POPULARITY
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
In this episode of Cybersecurity Today, host David Shipley covers critical security updates and vulnerabilities affecting Microsoft Exchange, Citrix NetScaler, and Fortinet SSL VPNs. With over 29,000 unpatched Exchange servers posing a risk for admin escalation and potential full domain compromise, urgent action is needed. Citrix Bleed 2 is actively being exploited, with significant incidents reported in the Netherlands and thousands of devices still unpatched globally. Fortinet SSL VPNs are experiencing a spike in brute force attacks, hinting at a possible new vulnerability on the horizon. Lastly, Shipley highlights notable moments from DEFCON 33, including innovative security hacks and sobering realities of the hacker community. Tune in for detailed breakdowns and insights on how to stay vigilant against these threats. 00:00 Introduction and Overview 00:32 Microsoft Exchange Vulnerability 02:54 Citrix Bleed Two Exploits 05:21 Fortinet SSL VPN Brute Force Attacks 07:39 Insights from DEFCON 33 13:46 Conclusion and Final Thoughts
CISA's Emergency Directive to ALL Federal agencies re: SharePoint. NVIDIA firmly says "no" to any embedded chip gimmicks. Dashlane is terminating its (totally unusable) free tier. Malicious repository libraries are becoming even more hostile. The best web filter (uBlock Origin) comes to Safari. The very popular SonicWall firewall is being compromised. >100 models of Dell Latitude and Precision laptops are in danger. The significant challenge of patching SharePoint (for example). A quick look at my DNS Benchmark progress. Does InControl prevent an important update. An venerable Sci-Fi franchise may be getting a great new series. What to do about the problem of AI "website sucking" Show Notes - https://www.grc.com/sn/SN-1038-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: zscaler.com/security canary.tools/twit - use code: TWIT uscloud.com go.acronis.com/twit
CISA issues an Emergency Directive to urgently patch a critical vulnerability in Microsoft Exchange hybrid configurations. SoupDealer malware proves highly evasive. Google patches a Gemini calendar flaw. A North Korean espionage group pivots to financial crime. Russia's RomCom exploits a WinRAR zero-day. Researchers turn Linux-based webcams into persistent threats. The Franklin Project enlists volunteer hackers to strengthen cybersecurity at U.S. water utilities. DoD announces the winner of DARPA's two-year AI Cyber Challenge. The U.S. extradites Ghanaian nationals for their roles in a massive fraud ring. Our guest is Steve Deitz, President of MANTECH's Federal Civilian Sector, with a look at cell-based Security Operations Centers (SOC). AI advice turns dinner into a medical mystery. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices, we are joined by Steve Deitz, President of MANTECH's Federal Civilian Sector, as he is discussing the cell-based Security Operations Center (SOC) approach. Check out the full conversation from Steve here. Selected Reading Understanding and Mitigating CVE-2025-53786: A Critical Microsoft Exchange Vulnerability (The DefendOps Diaries) CISA Issues Urgent Advisory to Address Microsoft Exchange Flaw (GB Hackers) SoupDealer Malware Evades Sandboxes, AVs, and EDR/XDR in Real-World Attacks (GB Hackers) Google Calendar invites let researchers hijack Gemini to leak user data (Bleeping Computer) North Korean Group ScarCruft Expands From Spying to Ransomware Attacks (Hackread) Russian Hackers Exploited WinRAR Zero-Day in Attacks on Europe, Canada (SecurityWeek) BadCam: New BadUSB Attack Turns Linux Webcams Into Persistent Threats (SecurityWeek) DEF CON hackers plug security holes in US water systems (The Register) DARPA announces $4 million winner of AI code review competition at DEF CON (The Record) 'Chairmen' of $100 million scam operation extradited to US (Bleeping Computer) Guy Gives Himself 19th Century Psychiatric Illness After Consulting With ChatGPT (404 Media) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode, host Jim Love thanks listeners for their support of his book 'Elisa, A Tale of Quantum Kisses,' which is available for 99 cents on Kindle. The show then dives into pressing cybersecurity issues discussed at Black Hat USA, including vulnerabilities in AI assistants via prompt injection attacks, and critical flaws in Broadcom chips used by Dell laptops that can lead to stealth backdoors. Microsoft Exchange zero-day vulnerabilities actively being exploited are also covered, along with a listener report about a Canadian domain registrar's expired security certificate. The episode emphasizes the importance of keeping systems and software updated to mitigate these security risks. 00:00 Introduction and Book Promotion 00:58 Cybersecurity Headlines 01:25 AI Assistant Vulnerabilities 03:36 Broadcom Chip Flaws in Dell Laptops 06:10 Microsoft Exchange Zero-Day Exploits 08:18 Listener's Domain Registrar Experience 10:36 Show Wrap-Up and Listener Engagement
