POPULARITY
"Code of Honor: Embracing Ethics in Cybersecurity" by Ed Skoudis is a book that explores the ethical challenges faced by cybersecurity professionals in today's digital landscape. The book delves into the complex moral dilemmas that arise in the field of cybersecurity, offering guidance on how to navigate these issues while maintaining integrity. The authors provide practical advice and real-world examples to help readers develop a strong ethical framework for decision-making in their cybersecurity careers. Segment Resources: Code of Honor: https://www.montreat.edu/cybersecurity-code/ Purchase Ed's book here: https://a.co/d/gb3yRxU Get ready for a wild ride in this week's podcast episode, where we dive into the latest security shenanigans! Default Credentials Gone Wild: We'll kick things off with a look at how default credential scanners are like that friend who shows up to the party but never brings snacks. They're everywhere, but good luck finding one that actually works! Critical Vulnerabilities in Tank Gauges: Next, we'll discuss how automated tank gauges are now the new playground for hackers. With vulnerabilities that could lead to environmental disasters, it's like giving a toddler a box of matches—what could possibly go wrong? Cisco Routers: The Forgotten Gear: Cisco's small business routers are like that old car in your driveway—still running but definitely not roadworthy. We'll explore why you should check your network before it becomes a digital junkyard. Firmware Updates: A Love Story: Richard Hughes has dropped some juicy updates on fwupd 2.0.0, making firmware updates as easy as ordering takeout. But let's be real, how many of us actually do it? Stealthy Linux Malware: We'll also uncover Perfctl, the stealthy malware that's been creeping around Linux systems since 2021. It's like that one relative who overstays their welcome—hard to get rid of and always looking to borrow money! PrintNightmare Continues: And yes, the PrintNightmare saga is still haunting Windows users. It's like a horror movie that just won't end—grab your popcorn! Cyber Shenanigans at Comcast and Truist: We'll wrap up with a juicy breach involving Comcast and Truist Bank that compromised data for millions. Spoiler alert: they didn't have a great plan for cleaning up the mess. Tune in for all this and more as we navigate the wild world of security news with a wink and a nudge! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-846
"Code of Honor: Embracing Ethics in Cybersecurity" by Ed Skoudis is a book that explores the ethical challenges faced by cybersecurity professionals in today's digital landscape. The book delves into the complex moral dilemmas that arise in the field of cybersecurity, offering guidance on how to navigate these issues while maintaining integrity. The authors provide practical advice and real-world examples to help readers develop a strong ethical framework for decision-making in their cybersecurity careers. Segment Resources: Code of Honor: https://www.montreat.edu/cybersecurity-code/ Purchase Ed's book here: https://a.co/d/gb3yRxU Get ready for a wild ride in this week's podcast episode, where we dive into the latest security shenanigans! Default Credentials Gone Wild: We'll kick things off with a look at how default credential scanners are like that friend who shows up to the party but never brings snacks. They're everywhere, but good luck finding one that actually works! Critical Vulnerabilities in Tank Gauges: Next, we'll discuss how automated tank gauges are now the new playground for hackers. With vulnerabilities that could lead to environmental disasters, it's like giving a toddler a box of matches—what could possibly go wrong? Cisco Routers: The Forgotten Gear: Cisco's small business routers are like that old car in your driveway—still running but definitely not roadworthy. We'll explore why you should check your network before it becomes a digital junkyard. Firmware Updates: A Love Story: Richard Hughes has dropped some juicy updates on fwupd 2.0.0, making firmware updates as easy as ordering takeout. But let's be real, how many of us actually do it? Stealthy Linux Malware: We'll also uncover Perfctl, the stealthy malware that's been creeping around Linux systems since 2021. It's like that one relative who overstays their welcome—hard to get rid of and always looking to borrow money! PrintNightmare Continues: And yes, the PrintNightmare saga is still haunting Windows users. It's like a horror movie that just won't end—grab your popcorn! Cyber Shenanigans at Comcast and Truist: We'll wrap up with a juicy breach involving Comcast and Truist Bank that compromised data for millions. Spoiler alert: they didn't have a great plan for cleaning up the mess. Tune in for all this and more as we navigate the wild world of security news with a wink and a nudge! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-846
