POPULARITY
Tracking OceanLotus. US advisory warns of cyberthreats active against schools trying to deliver distance learning. Adrozek joins credential harvesting and adware. MountLocker’s criminal affiliate program. The FCC takes action against Chinese companies deemed security risks. Predictions, and holiday advice. Johannes Ullrich from the SANS technology institute wonders what’s in your clipboard? Our guest is Nina Jankowicz from Wilson Center on her new book - How to Lose the Information War - Russia, Fake News, and the Future of Conflict. And internship opportunities at CISA. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/238
Joe has a story about fake websites with advanced profiling tools and malicious software by OceanLotus, Dave's story is about sites that ask if it's ok to send you notifications, The Catch of the Day comes from a listener named William who received a phishing email from the boss, and later in the show, later in the show, Dave's conversation with Mike Slaugh from USAA on his predictions for 2021 and best practices for organizations to protect themselves and consumers, including creating better means of identity verification. Links to stories: OceanLotus: Extending Cyber Espionage Operations Through Fake Websites Be Very Sparing in Allowing Site Notifications Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.
ShadowTalk hosts Stefano, Kim, Dylan, and Adam bring you the latest in threat intelligence. This week they cover: - RegretLocker’s approach to quickly encrypting files - how their efficiency compares to counterpart Ryuk - Vx Underground’s code used in ransomware attacks - APT32, or OceanLotus, using social media and news sites to draw in users and redirect them to phishing pages - U.S. DoJ seizes $24 Million in cryptocurrency, assisting the Brazilian government Get this week’s intelligence summary at: https://resources.digitalshadows.com/digitalshadows/weekly-intelligence-summary-13-november ***Resources from this week’s podcast*** RegretLocker Ransomware: https://www.bleepingcomputer.com/news/security/new-regretlocker-ransomware-targets-windows-virtual-machines/ Vx Underground: https://twitter.com/smelly__vx/status/1323849544145211392 https://twitter.com/vxunderground/status/1326055110292729856 OceanLotus: https://www.volexity.com/blog/2020/11/06/oceanlotus-extending-cyber-espionage-operations-through-fake-websites/ U.S. Seizes Virtual Currency: https://www.justice.gov/opa/pr/us-seizes-virtual-currencies-valued-24-million-assisting-brazil-major-internet-fraud) https://www.cyberscoop.com/silk-road-bitcoin-billion-wallet/ Bitcoin vs. Monero Blog: https://www.digitalshadows.com/blog-and-research/bitcoin-vs-monero/ Evolution of DDoS: https://www.digitalshadows.com/blog-and-research/the-evolution-of-ddos-activity-in-2020
Alerts and guidelines on securing the software supply chain (and the hardware supply chain, too). OceanLotus is back with its watering holes. Two significant breaches are disclosed. Malek Ben Salem from Accenture Labs explains privacy attacks on machine learning. Rick Howard brings the Hash Table in on containers. And, hey, we hear there’s weird stuff out there about vaccines, but GCHQ is on the case. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/9/217
You will see Cybersecurity and Hacking related News from 7th October 2020 to 13th October 2020 which includes news as follows: 7th October 2020 ⦿ ALERT! Hackers targeting IoT devices with a new P2P botnet malware: 00:05 ⦿ OceanLotus hackers injecting malware in Windows error report: 00:28 ⦿ Brave Browser enters dark web with its own Tor Onion service: 01:00 8th October 2020 ⦿ Researchers Find Vulnerabilities in Microsoft Azure Cloud Service: 01:15 ⦿ Chowbus food delivery service suffers breach; trove of data stolen: 01:30 ⦿ Comcast voice remote control could be turned into spying tool: 01:42 9th October 2020 ⦿ 55 New Security Flaws Reported in Apple Software and Services: 02:02 ⦿ 100s of schools at risk after Magecart attack on Wisepay: 02:32 ⦿ Microsoft warns of new Android ransomware blackmailing victims: 03:02 10th October 2020 ⦿ Marketing firm Friendemic exposed 2.7 million customer records: 03:19 ⦿ Researcher uploaded spyware on official Fitbit store: 03:43 ⦿ Clop ransomware hits Software AG, demands $20 million+ ransom: 04:10 12th October 2020 ⦿ 3TB of clips from exposed home security cameras posted online: 04:20 13th October 2020 ⦿ Microsoft and Other Tech Companies Take Down TrickBot Botnet: 04:55 ⦿ Hackers exploit VPN, Windows flaws to influence US elections: 05:18 --- Send in a voice message: https://anchor.fm/quitehacker/message