Tom Uren and Amberleigh Jack talk about how recent SharePoint exploitation is a blow-by-blow repeat of the 2021 Microsoft Exchange mass compromise event. The international response to that clearly didn't deter Chinese hackers, so it is time to try something different. They also talk about recent cases where outsourcing IT services has come with increased risk. Convenient, cheap, secure, pick any two. This episode is also available on Youtube. Show notes
Eine Woche der Ausfälle! Du bekommst einen Ausfall und du bekommst einen Ausfall! Alle bekommen Ausfälle! Ok, war am Ende gar nicht so schlimm, gerade für Enduser kaum bis nicht relevant, für Unternehmen etwas weniger spaßig. Zumindest die Ausfälle bei Microsoft Exchange, Sharepoint und Teams. Starlink, von Elon Musks SpaceX, war zwar nur etwa zweieinhalb Stunden weltweit nicht funktionsfähig, betrifft damit aber auch zum Beispiel die Kommunikation der Ukraine im Krieg. Mo berichtet von Erfahrungen mit Copilot Plus oder vielmehr Copilot Chat, der etwas günstigeren Variante, in seinem Berufsumfeld. Und versucht dabei auch die Frage zu klären, was das eigentlich bringen soll. Meep hat nun zum ersten Mal ein iPhone, das iPhone 16 Pro, und zumindest nach den ersten Tagen sind die Umgewöhnungsschmerzen größer als die Freude über das Gerät (sie hat es über die Arbeit bekommen). Viel Spaß mit Folge 266! Sprecher:innen: Meep, Mohammed Ali DadAudioproduktion: Michael KisterVideoproduktion: Mohammed Ali Dad/Michael KisterTitelbild: Bildquellen: Aufnahmedatum: 25.07.2025 Besucht unsim Discord https://discord.gg/SneNarVCBMauf Bluesky https://bsky.app/profile/technikquatsch.deauf TikTok https://www.tiktok.com/@technikquatschauf Youtube https://www.youtube.com/@technikquatschauf Instagram https://www.instagram.com/technikquatschauf Twitch https://www.twitch.tv/technikquatsch RSS-Feed https://technikquatsch.de/feed/podcast/Spotify https://open.spotify.com/show/62ZVb7ZvmdtXqqNmnZLF5uApple Podcasts https://podcasts.apple.com/de/podcast/technikquatsch/id1510030975 00:00:00 Herzlich willkommen zu Technikquatsch Folge 266! Schlaftemperaturen, Kissen und weiche Matratzen 00:11:00 Ausfälle bei Microsoft Exchange, Sharepoint, Teamshttps://www.heise.de/news/Microsoft-Exchange-Bug-verursacht-EXTERN-im-Mail-Betreff-10497044.htmlhttps://www.heise.de/news/Microsoft365-Exchange-Online-Zugriffe-in-Deutschland-gestoert-10475048.htmlhttps://www.heise.de/hintergrund/Angriffe-auf-Microsoft-Sharepoint-Das-muessen-Admins-nach-dem-Patchen-tun-10496148.html 00:19:53 Internetausfall bei Meep 00:20:50 Microsoft Copilot Chat und Copilot Plus im Unternehmenseinsatz 00:49:18 weltweiter Ausfall bei Starlinkhttps://www.computerbase.de/news/internet/satellitennetzwerk-elon-musks-starlink-weltweit-ausgefallen.93654/ 00:51:47 Meep hat zum allerersten Mal ein iPhone (16 Pro) und flucht 01:04:47 Der Mops muss raus.
Three Buddy Problem - Episode 53: We dig into news of the first-ever arrest of a Chinese intelligence-linked hacker in Italy, unpack the mystery behind HAFNIUM and how they somehow got their hands on the same Microsoft Exchange zero-days that researcher Orange Tsai discovered - was it coincidence, inside access, or something more sinister? Plus, China's massive cyber capabilities pipeline, ‘theCom' teenagers arrested in the UK after ransomware binge, and spyware attacks against Russian organizations. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
In dieser Folge dreht sich alles um ein Thema, das viele IT-Abteilungen betrifft – und bei dem jetzt gehandelt werden sollte: Exchange Server SE. Was bedeutet das neue Microsoft-Update für On-Premise-Umgebungen? Wie sieht der Upgrade-Weg aus? Und wie macht man sein Setup zukunftssicher? Unsere Experten Sebastian und Nils von KOM4TEC bringen Licht ins Dunkel. Gemeinsam sprechen sie über die kommenden Veränderungen, erklären technische Hintergründe verständlich – und geben konkrete Empfehlungen, wie Unternehmen sich jetzt vorbereiten können.
Three Buddy Problem - Episode 52: Fresh intelligence reports out of Europe and China: France's ANSSI documents a string of Ivanti VPN zero-days ('Houken'), and Quanxin frames a stealth Microsoft Exchange-zero-day chain linked to a North American 'Night Eagle' threat actor. We dissect the technical bread-crumbs, questions the attribution math, and connects Houken to SentinelOne's “Purple Haze” research. Plus, the FBI's claim that China's “Salt Typhoon” has been “contained,” Iran's Nobitex crypto-exchange breach (Predatory Sparrow torches $90 million and leaks the source code), Iranian cyber capabilities and sanctions avoidance. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).
Hackers target over 70 Microsoft Exchange servers to steal credentials via keyloggers Apple, Netflix, Microsoft sites ‘hacked' for tech support scams The 2022 initiative by Cloudflare, CrowdStrike and Ping Identity provided cybersecurity support to critical infrastructure sectors seen as potential targets of Russia-linked attacks Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.
