POPULARITY
Sponsor by SEC Playground
* Cybersecurity in 2024: Top Stories that Rocked the Digital World* Over 4,000 Compromised Systems Exposed Through Hijacked Web Backdoors* Desperate Job Seekers Targeted by WhatsApp Employment Scams* Voice Phishing Rings Target Crypto Investors Using Apple Support Line* Neglected Domains Fuel Rise in Malicious Email CampaignsCybersecurity in 2024: Top Stories that Rocked the Digital Worldhttps://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2024/The year 2024 was marked by an unprecedented wave of cybersecurity incidents, from devastating data breaches to crippling ransomware attacks. As new threat actors emerged and vulnerabilities were exploited, both private and public organizations struggled to keep pace. BleepingComputer highlighted the most impactful stories, and here's a summary of some of the year's most critical incidents:Major Cyberattacks and Data Breaches* Internet Archive Breach – In October, a dual attack hit the Internet Archive, exposing the data of 33 million users and forcing service disruptions. Threat actors exploited an exposed GitLab configuration file to gain access.* National Public Data Leak – A staggering 2.7 billion personal records, including Social Security numbers, were leaked in August. The breach impacted millions, with hackers later leaking the data for free on a hacking forum.* Microsoft Email Breach by Russian Hackers – Russian-backed group Midnight Blizzard infiltrated Microsoft's corporate email, stealing sensitive communications and source code. The breach extended to U.S. federal agencies, raising national security concerns.Industry-Wide Disruptions* Faulty CrowdStrike Update Crashes Millions of Devices – A botched update from cybersecurity giant CrowdStrike in July led to 8.5 million Windows devices crashing worldwide. Cybercriminals capitalized on the chaos by distributing malware through fake repair tools.* CDK Global Ransomware Attack – A Black Suit ransomware attack on auto-industry SaaS provider CDK Global disrupted operations for car dealerships across the U.S., halting sales, financing, and service.* UnitedHealth Ransomware Incident – A February ransomware attack on Change Healthcare, a UnitedHealth subsidiary, affected the healthcare sector nationwide. The company paid a $20 million ransom to restore operations, but extortion attempts continued.Government Actions and Security Reforms* Kaspersky Banned in the U.S. – The Biden administration banned Kaspersky antivirus in June, citing national security concerns. A forced migration to UltraAV left users outraged.* Telecom Hacks by Chinese Group Salt Typhoon – Chinese state-sponsored hackers breached major U.S. telecom providers, stealing call data and infiltrating surveillance platforms. The attacks prompted legislative action to improve telecom cybersecurity standards.* LockBit Ransomware Disrupted – In February, international law enforcement seized LockBit's infrastructure, but the ransomware group re-emerged days later with renewed threats. Despite efforts to return to prominence, LockBit struggled under continued pressure from global authorities.Emerging Threats* Rise of Infostealers – Information-stealing malware campaigns surged, targeting everything from browser data to cryptocurrency wallets. Cybercriminals used infostealers to breach corporate networks and financial accounts, prompting renewed calls for two-factor authentication.* North Korean IT Worker Scheme – North Korean operatives posed as remote IT workers to infiltrate U.S. companies and fund their nation's operations. A high-profile arrest in August highlighted the growing threat, with several companies unknowingly hiring such agents.Looking AheadAs cyber threats grow more sophisticated, 2024 underscores the critical need for robust cybersecurity measures. Organizations must strengthen defenses, governments must implement stricter regulations, and individuals must adopt best practices like multi-factor authentication to mitigate risks in an increasingly digital world.Over 4,000 Compromised Systems Exposed Through Hijacked Web Backdoorshttps://www.bleepingcomputer.com/news/security/over-4-000-backdoors-hijacked-by-registering-expired-domains/Security researchers at WatchTowr Labs have discovered thousands of active web backdoors hijacked by registering expired domains used to control them. These backdoors, found on systems belonging to governments, universities, and other organizations, provide persistent access for malicious actors.By registering expired domains associated with these backdoors, researchers gained control and observed communication from over 4,000 compromised systems. This included systems within government networks in China, Nigeria, and Bangladesh, as well as educational institutions in Thailand, China, and South Korea.The research highlights the ongoing threat posed by abandoned infrastructure. Even after initial attacks, expired domains associated with backdoors can still be exploited by other cybercriminals. This underscores the importance of proper security measures and the need for organizations to regularly review and update their security posture.WatchTowr Labs, in collaboration with The Shadowserver Foundation, is now monitoring these hijacked domains to prevent their re-use by malicious actors.Desperate Job Seekers Targeted by WhatsApp Employment Scamshttps://www.theage.com.au/national/broke-desperate-jobseekers-are-falling-for-gold-mine-employment-scams-in-droves-20250105-p5l26q.htmlAustralians struggling to find work are falling victim to sophisticated employment scams operating on platforms like WhatsApp, costing individuals and businesses thousands of dollars.These scams often involve impersonating legitimate businesses and offering enticing work-from-home opportunities. Victims are then lured into making upfront payments under false pretenses, with the promise of high returns that never materialize.One such scam targeted the business of Gareth, a marketing agency owner, who received numerous messages from individuals who had been defrauded by scammers impersonating his company. Victims reported losing significant sums of money, with some even facing financial ruin.The scams often involve complex schemes, with victims required to make multiple payments to "unlock" higher earning potential. These schemes prey on the desperation of job seekers, particularly those facing financial hardship.While platforms like WhatsApp offer encryption, they have been criticized for their limited efforts to combat these scams. Experts argue that these platforms have a responsibility to detect and prevent fraudulent activity, such as blocking accounts involved in scams and removing misleading advertisements.The Australian government is taking steps to address the issue, including proposing new legislation to hold social media companies accountable for scams facilitated on their platforms. However, the fight against these sophisticated scams continues.This article highlights the urgent need for increased vigilance and stronger measures to protect individuals from falling victim to online employment scams.Voice Phishing Rings Target Crypto Investors Using Apple Support Linehttps://krebsonsecurity.com/2025/01/a-day-in-the-life-of-a-prolific-voice-phishing-crew/A new report reveals how sophisticated voice phishing gangs are exploiting legitimate services from Apple and Google to steal millions from cryptocurrency investors. These groups, operating within secretive online communities, utilise advanced social engineering techniques and exploit vulnerabilities in security measures.One key tactic involves abusing Apple's support line. By spoofing the victim's phone number, attackers can initiate a call to Apple support and request a notification to be sent to all the victim's Apple devices. This seemingly legitimate notification, which appears to originate from Apple, builds trust and allows the attackers to guide the victim through a series of steps, ultimately leading them to a fraudulent website where they enter their login credentials.These groups meticulously research their targets, leveraging data brokers to gather personal information and identify high-value individuals. They employ sophisticated tools and techniques, including "autodoxers" that automate data collection and verification, to refine their target lists and increase their chances of success.The internal dynamics of these groups are characterised by a precarious balance of collaboration and betrayal. Members often compete for rewards, leading to internal conflicts and the rapid dissolution of groups. This volatile environment creates a constant churn, with new groups forming and disbanding frequently.While companies like Apple are taking steps to enhance security measures, the sophistication of these attacks continues to evolve. This highlights the urgent need for increased vigilance and a multifaceted approach to combatting these sophisticated cyber threats.Neglected Domains Fuel Rise in Malicious Email Campaignshttps://thehackernews.com/2025/01/neglected-domains-used-in-malspam-to.htmlCybersecurity researchers have uncovered a concerning trend where cybercriminals are increasingly exploiting neglected domains to evade email security measures and deliver malicious payloads.By spoofing sender addresses with domains that lack active DNS records, attackers can bypass security checks like SPF and DMARC, which rely on domain authentication mechanisms. This allows them to deliver malicious emails containing phishing links, malware attachments, and extortion threats with greater success.One such observed campaign leverages old, disused domains to deliver emails with QR codes that, when scanned, redirect victims to phishing sites. Other campaigns impersonate legitimate brands like Amazon and Mastercard to steal login credentials.Furthermore, the rise of generic top-level domains (gTLDs) like .top, .xyz, and .shop has provided cybercriminals with readily available and inexpensive options for establishing malicious infrastructure. These domains, often lacking robust registration requirements, are increasingly used for hosting phishing sites and distributing malware.Beyond email-based attacks, the threat landscape is evolving with the emergence of new tactics. These include the use of trusted platforms like Canva and Dropbox to redirect users to malicious sites, and the development of malicious WordPress plugins designed to steal payment information.These findings underscore the need for continuous vigilance and robust security measures to combat the ever-evolving tactics of cybercriminals. This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit edwinkwan.substack.com
00:00:00 - PreShow Banter™ — The Grey Times00:04:33 - BHIS - Talkin' Bout [infosec] News 2024-11-0400:05:54 - Story # 1: Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files00:16:45 - Story # 2: Follow Up - 5 Things To Know On Delta's Lawsuit Against CrowdStrike00:17:43 - Story # 2b: CrowdStrike Sues Delta: 5 Key Takeaways00:22:04 - Story # 3: Russian charged by U.S. for creating RedLine infostealer malware00:22:59 - Story # 3b: How a series of opsec failures led US authorities to the alleged developer of the Redline password-stealing malware00:28:09 - Story # 4: Fired Disney staffer accused of hacking menu to add profanity, wingdings, removes allergen info00:30:02 - Story # 4b: ‘We strive to put humanity above all': Disney drops arbitration demand over wrongful death lawsuit after woman died from fatal food allergy00:37:10 - Story # 5: OCR Announces First Financial Penalty Under HIPAA Risk Analysis Enforcement Initiative00:44:54 - Story # 6: Security researchers found a serious zero-click bug in Synology's Photos app00:50:10 - Story # 7: Inside a Firewall Vendor's 5-Year War With the Chinese Hackers Hijacking Its Devices00:52:21 - Story # 8: Microsoft wants $30 if you want to delay Windows 11 switch01:00:03 - Story # 9: Colorado Secretary of State posted spreadsheet with voting system passwords
In this episode, we're talking about a significant development in the cyber threat landscape. There has been a surge in activity from a group known as Midnight Blizzard, also known as APT29. They're a sophisticated Russian state-sponsored group, and their primary targets are governments, diplomats, NGOs, and IT service providers, mainly in the US and Europe. What's really alarming is their recent shift in tactics. They're now using malicious RDP files in their spear-phishing campaigns, which is a new approach for them. This indicates they are evolving their methods, becoming even more dangerous. RDP is commonly used in corporate environments for remote access to resources, so many organizations have it enabled and may not be blocking RDP files, making them an ideal attack vector.Amazon identified internet domains abused by APT29 | AWS Security Blog: https://aws.amazon.com/blogs/security/amazon-identified-internet-domains-abused-by-apt29/Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments | CISA: https://www.cisa.gov/news-events/cybersecurity-alerts-advisories/aa24-329aMidnight Blizzard conducts large-scale spear-phishing campaign using RDP files _ Microsoft Security Blog.pdf: The URL for this source was not provided.Rogue RDP – Revisiting Initial Access Methods - Black Hills Information Security: https://www.blackhillsinfosec.com/rogue-rdp-revisiting-initial-access-methods/Rogue RDP: Bring Your Own Server | Mike Felch | 1-Hour: https://www.youtube.com/watch?v=y1Y-t7fDwXUWarning: Government-themed Phishing with RDP Attachments | CCB Safeonweb: https://www.safeonweb.be/en/news/warning-government-themed-phishing-rdp-attachmentsRogue RDP Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian Public Sector Computers - SOC Prime: https://socprime.com/blog/rogue-rdp-attack-detection-uac-0215-leverages-rdp-configuration-files-to-gain-remote-access-to-ukrainian-public-sector-computers/Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://twitter.com/cyberthreatpovWork with Us: https://securit360.com
In the latest Security Sprint, Dave and Andy covered the following topics. Warm Start. • CISA: Critical Infrastructure Security and Resilience Month 2024. “Resilience means doing the work up front to prepare for a disruption, anticipating that it will in fact happen, and exercising not just for response but with a deliberate focus on continuity and recovery, improving the ability to operate in a degraded state, and significantly reducing downtime when an incident occurs.” o A Proclamation on Critical Infrastructure Security and Resilience Month, 2024 o Biden declares November as critical infrastructure security and resilience month, calls safeguarding these systems • FS-ISAC: Ransomware Essentials. A Guide for Financial Services Firm Defense (PDF) Main Topics: Election Week! • Joint ODNI, FBI, and CISA Statement. • US cybersecurity chief says disinformation surge hasn't impacted election • CISA: Election Security Rumor vs. Reality • Georgia Poll Worker Arrested for Making Bomb Threat to Election Workers • FBI PSA: Scammers Exploit 2024 US General Election to Perpetrate Multiple Fraud Schemes • Colorado accidentally put voting system passwords online, but officials say election is secure • Joint ODNI, FBI, and CISA Statement on Russian Election Influence Efforts (01 Nov). Liability: • Attorney General James Secures $2.25 Million from Capital Region Health Care Provider to Protect Patient Data • HHS Office for Civil Rights Settles Ransomware Cybersecurity Investigation for $500,000 • HHS Office for Civil Rights Settles HIPAA Ransomware Cybersecurity Investigation for $90,000 Insider Threats! Fired Employee Allegedly Hacked Disney World's Menu System to Alter Peanut Allergy Information Quick Hits: • Wiz CEO says company was targeted with deepfake attack that used his voice • Ripple effect: the devastating impact of data breaches • Canadian Centre for Cyber Security - Cyber Security Readiness • Defendants with Ties to White Supremacy Sentenced in Connection with Plot to Destroy Energy Facilities • United States Welcomes the United Kingdom's Actions Against Known Purveyors of Kremlin Disinformation • Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives • Army of bots promotes petrostate hosting global climate talks • Reset Tech Investigation - Clickbait Cures: How Meta and Google Tolerate a Dubious Meds Market in the EU • Fitness app Strava gives away location of Biden, Trump and other leaders, French newspaper says • Meet Interlock — The new ransomware targeting FreeBSD servers • Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network • Spain floods disaster: death toll rises to 205 as extra troops mobilised • Biden Administration Announces Additional Security Assistance for Ukraine • Iran Tells Region ‘Strong and Complex' Attack Coming on Israel • Cybersecurity Advisory – Threats Posed by Remote Technology Workers with Ties to Democratic People's Republic of Korea • Foreign Threat Actor Conducting Large-Scale Spear-Phishing Campaign with RDP Attachments • New Tradecraft of Iranian Cyber Group Aria Sepehr Ayandehsazan aka Emennet Pasargad • Cybercriminals Are Stealing Cookies to Bypass Multifactor Authentication • Canadian Centre for Cyber Security - National Cyber Threat Assessment 2025-2026 • Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats • Massive PSAUX ransomware attack targets 22,000 CyberPanel instances • Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files
Recall III: the Re-Re-Recalling, Russia, Win 10, Phish n Ships, Midnight Blizzard, Emerald Whale, Rob Allen, and More, on this edition of the Security Weekly News. Segment Resources: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/ This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-427
Recall III: the Re-Re-Recalling, Russia, Win 10, Phish n Ships, Midnight Blizzard, Emerald Whale, Rob Allen, and More, on this edition of the Security Weekly News. Segment Resources: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/ This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/swn-427
Recall III: the Re-Re-Recalling, Russia, Win 10, Phish n Ships, Midnight Blizzard, Emerald Whale, Rob Allen, and More, on this edition of the Security Weekly News. Segment Resources: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/ This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-427
Recall III: the Re-Re-Recalling, Russia, Win 10, Phish n Ships, Midnight Blizzard, Emerald Whale, Rob Allen, and More, on this edition of the Security Weekly News. Segment Resources: https://www.bleepingcomputer.com/news/security/unitedhealth-says-data-of-100-million-stolen-in-change-healthcare-breach/ This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them! Show Notes: https://securityweekly.com/swn-427
[Referências do Episódio] Tweet da LottieFiles sobre o comprometimento do Lottie-Player - https://x.com/LottieFiles/status/1851848602093777273 Hackers target critical zero-day vulnerability in PTZ cameras - https://www.bleepingcomputer.com/news/security/hackers-target-critical-zero-day-vulnerability-in-ptz-cameras/ Midnight Blizzard conducts large-scale spear-phishing campaign using RDP files - https://www.microsoft.com/en-us/security/blog/2024/10/29/midnight-blizzard-conducts-large-scale-spear-phishing-campaign-using-rdp-files/ Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia
In today's podcast we cover four crucial cyber and technology topics, including: 1. Chase takes legal action against Fraudsters 2. Russian group expands cyber targeting in latest campaign 3. China-linked malware found targeting Taiwan 4. New job scam tricks users of social media platforms I'd love feedback, feel free to send your comments and feedback to | cyberandtechwithmike@gmail.com
00:00 - PreShow Banter™ — A Bunch of Lunatics05:09 - BHIS - Talkin' Bout [infosec] News 2024-07-0808:41 - Story # 1: Europol takes down 593 Cobalt Strike servers used by cybercriminals09:54 - Story # 1b: National Crime Agency leads international operation to degrade illegal versions of Cobalt Strike15:17 - Story # 2: ‘RockYou2024': Nearly 10 billion passwords leaked online22:12 - Story # 3: Ticketmaster Breach: ShinyHunters Leak 440K Taylor Swift Eras Tour Ticket Data24:20 - Story # 3b: Hackers reverse-engineer Ticketmaster's barcode system to unlock resales on other platforms27:41 - Story # 4: US Supreme Court ruling will likely cause cyber regulation chaos39:39 - Story # 5: California Advances Unique Safety Regulations for AI Companies Despite Tech Firm opposition41:13 - Story # 5b: Senator Scott Wiener43:45 - Story # 6: OpenAI Did Not Disclose 2023 Breach to Feds, Public: Report53:10 - Story # 7: Microsoft's Midnight Blizzard source code breach also impacted federal agencies55:27 - Story # 8: Japan's Government Finally Stops Using Floppy Disks57:48 - Story # 9: This smart toilet paper monitor tells you when you need a new roll58:50 - Story # 10: Twilio says hackers identified cell phone numbers of two-factor app Authy users
Available On: • Listen on Apple Podcasts | Listen on Spotify | Listen on Youtube | All Major Platforms In This Episode: News Cloudflare debuts one-click nuke of web-scraping AI Tap-to-pay could get more capable and more complicated Authy hack exposes phone numbers of 33M users; Twilio confirms Microsoft's Midnight Blizzard source code breach also impacted federal agencies Here comes a Meta Ray-Bans challenger with ChatGPT-4o and a camera Rumours Kuo: Apple to begin mass production of AirPods with cameras by 2026 HomePod with display corroborated by references to a new Apple ‘HomeAccessory' We love hearing from you! Drop us a line in the comments or tweet us at @WeeklyTechRant. For more episodes and tech insights, visit our website: Weekly Tech Rant
i'm wall-e, welcoming you to today's tech briefing for friday, july 5th. here are today's top stories: bitcoin under pressure: bitcoin slides to a two-month low, affected by the federal reserve's stance on interest rates. price dropped to around $56,837 before a slight recovery to $57,932.57. cybersecurity breach: russian hacking group midnight blizzard extends breach to several u.s. federal agencies including the department of veterans affairs and the u.s. agency for global media. microsoft is reaching out to impacted customers. tesla short sellers suffer: tesla's q2 delivery report leads to a $3.5 billion loss for short sellers within two days, as shares rally 17%. china's lead in generative ai: china outpaces the u.s. in generative ai patents with over 38,000 filed from 2014 to 2023, showcasing rapid technological advancement. europe's new vc fund: geneva-based forestay closes its second growth-stage vc fund, raising $220 million. the fund will focus on enterprise ai and saas, primarily targeting series b rounds in europe and israel. that's all for today. we'll see you back here tomorrow!
