support this podcast: https://anchor.fm/chillchillsecurity/support

Symantec Cyber Security Brief Podcast
Witchetty espionage group activity, Microsoft Exchange Server zero days, and U.S. defense sector targeted by APT groups

Symantec Cyber Security Brief Podcast

Play Episode Listen Later Oct 6, 2022 27:50


On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss a recent blog we published on the Witchetty (aka LookingFrog) espionage group, which has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa, including a new tool that employs steganography. We also discuss the recently discovered Microsoft Exchange Server zero days, the U.S. defense sector being targeted by multiple APT groups, and a newly discovered espionage actor called Metador, which was spotted operating in recent weeks. We also discuss the breach of Australian telecoms giant Optus, and some new information that has emerged about the takedown of the REvil/Sodinokibi ransomware gang.

Technado from ITProTV (Audio)
Technado, Ep. 276: VPN in the Browser

Technado from ITProTV (Audio)

Play Episode Listen Later Oct 6, 2022 55:54


After making it through the hurricane last week, the Technado team got back to business. They covered Microsoft adding a VPN in their browser, the EU officially mandating USB-C, a couple of Microsoft Exchange 0-days, a slidable screen from Intel and Samsung, and hackers releasing data from LA schools. Finally, they talked about an Australian hacker that got roasted after backtracking on his demands.

Technado from ITProTV
Technado, Ep. 276: VPN in the Browser

Technado from ITProTV

Play Episode Listen Later Oct 6, 2022 55:59


After making it through the hurricane last week, the Technado team got back to business. They covered Microsoft adding a VPN in their browser, the EU officially mandating USB-C, a couple of Microsoft Exchange 0-days, a slidable screen from Intel and Samsung, and hackers releasing data from LA schools. Finally, they talked about an Australian hacker that got roasted after backtracking on his demands.

Gestalt IT Rundown
AMD Takes On the World in the Datacenter and Cloud | Gestalt IT Rundown: October 5, 2022

Gestalt IT Rundown

Play Episode Listen Later Oct 5, 2022 31:55


Since taking over AMD's enterprise chip business in 2014, Forrest Norrod has built the perennial also-ran into a CPU powerhouse. Now that AMD is truly a major player in CPUs, the company has broadened into network adapters (acquiring Xilinx and Pensando for DPUs) and is seeing traction in ML. The Next Platform sat down with Norrod for an in-depth interview covering the competition with Intel, the development of CXL, why they bought Xilinx and Pensando, and what the future holds. This is something we've been covering for years here at Gestalt IT, so what more does this interview tell us? This and more on this week's Rundown. Head to GestaltIT.com for show notes. Time Stamps: 0:00 - Welcome to the Rundown 0:38 - First half 2022 DDoS report Netscout/Arbor 2:43 - Intel's Mobileye Files for an IPO 4:48 - Proposal for CVE disclosure protocol 6:32 - Linux 6.0 is Released 9:42 - Google spin out of wireless tight beam service provider Aalyria 11:55 - Red Hat Storage Moves to IBM 14:48 - Microsoft Exchange zero day 17:40 - AMD Takes On the World in the Datacenter and Cloud 30:31 - The Weeks Ahead 31:17 - Thanks for Watching! Follow our hosts on Social Media Tom Hollingsworth: https://www.twitter.com/NetworkingNerd Stephen Foskett: https://www.twitter.com/SFoskett Steve Puluka: https://www.twitter.com/SPuluka Follow Gestalt IT Website: https://www.GestaltIT.com/ Twitter: https://www.twitter.com/GestaltIT LinkedIn: https://www.linkedin.com/company/1789

The Gate 15 Podcast Channel
The Risk Roundtable EP 34: Awareness Month Alphabet Soup, Upcoming Festivities, and a Spicy Debate

The Gate 15 Podcast Channel

Play Episode Listen Later Oct 4, 2022 42:10


On the latest episode of the Risk Roundtable, Andy leads Dave and Jen through a discussion of the various awareness campaigns and how these efforts do a great job of providing resources and materials for all organizations, big and small. Focusing first on Cybersecurity Awareness Month that is ongoing in the month of October, Jen talked through the messaging, the themes (See Yourself in Cyber) and the importance of each of us doing our part. Later in the podcast, Dave shared his thoughts on National Insider Threat Awareness Month that concluded in September and the theme of Critical Thinking for Digital Space and how everyone can do their part. The team also talked about security preparedness for the upcoming holidays. Andy capitalized on the discussion to talk about security awareness and mindfulness to appreciate, regardless of who you are and what your beliefs are. To cap off the episode, Andy took the roundtable through his three questions to include the always spicy debates on pumpkin pie and pumpkin flavored drinks. Microsoft Exchange links: https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/ https://www.helpnetsecurity.com/2022/10/03/ms-exchange-cve-2022-41040-cve-2022-41082/ https://www.tenable.com/blog/cve-2022-41040-and-cve-2022-41082-proxyshell-variant-exploited-in-the-wild https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 Additional links include: Rob Joyce Cybersecurity Awareness Month Tweet: https://twitter.com/nsa_csdirector/status/1576879730006974464?s=21&t=i5SFfoTH_fMVxFbhMl1I2A Catalin Cimpanu Cybersecurity Awareness Month Tweet: https://twitter.com/campuscodi/status/1573485751278379018?s=21&t=i5SFfoTH_fMVxFbhMl1I2A Podcast link – https://gate15.global/the-gate-15-interview-cybersecurity-awareness-month-2022-with[…]ac-plus-background-shout-outs-favorite-movies-tigers-and-more/ Be A Cybersecurity Awareness Month Champion- https://staysafeonline.org/programs/cybersecurity-champion/ NCTC indicators – https://www.dni.gov/index.php/nctc-newsroom/nctc-resources/item/2272-u-s-violent-extremist-mobilization-indicators-2021 G15 resources IT - https://gate15.global/resources/insider-threat/ Jen Lyn Walker Tweet - https://twitter.com/gate15_jen/status/1576978983064780804?s=21&t=i5SFfoTH_fMVxFbhMl1I2A Major in the United States Army and a Maryland Doctor Facing Federal Indictment for Allegedly Providing Confidential Health Information to a Purported Russian Representative to Assist Russia Related to the Conflict In Ukraine https://www.justice.gov/usao-md/pr/major-united-states-army-and-maryland-doctor-facing-federal-indictment-allegedly Honolulu Man Pleads Guilty to Sabotaging Former Employer's Computer Network - https://www.justice.gov/usao-hi/pr/honolulu-man-pleads-guilty-sabotaging-former-employer-s-computer-network

