A family of encrypting ransomware discovered in 2016
POPULARITY
Send us a textIt started with a few flickering screens in a Danish office. Within minutes, a digital plague had paralyzed global trade, leaving the world's largest shipping company powerless and its massive vessels adrift. But this attack wasn't for ransom—it was for pure destruction. In the premiere of Digital Fallout, we uncover the story of a geopolitical cyber weapon that escaped its cage and the unbelievable, accidental miracle that saved a global empire from permanent deletion. This is the story of how our physical world hangs by a fragile digital thread.Show Notes: SourcesOur story today was built on the foundation of incredible investigative journalism from reporters who covered this event extensively. For listeners who want to dive deeper into the story of the NotPetya attack, these are the primary sources we recommend:"The Untold Story of NotPetya, the Most Devastating Cyberattack in History," an article by Andy Greenberg for WIRED magazine, forms the core of the public narrative regarding Maersk's experience.The book "Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers" by Andy Greenberg provides deep context on the attackers and the geopolitical landscape.Financial and logistical impact reporting from The New York Times, The Wall Street Journal, and Reuters was published in the weeks and months following the June 2017 attack.Public statements and quarterly financial reports from A.P. Møller-Maersk detailing the incident's operational and financial costs. Support the show
Hacks used to be impressive, utilizing bits and pieces of technology that made us sit up and pay attention. Nowadays, every scam, breach, or sketchy text message gets labelled a "hack" when it's really just basic use of existing technology, or an outright scam. Let's take a closer look at how the meaning of “hack” has changed, from the complex brilliance of NotPetya in 2017, to today's flood of scams powered by stolen data and AI fakery. It's the end of the Age of the Great Hack, and the rise of the Age of Many Scams.Resources:Healthcare Data Breach StatisticsBeing Infected by NotPetya: What Maersk learnedNotPetya: A Columbia University Case StudySend us a textDigital Disruption with Geoff Nielson Discover how technology is reshaping our lives and livelihoods.Listen on: Apple Podcasts SpotifySupport the showJoin our Patreon to listen ad-free!
The 2017 NotPetya cyberattack remains one of the most devastating and costly breaches in history, inflicting over $1.4 billion in damages on pharmaceutical giant Merck. What made this attack especially alarming was its simplicity: a single overprivileged service account became the key that unlocked chaos across Merck's global network. In episode 74 of the Hybrid Identity Protection Podcast, host Sean Deuby sits down with Lance Peterman, CIDPRO, who was on the front lines during the breach. Lance shares a rare, firsthand account of how the attack unfolded, the critical identity vulnerabilities that were exploited, and the long road to recovery.
In diesem Deep Dive analysieren wir die Operationen des russischen APT Akteurs Sandworm/APT44 von ihren ersten Angriffen bis zu den jüngsten Entwicklungen. Wir untersuchen, wie Sandworm Russlands geopolitische Agenda durch gezielte Angriffe auf ukrainische Stromnetze, globale Lieferketten wie bei NotPetya und mobile Kriegsführung mit Infamous Chisel vorantreibt. Wir zeigen die Vielfalt ihrer Methoden - von Propaganda über Sabotage bis hin zur Unterstützung des Angriffskriegs Russland in der Ukraine - und beleuchten die Reaktionen von NATO, EU und Technologieunternehmen. Ein nüchterner Blick auf Cyber als Werkzeug hybrider Kriegsführung, die Bedrohungen für Länder wie die baltischen Staaten oder Moldawien und die ungewisse Zukunft digitaler Konflikte.Quellen:(1) https://en.wikipedia.org/wiki/Sandworm_(hacker_group)(2) https://adarma.com/blog/sandworm/(3) https://attack.mitre.org/groups/G0034/(4) https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/(5) https://www.ncsc.gov.uk/news/new-sandworm-malware-cyclops-blink-replaces-vpnfilter(6) https://www.aljazeera.com/news/2020/10/19/six-russian-military-officers-accused-of-widespread-hacking(7) https://industrialcyber.co/critical-infrastructure/ukrainian-cert-details-malicious-plan-by-sandworm-group-to-disrupt-critical-infrastructure-facilities/(8) https://thehackernews.com/2022/04/russian-hackers-tried-attacking.html(9) https://nsarchive.gwu.edu/media/32139/ocr(10) https://de.wikipedia.org/wiki/Sandworm(11) https://www.microsoft.com/en-us/security/blog/2022/04/27/ukraine-war-update-microsofts-hunt-for-threats-to-ukrainian-networks/(12) https://www.wired.com/story/sandworm-russian-hackers-indictment/(13) https://www.wired.com/story/sandworm-hackers-indicted-olympics-notpetya/(14) https://www.justice.gov/opa/press-release/file/1328521/download(15) https://www.state.gov/rewards-for-justice-russian-military-intelligence-officers-wanted/(16) https://www.gov.uk/government/news/uk-sanctions-russian-cyber-criminals-from-gru-sandworm(17) https://www.bellingcat.com/news/uk-and-europe/2020/10/19/inside-the-grus-cyberwarfare-unit/(18) https://www.spiegel.de/netzwelt/netzpolitik/sandworm-russische-cybertruppe-als-gefahr-fuer-europa-a-00000000-0002-0001-0000-000169773292(19) https://www.washingtonpost.com/national-security/2022/03/10/russia-ukraine-cyberattacks/(20) https://www.cisa.gov/news-events/alerts/2022/03/15/cisa-advisory-russian-state-sponsored-cyber-actors-targeting-us-cleared-defense(21) https://www.cert.gov.ua/article/37638(22) https://www.mandiant.com/resources/blog/apt44-unearthing-sandworm(23) https://services.google.com/fh/files/misc/apt44-unearthing-sandworm.pdf(24) https://industrialcyber.co/ransomware/mandiant-exposes-apt44-russias-sandworm-cyber-sabotage-unit-targeting-global-critical-infrastructure/(25) https://duo.com/decipher/a-decade-of-sandworm-digging-into-apt44-s-past-and-future(26) https://adarma.com/blog/sandworm/(27) https://www.hhs.gov/sites/default/files/seashell-blizzard-threat-actor-profile-tlpclear.pdf(28) https://greydynamics.com/the-apt44-sandworm-a-threat-assessment/(29) https://blog.eclecticiq.com/sandworm-apt-targets-ukrainian-users-with-trojanized-microsoft-kms-activation-tools-in-cyber-espionage-campaigns(30) https://www.conquer-your-risk.com/2024/04/19/apt44-russias-forefront-in-cyber-warfare-and-espionage-report/(31) https://www.lemonde.fr/en/pixels/article/2024/04/17/how-sandworm-russia-s-elite-hackers-attacked-a-small-mill-instead-of-dam-they-targetted_6668731_13.html
The purpose of Russian hacking and their concept of cyber war is conceptually and practically different from Western strategies. This talk will focus on understanding why Russia uses cyber tools to further strategic interests, how they do it (by examining the 2016 interference in the U.S. presidential election and the NotPetya cases), and who does it. About the speaker: Dr. Richard Love is currently a professor at NDU's College of Information and Cyberspace and recently served as a professor of strategic studies at U.S. Army War College's (USAWC) School of Strategic Landpower and as assistant director of the Peacekeeping and Stability Operations Institute from 2016-2021. From 2002 to 2016, Dr. Love served as a professor and senior research fellow at NDU's Institute for National Strategic Studies / WMD Center. He is an adjunct professor teaching law, international relations, and public policy at Catholic University and has taught law and policy courses at Georgetown, the Army Command and General Staff College, the Marshall Center, and the Naval Academy, among others. He holds a Ph.D. in International Relations and Security Studies from the University of New South Wales in Australia (2017), an LLM from American University School of Law (2002), and a Juris Doctor in Corporate and Security Law from George Mason University School of Law. His graduate studies in East-West relations were conducted at the Jagellonian University in Krakow, Poland, and the University of Munich, in Germany. His undergraduate degree is from the University of Virginia.
In this episode of Reimagining Cyber, we set sail into the world of maritime cybersecurity with one of the foremost experts in the field, Dr. Gary Kessler. From GPS spoofing to autonomous vessels, Gary breaks down the evolving threats facing modern ships and ports as they become increasingly digitized and connected. With over 50 years of experience in cybersecurity and a lifelong connection to the water, Gary shares how his career merged passion and profession, leading to groundbreaking research in AIS spoofing and maritime threat mitigation.We explore the real-world cyber risks impacting global logistics, including the infamous 2017 NotPetya attack on Maersk, the rise of ghost and dark fleets, and how pirates are using hacked logistics systems to target high-value cargo. Gary also explains why the term “cybersecurity” may miss the mark—and why protecting the information itself is what really matters.Plus, hear about the upcoming Maritime Hacking Village at DEFCON and how you can get involved. If you're curious about the cyber threats lurking beyond the horizon, this episode is your compass.Links:Maritime Cybersecurity: A Guide for Leaders and ManagersMaritime Hacking VillageFollow or subscribe to the show on your preferred podcast platform.Share the show with others in the cybersecurity world.Get in touch via reimaginingcyber@gmail.com As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70 Chief Information Security Officer CISO Podcasts rankings.