This Week's Topics: Kioxia announces 2Tb NAND chip Sony reduces optical disk manufacturing Microsoft's Midnight Blizzard breach impacted federal agencies Guests: Patrice Brend'amour, David Ginsburg, Tom Ferry
This Week's Topics: Kioxia announces 2Tb NAND chip Sony reduces optical disk manufacturing Microsoft's Midnight Blizzard breach impacted federal agencies Guests: Patrice Brend'amour, David Ginsburg, Tom Ferry
In today's episode, we discuss TeamViewer's security breach by Midnight Blizzard, who extracted encrypted employee credentials but left customer data untouched (https://www.cybersecuritydive.com/news/teamviewers-breached-employee-credentials/720306/). We also cover Cisco's response to a zero-day flaw in NX-OS exploited by the Velvet Ant cyberespionage group to install custom malware (https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cmd-injection-xD9OhyOP). Additionally, we explore the critical OpenSSH vulnerability, "regreSSHion," putting 700,000 servers at risk of remote code execution attacks (https://www.cybersecuritydive.com/news/openssh-remote-code-cve/720315/). Video Episode: https://youtu.be/sX082aW6clg Sign up for digestible cyber news delivered to your inbox: news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags TeamViewer, Midnight Blizzard, breach, cyber threats, cybersecurity, employee data, network security, Velvet Ant, Cisco, NX-OS, CVE-2024-20399, vulnerability, OpenSSH servers, remote code execution, Qualys Search Phrases TeamViewer breach by Midnight Blizzard Midnight Blizzard cyber attack TeamViewer data security incident Velvet Ant Cisco NX-OS vulnerability Cisco NX-OS zero-day exploit CVE-2024-20399 patch details Critical OpenSSH server vulnerability Qualys remote code execution vulnerability Securing OpenSSH servers against regreSSHion Modern cybersecurity threats 2024
In today's episode, we discuss hackers exploiting a critical vulnerability in D-Link DIR-859 routers (CVE-2024-0769), compromising user credentials (source: https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-d-link-dir-859-router-flaw-to-steal-passwords/). We also cover Microsoft's recent notification about the widespread impact of Midnight Blizzard's password-spray attacks on enterprise emails (source: https://www.cybersecuritydive.com/news/microsoft-customers-compromised-threat-group/720173/). Lastly, we highlight a data breach at Geisinger, affecting over 1 million patients due to unauthorized access by a former Nuance employee (source: https://www.geisinger.org/about-geisinger/news-and-media/news-releases/2024/06/24/18/17/geisinger-provides-notice-of-nuances-data-security-incident). Video Episode: https://youtu.be/17B6IbSaarg Sign up for digestible cyber news delivered to your inbox: news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Hackers, D-Link DIR-859, flaw, passwords, routers, network security, Microsoft, Midnight Blizzard, Sunburst attacks, enterprise email, cyber threats, Geisinger, data breach, sensitive data, IT security Search Phrases: How to secure D-Link DIR-859 router Hackers exploiting D-Link router flaws Midnight Blizzard Microsoft email breach Sunburst attacks enterprise impact Geisinger data breach patient safety Identifying misuse after a data breach Microsoft enterprise email vulnerability Protecting sensitive data from hackers Steps to secure outdated routers Recognizing red flags in data records
La empresa de herramientas de acceso remoto, TeamViewer, confirmó en un comunicado que padeció un ataque continuo en su red corporativa. La empresa atribuyó dicho evento a un grupo de piratas informáticos respaldados por la inteligencia rusa, conocidos como APT29 (o Midnight Blizzard). La investigación hecha por TeamViewer dice que esta intrusión ocurrida el 26 de junio fue “vinculada a las credenciales de una cuenta de empleado estándar dentro del entorno de TI corporativo”. En su declaración, TeamViewer dice que dicho ataque fue contenido en esta red y que no hay evidencia de que el actor malicioso haya obtenido acceso al entorno de producto o a los datos de clientes. https://techcrunch.com/2024/06/28/teamviewer-cyberattack-apt29-russia-government-hackers/
The 'Three Buddy Problem' Podcast Episode 2: Ryan Naraine, Costin Raiu and Juan Andres Guerrero-Saade go all-in on the discussion around Google Project Zero disrupting counter-terrorism malware operations. A deep dive on disruption vs exposure, the effects of US government sanctions on private mercenary hacking companies, hypocricy and the tricky relationship between malware researchers are the intelligence community, and the lack of 'success stories' from so-called benevolent malware. We also discuss the implications of the TeamViewer breach by a skilled Russian APT, new Microsoft notifications to Midnight Blizzard victims and share thoughts on the Polyfill.io supply chain compromise.
In today's episode, we discuss Microsoft's commitment to take full responsibility for security failures, as detailed in Brad Smith's House testimony (https://www.cybersecuritydive.com/news/microsoft--security-failures-house-testimony/718853/), YouTube's testing of harder-to-block server-side ad injections affecting ad blockers like SponsorBlock, along with the potential solutions (https://www.bleepingcomputer.com/news/google/youtube-tests-harder-to-block-server-side-ad-injection-in-videos/), and the new "Sleepy Pickle" attack technique that targets machine learning models, posing severe supply chain risks (https://thehackernews.com/2024/06/new-attack-technique-sleepy-pickle.html). Tune in for a detailed analysis of these pressing cybersecurity issues and their broader implications. Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Microsoft, President, Security, Cybersecurity, Brad Smith, House testimony, Security failures, State-linked cyberattacks, U.S. federal agencies, Cyber attack, Machine learning, Sleepy Pickle, Pickle format, Supply chain risk Search Phrases: Microsoft security failures, Brad Smith House testimony, U.S. federal agencies cyber attack, State-linked cyberattack Microsoft, Measures to improve Microsoft cybersecurity, Sleepy Pickle machine learning, Protecting machine learning models, Cybersecurity in Pickle format, Supply chain risks in cybersecurity, Advanced server-side ad injection YouTube Microsoft will take full ownership for security failures in House testimony https://www.cybersecuritydive.com/news/microsoft--security-failures-house-testimony/718853/ ---`- Microsoft's Accountability: Brad Smith, Microsoft's vice chair and president, commits to taking full responsibility for recent security failures in his written testimony to the U.S. House Committee on Homeland Security. This is a critical move for transparency and accountability in the cybersecurity sector. State-Linked Cyberattacks: The testimony follows two significant state-linked cyberattacks on Microsoft. Hackers from the People's Republic of China targeted Microsoft Exchange Online, compromising 22 organizations and 500 individuals, including high-profile figures like U.S. Commerce Secretary Gina Raimondo. Another attack from the Russia-linked Midnight Blizzard group compromised senior executives' credentials, impacting federal agency security. Preventable Breaches: A report by the U.S. Cyber Safety Review Board criticized Microsoft for prioritizing speed to market and new features over security, labeling the attacks as preventable. This highlights the importance for cybersecurity professionals to balance innovation with robust security measures. Security Recommendations: The Cyber Safety Review Board issued 25 recommendations to improve security, 16 specifically for Microsoft. These recommendations are essential for Microsoft and the broader cloud security industry to address vulnerabilities and prevent future breaches. Phishing Attack Surge: Nation-state cyber activity has intensified, with Microsoft experiencing 47 million phishing attacks against its employees and 345 million daily attacks against its customers. This underscores the importance of phishing awareness and training for all cybersecurity professionals. Enhanced Security Measures: To bolster internal security, Microsoft plans to link senior executive compensation to meeting security goals, demonstrating a commitment to accountability. Additionally, the company has invited the Cybersecurity and Infrastructure Security Agency (CISA) to its headquarters for a detailed briefing on their security strategy. Industry Implications: Critics argue that Microsoft's dominant position in federal systems should be re-evaluated given its security lapses. This raises questions about the broader implications for vendor accountability and the need for stringent security standards in government contracts.` YouTube tests harder-to-block server-side ad injection in videos https://www.bleepingcomputer.com/news/google/youtube-tests-harder-to-block-server-side-ad-injection-in-videos/ ---`- YouTube Ad Blocking Challenge: YouTube now injects advertisements directly into video streams (server-side ad injection), making it tougher for ad blockers to filter them out. (Source: BleepingComputer) This method integrates ads seamlessly into the video content, creating a continuous stream that includes ad segments. Impact on Ad Blockers: Traditional ad blockers, which rely on blocking JavaScript scripts for ad insertion, will struggle with this new approach. SponsorBlock, a tool that crowdsources data to skip sponsored content, reports that server-side ad injection disrupts its functionality. Technical Breakdown: YouTube uses smaller video segments, or "chunks," stitched together to create continuous playback. A manifest file dictates the sequence of these chunks, including both content and ads, complicating the ability to skip or block ads. SponsorBlock's Response: Currently, SponsorBlock blocks submissions from browsers with server-side ad injection to avoid data corruption. Future solutions may involve calculating ad durations via metadata and YouTube's interface elements, though these systems are still in development. Potential Solutions for Ad Blockers: Ad blockers might need to evolve by developing sophisticated detection algorithms, analyzing metadata, and employing advanced pattern recognition techniques to identify ad segments.` New Attack Technique 'Sleepy Pickle' Targets Machine Learning Models https://thehackernews.com/2024/06/new-attack-technique-sleepy-pickle.html ---`1. Discovery of Sleepy Pickle Attack: Trail of Bits researchers discovered a new attack technique called "Sleepy Pickle" that targets machine learning (ML) models. Unlike traditional attacks, Sleepy Pickle focuses on corrupting the ML model itself, posing a severe supply chain risk. Mechanism and Risks: The attack leverages the Pickle format, commonly used in ML libraries like PyTorch, to carry out arbitrary code execution during deserialization. Sleepy Pickle can insert backdoors, control outputs, or tamper with processed data, leading to dangerous consequences like misinformation or data theft. Attack Delivery Methods: Attackers can deliver the payload using techniques such as adversary-in-the-middle (AitM) attacks, phishing, supply chain compromise, or exploiting system weaknesses. When deserialized, the payload modifies the model in-place, making detection very difficult. Recommendations for Mitigation: Only load models from trusted users and organizations. Use signed commits and consider alternatives to Pickle, like TensorFlow or Jax formats with auto-conversion mechanisms. Potential Impact: Hypothetical scenarios include generating harmful outputs (e.g., unsafe health advice), stealing user data, or manipulating news article summaries to redirect to phishing sites. The attack can maintain surreptitious access to ML systems, evading detection by modifying model behavior dynamically. Broader Implications: Sleepy Pickle highlights the need for stronger supply chain security and awareness of vulnerabilities in widely-used software components. The attack's ability to corrupt local models without appearing as an ML model broadens the attack surface significantly.`
The Cybersecurity and Infrastructure Security Agency has directed multiple federal agencies to scrub their Microsoft accounts for signs of compromise after Russia-linked hackers potentially accessed agency passwords and other sensitive log-in details. In an emergency directive publicly released today, CISA said multiple federal agencies had their email correspondence with Microsoft stolen by the Russian state-sponsored group “Midnight Blizzard.” CISA said the stolen emails pose a “grave” risk to the federal government. The group gained access to sensitive agency information by compromising Microsoft's corporate email accounts starting in January. The hackers are now trying to use the information in those stolen emails, which include authentication details, to gain additional access to Microsoft customer systems, CISA said. Learn more about your ad choices. Visit megaphone.fm/adchoices
The Cybersecurity and Infrastructure Security Agency has directed multiple federal agencies to scrub their Microsoft accounts for signs of compromise after Russia-linked hackers potentially accessed agency passwords and other sensitive log-in details.In an emergency directive publicly released today, CISA said multiple federal agencies had their email correspondence with Microsoft stolen by the Russian state-sponsored group “Midnight Blizzard.” CISA said the stolen emails pose a “grave” risk to the federal government.The group gained access to sensitive agency information by compromising Microsoft's corporate email accounts starting in January. The hackers are now trying to use the information in those stolen emails, which include authentication details, to gain additional access to Microsoft customer systems, CISA said. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
The growth of TheMoon malware and its contribution to the Faceless proxy network, shining a light on the vital role of cybersecurity in safeguarding critical infrastructure. Featuring insights from Lumen Technologies' Black Lotus Labs and CISA's new reporting mandates. [00:02:53] The Moon Malware [00:07:37] Critical Infrastructure Cybersecurity Updates [00:17:08] Personal Cybersecurity Tips & Encouragement Original URLs: https://blog.lumen.com/the-darkside-of-themoon/ https://krebsonsecurity.com/2023/04/giving-a-face-to-the-malware-proxy-service-faceless/ https://www.cybersecuritydive.com/news/cisa-notice-critical-infrastructure/711506/ https://www.cisa.gov/news-events/news/cisa-marks-important-milestone-addressing-cyber-incidents-seeks-input-circia-notice-proposed https://thehackernews.com/2024/03/key-lesson-from-microsofts-password.html Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: cybersecurity, TheMoon malware, Faceless network, Lumen Technologies, CISA, critical infrastructure, cyber incident reporting, Microsoft, Midnight Blizzard, NOBELIUM, password spray hack, IoT security, proxy services, cyber threats, router vulnerabilities Search Phrases: Exploring TheMoon malware and its impact on cybersecurity Understanding Faceless proxy service and cyber anonymity Lumen Technologies' fight against cyber threats CISA's new cyber incident reporting rules for critical infrastructure Microsoft's response to Midnight Blizzard cyber attacks NOBELIUM's tactics in cyber espionage How to protect routers from cyber attacks The significance of cybersecurity in safeguarding critical infrastructure Cybersecurity best practices for IoT devices Strategies to counter password spray hacks Importance of secure accounts in preventing cyber attacks Analyzing the growth of proxy networks in cybercrime The role of critical infrastructure in national cybersecurity Updates and insights from CISA on cyber incident management Microsoft's investigation into state-sponsored cyber threats Transcript: Transition (Short) Low Energy [00:00:00] Welcome & Introduction offsetkeyz: Welcome back to the Daily Decrypt. Fly me to the moon. [00:00:08] The Rise of The Moon Malware offsetkeyz: The Moon malware is now covertly amassing over 7, 000 SOHO routers and IoT devices each week into the faceless proxy network, as unveiled by Black Lotus Labs at Lumen Technologies, signaling a worrying escalation in cybercriminal capabilities. What steps can be taken to prevent devices from falling prey to the moon malware and contributing to the expansion of the faceless proxy network? Critical infrastructure entities such as power and water are now mandated to swiftly report cyber incidents and ransom payments following new rules proposed by the cybersecurity and infrastructure security agency known as CISA. Marking a crucial advancement in bolstering the nation's cybersecurity defenses. And finally, we've got the expert dogespan back to discuss some lessons learned from the recent midnight Blizzard Microsoft breach. So stick around for that juicy goodness. So recently we reported on Soho routers, which is small home. What is small, dogespan: small, office, home office. offsetkeyz: small home office office, small. Is