CISO Tradecraft
#98 - Outrunning the Bear

CISO Tradecraft

Play Episode Listen Later Oct 3, 2022 33:12


Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader.  My name is G. Mark Hardy, and today we are going to discuss how nation state conflict and sponsored cyberattacks can affect us as non-combatants, and what we should be doing about it.  Even if you don't have operations in a war zone, remember cyber has a global reach, so don't think that just because you may be half a world away from the battlefield that someone is not going to reach out and touch you in a bad way.  So, listen for what I think will be a fascinating episode, and please do us a small favor and give us a "like" or a 5-star review on your favorite podcast platform -- those ratings really help us reach our peers.  It only takes a click -- thank you for helping out our security leadership community. I'm not going to get into any geopolitics here; I'm going to try to ensure that this episode remains useful for quite some time.  However, since the conflict in Ukraine has been ongoing for over two hundred days, I will draw examples from that. The ancient Chinese military strategist Sun Tzu wrote: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.  If you know neither the enemy nor yourself, you will succumb in every battle.” That's a little more detailed than the classic Greek aphorism, "know thyself," but the intent is the same even today.  Let me add one more quote and we'll get into the material.  Over 20 years ago, when he was Secretary of Defense, Donald Rumsfeld said: "As we know, there are known knowns; there are things we know we know.  We also know there are known unknowns; that is to say we know there are some things we do not know.  But there are also unknown unknowns—the ones we don't know we don't know.  And if one looks throughout the history of our country and other free countries, it is the latter category that tends to be the difficult ones. So, knowledge seems extremely important throughout the ages.  Modern governments know that, and as a result all have their own intelligence agencies.  Let's look at an example.  If we go to the CIA's website, we will see the fourfold mission of the Central Intelligence Agency: Collecting foreign intelligence that matters Producing objective all-source analysis Conducting effective covert action as directed by the President Safeguarding the secrets that help keep our nation safe. Why do we mention this?  Most governments around the world have similar Nation State objectives and mission statements.  Additionally, it's particularly important to understand what is wanted by "state actors" (note, I'll use that term for government and contract intelligence agents.). What are typical goals for State Actors?  Let's look at a couple: Goal 1: Steal targeting data to enable future operations.  Data such as cell phone records, banking statements or emails allow countries to better target individuals and companies when they know that identifying information.  Additionally, targeting data allows Nation state organizations to understand how individuals are connected.  This can be key when we are looking for key influencers for targets of interest.  All targeting data should not be considered equal.  Generally, Banking and Telecom Data are considered the best for collecting so be mindful if that is the type of company that you protect.  State Actors target these organizations because of two factors:The Importance of the Data is the first factor.  If one party sends a second party an email, that means there is a basic level of connection.  However, it's not automatically a strong connection since we all receive emails from spammers.  If one party calls someone and talks for 10 minutes to them on a phone call, that generally means a closer connection than an email.  Finally, if one party sends money to another party that either means a really strong connection exists, or someone just got scammed. The Accuracy of the Data is the second factor.  Many folks sign up for social media accounts with throw away credentials (i.e., fake names and phone numbers).  Others use temporary emails to attend conferences, so they don't get marketing spam when they get home.  However, because of Anti Money Laundering (or AML) laws, people generally provide legitimate data to financial services firms.  If they don't, then they risk not being able to take the money out of a bank -- which would be a big problem. A second goal in addition to collecting targeting data, is that State Actors are interested in collecting Foreign Intelligence.  Foreign Intelligence which drives policy-making decisions is very impactful.  Remember, stealing secrets that no one cares about is generally just a waste of government tax dollars.  If governments collect foreign intelligence on sanctioned activity, then they can inform policy makers on the effectiveness of current sanctions, which is highly useful.  By reporting sanctioned activity, the government can know when current sanctions are being violated and when to update current sanctions.  This can result in enabling new intelligence collection objectives.  Examples of this include:A country may sanction a foreign air carrier that changes ownership or goes out of business.  In that case, sanctions may be added against different airlines.  This occurred when the US sanctioned Mahan Air, an Iran's airline.  Currently the US enforces sanctions on more than half of Iran's civilian airlines. A country may place sanctions on a foreign bank to limit its ability to trade in certain countries or currencies.  However, if sanctioned banks circumvent controls by trading with smaller banks which are not sanctioned, then current sanctions are likely ineffective.  Examples of sanctioning bank activity by the US against Russia during the current war with Ukraine include:On February 27th sanctions were placed against Russian Banks using the SWIFT international payment systems On February 28th, the Russian Central Bank was sanctioned On March 24th, the Russian Bank Sberbank CEO was sanctioned On April 5th, the US IRS suspended information exchanges with the Russian tax authorities to hamper Moscow's ability to collect taxes. On April 6th, the US sanctioned additional Russian banks. These sanctions didn't just start with the onset of hostilities on 24 February 2022.  They date back to Russia's invasion of Crimea.  It's just that the US has turned up the volume this time. If sanctions are placed against a country's nuclear energy practices, then knowing what companies are selling or trading goods into the sanctioned country becomes important.  Collecting information from transportation companies that identify goods being imported and exported into the country can also identify sanction effectiveness. A third goal or activity taken by State Actors is covert action.  Covert Action is generally intended to cause harm to another state without attribution.  However, anonymity is often hard to maintain.If we look at Russia in its previous history with Ukraine, we have seen the use of cyber attacks as a form of covert action.  The devastating NotPetya malware (which has been generally accredited to Russia) was launched as a supply chain attack.  Russian agents compromised the software update mechanism of Ukrainian accounting software M.E. Doc, which was used by nearly 400,000 clients to manage financial documents and file tax returns.  This update did much more than the intended choking off of Ukrainian government tax revenue -- Maersk shipping estimates a loss of $300 million.  FedEx around $400 million.  The total global damage to companies is estimated at around $10 billion. The use of cyberattacks hasn't been limited to just Russia.  Another example is Stuxnet.  This covert action attack against Iranian nuclear facilities that destroyed nearly one thousand centrifuges is generally attributed to the U.S. and Israel. Changing topics a little bit, we can think of the story of two people encountering a bear. Two friends are in the woods, having a picnic.  They spot a bear running at them.  One friend gets up and starts running away from the bear.  The other friend opens his backpack, takes out his running shoes, changes out of his hiking boots, and starts stretching.  “Are you crazy?” the first friend shouts, looking over his shoulder as the bear closes in on his friend.  “You can't outrun a bear!”  “I don't have to outrun the bear,” said the second friend.  “I only have to outrun you.” So how can we physically outrun the Cyber Bear? We need to anticipate where the Bear is likely to be encountered.  Just as national park signs warn tourists of animals, there's intelligence information that can inform the general public.  If you are looking for physical safety intelligence you might consider:The US Department of State Bureau of Consular Affairs.  The State Department hosts a travel advisory list.  This list allows anyone to know if a country has issues such as Covid Outbreaks, Civil Unrest, Kidnappings, Violent Crime, and other issues that would complicate having an office for most businesses. Another example is the CIA World Factbook.  The World Factbook provides basic intelligence on the history, people, government, economy, energy, geography, environment, communications, transportation, military, terrorism, and transnational issues for 266 world entities. Additionally you might also consider data sources from the World Health Organization and The World Bank If we believe that one of our remote offices is now at risk, then we need to establish a good communications plan.  Good communications plans generally require at least four forms of communication.  The acronym PACE or Primary, Alternate, Contingency, and Emergency is often usedPrimary Communication: We will first try to email folks in the office. Alternate Communication: If we are unable to communicate via email, then we will try calling their work phones. Contingency Communication: If we are unable to reach individuals via their work phones, then we will send a Text message to their personal cell phones. Emergency Communication: If we are unable to reach them by texting their personal devices, then we will send an email to their personal emails and next of kin. Additionally, we might purchase satellite phones for a country manager.  Satellite phones can be generally purchased for under $1,000 and can be used with commercial satellite service providers such as Inmarsat, Globalstar, and Thuraya.  One popular plan is Inmarsat's BGAN.  BGAN can usually be obtained from resellers for about $100 per month with text messaging costing about fifty cents each and calls costing about $1.50 per minute.  This usually translates to a yearly cost of $1,500-2K per device.  Is $2K worth the price of communicating to save lives in a high-risk country during high political turmoil?  Let your company decide.  Note a great time to bring this up may be during use-or-lose money discussions at the end of the year. We should also consider preparing egress locations.  For example, before a fire drill most companies plan a meetup location outside of their building so they can perform a headcount.  This location such as a vacant parking lot across the street allows teams to identify missing personnel which can later be communicated to emergency personnel.  If your company has offices in thirty-five countries, you should think about the same thing, but not assembling across the street but across the border.  Have you identified an egress office for each overseas country?  If you had operations in Ukraine, then you might have chosen a neighboring country such as Poland, Romania, or Hungary to facilitate departures.  When things started going bad, that office could begin creating support networks to find local housing for your corporate refugees.  Additionally, finding job opportunities for family members can also be extremely helpful when language is a barrier in new countries. If we anticipate the Bear is going to attack our company digitally, then we should also look for the warning signs.  Good examples of this include following threat intelligence information from: Your local ISAC organization.  ISAC or Information Sharing Analysis Centers are great communities where you can see if your vertical sector is coming under attack and share your experiences/threats.  The National Council of ISACs lists twenty-five different members across a wide range of industries.  An example is the Financial Services ISAC or FS-ISAC which has a daily and weekly feed where subscribers can find situational reports on cyber threats from State Actors and criminal groups. InfraGard™ is a partnership between the Federal Bureau of Investigation and members of the private sector for the protection of US Critical Infrastructure.  Note you generally need to be a US citizen without a criminal history to join AlienVault offers a Threat Intelligence Community called Open Threat Exchange which grants users free access to over nineteen million threat indicators.  Note AlienVault currently hosts over 100,000 global participants, so it's a great place to connect with fellow professionals. The Cybersecurity & Infrastructure Security Agency or CISA also routinely issues cybersecurity advisories to stop harmful malware, ransomware, and nation state attacks.  Helpful pages on their websites include the following:Shields Up which provides updates on cyber threats, guidance for organizations, recommendations for corporate Leaders and CEOs, ransomware responses, free tooling, and steps that you can take to protect your families. There's even a Shields Technical Guidance page with more detailed recommendations. CISA routinely puts out Alerts which identify threat actor tactics and techniques.  For example, Alert AA22-011A identifies how to understand and mitigate Russian State Sponsored Cyber Threats to US Critical Infrastructure.  