POPULARITY
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.Fortinet responded by confirming that the breach involved unauthorized access to files on a third-party cloud-based shared drive, affecting a small portion of customer data.Hackers are targeting Oracle WebLogic servers with a new Linux malware named "Hadooken," which is designed to deploy a cryptominer and facilitate distributed denial-of-service (DDoS) attacks. Microsoft has reclassified a previously patched bug, CVE-2024-43461, as a zero-day vulnerability actively exploited by the "Void Banshee" threat group.Security researchers from Tenable revealed a critical remote code execution vulnerability in Google Cloud Platform that could have allowed attackers to run malicious code on millions of Google's servers.
Fortinet reveals a data breach. The feds sanction a Cambodian senator for forced labor scams. UK police arrest a teen linked to the Transport for London cyberattack. New Linux malware targets Oracle WebLogic. Citrix patches critical Workspace app flaws. Microsoft unveils updates to prevent outages like the CrowdStrike incident. U.S. Space Systems invests in secure communications. Illegal gun-conversion sites get taken down. Tim Starks of CyberScoop tracks Russian hackers mimicking spyware vendors. Cybersecurity hiring gaps persist. Hackers use eye-tracking to steal passwords. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we welcome back Tim Starks, senior reporter from CyberScoop, to discuss “Google: apparent Russian hackers play copycat to commercial spyware vendors.” You can read the article Tim refers to here. Selected Reading Fortinet Data Breach: What We Know So Far (SOCRadar) Cambodian senator sanctioned by US over cyber-scams (The Register) UK NCA arrested a teenager linked to the attack on Transport for London (Security Affairs) New 'Hadooken' Linux Malware Targets WebLogic Servers (SecurityWeek) Citrix Workspace App Vulnerabilities Allow Privilege Escalation Attacks (Cyber Security News) Microsoft Vows to Prevent Future CrowdStrike-Like Outages (Infosecurity Magazine) Space Systems Command Awards $188M Contract for meshONE-T Follow-on (Space Systems Command) Domains seized for allegedly importing Chinese gun switches (The Register) Why Breaking into Cybersecurity Isn't as Easy as You Think (Security Boulevard) Apple Vision Pro's Eye Tracking Exposed What People Type (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
CSAC recommends key changes to the Joint Cyber Defense Collaborative. Cloud vendor Snowflake says single-factor authentication is to blame in their recent breach. Publishers sue Google over pirated ebooks. The FBI shares LockBit decryption keys. V3B is a phishing as a service campaign targeting banking customers. Commando Cat targets Docker servers to deploy crypto miners. Our guest is Danny Allen, Snyk's CTO, discussing how in the rush to implement GenAI, some companies are bypassing best practices and security policies. Club Penguin fans stumble upon a cache of secrets in the house of mouse. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Danny Allen, Snyk's CTO, discussing how in the rush to implement GenAI, companies bypass best practices and security policies. This highlights a clear gap between those in leadership looking to adopt AI tools and the teams who are utilizing them. Learn more in Snyk Organizational AI Readiness Report. Selected Reading CISA advisors urge changes to JCDC's goals, operations, membership criteria (The Record) CISA says 'patch now' to 7-year-old Oracle WebLogic bug (The Register) Snowflake says users with single-factor authentication targeted in attack (SC Media) Advance Auto Parts stolen data for sale after Snowflake attack (Bleeping Computer) Major Publishers Sue Google Over Ads for Pirated Ebooks (Publishing Perspectives) FBI unveils 7,000 decryption keys to aid LockBit victims (Silicon Republic) Hackers Attacking Banking Customers Using Phishing-As-A-Service V3B Toolkit (GB Hackers) Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers (Trend Micro) Club Penguin fans breached Disney Confluence server, stole 2.5GB of data (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
[Referências] Vulnerabilidade no Oracle Weblogic https://gist.github.com/picar0jsu/f3e32939153e4ced263d3d0c79bd8786 https://www.oracle.com/security-alerts/cpujan2022.html https://www.oracle.com/security-alerts/cpujan2022verbose.html#FMW Ataque contra indivíduos em Hong Kong - https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/ Ataque ao sistema ferroviário de Belarus - https://arstechnica.com/information-technology/2022/01/hactivists-say-they-hacked-belarus-rail-system-to-stop-russian-military-buildup/ DHS alerta para ataques da Russia - https://edition.cnn.com/2022/01/24/politics/russia-cyberattack-warning-homeland-security/index.html Falha no Polkit - https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034 --- [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto
On The Cloud Pod this week, the team discusses the future of the podcast and how they'll know they've made it when listeners use Twitter to bombard Ryan with hatred when he's wrong. A big thanks to this week's sponsors: Foghorn Consulting, which provides full-stack cloud solutions with a focus on strategy, planning and execution for enterprises seeking to take advantage of the transformative capabilities of AWS, Google Cloud and Azure. This week's highlights Amazon gives Justin a long overdue birthday present. Google wants to educate the people. Azure has a new best friend but could they be a wolf in sheep’s clothing? General News: Goodbye, Friend The Apache foundation has decided to send Mesos to the attic. This makes us sad because we loved the concept. Amazon Web Services: Happy Birthday, Justin New AWS WAF Bot Control to reduce unwanted website traffic. This is great! AWS is releasing the Amazon Route 53 Resolver DNS firewall to defend against DNS-level threats. Pricing is interesting on this one. AWS launches CloudWatch Metric Streams. After years of complaints, they're finally fixing this issue. AWS Lambda@Edge changes duration billing granularity from 50ms down to 1ms. Nice price cut! AWS Direct Connect announces MACsec encryption for dedicated 10Gbps and 100Gbps connections at select locations. AWS has fulfilled their promise to Justin — three years later. Amazon announces new predictable pricing model up to 90% lower and Python Support moves to GA for CodeGuru Reviewer. If this goes down next week, blame Ryan. Google Cloud Platform: So Pretty Google is releasing an open-source set of JSON dashboards. This is super important. Google announces free AI and machine learning training for fraud detection, chatbots and more. We recommend you check these out. Google Clouds Database Migration Service is now generally available. Everything is so beautiful on paper. Google introduces request priorities for Cloud Spanner APIs. This just reinforces the fact that we don't know how Cloud Spanner works. Azure: Best Friends Microsoft’s new low-code programming language, Power FX, is in public preview. Terrible name. Microsoft announces new solutions for Oracle WebLogic on Azure Virtual Machines. They're running WebLogic on Azure because of some product requirement. The U.S. Army moves Microsoft HoloLens-based headset from prototyping to production phase. You don't get JEDI, but you get HoloLens! Microsoft launches Azure Orbital to deepen the value chain for geospatial earth imagery on cloud. Reminded us to watch Lord of War again, it's a good movie. Oracle: Win Dinner With Larry Oracle offers free cloud migration to lure new customers. Oracle CEO Larry Ellison will fly you to his private island — but if you don't sign up, you have to make your own way back. Oracle and Microsoft expand interconnection to Frankfurt, adding a third location in EMEA. Don't invite Oracle into your data center. TCP Lightning Round Anyone who makes fun of the Canadian accent wins so Justin takes this week's point and the lead, leaving scores at Justin (5), Ryan (3), Jonathan (5). Other headlines mentioned: Azure Kubernetes Service (AKS) now supports node image autoupgrade in public preview Public preview of Azure Kubernetes Service (AKS) run-command feature Amazon WorkSpaces webcam support now generally available Amazon VPC Flow Logs announces out-of-the-box integration with Amazon Athena AWS WAF now supports Labels to improve rule customization and reporting Amazon EKS is now FedRAMP-High Compliant AWS Budgets announces CloudFormation support for budget actions AWS Systems Manager Parameter Store now supports easier public parameter discoverability AWS Systems Manager Run Command now displays more logs and enables log download from the console Amazon EC2 now allows you to copy Amazon Machine Images across AWS GovCloud, AWS China and other AWS Regions AWS Systems Manager Parameter Store now supports removal of parameter labels Announcing Amazon Forecast Weather Index for Canada Things Coming Up Public Sector Summit Online — April 15–16 Discover cloud storage solutions at Azure Storage Day — April 29 AWS Regional Summits — May 10–19 AWS Summit Online Americas — May 12–13 Microsoft Build — May 19–21 (Digital) Google Financial Services Summit — May 27th Harness Unscripted Conference — June 16–17 Google Cloud Next — Not announced yet (one site says Moscone is reserved June 28–30) Google Cloud Next 2021 — October 12–14, 2021 AWS re:Invent — November 29–December 3 — Las Vegas Oracle Open World (no details yet)