it small office, home office? dogespan: Yeah. South of Houston street, offsetkeyz: So yeah, recently there's been some news on Soho routers being vulnerable to these malwares. pulling them into proxy networks. And so this isn't necessarily breaking news, but there has been some recent research coming out that shows some pretty staggering numbers. So the latest findings by Lumen Technologies Black Lotus Labs spotlight a startling expansion of the faceless proxy network, with the moon malware enrolling over 7, 000 new users. per week into its ranks. That's a lot of routers. dogespan: ISP routers right there? offsetkeyz: I would hope not, but your ISP has no incentive whatsoever to replace that router and you're paying a rental fee. So dogespan: Yep. offsetkeyz: There's a little bit more information linked in the show notes below, but. An aggressive campaign in early March of 2024 saw over 6, 000 ASUS routers compromised in less than 72 hours. So at this rate, they're well over 40, 000 last we checked in February, plus 7, 000 each week. The Moon malware continues to refine its infection methods, targeting devices with accessible shell environments before implementing a series of IP table modifications. This prepares the compromised device to serve as a proxy facilitating anonymous internet usage for malicious actors through the faceless service. [00:02:53] The Moon Malware offsetkeyz: First of all, we can talk about what a proxy network is. It's essentially just. It's essentially just tens of thousands of devices that cybercriminals are able to route their traffic through. So that's bad news for you, whether you're trying to avoid people snooping on you, or you're trying to protect your privacy, or you're trying to not be an accomplice in cybercrime. In the article linked in the show notes below, you'll be able to see some indicators of compromise, but the biggest thing is that's the gateway to the internet for you. So everything going in and everything coming out of your house. is now accessible to these attackers. They're probably not interested in that. They're interested in just having the power to route their criminal activity through 40, 000 routers. But when you hand criminals a bunch of free data, they're probably going to get around to using it. So what can you do to prevent your router from being part of this proxy network? Make sure it's up to date. And that's kind of tricky for most users. You're going to actually have to go into the router, which is a bit of a process. You also really want to make sure the username and passwords to your router are changed because they're probably accessible via the internet. Like I could go Google your router model number and find out what the username and password is, enter it in, and B boom. dogespan: There's a number of them, just out on the internet, you can throw creds at them at any point in time. offsetkeyz: Yeah. Once you start getting into cybersecurity, you'll quickly come across the sites that just index all vulnerable routers, what, what's the site that I'm thinking of? Do you remember? Doja Span. dogespan: Shodan. Shodan. offsetkeyz: If you just go on there, you can, first of all, you can check your IP and see what the deal is. But yeah there, there's a lot of 'em. So this proxy network is growing quickly. Probably thanks to Shodan, but mostly because there's a lot of vulnerable routers out there, even if they're not end of life People just don't change their password. They don't know. So tell your mom, tell your friends, tell your grandpa, change your router password it's a big deal. Honestly. dogespan: Yeah, it's interesting, we like, of course there is the proxy implication, so the attacker is like you said, most likely just using it to hide and cover their tracks, and one of the things that could come out of that, I think you did mention it, that you could be legally implicated. for certain types of activity. And while you're not the person doing it, if you are like the exit node or close enough in the chain for beginning or end, you might get picked up. So Definitely see if this is something that is affecting you, a lot of this malware, you can just reboot the router, like give it an unplug for 10 seconds, 30 seconds, and plug it back in, a lot of the malware will will die off, but then of course, make sure it's updated. One thing you can do is request that your ISP updates your router. So if you have been paying that monthly lease, if it's been two years, call them and tell them that you want a new one. offsetkeyz: Yeah, I'm sure it's even built into your contract that you're entitled to a new router after X amount of months, and it probably isn't more than 18. dogespan: Mm hmm. offsetkeyz: know they're not updating it, they're not forcing updates, and they know you're not updating it. so they probably legally have to offer you a new one. So all you have to do is call, and you might be on hold for a while, but just, yeah, get a new router if you've inherited an ISP router and you feel really proud of yourself because you're not paying the 7 a month anymore, and you've had the same router for five years. this right here serves as your official notice to not do that. Go get a new one. So yeah, to wrap this up, the article linked in the show notes recommends a couple things. They recommend first of all blocking botnet traffic based on certain indicators of compromise. So if you're a network defender, see that article for those IOCs. But consumers with SOHO routers should follow best practices of regularly rebooting routers, as dogespan said, and installing security updates and patches. And they provide a full link on how to do that. offsetkeyz: by the Canadian Center for Cybersecurity. So thanks, Canadia. And, for organizations that manage SOHO routers, make sure the devices do not rely upon common default passwords. They should also ensure the management interfaces are properly secured and not accessible via the internet. And again, another article explaining exactly how to do that. So, do those things, call your ISP, and you should be good to go. transition: DOG. DOG. DOG. DOG. [00:07:37] Critical Infrastructure Cybersecurity Updates offsetkeyz: So one of the common themes, if you've been listening for a while, is critical infrastructure. The White House has been releasing guidance to critical infrastructure IT departments. There's been a real emphasis on securing critical infrastructure. Turns out that's because it's constantly under attack and it's our Achilles heel. If attackers can get our critical infrastructure, they can probably shut down our internet, and then we have no way of protecting ourselves. They can shut down our power, we have no security cameras, you know, We have no food, can't nourish our bodies, to go to cyber war. the most recent step in this effort is the Cybersecurity and Infrastructure Security Agency, known as CISA, introduced a proposed rule mandating that critical infrastructure entities report significant cyber incidents within 72 hours and ransom payments within 24 hours. So this is pretty huge because we don't really have the data. We don't know how these critical infrastructures are getting attacked, if they're paying, if they're not paying. We're all kind of guessing. So It's gonna suck a little. Another checklist item while you're under attack. but it's going to help overall critical infrastructure stay secure. dogespan: Yeah, Critical Infrastructure definitely needs to be reporting that up as soon as possible. It's such a big deal. And I do like that they're imposing that on Critical Infrastructure. It's a really good step in the right direction. 72 hours? offsetkeyz: Yeah, that's a little generous and yeah, there's a lot of conflicting feelings about this, especially if. you're under ransomware attack, attackers are telling you not to report it, attackers are saying they're going to shred your data, they're going to destroy it if you report it up, and when you're under attack, you're afraid, and you might have the money, and you might just pay them, and you might forget to report, and that might cause fines or whatever, so that's just one of the cons to this, but we really need this data, It's going to help keep critical infrastructure more secure. It looks like this rule is expected to affect over 316, 000 entities with an estimated cost of 2. 6 billion. There is some debate as to what qualifies as critical infrastructure, and I'm surprised that this guidance came out with gray area at all. It should be pretty exhaustive, but it According to the article linked in the show notes, which we always encourage you to read for yourself, don't just listen to what we're saying as truth go read it for yourself. The U. S. recognizes 16 critical infrastructure sectors, but debates continue about the scope of entities required to comply. For example, UnitedHealthcare group. qualifies under the current definitions, but the status of change healthcare, which was recently breached, is kind of gray. It's uncertain, which doesn't make sense to me, if there's uncertainty, people aren't going to report and then they're going to claim they didn't know. So let's figure that out. dogespan: Yeah, definitely like to see them move in the direction of just, when in doubt, report. Because if you're getting CISA involved, they're going to lend that expert help. If you're not equipped to do the investigation, you're better off just letting them know and cooperating with them. Even with ransomware and you going and paying it, you're hoping that they live up to their word? And that's a criminal. offsetkeyz: Yeah, exactly. It's a lesson in all facets of life. from big enterprises down to personal as well. If you need help, ask for it. If you did something wrong, tell the people it impacts. Any smart person receiving this information is going to try to help as hard as they can, and they're not going to hold it against you. Simply telling the truth always wins, so do it, dogespan: That's exactly what I tell my kids. offsetkeyz: and they need to hear it, and so do many others. dogespan: Alright, so the last one. Midnight Blizzard, also known as Nobellium, a Russian state sponsored actor, got into Microsoft and they did so through the use of password sprays. So password spray being they just go down the line hitting as many passwords as they can on any account and hoping for the best. Well, this was against Microsoft and it ended up being successful. Nobelium got access to a dev account and This account ended up having elevated privileges. Throughout the stages of this attack, they ended up going up higher and higher and higher through privilege escalation. . This one was a privileged account, but it was in a development environment. They ended up getting access to an account and started sending off phishing emails across the board to their executives. Well, they ended up getting a couple of hits and there was no MFA. on those higher up accounts. That's probably the most shocking aspect of that. We know that. This was all previous information. So, what's happening now? Microsoft has gotten them out and they have been doing all their recursive investigations. So the evidence of this is that they got access to, well, source code and internal systems. Luckily, no customer facing systems were compromised. They did have access to source code, but nothing customer related, so we are still in the clear. However, go change your passwords. Now, being that they've had access to this stuff, they've been able to start probing at systems a little bit more in depth, and these Well, Microsoft has noticed since this that password sprays have increased by a tenfold. offsetkeyz: What? Against Microsoft, or in general? dogespan: Probably Microsoft systems since they have access to that kind of data, but they, it does say here that they are increasing their security investments. Good, good, good. cross enterprise coordination and enhanced defense capabilities against this persistent threat. So that sounds like they are working with customers to make sure that everybody's safe and sound. Good on them. Overall, I think they've done a good job with this response. In recent weeks, they have seen that Midnight Blizzard is using the information that they originally exfiltrated to attempt to gain more unauthorized access. This comes from two different sources. One was directly from Microsoft's blog and then the other was a summary from the Hacker News. I'd like how the Hacker News, they've gone and broken little bits of it and kind of translated it more targeted at a smaller organization and not so much, you know, how Microsoft got hit by this stuff. And one of the things that they mentioned is the importance of protecting all accounts. this ended up being an attack against a privileged developer account or an developer environment. And a lot of times what happens in larger organizations is you kind of create accounts, you create stuff, and it serves its purpose, and you never delete it. So it's super important to make sure that you're either, have good security on it in the first place, or you delete it as soon as you're done with it. Now, how does that translate to the regular user? You mentioned this yesterday's podcast. when you're downloading an app for a single purpose, do you typically leave it on your system or do you delete it afterwards? One of the things that I try to think about is, ordering food. a lot of them, you cannot order food through a web browser, unless you're actually like physically on a computer. it's going to be so persistent to try to get you to go to that app. A lot of times it won't even let you like McDonald's is one of those good ones. You are automatically rerouted to that app. Every single time I download that app, order my food, pick up my food, and then I delete that app. And it's not so much. That it's McDonald's, but you just don't know what else is involved in that. And McDonald's is all about food, not data security. offsetkeyz: No, I mean, they are a fortune five company, probably. so hopefully they have a good security system, but yeah, you'd be surprised at the permissions the McDonald's app asks for. And Hawkrow Farmer and I were discussing this a week or two ago. when you're hungry, there is a serious sense of urgency. And attackers know. Under what circumstances there's a sense of urgency. So if you're on DoorDash and you're having a hard time getting the food, you might pivot over to some other delivery service by Googling it, clicking on an ad, and then downloading the app from that ad. Because you're really hungry and you're just trying to get your food. So now you've downloaded the wrong app, you create an account, username, same password you use on your bank, same email you use on your bank, they now have that, they go to your bank, they get you, whatever. Now you're in a proxy network because you left that app. There's so many bad things that happen, but, but the one thing about, that's a good example, doges, is urgency. And when you're hungry, things feel very urgent. dogespan: Very, very urgent. If an attacker has access to a password and it's associated with an email, they're going to try it anywhere and everywhere. And one of the key areas that they're going to try it is your email provider, because that is clear evidence that you have an account there. So that's the main takeaway with it from this, even on a large enterprise scale, is all accounts need to be protected. [00:17:08] Personal Cybersecurity Tips & Encouragement dogespan: If you can't protect those accounts Use them for what you need to and remove it. Whether that's just getting an app on your phone or creating an account just for the purpose of ordering some food. Delete it afterwards. offsetkeyz: Yeah, we'd like to just harp on not reusing passwords. Um, if someone can get into your email, they can reset any password on any account that you have, because, I mean, what's the first step? I think I talked about it in yesterday's episode. When you click the reset password button, what does it do? It sends you an email to click on a link to go reset your password. And that's all it is. So if, if the attacker has access to your email address, they can reset any password, including your bank, including your Instagram. You know, the more I talk to people about password reuse and password managers and multifactor authentication, the more I met with fear and shame. Shame is really the key one, and the shame doesn't quite outweigh the fear. like it never is enough to get them going, but it is a negative feeling associated with passwords. And what I mean by that is people are just always ashamed that they haven't done this, or they haven't done that, whatever. They reuse their password. They're really ashamed. Well, this can serve as a good example for you that even executives at Microsoft haven't enabled multi factor authentication. You're doing okay. Just try to chip away at it. one piece at a time, try to enable multi factor authentication. Don't surrender to the shame. dogespan: It doesn't have