This alert tells you what CVEs the Russian government is using as well as the documented TTPs which map to the MITRE ATT&CK™ Framework.  Note if you want to see more on the MITRE ATT&CK mapped to various intrusion groups we recommend going to attack.mitre.org slant groups. CISA also has notifications that organizations can sign up for to receive timely information on security issues, vulnerabilities, and high impact activity. Another page to note on CISA's website is US Cert.  Here you can report cyber incidents, report phishing, report malware, report vulnerabilities, share indicators, or contact US Cert.  One helpful page to consider is the Cyber Resilience Review Assessment.  Most organizations have an IT Control to conduct yearly risk assessments, and this can help identify weaknesses in your controls. Now that we have seen a bear in the woods, what can we do to put running shoes on to run faster than our peers?  If we look at the CISA Shield Technical Guidance Page we can find shields up recommendations such as remediating vulnerabilities, enforcing MFA, running antivirus, enabling strong spam filters to prevent phishing attacks, disabling ports and protocols that are not essential, and strengthening controls for cloud services.  Let's look at this in more detail to properly fasten our running shoes. If we are going to remediate vulnerabilities let's focus on the highest priority.  I would argue those are high/critical vulnerabilities with known exploits being used in the wild.  You can go to CISA's Known Exploited Vulnerabilities Catalog page for a detailed list.  Each time a new vulnerability gets added, run a vulnerability scan on your environment to prioritize patching. Next is Multi Factor Authentication (MFA).  Routinely we see organizations require MFA access to websites and use Single Sign On.  This is great -- please don't stop doing this.  However, we would also recommend MFA enhancements in two ways.  One, are you using MFA on RDP/SSH logins by administrators?  If not, then please enable immediately.  You never know when one developer will get phished, and the attacker can pull his SSH keys.  Having MFA means even when those keys are lost, bad actor propagation can be minimized.  Another enhancement is to increase the security within your MFA functionality.  For example, if you use Microsoft Authenticator today try changing from a 6 digit rotating pin to using security features such as number matching that displays the location of their IP Address.  You can also look at GPS conditional policies to block all access from countries in which you don't have a presence. Running antivirus is another important safeguard.  Here's the kicker -- do you actually know what percentage of your endpoints are running AV and EDR agents?  Do you have coverage on both your Windows and Linux Server environments?  Of the agents running, what portion have signatures updates that are not current?  How about more than 30 days old.  We find a lot of companies just check the box saying they have antivirus, but if you look behind the scenes you can see that antivirus isn't as effective as you think when it's turned off or outdated. Enabling Strong Spam Filters is another forgotten exercise.  Yes, companies buy solutions like Proofpoint to secure email, but there's more that can be done.  One example is implementing DMARC to properly authenticate and block spoofed emails.  It's the standard now and prevents brand impersonation.  Also please consider restricting email domains.  You can do this at the very top.  Today, the vast majority of legitimate correspondents still utilize one of the original seven top-level domains:  .com, .org, .net, .edu, .mil, .gov, and .int, as well as two-letter country code top-level domains (called ccTLDs).  However, you should look carefully at your business correspondence to determine if communicating with all 1,487 top-level domains is really necessary.  Let's say your business is located entirely in the UK.  Do you really want to allow emails from Country codes such as .RU, .CN, and others?  Do you do business with .hair, or .lifestyle, or .xxx?  If you don't have a business reason for conducting commerce with these TLDs, block them and minimize both spam and harmful attacks.  It won't stop bad actors from using Gmail to send phishing attacks, but you might be surprised at just how much restricting TLDs in your email can help.  Note that you have to be careful not to create a self-inflicted denial of service, so make sure that emails from suspect TLDs get evaluated before deletion. Disabling Ports and Protocols is key since you don't want bad actors having easy targets.  One thing to consider is using Amazon Inspector.  Amazon Inspector has rules in the network reachability package to analyze your network configurations to find security vulnerabilities in your EC2 Instances.  This can highlight and provide guidance about restricting access that is not secure such as network configurations that allow for potentially malicious access such as mismanaged security groups, Access Control Lists, Internet Gateways, etc. Strengthening Cloud Security- We won't go into this topic too much as you could spend a whole talk on strengthening cloud security.  Companies should consider purchasing a cloud security solution like Wiz, Orca, or Prisma for help in this regard.  One tip we don't see often is using geo-fencing and IP allow-lists.  For example, one new feature that AWS recently created is to enable Web Application Firewall protections for Amazon Cognito.  This makes it easier to protect user pools and hosted UIs from common web exploits. Once we notice there's likely been a bear attack on our peers or our infrastructure, we should report it.  This can be done by reporting incidents to local governments such as CISA or a local FBI field office, paid sharing organizations such as ISAC, or free communities such as AlienVault OTX. Let's walk through a notional example of what we might encounter as collateral damage in a cyberwar.  However, to keeps this out of current geopolitics, we'll use the fictitious countries Blue and Orange. Imagine that you work at the Acme Widget Corporation which is a Fortune 500 company with a global presence.  Because Acme manufactures large scale widgets in their factory in the nation of Orange, they are also sold to the local Orange economy.  Unfortunately for Acme, Orange has just invaded their neighboring country Blue.  Given that Orange is viewed as the aggressor, various countries have imposed sanctions against Orange.  Not wanting to attract the attention of the Orange military or the U.S. Treasury department, your company produces an idea that might just be crazy enough to work.  Your company is going to form a new company within Orange that is not affiliated with the parent company for the entirety of the war.  This means that the parent company won't provide services to the Orange company.  Additionally, since there is no affiliation between the companies then the legal department advises that there will not be sanction evasion activity which could put the company at risk.  There's just one problem.  Your company has to evict the newly created Orange company (Acme Orange LLC) from its network and ensure it has the critical IT services to enable its success. So where do we start?  Let's consider a few things.  First, what is the lifeblood of a company?  Every company really needs laptops and Collaboration Software like Office 365 or GSuite.  So, if we have five hundred people in the new Acme Orange company, that's five hundred new laptops and a new server that will host Microsoft Exchange, a NAS drive, and other critical Microsoft on premises services. Active Directory: Once you obtain the server, you realize a few things.  Previous Acme admin credentials were used to troubleshoot desktops in the Orange environment.  Since exposed passwords are always a bad thing, you get your first incident to refresh all passwords that may have been exposed.  Also, you ensure a new Active Directory server is created for your Orange environment.  This should leverage best practices such as MFA since Orange Companies will likely come under attack. Let's talk about other things that companies need to survive: Customer relations management (CRM) services like Salesforce Accounting and Bookkeeping applications such as QuickBooks Payment Software such as PayPal or Stripe File Storage such as Google Drive or Drop Box Video Conferencing like Zoom Customer Service Software like Zendesk Contract Management software like DocuSign HR Software like Bamboo or My Workday Antivirus & EDR software Standing up a new company's IT infrastructure in a month is never a trivial task.  However, if ACME Orange is able to survive for 2-3 years it can then return to the parent company after the sanctions are lifted. Let's look at some discussion topics. What IT services will be the hardest to transfer? Can new IT equipment for Acme Orange be procured in a month during a time of conflict? Which services are likely to only have a SaaS offering and not enable on premises during times of conflicts? Could your company actually close a procurement request in a one-month timeline? If we believe we can transfer IT services and get the office up and running, we might look at our cyber team's role in providing recommendations to a new office that will be able to survive a time of turmoil. All laptops shall have Antivirus and EDR enabled from Microsoft. Since the Acme Orange office is isolated from the rest of the world, all firewalls will block IP traffic not originating from Orange. SSO and MFA will be required on all logins Backups will be routinely required. Note if you are really looking for effective strategies to mitigate cyber security incidents, we highly recommend the Australian Essential Eight.  We have a link in our show notes if you want more details. Additionally, the ACME Orange IT department will need to create its own Incident Response Plan (IRP).  One really good guide for building Cyber Incident Response Playbooks comes from the American Public Power Association.  (I'll put the link in our show notes.)  The IRP recommends creating incident templates that can be used for common attacks such as: Denial of Service (DoS) Malware Web Application Attack (SQL Injection, XSS, Directory Traversal, …) Cyber-Physical Attack Phishing Man in the middle attack Zero Day Exploit This Incident Response Template can identify helpful information such as Detection: Record how the attack was identified Reporting: Provide a list of POCs and contact information for the IT help desk to contact during an event Triage: List the activities that need to be performed during Incident Response.  Typically, teams follow the PICERL model.  (Preparation - Identification - Containment - Eradication - Recovery - Lessons Learned) Classification: Depending on the severity level of the event, identify additional actions that need to occur Communications: Identify how to notify local law enforcement, regulatory agencies, and insurance carriers during material cyber incidents.  Additionally describe the process on how communications will be relayed to customers, employees, media, and state/local leaders. As you can see, there is much that would have to be done in response to a nation state aggression or regional conflict that would likely fall in your lap.  If you didn't think about it before, you now have plenty of material to work with.  Figure out your own unique requirements, do some tabletop exercises where you identify your most relevant Orange and Blue future conflict, and practice, practice, practice.  We learned from COVID that companies that were well prepared with a disaster response plan rebranded as a pandemic response plan fared much better in the early weeks of the 2020 lockdown.  I know my office transitioned to remote work for over sixty consecutive weeks without any serious IT issues because we had a written plan and had practiced it.  Here's another one for you to add to your arsenal.  Take the time and be prepared -- you'll be a hero "when the bubble goes up."  (There -- you've learned an obscure term that nearly absent from a Google search but well-known in the Navy and the Marine Corps.) Okay, that's it for today's episode on Outrunning the Bear.  Let's recap: Know yourself Know what foreign adversaries want Know what information, processes, or people you need to protect Know the goals of state actors:steal targeting data collect foreign intelligence covert action Know how to establish a good communications plan (PACE)Primary Alternate Contingency Emergency Know how to get out of Dodge Know where to find private and government threat intelligence Know your quick wins for protectionremediate vulnerabilities implement MFA everywhere run current antivirus enable strong spam filters restrict top level domains disable vulnerable or unused ports and protocols strengthen cloud security Know how to partition your business logically to isolate your IT environments in the event of a sudden requirement. Thanks again for listening to CISO Tradecraft.  Please remember to like us on your favorite podcast provider and tell your peers about us.  Don't forget to follow us on LinkedIn too -- you can find our regular stream of low-noise, high-value postings.  This is your host G. Mark Hardy, and until next time, stay safe. References https://www.goodreads.com/quotes/17976-if-you-know-the-enemy-and-know-yourself-you-need https://en.wikipedia.org/wiki/There_are_known_knowns  https://www.cia.gov/about/mission-vision/  https://www.cybersecurity-insiders.com/ukraines-accounting-software-firm-refuses-to-take-cyber-attack-blame/  https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/  https://www.nationalisacs.org/member-isacs-3  https://attack.mitre.org/groups/  https://data.iana.org/TLD/tlds-alpha-by-domain.txt  https://www.publicpower.org/system/files/documents/Public-Power-Cyber-Incident-Response-Playbook.pdf 

