Podcasts about Microsoft Exchange

The Cyber Safety Review Board's (CSRB) report on the Summer 2023 Microsoft Exchange online intrusion sheds light on how a series of flaws in Microsoft's cloud infrastructure and security processes allowed a hacking group associated with the People's Republic of China (PRC) to strike the “equivalent of gold” in accessing the official email accounts of many of the most senior U.S. government officials managing the U.S. government's relationship with the PRC. Lawfare Senior Editor Stephanie Pell sat down Maia Hamin, Associate Director with the Atlantic Council's Cyber Statecraft Initiative; Trey Herr, Assistant Professor of cybersecurity and policy at American University's School of International Service and Director of the Cyber Statecraft Initiative at the Atlantic Council; and Marc Rogers, Co-Founder and Chief Technology Officer for the AI observability startup nbhd.ai, to discuss their recent Lawfare piece about the CSRB's report and the lagging state of cloud security policy. They talked about ways to improve cloud service provider transparency, other investigative and regulatory tools that could facilitate better cloud security, and their thoughts on Microsoft's response to the CSRB's report. To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

In March, the Cyber Safety Review Board issued a report examining the Summer 2023 Microsoft Exchange Online Intrusion. Stephanie Pell, Senior Editor at Lawfare, sat down with Robert Silvers, Under Secretary for Policy at the Department of Homeland Security and Chair of the Cyber Safety Review Board to discuss the report. They talked about the Board's determination that the intrusion was preventable and should never have occurred, Microsoft's response to the report, and the Board's unique role as a true public-private partnership, giving it a powerful position from which to drive change.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI

L'actualité du numérique du mois de mars 2024 est à découvrir dans l'épisode N°40 d'Au-delà du live ! Au programme : la cybersécurité au coeur de tous les enjeux à l'approche des élections européennes, l'ingérence chinoise dans la messagerie Microsoft Exchange, le plan d'investissement Qatari dans les nouvelles technologies et l'importance grandissante des Citizen Developers au sein des organisations. Excellente écoute à tous !

Today, we're discussing the lawsuits coming out of AT&T's massive data breach affecting 73 million, a critical flaw in the LayerSlider WordPress plugin jeopardizing 1 million sites, and a preventable hack into Microsoft Exchange highlighting cybersecurity's critical stakes. Experts weigh in on the ramifications and preventive strategies, ensuring you stay informed and ahead in the cybersecurity game. Your feedback on these issues is crucial; join the conversation and help shape a more secure digital future. References: For insights on the AT&T lawsuits and data breach impacts: https://www.bleepingcomputer.com/news/security/atandt-faces-lawsuits-over-data-breach-affecting-73-million-customers/ Understanding the critical vulnerability in the LayerSlider WordPress plugin: https://www.bleepingcomputer.com/news/security/critical-flaw-in-layerslider-wordpress-plugin-impacts-1-million-sites/ Analysis of the Microsoft Exchange hack and recommended security reforms: https://www.cybersecuritydive.com/news/microsoft-exchange-hack-china-preventable/712146/ and https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for the Episode: AT&T data breach, cybersecurity, legal actions, LayerSlider WordPress plugin, SQL injection, plugin security, Microsoft Exchange hack, cloud service security, cybersecurity reforms, identity theft, data privacy, security protocols, cyber risk management, plugin vulnerabilities, security best practices, cyber attack prevention, digital security, cybersecurity insights, technology law, security updates Search Phrases: AT&T 73 million data breach details Legal consequences of cybersecurity failures How to secure WordPress sites from SQL injection Impact of LayerSlider plugin vulnerability Preventing Microsoft Exchange cyber attacks Enhancing cloud service cybersecurity Best practices in digital security updates Addressing identity theft and data breaches Cybersecurity insights for tech professionals Cyber risk management strategies Lawsuits following major data breaches Plugin security for WordPress administrators Learning from cybersecurity breaches Updates and security in technology law Prevention strategies for cyber attacks Transcript: Apr 4 Welcome back to the Daily Decrypt. AT&T is grappling with the fallout of a data breach that impacted 73 million customers. As class action lawsuits begin to mount, also, over 1 million WordPress sites are at immediate risk due to a critical vulnerability in the Layerslider plugin, which can expose these sites to SQL injection attacks. How can WordPress admins protect themselves from this vulnerability? And finally, the Cyber Safety Review Board has declared the massive intrusion into Microsoft's Exchange Online entirely preventable. And just a reminder, this mega intrusion led to over 60, 000 U. S. State Department officials emails being compromised. How the heck is Microsoft gonna restore trust and confidence from the consumers in their security protocols? Stick around to find out. So it's been two days since my last episode, in which I highlighted the most recent AT& T breach. Well, it's been a long couple of days, the reason there were no new episodes is because I lost internet, and you might be thinking, Hey, you just finished slandering AT& T on this podcast on Monday, and then your AT& T internet goes out? That's correct. There's really no other explanation other than aT& T is seeking revenge against the Daily Decrypt. But I digress. To recap what has happened, AT& T has admitted to a data breach exposing sensitive information of 73 million customers this breach included usernames, social security numbers, email addresses, and AT& T PINs used to make secure account changes on AT& T customer accounts. The timeline reveals that AT& T's initial denial of the breach, which was first alleged by ShinyHunters in 2021, and their recent admission after a second threat actor leaked the data in 2024, raises questions about the effectiveness of corporate data breach detection and response strategies. The leaked data isn't from the past year or even couple of years. The leaked data is from 2019. And it includes 7. 6 million current customers and 65. 4 million former AT& T account holders, which I guess says a lot about AT& T's churn rate, that they have 65 million former customers and only 7 million current customers. Needless to say, a lot of data was breached. Now, what's fascinating about this is that this was brought to AT& T's attention in early 2021 and they denied it. And then another threat actor group released the same data from 2019 and early 2024 AT& T also denied that. They're just saying that they don't know this data doesn't belong to them. This data wasn't stolen from their systems when clearly it was. So only in the last week did AT& T finally admit that that data from 2019 belongs to them and was breached from their networks. So because of this negligence, multiple class action lawsuits have spun up very recently. Most notably, there's one from Morgan Morgan, which is the same law firm that's been suing Google over the fact that it tracks users data even when they're in incognito mode. And I believe Google paid out a settlement. So this is the same law firm that did that. And they're accusing AT& T of negligence, breach of implied contract, and unjust enrichment. And they're aiming for compensatory damages and improved data security protocols. Their lawsuit criticizes AT& T for not acting on known vulnerabilities and delaying breach acknowledgement, jeopardizing customer data privacy and confidence. I'm really glad to see these lawsuits are being spun up. As you heard in Monday's episode, I was calling for multiple class action lawsuits.. So yeah, I hope you get the crap suit out of you. And yes, I am an AT& T customer.. If you are also an AT& T customer and you're concerned about your data being in one of these breaches or this main breach from 2019, I believe the site haveibeenpwned. com has acquired the data from this breach. And so you can just search your email addresses in that site to see if it was compromised. Listen to the episode released this past Monday for some tips on how to stay safe when attackers have all of this information. All the information needed to open up new credit cards, take out new lines of credit in your name, and do a whole lot of stuff. All right. Well, there's another WordPress vulnerability out there with a CVSS score of 9. 8 out of a 10 max. The name of the plugin? Layerslider. This plugin is used by over 1 million sites. and exposes these sites to SQL injection attacks. This flaw allows attackers to potentially extract sensitive data, including password hashes, leading to site takeovers or data breaches. This vulnerability was discovered on March 25th, and was promptly reported to WordFence, earning the researcher 5, 500 bounty. The vulnerability affects layer slider version 7. 9. 11 through 7. 10, which as mentioned before, allows for SQL code injection. And just to quickly discuss what SQL code injection is, it's when data is queried from a database to be populated on a website. Those databases use a language called SQL or SQL that uses a query language, which is what the QL stands for, to query that data. This vulnerability allows attackers to query that data by injecting malicious commands. using SQL. They can essentially pull anything they want out of the databases. So that includes, yeah, password hashes, names, emails, whatever data is on the website. If that's social security numbers, that's vulnerable too. Despite the severity though, the attack is limited to a time based blind SQL injection, which relies on observing response times to infer data. And this type of SQL injection is hard to detect, but it's also hard for the attacker to get large amounts of data. It's more of an inferred sort of data attack. For more information on this attack, check out the article in the show notes by Bleeping Computer. The good news is that the flaw was quickly addressed by the plugin's developers, Creatura, who released an update to version 7. 10. 1 on March 27th, so within 48 hours of being notified. If you are a layer slider user, please go update immediately to mitigate this risk. WordPress is built on the use of plugins. That's what makes it so marketable. The more plugins you have, the more plugins you use, the higher your risk is. And I personally am a WordPress user. The DailyDecrypt. com is a WordPress site, and I'm having a hard time setting up notifications for outdated plugins. It's not very intuitive. Granted, I don't use any plugins other than the podcast plugins hosts this podcast and I'm constantly on the site making sure everything's updated and posting new podcasts, but a lot of people with WordPress sites will set it and forget it. Like they'll put up their site. It's a shop. They respond to orders they get, but they don't actually go onto the WordPress site too much. And a lot of WordPress users are less tech savvy than me. So they probably don't have alerts set up for outdated plugins. I highly encourage you to just set up a reminder that goes off once a week, once a month, whatever interval you think is appropriate for the risk of your website. and just go check to make sure all the plugins are up to date. It's a really quick check, and if they're not up to date, you just press a little button and update them. You're likely not doing advanced programming on your WordPress site that might break with an update, so just, just press the little button. All right, and our final story comes from the Cyber Safety Review Board, where they have officially declared, which is a pretty bold stance, they've officially declared that the intrusion into Microsoft Exchange Online that exposed about 60, 000 U. S. State Department emails, was entirely preventable. This report criticizes Microsoft's corporate culture for insufficient investment in security and risk management and calls for widespread security reforms within Microsoft and among all cloud service providers to prioritize cybersecurity. The Cyber Safety Review Board, or CSRF, urges Microsoft to publicly outline its security reforms and outlines a series of operational decisions that encourages cloud service providers and government partners to make security focused changes. The report, released by CSRF, details the compromise of key U. S. officials mailboxes by China affiliated actors and criticizes Microsoft for charging extra for essential security features like enhanced logging. Which, in the recent past, has since been reversed. Microsoft no longer charges extra. But still, why did they do that in the first place? Microsoft has responded and announced plans for major security reforms, including better infrastructure and security processes. It's worth noting that Microsoft has been very cooperative throughout the CSRB's investigation, and are definitely willing to listen to the suggestions and make some changes, so That's step one, that's Way better than what AT& T did when confronted. Microsoft is looking into this. They want to maintain consumer confidence as much as anybody. They're at the center of our tech universe and even more so than most consumers might even know. A lot of servers and digital infrastructure is hosted on Windows server and Windows machines. And if you've been listening for a while, you've heard DogeSpan and I discuss another recent breach amongst senior developers and executives at Microsoft without multi factor authentication on their development accounts. Attackers were able to get in. So all of these incidents are starting to pile up and really pointing fingers at Microsoft. We got to get this fixed. They're starting to crack down. We're going to keep an eye on them. We're going to keep reporting what happens at Microsoft. Hopefully nothing else big because they hold a lot of data. in their cloud services, Exchange, Azure. Microsoft is a pretty big powerhouse in the cloud service provider. So yeah, hopefully they're throwing some money at this. They're spinning up some new teams and they're really looking at legacy infrastructure. It's a pretty old product that they're continually building on. So they need to start peeling away these layers of this product and figure out how they can boost up security. They need to be leading. and setting a good example for smaller companies by being so secure. Well, that's the show. That's all we got for you. Again, sorry about the quick hiatus. Internet went out. Hopefully it will stay on for the remainder of the week and maybe I can put an episode out on Saturday, recapping some stuff. But if you like what you hear, please go find us on Instagram or The Daily Decrypt and send us a comment or a DM. We'd love to hear from you. Until then, we'll talk to you some more tomorrow.