We got a chance to chat with Saurya Das, Senior Program Manager at Microsoft, who is working on extending Azure Machine Learning capabilities to Kubernetes clusters whether they are on-prem or in the cloud with the help of Azure Arc as the centralized control plane. Media File: https://azpodcast.blob.core.windows.net/episodes/Episode371.mp3 YouTube Video Resources: Run Azure Machine Learning anywhere - on hybrid and in multi-cloud with Azure Arc - Microsoft Tech Community Hybrid Cloud Machine Learning on Kubernetes with Azure Arc – The New Stack Updates: Microsoft Power Fx: The open-source low-code programming language is in public preview General availability: Azure Monitor for Windows Virtual Desktop New solutions for Oracle WebLogic on Azure Virtual Machines Microsoft named a Leader in Forrester Wave: Function-as-a-Service Platforms Improve supply chain resiliency, traceability, and predictability with blockchain Gartner Announces Supply Chain Winners of the 2021 Power of the Profession Awards
警察庁は12月24日、「Oracle WebLogic Server の脆弱性(CVE-2020-14882)を標的としたアクセスの観測等について」とする注意喚起を「@police」において公開した。
Avast na svém blogu upozornil na phishing zprávu, která slibuje poukaz na 3000kč do supermarketu Albert; malware Emotet minulý týden změnil šablonu svých zpráv; zranitelnosti v Oracle Weblogic server, Windows Kernel Cryptography Driveru a SMBGhost.
In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irrigation systems and door openers are vulnerable to attacks, if you have Oracle WebLogic exposed to the Internet you are likely already pwned, who needs Internet Explorer any longer? and why isn't MFA more popular?! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw672
In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irriation systems and door openers are vulnerable to attacks, if you have Oracle WebLogic exposed to the Internet you are likely already pwned, who needs Internet Explorer any longer? and why isn't MFA more popular?! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/psw672
This week, we welcome back Shani Dodge and Roi Cohen from Vicarius to apply what we learned in the previous segment and actually prioritize our vulnerabilities and remediation the right way. Paul Battista, CEO & Founder of Polarity joins us in the following segment to show us how to use and customize augmented reality to speed up security analysis! In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irrigation systems and door openers are vulnerable to attacks, if you have Oracle WebLogic exposed to the Internet you are likely already pwned, who needs Internet Explorer any longer? and why isn't MFA more popular?! Show Notes: https://wiki.securityweekly.com/psw672 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://securityweekly.com/polarity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
This week, we welcome back Shani Dodge and Roi Cohen from Vicarius to apply what we learned in the previous segment and actually prioritize our vulnerabilities and remediation the right way. Paul Battista, CEO & Founder of Polarity joins us in the following segment to show us how to use and customize augmented reality to speed up security analysis! In the Security News, the KashmirBlack botnet is behind attacks on CMSs such as WordPress, Joomla, and Drupal, Cybercriminals are Coming After Your Coffee, irrigation systems and door openers are vulnerable to attacks, if you have Oracle WebLogic exposed to the Internet you are likely already pwned, who needs Internet Explorer any longer? and why isn't MFA more popular?! Show Notes: https://wiki.securityweekly.com/psw672 Visit https://securityweekly.com/vicarius to learn more about them! Visit https://securityweekly.com/polarity to learn more about them! Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Joining Oded Awaskar in this episode is Avigayil Mechtinger, a cyber analyst from Check Point's Mobile Security team, telling us about the recent PreAMo clicker campaign (13:10).In this episode, we also cover the following topics:A recent vulnerability discovered in Oracle WebLogic servers is being exploited to deliver the Sodinokibi ransomware (1:56).Check Point Research uncovered the activity of an Indonesian hacking group dubbed “plaNETWORK” (5:10).Over 200 online university campus stores were affected by a credit card skimming attack, dubbed “Mirrorthief” (7:00).Dell's SupportAssist software was found vulnerable to remote code execution (9:50). You may read the full PreAMo clicker campaign in the cp blog.Both of the Threat Intelligence reports are located here and here.