A daily look at the relevant information security news from overnight.Episode 212 - 09 December 2019Car makers targeted - https://www.zdnet.com/article/bmw-and-hyundai-hacked-by-vietnamese-hackers-report-claims/Info stealing VPN - https://www.bleepingcomputer.com/news/security/fake-vpn-site-pushes-cryptbot-and-vidar-info-stealing-trojans/Facebook sues - https://www.scmagazine.com/home/security-news/legal-security-news/company-sued-for-allegedly-hijacking-facebook-accounts-to-serve-ads/NVIDIA patches - https://www.bleepingcomputer.com/news/security/nvidia-patches-severe-flaws-in-mercedes-infotainment-system-chips/MacOS trojan - https://threatpost.com/stealthy-macos-malware-lazarus-apt/150881/
Tensions between the US and Iran are likely to find further expression in cyberspace. OceanLotus’s Ratsnif kit isn’t up to the threat actors normally high standards of coding, but it’s plenty good enough. Cyberattacks in the states of Florida and Georgia. Utilities are urged to go lower tech where possible. Magecart skimmer “Inter” is being hawked on the dark web. And no, they haven’t videoed you using EternalBlue: just dump that email. Johannes Ullrich from the SANS Technology Institute and the ISC Stormcast podcast on Weblogic exploits. Guest is Nick Jovanovic from Thales on cloud security in the federal space. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/July/CyberWire_2019_07_02.html Support our show
Researchers at Blackberry Cylance have been tracking payload obfuscation techniques employed by OceanLotus (APT32), specifically steganography used to hide code within seemingly benign image files. Tom Bonner is director of threat research at Blackberry Cylance, and he joins us to share their findings. The original research can be found here: https://www.cylance.com/en-us/lp/threat-research-and-intelligence/oceanlotus-steganography-malware-analysis-white-paper-2019.html The CyberWire's Research Saturday is presented by Juniper Networks. Thanks to our sponsor Enveil, closing the last gap in data security.
Researchers at Blackberry Cylance have been tracking payload obfuscation techniques employed by OceanLotus (APT32), specifically steganography used to hide code within seemingly benign image files. Tom Bonner is director of threat research at Blackberry Cylance, and he joins us to share their findings. The original research can be found here: https://www.cylance.com/en-us/lp/threat-research-and-intelligence/oceanlotus-steganography-malware-analysis-white-paper-2019.html
This week, we welcome back Mary Beth Borgwing, President and Founder of of the Cyber Social Club, to talk about Uniting Women in Cyber! In the Technical Segment, we welcome back our friend Chris Brenton, Chief Operating Officer at Active Countermeasures, to discuss why threat hunting is the missing link between our protection tools and our response tools, and will take a deep dive into the AI Hunter! In the Security News, Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts, Vietnam's OceanLotus Group Ramps up hacking car companies, UC Browser violates Google Play Store Rules, & how Russia is spoofing GPS Signals on a massive scale! To learn more about Active Countermeasures and to get the slides for the Technical Segment today, visit: https://securityweekly.com/acm Full Show Notes: https://wiki.securityweekly.com/Episode599 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Mary Beth Borgwing, President and Founder of of the Cyber Social Club, to talk about Uniting Women in Cyber! In the Technical Segment, we welcome back our friend Chris Brenton, Chief Operating Officer at Active Countermeasures, to discuss why threat hunting is the missing link between our protection tools and our response tools, and will take a deep dive into the AI Hunter! In the Security News, Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts, Vietnam's OceanLotus Group Ramps up hacking car companies, UC Browser violates Google Play Store Rules, & how Russia is spoofing GPS Signals on a massive scale! To learn more about Active Countermeasures and to get the slides for the Technical Segment today, visit: https://securityweekly.com/acm Full Show Notes: https://wiki.securityweekly.com/Episode599 Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