Podcast: Bites & Bytes PodcastEpisode: Securing Food Systems with a Defense Mindset with Brian SchleiferPub date: 2025-04-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarization
Welcome to RIMScast. Your host is Justin Smulison, Business Content Manager at RIMS, the Risk and Insurance Management Society. In this episode, Justin interviews Shadowserver Foundation Alliance Director Tod Eberle about cybersecurity. Tod tells how his background as a prosecutor led to his interest in cybersecurity, how he encountered the non-profit Shadowserver Foundation, and how he left the public sector to work with them. He explains how Shadowserver provides actionable data to alert network owners and law enforcement of network vulnerabilities that need to be mitigated. He discusses trends in malware attacks, especially in ransomware. He shares his thoughts on ransomware threats of 2025 and the years to come. He provides tips on preparing your network against ransomware. Listen to how you can harden your organization's network against malware attacks. Key Takeaways: [:01] About RIMS and RIMScast. [:14] Public registration is open for RISKWORLD 2025! RIMS wants you to Engage Today and Embrace Tomorrow in Chicago from May 4th through May 7th. Register at RIMS.org/RISKWORLD and the link in this episode's show notes. [:33] About this episode. We will discuss cybersecurity with Tod Eberle, the Alliance Director of the Shadowserver Foundation. [:55] RIMS-CRMP Workshops! On February 19th and 20th, there will be a two-day virtual workshop for the RIMS-CRMP led by former RIMS President Chris Mandel and presented by the RIMS Greater Bluegrass Chapter, the 2024 RIMS Chapter of the Year. [1:18] The next RIMS-CRMP-FED exam course will be held from February 4th through the 6th, 2025. Links to these courses can be found through the Certification page of RIMS.org and this episode's show notes. [1:34] Virtual Workshops! Chris Hansen will return on February 11th and 12th to lead the two-day course “Claims Management”. Gail Kiyomura of The Art of Risk Consulting will host the “Fundamentals of Insurance” virtual workshop on February 19th and 20th, 2025. [1:58] On February 26th and 27th, Elise Farnham of Illumine Consulting will lead “Applying and Integrating ERM”. “Managing Data for ERM” will be hosted by Pat Saporito. That course starts on March 12th, 2025. [2:20] A link to the full schedule of virtual workshops can be found on the RIMS.org/education and RIMS.org/education/online-learning pages. A link is also in this episode's show notes. [2:31] The RIMS Legislative Summit 2025 is back! It will be held on March 19th and 20th in Washington, D.C. Join RIMS for two days of Congressional meetings, networking, and advocating on behalf of the risk management community. [2:49] This event is open for RIMS members only so if you're not a member, join now! Visit RIMS.org/advocacy for registration details. [3:02] Interview! Our guest Tod Eberle is the Alliance Director of the Shadowserver Foundation, a non-profit security organization working altruistically behind the scenes to make the internet more secure for everyone. [3:15] Tod Eberle is with us to discuss the cybersecurity trends on his risk radar and the threats he wants risk professionals to be aware of as 2025 kicks into high gear. Shadowserver Alliance Director, Tod Eberle, welcome to RIMScast! [3:41] Justin saw that Shadowserver Foundation was promoted by the National Cybersecurity Alliance and he thought it would be great to have a follow-up on his appearance there. [3:54] Tod says the National Cybersecurity Alliance is a great organization. After working together with them for a year, they invited Tod to do a webinar. It was a great experience. [4:28] Tod's background is as a career prosecutor, starting as a county prosecutor in Western Pennsylvania in 1997. In 2004, Tod became a Federal Prosecutor in Pittsburgh for the U.S. Department of Justice. [5:00] In 2014, He transitioned over to the National Security and Cybercrime section in Pittsburgh. Pittsburgh was at the forefront of cyber investigations by both the U.S. Attorney's Office and the FBI. Tod wanted to be a part of that. [5:34] The Pittsburgh office has run investigations and issued indictments against Chinese Military Intelligence officers and Russian GRU officers for hacking. In 2014, Pittsburgh had the first criminal indictment of nation-state threat actors. [6:00] In that case, Chinese Military Intelligence PLA officers hacked into Pittsburgh companies Westinghouse, ALCOA, U.S. Steel, and United Steel Workers. Some forward-thinking folks at the FBI and the U.S. Attorney's Office, particularly U.S. Attorney David Hickton, focused on cyber. [6:29] That continued over the years until the present. [6:46] To begin an investigation, the FBI and U.S. Attorney's Office in Pittsburgh, need to have some aspect of an organization's criminal activity touch that district, the Western District of Pennsylvania. A national ransomware case with one victim in Pittsburgh can be investigated. [7:16] In the investigation of Russian GRU actors responsible for the destructive NotPetya malware attack, a district hospital's network was attacked and destroyed. They expanded the investigation and charging documents to include other attacks around the country. [7:58] In 2015 Tod was a prosecutor working with the FBI on an investigation. He was at Europol at the Hague in the Netherlands, a center that brings together investigators and prosecutors from different countries who investigate the same threat group through Europol and Eurojust. [8:33] Tod met the Shadowserver Foundation non-profit group at the Hague in 2015. They were helping, through free technical support to the takedown operation, to dismantle the infrastructure of a crime group, using sinkholing and other security measures. [9:08] Tod Joined the Shadowserver Foundation in January of 2023. He is the Shadowserver Alliance Director. As a small non-profit, everyone wears many hats. The Shadowserver Foundation is a 501(c)(3) in the U.S. and a separate non-profit legal entity in the Netherlands. [9:47] The Shadowserver Foundation started about 2004. It celebrated its 20th anniversary in 2024. It began as a loose group of volunteers made up of cybersecurity researchers and technical experts who came together to help network owners and law enforcement. [10:15] Over the years they became more structured and became a non-profit organization. It's an unusual non-profit organization working 100% in operations. It works in three core areas. First, it's the world's largest provider of free, actionable cyber threat intelligence. [10:45] Second, the Shadowserver Foundation does cybersecurity capacity-building around the world. Third, it also provides free support to law enforcement investigations and disruption operations with technical support and expertise. Those three things are its core mission. [11:07] Justin notes commonalities between RIMS cyber risk reporting and the Shadowserver Foundation's work. Shadowserver collects a vast amount of threat data daily. What are the patterns it sees for 2025? [11:29] Shadowserver Foundation can help organizations mitigate risks. It collects cyber threat data at its data center in California through internet-wide scanning, honeypot sensors, sinkholing operations, and collecting and analyzing malware samples. [11:57] Every day for free the Shadowserver Foundation takes that data and provides it to over 9,000 organizations around the world and to 201 National C-CERTs that cover about 176 countries. [12:13] These reports identify exposed, misconfigured, vulnerable, compromised instances or devices on networks that need patching. [12:25] The organizations that get Shadowserver's data can be anything from banks to hospitals, universities, K-12 school districts, ISPs, local, state, and federal governments, small, medium, and large businesses, Fortune 500s, and NGOs; just about anyone can sign up. [12:46] The idea behind this is that cyber security should be available to everyone, regardless of the ability to pay. Organizations can sign up at the Shadowserver Foundation website, and provide their contact information and network information with IP ranges and ASNs. [13:12] The Shadowserver Foundation does its due diligence and if everything checks out, it automates those reports to go out to the organization daily. About 9,000 organizations sign up directly to receive daily reports. [13:22] The Shadowserver Foundation also sends out data for entire countries to the national C-CERT designated to handle that in those countries. In the U.S., CISA gets hundreds of millions of events from them every day for all the U.S. It is the same around the world. [13:52] Tod says that some things never change. Networks are breached primarily through phishing attacks, malicious links or attachments, and social engineering. [14:09] One trend is a focus on vulnerabilities. Criminals exploit vulnerabilities in the network that aren't timely patched and before they are patched. Shadowserver gives organizations an external snapshot view of their networks just as criminals are scanning for themselves. [14:52] Cybercriminal groups increasingly leverage zero-day vulnerabilities to breach a network. A zero-day vulnerability is a flaw in software or hardware that's unknown to the vendor and has no patch. The vendor has had zero days to fix the vulnerability after it has been discovered. [15:16] That was the case with the Clop ransomware gang. In 2024, they started exploiting zero-day vulnerabilities in Fortra's GoAnywhere software. That continued in May, with them exploiting Progress Software's MOVEit file transfer application. [15:38] Very recently, in December, the Clop Ransomware group claimed responsibility for using a zero-day vulnerability in Clio's file transfer platform that breached victims' networks. [15:49] Cyber criminals extort victims and steal data with ransomware attacks. Risk managers in cybersecurity need to stay on top of critical vulnerabilities that often go unpatched. Those are often the easiest gateway into a network. [16:26] Plug Time! RIMS Webinars! Resolver will be joining us on February 6th to discuss “4 Themes Shaping the Future of GRC in 2025”. [16:38] HUB International continues its Ready for Tomorrow Series with RIMS. On February 20th, they will host “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025”. [16:54] More webinars will be announced soon and added to the RIMS.org/webinars page. Go there to register. Registration is complimentary for RIMS members. [17:06] Nominations are also open for the Donald M. Stuart Award which recognizes excellence in risk management in Canada. Links are in this episode's show notes. [17:17] The Spencer Educational Foundation's goal to help build a talent pipeline of risk management and insurance professionals is achieved in part by its collaboration with risk management and insurance educators across the U.S. and Canada. [17:35] Since 2010, Spencer has awarded over $3.3 million in general grants to support over 130 student-centered experiential learning initiatives at universities and RMI non-profits. Spencer's 2026 application process will open on May 1st, 2025, and close on July 30th, 2025. [17:58] General grant awardees are typically notified at the end of October. Learn more about Spencer's general grants