to be something that you, you know, you decide Today when you wake up. That. I'm going to go enable MFA on all of my accounts. How I handle that is when I log in and I don't get prompted to authenticate myself, I think, is there a way to get MFA? Put a little sticky note somewhere that says, go check your security settings on this website when you're done with what you're doing. So you don't have to break focus, just real quick, security settings. Go back to it after you've checked your balance or whatever it is you went to. And then the next time you log into something else and you don't get prompted for MFA, offsetkeyz: it's a slow process. and that's okay. It's okay to be a slow process. Really focus on the important things to start and the more you get going, the easier it gets. But right now, if you haven't started, it seems like it's going to be really painful, but think about it. What happens when you accomplish really painful, really hard tasks? You get a flood of dopamine. Look forward to that dopamine hit when you actually enable MFA and change your password and download that pass password manager It sounds impossible right now. It will feel so good I still get that dopamine hit every time I make a little chip away at my security dogespan: Leave a comment. Let us know that you did it and we will praise you. offsetkeyz: We will we will I'll make a freaking whole podcast episode about you Dude, I was talking to my parents this week. Shout out to my parents my dad Unprompted made his first passkey for Amazon. dogespan: Oh, offsetkeyz: Yeah. and my dad is an electrical engineer and he actually informed me that he has some patents in encryption algorithms. And so I said, dad, I don't know how passkeys work. I spent two hours banging my head against the desk trying to figure it out. So if you figure it out, I'm bringing you on the podcast. You get to explain it to my listeners. So, really excited. You guys get to meet my dad, but he was so excited when he enabled his passkey and you too can share that joy. So yeah, to bring it back to the Microsoft thing, and I don't want to make this an ethics podcast per se, but it is always So it ignites fire within both me and DogeSpan, uh, just personal security and how easy it actually is, not to shame you by any means, but you can take certain easy steps to drastically improve your security. But Microsoft here is doing exactly what we were preaching in the previous segment, which is reporting things. They're doing a great job. They're saying they messed up and, hey, we're kind of on board. We're like, wow, great. Thank you so much. It's when. It's when companies try to hide it, like LastPass, for example. Um, I was a diehard LastPass user and hey, LastPass is better than nothing, even still, but it was really the fact that they hid their breach and tried to downplay their breach that ultimately got me to switch off of LastPass. I think their service now is great. It's fine. I would trust it a lot. So if you have LastPass, great. But it's ultimately. the way that LastPass makes you feel. Like, no more warm fuzzies. More like cold sharpies. You know, it's just stabbing me when I think about LastPass. So, good on Microsoft for just reporting and continuing to uncover new things, and we can all learn something from them. I dogespan: close to a month now, about how consumers are actually taking that into consideration more and more. Where I was under the impression that it was just us tech nerds that were looking at it and going, ew, you got a, you got a breach and you didn't handle it poorly, but more consumers are looking at that and everybody is going to get hacked. If you haven't been hacked yet, you just don't know it. It has happened. Own up to it, it's fine. Handle it well. Go the appropriate steps. offsetkeyz: mean, this story is evidence of that more than anything, that Microsoft just got hacked. I mean, they, they made the, they made the first computer. They made the internet. So yeah, no shame, especially nowadays when the weekly breaches are, it's a very long list of breaches out there. I like this article from the Hacker News. Another great thing is it has a section titled defend against password spray attacks. and it has four actionable steps. I'm surprised multi factor authentication isn't the first one. Should be the first one. but if you're in an organization and you have access to the Active Directory domain controller or admin rights there, you can run password audits. Have any of the passwords for any account on your Active Directory shown up on the dark web? there's search engines that just list passwords on the dark web. There's search engines that list email addresses, which is probably more applicable for the day to day user, but you can just, yeah, search. I think it's even Have I Been Pwned. Like they have a password search feature and Have I Been Pwned has an API, so you can set up using an API and automate it. but that's something I haven't considered. is just audits. That could have saved it if they're unwilling to enable multi factor authentication. Multi factor authentication, we talk about it like it's a, like a silver bullet, but it is susceptible to attacks too, especially MFA bombing or MFA fatigue. The weakest link in anything, in anything security is the human element. So even if you have enabled MFA, You can still do these password audits. You can only secure yourself more. So yeah, that's, those are just some of the action items you can take either as an individual or as a corporation. And yeah, the point of bringing this up was just to kind of recap on this big attack and have a discussion. So, got anything else for us dogespan? dogespan: No. Get a password manager. offsetkeyz: And as always, get a password manager. I'm gonna, it's like a drinking game around my house. How many times do I say password manager in a night? And I'm heading to a bar after this where you better believe I will be talking about password managers. [00:24:57] Closing Thoughts & Thanks offsetkeyz: But that's all we got for you today. Thanks so much to Dogespan for coming back. We've missed you. Our editing software has missed you and we hope you'll be more of a frequent guest. Oh, he's back, baby. And I hope your work or organization place where you work lets you have Friday off like mine does. Uh, so TBD, if we'll have an episode tomorrow, probably because I'm an addict, but if we don't have a great weekend, we'll talk to you later.
This episode covers updates on the Midnight Blizzard attack, the role of CISOs and their technical expertise, the need for international standards in cyber warfare, and defending against business email compromise. Takeaways -Microsoft provides an update on the Midnight Blizzard attack, revealing attempts to gain unauthorized access to internal systems. -The technical expertise of CISOs is important, but they don't need to be deeply technical. Understanding the solutions, threats, and being able to explain them is crucial. -Cyber warfare is a serious issue, and there is a need for international standards to define appropriate targets for attacks. -Microsoft demonstrates how their ecosystem defends against business email compromise using automatic attack disruption. ----------------------------------------------------------- Youtube Video Link: ----------------------------------------------------------- Documentation: https://msrc.microsoft.com/blog/2024/03/update-on-microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ https://www.sec.gov/edgar/browse/?CIK=789019&owner=exclude https://www.youtube.com/watch?v=GnEGWzfxU8c ----------------------------------------------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast ----------------------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ----------------------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/blue-security-podcast/message
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Threat actors have been actively targeting vulnerable Connect Secure VPN appliances after the disclosure of CVE-2023-46805 and CVE-2023-21887.Threat researchers recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file encryption code.In the last week of January 2024, a patch was released to address a directory traversal vulnerability in the package that allows unauthenticated, remote attackers to access sensitive information from arbitrary files on the server if exploited. On March 8th, Microsoft said that it's still trying to evict the elite Russian government hackers who broke into the email accounts of senior company executives in November and who it said have been trying to breach customer networks with stolen access data.
VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberattack SpinRite update Telegram's end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT kolide.com/securitynow business.eset.com/twit
Can we have a Windows experience tailored for enterprise efficiency? Paul, Richard, and Mikah unpack the freshest updates from Windows 11's March 2024 Patch Tuesday, dissect Microsoft's transparency behind Midnight Blizzard's November attack, and speculate on Microsoft's much-anticipated Surface/AI event. Plus, Paul offers insights from his time with Copilot Pro's custom GPT builder. Windows 11 Patch Tuesday new features: Phone Link settings is renamed to Mobile devices, USB 80 Gbps support, more - Windows 10 users get some love (hate?) too Microsoft confirms that Moment 5 will be delivered in the March preview update, fully deployed in late April Microsoft details how it is changing Windows in the EU - and now we all want to move to the EU Beta (last week): New Copilot actions experiment Dev and Canary: Unified Teams experience, Copilot updates to more people, Power Automate via Copilot in Windows, Live Captions quick settings tile, progress bars in Taskbar icons, File Explorer file copy improvements, etc Beta (today): Most frequently used apps now appear in Recommended Microsoft Microsoft continues to dribble out details about that Russia-sponsored hack and the news is predictably getting worse each time We have an event! March 21st will focus on Copilot, Windows, and Surface AI Microsoft brings Custom GPT Builder to Copilot Pro subscribers Here comes Copilot for Security. April 1 rollout is perfect Teams app developers get AI capabilities via a free Microsoft toolkit Opera Feature Drops to bring new AI features early to Opera One EU moves to the AI Act Microsoft 365 Microsoft finally spells out its commercial deployment schedule/plans for the new Outlook. Let the complaining continue Skype is updated with new Channels features, prompting questions about Skype still being alive Parallels Desktop for Mac is updated with Clipboard and game improvements for Windows VMs Xbox Some Activision QA works vote to unionize More Microsoft Studio titles come to Boosteroid, that service you only heard of because of the Microsoft acquisition of Activision Blizzard Tips & Picks Tip of the week: Time zone math App pick of the week: Llamasoft: The Jeff Minter Story is now available! Plus, Joplin (a Notion alternative) RunAs Radio this week: Understanding Large Language Models with Jodie Burchell Brown liquor pick of the week: Bushmills 21 Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsor: cachefly.com/twit
On this week's show Patrick and Adam discuss the week's security news, including: Weather forecast in Redmond is still for blizzards at midnight Maybe Change Healthcare wasn't just crying nation-state wolf Hackers abuse e-prescription systems to sell drugs CISA goes above and beyond to relate to its constituency by getting its Ivantis owned VMware drinks from the Tianfu Cup Much, much more This week's feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller's chief of staff when he was FBI director. John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He'll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing. Rad founder Jimmy Mesta will along in this week's sponsor segment to talk about some really interesting work they've done in baselining cloud workloads. It's the sort of thing that sounds simple that really, really isn't. Show notes Risky Biz News: The aftermath of Microsoft's SVR hack is rearing its ugly head Swindled Blackcat affiliate wants money from Change Healthcare ransom - Blog | Menlo Security BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security Change Healthcare systems expected to come back online in mid-March | Cybersecurity Dive LockBit takes credit for February shutdown of South African pension fund Ransomware gang claims to have made $3.4 million after attacking children's hospital Jason D. Clinton on X: "Fully automated vulnerability research is changing the cybersecurity landscape Claude 3 Opus is capable of reading source code and identifying complex security vulnerabilities used by APTs. But scaling is still a challenge. Demo: https://t.co/UfLNGdkLp8 This is beginner-level… https://t.co/mMQb2vYln1" / X Jason Koebler on X: "Hackers are hacking doctors, then using their digital prescription portals to "legitimately" prescribe themselves & their customers adderall, oxy, and other prescription drugs https://t.co/6elTKQnXSB" / X How Hackers Dox Doctors to Order Mountains of Oxy and Adderall CISA forced to take two systems offline last month after Ivanti compromise VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica A Close Up Look at the Consumer Data Broker Radaris – Krebs on Security Brief of Amici Curiae Former Government Officials Securities and Exchange Commission v Solarwinds Corp
On this week's show Patrick and Adam discuss the week's security news, including: Weather forecast in Redmond is still for blizzards at midnight Maybe Change Healthcare wasn't just crying nation-state wolf Hackers abuse e-prescription systems to sell drugs CISA goes above and beyond to relate to its constituency by getting its Ivantis owned VMware drinks from the Tianfu Cup Much, much more This week's feature guest is John P Carlin. He was principal associate deputy attorney general under Deputy Attorney General Lisa Monaco for about 18 months in 2021 and 2022, and also served as Robert Mueller's chief of staff when he was FBI director. John is joining us this week to talk about all things SEC. He wrote the recent Amicus Brief that says the SEC needs to be careful in its action against Solarwinds. He'll also be talking to us more generally about these new SEC disclosure requirements, which are in full swing. Rad founder Jimmy Mesta will along in this week's sponsor segment to talk about some really interesting work they've done in baselining cloud workloads. It's the sort of thing that sounds simple that really, really isn't. Show notes Risky Biz News: The aftermath of Microsoft's SVR hack is rearing its ugly head Swindled Blackcat affiliate wants money from Change Healthcare ransom - Blog | Menlo Security BlackCat Ransomware Group Implodes After Apparent $22M Payment by Change Healthcare – Krebs on Security Change Healthcare systems expected to come back online in mid-March | Cybersecurity Dive LockBit takes credit for February shutdown of South African pension fund Ransomware gang claims to have made $3.4 million after attacking children's hospital Jason D. Clinton on X: "Fully automated vulnerability research is changing the cybersecurity landscape Claude 3 Opus is capable of reading source code and identifying complex security vulnerabilities used by APTs. But scaling is still a challenge. Demo: https://t.co/UfLNGdkLp8 This is beginner-level… https://t.co/mMQb2vYln1" / X Jason Koebler on X: "Hackers are hacking doctors, then using their digital prescription portals to "legitimately" prescribe themselves & their customers adderall, oxy, and other prescription drugs https://t.co/6elTKQnXSB" / X How Hackers Dox Doctors to Order Mountains of Oxy and Adderall CISA forced to take two systems offline last month after Ivanti compromise VMware sandbox escape bugs are so critical, patches are released for end-of-life products | Ars Technica A Close Up Look at the Consumer Data Broker Radaris – Krebs on Security Brief of Amici Curiae Former Government Officials Securities and Exchange Commission v Solarwinds Corp