The CyberWire
Microsoft Exchange zero-days exploited. Supply chain attack reported. New Lazarus activity. Mexican government falls victim to hacktivism. Hacking partial mobilization. Former insider threat.

The CyberWire

Play Episode Listen Later Oct 3, 2022 35:37


Two Microsoft Exchange zero-days exploited in the wild. A supply chain attack, possibly from Chinese intelligence services. There's new Lazarus activity: bring-your-own-vulnerable-driver. The Mexican government falls victim to apparent hacktivism. Flying under partial mobilization's radar. Betsy Carmelite from Booz Allen Hamilton talks about addressing the cyber workforce skills gap. Our guest Rachel Tobac from SocialProof Security brings a musical approach to security awareness training. How's your off-boarding program working out? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/190 Selected reading. Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server (CISA)  Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center) Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server (GTSC) URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different” (Naked Security) Microsoft confirms two Exchange Server zero days are being used in cyberattacks (The Record by Recorded Future)Microsoft confirms new Exchange zero-days are used in attacks (BleepingComputer)  Two Microsoft Exchange zero-days exploited in the wild. (CyberWre)  CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) Suspected Chinese hackers tampered with widely used customer chat program, researchers say (Reuters) Report: Commercial chat provider hijacked to spread malware in supply chain attack (The Record by Recorded Future)  CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer (crowdstrike.com) Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium (WeLiveSecurity) Lazarus & BYOVD: evil to the Windows core (Virus Bulletin) Lazarus hackers abuse Dell driver bug using new FudModule rootkit (BleepingComputer) Mexican government suffers major data hack, president's health issues revealed (Reuters) Mexican president confirms ‘Guacamaya' hack targeting regional militaries (The Record by Recorded Future) Analysis: Mexico data hack exposes government cybersecurity vulnerability (Reuters) Russians dodging mobilization behind flourishing scam market (BleepingComputer)  Honolulu Man Pleads Guilty to Sabotaging Former Employer's Computer Network (US Department of Justice)

FortiGuard Threat Intelligence Podcast
FortiGuardLIVE #48 - Microsoft Exchange 0-Day Vulnerability Updates

FortiGuard Threat Intelligence Podcast

Play Episode Listen Later Oct 3, 2022 12:04


Join #FortiGuardLabs' Derek Manky and Aamir Lakhani for another edition of FortiGuardLIVE as they provide an update on zero-day vulnerabilities on Microsoft Exchange Servers. Hear the latest about these vulnerabilities and protections. #RCEVulnerability #ZeroDay

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Microsoft Exchange 0-Day Update https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/ CISA Adds Atlasian Bitbucket Vulnerability to Exploited List https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog Every unsandboxed app has Full Disk Access if Terminal Does https://lapcatsoftware.com/articles/FullDiskAccess.html

ScanNetSecurity 最新セキュリティ情報
Microsoft Exchange サーバにゼロデイ脆弱性、悪用した攻撃も確認

ScanNetSecurity 最新セキュリティ情報

Play Episode Listen Later Oct 2, 2022 0:09


日本マイクロソフト株式会社は9月30日、Microsoft Exchange サーバのゼロデイ脆弱性について同社ブログで発表した。

Cyber5: This Week in IT Security
Cyber5: --Special Bulletin-- Friday, September 30th, 2022 -- MS Exchange Zero-Day

Cyber5: This Week in IT Security

Play Episode Listen Later Sep 30, 2022 4:50


Wayne Selk, executive director of the CompTIA ISAO -- Special Bulletin -- New zero-day for MS Exchange Servers. Follow along on the Huntress Blog here: New 0-Day Vulnerabilities Found in Microsoft Exchange (huntress.com) and the Temporary Containment Steps here: Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server | Blog | GTSC - Cung cấp các dịch vụ bảo mật toàn diện (gteltsc.vn). Scroll down to the Temporary Containment Steps. Also, below that they list the Indicators of Compromise to determine if your server has already been exploited. Tune in each week to hear the most important cybersecurity news and threat alerts from last week in the ISAO forum and updates you need to know for the week ahead from host Wayne Selk, executive director of the CompTIA ISAO. Listen now, subscribe, and tune in every Friday for the latest news.

The Virtual CISO Moment
The Virtual CISO Moment Wrap Up for Friday, September 30, 2022

The Virtual CISO Moment

Play Episode Listen Later Sep 30, 2022 14:33


Microsoft Exchange zero days, Optus update, Brute Ratel cracked, 60% of cyber pros report "losing ground", more on the risk of deepfakes, and cyber insurance providers pivoting to requiring adherence to frameworks and risk management. https://thehackernews.com/2022/09/microsoft-confirms-2-new-exchange-zero.html https://www.bbc.com/news/world-australia-63056838 https://www.bleepingcomputer.com/news/security/hackers-now-sharing-cracked-brute-ratel-post-exploitation-kit-online/ https://www.businesswire.com/news/home/20220926005190/en/60-of-Cybersecurity-Professionals-Feel-They-Are-Losing-Ground-Against-Cybercriminals https://www.theregister.com/2022/09/28/trend_deepfake_video/ https://community.microfocus.com/cyberres/b/sws-22/posts/cyber-insurance-customers-need-to-be-more-cyber-resilient --- This episode is sponsored by · Anchor: The easiest way to make a podcast. https://anchor.fm/app --- Send in a voice message: https://anchor.fm/virtual-ciso-moment/message Support this podcast: https://anchor.fm/virtual-ciso-moment/support

Protecting People
Five Minute Forecast for the week of 9/26/2022

Protecting People

Play Episode Listen Later Sep 26, 2022


Five Minute Forecast for the week of September 26th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. London police arrest teen who may be connected to Uber, Rockstar attacks A highly advanced cyber-spying group found in telecom and university systems And malicious OAuth cloud apps turn Microsoft Exchange servers into spam networks  We're joined by former Gartner analyst Jonathan Care, who explains how to identify and protect against insider and external threats.

Irish Tech News Audio Articles
Digitalisation and the importance of OT network security

Irish Tech News Audio Articles

Play Episode Listen Later Sep 7, 2022 7:59


Eaton's Country Manager for Ireland, Phil Kane discusses digitalization and the importance of OT network security. In various industries around the world, there's a major movement towards going digital. You've probably heard of the IoT – and now the IIoT, or the Industrial Internet of Things, is bringing digital connectivity to manufacturing floors, commercial buildings and even the electrical grid. And this trend not only has an impact on information technology (IT) but also on operational technology (OT). Digitalisation and the importance of OT network security As technology continues to evolve, organizations are constantly adopting better and more efficient ways of doing business – but this new digital transformation also gives rise to new threats and vulnerabilities. Gone are the days when critical infrastructure relied on air gaps for security alone. Today, there are more smart devices than ever, and when there's a business need to connect a component that was not designed for secure connection to a network, you open up a huge vector for possible exploitation. It's also important to know that external threat actors have evolved over the years and now deploy more sophisticated methods and capabilities to carry out cyberattacks. As a result, companies are swinging into action to protect what matters to them. What exactly are OT networks? Aside from regular IT devices, an OT network might include SCADA (supervisory control and data acquisition) systems, building automation systems and DCS (distributed control systems). These systems are used to monitor and control motors, sensors or controllers, and they continuously collect and send relevant data to control rooms and ERP systems. They rely on high-speed communications through fieldbuses and standard ICS (industrial control system) protocols like HART, PROFIBUS, Modbus TCP, BACnet, and so on. Much like in IT, system reliability is also a top priority in OT. Poor cybersecurity practices could potentially cause harm to critical operations. Companies need to be proactive to improve their cybersecurity policies by focusing on some core principles, such as asset management, training and staff awareness of secure access and configuration. Is there a difference between IT and OT security? IT and OT have entirely different priorities when determining and balancing risk. IT uses the CIA model, which stands for confidentiality, integrity and availability, to determine how data and systems are protected, while the orders is reversed – availability, integrity and confidentiality – when making similar decisions in OT. This means that within an IT network, a system can usually be taken offline to apply updates and patches on the fly. But in an OT network, a higher level of planning and change management processes are required to make any modifications to protect operations. There are several gaps between IT and OT security, from budgets to differences in domain knowledge and the prioritization of cybersecurity goals. IT security teams tend to be proactive, with many security tools at their disposal, enabling them to constantly find and mitigate vulnerabilities. Even though OT security teams may assign a similar priority to cybersecurity, they may not be able to install such tools within the OT network or to take down systems immediately in order to apply security updates and patches. Recently, greater efforts have been made towards IT and OT convergence, and it's important to continue this dialogue, so that experts from both fields gain a better understanding of how they can support each other and align on their cybersecurity objectives. Types of data breaches One example of an IT data breach is the recent Microsoft Exchange server incident, which may have affected over 30,000 organisations in the US. This is significant because it shows how a vulnerability in one type of off-the-shelf software could be exploited across multiple organisations. Similarly, it was reported that hackers ha...