Get ready for a wild ride in this week's podcast episode, where we dive into the latest security shenanigans! Default Credentials Gone Wild: We'll kick things off with a look at how default credential scanners are like that friend who shows up to the party but never brings snacks. They're everywhere, but good luck finding one that actually works! Critical Vulnerabilities in Tank Gauges: Next, we'll discuss how automated tank gauges are now the new playground for hackers. With vulnerabilities that could lead to environmental disasters, it's like giving a toddler a box of matches—what could possibly go wrong? Cisco Routers: The Forgotten Gear: Cisco's small business routers are like that old car in your driveway—still running but definitely not roadworthy. We'll explore why you should check your network before it becomes a digital junkyard. Firmware Updates: A Love Story: Richard Hughes has dropped some juicy updates on fwupd 2.0.0, making firmware updates as easy as ordering takeout. But let's be real, how many of us actually do it? Stealthy Linux Malware: We'll also uncover Perfctl, the stealthy malware that's been creeping around Linux systems since 2021. It's like that one relative who overstays their welcome—hard to get rid of and always looking to borrow money! PrintNightmare Continues: And yes, the PrintNightmare saga is still haunting Windows users. It's like a horror movie that just won't end—grab your popcorn! Cyber Shenanigans at Comcast and Truist: We'll wrap up with a juicy breach involving Comcast and Truist Bank that compromised data for millions. Spoiler alert: they didn't have a great plan for cleaning up the mess. Tune in for all this and more as we navigate the wild world of security news with a wink and a nudge! Show Notes: https://securityweekly.com/psw-846
Get ready for a wild ride in this week's podcast episode, where we dive into the latest security shenanigans! Default Credentials Gone Wild: We'll kick things off with a look at how default credential scanners are like that friend who shows up to the party but never brings snacks. They're everywhere, but good luck finding one that actually works! Critical Vulnerabilities in Tank Gauges: Next, we'll discuss how automated tank gauges are now the new playground for hackers. With vulnerabilities that could lead to environmental disasters, it's like giving a toddler a box of matches—what could possibly go wrong? Cisco Routers: The Forgotten Gear: Cisco's small business routers are like that old car in your driveway—still running but definitely not roadworthy. We'll explore why you should check your network before it becomes a digital junkyard. Firmware Updates: A Love Story: Richard Hughes has dropped some juicy updates on fwupd 2.0.0, making firmware updates as easy as ordering takeout. But let's be real, how many of us actually do it? Stealthy Linux Malware: We'll also uncover Perfctl, the stealthy malware that's been creeping around Linux systems since 2021. It's like that one relative who overstays their welcome—hard to get rid of and always looking to borrow money! PrintNightmare Continues: And yes, the PrintNightmare saga is still haunting Windows users. It's like a horror movie that just won't end—grab your popcorn! Cyber Shenanigans at Comcast and Truist: We'll wrap up with a juicy breach involving Comcast and Truist Bank that compromised data for millions. Spoiler alert: they didn't have a great plan for cleaning up the mess. Tune in for all this and more as we navigate the wild world of security news with a wink and a nudge! Show Notes: https://securityweekly.com/psw-846
In der neuen Folge des Security-Insider Podcast greifen wir diesmal vorschnell totgesagte Themen auf und rücken die Argumente zur Cybersicherheitsagenda des BMI zurecht. Angesichts teils martialischer Wortmeldungen aus der Branche, sichern wir präventiv auch gleich unsere physischen Umgebungen ab – man kann ja nie wissen. Nicht fehlen dürfen schließlich Neuigkeiten, Hintergründe und Praxistipps für den Datenschutz im Kleinen wie im Großen.