Can we have a Windows experience tailored for enterprise efficiency? Paul, Richard, and Mikah unpack the freshest updates from Windows 11's March 2024 Patch Tuesday, dissect Microsoft's transparency behind Midnight Blizzard's November attack, and speculate on Microsoft's much-anticipated Surface/AI event. Plus, Paul offers insights from his time with Copilot Pro's custom GPT builder. Windows 11 Patch Tuesday new features: Phone Link settings is renamed to Mobile devices, USB 80 Gbps support, more - Windows 10 users get some love (hate?) too Microsoft confirms that Moment 5 will be delivered in the March preview update, fully deployed in late April Microsoft details how it is changing Windows in the EU - and now we all want to move to the EU Beta (last week): New Copilot actions experiment Dev and Canary: Unified Teams experience, Copilot updates to more people, Power Automate via Copilot in Windows, Live Captions quick settings tile, progress bars in Taskbar icons, File Explorer file copy improvements, etc Beta (today): Most frequently used apps now appear in Recommended Microsoft Microsoft continues to dribble out details about that Russia-sponsored hack and the news is predictably getting worse each time We have an event! March 21st will focus on Copilot, Windows, and Surface AI Microsoft brings Custom GPT Builder to Copilot Pro subscribers Here comes Copilot for Security. April 1 rollout is perfect Teams app developers get AI capabilities via a free Microsoft toolkit Opera Feature Drops to bring new AI features early to Opera One EU moves to the AI Act Microsoft 365 Microsoft finally spells out its commercial deployment schedule/plans for the new Outlook. Let the complaining continue Skype is updated with new Channels features, prompting questions about Skype still being alive Parallels Desktop for Mac is updated with Clipboard and game improvements for Windows VMs Xbox Some Activision QA works vote to unionize More Microsoft Studio titles come to Boosteroid, that service you only heard of because of the Microsoft acquisition of Activision Blizzard Tips & Picks Tip of the week: Time zone math App pick of the week: Llamasoft: The Jeff Minter Story is now available! Plus, Joplin (a Notion alternative) RunAs Radio this week: Understanding Large Language Models with Jodie Burchell Brown liquor pick of the week: Bushmills 21 Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsor: cachefly.com/twit
VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberattack SpinRite update Telegram's end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT kolide.com/securitynow business.eset.com/twit
VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberattack SpinRite update Telegram's end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT kolide.com/securitynow business.eset.com/twit
VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberattack SpinRite update Telegram's end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT kolide.com/securitynow business.eset.com/twit
VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberattack SpinRite update Telegram's end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT kolide.com/securitynow business.eset.com/twit
Can we have a Windows experience tailored for enterprise efficiency? Paul, Richard, and Mikah unpack the freshest updates from Windows 11's March 2024 Patch Tuesday, dissect Microsoft's transparency behind Midnight Blizzard's November attack, and speculate on Microsoft's much-anticipated Surface/AI event. Plus, Paul offers insights from his time with Copilot Pro's custom GPT builder. Windows 11 Patch Tuesday new features: Phone Link settings is renamed to Mobile devices, USB 80 Gbps support, more - Windows 10 users get some love (hate?) too Microsoft confirms that Moment 5 will be delivered in the March preview update, fully deployed in late April Microsoft details how it is changing Windows in the EU - and now we all want to move to the EU Beta (last week): New Copilot actions experiment Dev and Canary: Unified Teams experience, Copilot updates to more people, Power Automate via Copilot in Windows, Live Captions quick settings tile, progress bars in Taskbar icons, File Explorer file copy improvements, etc Beta (today): Most frequently used apps now appear in Recommended Microsoft Microsoft continues to dribble out details about that Russia-sponsored hack and the news is predictably getting worse each time We have an event! March 21st will focus on Copilot, Windows, and Surface AI Microsoft brings Custom GPT Builder to Copilot Pro subscribers Here comes Copilot for Security. April 1 rollout is perfect Teams app developers get AI capabilities via a free Microsoft toolkit Opera Feature Drops to bring new AI features early to Opera One EU moves to the AI Act Microsoft 365 Microsoft finally spells out its commercial deployment schedule/plans for the new Outlook. Let the complaining continue Skype is updated with new Channels features, prompting questions about Skype still being alive Parallels Desktop for Mac is updated with Clipboard and game improvements for Windows VMs Xbox Some Activision QA works vote to unionize More Microsoft Studio titles come to Boosteroid, that service you only heard of because of the Microsoft acquisition of Activision Blizzard Tips & Picks Tip of the week: Time zone math App pick of the week: Llamasoft: The Jeff Minter Story is now available! Plus, Joplin (a Notion alternative) RunAs Radio this week: Understanding Large Language Models with Jodie Burchell Brown liquor pick of the week: Bushmills 21 Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsor: cachefly.com/twit
Can we have a Windows experience tailored for enterprise efficiency? Paul, Richard, and Mikah unpack the freshest updates from Windows 11's March 2024 Patch Tuesday, dissect Microsoft's transparency behind Midnight Blizzard's November attack, and speculate on Microsoft's much-anticipated Surface/AI event. Plus, Paul offers insights from his time with Copilot Pro's custom GPT builder. Windows 11 Patch Tuesday new features: Phone Link settings is renamed to Mobile devices, USB 80 Gbps support, more - Windows 10 users get some love (hate?) too Microsoft confirms that Moment 5 will be delivered in the March preview update, fully deployed in late April Microsoft details how it is changing Windows in the EU - and now we all want to move to the EU Beta (last week): New Copilot actions experiment Dev and Canary: Unified Teams experience, Copilot updates to more people, Power Automate via Copilot in Windows, Live Captions quick settings tile, progress bars in Taskbar icons, File Explorer file copy improvements, etc Beta (today): Most frequently used apps now appear in Recommended Microsoft Microsoft continues to dribble out details about that Russia-sponsored hack and the news is predictably getting worse each time We have an event! March 21st will focus on Copilot, Windows, and Surface AI Microsoft brings Custom GPT Builder to Copilot Pro subscribers Here comes Copilot for Security. April 1 rollout is perfect Teams app developers get AI capabilities via a free Microsoft toolkit Opera Feature Drops to bring new AI features early to Opera One EU moves to the AI Act Microsoft 365 Microsoft finally spells out its commercial deployment schedule/plans for the new Outlook. Let the complaining continue Skype is updated with new Channels features, prompting questions about Skype still being alive Parallels Desktop for Mac is updated with Clipboard and game improvements for Windows VMs Xbox Some Activision QA works vote to unionize More Microsoft Studio titles come to Boosteroid, that service you only heard of because of the Microsoft acquisition of Activision Blizzard Tips & Picks Tip of the week: Time zone math App pick of the week: Llamasoft: The Jeff Minter Story is now available! Plus, Joplin (a Notion alternative) RunAs Radio this week: Understanding Large Language Models with Jodie Burchell Brown liquor pick of the week: Bushmills 21 Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsor: cachefly.com/twit
VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberattack SpinRite update Telegram's end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT kolide.com/securitynow business.eset.com/twit
VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberattack SpinRite update Telegram's end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT kolide.com/securitynow business.eset.com/twit
Can we have a Windows experience tailored for enterprise efficiency? Paul, Richard, and Mikah unpack the freshest updates from Windows 11's March 2024 Patch Tuesday, dissect Microsoft's transparency behind Midnight Blizzard's November attack, and speculate on Microsoft's much-anticipated Surface/AI event. Plus, Paul offers insights from his time with Copilot Pro's custom GPT builder. Windows 11 Patch Tuesday new features: Phone Link settings is renamed to Mobile devices, USB 80 Gbps support, more - Windows 10 users get some love (hate?) too Microsoft confirms that Moment 5 will be delivered in the March preview update, fully deployed in late April Microsoft details how it is changing Windows in the EU - and now we all want to move to the EU Beta (last week): New Copilot actions experiment Dev and Canary: Unified Teams experience, Copilot updates to more people, Power Automate via Copilot in Windows, Live Captions quick settings tile, progress bars in Taskbar icons, File Explorer file copy improvements, etc Beta (today): Most frequently used apps now appear in Recommended Microsoft Microsoft continues to dribble out details about that Russia-sponsored hack and the news is predictably getting worse each time We have an event! March 21st will focus on Copilot, Windows, and Surface AI Microsoft brings Custom GPT Builder to Copilot Pro subscribers Here comes Copilot for Security. April 1 rollout is perfect Teams app developers get AI capabilities via a free Microsoft toolkit Opera Feature Drops to bring new AI features early to Opera One EU moves to the AI Act Microsoft 365 Microsoft finally spells out its commercial deployment schedule/plans for the new Outlook. Let the complaining continue Skype is updated with new Channels features, prompting questions about Skype still being alive Parallels Desktop for Mac is updated with Clipboard and game improvements for Windows VMs Xbox Some Activision QA works vote to unionize More Microsoft Studio titles come to Boosteroid, that service you only heard of because of the Microsoft acquisition of Activision Blizzard Tips & Picks Tip of the week: Time zone math App pick of the week: Llamasoft: The Jeff Minter Story is now available! Plus, Joplin (a Notion alternative) RunAs Radio this week: Understanding Large Language Models with Jodie Burchell Brown liquor pick of the week: Bushmills 21 Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsor: cachefly.com/twit
VMware needs immediate patching Midnight Blizzard still on the offensive China is quietly "de-American'ing" their networks Signal Version 7.0, now in beta Meta, WhatsApp, and Messenger -meets- the EU's DMA The Change Healthcare cyberattack SpinRite update Telegram's end-to-end encryption KepassXC now supports passkeys Login accelerators Sites start rejecting @duck.com emails Tool to detect chrome extensions change owners Sortest SN title Passkeys vs 2FA Show Notes - https://www.grc.com/sn/SN-965-Notes.pdf Hosts: Steve Gibson and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: vanta.com/SECURITYNOW joindeleteme.com/twit promo code TWIT kolide.com/securitynow business.eset.com/twit
Can we have a Windows experience tailored for enterprise efficiency? Paul, Richard, and Mikah unpack the freshest updates from Windows 11's March 2024 Patch Tuesday, dissect Microsoft's transparency behind Midnight Blizzard's November attack, and speculate on Microsoft's much-anticipated Surface/AI event. Plus, Paul offers insights from his time with Copilot Pro's custom GPT builder. Windows 11 Patch Tuesday new features: Phone Link settings is renamed to Mobile devices, USB 80 Gbps support, more - Windows 10 users get some love (hate?) too Microsoft confirms that Moment 5 will be delivered in the March preview update, fully deployed in late April Microsoft details how it is changing Windows in the EU - and now we all want to move to the EU Beta (last week): New Copilot actions experiment Dev and Canary: Unified Teams experience, Copilot updates to more people, Power Automate via Copilot in Windows, Live Captions quick settings tile, progress bars in Taskbar icons, File Explorer file copy improvements, etc Beta (today): Most frequently used apps now appear in Recommended Microsoft Microsoft continues to dribble out details about that Russia-sponsored hack and the news is predictably getting worse each time We have an event! March 21st will focus on Copilot, Windows, and Surface AI Microsoft brings Custom GPT Builder to Copilot Pro subscribers Here comes Copilot for Security. April 1 rollout is perfect Teams app developers get AI capabilities via a free Microsoft toolkit Opera Feature Drops to bring new AI features early to Opera One EU moves to the AI Act Microsoft 365 Microsoft finally spells out its commercial deployment schedule/plans for the new Outlook. Let the complaining continue Skype is updated with new Channels features, prompting questions about Skype still being alive Parallels Desktop for Mac is updated with Clipboard and game improvements for Windows VMs Xbox Some Activision QA works vote to unionize More Microsoft Studio titles come to Boosteroid, that service you only heard of because of the Microsoft acquisition of Activision Blizzard Tips & Picks Tip of the week: Time zone math App pick of the week: Llamasoft: The Jeff Minter Story is now available! Plus, Joplin (a Notion alternative) RunAs Radio this week: Understanding Large Language Models with Jodie Burchell Brown liquor pick of the week: Bushmills 21 Hosts: Paul Thurrott, Richard Campbell, and Mikah Sargent Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsor: cachefly.com/twit
Google AI Espionage, My macOS UI, Cloudflare AI Firewall, Midnight Blizzard, and more…Become a Member: https://danielmiessler.com/upgradeSee omnystudio.com/listener for privacy information.
Russian hackers persist against Microsoft's internal systems. Change Healthcare systems are slowly coming back online. Russian propaganda sites masquerade as local news. Swiss government info is leaked on the darknet. Krebs on Security turns the tables on the Radaris online data broker. The NSA highlights the fundamentals of Zero Trust. The British Library publishes lessons learned from their ransomware attack. Researchers run a global prompt hacking competition. CheckPoint looks at Magnet Goblin. Experts highlight the need for psychological safety in cyber security. Our guest is Dinah Davis, Founder and Editor-In-Chief of Code Like A Girl, sharing the work they do to inspire young women to consider a career in technology. And the I-Soon leak reveals the seedy underbelly of Chinese cyber operations. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Dinah Davis, Founder and Editor-In-Chief of Code Like A Girl, sharing the work they do to inspire young women to consider a career in technology. Selected Reading Microsoft says Russian-state sponsored hackers have been able to access internal systems (Reuters) Change Healthcare brings some systems back online after cyberattack (The Record) Spate of Mock News Sites With Russian Ties Pop Up in U.S (The New York Times) Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration (Security Affairs) A Close Up Look at the Consumer Data Broker Radaris (krebsonsecurity) NSA Details Seven Pillars Of Zero Trust (GB Hackers) LEARNING LESSONS FROM THE CYBER-ATTACK British Library cyber incident review (British Library) A Taxonomy of Prompt Injection Attacks (Schneier on Security) https://arxiv.org/pdf/2311.16119.pdf (Research) Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities (Check Point Research) Why 'psychological safety' is so important for building a robust security culture (ITPro) Inside Chinese hacking company's culture of influence, alcohol and sex (C4isernet) International Women's Day (International Women's Day) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Russian state-backed hacking group Midnight Blizzard gained access to Microsoft source code, Rivian surprise announces that Rivian R2 hatchback, visonOS 1.1 for the Apple Vision Pro is now available to all users… MP3 Please SUBSCRIBE HERE. You can get an ad-free feed of Daily Tech Headlines for $3 a month here. A special thanks toContinue reading "Microsoft Says A Russian State-Backed Hacking Group Gained Access To Source Code – DTH"
In this Sponsor Spotlight episode, hosts Jim McDonald and Jeff Steadman are joined by Rich Dandliker, Chief Strategist at Veza, for an in-depth discussion on Veza's unique approach to identity security. They discuss Veza's market success, their 'anti-convergence' strategy, the significance of a reputable customer base, and the importance of a data-first approach to identity management. Dandliker also provides deeper insights into Veza's Intelligent Access. Don't miss this episode for a comprehensive understanding of Veza's innovative solutions in the IAM market. Connect with Rich: https://www.linkedin.com/in/rich-dandliker-591381/ Learn more about Veza: https://veza.com//?utm_campaign=IdentityAtTheCenterPodcast&utm_medium=website&utm_source=thirdparty&utm_content=link Veza Blog - Lessons from the breach: Microsoft and Midnight Blizzard: https://veza.com/blog/identity-security-lessons-from-midnight-blizzards-breach-of-microsoft/?utm_campaign=IdentityAtTheCenterPodcast&utm_medium=website&utm_source=thirdparty&utm_content=link Connect with us on LinkedIn: Jim McDonald: https://www.linkedin.com/in/jimmcdonaldpmp/ Jeff Steadman: https://www.linkedin.com/in/jeffsteadman/ Visit the show on the web at idacpodcast.com and follow @IDACPodcast on Twitter.