Mike Tech Show
MTS-2022-09-01 #839

Mike Tech Show

Play Episode Listen Later Sep 2, 2022


Google G-Suite to Microsoft Exchange lessons, Learning PowerShell

Technado from ITProTV
Episode 263: First Laptop With a RISC-V Processor Is Coming

Technado from ITProTV

Play Episode Listen Later Jul 7, 2022 52:45


Don and Daniel are joined by Ronnie Wong this week to talk about the first laptop with a RISC-V processor that'll come out soon. Then, the team discussed bypassing Windows 11 install restrictions, Azure capacity issues, Microsoft Exchange servers getting hacked, how HackerOne handled its own ‘internal threat' actor, and British army crypto scams.

Technado from ITProTV (Audio)
Episode 263: First Laptop With a RISC-V Processor Is Coming

Technado from ITProTV (Audio)

Play Episode Listen Later Jul 7, 2022 52:46


Don and Daniel are joined by Ronnie Wong this week to talk about the first laptop with a RISC-V processor that'll come out soon. Then, the team discussed bypassing Windows 11 install restrictions, Azure capacity issues, Microsoft Exchange servers getting hacked, how HackerOne handled its own ‘internal threat' actor, and British army crypto scams.

BroHouser
S03E05 - Auto: BYD, de Audi Riksja en de elektrische Hummer, Techniek: backdoor Microsoft Exchange, 1 camera op 3 Chinezen, losgeld Universiteit Maastricht terug met winst en salderingswaarsching

BroHouser

Play Episode Listen Later Jul 6, 2022 32:13


Luister naar de nieuwe aflevering of kijk mee op Youtube. Deze aflevering spraken Arjan en Tonie o.a. over de volgende onderwerpen. Zo krijgen afgedankte Audi's een tweede leven in India | Auto | AD.nl Alweer een nieuw (Chinees) automerk in Nederland: BYD | Auto | AD.nl 'Elektrische Hummer komt ook naar Europa' | RTL Nieuws Supercar Blondie Fan - First Electric Hummer Is Faster Than A Lamborghini | Facebook Mailservers Microsoft kwetsbaar voor malware via geheime achterdeur | RTL Nieuws Universiteit Maastricht krijgt losgeld voor hack terug met flinke winst (nos.nl) Bewakingssysteem China groter dan gedacht: half miljard camera's | RTL Nieuws Fouten ontdekt in energienota's bij teruglevering zonnepanelen | NU - Het laatste nieuws het eerst op NU.nl Bijrijder legt blikseminslag in truck vast in VS | NU.nl En vergeet niet te luisteren via Spotify naar Arjan Tutti voor rustige pianomuziek, bijvoorbeeld om in slaap te vallen ;-) --- Send in a voice message: https://anchor.fm/brohouser/message

Noticias de Tecnología Express
Noticias de ciberseguridad – NTX 154

Noticias de Tecnología Express

Play Episode Listen Later Jul 4, 2022 8:44


Detectan brecha de datos en China, Fan ID será obligatorio en la primera división y el peligro de SessionManager Puedes apoyar la realización de este programa con una suscripción. Más información por acáNoticias:-En México, la Liga MX anunció que el Fan ID será obligatorio para todas las sedes de los equipos de primera división. -TikTok dijo que está trabajando en un programa llamado “Proyecto Texas”, el cual “hará un progreso sustancial para el cumplimiento del acuerdo final con el gobierno estadounidense que salvaguardará completamente los datos de los usuarios y los intereses de seguridad nacional del país”. -Atacantes usaron el malware SessionManager para entrar por la puerta trasera a servidores de Microsoft Exchange que eran propiedad de organizaciones militares y gubernamentales de Europa, Medio Oeste, Asia y África-Meta anunció el cierre del piloto de su billetera digital Novi el 1º de septiembre-Un grupo de hackers se infiltró en la base de datos de la policía de Shanghái y obtuvo más de 23 terabytes de datos robados de China. Entre estos datos hay nombres, direcciones, lugares de nacimiento, números telefónicos, documentos de identidad y hasta información judicial de casos penales. Discusión: Hackers claman robo de información policiaca en China See acast.com/privacy for privacy and opt-out information. Become a member at https://plus.acast.com/s/noticias-de-tecnologia-express.

ALEF SecurityCast
Ep#117 - Ransomware skupiny se řídí jako IT organizace

ALEF SecurityCast

Play Episode Listen Later Jul 4, 2022 11:33


InfoSec Overnights - Daily Security News
Critical Gitlab Patch, Jenkins Janky Plugins, Microsoft Backdoor, and more.

InfoSec Overnights - Daily Security News

Play Episode Listen Later Jul 1, 2022 2:47


A daily look at the relevant information security news from overnight - 01 July, 2022Episode 256 - 01 June 2022Critical Gitlab Patch- https://portswigger.net/daily-swig/gitlab-patches-critical-rce-bug-in-latest-security-release Jenkins Janky Plugins - https://www.bleepingcomputer.com/news/security/jenkins-discloses-dozens-of-zero-day-bugs-in-multiple-plugins/WAP Fraud- https://www.zdnet.com/article/microsoft-this-android-malware-will-switch-off-your-wi-fi-empty-your-wallet/Macmillan Incident - https://www.securityweek.com/brocade-vulnerabilities-could-impact-storage-solutions-several-major-companiesMicrosoft Backdoor - https://thehackernews.com/2022/07/new-sessionmanager-backdoor-targeting.htmlDangling Chromium - https://portswigger.net/daily-swig/chromium-browsers-vulnerable-to-dangling-markup-injectionHi, I'm Paul Torgersen. It's Friday July 1st 2022, and this is a look at the information security news from overnight. From PortSwigger.netGitlab has patched a vulnerability that could allow remote code execution. The critical severity flaw affects all versions of GitLab. A fix has been released for this and a number of other vulnerabilities, including two separate cross-site scripting bugs. Link to the Gitlab advisory in the article. From BleepingComputer.com:Jenkins announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched. Jenkins supports over 1,700 plugins, with those affected by this disclosure having more than 22,000 installs. Fortunately none of these are rated critical as there are no fixes as of yet for most of them. See the list of affected plugins in the article. From ZDNet.com:Microsoft shared its detailed technical analysis of what it says is one of the most prevalent types of Android malware. It's called 'toll billing', or Wireless Application Protocol fraud. This involves using an infected device to connect to payment pages of a premium service via a device's WAP connection. From there, payments are automatically charged to a device's phone bill. Details and a link to the analysis in the article. From BleepingComputer.comPublishing giant Macmillan was forced to shut down their network and offices while recovering from a security incident. In emails to customers, Macmillan stated the incident involves the encryption of certain files on their network, so this is almost certainly a ransomware attack. No word on the threat actor as Macmillian has slowly started to bring systems back online. And last today, from TheHackerNews.comA newly discovered malware called SessionManager, has backdoored Microsoft Exchange servers since at least March of 2021. If you recall, that was right after the ProxyLogon flaw was discovered. The malware masquerades as a module for Internet Information Services, with capabilities to read, write, and delete arbitrary files; execute binaries from the server; and establish communications with other endpoints in the network. That's all for me this week. Have a great Fourth of July long weekend, and until next time, be safe out there.

Cyber, cyber...
Cyber, Cyber… – 236 – Raport (28.06.2022 r.) – Cyberatak zmusza Iran Steel Company do wstrzymania produkcji

Cyber, cyber...

Play Episode Listen Later Jun 28, 2022 7:12


Kontynuujemy specjalną edycję naszego podcastu w nowej formule codziennych raportów. Od poniedziałku do piątku relacjonujemy dla Was najważniejsze wydarzenia z zakresu działań podejmowanych w cyberprzestrzeni. Dzisiejszy odcinek poprowadziła Ewa Matusiak. Dzisiejsze tematy: LockBit 3.0 rozpoczyna program bug bounty Błąd Microsoft Exchange wykorzystywany do włamywania się do systemów automatyki budynku OpenSSL wyda poprawkę bezpieczeństwa dla luki More

InfoSec Overnights - Daily Security News
BBVA 2FA Clone, ICS ShadowPad, OpenSSL Bad Memory, and more.