A daily look at the relevant information security news from overnight - 16 June, 2022Episode 246 - 16 June 2022Cisco Email Patch- https://www.bleepingcomputer.com/news/security/cisco-secure-email-bug-can-let-attackers-bypass-authentication/Android Malibot - https://www.zdnet.com/article/this-new-android-malware-bypasses-multi-factor-authentication-to-steal-your-passwords/PrintNightmare Still Exposed- https://www.infosecurity-magazine.com/news/new-printnightmare-patch-bypassed/Shoprite Compromised - https://www.bleepingcomputer.com/news/security/extortion-gang-ransoms-shoprite-largest-supermarket-chain-in-africa/Zimbra Zinger - https://portswigger.net/daily-swig/business-email-platform-zimbra-patches-memcached-injection-flaw-that-imperils-user-credentialsHi, I'm Paul Torgersen. It's Thursday June 16th, 2022, and this is a look at the information security news from overnight. From BleepingComputer.comCisco is warning customers to patch a critical vulnerability that could allow attackers to login into the web management interface of Cisco Email Security Appliance (ESA) and Cisco Secure Email and Web Manager appliances. The flaw is due to improper authentication checks on affected devices using Lightweight Directory Access Protocol (LDAP) for external authentication. From ZDNet.com:A new Android malware called Malibot steals passwords, bank details and crypto wallets, and bypasses multi-factor authentication. Oh, it can also access text messages, steal browser cookies and take screenshots. It is distributed through smishing and fake websites, one of which spoofs a legit crypto tracker that has more than a million downloads on the Play Store. Current targets are customers of Spanish and Italian banks. From Infosecurity-Magazine.com:On Tuesday, Microsoft released a partial patch for the PrintNightmare zero-day. On Wednesday they pushed an out of band patch for the remaining affected products. Later Wednesday, researchers found a way around the new patch to still exploit the original vulnerability. The ongoing flaw relates to the Point and Print function, which microsoft says is not directly related to the flaw, but has a weak security posture which makes exploitation possible. From BleepingComputer.com:Africa's largest supermarket chain, Shoprite, has been hit by a ransomware attack. The company, which operates almost three thousand stores across twelve countries in the continent, warned customers Eswatini, Namibia and Zambia that their personal information may have been compromised. A threat group called RansomHouse has claimed responsibility for the attack. There has been no mention of any business disruptions or operational issues, so this may be a straight data theft with no files encrypted. And last today, from ZPortSwigger.net Business webmail platform Zimbra has patched a memcached injection vulnerability that could allow attackers to steal login credentials without user interaction. It would steal cleartext credentials from the Zimbra instance, when the mail client connects to the server to check their mail. Details and a link to the Sonar research in the article. That's all for me today. Have a great rest of your day. Like and subscribe, and until tomorrow, be safe out there.
The recently disclosed vulnerability in F5 BIG-IP took security Twitter by storm two weeks ago, and continues to make headlines now. It immediately prompted warnings from CISA and security researchers everywhere warning users to patch as soon as possible. Of course, it's important to patch. But maybe we started panicking a little too early that this was going to be the next PrintNightmare. On this week's episode of Talos Takes, Jon is joined by Jerry Gamblin from Kenna Security to talk about the ins and outs of this vulnerability and while it is serious, it's incredibly unlikely that an attacker can or would exploit it in the wild.
Subscribe to our Weekly Threat Intelligence Center News Feed! iPhones and Teslas can now be hacked remotely?? Tune in this week as Heff and Noah give you the LATEST CYBER NEWS. Included This Week:PrintNightmare RETURNS$5 Trojans for SaleiPhones Hackable Even When Shut OffHosted by Matthew Heffelfinger (Deputy CISO, GSTRT, CyRP (Pepperdine), GRCP, SSAP, ITIL4-F, GISF, PECB) and Noah Pack (Threat Hunter/Security Operations Center Analyst, Security+, ITF+, Sophos Certified Engineer).
The FBI and CISA are releasing this joint Cybersecurity Advisory to warn organizations that Russian state-sponsored cyber actors have gained network access through exploitation of default MFA protocols and a known vulnerability. As early as May 2021, Russian state-sponsored cyber actors took advantage of a misconfigured account set to default MFA protocols at a non-governmental organization (NGO), allowing them to enroll a new device for MFA and access the victim network. The actors then exploited a critical Windows Print Spooler vulnerability, “PrintNightmare” (CVE-2021-34527) to run arbitrary code with system privileges. Russian state-sponsored cyber actors successfully exploited the vulnerability while targeting an NGO using Cisco's Duo MFA, enabling access to cloud and email accounts for document exfiltration. Alert, Technical Details, and Mitigations Structured Threat Information Expression (STIX) Russian Cyber Threat Information Shields Up Technical Guidance All organizations should report incidents and anomalous activity to CISA's 24/7 Operations Center at central@cisa.dhs.gov or (888) 282-0870 and to the FBI via your local FBI field office or the FBI's 24/7 CyWatch at (855) 292-3937 or CyWatch@fbi.gov.