PyPI puts a temporary hold on operations. OMB outlines federal AI governance. Germany sounds the alarm on Microsoft Exchange server updates. Cisco patches potential denial of service vulnerabilities. The US puts a big bounty on BlackCat. Darcula and Tycoon are sophisticated phishing as a service platforms. Don't dilly-dally on the latest Chrome update. On our Threat Vector segment, host David Moulton has guest Sam Rubin, VP and Global Head of Operations at Unit 42, to discuss Sam's testimony to the US Congress on the multifaceted landscape of ransomware attacks, AI, and automation, the need for more cybersecurity education. And Data brokers reveal alleged visitors to pedophile island.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Threat Vector segment, host David Moulton has guest Sam Rubin, VP and Global Head of Operations at Unit 42. They discuss Sam's testimony to the US Congress on the multifaceted landscape of ransomware attacks, AI, and automation, the need for more cybersecurity education and more. Listen to the full episode with David and Sam's in-depth discussion. Read Sam Rubin's testimony. Selected Reading PyPi Is Under Attack: Project Creation and User Registration Suspended (Malware News) OMB Issues First Governmentwide AI Risk Mitigation Rules (GovInfo Security) German cyber agency warns 17,000 Microsoft Exchange servers are vulnerable to critical bugs (The Record) Cisco Patches DoS Vulnerabilities in Networking Products (Security Week) US offers a $10 million bounty for information on UnitedHealth hackers (ITPro) IPhone Users Beware! Darcula Phishing Service Attacking Via IMessage (GB Hackers) Tycoon 2FA, the popular phishing kit built to bypass Microsoft and Gmail 2FA security protections, just got a major upgrade — and it's now even harder to detect (ITPro) Update Chrome now! Google patches possible drive-by vulnerability (Malwarebytes) Jeffrey Epstein's Island Visitors Exposed by Data Broker (WIRED)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2024 N2K Networks, Inc.

This episode features discussion on cyber attacks against OT networks, the discovery of exposed servers with medical images and  why outdated Microsoft Exchange servers are still alive

In this week's Source Code podcast we discuss flaws found in Sierra Wireless routers, sanctions announced by the US and UK, and a Microsoft Exchange flaw under attack by the Fancy Bear threat group.

This week, Emily Hart gets the inside story on the #NarcoFiles - a new investigation into The Global Criminal Order, the largest investigative project of its kind to originate in Latin America. She speaks to OCCRP's Latin America Editor Nathan Jaccard, who has led and coordinated this project - right from its earliest seeds in the 2022 hack to the incredible flourishing of reporting we've seen this week, and which continues to emerge. Last year, a group of 'hacktivists' known as Guacamaya infiltrated the Microsoft Exchange server, enabling them to hack the system of the Colombian Attorney General's Office, the entity in charge of investigating and prosecuting crimes in Colombia. Five terabytes in size, the leak contains more than 7 million emails, including exchanges between the Fiscalia and numerous embassies, law enforcement groups, and others. The documents in the leak reveal unique details about the inner workings of international criminal gangs as well as law enforcement efforts to dismantle them. The Organised Crime and Corruption Reporting Project (OCCRP), the Centro Latinoamericano de Investigación Periodística (CLIP), Vorágine, and Cerosetenta gained early access to the data, and then shared the leak with more than 40 other media outlets. Journalists from over 23 countries worked on the investigation. Nathan will be giving us the who, what, and how of this story, as well as his insights into the new world of organised crime and cocaine trafficking revealed by this hack – from the changes in where cocaine is grown and produced to corruption of top officials in Suriname, as well as the narco-nexus between huge banana companies and Colombia's political right wing, Israeli mafia in Colombia, links to the Odebrecht scandal and more – stories involving fruit, shark fins, and DEA Agents. Emily will also be sharing with supporters and subscribers her top picks from the NarcoFiles reporting from a number of outlets, with translated versions - subscribe now to our Patreon to get access!

In recent weeks, back-end infrastructure work and other backend-related issues impacted various online and consumer banking services, including DBS and Citibank in Singapore.Simple front-facing customer experiences that we've become accustomed to today can often mask considerable complexity on the backend. The service delivery chain of technologies powering the front end often comprises a mix of on-premises assets, cloud services, containers, and APIs.A degradation or outage to just one of those components can have massive impact. Depending on the architecture of the app and resilience of the backend, an incident in one part can be routed around in the best case scenario, or take down critical systems for hours in the worst case.Tune in to this episode to learn more about how backend changes led to outages at DBS, Citibank, and a number of Japanese banks—and how other backend issues appeared to contribute to a Google Cloud VMware Engine disruption and potentially also a Microsoft Exchange incident.For more insights, check out these links:- The Internet Report: Pulse Update Blog: https://www.thousandeyes.com/blog/internet-report-pulse-update-dbs-citibank-outages?utm_source=transistor&utm_medium=referral&utm_campaign=na_fy24q1_internetreportpulse22_podcast- Explore the Equinix issues that impacted DBS and Citibank: https://ajhrlohbopohbnmekzbcvrbeslqaijfr.share.thousandeyes.com/- Interested in more outage analysis? Check out our Internet Outages Timeline, which covers several notable Internet outages and application issues from the past year, along with the lessons they leave: https://www.thousandeyes.com/resources/internet-outages-timeline?utm_source=transistor&utm_medium=referral&utm_campaign=na_fy24q1_internetreportpulse22_podcast———CHAPTERS00:00 Intro00:47 The Download04:10 By the Numbers06:40 Equinix Chiller Upgrade Leads to DBS, Citibank Outages in Singapore23:19 Get in Touch———Want to get in touch?If you have questions, feedback, or guests you would like to see featured on the show, send us a note at InternetReport@thousandeyes.com. Or follow us on X: @thousandeyes

Internet-wide zero-day bug fuels largest-ever DDoS attack 23andMe resets user passwords after genetic data posted online Microsoft Exchange gets ‘better' patch to mitigate critical bug Thanks to today's episode sponsor, Hyperproof We get it. You're a risk manager or compliance professional, and you're overworked. You're trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io. For the stories behind the headlines, visit CISOseries.com.

In this episode of Storm Watch, the hosts discuss various topics related to cybersecurity and the internet. They begin by comparing the unpredictability of weather patterns to the challenges of predicting internet activity and cyber threats. The hosts suggest that perhaps they should consider using a "cone of uncertainty" model, similar to hurricane forecasting, to help visualize potential internet threats. The conversation then shifts to the recent North Korean cyberattacks targeting security researchers. The hosts express disappointment at not being targeted themselves and discuss the importance of being aware of potential threats and evaluating one's own risk factors. They also mention Google's efforts to raise awareness about the issue and encourage those affected to reach out for assistance. Next, the hosts discuss the recent Apple zero-day vulnerabilities and emphasize the importance of patching devices. They also touch on the broader topic of whether security checkboxes and best practices are still effective in today's rapidly evolving threat landscape. Finally, the episode covers the Microsoft Exchange Server vulnerabilities and the company's response to the issue. The hosts express disappointment in Microsoft's handling of the situation, noting that there seems to be a lack of transparency and detail in their communications. They also discuss the potential consequences of not implementing proper key rotation and the importance of learning from these incidents to improve security practices moving forward.