2025 年に Microsoft Exchange Server のサポート終了が予定されています。本記事では、サポート終了によるリスクを明確にし、安全で効率的なメール環境を維持するための具体的な回避策をご紹介いたします。
In this episode of Cloud Do You Do?, Revolgy's Jana and Marie talk about the end of support for Microsoft Exchange Server 2016 and 2019, which is fast approaching on October 14, 2025. If you're still using these versions, it's important to understand the risks and plan for migration before the deadline hits.They go over the two main options Microsoft offers: Exchange Online and Exchange Server Subscription Edition, which is designed for businesses that prefer to keep their email on-premises. But they also explore an alternative: Google Workspace. It's a modern, cloud-native platform that offers more than just email, making it a great solution for companies looking for better collaboration, security, and flexibility.In this episode, Jana and Marie will help you understand the pros and cons of each option, why Google Workspace might be a better fit for some businesses, and how Revolgy can support your migration. They'll also touch on the important task of decommissioning old Exchange 2016 servers, which requires careful planning to avoid any disruptions.Whether you're deciding between Microsoft solutions or considering a move to Google Workspace, we've got you covered.Download our ebook on Google Workspace security, referenced in the episode, here. We are Revolgy - a global cloud partner. Our cloud engineers and architects provide professional and managed services for your projects on GCP and AWS. In a nutshell, we help to make life digital-native companies, SMBs and corporates in the cloud easier. Check our website revolgy.com for more information.Make sure to follow Revolgy on Spotify, Linkedin, and X.Thanks a lot for listening, and see you next time!
The Cyber Safety Review Board's (CSRB) report on the Summer 2023 Microsoft Exchange online intrusion sheds light on how a series of flaws in Microsoft's cloud infrastructure and security processes allowed a hacking group associated with the People's Republic of China (PRC) to strike the “equivalent of gold” in accessing the official email accounts of many of the most senior U.S. government officials managing the U.S. government's relationship with the PRC. Lawfare Senior Editor Stephanie Pell sat down Maia Hamin, Associate Director with the Atlantic Council's Cyber Statecraft Initiative; Trey Herr, Assistant Professor of cybersecurity and policy at American University's School of International Service and Director of the Cyber Statecraft Initiative at the Atlantic Council; and Marc Rogers, Co-Founder and Chief Technology Officer for the AI observability startup nbhd.ai, to discuss their recent Lawfare piece about the CSRB's report and the lagging state of cloud security policy. They talked about ways to improve cloud service provider transparency, other investigative and regulatory tools that could facilitate better cloud security, and their thoughts on Microsoft's response to the CSRB's report. To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
In March, the Cyber Safety Review Board issued a report examining the Summer 2023 Microsoft Exchange Online Intrusion. Stephanie Pell, Senior Editor at Lawfare, sat down with Robert Silvers, Under Secretary for Policy at the Department of Homeland Security and Chair of the Cyber Safety Review Board to discuss the report. They talked about the Board's determination that the intrusion was preventable and should never have occurred, Microsoft's response to the report, and the Board's unique role as a true public-private partnership, giving it a powerful position from which to drive change.To receive ad-free podcasts, become a Lawfare Material Supporter at www.patreon.com/lawfare. You can also support Lawfare by making a one-time donation at https://givebutter.com/c/trumptrials.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
What do you call "Stuxnet on steroids"?? Voyager 1 update Android 15 to quarantine apps Thunderbird & Microsoft Exchange China bans Western encrypted messaging apps Gentoo says "no" to AI Cars collecting diving data Freezing your credit Investopedia Computer Science Abstractions Lazy People vs. Secure Systems Actalis issues free S/MIME certificates PIN Encryption DRAM and GhostRace AT&T Phishing Scam Race Conditions and Multi-core processors An Alternative to the Current Credit System SpinRite Updates Chat (out of) Control Show Notes - https://www.grc.com/sn/SN-971-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: canary.tools/twit - use code: TWIT lookout.com kolide.com/securitynow zscaler.com/zerotrustAI
Today, we're discussing the lawsuits coming out of AT&T's massive data breach affecting 73 million, a critical flaw in the LayerSlider WordPress plugin jeopardizing 1 million sites, and a preventable hack into Microsoft Exchange highlighting cybersecurity's critical stakes. Experts weigh in on the ramifications and preventive strategies, ensuring you stay informed and ahead in the cybersecurity game. Your feedback on these issues is crucial; join the conversation and help shape a more secure digital future. References: For insights on the AT&T lawsuits and data breach impacts: https://www.bleepingcomputer.com/news/security/atandt-faces-lawsuits-over-data-breach-affecting-73-million-customers/ Understanding the critical vulnerability in the LayerSlider WordPress plugin: https://www.bleepingcomputer.com/news/security/critical-flaw-in-layerslider-wordpress-plugin-impacts-1-million-sites/ Analysis of the Microsoft Exchange hack and recommended security reforms: https://www.cybersecuritydive.com/news/microsoft-exchange-hack-china-preventable/712146/ and https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for the Episode: AT&T data breach, cybersecurity, legal actions, LayerSlider WordPress plugin, SQL injection, plugin security, Microsoft Exchange hack, cloud service security, cybersecurity reforms, identity theft, data privacy, security protocols, cyber risk management, plugin vulnerabilities, security best practices, cyber attack prevention, digital security, cybersecurity insights, technology law, security updates Search Phrases: AT&T 73 million data breach details Legal consequences of cybersecurity failures How to secure WordPress sites from SQL injection Impact of LayerSlider plugin vulnerability Preventing Microsoft Exchange cyber attacks Enhancing cloud service cybersecurity Best practices in digital security updates Addressing identity theft and data breaches Cybersecurity insights for tech professionals Cyber risk management strategies Lawsuits following