The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. In this episode, our host Brian Selfridge highlights the following topics trending in healthcare cybersecurity this week: President Biden's cybersecurity warning about Russian cyberattacks on U.S. companies New cybersecurity legislation signed that mandates breach reporting within 72 hours SEC proposes new cybersecurity disclosure requirements New FBI & CISA alert on Russian exploitation of multi-factor authentication and “PrintNightmare” vulnerability Hactivists attacks on Russia databases, TV broadcasts, weapons manufacturers, websites, and the Russian Roskomnadzor censorship agency Russia's creation of their own TLS Certificate Authority (CA) and implications for Internet accessibility in Russia FBI alert and guidance on the new RagnarLocker ransomware and implications for healthcare entities Details of the new Israel/US collaboration on cybersecurity Analysis of the Access:7 vulnerabilities affecting medical devices and IoT systems OCR / HHS publication and recommendations for healthcare organizations to improve cybersecurity defenses Analysis of the new HIMSS Healthcare Cybersecurity Survey New attacks emerge against Microsoft Teams
Cybersecurity and Compliance with Craig Petronella - CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001
In this episode, the PTG group discusses how Russian hackers hijacked multi-factor authentication (MFA) methods to exploit a Windows Print Spooler vulnerability called PrintNightmare, and what YOU can do to protect yourself and your business from being the next victim.Host: CraigGuests: Erin & BJPlease like, subscribe and visit all of our properties at:YouTube: https://www.youtube.com/channel/UC8Hgyv0SzIqLfKqQ03ch0BgYouTube: https://www.youtube.com/channel/UCa9l3tgOOHMJ6dClNn8BiqQ Podcasts: https://petronellatech.com/podcasts/ Website: https://compliancearmor.comWebsite: https://blockchainsecurity.comLinkedIn: https://www.linkedin.com/in/cybersecurity-compliance/ Please be sure to Call 877-468-2721 or visit https://petronellatech.com
Cybersecurity and Compliance with Craig Petronella - CMMC, NIST, DFARS, HIPAA, GDPR, ISO27001
How Russian hackers hijacked MFA to exploit a Windows Print Spooler vulnerability and what YOU can do to protect your business from being the next PrintNightmare victim.Host: CraigCo-Hosts: BJ & ErinPlease like, subscribe and visit all of our properties at:YouTube: https://www.youtube.com/channel/UC8Hgyv0SzIqLfKqQ03ch0BgYouTube: https://www.youtube.com/channel/UCa9l3tgOOHMJ6dClNn8BiqQ Podcasts: https://petronellatech.com/podcasts/ Website: https://compliancearmor.comWebsite: https://blockchainsecurity.comLinkedIn: https://www.linkedin.com/in/cybersecurity-compliance/ Please be sure to Call 877-468-2721 or visit https://petronellatech.com
Are you stuck in the print nightmare? Richard talks to Jeremy Moskowitz about the ongoing battle over potential exploits through the point-and-print system in Windows. Jeremy talks about the discovery of the vulnerability in July 2021 and how it has led to a series of patches and registry key changes to resist a potential exploit. Meantime, people need to print! There are several workarounds with Group Policy, and Jeremy's own PolicyPak has some practical solutions. If you put some time into thinking through how your organization prints, you can find a solution that works and is secure!Links:July Windows Print Spooler Remote Code Execution VulnerabilityAugust Windows Print Spooler Remote Code Execution VulnerabilityRestrictDriverInstallationToAdministratorGroup Policy Settings for Controlling PrintersUltimate Guide to PrintNightmarePDQ DeployRecorded September 9, 2021