An African power generator has been targeted by ransomware. The APT31 group is believed to be responsible for attacks on industrial systems in Eastern Europe. There have been arrests related to the takedown of LolekHosted. Ukraine's SBU has alleged that Russia's GRU is using specialized malware to attack Starlink. Microsoft has decided not to extend licenses for its products in Russia. Rick Howard opens his toolbox on DDOS. In our Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House release of its cybersecurity workforce and education strategy. And the Cyber Safety Review Board will be investigating cases of cyberespionage against Exchange. Watch the full video of Simone and Camille here: Solution Spotlight: Simone Petrella and Camille Stewart Gloster For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/154 Selected reading. DroxiDat-Cobalt Strike Duo Targets Power Generator Network (Infosecurity Magazine) New SystemBC Malware Variant Targets Southern African Power Company (The Hacker News) Power Generator in South Africa hit with DroxiDat and Cobalt Strike (Security Affairs)  Southern African power generator targeted with DroxiDat malware (Record)  Common TTPs of attacks against industrial organizations. Implants for uploading data (Kaspersky ICS CERT) APT31 Linked to Recent Industrial Attacks in Eastern Europe (Infosecurity Magazine)  Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics (The Hacker News)  LOLEKHosted admin arrested for aiding Netwalker ransomware gang (BleepingComputer) Russian spy agencies targeting Starlink with custom malware, Ukraine warns (The Telegraph) Russia Bans iPhones And iPads For Official Use: Report (BW Businessworld) Microsoft Suspends Extending Licenses For Companies in Russia (RadioFreeEurope/RadioLiberty)  Department of Homeland Security's Cyber Safety Review Board to Conduct Review on Cloud Security (US Department of Homeland Security) Microsoft Exchange hack is focus of cyber board's next review (Record)  Microsoft is under scrutiny after a recent attack by suspected Chinese hackers (Windows Central)  The DHS's CSRB to review cloud security practices following the hack of Microsoft Exchange govt email accounts (Security Affairs) Microsoft's role in data breach by Chinese hackers to be part of US cyber inquiry (Firstpost)

In this episode of the PowerShell Podcast, we welcome special guest Jim Truher, one of the founding fathers of PowerShell. We discuss his fascinating journey from being a professional musician to transitioning into a career in technology, the origins of PowerShell, and how he became involved in its creation. Jim shares insights into the new PowerShell Crescendo module, its benefits for developers and IT professionals, as well as the early challenges faced in bringing PowerShell to market, overcoming skepticism, and promoting its user base. We also explore the unique relationship between PowerShell and Microsoft Exchange and discuss Jim's most significant successes while working on PowerShell. Throughout the conversation, we learn more about the ongoing evolution of PowerShell and its potential future direction. Don't miss this insightful and engaging episode as we dive deep into the melodious journey of Jim Truher and the world of PowerShell.   Bio and Links: Jim Truher is a seasoned software engineer and a key contributor to the development of PowerShell at Microsoft. With a diverse background that includes a career as a professional musician, Jim transitioned into the tech industry, bringing his passion and creativity into the world of software development. As one of the founding fathers of PowerShell, he has played a crucial role in shaping this versatile scripting and automation tool, impacting the lives of countless IT professionals and developers worldwide. With expertise in scripting languages and a keen understanding of end-user needs, Jim continues to drive innovation and contribute to the evolution of PowerShell.   Watch The PowerShell Podcast on YouTube: https://www.youtube.com/watch?v=2QFUlhnzE0I https://github.com/JamesWTruher https://www.youtube.com/watch?v=fwt3XXA_pf0 https://www.youtube.com/watch?v=rzBAnbF1R8Y https://soundcloud.com/james-truher-20552461/project0004_mx2 https://www.powershellgallery.com/packages/FormatTools/0.6.0 https://powershellyoungteam.github.io/2023/05/08/PowerShell-Profiles-KeePass-and-PowerShellAI.html  

Is your Exchange server one of the vulnerable ones? Richard talks to Gareth Gudger about the ongoing security concerns around on-premises Exchange servers. The conversation addresses a blog post by the Exchange server team about restricting access of potentially vulnerable Exchange servers to Exchange Online. But, as Gareth explains, this has to do with hybrid Exchange, where your on-premises server can access Exchange Online in a privileged state. What is the right thing to do to limit exploits in Exchange? Keeping up with the latest versions, patching, and ultimately maintaining your entire infrastructure, especially Active Directory - all play a role in securing on-premises infrastructure. Stay vigilant!Links:Blocking Email from Vulnerable Exchange ServersTony Redmond's Comment on the Blog PostDeprecation of Remote PowerShellRe-enabling or Extending RPSExchange Online PowerShell v3Exchange Server 2013 End of SupportTurning off your Last Exchange ServerOffice 365 for IT ProsRecorded April 4, 2023

Welcome to this episode of the Security Squawk podcast, where our cyber experts bring you the latest updates on the top security news and trends. In today's episode, we cover the following stories: Procter & Gamble falls victim to a ransomware attack by the notorious Clop group, highlighting the growing threat of ransomware to businesses and organizations. Microsoft launches Exchange Online to prevent vulnerable servers from being exploited by hackers and block malicious emails from reaching users. The theft of around 8 million driver's license numbers from Australia and New Zealand underscores the importance of securing personal data and the need for stronger data protection regulations. We also discuss a recent bug discovered in Chat GPT, the AI language model, and its implications for data privacy and security. Tune in to this episode for expert insights and analysis on these critical security issues.

This episode reports on 1 million patients victimized in GoAnywhere MFT hack, phony packages found in PyPI and NPM registries, WordPress website compromises and more

DragonSpark conducts "opportunistic" cyberattacks in East Asia. ProxyNotShell and OWASSRF exploit chains target Microsoft Exchange servers. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. CISA adds an entry to its Known Exploited Vulnerabilities Catalog. A Cisco study finds organizations see positive returns from investment in privacy. What's the hacktivist's postwar future? Joe Carrigan tracks a romance scam targeting seniors. Our guest is Pete Lund of OPSWAT to discuss the security of removable media devices. And a retired G-Man is indicted on multiple charges. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/15 Selected reading. DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation (SentinelOne) Technical Advisory: Proxy*Hell Exploit Chains in the Wild  (Bitdefender) Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (Unit 42) CISA Adds One Known Exploited Vulnerability to Catalog (CISA)   2023 Data Privacy Benchmark Study (Cicso) Hacktivism Is a Risky Career Path (WIRED) Retired FBI Executive Charged With Concealing $225,000 In Cash Received From An Outside Source (Department of Justice, U.S. Attorney's Office, District of Columbia)  Former Special Agent In Charge Of The New York FBI Counterintelligence Division Charged With Violating U.S. Sanctions On Russia (Department of Justice, U.S. Attorney's Office, Southern District of New York) Former Senior F.B.I. Official in New York Charged With Aiding Oligarch (New York Times)

A recently revealed vulnerability in Microsoft Exchange encryption can be used potentially to break the encryption on stored emails. In this episode we explain ECB (Electronic Code Book) encryption and how this attack can occur.

Endless vulnerabilities. Widespread hacking campaigns. Slow and technically tough patching. It's time to say goodbye to on-premise Exchange.

Endless vulnerabilities. Widespread hacking campaigns. Slow and technically tough patching. It's time to say goodbye to on-premise Exchange.

As Vice President of Threat Research & Intelligence at BlackBerry, Ismael Valenzuela leads threat research, intelligence, and defensive innovation. Ismael has participated as a security professional in numerous projects around the world for over the past two decades. In this episode, Ismael discusses his journey to become a top cybersecurity expert. We also explore the cybersecurity trends he and his team are seeing, and how cyber attackers are gaining a foothold and maintaining persistence. Segment Resources: https://www.blackberry.com/us/en/company/research-and-intelligence https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat   This week in the Security News: The secrets of Schneider Electric's UMAS protocol, Pixel 6 bootloader: Emulation, Securing Developer Tools: A New Supply Chain Attack on PHP, Microsoft Exchange double zero-day – “like ProxyShell, only different”, Tech Journalists Offered Bribes to Write Articles for Major Outlets, & Detecting Deepfake Audio!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw759

This week in the Security News: The secrets of Schneider Electric's UMAS protocol, Pixel 6 bootloader: Emulation, Securing Developer Tools: A New Supply Chain Attack on PHP, Microsoft Exchange double zero-day – “like ProxyShell, only different”, Tech Journalists Offered Bribes to Write Articles for Major Outlets, & Detecting Deepfake Audio!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw759

As Vice President of Threat Research & Intelligence at BlackBerry, Ismael Valenzuela leads threat research, intelligence, and defensive innovation. Ismael has participated as a security professional in numerous projects around the world for over the past two decades. In this episode, Ismael discusses his journey to become a top cybersecurity expert. We also explore the cybersecurity trends he and his team are seeing, and how cyber attackers are gaining a foothold and maintaining persistence. Segment Resources: https://www.blackberry.com/us/en/company/research-and-intelligence https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat   This week in the Security News: The secrets of Schneider Electric's UMAS protocol, Pixel 6 bootloader: Emulation, Securing Developer Tools: A New Supply Chain Attack on PHP, Microsoft Exchange double zero-day – “like ProxyShell, only different”, Tech Journalists Offered Bribes to Write Articles for Major Outlets, & Detecting Deepfake Audio!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw759

After making it through the hurricane last week, the Technado team got back to business. They covered Microsoft adding a VPN in their browser, the EU officially mandating USB-C, a couple of Microsoft Exchange 0-days, a slidable screen from Intel and Samsung, and hackers releasing data from LA schools. Finally, they talked about an Australian hacker that got roasted after backtracking on his demands.