through the Programs tab at SpencerEd.org. [18:08] Let's Return to the Conclusion of My Interview with Tod Eberle of Shadowserver! [18:49] Justin notes that In December of 2024, China attackers breached the Committee on Foreign Investment in the U.S. That is the government office that assesses foreign investments for national security risks. [18:58] China also targeted the Treasury's Sanctions Office after it sanctioned a Chinese company for its alleged role in cyberattacks. [19:14] Tod thinks we should acknowledge that this is nothing new and nothing we should be surprised about. It's been going on for many years and it's going to continue. Justin was in the Federal government in 2013 and 2014. [19:32] In 2015, it was announced that the U.S. Office of Personnel Management had been breached. Personal sensitive data for 42 million people were stolen. [19:44] In May 2014, five Chinese military officers were indicted for computer hacking and economic espionage against companies based in Pittsburgh. This is nothing out of the ordinary. Unfortunately, indictments don't seem to have a deterrent effect. [20:21] Countries can deny the charges of hacking even with strong evidence of their involvement. [20:37] There are different types of hacking, with different types of motivation. There is traditional espionage against U.S. government agencies. There is theft of intellectual property with nation-states trying to gain a commercial advantage in business. [21:23] There are destructive hacks by nation-state actors, like the NotPetya attack, or attacks on the Ukrainian power grid and banking systems in 2015 and 2016. [21:36] The Volt Typhoon threat actor group and its access to the U.S. critical infrastructure is one of the greatest national security concerns because of its potential to disrupt everything from water to power, to food, to transportation. [22:10] The ripple effect that can come from those disruptions would be enormous. The Colonial Pipeline ransomware attack of a few years ago affected fuel supplies, commerce, and the prices of goods. [22:31] Nation-state hacking is no longer just a concern for government agencies and companies that do business internationally, but it's now a concern for all of society. There's the potential to affect the daily lives of innocent civilians through attacks on critical infrastructure. [23:16] Tod mentions another 2014 indictment out of Pittsburgh, on the GameOver Zeus Botnet takedown. Part of that was a crypto locker ransomware disruption. This was in the infancy of ransomware, for $300 ransoms. Now ransom demands are in the tens of millions of dollars. [23:53] We have seen a huge evolution in ransomware. It's not going away. One thing we're seeing is bypassing data encryption and focusing on data theft. It's easier and less time-consuming for the threat actors because they don't have to map out the network. [24:41] If a victim company had good backups and easy restoration, that was an issue ransomware actors had to deal with, so why would the threat actors bother with that? They just focus on easy data theft and extortion of ransom for the data. [25:04] Tod thinks we will continue to see extortion. Ransomware continues to be the greatest concern for companies. The use of AI has been increasing both for defenders and attackers. [25:14] A new ransomware group, FunkSec, is claiming large numbers of victims of extortion, encryption, and data theft. They seem to have ransom demands of less than $10,000. They have sold stolen data. Researchers think this is a less experienced group using AI to write code. [27:22] Shadowserver's very talented team collects the data. It's free. They want to get it into the hands of those who can use it. The reports identify things that are seen to be misconfigured or unnecessarily exposed to the internet. Sometimes they can show if something is compromised. [28:12] Shadowserver designates the events by severity level so the end user can prioritize their patching and address first the ones that are most critical and severe. The reports act both as an early warning system and a victim notification system if a device is seen to be compromised. [28:59] The network owner needs to remediate that and patch it before further exploitation like a ransomware attack can occur. [29:07] Shadowserver has two ways to detect that a device is compromised. The first is if they have indicators that tell them a device on the network is compromised. The second is with their support for law enforcement, law enforcement may share sensitive data with Shadowserve. [29:32] When law enforcement does a takedown and they get victim identification data like IP addresses, they must do victim notification. Law enforcement isn't scaled to do victim notification for hundreds of thousands of users. Shadowserver helps them with notifications. [30:48] Shadowserver is very careful to share data responsibly. Company A will get the data they have for Company A and it won't be shared with Company B and vice versa. Shadowserver views the data as belonging to that network owner. [31:08] If a company authorizes Shadowserver and wants them to share their data with a third party, Shadowserver will happily do it. There are several companies with MSSPs to manage their security. If the company asks, Shadowserver will send the data to their MSSP. [31:43] As a small, non-profit organization, not everyone has heard of the Shadowserver Foundation. They want people to know they have this data and they want to share it. It could be relevant for cyber insurance companies' due diligence, with the insurance applicant's consent. [32:20] It's important because those reports can show whether a network has remained healthy and secure over time. Tod would love to see Shadowserver be able to help more in the risk mitigation areas. [32:56] Special thanks again to Shadowserver Foundation's Tod Eberle for joining us here on RIMScast! Check out this episode's show notes for links to the Shadowserver reports we mentioned. [33:07] Be sure to tune in next week for Data Privacy Day! We've got a special episode with James Burd, Chief Privacy Officer of the Cybersecurity and Infrastructure Security Agency (CISA). That's going to be a good one! [33:22] More RIMS Plugs! You can sponsor a RIMScast episode for this, our weekly show, or a dedicated episode. Links to sponsored episodes are in our show notes. [33:50] RIMScast has a global audience of risk and insurance professionals, legal professionals, students, business leaders, C-Suite executives, and more. Let's collaborate and help you reach them! Contact pd@rims.org for more information. [34:07] Become a RIMS member and get access to the tools, thought leadership, and network you need to succeed. Visit RIMS.org/membership or email membershipdept@RIMS.org for more information. [34:25] Risk Knowledge is the RIMS searchable content library that provides relevant information for today's risk professionals. Materials include RIMS executive reports, survey findings, contributed articles, industry research, benchmarking data, and more. [34:41] For the best reporting on the profession of risk management, read Risk Management Magazine at RMMagazine.com. It is written and published by the best minds in risk management. [34:55] Justin Smulison is the Business Content Manager at RIMS. You can email Justin at Content@RIMS.org. [35:03] Thank you all for your continued support and engagement on social media channels! We appreciate all your kind words. Listen every week! Stay safe! Mentioned in this Episode: RIMS Risk Management magazine RISKWORLD 2025 — May 4‒7 | Register today! RIMS Legislative Summit — March 19‒20, 2025 Nominations for the Donald M. Stuart Award Spencer Educational Foundation — General Grants 2026 — Application Dates RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy Shadowserver Foundation National Cybersecurity Alliance RIMS Webinars: RIMS.org/Webinars “4 Themes Shaping the Future of GRC in 2025” | Sponsored by Resolver | Feb. 6, 2025 “Ready for the Unexpected? Strategies for Property Valuation, Disaster Recovery and Business Continuity in 2025” | Sponsored by Hub International | Feb. 20, 2025 Upcoming Virtual Workshops: “Claims Management” | February 11‒12, 2025 | Instructor: Chris Hansen “Fundamentals of Insurance” | Feb. 19‒20, 2025 “Applying and Integrating ERM” | Feb. 26‒27 “Managing Data for ERM” | March 12, 2025 See the full calendar of RIMS Virtual Workshops RIMS-CRMP Prep Workshops Upcoming RIMS-CRMP Prep Virtual Workshops: “Stay Competitive with the RIMS-CRMP | Presented by the RIMS Greater Bluegrass Chapter” February 19‒20, 2025 | Instructor: Chris Mandel Full RIMS-CRMP Prep Course Schedule Full RIMS-CRMP Prep Course Schedule Related RIMScast Episodes: “Kicking off 2025 with RIMS CEO Gary LaBranche” “Year In Risk 2024 with Morgan O'Rourke and Hilary Tuttle” “AI and Regulatory Risk Trends with Caroline Shleifer” “Cybersecurity Awareness and Risk Frameworks with Daniel Eliot of NIST” (2024) Sponsored RIMScast Episodes: “Simplifying the Challenges of OSHA Recordkeeping” | Sponsored by Medcor “Risk Management in a Changing World: A Deep Dive into AXA's 2024 Future Risks Report” | Sponsored by AXA XL “How Insurance Builds Resilience Against An Active Assailant Attack” | Sponsored by Merrill Herzog “Third-Party and Cyber Risk Management Tips” | Sponsored by Alliant “RMIS Innovation with Archer” | Sponsored by Archer “Navigating Commercial Property Risks with Captives” | Sponsored by Zurich “Breaking Down Silos: AXA XL's New Approach to Casualty Insurance” | Sponsored by AXA XL “Weathering Today's Property Claims Management Challenges” | Sponsored by AXA XL “Storm Prep 2024: The Growing Impact of Convective Storms and Hail' | Sponsored by Global Risk Consultants, a TÜV SÜD Company “Partnering Against Cyberrisk” | Sponsored by AXA XL “Harnessing the Power of Data and Analytics for Effective Risk Management” | Sponsored by Marsh “Accident Prevention — The Winning Formula For Construction and Insurance” | Sponsored by Otoos “Platinum Protection: Underwriting and Risk Engineering's Role in Protecting Commercial Properties” | Sponsored by AXA XL “Elevating RMIS — The Archer Way” | Sponsored by Archer “Alliant's P&C Outlook For 2024” | Sponsored by Alliant “Why Subrogation is the New Arbitration” | Sponsored by Fleet Response “Cyclone Season: Proactive Preparation for Loss Minimization” | Sponsored by Prudent Insurance Brokers Ltd. “Subrogation and the Competitive Advantage” | Sponsored by Fleet Response RIMS Publications, Content, and Links: RIMS Membership — Whether you are a new member or need to transition, be a part of the global risk management community! RIMS Virtual Workshops On-Demand Webinars RIMS-Certified Risk Management Professional (RIMS-CRMP) RISK PAC | RIMS Advocacy RIMS Strategic & Enterprise Risk Center RIMS-CRMP Stories — Featuring RIMS Vice President Manny Padilla! RIMS Events, Education, and Services: RIMS Risk Maturity Model® Sponsor RIMScast: Contact sales@rims.org or pd@rims.org for more information. Want to Learn More? Keep up with the podcast on RIMS.org, and listen on Spotify and Apple Podcasts. Have a question or suggestion? Email: Content@rims.org. Join the Conversation! Follow @RIMSorg on Facebook, Twitter, and LinkedIn. About our guest: Tod Eberle, Shadowserver Foundation Production and engineering provided by Podfly.