In this episode the fellas chat about Chris' continuing PrintNightmare, Josh's firewall issue with a root CA expiration, the extension Google Tone, and if they blanket allow or blanket deny Chrome extensions for students. Chris and Cory are also very distracted with Amazon's new helper robot (Amazon is not a sponsor...), and Cory changes a lightbulb while he is supposed to be recording. Check out our sponsor ClassLink... Here's a K-12 Case Study. Tweet us at @k12techtalkpod email us k12techtalk@gmail.com BUY A SHIRT AND/OR HOODIE! https://tinyurl.com/k12techtalkGOTSHIRTS Visit our sponsors at: somethingcool.com provisionds.com arubanetworks.com classlink.com
In this session excerpted from a web seminar, Sean Deuby (Semperis Director of Services) and Michele Crockett (Semperis Senior Director of Product Marketing) discuss two important Microsoft security flaws: the Windows Print Spooler vulnerability called PrintNightmare and the PetitPotam flaw. Sean gives some background on how cybercriminals exploit these flaws, how they came to light, and what you can do to guard against them. More Resources: Watch the full webinar, Stepping Up Your Active Directory Defenses: Lessons Learned from Recent Attacks Like PrintNightmare Read “Detecting and Mitigating the PetitPotam Attack on Windows Domains” Blog by Ran Harel Read “TODO: Disable the Print Spooler service on Domain Controllers” Blog by Sander Berkouwer
In this episode Chris talks about applying a Windows update that broke all of his printing. Josh talks about a student that sent him an email asking for filter changes to be applied, and he talks about an experience with a stolen Chromebook. Cory talks about his new visitor management system. The newly released critical patches for Nagios and VCenter are also discussed. Article we discuss - https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/ Check out our sponsor ClassLink | Single Sign-On for Education Tweet us at @k12techtalkpod email us k12techtalk@gmail.com BUY A SHIRT AND/OR HOODIE! https://tinyurl.com/k12techtalkGOTSHIRTS Visit our sponsors at: somethingcool.com provisionds.com arubanetworks.com classlink.com
Mike Sutton (@zenmike), Peter Lowe (@pgl), and Jon Cohen (@jonnisec) discuss security and privacy headlines from the past week. Here's a link to the book Jon mentioned: https://marshallbrain.com/manna1 00:00 Intro 01:30 Crypto-scammer manipulates Walmart and Litecoin - https://www.cnbc.com/2021/09/13/walmart-to-accept-payments-with-cryptocurrencies-using-litecoin.html 09:37 Microsoft finally patches PrintNightmare, causes other issues. - https://www.techspot.com/news/91315-microsoft-latest-attempt-patch-printnightmare-vulnerabilities-causes-network.html 12:43 Critical infrastructure continues to be vulnerable. - https://www.raconteur.net/infrastructure/future-of-infrastructure-the-threat-of-cyber-attacks/ 21:19 The state of privacy laws in the U.S. IT SUCKS! - https://www.nytimes.com/wirecutter/blog/state-of-privacy-laws-in-us/ 27:36 The ICO to end cookie pop-ups and spam calls and texts. Also, unicorns exist! - https://www.computerweekly.com/news/252506318/ICO-in-bid-to-end-cookie-pop-ups - https://news.sky.com/story/tougher-penalties-considered-for-nuisance-calls-and-text-messages-12403341 35:16 Breaking news: Schools are vulnerable to ransomware and data breaches - just like everyone else. - https://www.theverge.com/2021/9/10/22667637/go-read-this-ransomware-attacks-schools-student-identity-theft - https://www.nbcnews.com/tech/security/hackers-are-leaking-childrens-data-s-little-parents-can-rcna1926 48:56 Schools are buying (and using) FBI-grade phone-hacking tech for use against students. - https://gizmodo.com/u-s-schools-are-buying-phone-hacking-tech-that-the-fbi-1845862393 59:04 AI will save us all! - https://www.makeuseof.com/how-artificial-intelligence-is-changing-cybersecurity-/ - https://www.forbes.com/sites/forbestechcouncil/2021/08/11/how-the-pandemic-has-shifted-attitudes-to-the-artificial-intelligence-of-things-and-the-smart-home/ Music from StreamBeats.