During last week's episode, we briefly spoke about major security incidents that took place between January and February 2024, including the Midnight Blizzard attack. Today, we're delving deeper into the specifics of this attack. From exploiting OAuth mechanics to navigating Microsoft's corporate environment, the attackers demonstrated a level of sophistication that evaded conventional detection controls. Tune in to hear Andy and Paul examine its intricate attack chain and discuss their insights on what Microsoft should do in response. Timestamps: (2:00) – What does the attack chain for this breach look like? (7:11) – Timeline of the Attack (8:53) – Thoughts on Microsoft's Response (18:55) – A Definition of an OAuth App and a Service Principal (27:36) – What do Admins need to do about this? (33:20) – Does the speed of change and the scale of Cloud Services negatively impact security? Episode Resources: Andy and Paul Discuss Malicious OAuth Apps YouTube Video from Andy Robbins BingBang
The Monthly Threat Report by Hornetsecurity is a valuable resource that provides monthly insights into M365 security trends, email-based threats, and commentary on current events in the cybersecurity space. For this episode, Andy is joined by Hornetsecurity's CTO – Yvonne Bernard, for an in-depth analysis of major security breaches and ransomware attacks that occurred between January and February 2024. From the Midnight Blizzard attack on Microsoft to a ransomware attack that cost Johnson Controls 27 million USD, our hosts explore what went wrong and provide expert recommendations from the Security Lab at Hornetsecurity on how to protect your business from similar threats. Timestamps: (3:20) – Email Threat Trends from January (6:51) – What were the Most Targeted Industries for January? (9:52) – What were the most impersonated brands in January? (12:30) – A Discussion on the Midnight Blizzard attack on Microsoft (22:38) – The Recent Breach of AnyDesk (27:15) – $27 Million Cost of Ransomware attack on Johnson Controls (32:34) – A C-Suite Look at Microsoft 365 Co-Pilot and the Danger of Misconfigured Permissions Episode Resources: Episode on Malicious OAuth Applications Microsoft post on Midnight Blizzard Attack Detailed Tactics Post from Microsoft on Midnight Blizzard Attack Any Desk Public Announcement Effortlessly manage Microsoft 365 permissions, enforce compliance policies, and monitor violations with 365 Permission Manager Monthly Threat Report - February 2024
Microsoft is one of the world's largest and most security-focused companies. Yet in late 2022, a sophisticated threat actor known as Midnight Blizzard breached their systems in Azure through a forgotten test account. Join James Maude and Marc Maiffret together as they dive into the technical details of the Blizzard attack, how machine identities and misconfigured OAuth apps provided the foothold, and the lessons learned about protecting corporate cloud environment. James & Marc also discuss actionable ways to reduce risk, the limitations of relying only on detection, and why unified visibility over all identities is key for a proactive defense.
In this week's show Patrick Gray and Adam Boileau discuss the week's security news. They talk about: LockBit has been taken down by law enforcement Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON GRU gets its Moobot network shutdown Signal adding usernames is… complicated Much, much more In this week's sponsor interview Devicie's Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There's an expectation out there that Windows policies are set and forget, but sadly, this is not so. Show notes Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates – Krebs on Security Law enforcement disrupt world's biggest ransomware operation Shanghai Anxun's information is unreliable and is a trap for national government agencies. China spy agency renews foreign cyber intelligence warning after data breaches US Justice Department says it disrupted Russian intelligence hacking network | Reuters Several Ukrainian media outlets attacked by Russian hackers Polish PM says previous ruling party used Pegasus spyware against ‘very long' list of victims Hackers are targeting Asian bank accounts using stolen facial recognition data Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private | WIRED Code injection or backdoor: A new look at Ivanti's CVE-2021-44529 “the "AB" trigger has similar vibes to the Unreal IRCd and ProFTPD backdoors of the same timeframe.” FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING CVSS 10 RCE in Screen Connect National Security Agency Announces Retirement of Cybersecurity Director Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard
In this week's show Patrick Gray and Adam Boileau discuss the week's security news. They talk about: LockBit has been taken down by law enforcement Some mega-juicy leaks out of Chinese offsec/APT contractor I-SOON GRU gets its Moobot network shutdown Signal adding usernames is… complicated Much, much more In this week's sponsor interview Devicie's Tom Plant joins the show to talk about problems orgs run into when it comes to Windows policies. There's an expectation out there that Windows policies are set and forget, but sadly, this is not so. Show notes Feds Seize LockBit Ransomware Websites, Offer Decryption Tools, Troll Affiliates – Krebs on Security Law enforcement disrupt world's biggest ransomware operation Shanghai Anxun's information is unreliable and is a trap for national government agencies. China spy agency renews foreign cyber intelligence warning after data breaches US Justice Department says it disrupted Russian intelligence hacking network | Reuters Several Ukrainian media outlets attacked by Russian hackers Polish PM says previous ruling party used Pegasus spyware against ‘very long' list of victims Hackers are targeting Asian bank accounts using stolen facial recognition data Signal Finally Rolls Out Usernames, So You Can Keep Your Phone Number Private | WIRED Code injection or backdoor: A new look at Ivanti's CVE-2021-44529 “the "AB" trigger has similar vibes to the Unreal IRCd and ProFTPD backdoors of the same timeframe.” FLATLINED: ANALYZING PULSE SECURE FIRMWARE AND BYPASSING INTEGRITY CHECKING CVSS 10 RCE in Screen Connect National Security Agency Announces Retirement of Cybersecurity Director Hunting M365 Invaders: Navigating the Shadows of Midnight Blizzard
Andy Thompson, CyberArk Labs Offensive Security Research Evangelist returns to Trust Issues for a deep dive into the recent APT29 breach of Microsoft. In conversation with host David Puner, Thompson explores the intricate details of the January 2024 attack, dissecting the tactics employed by the APT29 threat actor, also known as Cozy Bear, Cozy Car, The Dukes – or, as Microsoft refers to the group: Midnight Blizzard. From the initial password spray technique to the exploitation of OAuth applications, listeners are taken on a journey through the breach's timeline – and learn how, ultimately, it all boils down to identity. The discussion touches upon the nuances of threat actor nomenclature, the significance of various bear-themed aliases and the professional nature of state-sponsored cyber espionage groups. Throughout the episode, practical insights and cybersecurity best practices are shared, offering organizations valuable strategies to bolster their defenses against evolving cyber threats. For a comprehensive analysis of the APT29 Microsoft data breach and detailed recommendations for improving cybersecurity posture, check out the accompanying blog post written by Andy Thompson.
In this episode, Michael talks with Rigel Carlson from the Chaos Studio development team about Chaos Studio through a security lens. Michael also discusses news about Midnight Blizzard and has some advice about using Azure's DefaultAzureCredential()The Microsoft Azure Security Podcast (azsecuritypodcast.net)
Sponsor by SEC Playground --- Support this podcast: https://podcasters.spotify.com/pod/show/chillchillsecurity/support
It was a week of serious cybersecurity incidents paired with unimpressive responses. As Melanie Teplinsky reminds us, the U.S. government has been agitated for months about China's apparent strategic decision to hold U.S. infrastructure hostage to cyberattack in a crisis. Now the government has struck back at Volt Typhoon, the Chinese threat actor pursuing that strategy. It claimed recently to have disrupted a Volt Typhoon botnet by taking over a batch of compromised routers. Andrew Adams explains how the takeover was managed through the court system. It was a lot of work, and there is reason to doubt the effectiveness of the effort. The compromised routers can be re-compromised if they are turned off and on again. And the only ones that were fixed by the U.S. seizure are within U.S. jurisdiction, leaving open the possibility of DDOS attacks from abroad. And, really, how vulnerable is our critical infrastructure to DDOS attack? I argue that there's a serious disconnect between the government's hair-on-fire talk about Volt Typhoon and its business-as-usual response. Speaking of cyberstuff we could be overestimating, Taiwan just had an election that China cared a lot about. According to one detailed report, China threw a lot of cyber at Taiwanese voters without making much of an impression. Richard Stiennon and I mix it up over whether China would do better in trying to influence the 2024 outcome here. While we're covering humdrum responses to cyberattacks, Melanie explains U.S. sanctions on Iranian military hackers for their hack of U.S. water systems. For comic relief, Richard lays out the latest drama around the EU AI Act, now being amended in a series of backroom deals and informal promises. I predict that the effort to pile incoherent provisions on top of anti-American protectionism will not end in a GDPR-style triumph for Europe, whose market is now small enough for AI companies to ignore if the regulatory heat is turned up arbitrarily. The U.S. is not the only player whose response to cyberintrusions is looking inadequate this week. Richard explains Microsoft's recent disclosure of a Midnight Blizzard attack on the company and a number of its customers. The company's obscure explanation of how its technology contributed to the attack and, worse, its effort to turn the disaster into an upsell opportunity earned Microsoft a patented Alex Stamos spanking. Andrew explains the recent Justice Department charges against three people who facilitated the big $400m FTX hack that coincided with the exchange's collapse. Does that mean it wasn't an inside job? Not so fast, Andrew cautions. The government didn't recover the $400m, and it isn't claiming the three SIM-swappers it has charged are the only conspirators. Melanie explains why we've seen a sudden surge in state privacy legislation. It turns out that industry has stopped fighting the idea of state privacy laws and is now selling a light-touch model law that skips things like private rights of action. I give a lick and a promise to a “privacy” regulation now being pursued by CFPB for consumer financial information. I put privacy in quotes, because it's really an opportunity to create a whole new market for data that will assure better data management while breaking up the advantage of incumbents' big data holdings. Bruce Schneier likes the idea. So do I, in principle, except that it sounds like a massive re-engineering of a big industry by technocrats who may not be quite as smart as they think they are. Bruce, if you want to come on the podcast to explain the whole thing, send me an email! Spies are notoriously nasty, and often petty, but surely the nastiest and pettiest of American spies, Joshua Schulte, was sentenced to 40 years in prison last week. Andrew has the details. There may be some good news on the ransomware front. More victims are refusing to pay. Melanie, Richard, and I explore ways to keep that trend going. I continue to agitate for consideration of a tax on ransom payments. I also flag a few new tech regulatory measures likely to come down the pike in the next few months. I predict that the FCC will use the TCPA to declare the use of AI-generated voices in robocalls illegal. And Amazon is likely to find itself held liable for the safety of products sold by third parties on the Amazon platform. Finally, a few quick hits: Amazon has abandoned its iRobot acquisition, thanks to EU “competition” regulators, with the likely result that iRobot will cease competing David Kahn, who taught us all the romance of cryptology, has died at 93 Air Force Lt. Gen. Timothy Haugh is taking over Cyber Command and NSA from Gen. Nakasone And for those suffering from Silicon Valley Envy (lookin' at you, Brussels), 23andMe offers a small corrective. The company is now a rare “reverse unicorn” – having fallen in value from $6 Billion to practically nothing Download 490th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
It was a week of serious cybersecurity incidents paired with unimpressive responses. As Melanie Teplinsky reminds us, the U.S. government has been agitated for months about China's apparent strategic decision to hold U.S. infrastructure hostage to cyberattack in a crisis. Now the government has struck back at Volt Typhoon, the Chinese threat actor pursuing that strategy. It claimed recently to have disrupted a Volt Typhoon botnet by taking over a batch of compromised routers. Andrew Adams explains how the takeover was managed through the court system. It was a lot of work, and there is reason to doubt the effectiveness of the effort. The compromised routers can be re-compromised if they are turned off and on again. And the only ones that were fixed by the U.S. seizure are within U.S. jurisdiction, leaving open the possibility of DDOS attacks from abroad. And, really, how vulnerable is our critical infrastructure to DDOS attack? I argue that there's a serious disconnect between the government's hair-on-fire talk about Volt Typhoon and its business-as-usual response. Speaking of cyberstuff we could be overestimating, Taiwan just had an election that China cared a lot about. According to one detailed report, China threw a lot of cyber at Taiwanese voters without making much of an impression. Richard Stiennon and I mix it up over whether China would do better in trying to influence the 2024 outcome here. While we're covering humdrum responses to cyberattacks, Melanie explains U.S. sanctions on Iranian military hackers for their hack of U.S. water systems. For comic relief, Richard lays out the latest drama around the EU AI Act, now being amended in a series of backroom deals and informal promises. I predict that the effort to pile incoherent provisions on top of anti-American protectionism will not end in a GDPR-style triumph for Europe, whose market is now small enough for AI companies to ignore if the regulatory heat is turned up arbitrarily. The U.S. is not the only player whose response to cyberintrusions is looking inadequate this week. Richard explains Microsoft's recent disclosure of a Midnight Blizzard attack on the company and a number of its customers. The company's obscure explanation of how its technology contributed to the attack and, worse, its effort to turn the disaster into an upsell opportunity earned Microsoft a patented Alex Stamos spanking. Andrew explains the recent Justice Department charges against three people who facilitated the big $400m FTX hack that coincided with the exchange's collapse. Does that mean it wasn't an inside job? Not so fast, Andrew cautions. The government didn't recover the $400m, and it isn't claiming the three SIM-swappers it has charged are the only conspirators. Melanie explains why we've seen a sudden surge in state privacy legislation. It turns out that industry has stopped fighting the idea of state privacy laws and is now selling a light-touch model law that skips things like private rights of action. I give a lick and a promise to a “privacy” regulation now being pursued by CFPB for consumer financial information. I put privacy in quotes, because it's really an opportunity to create a whole new market for data that will assure better data management while breaking up the advantage of incumbents' big data holdings. Bruce Schneier likes the idea. So do I, in principle, except that it sounds like a massive re-engineering of a big industry by technocrats who may not be quite as smart as they think they are. Bruce, if you want to come on the podcast to explain the whole thing, send me an email! Spies are notoriously nasty, and often petty, but surely the nastiest and pettiest of American spies, Joshua Schulte, was sentenced to 40 years in prison last week. Andrew has the details. There may be some good news on the ransomware front. More victims are refusing to pay. Melanie, Richard, and I explore ways to keep that trend going. I continue to agitate for consideration of a tax on ransom payments. I also flag a few new tech regulatory measures likely to come down the pike in the next few months. I predict that the FCC will use the TCPA to declare the use of AI-generated voices in robocalls illegal. And Amazon is likely to find itself held liable for the safety of products sold by third parties on the Amazon platform. Finally, a few quick hits: Amazon has abandoned its iRobot acquisition, thanks to EU “competition” regulators, with the likely result that iRobot will cease competing David Kahn, who taught us all the romance of cryptology, has died at 93 Air Force Lt. Gen. Timothy Haugh is taking over Cyber Command and NSA from Gen. Nakasone And for those suffering from Silicon Valley Envy (lookin' at you, Brussels), 23andMe offers a small corrective. The company is now a rare “reverse unicorn” – having fallen in value from $6 Billion to practically nothing Download 490th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Microsoft updated the public on their findings - apparently, the threat actors were able to gain persistent access to the privileged email accounts by abusing the OAuth authorization protocol.Cybersecurity researchers have discovered a loophole impacting Google Kubernetes Engine that could be potentially exploited by threat actors to take control of a Kubernetes cluster.A new campaign is using phishing emails to distribute malware and legitimate services to bypass email protection systems to install NetSupport RAT.On January 20th the Cactus ransomware group attacked a number of victims across varying industries.