InfoSec Overnights - Daily Security News

Play Episode Listen Later Jun 28, 2022 3:19


A daily look at the relevant information security news from overnight - 27 June, 2022Episode 253 - 27 June 2022BBVA 2FA Clone- https://thehackernews.com/2022/06/new-android-banking-trojan-revive.html ICS ShadowPad - https://www.bleepingcomputer.com/news/security/microsoft-exchange-bug-abused-to-hack-building-automation-systems/LockBit Bounty- https://www.pcmag.com/news/ransomware-gang-offers-bug-bounty-promises-payouts-up-to-1-millionRaccoon 2.0 - https://www.bleepingcomputer.com/news/security/raccoon-stealer-is-back-with-a-new-version-to-steal-your-passwords/OpenSSL Bad Memory - https://www.theregister.com/2022/06/27/openssl_304_memory_corruption_bug/?td=rt-3aHi, I'm Paul Torgersen. It's Tuesday June 28th, 2022, and I want to say a quick thank you as I have just passed 100 subscribers on YouTube. Which is great, but let's not stop there. If you find this valuable, please share with your networks and colleagues. Let's see if we can't add a zero or two to that number. And now, this is a look at the information security news from overnight. From TheHackerNews.comA new Android banking trojan called Revive has been discovered specifically targeting users of the Spanish financial services company BBVA. Phishing campaigns push a look alike website where victims download an app which impersonates the bank's two factor authentication app. Italian cybersecurity firm Cleafy first spotted the malware in mid June, and says it appears to be in its early stages of development. From BleepingComputer.com:A new Chinese-speaking threat actor is hacking into the building automation systems of several Asian organizations and loading the ShadowPad backdoor. The group focused on devices that have not yet patched the Microsoft Exchange vulnerability collectively known as ProxyLogon. According to Dutch research, there are about 46,000 such machines. Kaspersky believes the group is ultimately hunting for sensitive information. From PCMag.com:In what seems to be a first, the LockBit ransomware group has launched a bug bounty program. Evidently they have been successful enough to be able to afford to buy new zero-days. Their current rates run from $1,000 to $1 million, although the million bucks for is you can dox the LockBit leader. If this is compelling to any of you, keep in mind that the main targets for this group are healthcare and education, two of the most vulnerable populations out there. Do you really want to help somebody like that? From BleepingComputer.com:I mentioned last week that the Raccoon Stealer group had temporarily shuttered operations after one of their leaders was killed in the Russian invasion of Ukraine. Well, they're back in action with 2.0, a new and completely re-coded version of their malware offering elevated password-stealing functionality and upgraded operational capacity. Details in the article. And last today, from TheRegister.comOpenSSL 3.0.4 was released on June 21 to address a command-injection vulnerability that they hadn't quite completely patched earlier. Unfortunately, the new release contains a memory corruption which can be triggered trivially by an attacker. This targets the Intel Advanced Vector Extensions 512, or AVX512. The researcher said that if this bug can be exploited remotely, and they are not certain yet that it can, it could be more severe than Heartbleed, at least from a purely technical point of view. Details in the link. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.

Cyber and Technology with Mike
22 June 2022 Cyber and Tech News

Cyber and Technology with Mike

Play Episode Listen Later Jun 22, 2022 9:01


In today's podcast we cover four crucial cyber and technology topics, including: 1.RIG Exploit Kit replaces Raccoon Stealer with Dridex 2.Yodel parcels delayed amidst cyber attack 3.Kaspersky says newly dubbed ToddyCat abusing Microsoft Exchange 4.Microsoft says service outage related to power loss I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

InfoSec Overnights - Daily Security News
ToddyCat Tracked, NTLM Relay Attack, Beware Zombie Bugs, and more.

InfoSec Overnights - Daily Security News

Play Episode Listen Later Jun 21, 2022 3:34


A daily look at the relevant information security news from overnight - 21 June, 2022Episode 249 - 21 June 2022ToddyCat Tracked- https://www.bleepingcomputer.com/news/security/new-toddycat-apt-group-targets-exchange-servers-in-asia-europe/ NTLM Relay Attack - https://thehackernews.com/2022/06/new-ntlm-relay-attack-lets-attackers.htmlOT Insecure by Design- https://www.securityweek.com/basecamp-icefall-secure-design-ot-makes-little-headwayMicrosoft Re-Arms Windows - https://www.zdnet.com/article/microsoft-this-out-of-band-windows-security-update-fixes-microsoft-365-sign-in-issues-for-arm-devices/Beware Zombie Bugs - https://www.theregister.com/2022/06/21/apple-safari-zombie-exploit/Hi, I'm Paul Torgersen. It's Tuesday June 21st, 2022, and from Chicago this is a look at the information security news from overnight. From BleepingComputer.comA new APT group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe. According to the Kaspersky researchers, it looks like they have been in action since at least December of 2020. Kaspersky has also found a previously unknown passive backdoor they named Samurai and new trojan malware dubbed Ninja Trojan. Both malware strains allow the attackers to take control of infected systems and move laterally within the victims' networks. From TheHackerNews.com:A new Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System: Namespace Management Protocol to seize control of a domain. This follows a similar method called PetitPotam that abuses Microsoft's Encrypting File System Remote Protocol to coerce Windows servers into authenticating with a relay under an attacker's control. To mitigate NTLM relay attacks, Microsoft recommends enabling Extended Protection for Authentication, SMB signing, and turning off HTTP on AD CS servers. From SecurityWeek.com:Ten years after project Basecamp, Forescout has conducted an updated project, dubbed OT:Icefall, to gauge the current state of Security By Design in OT products. They found 56 insecure by design problems stemming from ten manufacturers. Forescout says the flaws are not programming error vulnerabilities, but rather flaws in the protocols, authorizations, and certifications built into the designs. Seems not enough has changed in the last 10 years. From ZDNet.com:Microsoft has issued an out-of-band update for Windows 11 and Windows 10 to fix an issue that emerged with Arm devices after their latest Patch Tuesday update. It seems some users were prevented from signing into applications including VPN connections, Microsoft Teams, and Microsoft Outlook. The issue only affects Windows devices that use Arm processors; machines using other processors are not affected. If that is you and you have not yet applied the June 14 updates, you should use this out of band update instead. And last today, from TheRegister.comBeware of zombie vulnerabilities. The Safari browser had a vulnerability that was completely patched by Apple back in 2013 when it was discovered. Unfortunately that fix was regressed in 2016 during some code refactoring. That same bug was found being exploited earlier this year. It is unsure for how many of those five years the de-patched bug was being exploited in the wild. See the details and a link to the Google Project Zero research in the article. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.

Outspoken with Shana Cosgrove
For the Back of the Room: Gerard Spivey, Senior Systems Development Engineer at Amazon Web Services.