Kyberbrunssi herrasmieshakkereiden kansshttps://f-secure.videosync.fi/2021-09-24-kyberbrunssiKatsaus Digi- ja Kybermaailmaan LIVE - Syyskuu 2021https://youtu.be/bdwnbUoH9mMAntin uusiliiketoiminta - NFThttps://www.theblockcrypto.com/post/117968/kia-sedona-nft-sale-goes-belly-up-as-contractor-allegedly-runs-off-with-3-millionhttps://opensea.io/assets/0x2a9e4045185c8d778b85610ca96d79bd8ecdc720/1https://cointelegraph.com/news/sushi-s-token-launchpad-miso-hacked-for-3mhttps://protos.com/jay-pegs-auto-mart-crypto-larp-meets-nft-inside-2007-kia-sedona/Revil-ransomwareen julkaistu purkutyökaluhttps://www.bitdefender.com/blog/labs/bitdefender-offers-free-universal-decryptor-for-revil-sodinokibi-ransomware/Microsoftilla on sittenkin ratkaisu siihen miten makromaltsu dokkareita voi avata turvallisestihttps://www.computerworld.com/article/3605034/microsoft-releases-application-guard-for-office-to-m365-customers.htmlhttps://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide Microsoft Azuren OMI-haavoittuvuudethttps://www.theregister.com/2021/09/17/microsoft_manual_omigod_fixes/https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-executionhttps://www.kyberturvallisuuskeskus.fi/fi/haavoittuvuus_28https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/09/patch-now-printnightmare-over-mshtml-fixed-a-new-horror-appears-omigod/Iivari Heinäkuun kirjoitus Nvidia Geforce Now-striimauspalvelustahttps://ighor.medium.com/i-unlocked-nvidia-geforce-now-and-stumbled-upon-pirates-dc48a3f8ff7 Apple päivittänyt nollapäiviänsä - päivitä iOS laitteesi viimeistään nyt!https://www.vice.com/amp/en/article/3aq9q3/apple-patches-zero-click-imessage-hack-used-by-nsohttps://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/Lista tietomurtotutkinnan jälkitoimenpiteisiin - lista jakaa mielipiteitä Turvakäräjillähttps://www.pwndefend.com/2021/09/15/post-compromise-active-directory-checklist/
Nuevos iPhone, iPad y Apple Watch / La lista VIP secreta de Facebook / Encuesta podcast Spotify / Conteo de personas por Wi-Fi / Audio BT en Switch / Cierra GearBest / Parcheo final en PrintNightmare Apple presenta nuevos iPhone, iPad y Apple Watch. Los nuevos iPhone 13 mantienen los precios https://clipset.com/apple-iphone-13-pro-novedades-pantalla-y-camara/ de los anteriores y añaden algunas funciones esperadas como los 120 Hz, mejor grabación, más batería. El nuevo iPad Mini rediseñado pinta estupendo https://www.applesfera.com/ipad/ipad-mini-2021-precio-caracteristicas-especificaciones. El nuevo Apple Watch tiene la pantalla más grande https://es.gizmodo.com/el-apple-watch-series-7-ya-esta-aqui-1847675284 y cambia ligeramente su diseño por primera vez. A todos los que esperáis por nuevos Macs o nuevos AirPods os tocará esperar a un siguiente evento dentro de unas semanas. — Las actualizaciones de sistemas operativos iOS, macOS, watchOS, etc. serán públicas y finales el 20 de septiembre https://es.gizmodo.com/la-actualizacion-a-ios-15-estara-disponible-para-todos-1847678192. Facebook tiene una lista de usuarios "VIP" que pueden publicar lo que quieran. Un informe interno revelado por el WSJ revela que más de cinco millones de cuentas asociadas a políticos, deportistas, medios, y cuentas verificadas en general, podían saltarse rutinariamente las reglas https://www.lavanguardia.com/tecnologia/20210914/7720821/facebook-permite-usuarios-vip-saltarse-normas.html de moderación y contenido en la plataforma. Incluso el famoso "Tribunal Supremo" de Facebook, ha comentado en Twitter https://twitter.com/OversightBoard/status/1437434013153640455 (¿?) que les preocupa este tipo de medidas y de inconsistencia interna. Spotify dice que más de la mitad de españoles escucha podcasts. Una sorprendente cifra del 51% https://www.notimerica.com/ciencia-tecnologia/noticia-portaltic-podcast-conquista-espanoles-51-poblacion-ya-escucha-formato-33-fidelizado-20210915111710.html, que yo personalmente no me creo y entiendo que está basada en una mala encuesta o preguntas retorcidas. Leeré el informe y os comentaré. — ¿Qué pensáis? Consiguen