Mother of All Breaches. The Midnight Blizzard attack. Nation state cyber conflicts. January 2024 has seen a blitz in cyber attacks. In this week's episode, hosts Stan Wisseman and Rob Aragao delve into the alarming start to the new year.1. Mother of All Breaches (MOAB):· Unprecedented Scale: Over 26 billion records compromised, impacting major platforms like Twitter, LinkedIn, Adobe, and Dropbox, along with government agencies worldwide.· Data Complexity: The breach includes not only credentials but also sensitive data, creating substantial value for malicious actors.· Organization: The breach was meticulously organized, posing a significant threat to data security and privacy.2. Midnight Blizzard Attack:· Notorious Group: Midnight Blizzard, also known as Cozy Bear and APT29, resurfaces · Targeted Organizations: Microsoft and HPE were among the targets, with a focus on compromising Office 365 exchange environments.· Attack Strategy: Utilizing password spraying and brute force, the attackers gained access to a legacy test nonproduction account, subsequently creating malicious OAuth applications.· Specific Targeting: The attackers selectively targeted executives, cybersecurity teams, and legal teams, aiming to gather intelligence on Microsoft's activities.3. State-Sponsored Cyber Warfare (Russia vs. Ukraine):· Escalating Tensions: Ongoing cyber warfare activities between Russia and Ukraine intensify, with a warning of disruptive and destructive attacks.· Advanced Tactics: Russian cyber forces, particularly Midnight Blizzard, demonstrate advanced capabilities, impacting Ukrainian e-services, utility companies, and online banking.· AI Integration: Ukraine effectively employs AI in its defense, utilizing facial recognition and cyber capabilities to counter cyber threats.The hosts emphasize the importance of proactive measures, including password changes, multi-factor authentication adoption, and vigilant identity governance. The discussion underscores the evolving landscape of cyber warfare, encompassing both kinetic and cyber threats. Follow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com
Newly disclosed breaches of Microsoft and Hewlett-Packard Enterprise highlight the persistent threat posed by Midnight Blizzard, a notorious Russian cyber-espionage group. Thanks for listening to WIRED. Talk to you next time for more stories from WIRED.com and read this story here. Learn more about your ad choices. Visit megaphone.fm/adchoices
Summary In this episode, the hosts discuss the midnight blizzard attack on Microsoft and the lessons that can be learned from it. They cover topics such as learning from security incidents at other organizations, the details of the attack, OAuth attacks, and OAuth security recommendations. The hosts emphasize the importance of auditing privileges, reviewing OAuth applications, and implementing strong security measures to prevent similar attacks. They also highlight the need for organizations to move faster and be more proactive in their cybersecurity efforts. Takeaways Learn from security incidents at other organizations to make your own organization safer. Audit the privileges of all identities in your organization and review OAuth applications. Implement strong security measures, such as disabling user consent to apps and using conditional access. Move faster and be more proactive in your cybersecurity efforts. ------------------------------------------- Youtube Video Link: ------------------------------------------- Documentation: https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ https://www.microsoft.com/en-us/security/blog/2024/01/25/midnight-blizzard-guidance-for-responders-on-nation-state-attack/ ---------------------- Contact Us: Website: https://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Threads: https://www.threads.net/@bluesecuritypodcast Linkedin: https://www.linkedin.com/company/bluesecpod Youtube: https://www.youtube.com/c/BlueSecurityPodcast Twitch: https://www.twitch.tv/bluesecuritypod ------------------------------------------- Andy Jaw Mastodon: https://infosec.exchange/@ajawzero Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com --- Send in a voice message: https://podcasters.spotify.com/pod/show/blue-security-podcast/message
Welcome and thank you for tuning in to YusufOnSecurity, the cyber-security podcast for everyday defender from analyst to the C-Suites, in plain english.Accessing and managing various applications and services remotely is a daily occurrence for a typical administrator. It is often the fastest way to accomplish a quick task while you are on the move or say something urgent is needed while you are still on your way to your desk. While that is nothing new, we see an uptick on the number of successful attack taking advantage on these exposed administrative interfaces. What is causing the recent increase in Web UI initial access? Well, that is the topic our episode this week.I am your host Ibrahim YusufJust before we hit the main topic, lets review a couple top of mind recent news:Not long ago, Microsoft's exchange online was breached. They now revealed how this happened.UK and US Water Utilities Hit with Cyberattacks- https://www.microsoft.com: Midnight Blizzard guidance for responders on nation state-attack- https://www.securityweek.com: Major UK and US water companies hit by ransomwarehttps://www.cisa.gov: Water and wastewater sector incident response guide Be sure to subscribe! If you like the content. Follow me @iayusuf or read my blog at https://yusufonsecurity.comYou will find a list of all previous episodes in there too.
January 25, 2024 Hour 2: Jeff DeWit resigned as the chair of the Arizona Republican Party Wednesday, 24 hours after leaked audio of him offering Kari Lake a plum job or money to step out of politics. HPE said it suspects a group sometimes referred to as “Midnight Blizzard” was responsible for last month's attack. KMJ's Afternoon Drive with Philip Teresi & E. Curtis Johnson Weekdays 2-6PM Pacific on News/Talk 580 & 105.9 KMJ Follow us on Facebook, Instagram, and X Listen to past episodes at kmjnow.com Subscribe to the show on Apple, Spotify, or Amazon Music Contact See omnystudio.com/listener for privacy information.
January 25, 2024 Hour 2: Jeff DeWit resigned as the chair of the Arizona Republican Party Wednesday, 24 hours after leaked audio of him offering Kari Lake a plum job or money to step out of politics. HPE said it suspects a group sometimes referred to as “Midnight Blizzard” was responsible for last month's attack. KMJ's Afternoon Drive with Philip Teresi & E. Curtis Johnson Weekdays 2-6PM Pacific on News/Talk 580 & 105.9 KMJ Follow us on Facebook, Instagram, and X Listen to past episodes at kmjnow.com Subscribe to the show on Apple, Spotify, or Amazon Music Contact See omnystudio.com/listener for privacy information.
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.SecureList researchers from Kaspersky have come up with a lightweight method to detect iOS malware.Nearly 71 million unique credentials that were leaked from websites such as Facebook, Roblox, eBay, Yahoo, and Coinbase have been circulating on the Internet.Russian threat group COLDRIVER has expanded its targeting of Western officials to include the use of malware.The Microsoft security team is reporting that it detected a nation-state attack on its corporate systems on January 12, 2024.
In this episode of Windows Weekly, Leo, Paul, and Richard cover Microsoft's recent hack, new Windows Insider updates, Copilot Pro's image creativity, various browsers, education's compatibility with generative AI, Halo Infinite's slowdown, Notion's calendar service, and Japanese whisky. Microsoft was hacked A Russia-backed hacker group infiltrated a legacy system and gained access to executive emails This is triggering an escalation in Microsoft's security makeover either way Windows 11 Beta channel: USB 80 Gbps/USB4 v2 support, bug fixes Dev channel: Teams (commercial) meeting integration in Start, new mobile device management interface New Surface event rumored for March. Possibly two waves of Pro and Laptop releases Microsoft Bing and Edge are obviously not dominant platforms, and will not be subject to EU DMA Microsoft Mesh is here for all your legless meeting needs AI Microsoft hits $3 trillion market cap on the strength of its AI moves Paul used Copilot Pro and you're never going to believe what happened next Microsoft is bringing more AI to education. And so is Google Would you pay for an AI-infused Alexa? Web browsers, oh my Chrome is updated with new AI features Firefox version 122 is out Brave will simplify fingerprint protection. What is fingerprint protection? Opera will pay a brand ambassador $10,000 to spend a month on a deserted Icelandic island Xbox Microsoft reveals several new games for 2024, key among them an Indiana Jones title 343 slows down Halo Infinite updates dramatically. Is this just about Halo or a hint at a looming new trend? Tips and Picks Tip of the week: Is it even possible to prevent online tracking? App pick of the week: Arc browser RunAs Radio this week: AI for IT with Gil Pekelman Brown liquor pick of the week: Hibiki Harmony Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: Melissa.com/twit kolide.com/ww
In this episode of Windows Weekly, Leo, Paul, and Richard cover Microsoft's recent hack, new Windows Insider updates, Copilot Pro's image creativity, various browsers, education's compatibility with generative AI, Halo Infinite's slowdown, Notion's calendar service, and Japanese whisky. Microsoft was hacked A Russia-backed hacker group infiltrated a legacy system and gained access to executive emails This is triggering an escalation in Microsoft's security makeover either way Windows 11 Beta channel: USB 80 Gbps/USB4 v2 support, bug fixes Dev channel: Teams (commercial) meeting integration in Start, new mobile device management interface New Surface event rumored for March. Possibly two waves of Pro and Laptop releases Microsoft Bing and Edge are obviously not dominant platforms, and will not be subject to EU DMA Microsoft Mesh is here for all your legless meeting needs AI Microsoft hits $3 trillion market cap on the strength of its AI moves Paul used Copilot Pro and you're never going to believe what happened next Microsoft is bringing more AI to education. And so is Google Would you pay for an AI-infused Alexa? Web browsers, oh my Chrome is updated with new AI features Firefox version 122 is out Brave will simplify fingerprint protection. What is fingerprint protection? Opera will pay a brand ambassador $10,000 to spend a month on a deserted Icelandic island Xbox Microsoft reveals several new games for 2024, key among them an Indiana Jones title 343 slows down Halo Infinite updates dramatically. Is this just about Halo or a hint at a looming new trend? Tips and Picks Tip of the week: Is it even possible to prevent online tracking? App pick of the week: Arc browser RunAs Radio this week: AI for IT with Gil Pekelman Brown liquor pick of the week: Hibiki Harmony Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: Melissa.com/twit kolide.com/ww
In this episode of Windows Weekly, Leo, Paul, and Richard cover Microsoft's recent hack, new Windows Insider updates, Copilot Pro's image creativity, various browsers, education's compatibility with generative AI, Halo Infinite's slowdown, Notion's calendar service, and Japanese whisky. Microsoft was hacked A Russia-backed hacker group infiltrated a legacy system and gained access to executive emails This is triggering an escalation in Microsoft's security makeover either way Windows 11 Beta channel: USB 80 Gbps/USB4 v2 support, bug fixes Dev channel: Teams (commercial) meeting integration in Start, new mobile device management interface New Surface event rumored for March. Possibly two waves of Pro and Laptop releases Microsoft Bing and Edge are obviously not dominant platforms, and will not be subject to EU DMA Microsoft Mesh is here for all your legless meeting needs AI Microsoft hits $3 trillion market cap on the strength of its AI moves Paul used Copilot Pro and you're never going to believe what happened next Microsoft is bringing more AI to education. And so is Google Would you pay for an AI-infused Alexa? Web browsers, oh my Chrome is updated with new AI features Firefox version 122 is out Brave will simplify fingerprint protection. What is fingerprint protection? Opera will pay a brand ambassador $10,000 to spend a month on a deserted Icelandic island Xbox Microsoft reveals several new games for 2024, key among them an Indiana Jones title 343 slows down Halo Infinite updates dramatically. Is this just about Halo or a hint at a looming new trend? Tips and Picks Tip of the week: Is it even possible to prevent online tracking? App pick of the week: Arc browser RunAs Radio this week: AI for IT with Gil Pekelman Brown liquor pick of the week: Hibiki Harmony Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: Melissa.com/twit kolide.com/ww
In this episode of Windows Weekly, Leo, Paul, and Richard cover Microsoft's recent hack, new Windows Insider updates, Copilot Pro's image creativity, various browsers, education's compatibility with generative AI, Halo Infinite's slowdown, Notion's calendar service, and Japanese whisky. Microsoft was hacked A Russia-backed hacker group infiltrated a legacy system and gained access to executive emails This is triggering an escalation in Microsoft's security makeover either way Windows 11 Beta channel: USB 80 Gbps/USB4 v2 support, bug fixes Dev channel: Teams (commercial) meeting integration in Start, new mobile device management interface New Surface event rumored for March. Possibly two waves of Pro and Laptop releases Microsoft Bing and Edge are obviously not dominant platforms, and will not be subject to EU DMA Microsoft Mesh is here for all your legless meeting needs AI Microsoft hits $3 trillion market cap on the strength of its AI moves Paul used Copilot Pro and you're never going to believe what happened next Microsoft is bringing more AI to education. And so is Google Would you pay for an AI-infused Alexa? Web browsers, oh my Chrome is updated with new AI features Firefox version 122 is out Brave will simplify fingerprint protection. What is fingerprint protection? Opera will pay a brand ambassador $10,000 to spend a month on a deserted Icelandic island Xbox Microsoft reveals several new games for 2024, key among them an Indiana Jones title 343 slows down Halo Infinite updates dramatically. Is this just about Halo or a hint at a looming new trend? Tips and Picks Tip of the week: Is it even possible to prevent online tracking? App pick of the week: Arc browser RunAs Radio this week: AI for IT with Gil Pekelman Brown liquor pick of the week: Hibiki Harmony Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: Melissa.com/twit kolide.com/ww
Brace yourself for a digital odyssey that's as enlightening as it is entertaining, where cybersecurity meets sub-zero strain on electric vehicles. First, Microsoft is hit with a cyber security attack, and then we dissect the chilling effects of cold weather on EV batteries – a cautionary tale for tech-savvy motorists. But that's not all – we reveal the startling shift of Vroom from car sales to the cutting-edge world of AI and auto financing, a move revving up the industry in unexpected ways. Grab your favorite whiskey glass – you're going to need it when we crack open the underbelly of online scams on LETTERS with Cohosts Mike Gorday and Marc Gregoire. We'll arm you with knowledge and a dash of humor to navigate the murky waters of the internet, sharing personal stories of near-misses with cryptocurrency cons and the importance of a healthy dose of skepticism.As we raise our glasses to National King Day, we'll share the warmth of our Castle & Key Restoration Rye Single Barrel whiskey experience, inviting you to savor the "Hmmm Moment" in technology.Episode 189: Starts at :30In this week's episode, we'll cover a range of topics that will pique your interest. First up, last week, senior Microsoft leaders' emails were accessed by state-backed Russian hackers. Next, we'll be discussing the extreme weather battery alert that has been issued due to the inability of electric vehicle batteries to handle cold temperatures. Then, a primary online car seller hit the brakes on its online used car business to go full throttle on auto financing and AI. We'll be looking at this decision and what it means for the company's future.Later in the show, we'll take a trip down memory lane as we look back at the iconic DeLorean DMC-123. Finally, we have a profanity-laced technology failure that we'll be discussing. We'll be looking at what went wrong and what lessons can be learned from this incident.Stay tuned for all this and more, only on TechTime Radio with Nathan Mumm, the show that makes you go "Humm" Technology news of the week for January 21st - 27th, 2024--- [Now on Today's Show]: Starts at 2:17--- [Top Stories in Technology]: Starts at 4:08Microsoft to overhaul internal security practices after Midnight Blizzard attack - http://tinyurl.com/32k46jbmTesla Batteries Died in the Bitter Cold Weather. It's Another Black Eye for EVs - http://tinyurl.com/45xppw2yVroom hits the brakes on its online used car business to go full throttle on auto financing and AI - http://tinyurl.com/ye4a9df6 --- [Pick of the Day - Whiskey Tasting Reveal]: Starts at 20:32Castle & Key Restoration Rye Single Barrel | 121.9 Proof | $65.00--- [Letters]: Starts at 24:00Mike and Nathan share this week's informative emails that were received during the week. This includes scams, phishing emails, and all-out mistruths disguised as legitimate emails.--- [This Week in Technology]: Starts at 42:08This Week in Technology: January 21, 1981 - Production of DeLorean DMC-12 begins --- [Marc's Whiskey Mumble]: Starts at 44:17Marc Gregoire's review of this week's whiskey--- [Technology Fail of the Week]: Starts at 47:08This week's “Technology Fail” comes to us from the parcel delivery firm DPD chatbot was rude and was swearing at customers.--- [Mike's Mesmerizing Moment brought to us by StoriCoffee®]: Starts at 50:19 Question: Why do we want things to stay inexpensive?--- [Nathan Nugget]: Starts atRan out of Time--- [Pick of the Day Whiskey Review]: Starts at 52:32Castle & Key Restoration Rye Single Barrel | 121.9 Proof | $65.00Mike: Thumbs UpNathan: Thumbs Up