This episode of the Lloyd's List Podcast was brought to you by Veson. Visit veson.com/decision-advantage for more information. Ten years or so ago, when the University of Plymouth ran their first cybersecurity symposium, the number attendees barely made double figures. This week, held in the main hall of the International Maritime Organization on London's Albert Embankment, the same event attracted more than 300, from shipping companies in almost every sector. Clearly, the topic has gained attention and traction, partly down to the repeated warnings of horror stories the industry continues to receive, right the way up to hackers being able to remotely control very large crude carriers. There have been several high-profile cyber incidents in shipping since the devastating NotPetya attack which cost Maersk more than $250m in 2017. The Port of Seattle, the Port of Lisbon and class society DNV can all count themselves of cyber attacks in the last two years. But the apocalyptic vision that has been painted for the industry time and time again hasn't materialised yet. So, how worried should we really be about cybersecurity in shipping? Joining Joshua on the podcast this week are: Kevin Jones, professor of computer science and director of the Maritime Cyber Threats Research Group, University of Plymouth Daniel Ng, chief executive of Cyberowl Svante Einarsson, head of cybersecurity maritime for EMEA and APAC, DNV Knut Ørbeck-Nilssen, maritime chief executive, DNV
In this month's “News From The Fintech Front" host Elizabeth Kleinveld discusses recent fintech developments with guests Bruno Diniz and Ritesh Jain. They explore major fintech news, focusing on topics like the expansion of payment company Adyen into India, investments by Japan's Credit Saison in Latin American startups, and HSBC's involvement in open property data for smoother home buying in the UK. They also delve into Brazil's innovative financial infrastructure, including PIX, open finance, and the central bank's efforts in AI and data science. Furthermore, they discuss challenges in retail CBDC adoption and MasterCard's partnerships aimed at expanding fintech opportunities in Africa and the Middle East. Throughout the conversation, the importance of financial literacy versus financial inclusion is emphasized, alongside concerns about AI biases in financial systems. Bruno Diniz https://www.linkedin.com/in/brunoevdiniz Managing Partner, Spiralem Innovation Consulting / Professor on Financial Innovation, University of Sao Paulo (USP) Regarded as one of the top fintech influencers in LATAM, Mr. Diniz is also an international speaker, and bestselling author of three books on financial innovation: The Fintech Phonomenon, The New Financial Logic, and The Age of Crypto-Economy. Dr. Ritesh Jain - Founder, Infynithttps://www.linkedin.com/in/drriteshjain/ Known for his work in payments innovation, open banking, and digital public infrastructure. He has held key roles at HSBC, VISA, Apple, and Maersk, where he developed the Apple Pay tokenization stack and led major transformations.Dr. Jain advises global payment programs like UPI, FedNow, and PIX, and is a recognized expert in financial inclusion. He is the first to earn a PhD in Open Banking and played a crucial role in Maersk's recovery from the NotPetya ransomware attack. He is also a trusted advisor to G20 and GPFI, an active fintech investor, and a sought-after speaker at global conferences.
On July 19, the CrowdStrike outage was all over the news. But what was it really about, and what does it have to do with all of us? While the outage was repaired quickly, the fact that it affected so many systems we depend on is a wakeup call reminiscent of crippling cybersecurity attacks. In this episode, we look at what happened, how it relates to other outages including targeted cybersecurity attacks, and how we can protect ourselves from the fallout of such outages in the future.Resources:Washington Post: The hospitals, airlines and banks affected by the global IT outageVideo: Times Square billboards with Blue Screen of DeathForbes: CrowdStrike Windows Outage—What Happened And What To Do NextWindows 3.1 saves the day during CrowdStrike outage — Southwest Airlines scrapes by with archaic OSSupport the Show.Visit us on Patreon for bonus content and special offers! But only if you hate scams and attacks too.
Guest: ✨ Lennart Maschmeyer, Senior Researcher at Center for Security Studies (CSS) at ETH Zurich [@CSS_ETHZurich]On LinkedIn | https://www.linkedin.com/in/lennartmaschmeyer/____________________________Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli_____________________________This Episode's SponsorsBlackCloak
The Supreme Court overturning Chevron deference brings uncertainty to cyber regulations. Stolen credentials unmask online sex abusers. CISA updates online maritime resilience tools. Patelco Credit Union suffers a ransomware attack. Spanish and Portuguese police arrested 54 individuals involved in a vishing fraud scheme. Splunk patches critical vulnerabilities in their enterprise offerings. HHS fines a Pennsylvania-based Health System $950,000 for potential HIPAA violations related to NotPetya. CISOs look to mitigate personal risks. On the Learning Layer we reveal the long-awaited results of Joe Carrigan's CISSP certification journey. Avoiding an Independence Day grill-security flare-up. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On today's Learning Layer segment, we share the results of Joe Carrigan's CISSP exam attempt! Hint: the test ended at 100 questions...Tune in to hear host Sam Meisenberg and Joe reflect on his test day experience and what advice he has for others who are in the homestretch of their studies. Note, Joe's ISC2 CISSP certification journey used N2K's comprehensive CISSP training course. Selected Reading US Supreme Court ruling will likely cause cyber regulation chaos (CSO Online) Stolen credentials could unmask thousands of darknet child abuse website users (The Record) CISA updates MTS Guide with enhanced tools for resilience assessment in maritime infrastructure (Industrial Cyber) American Patelco Credit Union suffered a ransomware attack (Security Affairs) Dozens of Arrests Disrupt €2.5m Vishing Gang (Infosecurity Magazine) Splunk Patches High-Severity Vulnerabilities in Enterprise Product (SecurityWeek) Feds Hit Health Entity With $950K Fine in Ransomware Attack (GovInfo Security) How CISOs can protect their personal liability (CSO Online) Traeger Grill D2 Wi-Fi Controller, Version 2.02.04 (Bishop Fox) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
In this episode of The Cybersecurity Defenders Podcast, we discuss the GRU-backed cyber unit Sandworm which was recently promoted to APT44 by Mandiant.Sandworm is a notorious hacking group, believed to be linked to Russia's military intelligence agency, the GRU. Known for its destructive cyberattacks, Sandworm has targeted various sectors worldwide, including energy, media, and election systems. Their activities are marked by the use of sophisticated malware and tactics that not only seek to steal information but also to disrupt critical infrastructure. The group gained international prominence with attacks like NotPetya in 2017, which caused billions of dollars in damage across multiple countries, emphasizing their capability to impact global cyber stability.The name "Sandworm" is inspired by the monstrous creatures from Frank Herbert's science fiction novel "Dune," reflecting the group's elusive and destructive nature. Over the years, Sandworm's operations have evolved, showcasing their adaptability and the increasing complexity of their attacks. This evolution highlights the growing challenges in cybersecurity, making the understanding of such threat actors crucial for developing robust defense strategies against state-sponsored cyber warfare.YouTube video showing Sandworm attacking a Ukrainian power plant here.Episode #56 - When the lights went out in Ukraine (Part 1)Episode #74 - When the lights went out in Ukraine (Part 2)Episode #16 - NotPetya
Podcast: Data Breach Today Podcast (LS 32 · TOP 5% what is this?)Episode: How the Merck Case Shapes the Future of Cyber InsurancePub date: 2024-01-11Merck & Co.'s proposed settlement with insurers over a $1.4 billion claim related to the NotPetya attack will change the language the insurance industry uses to exclude acts of war in its policies, and organizations need to consider how those changes affect risk, said attorney Peter Halprin.The podcast and artwork embedded on this page are from DataBreachToday.com, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Data Breach Today Podcast (LS 32 · TOP 5% what is this?)Episode: How the Merck Case Shapes the Future of Cyber InsurancePub date: 2024-01-11Merck & Co.'s proposed settlement with insurers over a $1.4 billion claim related to the NotPetya attack will change the language the insurance industry uses to exclude acts of war in its policies, and organizations need to consider how those changes affect risk, said attorney Peter Halprin.The podcast and artwork embedded on this page are from DataBreachToday.com, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Link to blog post This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Allan Cockriel, Group CISO, Shell Thanks to our show sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta's platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. All links and the video of this episode can be found on CISO Series.com
The DOJ concludes its xDedic Marketplace investigation. A cyberattack shuts down a major mortgage lender. The Swiss Air Force suffers third party breach. An update on SilverRAT. The Space Force emphasizes collaboration for effective cyber growth. The DOE announces cyber resilience funding. Merck reaches a settlement on NotPetya. NIST warns of AI threats. Our guest is Dragos CEO Robert M. Lee, with a look at intellectual property theft in manufacturing. And Chump Change fines for big tech. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Robert M. Lee, founder and CEO of Dragos, to discuss intellectual property theft in manufacturing. Selected Reading AsyncRAT campaign targets US infrastructure. (CyberWire) 19 Individuals Worldwide Charged In Transnational Cybercrime Investigation Of The xDedic Marketplace (US Department of Justice) Space Force is crafting in-house cyber teams but sees need for closer work with USCYBERCOM (Nextgov/FCW) Energy Department has cyber threats to infrastructure in mind with $70 million funding offer (FedScoop) Swiss Air Force documents exposed via cyber attack on third party (BeyondMachines.net) Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack (SecurityWeek) Merck settles with insurers who denied $700 million NotPetya claim (The Record) Syrian Threat Group Peddles Destructive SilverRAT (DarkReading) NIST Warns of Security and Privacy Risks from Rapid AI System Deployment (The Hacker News) Mortgage firm loanDepot cyberattack impacts IT systems, payment portal (BleepingComputer) Big Tech has already made enough money in 2024 to pay all its 2023 fines (Proton) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Merck and its insurers settle $1.4 billion NotPetya case BreachForums admin Popompurin breaches terms of pretrial freedom Iranian crypto exchange Bit24.cash accidentally exposes customer data Thanks to today's episode sponsor, Vanta From dozens of spreadsheets and screenshots to fragmented tools and manual security reviews, managing the requirements for modern compliance and security programs is increasingly challenging. Vanta is the leading Trust Management Platform that helps you centralize your efforts to establish trust and enable growth across your organization. Over 6,000 companies partner with Vanta to automate compliance, strengthen security posture, streamline security reviews, and reduce third-party risk. To see Vanta's platform firsthand and access resources plus a special offer, go to vanta.com/ciso and watch their 3-minute product demo. For the stories behind the headlines, head to CISOseries.com.