Welcome to the fourth episode of the CheckMates GO Podcast! Joining us in this episode is Avigayil Mechtinger, a cyber analyst from our Mobile Security team, telling us about the recent PreAMo clicker campaign (13:10). In this episode, we also cover the following topics: * A recent vulnerability discovered in Oracle WebLogic servers is being exploited to deliver the Sodinokibi ransomware (1:56) - tiny.cc/ngpq6y * Check Point Research uncovered the activity of an Indonesian hacking group dubbed “plaNETWORK” (5:10) - tiny.cc/0hpq6y * Over 200 online university campus stores were affected by a credit card skimming attack, dubbed “Mirrorthief” (7:00)- tiny.cc/5jpq6y * Dell’s SupportAssist software was found vulnerable to remote code execution (9:50) - tiny.cc/9npq6y You may read the full PreAMo clicker campaign in the cp blog - tiny.cc/qqpq6y Both of the Threat Intelligence reports are located here: tiny.cc/9tpq6y and here: tiny.cc/rvpq6y We hope you enjoy the episode! http://community.checkpoint.com
Kacey and Alex join HVR to talk through the key stories this week including a new threat group called “Mirrorthief” conducting “Magecart”-like digital skimming attacks against university websites, various code-sharing repositories being targeted and held for ransom by an unknown threat actor; and new ransomware, “Sodinokibi”, which used a zero-day vulnerability in Oracle WebLogic. Simon Hall and Dr. Richard Gold then join to dive deeper into the “Buckeye” APT group, which has recently been said to develop its own version of a tool that was likely created by the U.S. National Security Agency (NSA) prior to being leaked by the “ShadowBrokers” in 2017. Read the full findings at https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-02-may-09-may-2019.
As vulnerabilidades mais recentes do Oracle WebLogic já estão sendo amplamente exploradas. A novidade é que, além de mineradores, os atacantes estão recrutando os servidores comprometidos para botnets para realização de ataques de negação de serviços (DDoS). Leita também o nosso artigo sobre o assunto: https://morphuslabs.com/nova-vulnerabilidade-do-weblogic-explorada-para-forma%C3%A7%C3%A3o-de-botnets-ba2d65069396
Nesse episódio abordamos a exploração em massa do Oracle WebLogic poucos dias e porque trocar as senhas de Twitter e GitHub depois da comunicação oficial sobre a senha ter aparecido em logs internos das empresas.
In the Application Security News, Paul and Keith discuss how malicious NPM packages could harvest credit card numbers and passwords from your site, NVIDIA updates video drivers to help address CPU memory security, multiple vulnerabilities in PHP could allow for arbitrary code execution, and Oracle WebLogic vulnerabilities being exploited by Bitcoin miners! All that and more, on this episode of Application Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode01 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly
In the Application Security News, Paul and Keith discuss how malicious NPM packages could harvest credit card numbers and passwords from your site, NVIDIA updates video drivers to help address CPU memory security, multiple vulnerabilities in PHP could allow for arbitrary code execution, and Oracle WebLogic vulnerabilities being exploited by Bitcoin miners! All that and more, on this episode of Application Security Weekly! Full Show Notes: https://wiki.securityweekly.com/ASW_Episode01 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly
In today's podcast, we hear that Spectre and Meltdown have continued to receive patches, and they may not be as performance-killing as feared. F-Secure says if you leave your laptop alone it could be pwned in 30 seconds. Mobile ICS apps seem to be getting less, not more, secure. Google boots more bad stuff from the Play Store. Monero miners afflict unpatched Oracle WebLogic servers (so patch). The US Congress considers a Huawei ban. Johannes Ullrich from SANS and the Internet Stormcast podcast on IoT gifts. Guest is Phil Reitinger from the Global Cyber Alliance, an international, non-profit organization headquartered in New York City and London that is focused on eradicating systemic cybersecurity risks. And New Jersey is considering solving one of its biggest problems: droning under the influence. Sprung from cages on Highway 9 or not, don't try that on the turnpike, kids.
A conversation about Oracle WebLogic 12c's role in the evolution of Oracle Fusion Middleware, plus a quick overview of product information resources.
A discussion of the relationship between Oracle Weblogic 12c and Oracle Virtual Assembly Builder.
A conversation with the Oracle Weblogic Server product management team about community involvement in WebLogic's evolution.