major data breaches Plugin security for WordPress administrators Learning from cybersecurity breaches Updates and security in technology law Prevention strategies for cyber attacks Transcript: Apr 4 Welcome back to the Daily Decrypt. AT&T is grappling with the fallout of a data breach that impacted 73 million customers. As class action lawsuits begin to mount, also, over 1 million WordPress sites are at immediate risk due to a critical vulnerability in the Layerslider plugin, which can expose these sites to SQL injection attacks. How can WordPress admins protect themselves from this vulnerability? And finally, the Cyber Safety Review Board has declared the massive intrusion into Microsoft's Exchange Online entirely preventable. And just a reminder, this mega intrusion led to over 60, 000 U. S. State Department officials emails being compromised. How the heck is Microsoft gonna restore trust and confidence from the consumers in their security protocols? Stick around to find out. So it's been two days since my last episode, in which I highlighted the most recent AT& T breach. Well, it's been a long couple of days, the reason there were no new episodes is because I lost internet, and you might be thinking, Hey, you just finished slandering AT& T on this podcast on Monday, and then your AT& T internet goes out? That's correct. There's really no other explanation other than aT& T is seeking revenge against the Daily Decrypt. But I digress. To recap what has happened, AT& T has admitted to a data breach exposing sensitive information of 73 million customers this breach included usernames, social security numbers, email addresses, and AT& T PINs used to make secure account changes on AT& T customer accounts. The timeline reveals that AT& T's initial denial of the breach, which was first alleged by ShinyHunters in 2021, and their recent admission after a second threat actor leaked the data in 2024, raises questions about the effectiveness of corporate data breach detection and response strategies. The leaked data isn't from the past year or even couple of years. The leaked data is from 2019. And it includes 7. 6 million current customers and 65. 4 million former AT& T account holders, which I guess says a lot about AT& T's churn rate, that they have 65 million former customers and only 7 million current customers. Needless to say, a lot of data was breached. Now, what's fascinating about this is that this was brought to AT& T's attention in early 2021 and they denied it. And then another threat actor group released the same data from 2019 and early 2024 AT& T also denied that. They're just saying that they don't know this data doesn't belong to them. This data wasn't stolen from their systems when clearly it was. So only in the last week did AT& T finally admit that that data from 2019 belongs to them and was breached from their networks. So because of this negligence, multiple class action lawsuits have spun up very recently. Most notably, there's one from Morgan Morgan, which is the same law firm that's been suing Google over the fact that it tracks users data even when they're in incognito mode. And I believe Google paid out a settlement. So this is the same law firm that did that. And they're accusing AT& T of negligence, breach of implied contract, and unjust enrichment. And they're aiming for compensatory damages and improved data security protocols. Their lawsuit criticizes AT& T for not acting on known vulnerabilities and delaying breach acknowledgement, jeopardizing customer data privacy and confidence. I'm really glad to see these lawsuits are being spun up. As you heard in Monday's episode, I was calling for multiple class action lawsuits.. So yeah, I hope you get the crap suit out of you. And yes, I am an AT& T customer.. If you are also an AT& T customer and you're concerned about your data being in one of these breaches or this main breach from 2019, I believe the site haveibeenpwned. com has acquired the data from this breach. And so you can just search your email addresses in that site to see if it was compromised. Listen to the episode released this past Monday for some tips on how to stay safe when attackers have all of this information. All the information needed to open up new credit cards, take out new lines of credit in your name, and do a whole lot of stuff. All right. Well, there's another WordPress vulnerability out there with a CVSS score of 9. 8 out of a 10 max. The name of the plugin? Layerslider. This plugin is used by over 1 million sites. and exposes these sites to SQL injection attacks. This flaw allows attackers to potentially extract sensitive data, including password hashes, leading to site takeovers or data breaches. This vulnerability was discovered on March 25th, and was promptly reported to WordFence, earning the researcher 5, 500 bounty. The vulnerability affects layer slider version 7. 9. 11 through 7. 10, which as mentioned before, allows for SQL code injection. And just to quickly discuss what SQL code injection is, it's when data is queried from a database to be populated on a website. Those databases use a language called SQL or SQL that uses a query language, which is what the QL stands for, to query that data. This vulnerability allows attackers to query that data by injecting malicious commands. using SQL. They can essentially pull anything they want out of the databases. So that includes, yeah, password hashes, names, emails, whatever data is on the website. If that's social security numbers, that's vulnerable too. Despite the severity though, the attack is limited to a time based blind SQL injection, which relies on observing response times to infer data. And this type of SQL injection is hard to detect, but it's also hard for the attacker to get large amounts of data. It's more of an inferred sort of data attack. For more information on this attack, check out the article in the show notes by Bleeping Computer. The good news is that the flaw was quickly addressed by the plugin's developers, Creatura, who released an update to version 7. 10. 