A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
A short podcast updating listeners on the security news of the last few days, as prepared by Catalin Cimpanu and read by Claire Aird. You can find the newsletter version of this podcast click here.
Jesper Larsson is a Freelance PenTester. Jesper works with a hacker community called Cure53. Co-organizes SecurityFest in Gothenburg, Sweden. Hosts Säkerhetspodcasten or The Security Podcast. Jesper is also a Star on Hackad, a Swedish TV Series about hacking. Do you have something cool to share? Some questions? Let us know: - web: kubernetespodcast.com - mail: kubernetespodcast@google.com - twitter: @kubernetespod News of the week Kubernetes Removals, Deprecations, and Major Changes in Kubernetes 1.29 Introducing SIG etcd etcd, with Marek Siarkowicz and Wenjia Zhang (The Kubernetes Podcast from Google) WebAssembly (WASM) and OpenShift: A Powerful Duo for Modern Applications Linux Foundation Events Pass the torch in ContribEx #7603 Links from the interview Cure53 Hacker Community Säkerhetspodcasten Hackad TV Show on IMDB SecurityFest Gothenburg Falco by Sysdig Wolfi by Chainguard The Untold Story of NotPetya, the Most Devastating Cyberattack in History Links from the post-interview chat The Untold Story of NotPetya, the Most Devastating Cyberattack in History
On this episode we do a master class on cyber warfare. Learn the terminology. Learn the differences and similarities between kinetic and cyber warfare. There's a lot of interesting discussion, so check it out. Big thanks to our sponsor: Risk3Sixty - https://risk3sixty.com/whitepaper/ Transcripts https://docs.google.com/document/d/1yJYoVs3pO4u_Zq8UC8YQmnYVGrsH93-H Air Force Doctrine Publication 3-0 - Operations and Planning https://www.doctrine.af.mil/Portals/61/documents/AFDP_3-0/3-0-D15-OPS-Coercion-Continuum.pdf Dykstra, J., Inglis, C., & Walcott, T. S. (Joint Forces Quarterly 99, October 2020) Differentiating Kinetic and Cyber Weapons to Improve Integrated Combat. https://ndupress.ndu.edu/Portals/68/Documents/jfq/jfq-99/jfq-99_116-123_Dykstra-Inglis-Walcott.pdf Tallinn Manual 1.0 published April 2013; 2.0 in 2017 https://ccdcoe.org/research/tallinn-manual/ Version 3.0 under development; inputs solicited at https://ecv.microsoft.com/RRllEKKMJQ https://www.csis.org/analysis/cyber-operations-during-russo-ukrainian-war Chapters 00:00 Introduction 01:57 Definition of Cyber War 04:18 Kinetic vs Cyber War 07:02 Goal of Offensive Cyber Operations 10:06 International Law Applied to Cyber Operations (Sovereignty & Necessity) 11:33 Diplomatic, Information, Military, & Economic (DIME) 12:57 Proportionality 14:04 Law of Distinction 15:56 Tallinn Manual 18:15 Stuxnet, Sony Pictures, NotPetya, and SolarWinds attacks 23:47 Ukraine Cyber War 28:21 Comparing old tanks to old mainframes 39:55 Winning a Cyber War
In this episode of the Security Squawk podcast, we dive deep into the rapidly shifting landscape of cybersecurity and the ripple effects that breaches have on organizations worldwide. We begin by discussing the monumental court ruling favoring Merck's $1.4 billion insurance claim post the NotPetya cyberattack. The breaches at Leaseweb, Prospect Medical, and the University of Michigan reveal diverse sectors' vulnerabilities. But it's not just private entities in the crosshairs; even the US government's email servers have faced recent zero-day attacks. Additionally, with data breaches like Mom's Meals affecting millions, and the University of California locking horns with Lloyd's of London over cyber insurance, it's evident that digital security and its implications are more profound than ever. Join us as we dissect these events and shed light on the crucial lessons businesses and institutions should draw from them.
Stop chasing after patches “Our goal is to make you, the user, stop chasing after patches, says Amit Serper is the Director of Security Research at Sternum IoT. In this podcast Amit walks us through the security challenge and then presents his company's proactive approach. “Deploy it once, and you forget about patching,” adds Amit. “We're going to catch and kill it before it happens.” Amit is a cybersecurity expert, and the discoverer of the "vaccine" for NotPetya. With a background in leading cybersecurity research teams at renowned companies like Akamai Technologies and Guardicore, Amit is now spearheading Sternum IoT's mission to revolutionize IoT defense. His extensive experience in the private sector is complemented by his previous roles in Israeli intelligence, where he undertook diverse security projects. Amit advocates for a proactive approach to cybersecurity, emphasizing the importance of runtime protection over traditional patching methods. Visit https://sternumiot.com/
PEBCAK Podcast: Information Security News by Some All Around Good People
Welcome to this week's episode of the PEBCAK Podcast! We've got four amazing stories this week so sit back, relax, and keep being awesome! Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”
We are nearly half way through 2023, and we're seeing some new trends surface in the cyber landscape. These include generative artificial intelligence, which was everywhere at RSA Conference this year, as well as automation across security operations and the continued need for skilled expertise. Join Matt Alderman from CyberRisk Alliance and Antonio Sanchez, Principal Evangelist at Fortra, as they dive into 2023 cybersecurity trends and observations. Segment Resources: https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000011812&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness https://www.fortra.com/products/bundles?code=cmp-0000011812&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! In the enterprise security news, A slow week for funding, but, as always, a busy week for AI news! Databricks acquires Okera, CrowdStrike, Fortinet and other cybersecurity shares rise, Merck might finally see that $1.4 billion dollar NotPetya payout, Ex-Uber CISO Joe Sullivan won't go to jail, Google rolls out passkey support, Do Bartenders make good pen testers?, ICS using steganography to hide data, DEF CON will unleash hackers on Large Language Models, and Security's eternal prioritization problem! The browser is the most used application, but was never built with the needs of the enterprise in mind. The Enterprise Browser delivers a whole new level of visibility, security and governance. This conversation will explore the benefits of the Enterprise Browser and the gaps it is filling for enterprises around the world. This segment is sponsored by Island. Visit https://securityweekly.com/islandrsac to learn more about them! Resilience and the capacity for reinvention have never been more important. In a world evolving at the speed of tech and roiled by the pandemic, enterprises that have security innovation woven into their DNA enjoy a distinct advantage. Learn more. This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them! The increased prevalence of phishing kits sourced from black markets and chatbot AI tools like ChatGPT has seen attackers quickly develop more targeted phishing campaigns. This improved targeting has simplified the process of manipulating users into taking actions that compromise their security credentials, leaving them and their organizations vulnerable. This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw317
We are nearly half way through 2023, and we're seeing some new trends surface in the cyber landscape. These include generative artificial intelligence, which was everywhere at RSA Conference this year, as well as automation across security operations and the continued need for skilled expertise. Join Matt Alderman from CyberRisk Alliance and Antonio Sanchez, Principal Evangelist at Fortra, as they dive into 2023 cybersecurity trends and observations. Segment Resources: https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000011812&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness https://www.fortra.com/products/bundles?code=cmp-0000011812&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=contsynd&utm_campaign=ft-brand-awareness This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them! In the enterprise security news, A slow week for funding, but, as always, a busy week for AI news! Databricks acquires Okera, CrowdStrike, Fortinet and other cybersecurity shares rise, Merck might finally see that $1.4 billion dollar NotPetya payout, Ex-Uber CISO Joe Sullivan won't go to jail, Google rolls out passkey support, Do Bartenders make good pen testers?, ICS using steganography to hide data, DEF CON will unleash hackers on Large Language Models, and Security's eternal prioritization problem! The browser is the most used application, but was never built with the needs of the enterprise in mind. The Enterprise Browser delivers a whole new level of visibility, security and governance. This conversation will explore the benefits of the Enterprise Browser and the gaps it is filling for enterprises around the world. This segment is sponsored by Island. Visit https://securityweekly.com/islandrsac to learn more about them! Resilience and the capacity for reinvention have never been more important. In a world evolving at the speed of tech and roiled by the pandemic, enterprises that have security innovation woven into their DNA enjoy a distinct advantage. Learn more. This segment is sponsored by Sumo Logic. Visit https://securityweekly.com/sumologicrsac to learn more about them! The increased prevalence of phishing kits sourced from black markets and chatbot AI tools like ChatGPT has seen attackers quickly develop more targeted phishing campaigns. This improved targeting has simplified the process of manipulating users into taking actions that compromise their security credentials, leaving them and their organizations vulnerable. This segment is sponsored by Zscaler. Visit https://securityweekly.com/zscalerrsac to learn more about them! Visit https://www.securityweekly.com/esw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/esw317
In the enterprise security news, A slow week for funding, but, as always, a busy week for AI news! Databricks acquires Okera, CrowdStrike, Fortinet and other cybersecurity shares rise, Merck might finally see that $1.4 billion dollar NotPetya payout, Ex-Uber CISO Joe Sullivan won't go to jail, Google rolls out passkey support, Do Bartenders make good pen testers?, ICS using steganography to hide data, DEF CON will unleash hackers on Large Language Models, and Security's eternal prioritization problem! Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw317