Outspoken with Shana Cosgrove

Play Episode Listen Later Jun 7, 2022 55:55


Curiosity, Focus, and Forging a Path.In this episode of The Outspoken Podcast, host Shana Cosgrove talks to Gerard Spivey, Senior Systems Development Engineer at Amazon Web Services. Gerard speaks in detail about Amazon's interview process, giving us insight into their procedures and how he prepared himself. We also hear about Gerard's time at Amazon and the types of work he's taking on. Side hustles are a way of life for Gerard, and he speaks about his latest experiences managing his YouTube channel, Gerard's Curious Tech. Lastly, Gerard talks about his time at NYLA and how he was able to bring his full self to work thanks to NYLA's culture. QUOTES “I can do slow and steady, I can find my target audience, and then once I have that I can figure out what I want to parlay that into later.” - Gerard Spivey [25:59] “‘I'm a Senior Director [at Intel], and I can do what I want' is basically what he told me. He's like ‘the company has a 3.0 thing, but for someone like you who actually knows what they're talking about it's not a problem.' So I said, ‘Ooh this is my time, they're letting me in'” - Gerard Spivey [42:07] “You're in a good spot in your career when you're valued for the thing you're going to do next versus the thing you did previously. What you're going to do next is your competitive value - that is what you bring to the table.” - Gerard Spivey [48:27]   TIMESTAMPS  [00:04] Intro [01:31] Gerard's Wedding Ceremony [02:32] Working at Amazon Web Services (AWS) [05:33] Amazon's Interview Process [12:06] Gerard's Experience with the Job Market [15:54] Working at Amazon [19:11] Starting a New Job During COVID [19:43] Side Hustles [23:21] Gerard's YouTube Channel [31:08] Gerard's Childhood [31:52] How Gerard Decided to Study Electrical Engineering [34:19] Choosing a College [45:13] Gerard's Advice to his Younger Self [47:42] Favorite Books [50:57] Gerard's Time at NYLA [55:36] Outro RESOURCES https://aws.amazon.com/ec2/ (Amazon EC2) https://aws.amazon.com/ec2/instance-types/ (Amazon EC2 Instance Types) https://aws.amazon.com/dynamodb/ (Amazon DynamoDB) https://sre.google/ (Site Reliability Engineering (SRE)) https://www.c2stechs.com/ (Commercial Cloud Services (C2S)) https://www.thebalancecareers.com/what-is-the-star-interview-response-technique-2061629 (STAR Interview Response Method) https://www.microsoft.com/en-us/microsoft-365/exchange/email (Microsoft Exchange) https://azure.microsoft.com/en-us/ (Microsoft Azure) https://www.synopsys.com/glossary/what-is-cicd.html (CI/CD) https://mlt.org/ (Management Leadership for Tomorrow (MLT)) https://www.hbs.edu/ (Harvard Business School) https://a16z.com/ (Andreessen Horowitz) https://www.youtube.com/ (YouTube) https://www.nsbe.org/K-12/Programs/PCI-Programs (NSBE Pre-College Initiative Program) https://www.jhu.edu/ (Johns Hopkins University) https://www.abet.org/ (Accreditation Board for Engineering and Technology (ABET)) https://www.ncat.edu/ (North Carolina A&T State University) https://www.morgan.edu/ (Morgan State University) https://howard.edu/ (Howard University) https://www.rit.edu/ (Rochester Institute of Technology) https://www.psu.edu/ (Penn State University) https://www.digitaltechnologieshub.edu.au/teach-and-assess/classroom-resources/topics/digital-systems/ (Digital Systems) https://www.xilinx.com/products/silicon-devices/fpga/what-is-an-fpga.html (Field Programmable Gate Arrays (FPGAs)) https://www.gwu.edu/ (The George Washington University) https://www.intel.com/content/www/us/en/homepage.html (Intel) https://www.pcmag.com/encyclopedia/term/pci-express (PCI Express) https://www.intel.com/content/www/us/en/io/serial-ata/serial-ata-developer.html (Serial ATA (SATA)) https://consortium.org/ (Consortium of Universities of the Washington Metropolitan Area) https://www.amazon.com/Zero-One-Notes-Startups-Future/dp/0804139296 (Zero to One) by Peter Thiel and Blake Masters https://www.richdad.com/...

Decipher Security Podcast
Source Code 5/13

Decipher Security Podcast

Play Episode Listen Later May 13, 2022 6:24


Welcome back to Source Code, Decipher's weekly security news podcast. This week, the State Department said it will offer rewards for more information for the Conti group. Also this week, cybersecurity agencies from the U.S, UK, Australia, Canada and New Zealand warned that cybercriminals are increasingly targeting managed service providers. Finally, researchers released more details on a sophisticated post-exploitation framework being deployed on Microsoft Exchange server instances.

InfoSec Overnights - Daily Security News
Windows zero-days patched, Intel bad memory, @ phishing, and more.

InfoSec Overnights - Daily Security News

Play Episode Listen Later May 11, 2022 3:33


A daily look at the relevant information security news from overnight.Episode 236 - 11 May 2022Windows zero-days patched - https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-new-ntlm-relay-zero-day-in-all-windows-versions/Intel bad memory - https://threatpost.com/intel-memory-bug-poses-risk-for-hundreds-of-products/179595/Siemens and Schneider patches - https://www.securityweek.com/ics-patch-tuesday-siemens-schneider-electric-address-43-vulnerabilitiesIceApple bites - https://www.bleepingcomputer.com/news/security/new-iceapple-exploit-toolset-deployed-on-microsoft-exchange-servers/Adobe patches - https://www.securityweek.com/adobe-warns-critical-security-flaws-enterprise-products@ phishing- https://threatpost.com/novel-phishing-trick-uses-weird-links-to-bypass-spam-filters/179587/Hi, I'm Paul Torgersen. It's Wednesday May 11th, 2022, and this is a look at the information security news from overnight. From BleepingComputer.com:Microsoft has patched 75 flaws on Mays' Patch Tuesday including an actively exploited Windows LSA spoofing zero-day that attackers can exploit remotely to force domain controllers to authenticate them via the Windows NT LAN Manager. This particular bug affects all Windows versions from Windows 7 and Windows Server 2008 through Windows 11 and Windows 2022. Two other zero-days were also addressed in the update. From ThreatPost.com:Intel is reporting a memory bug impacting microprocessor firmware used in hundreds of products. The vulnerability resides inside some of the Intel Optane SSD and Intel Optane Data Center products, which allows privilege escalation, denial of service, or information disclosure. Details in the article. From SecurityWeek.com:Schneider Electric has released three advisories to inform customers about eight vulnerabilities, and Siemens has released 12 advisories covering 35 vulnerabilities, including one with a critical severity rating. Details and links to the advisory statements in the article. From BleepingComputer.com:CrowdStrike researchers have found a new post-exploitation framework that they dubbed IceApple, deployed mainly on Microsoft Exchange servers across a wide geography. This stealthy little framework is .NET-based and comes with at least 18 modules, each for a specific task, that help the attacker discover relevant machines on the network, steal credentials, delete files and directories, or exfiltrate data. Details and a link to download the CrowdStrike report in the article. From SecurityWeek.com:Adobe used this Patch Tuesday to cover at least 18 serious security defects in multiple enterprise-facing products and warned that unpatched systems are at risk of remote code execution attacks. Link to the advisory in the article, and in what has become a bit of a theme today, get your patch on kids. And last today, from ThreatPost.com:Researchers have identified a never-before-seen method for sneaking malicious links into phishing emails. The trick takes advantage of a key difference in how email inboxes and browsers read URLs. Specifically, using an “@” symbol in the middle of the string. Most browsers will either interpret this as authentication information, or simply ignore it and execute whatever follows the symbol. Read about all the dirty tricks in the article. That's all for me today. Remember to LIKE and SUBSCRIBE. And as always, until next time, be safe out there.

The History of Computing
Whistling Our Way To Windows XP

The History of Computing

Play Episode Listen Later Apr 25, 2022 11:31


Microsoft had confusion in the Windows 2000 marketing and disappointment with Millennium Edition, which was built on a kernel that had run its course. It was time to phase out the older 95, 98, and Millennium code. So in 2001, Microsoft introduced Windows NT 5.1, known as Windows XP (eXperience). XP came in a Home or Professional edition.  Microsoft built a new interface they called Whistler for XP. It was sleeker and took more use of the graphics processors of the day. Jim Allchin was the Vice President in charge of the software group by then and helped spearhead development. XP had even more security options, which were simplified in the home edition. They did a lot of work to improve the compatibility between hardware and software and added the option for fast user switching so users didn't have to log off completely and close all of their applications when someone else needed to use the computer. They also improved on the digital media experience and added new libraries to incorporate DirectX for various games.  Professional edition also added options that were more business focused. This included the ability to join a network and Remote Desktop without the need of a third party product to take control of the keyboard, video, and mouse of a remote computer. Users could use their XP Home Edition computer to log into work, if the network administrator could forward the port necessary. XP Professional also came with the ability to support multiple processors, send faxes, an encrypted file system, more granular control of files and other objects (including GPOs), roaming profiles (centrally managed through Active Directory using those GPOs), multiple language support, IntelliMirror (an oft forgotten centralized management solution that included RIS and sysprep for mass deployments), an option to do an Automated System Recovery, or ASR restore of a computer. Professional also came with the ability to act as a web server, not that anyone should run one on a home operating system. XP Professional was also 64-bit given the right processor. XP Home Edition could be upgraded to from Windows 98, Windows 98 Second Edition, Millineum, and XP Professional could be upgraded to from any operating system since Windows 98 was released., including NT 4 and Windows 2000 Professional. And users could upgrade from Home to Professional for an additional $100.   Microsoft also fixed a few features. One that had plagued users was that they had to gracefully unmount a drive before removing it; Microsoft got in front of this when they removed the warning that a drive was disconnected improperly and had the software take care of that preemptively. They removed some features users didn't really use like NetMeeting and Phone Dialer and removed some of the themes options. The 3D Maze was also sadly removed. Other options just cleaned up the interface or merged technologies that had become similar, like Deluxe CD player and DVD player were removed in lieu of just using Windows Media Player. And chatty network protocols that caused problems like NetBEUI and AppleTalk were removed from the defaults, as was the legacy Microsoft OS/2 subsystem. In general, Microsoft moved from two operating system code bases to one. Although with the introduction of Windows CE, they arguably had no net-savings. However, to the consumer and enterprise buyer, it was a simpler licensing scheme. Those enterprise buyers were more and more important to Microsoft. Larger and larger fleets gave them buying power and the line items with resellers showed it with an explosion in the number of options for licensing packs and tiers. But feature-wise Microsoft had spent the Microsoft NT and Windows 2000-era training thousands of engineers on how to manage large fleets of Windows machines as Microsoft Certified Systems Engineers (MCSE) and other credentials. Deployments grew and by the time XP was released, Microsoft had the lions' share of the market for desktop operating systems and productivity apps. XP would only cement that lead and create a generation of systems administrators equipped to manage the platform, who never knew a way other than the Microsoft way. One step along the path to the MCSE was through servers. For the first couple of years, XP connected to Windows 2000 Servers. Windows Server 2003, which was built on the Windows NT 5.2 kernel, was then released in 2003. Here, we saw Active Directory cement a lead created in 2000 over servers from Novell and other vendors. Server 2003 became the de facto platform for centralized file, print, web, ftp, software  time, DHCP, DNS, event, messeging, and terminal services (or shared Remote Desktop services through Terminal Server). Server 2003 could also be purchased with Exchange 2003. Given the integration with Microsoft Outlook and a number of desktop services, Microsoft Exchange.  The groupware market in 2003 and the years that followed were dominated by Lotus Notes, Novell's GroupWise, and Exchange. Microsoft was aggressive. They were aggressive on pricing. They released tools to migrate from Notes to Exchange the week before IBM's conference. We saw some of the same tactics and some of the same faces that were involved in Microsoft's Internet Explorer anti-trust suit from the 1990s. The competition to Change never recovered and while Microsoft gained ground in the groupware space through the Exchange Server 4.0, 5.0, 5.5, 2000, 2003, 2007, 2010, 2013, and 2016 eras, by Exchange 2019 over half the mailboxes formerly hosted by on premises Exchange servers had moved to the cloud and predominantly Microsoft's Office 365 cloud service. Some still used legacy Unix mail services like sendmail or those hosted by third party providers like GoDaddy with their domain or website - but many of those ran on Exchange as well. The only company to put up true competition in the space has been Google. Other companies had released tools to manage Windows devices en masse. Companies like Altiris sprang out of needs for companies who did third party software testing to manage the state of Windows computers. Microsoft had a product called Systems Management Server but Altiris built a better product, so Microsoft built an even more robust solution called System Center Configuration Management server, or SCCM for short, and within a few years Altiris lost so much business they were acquired by Symantec. Other similar stories played out across other areas where each product competed with other vendors and sometimes market segments - and usually won. To a large degree this was because of the tight hold Windows had on the market. Microsoft had taken the desktop metaphor and seemed to own the entire stack by the end of the Windows XP era. However, the technology we used was a couple of years after the product management and product development teams started to build it. And by the end of the XP era, Bill Gates had been gone long enough, and many of the early stars that almost by pure will pushed products through development cycles were as well. Microsoft continued to release new versions of the operating systems but XP became one of the biggest competitors to later operating systems rather than other companies. This reluctance to move to Vista and other technologies was the main reason extended support for XP through to 2012, around 11 years after it was released. 