In this episode of Windows Weekly, Leo, Paul, and Richard cover Microsoft's recent hack, new Windows Insider updates, Copilot Pro's image creativity, various browsers, education's compatibility with generative AI, Halo Infinite's slowdown, Notion's calendar service, and Japanese whisky. Microsoft was hacked A Russia-backed hacker group infiltrated a legacy system and gained access to executive emails This is triggering an escalation in Microsoft's security makeover either way Windows 11 Beta channel: USB 80 Gbps/USB4 v2 support, bug fixes Dev channel: Teams (commercial) meeting integration in Start, new mobile device management interface New Surface event rumored for March. Possibly two waves of Pro and Laptop releases Microsoft Bing and Edge are obviously not dominant platforms, and will not be subject to EU DMA Microsoft Mesh is here for all your legless meeting needs AI Microsoft hits $3 trillion market cap on the strength of its AI moves Paul used Copilot Pro and you're never going to believe what happened next Microsoft is bringing more AI to education. And so is Google Would you pay for an AI-infused Alexa? Web browsers, oh my Chrome is updated with new AI features Firefox version 122 is out Brave will simplify fingerprint protection. What is fingerprint protection? Opera will pay a brand ambassador $10,000 to spend a month on a deserted Icelandic island Xbox Microsoft reveals several new games for 2024, key among them an Indiana Jones title 343 slows down Halo Infinite updates dramatically. Is this just about Halo or a hint at a looming new trend? Tips and Picks Tip of the week: Is it even possible to prevent online tracking? App pick of the week: Arc browser RunAs Radio this week: AI for IT with Gil Pekelman Brown liquor pick of the week: Hibiki Harmony Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: Melissa.com/twit kolide.com/ww
In this episode of Windows Weekly, Leo, Paul, and Richard cover Microsoft's recent hack, new Windows Insider updates, Copilot Pro's image creativity, various browsers, education's compatibility with generative AI, Halo Infinite's slowdown, Notion's calendar service, and Japanese whisky. Microsoft was hacked A Russia-backed hacker group infiltrated a legacy system and gained access to executive emails This is triggering an escalation in Microsoft's security makeover either way Windows 11 Beta channel: USB 80 Gbps/USB4 v2 support, bug fixes Dev channel: Teams (commercial) meeting integration in Start, new mobile device management interface New Surface event rumored for March. Possibly two waves of Pro and Laptop releases Microsoft Bing and Edge are obviously not dominant platforms, and will not be subject to EU DMA Microsoft Mesh is here for all your legless meeting needs AI Microsoft hits $3 trillion market cap on the strength of its AI moves Paul used Copilot Pro and you're never going to believe what happened next Microsoft is bringing more AI to education. And so is Google Would you pay for an AI-infused Alexa? Web browsers, oh my Chrome is updated with new AI features Firefox version 122 is out Brave will simplify fingerprint protection. What is fingerprint protection? Opera will pay a brand ambassador $10,000 to spend a month on a deserted Icelandic island Xbox Microsoft reveals several new games for 2024, key among them an Indiana Jones title 343 slows down Halo Infinite updates dramatically. Is this just about Halo or a hint at a looming new trend? Tips and Picks Tip of the week: Is it even possible to prevent online tracking? App pick of the week: Arc browser RunAs Radio this week: AI for IT with Gil Pekelman Brown liquor pick of the week: Hibiki Harmony Hosts: Leo Laporte, Paul Thurrott, and Richard Campbell Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: Melissa.com/twit kolide.com/ww
Este viernes Microsoft reveló que un grupo de hackers conocido como APT29 se infiltró y obtuvo acceso a cuentas corporativas, incluyendo la de jefes de los departamentos de ciberseguridad y legal. Lo interesante del caso es que los hackers no buscaban obtener información para chantajear o venderla al mejor postor, sino que querían saber qué sabía Microsoft sobre el grupo también conocido como Midnight Blizzard. Se cree que este grupo de hackers ha sido responsable de otros ataques de alto nivel como los cometidos contra SolarWinds en 2019 o contra el Comité Nacional Demócrata en 2015.Para esta y más noticias, escucha el podcast de Noticias de Tecnología ExpressDisponible en Spotifyhttps://open.spotify.com/show/2BHTUlynDLqEE2UhdIYfMaen Apple Podcastshttps://podcasts.apple.com/us/podcast/noticias-de-tecnolog%C3%ADa-express/id1553334024
Russian state hackers breach Microsoft. LockBit claims Subway restaurants hack. A Swedish datacenter is hit with ransomware. VMware patches a vulnerability targeted by Chinese espionage groups. Sentinel Labs warns of North Korean APTs focus on cybersecurity pros. FTC order another data broker to restrict location data. US Feds release security guidance for water and wastewater sectors. Senators question the DOJ on facial recognition technology. Ukraine's Monobank gets DDoSed. N2K's CSO Rick Howard joins us to share some insight into what he and the Hash Table are cooking up for the upcoming season of his CSO Perspectives podcast. The passing of a Time Lord. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K's CSO Rick Howard joins us to share some insight into what he and the Hash Table are cooking up for the upcoming season of his CSO Perspectives podcast launching next month. Selected Reading Microsoft: Russian Hackers Had Access to Executives' Emails (GovInfo Security) LockBit ransomware gang claims the attack on the sandwich chain Subway (Security Affairs) Ransomware hits cloud service Tietoevry; numerous Swedish customers affected (The Record) Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021 (Mandiant) North Korea's ScarCruft APT group targets infosec pros (CSO Online) FTC Order Will Ban InMarket from Selling Precise Consumer Location Data (Federal Trade Commission) US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities (SecurityWeek) Ukraine's Monobank hit with massive DDoS attack (Silicon Republic) Senators ask DOJ to investigate whether facial recognition tech violates Civil Rights Act (The Record) RIP, Internet's Time Lord (On My Om) Network Time Protocol (NTP) attack (noun) (Word Notes podcast) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Si la Russie poursuit sa guerre en Ukraine, elle est également très active sur internet. Les experts en sécurité de Microsoft ont repéré une campagne menée avec succès par un groupe de hackers russes connu sous le nom de Midnight Blizzard. Mais contrairement aux attaques de logiciels malveillants invisibles habituelles, ces derniers ont utilisé l'ingénierie sociale qui consiste à manipuler la victime de l'attaque pour qu'elle donne elle-même accès à sa machine, sans se douter que des hackers sont à l'origine de la demande.En mai dernier, ce groupe de pirates a exploité des comptes Microsoft 365 déjà compromis pour créer des noms de domaine ressemblant à ceux de supports techniques légitimes. Ils ont ensuite utilisé ces noms de domaine pour envoyer des messages via Microsoft Teams aux employés des organisations ciblées par l'attaque. Je cite Microsoft, « Si l'utilisateur accepte la demande de conversation, il reçoit un message sur Microsoft Teams l'incitant à entrer un code dans l'application Microsoft Authenticator de son téléphone mobile. En cas d'acceptation, le pirate prend le contrôle total du compte de l'employé et accède à ses données » fin de citation.Au total, une quarantaine d'organisations ont été piratées à divers degrés. Parmi elles figurent des agences gouvernementales, des services informatiques d'entreprises et des médias. Bien que Microsoft ne les nomme pas, l'entreprise estime que les preuves recueillies pointent vers je cite « des objectifs d'espionnage spécifiques ». Microsoft a bloqué les noms de domaine utilisés par les hackers et a informé toutes les entités et personnes concernées. À noter que le groupe Midnight Blizzard est bien connu depuis 2018, pour divers piratage comme celui de l'entreprise SolarWinds en 2020, qui lui a permis de compromettre les données personnelles de 20 000 clients de l'entreprise, dont le Département de la Défense des États-Unis, entre autres. Midnight Blizzard cible principalement les organisations américaines et européennes, et semble clairement avoir des ambitions politiques à travers ses attaques. Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.
Si la Russie poursuit sa guerre en Ukraine, elle est également très active sur internet. Les experts en sécurité de Microsoft ont repéré une campagne menée avec succès par un groupe de hackers russes connu sous le nom de Midnight Blizzard. Mais contrairement aux attaques de logiciels malveillants invisibles habituelles, ces derniers ont utilisé l'ingénierie sociale qui consiste à manipuler la victime de l'attaque pour qu'elle donne elle-même accès à sa machine, sans se douter que des hackers sont à l'origine de la demande. En mai dernier, ce groupe de pirates a exploité des comptes Microsoft 365 déjà compromis pour créer des noms de domaine ressemblant à ceux de supports techniques légitimes. Ils ont ensuite utilisé ces noms de domaine pour envoyer des messages via Microsoft Teams aux employés des organisations ciblées par l'attaque. Je cite Microsoft, « Si l'utilisateur accepte la demande de conversation, il reçoit un message sur Microsoft Teams l'incitant à entrer un code dans l'application Microsoft Authenticator de son téléphone mobile. En cas d'acceptation, le pirate prend le contrôle total du compte de l'employé et accède à ses données » fin de citation. Au total, une quarantaine d'organisations ont été piratées à divers degrés. Parmi elles figurent des agences gouvernementales, des services informatiques d'entreprises et des médias. Bien que Microsoft ne les nomme pas, l'entreprise estime que les preuves recueillies pointent vers je cite « des objectifs d'espionnage spécifiques ». Microsoft a bloqué les noms de domaine utilisés par les hackers et a informé toutes les entités et personnes concernées. À noter que le groupe Midnight Blizzard est bien connu depuis 2018, pour divers piratage comme celui de l'entreprise SolarWinds en 2020, qui lui a permis de compromettre les données personnelles de 20 000 clients de l'entreprise, dont le Département de la Défense des États-Unis, entre autres. Midnight Blizzard cible principalement les organisations américaines et européennes, et semble clairement avoir des ambitions politiques à travers ses attaques. Learn more about your ad choices. Visit megaphone.fm/adchoices
Dave Baggett from INKY joins Dave to dive into the latest phishing trends and discuss a broader view of how AI is being used by both the good guys and the bad guys. Joe's story this week dives into the APT with an entirely too cool name, Midnight Blizzard, that has been conducting targeted social engineering towards the popular Microsoft Teams. Dave's story this week follows a Facebook Market user who dodged one scam, just to fall right back into another one. Our catch of the day comes from listener Mauricio who writes in an shares a funny voicemail regarding a "potential W-2 refund." Links to stories: Midnight Blizzard conducts targeted social engineering over Microsoft Teams Seller dodges Facebook Marketplace scam only to fall into another trap Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
Midnight Blizzard, Citrix, Bloodhound, Five Eyes, Canon, Cult of the Dead Cow, AI Shopping, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-315
Midnight Blizzard, Citrix, Bloodhound, Five Eyes, Canon, Cult of the Dead Cow, AI Shopping, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-315
Midnight Blizzard, Citrix, Bloodhound, Five Eyes, Canon, Cult of the Dead Cow, AI Shopping, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/swn-315
Midnight Blizzard, Citrix, Bloodhound, Five Eyes, Canon, Cult of the Dead Cow, AI Shopping, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-315
A security company CEO has some harsh words for Microsoft and the security it relies on for its Azure cloud platform. Microsoft itself warns that Russian hackers are using Microsoft Teams to target a small number of organizations in an effort to get login credentials. And the FBI finds that the FBI was partly responsible for illegal activity.See omnystudio.com/listener for privacy information.
Open Bullet malware is seen in the wild. Threat actors exploit a Salesforce vulnerability for phishing. BlueCharlie (that's Russia's FSB) shakes up its infrastructure. Midnight Blizzard (and that's Russia's SVR) uses targeted social engineering. How NoName057(16) moved on to Spanish targets. Robert M. Lee from Dragos shares his reaction to the White House's national cybersecurity strategy. Our guest Raj Ananthanpillai of Trua warns against oversharing with ChatGPT. And NSA releases guidance on hardening Cisco next-generation firewalls. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/147 Selected reading. No Honour Amongst Thieves: A New OpenBullet Malware Campaign (Kasada) “PhishForce” — Vulnerability Uncovered in Salesforce's Email Services Exploited for Phishing… (Medium) Hackers exploited Salesforce zero-day in Facebook phishing attack (BleepingComputer) Hackers exploit Salesforce email zero-day for Facebook phishing campaign (Computing) Russia-based hackers building new attack infrastructure to stay ahead of public reporting (Record) Midnight Blizzard conducts targeted social engineering over Microsoft Teams (Microsoft Security) Unraveling Russian Multi-Sector DDoS Attacks Across Spain (Radware) Pro-Russian Hackers Claim Cyberattacks on Italian Banks (MarketWatch) NSA Releases Guide to Harden Cisco Next Generation Firewalls (National Security Agency/Central Security Service) Cisco Firepower Hardening Guide (US National Security Agency)
Elon Musk windt zich wederom op en wil opnieuw in gesprek met Apple-topman Tim Cook over de commissie die Apple vangt over transacties via apps uit de App Store. Musk zegt daarmee op te komen voor accounts die actief zijn op X, tot voorkort bekend als Twitter, en door het platform betaald kunnen krijgen. Als X bepaalde 'creators' op wie je je kunt abonneren via dat platform moet uitbetalen, pakt Apple daarover ook commissie. Musk werpt zich nu op als de man die opkomt voor die creators, en wil dat Apple alleen dertig procent krijgt over X' eigen commissie over die betalingen aan creators. Bovendien wil hij goede sier maken door die commissie die X vangt pas te rekenen als een gebruiker 100.000 dollar heeft verdient. Ondertussen heeft persbureau AFP uit Frankrijk juist X voor het gerecht gesleept, omdat het niet wil praten over betalen voor het nieuws van AFP op dat platform. Dat heeft dan weer te maken met Franse auteursrecht wet, die stelt dat online platforms moeten onderhandelen met uitgevers over het tonen van hun nieuwsverhalen. Musk op zijn beurt zegt - op X - dat hij de aanklacht bizar vindt, omdat zijn platform AFP aan meer bezoekers naar de site zou helpen. Verder in deze Tech Update: Russische hackers van de groep aangeduid als Midnight Blizzard of APT29 (eerder NOBELIUM) doen zich voor als Microsoft-medewerkers om bij grote bedrijven binnen te komen. Meta heeft een nieuw AI-tool om muziek en geluiden te genereren onthuld onder de naam AudioCraft, die ook nog eens open source is en nu al voor iedereen beschikbaar. See omnystudio.com/listener for privacy information.
An update on Barracuda ESG exploitation. Camaro Dragon's current cyberespionage tools spread through infected USB drives. The Mirai botnet is spreading through new vectors. Midnight Blizzard is out and about . Ukraine is experiencing a "wave" of cyberattacks during its counteroffensive. Karen Worstell from VMware shares her experience with technical debt. Rick Howard speaks with CJ Moses, CISO of Amazon Web Services. And Anonymous Sudan turns out to be no more anonymous or Sudanese than your Uncle Louie. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/120 Selected reading. Barracuda ESG exploitation (Proofpoint) Beyond the Horizon: Traveling the World on Camaro Dragon's USB Flash Drives (Check Point Research) Chinese malware accidentally infects networked storage (Register) Akamai SIRT Security Advisory: CVE-2023-26801 Exploited to Spread Mirai Botnet Malware (Akamai). Mirai botnet targets 22 flaws in D-Link, Zyxel, Netgear devices (BleepingComputer) Neuberger: Ukraine experiencing a ‘surge' in cyberattacks as it executes counteroffensive (Record) Microsoft warns of rising NOBELIUM credential attacks on defense sector (HackRead). Anonymous Sudan: neither anonymous nor Sudanese (Cybernews)