After making it through the hurricane last week, the Technado team got back to business. They covered Microsoft adding a VPN in their browser, the EU officially mandating USB-C, a couple of Microsoft Exchange 0-days, a slidable screen from Intel and Samsung, and hackers releasing data from LA schools. Finally, they talked about an Australian hacker that got roasted after backtracking on his demands.

On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss a recent blog we published on the Witchetty (aka LookingFrog) espionage group, which has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa, including a new tool that employs steganography. We also discuss the recently discovered Microsoft Exchange Server zero days, the U.S. defense sector being targeted by multiple APT groups, and a newly discovered espionage actor called Metador, which was spotted operating in recent weeks. We also discuss the breach of Australian telecoms giant Optus, and some new information that has emerged about the takedown of the REvil/Sodinokibi ransomware gang.

On the latest episode of the Risk Roundtable, Andy leads Dave and Jen through a discussion of the various awareness campaigns and how these efforts do a great job of providing resources and materials for all organizations, big and small. Focusing first on Cybersecurity Awareness Month that is ongoing in the month of October, Jen talked through the messaging, the themes (See Yourself in Cyber) and the importance of each of us doing our part. Later in the podcast, Dave shared his thoughts on National Insider Threat Awareness Month that concluded in September and the theme of Critical Thinking for Digital Space and how everyone can do their part. The team also talked about security preparedness for the upcoming holidays. Andy capitalized on the discussion to talk about security awareness and mindfulness to appreciate, regardless of who you are and what your beliefs are. To cap off the episode, Andy took the roundtable through his three questions to include the always spicy debates on pumpkin pie and pumpkin flavored drinks. Microsoft Exchange links: https://www.microsoft.com/security/blog/2022/09/30/analyzing-attacks-using-the-exchange-vulnerabilities-cve-2022-41040-and-cve-2022-41082/ https://www.helpnetsecurity.com/2022/10/03/ms-exchange-cve-2022-41040-cve-2022-41082/ https://www.tenable.com/blog/cve-2022-41040-and-cve-2022-41082-proxyshell-variant-exploited-in-the-wild https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 Additional links include: Rob Joyce Cybersecurity Awareness Month Tweet: https://twitter.com/nsa_csdirector/status/1576879730006974464?s=21&t=i5SFfoTH_fMVxFbhMl1I2A Catalin Cimpanu Cybersecurity Awareness Month Tweet: https://twitter.com/campuscodi/status/1573485751278379018?s=21&t=i5SFfoTH_fMVxFbhMl1I2A Podcast link – https://gate15.global/the-gate-15-interview-cybersecurity-awareness-month-2022-with[…]ac-plus-background-shout-outs-favorite-movies-tigers-and-more/ Be A Cybersecurity Awareness Month Champion- https://staysafeonline.org/programs/cybersecurity-champion/ NCTC indicators – https://www.dni.gov/index.php/nctc-newsroom/nctc-resources/item/2272-u-s-violent-extremist-mobilization-indicators-2021 G15 resources IT - https://gate15.global/resources/insider-threat/ Jen Lyn Walker Tweet - https://twitter.com/gate15_jen/status/1576978983064780804?s=21&t=i5SFfoTH_fMVxFbhMl1I2A Major in the United States Army and a Maryland Doctor Facing Federal Indictment for Allegedly Providing Confidential Health Information to a Purported Russian Representative to Assist Russia Related to the Conflict In Ukraine https://www.justice.gov/usao-md/pr/major-united-states-army-and-maryland-doctor-facing-federal-indictment-allegedly Honolulu Man Pleads Guilty to Sabotaging Former Employer's Computer Network - https://www.justice.gov/usao-hi/pr/honolulu-man-pleads-guilty-sabotaging-former-employer-s-computer-network

Two Microsoft Exchange zero-days exploited in the wild. A supply chain attack, possibly from Chinese intelligence services. There's new Lazarus activity: bring-your-own-vulnerable-driver. The Mexican government falls victim to apparent hacktivism. Flying under partial mobilization's radar. Betsy Carmelite from Booz Allen Hamilton talks about addressing the cyber workforce skills gap. Our guest Rachel Tobac from SocialProof Security brings a musical approach to security awareness training. How's your off-boarding program working out? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/190 Selected reading. Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server (CISA)  Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center) Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server (GTSC) URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different” (Naked Security) Microsoft confirms two Exchange Server zero days are being used in cyberattacks (The Record by Recorded Future)Microsoft confirms new Exchange zero-days are used in attacks (BleepingComputer)  Two Microsoft Exchange zero-days exploited in the wild. (CyberWre)  CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) Suspected Chinese hackers tampered with widely used customer chat program, researchers say (Reuters) Report: Commercial chat provider hijacked to spread malware in supply chain attack (The Record by Recorded Future)  CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer (crowdstrike.com) Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium (WeLiveSecurity) Lazarus & BYOVD: evil to the Windows core (Virus Bulletin) Lazarus hackers abuse Dell driver bug using new FudModule rootkit (BleepingComputer) Mexican government suffers major data hack, president's health issues revealed (Reuters) Mexican president confirms ‘Guacamaya' hack targeting regional militaries (The Record by Recorded Future) Analysis: Mexico data hack exposes government cybersecurity vulnerability (Reuters) Russians dodging mobilization behind flourishing scam market (BleepingComputer)  Honolulu Man Pleads Guilty to Sabotaging Former Employer's Computer Network (US Department of Justice)

Microsoft Exchange 0-Day Update https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/ CISA Adds Atlasian Bitbucket Vulnerability to Exploited List https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog Every unsandboxed app has Full Disk Access if Terminal Does https://lapcatsoftware.com/articles/FullDiskAccess.html

Microsoft Exchange 0-Day Update https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/ CISA Adds Atlasian Bitbucket Vulnerability to Exploited List https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog Every unsandboxed app has Full Disk Access if Terminal Does https://lapcatsoftware.com/articles/FullDiskAccess.html