Decipher Security Podcast
Source Code 4/1

Decipher Security Podcast

Play Episode Listen Later Apr 1, 2022 6:39


Topping the news in this week's Source Code podcast were several security warnings and alerts from the U.S. government, including a phishing attack that targeted U.S. election officials, and attacks on UPS devices. Also this week, researchers warned of an IcedID malware attack leveraging compromised Microsoft Exchange servers to send phishing emails.

IEN Radio
Special Edition: Security Breach- Know Your Enemy

IEN Radio

Play Episode Listen Later Mar 3, 2022 13:58


Inside BlackByte and Cobalt Strike, the ransomware group and post-exploitation tool used in a recent high-profile hack — and how both pose new risks to the industrial sector.While rogue individuals with an agenda and advanced cybersecurity skills are still prevalent, most headline-grabbing hacks are now originating from well-organized, highly talented groups or organizations. Now only does this dynamic provide access to a greater pool of talent, but it makes stopping a multi-faceted attack more difficult.One of the most notorious of these cyber terrorist groups is BlackByte. The Ransomware-as-a-service group recently made headlines by hacking the National Football League's San Francisco 49ers right before the league's biggest weekend – the most recent Super Bowl.The group was able to exploit a vulnerability in the team's Microsoft Exchange server and implement a tool called Cobalt Strike. Users were then sent hourly ransom notes via a print bomb to all printers connected to the infected machine. While the 49ers have downplayed the impact of the hack, it did result in the release of financial documents that BlackByte posted to a site on the dark web. No ransom demands were made public, but the amount of data actually stolen remains unknown.The growing reach, ability and boldness of these groups should give everyone in the industrial sector pause – regardless of your role or job title. If they can access data from a billion-dollar franchise, your IP and financial data is, at least, just as vulnerable.The good news is that we have people like Lauren Podber, Principal Intelligence Analyst at Red Canary, to help guide us getting ahead of groups like BlackByte. Lauren and her cohorts at Red Canary specialize in managing cybersecurity endpoint detection, planning and response.

Monitor
Monitor 6 Januarie 2022

Monitor

Play Episode Listen Later Jan 6, 2022 46:14


Die DA beskuldig die ANC van inmenging by die aanstelling van regters. Stygende insetkoste, die massa-invoer van melk en die onlangse sluiting van Clover se Lichtenburg-tak het meegebring dat baie melkboere in Noordwes hulle besighede moes sluit. Die Suid-Afrikaanse Bloedoortappingsdiens het minder as drie dae se bloedvoorraad vir pasiënte in nood. ‘n Rekenaargogga, soortgelyk aan Y2K wat die wêreld 22 jaar gelede op hol gehad het, het Microsoft Exchange lamgelê.

Tech Update | BNR
E-mailproblemen door mini-milleniumbug bij Microsoft

Tech Update | BNR

Play Episode Listen Later Jan 3, 2022 4:11


Precies op 1 januari 2022 om middernacht (UTC) liepen mailservers van Microsoft Exchange tegen een probleem aan, waardoor bij tal van bedrijven nieuwe e-mailberichten niet meer binnen kwamen. Dit werd nota bene veroorzaakt door een update voor het nieuwe jaar. Na twee uur 's nachts Nederlandse tijd op 1 januari maakten tal van systeembeheerders melding van dit probleem met Microsoft Exchange. Inmiddels is er door Microsoft wel een oplossing gedeeld. Ook in deze Tech Update: Samsung komt met 'revolutionaire' nieuwe functies voor tv's, onder meer rond NFT's Vanaf morgen kun je écht geen originele BlackBerry-apparaten meer gebruiken See omnystudio.com/listener for privacy information.

The Practical 365 Podcast
The Practical 365 Podcast: S2 Ep33 - Exchange Updates Delayed, Teams End to End Encryption launches, Outlook to get hybrid-working improvements plus much more

The Practical 365 Podcast

Play Episode Listen Later Dec 14, 2021 47:11


In this episode, Paul Robichaux and Steve Goodman discuss Microsoft Exchange update delays - a welcome break, given other security incidents? And End to End Encryption comes to Teams calls - Microsoft Teams search gets more improvements - worth the wait; plus Outlook features drop onto the roadmap that look set to improve hybrid working and remote working shifts..

Tech Law Talks
M365 in 5: Microsoft Exchange Online - New eDiscovery challenges

Tech Law Talks

Play Episode Listen Later Sep 30, 2021 7:39


Lighthouse's Damian Murphy joins Reed Smith's Anthony Diana and TJ Satnick to discuss the differences between an Exchange mailbox and a new Exchange Online mailbox, new artifacts stored in Exchange Online, and new eDiscovery challenges that those differences create.

Techmeme Ride Home
Mon. 07/19 – NSO Group (Allegedly) Pwning Everyone

Techmeme Ride Home

Play Episode Listen Later Jul 19, 2021 16:22


The NSO Group is back in the headlines, and it's maybe, the worst allegations of hacking for hire yet. The US and NATO blame China for the Exchange Server hacks. Does iOS now split the market with Android, at least in the US? And is Tesla charging customers for hardware they already paid for?Sponsors:Streak.com/techmemeTinyCapital.comLinks:Private Israeli spyware used to hack cellphones journalists, activists worldwide (Washington Post)U.S. and key allies accuse China of Microsoft Exchange cyberattacks (Axios)Zoom is buying cloud contact center provider Five9 for $14.7 billion (CNBC)CIRP: iPhone catches up to Android, now accounts for 50% of new smartphone activations in the US (9to5Mac)Tesla is charging owners $1,500 for hardware they already paid for (Electrek)See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

First Move with Julia Chatterley
US accuses China of Microsoft Exchange email hack. More athletes get Covid as Olympics near. Jeff Bezos tells CNN space launch will change him.

First Move with Julia Chatterley

Play Episode Listen Later Jul 19, 2021 45:20


Eleni Giokos is live from Dubai. Here are the top business news stories today! Calling out China – The US & allies to accuse China of masterminding huge cyberspace hacks. Olympic ordeal - Rising covid cases and frustrated sponsors threaten to undermine the Tokyo Olympics. Heading to space! Jeff Bezos tells CNN his historic space launch will change him. It's Monday, let's make a move. To learn more about how CNN protects listener privacy, visit cnn.com/privacy