On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Joe Sullivan's sentencing MSI key material leak Merck to be paid in NotPetya claim The FBI takes down Turla's Snake malware operation Much, much more This week's show is brought to you by Gigamon. Chaim Mazal, Gigamon's CSO, is this week's sponsor guest. He's talking about how the company's gear is acting as a data source for network security products. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Former Uber CSO avoids prison time for ransomware coverup | Cybersecurity Dive Merck cyber coverage upheld in NotPetya decision, seen as victory for policyholders | Cybersecurity Dive Home / Twitter Hunting Russian Intelligence “Snake” Malware | CISA Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia's Federal Security Service | OPA | Department of Justice Iranian state-sponsored hackers exploiting printer vulnerability Iran: Fake It Till You Make It - by Tom Uren Hacktivists Target Iran's Foreign Ministry, Leak Trove Of Data New Cactus ransomware encrypts itself to evade antivirus White House considers ban on ransom payments, with caveats | Cybersecurity Dive Hamas armed wing announces suspension of bitcoin fundraising | Reuters FBI, Ukraine seize cryptocurrency exchanges for abetting cybercriminals Dallas still recovering from ransomware on eve of municipal election | Cybersecurity Dive Dallas restores core emergency dispatch systems | Cybersecurity Dive Hackers hijacked a university's emergency system to threaten students and faculty Organizations slow to patch GoAnywhere MFT vulnerability even after Clop ransomware attacks $10M Is Yours If You Can Get This Guy to Leave Russia – Krebs on Security Coming to DEF CON 31: Hacking AI models | CyberScoop Google Is Rolling Out Passkeys, the Password-Killing Tech, to All Accounts | WIRED US Court Rules for Corellium in Apple Copyright Case SafeGraph Lands US Air Force Contract After Targeting Abortion Clinics | WIRED
On this week's show Patrick Gray and Adam Boileau discuss the week's security news. They cover: Joe Sullivan's sentencing MSI key material leak Merck to be paid in NotPetya claim The FBI takes down Turla's Snake malware operation Much, much more This week's show is brought to you by Gigamon. Chaim Mazal, Gigamon's CSO, is this week's sponsor guest. He's talking about how the company's gear is acting as a data source for network security products. Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that's your thing. Show notes Former Uber CSO avoids prison time for ransomware coverup | Cybersecurity Dive Merck cyber coverage upheld in NotPetya decision, seen as victory for policyholders | Cybersecurity Dive Home / Twitter Hunting Russian Intelligence “Snake” Malware | CISA Justice Department Announces Court-Authorized Disruption of Snake Malware Network Controlled by Russia's Federal Security Service | OPA | Department of Justice Iranian state-sponsored hackers exploiting printer vulnerability Iran: Fake It Till You Make It - by Tom Uren Hacktivists Target Iran's Foreign Ministry, Leak Trove Of Data New Cactus ransomware encrypts itself to evade antivirus White House considers ban on ransom payments, with caveats | Cybersecurity Dive Hamas armed wing announces suspension of bitcoin fundraising | Reuters FBI, Ukraine seize cryptocurrency exchanges for abetting cybercriminals Dallas still recovering from ransomware on eve of municipal election | Cybersecurity Dive Dallas restores core emergency dispatch systems | Cybersecurity Dive Hackers hijacked a university's emergency system to threaten students and faculty Organizations slow to patch GoAnywhere MFT vulnerability even after Clop ransomware attacks $10M Is Yours If You Can Get This Guy to Leave Russia – Krebs on Security Coming to DEF CON 31: Hacking AI models | CyberScoop Google Is Rolling Out Passkeys, the Password-Killing Tech, to All Accounts | WIRED US Court Rules for Corellium in Apple Copyright Case SafeGraph Lands US Air Force Contract After Targeting Abortion Clinics | WIRED
The “godfather of AI” has left Google, offering warnings about the existential risks for humanity of the technology. Mark MacCarthy calls those risks a fantasy, and a debate breaks out between Mark, Nate Jones, and me. There's more agreement on the White House summit on AI risks, which seems to have followed Mark's “let's worry about tomorrow tomorrow” prescription. I think existential risks are a bigger concern, but I am deeply skeptical about other efforts to regulate AI, especially for bias, as readers of Cybertoonz know. I argue again that regulatory efforts to eliminate bias are an ill-disguised effort to impose quotas more widely, which provokes lively pushback from Jim Dempsey and Mark. Other prospective AI regulators, from the Federal Trade Commission (FTC)'s Lina Khan to the Italian data protection agency, come in for commentary. I'm struck by the caution both have shown, perhaps due to their recognizing the difficulty of applying old regulatory frameworks to this new technology. It's not, I suspect, because Lina Khan's FTC has lost its enthusiasm for pushing the law further than it can be pushed. This week's example of litigation overreach at the FTC include a dismissed complaint in a location data case against Kochava, and a wildly disproportionate ‘remedy” for what look like Facebook foot faults in complying with an earlier FTC order. Jim brings us up to date on a slew of new state privacy laws in Montana, Indiana, and Tennessee. Jim sees them as business-friendly alternatives to General Data Protection Regulation (GDPR) and California's privacy law. Mark reviews Pornhub's reaction to the Utah law on kids' access to porn. He thinks age verification requirements are due for another look by the courts. Jim explains the state appellate court decision ruling that the NotPetya attack on Merck was not an act of war and thus not excluded from its insurance coverage. Nate and I recommend Kim Zetter's revealing story on the SolarWinds hack. The details help to explain why the Cyber Safety Review Board hasn't examined SolarWinds—and why it absolutely has to—because the full story is going to embarrass a lot of powerful institutions. In quick hits, Mark makes a bold prediction about the fate of Canada's law requiring Google and Facebook to pay when they link to Canadian media stories: Just like in Australia, the tech giants and the industry will reach a deal. Jim and I comment on the three-year probation sentence for Joe Sullivan in the Uber “misprision of felony” case—and the sentencing judge's wide-ranging commentary. I savor the impudence of the hacker who has broken into Russian intelligence's bitcoin wallets and burned the money to post messages doxing the agencies involved. And for those who missed it, Rick Salgado and I wrote a Lawfare article on why CISOs should support renewal of Foreign Intelligence Surveillance Act (FISA) section 702, and Metacurity named it one of the week's “Best Infosec-related Long Reads.” Download 456th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
The “godfather of AI” has left Google, offering warnings about the existential risks for humanity of the technology. Mark MacCarthy calls those risks a fantasy, and a debate breaks out between Mark, Nate Jones, and me. There's more agreement on the White House summit on AI risks, which seems to have followed Mark's “let's worry about tomorrow tomorrow” prescription. I think existential risks are a bigger concern, but I am deeply skeptical about other efforts to regulate AI, especially for bias, as readers of Cybertoonz know. I argue again that regulatory efforts to eliminate bias are an ill-disguised effort to impose quotas more widely, which provokes lively pushback from Jim Dempsey and Mark. Other prospective AI regulators, from the Federal Trade Commission (FTC)'s Lina Khan to the Italian data protection agency, come in for commentary. I'm struck by the caution both have shown, perhaps due to their recognizing the difficulty of applying old regulatory frameworks to this new technology. It's not, I suspect, because Lina Khan's FTC has lost its enthusiasm for pushing the law further than it can be pushed. This week's example of litigation overreach at the FTC include a dismissed complaint in a location data case against Kochava, and a wildly disproportionate ‘remedy” for what look like Facebook foot faults in complying with an earlier FTC order. Jim brings us up to date on a slew of new state privacy laws in Montana, Indiana, and Tennessee. Jim sees them as business-friendly alternatives to General Data Protection Regulation (GDPR) and California's privacy law. Mark reviews Pornhub's reaction to the Utah law on kids' access to porn. He thinks age verification requirements are due for another look by the courts. Jim explains the state appellate court decision ruling that the NotPetya attack on Merck was not an act of war and thus not excluded from its insurance coverage. Nate and I recommend Kim Zetter's revealing story on the SolarWinds hack. The details help to explain why the Cyber Safety Review Board hasn't examined SolarWinds—and why it absolutely has to—because the full story is going to embarrass a lot of powerful institutions. In quick hits, Mark makes a bold prediction about the fate of Canada's law requiring Google and Facebook to pay when they link to Canadian media stories: Just like in Australia, the tech giants and the industry will reach a deal. Jim and I comment on the three-year probation sentence for Joe Sullivan in the Uber “misprision of felony” case—and the sentencing judge's wide-ranging commentary. I savor the impudence of the hacker who has broken into Russian intelligence's bitcoin wallets and burned the money to post messages doxing the agencies involved. And for those who missed it, Rick Salgado and I wrote a Lawfare article on why CISOs should support renewal of Foreign Intelligence Surveillance Act (FISA) section 702, and Metacurity named it one of the week's “Best Infosec-related Long Reads.” Download 456th Episode (mp3) You can subscribe to The Cyberlaw Podcast using iTunes, Google Play, Spotify, Pocket Casts, or our RSS feed. As always, The Cyberlaw Podcast is open to feedback. Be sure to engage with @stewartbaker on Twitter. Send your questions, comments, and suggestions for topics or interviewees to CyberlawPodcast@gmail.com. Remember: If your suggested guest appears on the show, we will send you a highly coveted Cyberlaw Podcast mug! The views expressed in this podcast are those of the speakers and do not reflect the opinions of their institutions, clients, friends, families, or pets.