Hello, and welcome to another episode of CISO Tradecraft -- the podcast that provides you with the information, knowledge, and wisdom to be a more effective cybersecurity leader.  My name is G. Mark Hardy, and today we are going to discuss how nation state conflict and sponsored cyberattacks can affect us as non-combatants, and what we should be doing about it.  Even if you don't have operations in a war zone, remember cyber has a global reach, so don't think that just because you may be half a world away from the battlefield that someone is not going to reach out and touch you in a bad way.  So, listen for what I think will be a fascinating episode, and please do us a small favor and give us a "like" or a 5-star review on your favorite podcast platform -- those ratings really help us reach our peers.  It only takes a click -- thank you for helping out our security leadership community. I'm not going to get into any geopolitics here; I'm going to try to ensure that this episode remains useful for quite some time.  However, since the conflict in Ukraine has been ongoing for over two hundred days, I will draw examples from that. The ancient Chinese military strategist Sun Tzu wrote: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself but not the enemy, for every victory gained you will also suffer a defeat.  If you know neither the enemy nor yourself, you will succumb in every battle.” That's a little more detailed than the classic Greek aphorism, "know thyself," but the intent is the same even today.  Let me add one more quote and we'll get into the material.  Over 20 years ago, when he was Secretary of Defense, Donald Rumsfeld said: "As we know, there are known knowns; there are things we know we know.  We also know there are known unknowns; that is to say we know there are some things we do not know.  But there are also unknown unknowns—the ones we don't know we don't know.  And if one looks throughout the history of our country and other free countries, it is the latter category that tends to be the difficult ones. So, knowledge seems extremely important throughout the ages.  Modern governments know that, and as a result all have their own intelligence agencies.  Let's look at an example.  If we go to the CIA's website, we will see the fourfold mission of the Central Intelligence Agency: Collecting foreign intelligence that matters Producing objective all-source analysis Conducting effective covert action as directed by the President Safeguarding the secrets that help keep our nation safe. Why do we mention this?  Most governments around the world have similar Nation State objectives and mission statements.  Additionally, it's particularly important to understand what is wanted by "state actors" (note, I'll use that term for government and contract intelligence agents.). What are typical goals for State Actors?  Let's look at a couple: Goal 1: Steal targeting data to enable future operations.  Data such as cell phone records, banking statements or emails allow countries to better target individuals and companies when they know that identifying information.  Additionally, targeting data allows Nation state organizations to understand how individuals are connected.  This can be key when we are looking for key influencers for targets of interest.  All targeting data should not be considered equal.  Generally, Banking and Telecom Data are considered the best for collecting so be mindful if that is the type of company that you protect.  State Actors target these organizations because of two factors:The Importance of the Data is the first factor.  If one party sends a second party an email, that means there is a basic level of connection.  However, it's not automatically a strong connection since we all receive emails from spammers.  If one party calls someone and talks for 10 minutes to them on a phone call, that generally means a closer connection than an email.  Finally, if one party sends money to another party that either means a really strong connection exists, or someone just got scammed. The Accuracy of the Data is the second factor.  Many folks sign up for social media accounts with throw away credentials (i.e., fake names and phone numbers).  Others use temporary emails to attend conferences, so they don't get marketing spam when they get home.  However, because of Anti Money Laundering (or AML) laws, people generally provide legitimate data to financial services firms.  If they don't, then they risk not being able to take the money out of a bank -- which would be a big problem. A second goal in addition to collecting targeting data, is that State Actors are interested in collecting Foreign Intelligence.  Foreign Intelligence which drives policy-making decisions is very impactful.  Remember, stealing secrets that no one cares about is generally just a waste of government tax dollars.  If governments collect foreign intelligence on sanctioned activity, then they can inform policy makers on the effectiveness of current sanctions, which is highly useful.  By reporting sanctioned activity, the government can know when current sanctions are being violated and when to update current sanctions.  This can result in enabling new intelligence collection objectives.  Examples of this include:A country may sanction a foreign air carrier that changes ownership or goes out of business.  In that case, sanctions may be added against different airlines.  This occurred when the US sanctioned Mahan Air, an Iran's airline.  Currently the US enforces sanctions on more than half of Iran's civilian airlines. A country may place sanctions on a foreign bank to limit its ability to trade in certain countries or currencies.  However, if sanctioned banks circumvent controls by trading with smaller banks which are not sanctioned, then current sanctions are likely ineffective.  Examples of sanctioning bank activity by the US against Russia during the current war with Ukraine include:On February 27th sanctions were placed against Russian Banks using the SWIFT international payment systems On February 28th, the Russian Central Bank was sanctioned On March 24th, the Russian Bank Sberbank CEO was sanctioned On April 5th, the US IRS suspended information exchanges with the Russian tax authorities to hamper Moscow's ability to collect taxes. On April 6th, the US sanctioned additional Russian banks. These sanctions didn't just start with the onset of hostilities on 24 February 2022.  They date back to Russia's invasion of Crimea.  It's just that the US has turned up the volume this time. If sanctions are placed against a country's nuclear energy practices, then knowing what companies are selling or trading goods into the sanctioned country becomes important.  Collecting information from transportation companies that identify goods being imported and exported into the country can also identify sanction effectiveness. A third goal or activity taken by State Actors is covert action.  Covert Action is generally intended to cause harm to another state without attribution.  However, anonymity is often hard to maintain.If we look at Russia in its previous history with Ukraine, we have seen the use of cyber attacks as a form of covert action.  The devastating NotPetya malware (which has been generally accredited to Russia) was launched as a supply chain attack.  Russian agents compromised the software update mechanism of Ukrainian accounting software M.E. Doc, which was used by nearly 400,000 clients to manage financial documents and file tax returns.  This update did much more than the intended choking off of Ukrainian government tax revenue -- Maersk shipping estimates a loss of $300 million.  FedEx around $400 million.  The total global damage to companies is estimated at around $10 billion. The use of cyberattacks hasn't been limited to just Russia.  Another example is Stuxnet.  This covert action attack against Iranian nuclear facilities that destroyed nearly one thousand centrifuges is generally attributed to the U.S. and Israel. Changing topics a little bit, we can think of the story of two people encountering a bear. Two friends are in the woods, having a picnic.  They spot a bear running at them.  One friend gets up and starts running away from the bear.  The other friend opens his backpack, takes out his running shoes, changes out of his hiking boots, and starts stretching.  “Are you crazy?” the first friend shouts, looking over his shoulder as the bear closes in on his friend.  “You can't outrun a bear!”  “I don't have to outrun the bear,” said the second friend.  “I only have to outrun you.” So how can we physically outrun the Cyber Bear? We need to anticipate where the Bear is likely to be encountered.  Just as national park signs warn tourists of animals, there's intelligence information that can inform the general public.  If you are looking for physical safety intelligence you might consider:The US Department of State Bureau of Consular Affairs.  The State Department hosts a travel advisory list.  This list allows anyone to know if a country has issues such as Covid Outbreaks, Civil Unrest, Kidnappings, Violent Crime, and other issues that would complicate having an office for most businesses. Another example is the CIA World Factbook.  The World Factbook provides basic intelligence on the history, people, government, economy, energy, geography, environment, communications, transportation, military, terrorism, and transnational issues for 266 world entities. Additionally you might also consider data sources from the World Health Organization and The World Bank If we believe that one of our remote offices is now at risk, then we need to establish a good communications plan.  Good communications plans generally require at least four forms of communication.  The acronym PACE or Primary, Alternate, Contingency, and Emergency is often usedPrimary Communication: We will first try to email folks in the office. Alternate Communication: If we are unable to communicate via email, then we will try calling their work phones. Contingency Communication: If we are unable to reach individuals via their work phones, then we will send a Text message to their personal cell phones. Emergency Communication: If we are unable to reach them by texting their personal devices, then we will send an email to their personal emails and next of kin. Additionally, we might purchase satellite phones for a country manager.  Satellite phones can be generally purchased for under $1,000 and can be used with commercial satellite service providers such as Inmarsat, Globalstar, and Thuraya.  One popular plan is Inmarsat's BGAN.  BGAN can usually be obtained from resellers for about $100 per month with text messaging costing about fifty cents each and calls costing about $1.50 per minute.  This usually translates to a yearly cost of $1,500-2K per device.  Is $2K worth the price of communicating to save lives in a high-risk country during high political turmoil?  Let your company decide.  Note a great time to bring this up may be during use-or-lose money discussions at the end of the year. We should also consider preparing egress locations.  For example, before a fire drill most companies plan a meetup location outside of their building so they can perform a headcount.  This location such as a vacant parking lot across the street allows teams to identify missing personnel which can later be communicated to emergency personnel.  If your company has offices in thirty-five countries, you should think about the same thing, but not assembling across the street but across the border.  Have you identified an egress office for each overseas country?  If you had operations in Ukraine, then you might have chosen a neighboring country such as Poland, Romania, or Hungary to facilitate departures.  When things started going bad, that office could begin creating support networks to find local housing for your corporate refugees.  Additionally, finding job opportunities for family members can also be extremely helpful when language is a barrier in new countries. If we anticipate the Bear is going to attack our company digitally, then we should also look for the warning signs.  Good examples of this include following threat intelligence information from: Your local ISAC organization.  ISAC or Information Sharing Analysis Centers are great communities where you can see if your vertical sector is coming under attack and share your experiences/threats.  The National Council of ISACs lists twenty-five different members across a wide range of industries.  An example is the Financial Services ISAC or FS-ISAC which has a daily and weekly feed where subscribers can find situational reports on cyber threats from State Actors and criminal groups. InfraGard™ is a partnership between the Federal Bureau of Investigation and members of the private sector for the protection of US Critical Infrastructure.  Note you generally need to be a US citizen without a criminal history to join AlienVault offers a Threat Intelligence Community called Open Threat Exchange which grants users free access to over nineteen million threat indicators.  Note AlienVault currently hosts over 100,000 global participants, so it's a great place to connect with fellow professionals. The Cybersecurity & Infrastructure Security Agency or CISA also routinely issues cybersecurity advisories to stop harmful malware, ransomware, and nation state attacks.  Helpful pages on their websites include the following:Shields Up which provides updates on cyber threats, guidance for organizations, recommendations for corporate Leaders and CEOs, ransomware responses, free tooling, and steps that you can take to protect your families. There's even a Shields Technical Guidance page with more detailed recommendations. CISA routinely puts out Alerts which identify threat actor tactics and techniques.  For example, Alert AA22-011A identifies how to understand and mitigate Russian State Sponsored Cyber Threats to US Critical Infrastructure.  