In today’s podcast, we hear that OceanLotus, a.k.a. Cobalt Kitty, a.k.a. APT32, is out and about and using a steganographic vector to deliver its loader. Georgia Tech suffers a major data breach, with access to student, staff, and faculty records by parties unknown. Research universities remain attractive targets. Reflections on dual-use technologies. The Royal Canadian Mounted Police have raided offices connected with the production of the Orcus RAT, which is either a legitimate tool or a commodity Trojan, depending on whom you believe. David Dufour from Webroot with results from their most recent threat report. Guest is Roy Zur from Cybint Solutions on the essentials of hunting and fishing for information online. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_03.html Support our show
In the Security News, Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts, Vietnam's OceanLotus Group Ramps up hacking car companies, UC Browser violates Google Play Store Rules, & how Russia is spoofing GPS Signals on a massive scale! Full Show Notes: https://wiki.securityweekly.com/Episode599 Follow us on Twitter: https://www.twitter.com/securityweekly
In the Security News, Attackers exploiting IMAP to bypass MFA on O365 and G-Suite accounts, Vietnam's OceanLotus Group Ramps up hacking car companies, UC Browser violates Google Play Store Rules, & how Russia is spoofing GPS Signals on a massive scale! Full Show Notes: https://wiki.securityweekly.com/Episode599 Follow us on Twitter: https://www.twitter.com/securityweekly
In today’s podcast, we hear that Magento users are being urged to patch as risk of exploitation rises. Toyota experiences another cyber attack, and some observers blame, on grounds of motive, opportunity, and track record, OceanLotus. Exodus spyware in the Google Play store looks like a case of lawful intercept tools getting loose. Moscow seeks to control and limit VPN providers. Mr. Zuckerberg wants regulation. Mr. Barriss gets twenty years for swatting. And, hey, there’s phishing tackle on the Nigerian National Assembly’s site. Joe Carrigan from JHU ISI on a spying a leaving unsecured data online. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_01.html Support our show
Alex and Jamie join Harrison to discuss how the United Arab Emirates (UAE) intelligence services compromised iPhones through the “Karma” malware. They also look at a spam campaign targeting American users, distributing the “Trickbot” banking trojan; Vietnamese threat group “OceanLotus” deploying a new custom downloader; and a distributed denial of service (DDoS) campaign displaying record-breaking power by combining techniques. Read the full intelligence summary here: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-31-jan-07-feb-2019
In today’s podcast, we hear that Collection#1 looks like the work of an aggregator who goes by the name of “C0rpz.” OceanLotus is working with a new downloader. CookieMiner malware is poking around in Macs. Huawei continues to receive harsh security scrutiny internationally even as it seeks to position itself as a 5G leader. Russian influencers begin to attend to Venezuela. And if someone says they’ve got video of you looking at things you shouldn’t, they probably don’t. Rick Howard from Palo Alto Networks on Australia’s controversial encryption legislation. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/February/CyberWire_2019_02_04.html Support our show
In today's podcast, we hear that no one but Bloomberg seems to retain much faith in Bloomberg's story about Chinese supply-chain seeding attacks. Twitter blocks bots retailing coordinated Saudi talking points about the disappearance of journalist Jamal Khashoggi. Latvia says it blocked attempts to interfere with its October elections. SEO poisoning exploits interest in key words associated with US midterms. OceanLotus shows some new trick. A Connecticut town pays ransom. Ransomware hoods take pity on a grieving father. We speak with our Johannes Ullrich from the SANS Institute who discusses DNSSEC root key rollover and Mike Horning from Virginia Tech, shares the results of a study on the implications of regulating social media. For links to all of today's stories, visit https://thecyberwire.com/issues/issues2018/October/CyberWire_2018_10_19.html
Researchers at Trend Micro recently discovered a backdoor targeting MacOS users that they believe is the work of the OceanLotus threat group, an organization previously thought to have launched targeted attacks against human rights organizations, media organizations, research institutes, and maritime construction firms. Mark Nunnikhoven is VP of Cloud Research at Trend Micro, and he explains what they've learned. https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/ The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Thanks to our sponsor Enveil, closing the last gap in data security.