In this episode I talk with Doron Naim who is the CEO of DevOcean which is a cloud platform that is changing how vulnerability management is done in the cloud. We talk about how he destroyed a $5000 computer, reverse engineering malware and more. If you enjoy this episode please share it & review the podcast! We are now live on Youtube! If you want to watch the video of this interview then go to the links below!LinkedIn: https://www.linkedin.com/in/doron-naim/Website: https://www.devocean.security/Support the showFollow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastYouTube: https://www.youtube.com/@securityunfilteredpodcastTikTok: Not today China! Not today
Are K-12 organizations and universities prepared for the onslaught of cyber threats? How long does it take me to find a vulnerable school district, it ain't long? An appeals court has upheld Merck's claim in the the NotPetya case. What does that mean for cyber insurance, and why does this make me so happy? Iran is moving quickly into the realm of influence operations, are they mirroring the Russian operations and how will this affect the upcoming election cycle? ChatGPT had a breach issue, how much of a threat or problem is this? Should we have expected anything less? Phishing is getting worse, statistically speaking, but how is this possible with all of the training we get? Is there a technical alternative that works? Those questions and more on this episode!
Iran integrates influence and cyber operations. ChatGPT use and misuse. Phishing reports increased significantly so far in 2023, while HTML attacks double. An update on the Discord Papers. Cyberstrikes against civilian targets. My conversation with our own Simone Petrella on emerging cyber workforce strategies. Tim Starks from the Washington Post joins me with reflections on the RSA conference. And, turns out, a war clause cannot be invoked in denying damage claims in the NotPetya attacks (at least not in the Garden State). For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/85 Selected reading. Rinse and repeat: Iran accelerates its cyber influence operations worldwide (Microsoft On the Issues) ChatGPT Confirms Data Breach, Raising Security Concerns (Security Intelligence) Samsung Bans Generative AI Use by Staff After ChatGPT Data Leak (Bloomberg) Malicious email campaigns abusing Telegram bots rise tremendously in Q1 2023, surpassing all of 2022 by 310% (Cofense) Threat Spotlight: Proportion of malicious HTML attachments doubles within a year (Barracuda) Zelensky says White House told him nothing about Discord intelligence leaks (Washington Post) Russia attacks civilian infrastructure in cyberspace just as it does on ground - watchdog (Ukrinform) Merck's Insurers On the Hook in $1.4 Billion NotPetya Attack, Court Says (Wall Street Journal) Merck entitled to $1.4B in cyberattack case after court rejects insurers' 'warlike action' claim (Fierce Pharma)
David Finz, speaks to the recent court case where Merck won an appeal in the Superior Court of New Jersey regarding a property insurance claim they filed after being impacted by the NotPetya attack. The court found that the exclusion for hostile warlike actions did not apply to the situation and was not written in a way that would be triggered in the absence of a physical or military attack.
In Nicole Perlroth's blockbuster 2021 book, “This Is How They Tell Me the World Ends,” the former New York Times journalist conveys cybersecurity experts' mounting anxiety about increasingly dangerous digital threats. From spyware to ransomware, the black market for cyber tools that skirt the law is lucrative and often poorly understood. Nicole points to catastrophic cyberattacks like NotPetya, a 2017 ransomware look-alike that attempted to obliterate Ukraine's critical infrastructure before causing billions of dollars in damages worldwide. But even with geopolitical tensions now at a fever pitch, Nicole, now a cybersecurity advisor and investor, explains why “mutually assured digital destruction” has so far helped stave off major attacks on U.S. critical infrastructure. ---------Also covered in the podcast: * The importance of educating board members about cybersecurity * What constitutes a cyber weapon* Why Nicole is optimistic about the future of ransomware
This week host Derek E. Silva joins Amit Serper, Director of Security Research at Sternum and a former member of an elite cyber unit in the Israeli government. Amit, who disabled the infamous NotPetya attack in 2017, shares the story about one of the biggest cyber attacks in history and the elite hackers behind it. Join us as we dive into the ever-evolving world of cyber security issues that are shaping our world.
In this episode I talk with Amit Serper who became famous for finding a way to stop the NotPetya ransomware from spreading and causing more damage than it already inflicted. We had a fascinating conversation and if you enjoy the podcast please leave a review and share the podcast. Amit's Links:LinkedIn: https://www.linkedin.com/in/aserper/Twitter: https://twitter.com/0xAmitInfosec.Exchange: @0xamit@infosec.exchangeWebsite: https://www.sternumiot.com/Dev InterruptedWhat the smartest minds in engineering are thinking about, working on and investing in.Listen on: Apple Podcasts SpotifySupport the showFollow the Podcast on Social Media!Instagram: https://www.instagram.com/secunfpodcast/Twitter: https://twitter.com/SecUnfPodcastPatreon: https://www.patreon.com/SecurityUnfilteredPodcastTikTok: Not today China! Not today
In this episode of the Cybersecurity Defenders podcast, we recount some hacker history and tell the story of Amit Serper, a hacker and reverse engineer, who was instrumental in stopping the most devastating cyber attack in history: NotPetya.On 27 June 2017, a major global cyberattack began (Ukrainian companies were among the first to state they were being attacked), utilizing a new variant of Petya. On that day, Kaspersky Lab reported infections in France, Germany, Italy, Poland, the United Kingdom, and the United States, but that the majority of infections targeted Russia and Ukraine, where more than 80 companies were initially attacked, including the National Bank of Ukraine. ESET estimated on 28 June 2017 that 80% of all infections were in Ukraine, with Germany second hardest hit with about 9%.Russian president Vladimir Putin's press secretary, Dmitry Peskov, stated that the attack had caused no serious damage in Russia. Experts believed this was a politically-motivated attack against Ukraine, since it occurred on the eve of the Ukrainian holiday Constitution Day.Kaspersky dubbed this variant "NotPetya", as it has major differences in its operations in comparison to earlier variants. McAfee engineer Christiaan Beek stated that this variant was designed to spread quickly, and that it had been targeting "complete energy companies, the power grid, bus stations, gas stations, the airport, and banks".This episode was written by Nathaniel Nelson, narrated by Christopher Luft and produced by the team at LimaCharlie.The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.
Amit Serper is the Director of Security Research at Sternum IoT and is the one who found a 'vaccine' for NotPetya. He believes it's time to look past the ‘patchability' approach and implement a ‘vaccine' like solution. In this episode Amot talks about embedded device security, the vaccine approach, and introduces some of the key aspects of Sternum IoT's autonomous security and observability platform. Sternum IoT https://www.sternumiot.com/ Thank you for listening to The Secure Talk Cybersecurity Podcast.