contar personas simplemente usando antenas Wi-Fi. Científicos de California han logrado un sistema que analiza las perturbaciones entre dos puntos Wi-Fi, uno de emisión y otro de recepción, y con él conseguir adivinar el número de personas https://techxplore.com/news/2021-09-dont-fidget-wifi.html que hay en una habitación aunque no tengan ningún dispositivo encima, e incluso a través de paredes. Resulta que la Nintendo Switch sí tenía Bluetooth. Cuatro años después de su lanzamiento, Nintendo ha añadido capacidad de conexión para auriculares Bluetooth https://eloutput.com/noticias/videojuegos/nintendo-switch-auricualres-bluetooth/ a la consola. Previamente solo servía para conectar mandos y tenías que comprar un adaptador específico https://nerdtechy.com/best-nintendo-switch-bluetooth-adapter si querías usar cascos inalámbricos. Cierra por sorpresa GearBest, el comercio electrónico chino. A falta de alguna explicación oficial, una de las primeras tiendas populares de minoristas ha desaparecido del mapa https://www.elespanol.com/elandroidelibre/noticias-y-novedades/20210914/gearbest-tienda-comprabas-xiaomi-oneplus-cerrado-repentina/611939699_0.html, y que incluso tenían almacenes propios https://www.elespanol.com/elandroidelibre/moviles-android/accesorios/20160912/gearbest-almacen-espana-envios-gratis-sin-aduanas/154985470_0.html en varios países de Europa. Muy raro. Una de sus empresas "hermanas", SammyDress, sigue online http://www.sammydress.com/. Microsoft parchea por fin las vulnerabilidades PrintNightmare. El conjunto de fallos que permitía acceder a dispositivos con Windows a través de las librerías de control de impresoras queda, esperamos, parcheado https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-remaining-windows-printnightmare-vulnerabilities/. Los parches iniciales fueron inefectivos, y me sorprende que hayan tardado tanto en llegar. Anonymous hackea el registrador de dominios Epik. Una organización controvertida hackeando a otra. Un asunto meta-controvertido porque al hacerlo han publicado los datos históricos https://archive.is/Czuu2 de clientes de la empresa que son "inocentes". Han filtrado literalmente todo. Tres ex-espías estadounidenses admiten haber hackeado para Emiratos Árabes Unidos. El polémico "Proyecto Raven" https://www.reuters.com/world/us/american-hacker-mercenaries-face-us-charges-work-uae-2021-09-14/ fue un grupo de ex-operativos de NSA que, trabajando para los emiratíes, accedió a las comunicaciones de ONGs y activistas en todo el mundo, muchos de los cuales fueron capturados y torturados https://www.reuters.com/investigates/special-report/usa-raven-whitehouse/. Si queréis más información sobre DarkMatter https://archive.md/mOyVT, la empresa de ciberespionaje https://en.wikipedia.org/wiki/DarkMatter_(Emirati_company) que llevó adelante a cabo las operaciones, que siguen en la actualidad.
Brad Smith relives early days of the SolarWinds attack Internet Explorer zero-days are still something to worry about German police bought NSO Pegasus spyware Thanks to our episode sponsor, Semperis Have you fixed PrintNightmare yet? Ransomware groups including Vice Society are already exploiting this critical flaw in the Windows Print Spooler service. But you can fight back: Download Purple Knight, a free Active Directory security assessment tool that scans your environment for PrintNightmare and more than 70 other attack indicators. To download your free tool, go to Purple-Knight.com.
BrakTooth bites major SoC vendors The cost of ransomware to schools Posts surrounding January 6th disappear from Facebook data Thanks to our episode sponsor, Semperis Have you fixed PrintNightmare yet? Ransomware groups including Vice Society are already exploiting this critical flaw in the Windows Print Spooler service. But you can fight back: Download Purple Knight, a free Active Directory security assessment tool that scans your environment for PrintNightmare and more than 70 other attack indicators. To download your free tool, go to Purple-Knight.com.