1 on March 27th, so within 48 hours of being notified. If you are a layer slider user, please go update immediately to mitigate this risk. WordPress is built on the use of plugins. That's what makes it so marketable. The more plugins you have, the more plugins you use, the higher your risk is. And I personally am a WordPress user. The DailyDecrypt. com is a WordPress site, and I'm having a hard time setting up notifications for outdated plugins. It's not very intuitive. Granted, I don't use any plugins other than the podcast plugins hosts this podcast and I'm constantly on the site making sure everything's updated and posting new podcasts, but a lot of people with WordPress sites will set it and forget it. Like they'll put up their site. It's a shop. They respond to orders they get, but they don't actually go onto the WordPress site too much. And a lot of WordPress users are less tech savvy than me. So they probably don't have alerts set up for outdated plugins. I highly encourage you to just set up a reminder that goes off once a week, once a month, whatever interval you think is appropriate for the risk of your website. and just go check to make sure all the plugins are up to date. It's a really quick check, and if they're not up to date, you just press a little button and update them. You're likely not doing advanced programming on your WordPress site that might break with an update, so just, just press the little button. All right, and our final story comes from the Cyber Safety Review Board, where they have officially declared, which is a pretty bold stance, they've officially declared that the intrusion into Microsoft Exchange Online that exposed about 60, 000 U. S. State Department emails, was entirely preventable. This report criticizes Microsoft's corporate culture for insufficient investment in security and risk management and calls for widespread security reforms within Microsoft and among all cloud service providers to prioritize cybersecurity. The Cyber Safety Review Board, or CSRF, urges Microsoft to publicly outline its security reforms and outlines a series of operational decisions that encourages cloud service providers and government partners to make security focused changes. The report, released by CSRF, details the compromise of key U. S. officials mailboxes by China affiliated actors and criticizes Microsoft for charging extra for essential security features like enhanced logging. Which, in the recent past, has since been reversed. Microsoft no longer charges extra. But still, why did they do that in the first place? Microsoft has responded and announced plans for major security reforms, including better infrastructure and security processes. It's worth noting that Microsoft has been very cooperative throughout the CSRB's investigation, and are definitely willing to listen to the suggestions and make some changes, so That's step one, that's Way better than what AT& T did when confronted. Microsoft is looking into this. They want to maintain consumer confidence as much as anybody. They're at the center of our tech universe and even more so than most consumers might even know. A lot of servers and digital infrastructure is hosted on Windows server and Windows machines. And if you've been listening for a while, you've heard DogeSpan and I discuss another recent breach amongst senior developers and executives at Microsoft without multi factor authentication on their development accounts. Attackers were able to get in. So all of these incidents are starting to pile up and really pointing fingers at Microsoft. We got to get this fixed. They're starting to crack down. We're going to keep an eye on them. We're going to keep reporting what happens at Microsoft. Hopefully nothing else big because they hold a lot of data. in their cloud services, Exchange, Azure. Microsoft is a pretty big powerhouse in the cloud service provider. So yeah, hopefully they're throwing some money at this. They're spinning up some new teams and they're really looking at legacy infrastructure. It's a pretty old product that they're continually building on. So they need to start peeling away these layers of this product and figure out how they can boost up security. They need to be leading. and setting a good example for smaller companies by being so secure. Well, that's the show. That's all we got for you. Again, sorry about the quick hiatus. Internet went out. Hopefully it will stay on for the remainder of the week and maybe I can put an episode out on Saturday, recapping some stuff. But if you like what you hear, please go find us on Instagram or The Daily Decrypt and send us a comment or a DM. We'd love to hear from you. Until then, we'll talk to you some more tomorrow.
PyPI puts a temporary hold on operations. OMB outlines federal AI governance. Germany sounds the alarm on Microsoft Exchange server updates. Cisco patches potential denial of service vulnerabilities. The US puts a big bounty on BlackCat. Darcula and Tycoon are sophisticated phishing as a service platforms. Don't dilly-dally on the latest Chrome update. On our Threat Vector segment, host David Moulton has guest Sam Rubin, VP and Global Head of Operations at Unit 42, to discuss Sam's testimony to the US Congress on the multifaceted landscape of ransomware attacks, AI, and automation, the need for more cybersecurity education. And Data brokers reveal alleged visitors to pedophile island. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Threat Vector segment, host David Moulton has guest Sam Rubin, VP and Global Head of Operations at Unit 42. They discuss Sam's testimony to the US Congress on the multifaceted landscape of ransomware attacks, AI, and automation, the need for more cybersecurity education and more. Listen to the full episode with David and Sam's in-depth discussion. Read Sam Rubin's testimony. Selected Reading PyPi Is Under Attack: Project Creation and User Registration Suspended (Malware News) OMB Issues First Governmentwide AI Risk Mitigation Rules (GovInfo Security) German cyber agency warns 17,000 Microsoft Exchange servers are vulnerable to critical bugs (The Record) Cisco Patches DoS Vulnerabilities in Networking Products (Security Week) US offers a $10 million bounty for information on UnitedHealth hackers (ITPro) IPhone Users Beware! Darcula Phishing Service Attacking Via IMessage (GB Hackers) Tycoon 2FA, the popular phishing kit built to bypass Microsoft and Gmail 2FA security protections, just got a major upgrade — and it's now even harder to detect (ITPro) Update Chrome now! Google patches possible drive-by vulnerability (Malwarebytes) Jeffrey Epstein's Island Visitors Exposed by Data Broker (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2024 N2K Networks, Inc.
This episode features discussion on cyber attacks against OT networks, the discovery of exposed servers with medical images and why outdated Microsoft Exchange servers are still alive
In this week's Source Code podcast we discuss flaws found in Sierra Wireless routers, sanctions announced by the US and UK, and a Microsoft Exchange flaw under attack by the Fancy Bear threat group.