This alert tells you what CVEs the Russian government is using as well as the documented TTPs which map to the MITRE ATT&CK™ Framework.  Note if you want to see more on the MITRE ATT&CK mapped to various intrusion groups we recommend going to attack.mitre.org slant groups. CISA also has notifications that organizations can sign up for to receive timely information on security issues, vulnerabilities, and high impact activity. Another page to note on CISA's website is US Cert.  Here you can report cyber incidents, report phishing, report malware, report vulnerabilities, share indicators, or contact US Cert.  One helpful page to consider is the Cyber Resilience Review Assessment.  Most organizations have an IT Control to conduct yearly risk assessments, and this can help identify weaknesses in your controls. Now that we have seen a bear in the woods, what can we do to put running shoes on to run faster than our peers?  If we look at the CISA Shield Technical Guidance Page we can find shields up recommendations such as remediating vulnerabilities, enforcing MFA, running antivirus, enabling strong spam filters to prevent phishing attacks, disabling ports and protocols that are not essential, and strengthening controls for cloud services.  Let's look at this in more detail to properly fasten our running shoes. If we are going to remediate vulnerabilities let's focus on the highest priority.  I would argue those are high/critical vulnerabilities with known exploits being used in the wild.  You can go to CISA's Known Exploited Vulnerabilities Catalog page for a detailed list.  Each time a new vulnerability gets added, run a vulnerability scan on your environment to prioritize patching. Next is Multi Factor Authentication (MFA).  Routinely we see organizations require MFA access to websites and use Single Sign On.  This is great -- please don't stop doing this.  However, we would also recommend MFA enhancements in two ways.  One, are you using MFA on RDP/SSH logins by administrators?  If not, then please enable immediately.  You never know when one developer will get phished, and the attacker can pull his SSH keys.  Having MFA means even when those keys are lost, bad actor propagation can be minimized.  Another enhancement is to increase the security within your MFA functionality.  For example, if you use Microsoft Authenticator today try changing from a 6 digit rotating pin to using security features such as number matching that displays the location of their IP Address.  You can also look at GPS conditional policies to block all access from countries in which you don't have a presence. Running antivirus is another important safeguard.  Here's the kicker -- do you actually know what percentage of your endpoints are running AV and EDR agents?  Do you have coverage on both your Windows and Linux Server environments?  Of the agents running, what portion have signatures updates that are not current?  How about more than 30 days old.  We find a lot of companies just check the box saying they have antivirus, but if you look behind the scenes you can see that antivirus isn't as effective as you think when it's turned off or outdated. Enabling Strong Spam Filters is another forgotten exercise.  Yes, companies buy solutions like Proofpoint to secure email, but there's more that can be done.  One example is implementing DMARC to properly authenticate and block spoofed emails.  It's the standard now and prevents brand impersonation.  Also please consider restricting email domains.  You can do this at the very top.  Today, the vast majority of legitimate correspondents still utilize one of the original seven top-level domains:  .com, .org, .net, .edu, .mil, .gov, and .int, as well as two-letter country code top-level domains (called ccTLDs).  However, you should look carefully at your business correspondence to determine if communicating with all 1,487 top-level domains is really necessary.  Let's say your business is located entirely in the UK.  Do you really want to allow emails from Country codes such as .RU, .CN, and others?  Do you do business with .hair, or .lifestyle, or .xxx?  If you don't have a business reason for conducting commerce with these TLDs, block them and minimize both spam and harmful attacks.  It won't stop bad actors from using Gmail to send phishing attacks, but you might be surprised at just how much restricting TLDs in your email can help.  Note that you have to be careful not to create a self-inflicted denial of service, so make sure that emails from suspect TLDs get evaluated before deletion. Disabling Ports and Protocols is key since you don't want bad actors having easy targets.  One thing to consider is using Amazon Inspector.  Amazon Inspector has rules in the network reachability package to analyze your network configurations to find security vulnerabilities in your EC2 Instances.  This can highlight and provide guidance about restricting access that is not secure such as network configurations that allow for potentially malicious access such as mismanaged security groups, Access Control Lists, Internet Gateways, etc. Strengthening Cloud Security- We won't go into this topic too much as you could spend a whole talk on strengthening cloud security.  Companies should consider purchasing a cloud security solution like Wiz, Orca, or Prisma for help in this regard.  One tip we don't see often is using geo-fencing and IP allow-lists.  For example, one new feature that AWS recently created is to enable Web Application Firewall protections for Amazon Cognito.  This makes it easier to protect user pools and hosted UIs from common web exploits. Once we notice there's likely been a bear attack on our peers or our infrastructure, we should report it.  This can be done by reporting incidents to local governments such as CISA or a local FBI field office, paid sharing organizations such as ISAC, or free communities such as AlienVault OTX. Let's walk through a notional example of what we might encounter as collateral damage in a cyberwar.  However, to keeps this out of current geopolitics, we'll use the fictitious countries Blue and Orange. Imagine that you work at the Acme Widget Corporation which is a Fortune 500 company with a global presence.  Because Acme manufactures large scale widgets in their factory in the nation of Orange, they are also sold to the local Orange economy.  Unfortunately for Acme, Orange has just invaded their neighboring country Blue.  Given that Orange is viewed as the aggressor, various countries have imposed sanctions against Orange.  Not wanting to attract the attention of the Orange military or the U.S. Treasury department, your company produces an idea that might just be crazy enough to work.  Your company is going to form a new company within Orange that is not affiliated with the parent company for the entirety of the war.  This means that the parent company won't provide services to the Orange company.  Additionally, since there is no affiliation between the companies then the legal department advises that there will not be sanction evasion activity which could put the company at risk.  There's just one problem.  Your company has to evict the newly created Orange company (Acme Orange LLC) from its network and ensure it has the critical IT services to enable its success. So where do we start?  Let's consider a few things.  First, what is the lifeblood of a company?  Every company really needs laptops and Collaboration Software like Office 365 or GSuite.  So, if we have five hundred people in the new Acme Orange company, that's five hundred new laptops and a new server that will host Microsoft Exchange, a NAS drive, and other critical Microsoft on premises services. Active Directory: Once you obtain the server, you realize a few things.  Previous Acme admin credentials were used to troubleshoot desktops in the Orange environment.  Since exposed passwords are always a bad thing, you get your first incident to refresh all passwords that may have been exposed.  Also, you ensure a new Active Directory server is created for your Orange environment.  This should leverage best practices such as MFA since Orange Companies will likely come under attack. Let's talk about other things that companies need to survive: Customer relations management (CRM) services like Salesforce Accounting and Bookkeeping applications such as QuickBooks Payment Software such as PayPal or Stripe File Storage such as Google Drive or Drop Box Video Conferencing like Zoom Customer Service Software like Zendesk Contract Management software like DocuSign HR Software like Bamboo or My Workday Antivirus & EDR software Standing up a new company's IT infrastructure in a month is never a trivial task.  However, if ACME Orange is able to survive for 2-3 years it can then return to the parent company after the sanctions are lifted. Let's look at some discussion topics. What IT services will be the hardest to transfer? Can new IT equipment for Acme Orange be procured in a month during a time of conflict? Which services are likely to only have a SaaS offering and not enable on premises during times of conflicts? Could your company actually close a procurement request in a one-month timeline? If we believe we can transfer IT services and get the office up and running, we might look at our cyber team's role in providing recommendations to a new office that will be able to survive a time of turmoil. All laptops shall have Antivirus and EDR enabled from Microsoft. Since the Acme Orange office is isolated from the rest of the world, all firewalls will block IP traffic not originating from Orange. SSO and MFA will be required on all logins Backups will be routinely required. Note if you are really looking for effective strategies to mitigate cyber security incidents, we highly recommend the Australian Essential Eight.  We have a link in our show notes if you want more details. Additionally, the ACME Orange IT department will need to create its own Incident Response Plan (IRP).  One really good guide for building Cyber Incident Response Playbooks comes from the American Public Power Association.  (I'll put the link in our show notes.)  The IRP recommends creating incident templates that can be used for common attacks such as: Denial of Service (DoS) Malware Web Application Attack (SQL Injection, XSS, Directory Traversal, …) Cyber-Physical Attack Phishing Man in the middle attack Zero Day Exploit This Incident Response Template can identify helpful information such as Detection: Record how the attack was identified Reporting: Provide a list of POCs and contact information for the IT help desk to contact during an event Triage: List the activities that need to be performed during Incident Response.  Typically, teams follow the PICERL model.  (Preparation - Identification - Containment - Eradication - Recovery - Lessons Learned) Classification: Depending on the severity level of the event, identify additional actions that need to occur Communications: Identify how to notify local law enforcement, regulatory agencies, and insurance carriers during material cyber incidents.  Additionally describe the process on how communications will be relayed to customers, employees, media, and state/local leaders. As you can see, there is much that would have to be done in response to a nation state aggression or regional conflict that would likely fall in your lap.  If you didn't think about it before, you now have plenty of material to work with.  Figure out your own unique requirements, do some tabletop exercises where you identify your most relevant Orange and Blue future conflict, and practice, practice, practice.  We learned from COVID that companies that were well prepared with a disaster response plan rebranded as a pandemic response plan fared much better in the early weeks of the 2020 lockdown.  I know my office transitioned to remote work for over sixty consecutive weeks without any serious IT issues because we had a written plan and had practiced it.  Here's another one for you to add to your arsenal.  Take the time and be prepared -- you'll be a hero "when the bubble goes up."  (There -- you've learned an obscure term that nearly absent from a Google search but well-known in the Navy and the Marine Corps.) Okay, that's it for today's episode on Outrunning the Bear.  Let's recap: Know yourself Know what foreign adversaries want Know what information, processes, or people you need to protect Know the goals of state actors:steal targeting data collect foreign intelligence covert action Know how to establish a good communications plan (PACE)Primary Alternate Contingency Emergency Know how to get out of Dodge Know where to find private and government threat intelligence Know your quick wins for protectionremediate vulnerabilities implement MFA everywhere run current antivirus enable strong spam filters restrict top level domains disable vulnerable or unused ports and protocols strengthen cloud security Know how to partition your business logically to isolate your IT environments in the event of a sudden requirement. Thanks again for listening to CISO Tradecraft.  Please remember to like us on your favorite podcast provider and tell your peers about us.  Don't forget to follow us on LinkedIn too -- you can find our regular stream of low-noise, high-value postings.  This is your host G. Mark Hardy, and until next time, stay safe. References https://www.goodreads.com/quotes/17976-if-you-know-the-enemy-and-know-yourself-you-need https://en.wikipedia.org/wiki/There_are_known_knowns  https://www.cia.gov/about/mission-vision/  https://www.cybersecurity-insiders.com/ukraines-accounting-software-firm-refuses-to-take-cyber-attack-blame/  https://www.wired.com/story/notpetya-cyberattack-ukraine-russia-code-crashed-the-world/  https://www.nationalisacs.org/member-isacs-3  https://attack.mitre.org/groups/  https://data.iana.org/TLD/tlds-alpha-by-domain.txt  https://www.publicpower.org/system/files/documents/Public-Power-Cyber-Incident-Response-Playbook.pdf 