On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: DoJ seizes 50k bitcoin stolen from Silk Road, charges thief Australian health insurer Medibank refuses to pay ransom, data leaked Inside Qatar's $386m world cup espionage operation EU Parliament report into spyware lands SolarWinds settles shareholder lawsuit, faces SEC enforcement action Much, much more This week's sponsor guest is Andrew Morris from Greynoise Intelligence. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace - The Record by Recorded Future U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud | USAO-SDNY | Department of Justice Medibank says it will not pay ransom in hack that impacted 9.7 million customers - The Record by Recorded Future Names, addresses, birthdays posted to dark web by hackers after Medibank ransom deadline passes - ABC News ‘Project Merciless': how Qatar spied on the world of football in Switzerland - SWI swissinfo.ch How Qatar hacked the World Cup — The Bureau of Investigative Journalism (en-GB) FBI probing ex-CIA officer's spying for World Cup host Qatar - The Washington Post EU governments accused of using spyware ‘to cover up corruption and criminal activity' - The Record by Recorded Future Press conference on draft findings of EP spyware inquiry | News | European Parliament SolarWinds says it's facing SEC ‘enforcement action' over 2020 hack | TechCrunch Microsoft accuses China of abusing vulnerability disclosure requirements - The Record by Recorded Future 工业和信息化部国家互联网信息办公室公安部关于印发网络产品安全漏洞管理规定的通知-中共中央网络安全和信息化委员会办公室 Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup Could a ‘digital Red Cross emblem' protect hospitals from cyber warfare? - The Record by Recorded Future TrustCor Systems verifies web addresses, but its address is a UPS Store - The Washington Post Cyber incident at Boeing subsidiary causes flight planning disruptions - The Record by Recorded Future FIN7 cybercrime cartel tied to Black Basta ransomware operation: report - The Record by Recorded Future More than 100 election jurisdictions waiting on federal cyber help, sources say $28 million stolen from cryptocurrency platform Deribit - The Record by Recorded Future Nigerian scammer sentenced to 11 years in US prison - The Record by Recorded Future Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more - The Record by Recorded Future Urlscan.io API unwittingly leaks sensitive URLs, data | The Daily Swig The Most Vulnerable Place on the Internet | WIRED So long and thanks for all the bits - NCSC.GOV.UK
On this week's show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week's security news, including: DoJ seizes 50k bitcoin stolen from Silk Road, charges thief Australian health insurer Medibank refuses to pay ransom, data leaked Inside Qatar's $386m world cup espionage operation EU Parliament report into spyware lands SolarWinds settles shareholder lawsuit, faces SEC enforcement action Much, much more This week's sponsor guest is Andrew Morris from Greynoise Intelligence. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes DOJ says it seized billions in Bitcoin stolen by hacker from Silk Road darknet marketplace - The Record by Recorded Future U.S. Attorney Announces Historic $3.36 Billion Cryptocurrency Seizure And Conviction In Connection With Silk Road Dark Web Fraud | USAO-SDNY | Department of Justice Medibank says it will not pay ransom in hack that impacted 9.7 million customers - The Record by Recorded Future Names, addresses, birthdays posted to dark web by hackers after Medibank ransom deadline passes - ABC News ‘Project Merciless': how Qatar spied on the world of football in Switzerland - SWI swissinfo.ch How Qatar hacked the World Cup — The Bureau of Investigative Journalism (en-GB) FBI probing ex-CIA officer's spying for World Cup host Qatar - The Washington Post EU governments accused of using spyware ‘to cover up corruption and criminal activity' - The Record by Recorded Future Press conference on draft findings of EP spyware inquiry | News | European Parliament SolarWinds says it's facing SEC ‘enforcement action' over 2020 hack | TechCrunch Microsoft accuses China of abusing vulnerability disclosure requirements - The Record by Recorded Future 工业和信息化部国家互联网信息办公室公安部关于印发网络产品安全漏洞管理规定的通知-中共中央网络安全和信息化委员会办公室 Insurance giant settles NotPetya lawsuit, signaling cyber insurance shakeup Could a ‘digital Red Cross emblem' protect hospitals from cyber warfare? - The Record by Recorded Future TrustCor Systems verifies web addresses, but its address is a UPS Store - The Washington Post Cyber incident at Boeing subsidiary causes flight planning disruptions - The Record by Recorded Future FIN7 cybercrime cartel tied to Black Basta ransomware operation: report - The Record by Recorded Future More than 100 election jurisdictions waiting on federal cyber help, sources say $28 million stolen from cryptocurrency platform Deribit - The Record by Recorded Future Nigerian scammer sentenced to 11 years in US prison - The Record by Recorded Future Hackers get into Dropbox developer accounts on GitHub, access 130 code repositories and more - The Record by Recorded Future Urlscan.io API unwittingly leaks sensitive URLs, data | The Daily Swig The Most Vulnerable Place on the Internet | WIRED So long and thanks for all the bits - NCSC.GOV.UK
When you hear the word cyber-attack, what comes to mind? Someone hacking into your email, or stealing your Facebook password?As it turns out, our most critical infrastructure can be hacked. Our banks, water treatment facilities, and nuclear power plants can be deactivated and even controlled simply by finding bugs in the software used to operate them. Suddenly, cyber-attack takes on a different meaning.This week on Your Undivided Attention, we're talking with cyber-security expert Nicole Perlroth. Nicole spent a decade as the lead cyber-security reporter at The New York Times, and is now a member of the Department of Homeland Security's Cybersecurity Advisory Committee. She recently published “This Is How They Tell Me The World Ends” — an in-depth exploration of the global cyber arms race.CORRECTIONS: In the episode, Nicole says that "the United States could have only afforded 2 to 3 more days of Colonial Pipeline being down before it ground the country — our economy — to a halt." The correct number is actually 3 to 5 days. She also refers to a 2015 study researching why some countries have significantly fewer successful cyber-attacks relative to cyber-attack attempts. That study was actually published in 2016.RECOMMENDED MEDIA This Is How They Tell Me The World EndsNicole Perlroth's 2021 book investigating the global cyber-weapons arms raceReporter Page at the New York TimesNicole's articles while the lead cyber-security reporter at the New York TimesThe Global Cyber-Vulnerability Report (in brief)Brief of a 2015 study by the Center for Digital International Government, Virginia Tech, and the University of Maryland that researched why some countries have significantly fewer successful cyber-attacks relative to cyber-attack attemptsRECOMMENDED YUA EPISODES The Dark Side Of Decentralization with Audrey Kurth Cronin: https://www.humanetech.com/podcast/49-the-dark-side-of-decentralizationIs World War III Already Here? Guest: Lieutenant General H.R. McMaster: https://www.humanetech.com/podcast/45-is-world-war-iii-already-hereA Problem Well-Stated Is Half-Solved with Daniel Schmachtenberger: https://www.humanetech.com/podcast/a-problem-well-stated-is-half-solvedYour Undivided Attention is produced by the Center for Humane Technology. Follow us on Twitter: @HumaneTech_
Ukraine claims to have taken down a massive Russian bot farm. Russian cyber operations may have been premature. A report says Emergency Alert Systems might be vulnerable to hijacking. The Mirai botnet may have a descendant. Adam Flatley from Redacted with a look back at NotPetya. Ryan Windham from Imperva takes on Bad Bots. Attacks on a cryptocurrency exchange attempt to bypass 2FA. Solana cryptocurrency wallets looted. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/149 Selected reading. Ukraine takes down 1,000,000 bots used for disinformation (BleepingComputer) Did Russia mess up its cyberwar with Ukraine before it even invaded? (Washington Post) So RapperBot, What Ya Bruting For? (Fortinet Blog) Gaming Respawned (Akamai) Coinbase Attacks Bypass 2FA (Pixm Anti-Phishing) Thousands of Solana wallets drained in multimillion-dollar exploit (TechCrunch) Thousands of Solana Wallets Hacked in Crypto Cyberattack (Wall Street Journal) Solana, USDC Drained From Wallets in Attack (Decrypt) Ongoing solana attack targets thousands of crypto wallets, costing users more than $5 million so far (CNBC) Solana and Slope Confirm Wallet Security Breach (Crypto Briefing) How Hackers Target Bridges Between Blockchains for Crypto Heists (Wall Street Journal)
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
EternalBlue 5 Years After WannaCry and NotPetya https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/ OpenSSL Patches Two Vulnerabilities https://www.openssl.org/news/secadv/20220705.txt Iconburst NPM Software Supply Chain Attack https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
EternalBlue 5 Years After WannaCry and NotPetya https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/ OpenSSL Patches Two Vulnerabilities https://www.openssl.org/news/secadv/20220705.txt Iconburst NPM Software Supply Chain Attack https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites
Lithuania sustains a major DDoS attack. Lessons from NotPetya. Conti's brand appears to have gone into hiding. Online extortion now tends to skip the ransomware proper. Josh Ray from Accenture on how social engineering is evolving for underground threat actors. Rick Howard looks at Chaos Engineering. US financial institutions conduct a coordinated cybersecurity exercise. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/122 Selected reading. Russia's Killnet hacker group says it attacked Lithuania (Reuters) The hacker group KillNet has published an ultimatum to the Lithuanian authorities (TDPel Media) 5 years after NotPetya: Lessons learned (CSO Online) The cyber security impact of Operation Russia by Anonymous (ComputerWeekly) Conti ransomware finally shuts down data leak, negotiation sites (BleepingComputer) The Conti Enterprise: ransomware gang that published data belonging to 850 companies (Group-IB) Fake copyright infringement emails install LockBit ransomware (BleepingComputer) NCC Group Monthly Threat Pulse – May 2022 (NCC Group) We're now truly in the era of ransomware as pure extortion without the encryption (Register) Wall Street Banks Quietly Test Cyber Defenses at Treasury's Direction (Bloomberg)
Heard on the Baltimore waterfront. Privateering against Western brands. An update on sanctions and counter sanctions. Stonefly, straight outta Pyongyang. Lazarus is also back (and not in the good way). Richard Hummel from NETSCOUT discusses their bi-annual Threat Intel Report. Jon DiMaggio from Analyst1 joins us to discuss his new book, “The Art of Cyberwarfare - An Investigator's Guide to Espionage, Ransomware, and Organized Cybercrime.” And the US Department of State has added six Russian GRU officers to its Rewards for Justice program. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/81 Selected reading. Britain says Ukraine controls majority of its airspace (Reuters) Latest strikes on Russia hint daring Ukraine is not intimidated by the Kremlin (The Telegraph) West gearing up to help Ukraine for ‘long haul', says US defence secretary (the Guardian) U.S., allies promise to keep backing Ukraine in its war with Russia (Washington Post) Russia-linked hackers claim to have breached Coca-Cola Company (CyberNews) Stormous ransomware gang claims to have hacked Coca-Cola (Security Affairs) Chinese drone-maker DJI quits Russia and Ukraine (Register) Russia to Cut Gas to Poland and Bulgaria, Making Energy a Weapon (Bloomberg) Russia cuts off gas to Poland, Bulgaria, stoking tensions with E.U. over Ukraine (Washington Post) Why Russia's Economy Is Holding On (Foreign Policy) Stonefly: North Korea-linked Spying Operation Continues to Hit High-value Targets (Symantec) A "Naver"-ending game of Lazarus APT (Zscaler) U.S. offers $10 mln reward for information on Russian intelligence officers -State Dept (Reuters) US offering $10 million for info on Russian military hackers accused of NotPetya attacks (The Record by Recorded Future) Rewards for Justice – Reward Offer for Information on Russian Military Intelligence Officers Conducting Malicious Activity Against U.S. Critical Infrastructure - United States Department of State (United States Department of State)