This week, Emily Hart gets the inside story on the #NarcoFiles - a new investigation into The Global Criminal Order, the largest investigative project of its kind to originate in Latin America. She speaks to OCCRP's Latin America Editor Nathan Jaccard, who has led and coordinated this project - right from its earliest seeds in the 2022 hack to the incredible flourishing of reporting we've seen this week, and which continues to emerge. Last year, a group of 'hacktivists' known as Guacamaya infiltrated the Microsoft Exchange server, enabling them to hack the system of the Colombian Attorney General's Office, the entity in charge of investigating and prosecuting crimes in Colombia. Five terabytes in size, the leak contains more than 7 million emails, including exchanges between the Fiscalia and numerous embassies, law enforcement groups, and others. The documents in the leak reveal unique details about the inner workings of international criminal gangs as well as law enforcement efforts to dismantle them. The Organised Crime and Corruption Reporting Project (OCCRP), the Centro Latinoamericano de Investigación Periodística (CLIP), Vorágine, and Cerosetenta gained early access to the data, and then shared the leak with more than 40 other media outlets. Journalists from over 23 countries worked on the investigation. Nathan will be giving us the who, what, and how of this story, as well as his insights into the new world of organised crime and cocaine trafficking revealed by this hack – from the changes in where cocaine is grown and produced to corruption of top officials in Suriname, as well as the narco-nexus between huge banana companies and Colombia's political right wing, Israeli mafia in Colombia, links to the Odebrecht scandal and more – stories involving fruit, shark fins, and DEA Agents. Emily will also be sharing with supporters and subscribers her top picks from the NarcoFiles reporting from a number of outlets, with translated versions - subscribe now to our Patreon to get access!
In recent weeks, back-end infrastructure work and other backend-related issues impacted various online and consumer banking services, including DBS and Citibank in Singapore.Simple front-facing customer experiences that we've become accustomed to today can often mask considerable complexity on the backend. The service delivery chain of technologies powering the front end often comprises a mix of on-premises assets, cloud services, containers, and APIs.A degradation or outage to just one of those components can have massive impact. Depending on the architecture of the app and resilience of the backend, an incident in one part can be routed around in the best case scenario, or take down critical systems for hours in the worst case.Tune in to this episode to learn more about how backend changes led to outages at DBS, Citibank, and a number of Japanese banks—and how other backend issues appeared to contribute to a Google Cloud VMware Engine disruption and potentially also a Microsoft Exchange incident.For more insights, check out these links:- The Internet Report: Pulse Update Blog: https://www.thousandeyes.com/blog/internet-report-pulse-update-dbs-citibank-outages?utm_source=transistor&utm_medium=referral&utm_campaign=na_fy24q1_internetreportpulse22_podcast- Explore the Equinix issues that impacted DBS and Citibank: https://ajhrlohbopohbnmekzbcvrbeslqaijfr.share.thousandeyes.com/- Interested in more outage analysis? Check out our Internet Outages Timeline, which covers several notable Internet outages and application issues from the past year, along with the lessons they leave: https://www.thousandeyes.com/resources/internet-outages-timeline?utm_source=transistor&utm_medium=referral&utm_campaign=na_fy24q1_internetreportpulse22_podcast———CHAPTERS00:00 Intro00:47 The Download04:10 By the Numbers06:40 Equinix Chiller Upgrade Leads to DBS, Citibank Outages in Singapore23:19 Get in Touch———Want to get in touch?If you have questions, feedback, or guests you would like to see featured on the show, send us a note at InternetReport@thousandeyes.com. Or follow us on X: @thousandeyes
Internet-wide zero-day bug fuels largest-ever DDoS attack 23andMe resets user passwords after genetic data posted online Microsoft Exchange gets ‘better' patch to mitigate critical bug Thanks to today's episode sponsor, Hyperproof We get it. You're a risk manager or compliance professional, and you're overworked. You're trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io. For the stories behind the headlines, visit CISOseries.com.
In this episode of Storm Watch, the hosts discuss various topics related to cybersecurity and the internet. They begin by comparing the unpredictability of weather patterns to the challenges of predicting internet activity and cyber threats. The hosts suggest that perhaps they should consider using a "cone of uncertainty" model, similar to hurricane forecasting, to help visualize potential internet threats. The conversation then shifts to the recent North Korean cyberattacks targeting security researchers. The hosts express disappointment at not being targeted themselves and discuss the importance of being aware of potential threats and evaluating one's own risk factors. They also mention Google's efforts to raise awareness about the issue and encourage those affected to reach out for assistance. Next, the hosts discuss the recent Apple zero-day vulnerabilities and emphasize the importance of patching devices. They also touch on the broader topic of whether security checkboxes and best practices are still effective in today's rapidly evolving threat landscape. Finally, the episode covers the Microsoft Exchange Server vulnerabilities and the company's response to the issue. The hosts express disappointment in Microsoft's handling of the situation, noting that there seems to be a lack of transparency and detail in their communications. They also discuss the potential consequences of not implementing proper key rotation and the importance of learning from these incidents to improve security practices moving forward.