Join #FortiGuardLabs' Derek Manky and Aamir Lakhani for another edition of FortiGuardLIVE as they provide an update on zero-day vulnerabilities on Microsoft Exchange Servers. Hear the latest about these vulnerabilities and protections. #RCEVulnerability #ZeroDay

Five Minute Forecast for the week of September 26th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. London police arrest teen who may be connected to Uber, Rockstar attacks A highly advanced cyber-spying group found in telecom and university systems And malicious OAuth cloud apps turn Microsoft Exchange servers into spam networks  We're joined by former Gartner analyst Jonathan Care, who explains how to identify and protect against insider and external threats.

Google G-Suite to Microsoft Exchange lessons, Learning PowerShell

Don and Daniel are joined by Ronnie Wong this week to talk about the first laptop with a RISC-V processor that'll come out soon. Then, the team discussed bypassing Windows 11 install restrictions, Azure capacity issues, Microsoft Exchange servers getting hacked, how HackerOne handled its own ‘internal threat' actor, and British army crypto scams.

Don and Daniel are joined by Ronnie Wong this week to talk about the first laptop with a RISC-V processor that'll come out soon. Then, the team discussed bypassing Windows 11 install restrictions, Azure capacity issues, Microsoft Exchange servers getting hacked, how HackerOne handled its own ‘internal threat' actor, and British army crypto scams.

A daily look at the relevant information security news from overnight - 01 July, 2022Episode 256 - 01 June 2022Critical Gitlab Patch- https://portswigger.net/daily-swig/gitlab-patches-critical-rce-bug-in-latest-security-release Jenkins Janky Plugins - https://www.bleepingcomputer.com/news/security/jenkins-discloses-dozens-of-zero-day-bugs-in-multiple-plugins/WAP Fraud- https://www.zdnet.com/article/microsoft-this-android-malware-will-switch-off-your-wi-fi-empty-your-wallet/Macmillan Incident - https://www.securityweek.com/brocade-vulnerabilities-could-impact-storage-solutions-several-major-companiesMicrosoft Backdoor - https://thehackernews.com/2022/07/new-sessionmanager-backdoor-targeting.htmlDangling Chromium - https://portswigger.net/daily-swig/chromium-browsers-vulnerable-to-dangling-markup-injectionHi, I'm Paul Torgersen. It's Friday July 1st 2022, and this is a look at the information security news from overnight. From PortSwigger.netGitlab has patched a vulnerability that could allow remote code execution. The critical severity flaw affects all versions of GitLab. A fix has been released for this and a number of other vulnerabilities, including two separate cross-site scripting bugs. Link to the Gitlab advisory in the article. From BleepingComputer.com:Jenkins announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched. Jenkins supports over 1,700 plugins, with those affected by this disclosure having more than 22,000 installs. Fortunately none of these are rated critical as there are no fixes as of yet for most of them. See the list of affected plugins in the article. From ZDNet.com:Microsoft shared its detailed technical analysis of what it says is one of the most prevalent types of Android malware. It's called 'toll billing', or Wireless Application Protocol fraud. This involves using an infected device to connect to payment pages of a premium service via a device's WAP connection. From there, payments are automatically charged to a device's phone bill. Details and a link to the analysis in the article. From BleepingComputer.comPublishing giant Macmillan was forced to shut down their network and offices while recovering from a security incident. In emails to customers, Macmillan stated the incident involves the encryption of certain files on their network, so this is almost certainly a ransomware attack. No word on the threat actor as Macmillian has slowly started to bring systems back online. And last today, from TheHackerNews.comA newly discovered malware called SessionManager, has backdoored Microsoft Exchange servers since at least March of 2021. If you recall, that was right after the ProxyLogon flaw was discovered. The malware masquerades as a module for Internet Information Services, with capabilities to read, write, and delete arbitrary files; execute binaries from the server; and establish communications with other endpoints in the network. That's all for me this week. Have a great Fourth of July long weekend, and until next time, be safe out there.

A daily look at the relevant information security news from overnight - 27 June, 2022Episode 253 - 27 June 2022BBVA 2FA Clone- https://thehackernews.com/2022/06/new-android-banking-trojan-revive.html ICS ShadowPad - https://www.bleepingcomputer.com/news/security/microsoft-exchange-bug-abused-to-hack-building-automation-systems/LockBit Bounty- https://www.pcmag.com/news/ransomware-gang-offers-bug-bounty-promises-payouts-up-to-1-millionRaccoon 2.0 - https://www.bleepingcomputer.com/news/security/raccoon-stealer-is-back-with-a-new-version-to-steal-your-passwords/OpenSSL Bad Memory - https://www.theregister.com/2022/06/27/openssl_304_memory_corruption_bug/?td=rt-3aHi, I'm Paul Torgersen. It's Tuesday June 28th, 2022, and I want to say a quick thank you as I have just passed 100 subscribers on YouTube. Which is great, but let's not stop there. If you find this valuable, please share with your networks and colleagues. Let's see if we can't add a zero or two to that number. And now, this is a look at the information security news from overnight. From TheHackerNews.comA new Android banking trojan called Revive has been discovered specifically targeting users of the Spanish financial services company BBVA. Phishing campaigns push a look alike website where victims download an app which impersonates the bank's two factor authentication app. Italian cybersecurity firm Cleafy first spotted the malware in mid June, and says it appears to be in its early stages of development. From BleepingComputer.com:A new Chinese-speaking threat actor is hacking into the building automation systems of several Asian organizations and loading the ShadowPad backdoor. The group focused on devices that have not yet patched the Microsoft Exchange vulnerability collectively known as ProxyLogon. According to Dutch research, there are about 46,000 such machines. Kaspersky believes the group is ultimately hunting for sensitive information. From PCMag.com:In what seems to be a first, the LockBit ransomware group has launched a bug bounty program. Evidently they have been successful enough to be able to afford to buy new zero-days. Their current rates run from $1,000 to $1 million, although the million bucks for is you can dox the LockBit leader. If this is compelling to any of you, keep in mind that the main targets for this group are healthcare and education, two of the most vulnerable populations out there. Do you really want to help somebody like that? From BleepingComputer.com:I mentioned last week that the Raccoon Stealer group had temporarily shuttered operations after one of their leaders was killed in the Russian invasion of Ukraine. Well, they're back in action with 2.0, a new and completely re-coded version of their malware offering elevated password-stealing functionality and upgraded operational capacity. Details in the article. And last today, from TheRegister.comOpenSSL 3.0.4 was released on June 21 to address a command-injection vulnerability that they hadn't quite completely patched earlier. Unfortunately, the new release contains a memory corruption which can be triggered trivially by an attacker. This targets the Intel Advanced Vector Extensions 512, or AVX512. The researcher said that if this bug can be exploited remotely, and they are not certain yet that it can, it could be more severe than Heartbleed, at least from a purely technical point of view. Details in the link. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.

A daily look at the relevant information security news from overnight - 21 June, 2022Episode 249 - 21 June 2022ToddyCat Tracked- https://www.bleepingcomputer.com/news/security/new-toddycat-apt-group-targets-exchange-servers-in-asia-europe/ NTLM Relay Attack - https://thehackernews.com/2022/06/new-ntlm-relay-attack-lets-attackers.htmlOT Insecure by Design- https://www.securityweek.com/basecamp-icefall-secure-design-ot-makes-little-headwayMicrosoft Re-Arms Windows - https://www.zdnet.com/article/microsoft-this-out-of-band-windows-security-update-fixes-microsoft-365-sign-in-issues-for-arm-devices/Beware Zombie Bugs - https://www.theregister.com/2022/06/21/apple-safari-zombie-exploit/Hi, I'm Paul Torgersen. It's Tuesday June 21st, 2022, and from Chicago this is a look at the information security news from overnight. From BleepingComputer.comA new APT group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe. According to the Kaspersky researchers, it looks like they have been in action since at least December of 2020. Kaspersky has also found a previously unknown passive backdoor they named Samurai and new trojan malware dubbed Ninja Trojan. Both malware strains allow the attackers to take control of infected systems and move laterally within the victims' networks. From TheHackerNews.com:A new Windows NTLM relay attack dubbed DFSCoerce has been uncovered that leverages the Distributed File System: Namespace Management Protocol to seize control of a domain. This follows a similar method called PetitPotam that abuses Microsoft's Encrypting File System Remote Protocol to coerce Windows servers into authenticating with a relay under an attacker's control. To mitigate NTLM relay attacks, Microsoft recommends enabling Extended Protection for Authentication, SMB signing, and turning off HTTP on AD CS servers. From SecurityWeek.com:Ten years after project Basecamp, Forescout has conducted an updated project, dubbed OT:Icefall, to gauge the current state of Security By Design in OT products. They found 56 insecure by design problems stemming from ten manufacturers. Forescout says the flaws are not programming error vulnerabilities, but rather flaws in the protocols, authorizations, and certifications built into the designs. Seems not enough has changed in the last 10 years. From ZDNet.com:Microsoft has issued an out-of-band update for Windows 11 and Windows 10 to fix an issue that emerged with Arm devices after their latest Patch Tuesday update. It seems some users were prevented from signing into applications including VPN connections, Microsoft Teams, and Microsoft Outlook. The issue only affects Windows devices that use Arm processors; machines using other processors are not affected. If that is you and you have not yet applied the June 14 updates, you should use this out of band update instead. And last today, from TheRegister.comBeware of zombie vulnerabilities. The Safari browser had a vulnerability that was completely patched by Apple back in 2013 when it was discovered. Unfortunately that fix was regressed in 2016 during some code refactoring. That same bug was found being exploited earlier this year. It is unsure for how many of those five years the de-patched bug was being exploited in the wild. See the details and a link to the Google Project Zero research in the article. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.