Researchers at Trend Micro recently discovered a backdoor targeting MacOS users that they believe is the work of the OceanLotus threat group, an organization previously thought to have launched targeted attacks against human rights organizations, media organizations, research institutes, and maritime construction firms. Mark Nunnikhoven is VP of Cloud Research at Trend Micro, and he explains what they've learned. https://blog.trendmicro.com/trendlabs-security-intelligence/new-macos-backdoor-linked-to-oceanlotus-found/
In the news, Attacking an FTP Client: MGETting more than you bargained for, Warning: Your Windows PC can get hacked by just visiting a site, new MacOS backdoor linked to OceanLotus, & more on this episode of Application Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode12 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly
In the news, Attacking an FTP Client: MGETting more than you bargained for, Warning: Your Windows PC can get hacked by just visiting a site, new MacOS backdoor linked to OceanLotus, & more on this episode of Application Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode12 Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly
In today's podcast we hear that a breach in several companies' consumer-facing systems is attributed to a third-party chat vendor. Crooks are tampering with chipped debit cards. Ocean Lotus is back, with a MacOS backdoor. A Mirai variant was used against banks earlier this year. Energetic Bear may be exploiting misconfigured switches. Microsoft looks into Office 360 outages. Russia warns Britain against playing with fire. And three cyber startups are DataTribe finalists. Johannes Ullrich from SANS and the ISC Stormcast podcast, on API security. Guest is Jimmy Heschl, head of digital security at Red Bull, discussing the challenges of securing a global brand.
In today's podcast, we hear that AMD is investigating a report of exploitable flaws in its processors. Vietnamese threat actor OceanLotus gets a look from researchers. Patch Tuesday notes. Britain expels Russian diplomats in retaliation for a nerve agent attack. Russia demands to know what these cyberattacks are that the UK is said to be threatening. A brief history of Russo-British Twenty-first Century espionage and cyber tensions. Iranian threat actor MuddyWaters threatens researchers. Justin Harvey from Accenture on the importance of the first 48 hours following a breach. Guest is Patrick Sullivan from Akamai on VPNs and the notion of “verify and never trust.”
In today's podcast we hear some industry news today, briefly, before we get to the cloak-and-keyboard stuff. Fancy Bear has some new dance steps. OceanLotus and Sowbug, threat actors, not plants or insects, as you might be forgiven for thinking, snoop on ASEAN and Latin America, respectively. Notes on international law and the future of cyberwar from CyCon. Joe Carrigan from JHU on the difficulties in reporting vulnerabilities. Robert Rodriguez from SINET on the trends he sees from the companies winning the SINET 16. And Appleby insists the Paradise Papers were not an inside job.
In today's podcast we hear, second-hand but ultimately from Vladimir Vladimirovich himself, that Russian hackers are free-spirited, patriotic artists, and maybe he'd be in a position to know. WikiLeaks dumps more Vault7 documents. White hats reconsider crowdsourcing membership in the exploit-of-the-month club. OceanLotus may be weaponizing a ShadowBrokers' leak. Fireball malware used for ad fraud. A think tank warns of Royal Navy submarine cyber vulnerabilities. Kmart discloses a point-of-sale breach. Jonathan Katz from UMD on undetectable backdoors. Leo Taddeo from Cyxtera Technologies on what the Comey firing means for encryption and cyber security. And a motorcycle gang is hacking cars. Why? Because that's the way they roll.