An African power generator has been targeted by ransomware. The APT31 group is believed to be responsible for attacks on industrial systems in Eastern Europe. There have been arrests related to the takedown of LolekHosted. Ukraine's SBU has alleged that Russia's GRU is using specialized malware to attack Starlink. Microsoft has decided not to extend licenses for its products in Russia. Rick Howard opens his toolbox on DDOS. In our Solution Spotlight: Simone Petrella and Camille Stewart Gloster discuss the White House release of its cybersecurity workforce and education strategy. And the Cyber Safety Review Board will be investigating cases of cyberespionage against Exchange. Watch the full video of Simone and Camille here: Solution Spotlight: Simone Petrella and Camille Stewart Gloster For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/154 Selected reading. DroxiDat-Cobalt Strike Duo Targets Power Generator Network (Infosecurity Magazine) New SystemBC Malware Variant Targets Southern African Power Company (The Hacker News) Power Generator in South Africa hit with DroxiDat and Cobalt Strike (Security Affairs) Southern African power generator targeted with DroxiDat malware (Record) Common TTPs of attacks against industrial organizations. Implants for uploading data (Kaspersky ICS CERT) APT31 Linked to Recent Industrial Attacks in Eastern Europe (Infosecurity Magazine) Researchers Shed Light on APT31's Advanced Backdoors and Data Exfiltration Tactics (The Hacker News) LOLEKHosted admin arrested for aiding Netwalker ransomware gang (BleepingComputer) Russian spy agencies targeting Starlink with custom malware, Ukraine warns (The Telegraph) Russia Bans iPhones And iPads For Official Use: Report (BW Businessworld) Microsoft Suspends Extending Licenses For Companies in Russia (RadioFreeEurope/RadioLiberty) Department of Homeland Security's Cyber Safety Review Board to Conduct Review on Cloud Security (US Department of Homeland Security) Microsoft Exchange hack is focus of cyber board's next review (Record) Microsoft is under scrutiny after a recent attack by suspected Chinese hackers (Windows Central) The DHS's CSRB to review cloud security practices following the hack of Microsoft Exchange govt email accounts (Security Affairs) Microsoft's role in data breach by Chinese hackers to be part of US cyber inquiry (Firstpost)
In this episode of the PowerShell Podcast, we welcome special guest Jim Truher, one of the founding fathers of PowerShell. We discuss his fascinating journey from being a professional musician to transitioning into a career in technology, the origins of PowerShell, and how he became involved in its creation. Jim shares insights into the new PowerShell Crescendo module, its benefits for developers and IT professionals, as well as the early challenges faced in bringing PowerShell to market, overcoming skepticism, and promoting its user base. We also explore the unique relationship between PowerShell and Microsoft Exchange and discuss Jim's most significant successes while working on PowerShell. Throughout the conversation, we learn more about the ongoing evolution of PowerShell and its potential future direction. Don't miss this insightful and engaging episode as we dive deep into the melodious journey of Jim Truher and the world of PowerShell. Bio and Links: Jim Truher is a seasoned software engineer and a key contributor to the development of PowerShell at Microsoft. With a diverse background that includes a career as a professional musician, Jim transitioned into the tech industry, bringing his passion and creativity into the world of software development. As one of the founding fathers of PowerShell, he has played a crucial role in shaping this versatile scripting and automation tool, impacting the lives of countless IT professionals and developers worldwide. With expertise in scripting languages and a keen understanding of end-user needs, Jim continues to drive innovation and contribute to the evolution of PowerShell. Watch The PowerShell Podcast on YouTube: https://www.youtube.com/watch?v=2QFUlhnzE0I https://github.com/JamesWTruher https://www.youtube.com/watch?v=fwt3XXA_pf0 https://www.youtube.com/watch?v=rzBAnbF1R8Y https://soundcloud.com/james-truher-20552461/project0004_mx2 https://www.powershellgallery.com/packages/FormatTools/0.6.0 https://powershellyoungteam.github.io/2023/05/08/PowerShell-Profiles-KeePass-and-PowerShellAI.html
Is your Exchange server one of the vulnerable ones? Richard talks to Gareth Gudger about the ongoing security concerns around on-premises Exchange servers. The conversation addresses a blog post by the Exchange server team about restricting access of potentially vulnerable Exchange servers to Exchange Online. But, as Gareth explains, this has to do with hybrid Exchange, where your on-premises server can access Exchange Online in a privileged state. What is the right thing to do to limit exploits in Exchange? Keeping up with the latest versions, patching, and ultimately maintaining your entire infrastructure, especially Active Directory - all play a role in securing on-premises infrastructure. Stay vigilant!Links:Blocking Email from Vulnerable Exchange ServersTony Redmond's Comment on the Blog PostDeprecation of Remote PowerShellRe-enabling or Extending RPSExchange Online PowerShell v3Exchange Server 2013 End of SupportTurning off your Last Exchange ServerOffice 365 for IT ProsRecorded April 4, 2023
This episode reports on 1 million patients victimized in GoAnywhere MFT hack, phony packages found in PyPI and NPM registries, WordPress website compromises and more
DragonSpark conducts "opportunistic" cyberattacks in East Asia. ProxyNotShell and OWASSRF exploit chains target Microsoft Exchange servers. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. CISA adds an entry to its Known Exploited Vulnerabilities Catalog. A Cisco study finds organizations see positive returns from investment in privacy. What's the hacktivist's postwar future? Joe Carrigan tracks a romance scam targeting seniors. Our guest is Pete Lund of OPSWAT to discuss the security of removable media devices. And a retired G-Man is indicted on multiple charges. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/15 Selected reading. DragonSpark | Attacks Evade Detection with SparkRAT and Golang Source Code Interpretation (SentinelOne) Technical Advisory: Proxy*Hell Exploit Chains in the Wild (Bitdefender) Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (Unit 42) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) 2023 Data Privacy Benchmark Study (Cicso) Hacktivism Is a Risky Career Path (WIRED) Retired FBI Executive Charged With Concealing $225,000 In Cash Received From An Outside Source (Department of Justice, U.S. Attorney's Office, District of Columbia) Former Special Agent In Charge Of The New York FBI Counterintelligence Division Charged With Violating U.S. Sanctions On Russia (Department of Justice, U.S. Attorney's Office, Southern District of New York) Former Senior F.B.I. Official in New York Charged With Aiding Oligarch (New York Times)