Curiosity, Focus, and Forging a Path.In this episode of The Outspoken Podcast, host Shana Cosgrove talks to Gerard Spivey, Senior Systems Development Engineer at Amazon Web Services. Gerard speaks in detail about Amazon's interview process, giving us insight into their procedures and how he prepared himself. We also hear about Gerard's time at Amazon and the types of work he's taking on. Side hustles are a way of life for Gerard, and he speaks about his latest experiences managing his YouTube channel, Gerard's Curious Tech. Lastly, Gerard talks about his time at NYLA and how he was able to bring his full self to work thanks to NYLA's culture. QUOTES “I can do slow and steady, I can find my target audience, and then once I have that I can figure out what I want to parlay that into later.” - Gerard Spivey [25:59] “‘I'm a Senior Director [at Intel], and I can do what I want' is basically what he told me. He's like ‘the company has a 3.0 thing, but for someone like you who actually knows what they're talking about it's not a problem.' So I said, ‘Ooh this is my time, they're letting me in'” - Gerard Spivey [42:07] “You're in a good spot in your career when you're valued for the thing you're going to do next versus the thing you did previously. What you're going to do next is your competitive value - that is what you bring to the table.” - Gerard Spivey [48:27]   TIMESTAMPS  [00:04] Intro [01:31] Gerard's Wedding Ceremony [02:32] Working at Amazon Web Services (AWS) [05:33] Amazon's Interview Process [12:06] Gerard's Experience with the Job Market [15:54] Working at Amazon [19:11] Starting a New Job During COVID [19:43] Side Hustles [23:21] Gerard's YouTube Channel [31:08] Gerard's Childhood [31:52] How Gerard Decided to Study Electrical Engineering [34:19] Choosing a College [45:13] Gerard's Advice to his Younger Self [47:42] Favorite Books [50:57] Gerard's Time at NYLA [55:36] Outro RESOURCES https://aws.amazon.com/ec2/ (Amazon EC2) https://aws.amazon.com/ec2/instance-types/ (Amazon EC2 Instance Types) https://aws.amazon.com/dynamodb/ (Amazon DynamoDB) https://sre.google/ (Site Reliability Engineering (SRE)) https://www.c2stechs.com/ (Commercial Cloud Services (C2S)) https://www.thebalancecareers.com/what-is-the-star-interview-response-technique-2061629 (STAR Interview Response Method) https://www.microsoft.com/en-us/microsoft-365/exchange/email (Microsoft Exchange) https://azure.microsoft.com/en-us/ (Microsoft Azure) https://www.synopsys.com/glossary/what-is-cicd.html (CI/CD) https://mlt.org/ (Management Leadership for Tomorrow (MLT)) https://www.hbs.edu/ (Harvard Business School) https://a16z.com/ (Andreessen Horowitz) https://www.youtube.com/ (YouTube) https://www.nsbe.org/K-12/Programs/PCI-Programs (NSBE Pre-College Initiative Program) https://www.jhu.edu/ (Johns Hopkins University) https://www.abet.org/ (Accreditation Board for Engineering and Technology (ABET)) https://www.ncat.edu/ (North Carolina A&T State University) https://www.morgan.edu/ (Morgan State University) https://howard.edu/ (Howard University) https://www.rit.edu/ (Rochester Institute of Technology) https://www.psu.edu/ (Penn State University) https://www.digitaltechnologieshub.edu.au/teach-and-assess/classroom-resources/topics/digital-systems/ (Digital Systems) https://www.xilinx.com/products/silicon-devices/fpga/what-is-an-fpga.html (Field Programmable Gate Arrays (FPGAs)) https://www.gwu.edu/ (The George Washington University) https://www.intel.com/content/www/us/en/homepage.html (Intel) https://www.pcmag.com/encyclopedia/term/pci-express (PCI Express) https://www.intel.com/content/www/us/en/io/serial-ata/serial-ata-developer.html (Serial ATA (SATA)) https://consortium.org/ (Consortium of Universities of the Washington Metropolitan Area) https://www.amazon.com/Zero-One-Notes-Startups-Future/dp/0804139296 (Zero to One) by Peter Thiel and Blake Masters https://www.richdad.com/...

Microsoft had confusion in the Windows 2000 marketing and disappointment with Millennium Edition, which was built on a kernel that had run its course. It was time to phase out the older 95, 98, and Millennium code. So in 2001, Microsoft introduced Windows NT 5.1, known as Windows XP (eXperience). XP came in a Home or Professional edition.  Microsoft built a new interface they called Whistler for XP. It was sleeker and took more use of the graphics processors of the day. Jim Allchin was the Vice President in charge of the software group by then and helped spearhead development. XP had even more security options, which were simplified in the home edition. They did a lot of work to improve the compatibility between hardware and software and added the option for fast user switching so users didn't have to log off completely and close all of their applications when someone else needed to use the computer. They also improved on the digital media experience and added new libraries to incorporate DirectX for various games.  Professional edition also added options that were more business focused. This included the ability to join a network and Remote Desktop without the need of a third party product to take control of the keyboard, video, and mouse of a remote computer. Users could use their XP Home Edition computer to log into work, if the network administrator could forward the port necessary. XP Professional also came with the ability to support multiple processors, send faxes, an encrypted file system, more granular control of files and other objects (including GPOs), roaming profiles (centrally managed through Active Directory using those GPOs), multiple language support, IntelliMirror (an oft forgotten centralized management solution that included RIS and sysprep for mass deployments), an option to do an Automated System Recovery, or ASR restore of a computer. Professional also came with the ability to act as a web server, not that anyone should run one on a home operating system. XP Professional was also 64-bit given the right processor. XP Home Edition could be upgraded to from Windows 98, Windows 98 Second Edition, Millineum, and XP Professional could be upgraded to from any operating system since Windows 98 was released., including NT 4 and Windows 2000 Professional. And users could upgrade from Home to Professional for an additional $100.   Microsoft also fixed a few features. One that had plagued users was that they had to gracefully unmount a drive before removing it; Microsoft got in front of this when they removed the warning that a drive was disconnected improperly and had the software take care of that preemptively. They removed some features users didn't really use like NetMeeting and Phone Dialer and removed some of the themes options. The 3D Maze was also sadly removed. Other options just cleaned up the interface or merged technologies that had become similar, like Deluxe CD player and DVD player were removed in lieu of just using Windows Media Player. And chatty network protocols that caused problems like NetBEUI and AppleTalk were removed from the defaults, as was the legacy Microsoft OS/2 subsystem. In general, Microsoft moved from two operating system code bases to one. Although with the introduction of Windows CE, they arguably had no net-savings. However, to the consumer and enterprise buyer, it was a simpler licensing scheme. Those enterprise buyers were more and more important to Microsoft. Larger and larger fleets gave them buying power and the line items with resellers showed it with an explosion in the number of options for licensing packs and tiers. But feature-wise Microsoft had spent the Microsoft NT and Windows 2000-era training thousands of engineers on how to manage large fleets of Windows machines as Microsoft Certified Systems Engineers (MCSE) and other credentials. Deployments grew and by the time XP was released, Microsoft had the lions' share of the market for desktop operating systems and productivity apps. XP would only cement that lead and create a generation of systems administrators equipped to manage the platform, who never knew a way other than the Microsoft way. One step along the path to the MCSE was through servers. For the first couple of years, XP connected to Windows 2000 Servers. Windows Server 2003, which was built on the Windows NT 5.2 kernel, was then released in 2003. Here, we saw Active Directory cement a lead created in 2000 over servers from Novell and other vendors. Server 2003 became the de facto platform for centralized file, print, web, ftp, software  time, DHCP, DNS, event, messeging, and terminal services (or shared Remote Desktop services through Terminal Server). Server 2003 could also be purchased with Exchange 2003. Given the integration with Microsoft Outlook and a number of desktop services, Microsoft Exchange.  The groupware market in 2003 and the years that followed were dominated by Lotus Notes, Novell's GroupWise, and Exchange. Microsoft was aggressive. They were aggressive on pricing. They released tools to migrate from Notes to Exchange the week before IBM's conference. We saw some of the same tactics and some of the same faces that were involved in Microsoft's Internet Explorer anti-trust suit from the 1990s. The competition to Change never recovered and while Microsoft gained ground in the groupware space through the Exchange Server 4.0, 5.0, 5.5, 2000, 2003, 2007, 2010, 2013, and 2016 eras, by Exchange 2019 over half the mailboxes formerly hosted by on premises Exchange servers had moved to the cloud and predominantly Microsoft's Office 365 cloud service. Some still used legacy Unix mail services like sendmail or those hosted by third party providers like GoDaddy with their domain or website - but many of those ran on Exchange as well. The only company to put up true competition in the space has been Google. Other companies had released tools to manage Windows devices en masse. Companies like Altiris sprang out of needs for companies who did third party software testing to manage the state of Windows computers. Microsoft had a product called Systems Management Server but Altiris built a better product, so Microsoft built an even more robust solution called System Center Configuration Management server, or SCCM for short, and within a few years Altiris lost so much business they were acquired by Symantec. Other similar stories played out across other areas where each product competed with other vendors and sometimes market segments - and usually won. To a large degree this was because of the tight hold Windows had on the market. Microsoft had taken the desktop metaphor and seemed to own the entire stack by the end of the Windows XP era. However, the technology we used was a couple of years after the product management and product development teams started to build it. And by the end of the XP era, Bill Gates had been gone long enough, and many of the early stars that almost by pure will pushed products through development cycles were as well. Microsoft continued to release new versions of the operating systems but XP became one of the biggest competitors to later operating systems rather than other companies. This reluctance to move to Vista and other technologies was the main reason extended support for XP through to 2012, around 11 years after it was released. 

The NSO Group is back in the headlines, and it's maybe, the worst allegations of hacking for hire yet. The US and NATO blame China for the Exchange Server hacks. Does iOS now split the market with Android, at least in the US? And is Tesla charging customers for hardware they already paid for?Sponsors:Streak.com/techmemeTinyCapital.comLinks:Private Israeli spyware used to hack cellphones journalists, activists worldwide (Washington Post)U.S. and key allies accuse China of Microsoft Exchange cyberattacks (Axios)Zoom is buying cloud contact center provider Five9 for $14.7 billion (CNBC)CIRP: iPhone catches up to Android, now accounts for 50% of new smartphone activations in the US (9to5Mac)Tesla is charging owners $1,500 for hardware they already paid for (Electrek)See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.