As Vice President of Threat Research & Intelligence at BlackBerry, Ismael Valenzuela leads threat research, intelligence, and defensive innovation. Ismael has participated as a security professional in numerous projects around the world for over the past two decades. In this episode, Ismael discusses his journey to become a top cybersecurity expert. We also explore the cybersecurity trends he and his team are seeing, and how cyber attackers are gaining a foothold and maintaining persistence. Segment Resources: https://www.blackberry.com/us/en/company/research-and-intelligence https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat This week in the Security News: The secrets of Schneider Electric's UMAS protocol, Pixel 6 bootloader: Emulation, Securing Developer Tools: A New Supply Chain Attack on PHP, Microsoft Exchange double zero-day – “like ProxyShell, only different”, Tech Journalists Offered Bribes to Write Articles for Major Outlets, & Detecting Deepfake Audio! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/psw759
After making it through the hurricane last week, the Technado team got back to business. They covered Microsoft adding a VPN in their browser, the EU officially mandating USB-C, a couple of Microsoft Exchange 0-days, a slidable screen from Intel and Samsung, and hackers releasing data from LA schools. Finally, they talked about an Australian hacker that got roasted after backtracking on his demands.
After making it through the hurricane last week, the Technado team got back to business. They covered Microsoft adding a VPN in their browser, the EU officially mandating USB-C, a couple of Microsoft Exchange 0-days, a slidable screen from Intel and Samsung, and hackers releasing data from LA schools. Finally, they talked about an Australian hacker that got roasted after backtracking on his demands.
On this week’s Cyber Security Brief podcast, Brigid O Gorman and Dick O’Brien discuss a recent blog we published on the Witchetty (aka LookingFrog) espionage group, which has been progressively updating its toolset, using new malware in attacks on targets in the Middle East and Africa, including a new tool that employs steganography. We also discuss the recently discovered Microsoft Exchange Server zero days, the U.S. defense sector being targeted by multiple APT groups, and a newly discovered espionage actor called Metador, which was spotted operating in recent weeks. We also discuss the breach of Australian telecoms giant Optus, and some new information that has emerged about the takedown of the REvil/Sodinokibi ransomware gang.
Two Microsoft Exchange zero-days exploited in the wild. A supply chain attack, possibly from Chinese intelligence services. There's new Lazarus activity: bring-your-own-vulnerable-driver. The Mexican government falls victim to apparent hacktivism. Flying under partial mobilization's radar. Betsy Carmelite from Booz Allen Hamilton talks about addressing the cyber workforce skills gap. Our guest Rachel Tobac from SocialProof Security brings a musical approach to security awareness training. How's your off-boarding program working out? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/190 Selected reading. Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server (CISA) Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center) Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server (GTSC) URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different” (Naked Security) Microsoft confirms two Exchange Server zero days are being used in cyberattacks (The Record by Recorded Future)Microsoft confirms new Exchange zero-days are used in attacks (BleepingComputer) Two Microsoft Exchange zero-days exploited in the wild. (CyberWre) CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) Suspected Chinese hackers tampered with widely used customer chat program, researchers say (Reuters) Report: Commercial chat provider hijacked to spread malware in supply chain attack (The Record by Recorded Future) CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer (crowdstrike.com) Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium (WeLiveSecurity) Lazarus & BYOVD: evil to the Windows core (Virus Bulletin) Lazarus hackers abuse Dell driver bug using new FudModule rootkit (BleepingComputer) Mexican government suffers major data hack, president's health issues revealed (Reuters) Mexican president confirms ‘Guacamaya' hack targeting regional militaries (The Record by Recorded Future) Analysis: Mexico data hack exposes government cybersecurity vulnerability (Reuters) Russians dodging mobilization behind flourishing scam market (BleepingComputer) Honolulu Man Pleads Guilty to Sabotaging Former Employer's Computer Network (US Department of Justice)
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Microsoft Exchange 0-Day Update https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/ CISA Adds Atlasian Bitbucket Vulnerability to Exploited List https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog Every unsandboxed app has Full Disk Access if Terminal Does https://lapcatsoftware.com/articles/FullDiskAccess.html
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Microsoft Exchange 0-Day Update https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/ CISA Adds Atlasian Bitbucket Vulnerability to Exploited List https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog Every unsandboxed app has Full Disk Access if Terminal Does https://lapcatsoftware.com/articles/FullDiskAccess.html
Five Minute Forecast for the week of September 26th. All the cyber security news you need to stay ahead, from Proofpoint's Protecting People podcast. London police arrest teen who may be connected to Uber, Rockstar attacks A highly advanced cyber-spying group found in telecom and university systems And malicious OAuth cloud apps turn Microsoft Exchange servers into spam networks We're joined by former Gartner analyst Jonathan Care, who explains how to identify and protect against insider and external threats.
Google G-Suite to Microsoft Exchange lessons, Learning PowerShell