Check out this week's Triden Group: Security Squad #Podcast Episode 18. Tune in for the latest on #PolyNetwork, #PrintNightmare, and #Tmobile's data breach.
On this week's show Patrick Gray and Adam Boileau discuss recent security news, including: T-Mobile owned hard USA no fly list winds up on unsecured ElasticSearch in Bahrain… because reasons Facebook scrambles to secure Afghani accounts Hacker steals and returns $600 from de-fi platform Healthcare sector struggles with ransomware attacks A very sweet TCP-based amplification technique that will be A Problem Much, much more Evan Sultanik and Dan Guido will be joining us to talk about Fickling – a tool developed by Trail of Bits to do unnatural things to the Python Pickle files that are heavily used as a means to share machine learning models. The machine learning supply chain is really quite wobbly, and they'll be joining us later to talk about that. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes T-Mobile breach climbs to over 50 million people T-Mobile: Breach Exposed SSN/DOB of 40M+ People – Krebs on Security 1.9 million records from the FBI's terrorist watchlist leaked online - The Record by Recorded Future Facebook, other platforms scramble to secure user accounts in Afghanistan This $600 Million Crypto Heist Is the Most Bizarre Hack in Recent Memory A Hacker Stole and Then Returned $600 Million Japanese crypto-exchange Liquid hacked for $94 million - The Record by Recorded Future Operator of the Helix bitcoin mixer pleads guilty to money laundering - The Record by Recorded Future Healthcare provider expected to lose $106.8 million following ransomware attack - The Record by Recorded Future Hospitals hamstrung by ransomware are turning away patients | Ars Technica US healthcare org sends data breach warning to 1.4m patients following ransomware attack | The Daily Swig The pandemic revealed the health risks of hospital ransomware attacks - The Verge Ransomware hackers could hit U.S. supply chain, experts warn Ransomware hits Lojas Renner, Brazil's largest clothing store chain - The Record by Recorded Future RansomClave project uses Intel SGX enclaves for ransomware attacks - The Record by Recorded Future Wanted: Disgruntled Employees to Deploy Ransomware – Krebs on Security Japan's Tokio Marine is the latest insurer to be victimized by ransomware Cyber insurance market encounters ‘crisis moment' as ransomware costs pile up White House to tackle cyber challenges with Apple, IBM, insurance CEOs | Reuters FBI sends its first-ever alert about a 'ransomware affiliate' - The Record by Recorded Future New LockFile ransomware gang weaponizes ProxyShell and PetitPotam attacks - The Record by Recorded Future Multiple ransomware gangs pounce on 'PrintNightmare' vulnerability Peterborough NH Cyberattack: Town Loses $2.3M in Taxpayer Money – NBC Boston Almost 2,000 Exchange servers hacked using ProxyShell exploit - The Record by Recorded Future ALTDOS hacking group wreaks havoc across Southeast Asia - The Record by Recorded Future Hackers Leak Surveillance Camera Videos Purportedly Taken From Inside Iran's Evin Prison - by Kim Zetter - Zero Day Apple reopens legal fight against security firm Corellium, raising concerns for ethical hackers Apple says researchers can vet its child safety features. But it's suing a startup that does just that. | MIT Technology Review This $500 Million Russian Cyber Mogul Planned To Take His Company Public—Then America Accused It Of Hacking For Putin's Spies Cisco: Security devices are vulnerable to SNIcat data exfiltration technique - The Record by Recorded Future SNIcat: Circumventing the guardians | mnemonic BlackBerry's popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings Realtek SDK vulnerabilities impact dozens of downstream IoT vendors | The Daily Swig Hundreds of thousands of Realtek-based devices under attack from IoT botnet - The Record by Recorded Future Accellion Kiteworks Vulnerabilities | Insomnia Security Firewalls and middleboxes can be weaponized for gigantic DDoS attacks - The Record by Recorded Future Hackers tried to exploit two zero-days in Trend Micro's Apex One EDR platform - The Record by Recorded Future Exhaustive study puts China's infamous Great Firewall under the microscope | The Daily Swig Web hosting platform cPanel & WHM is vulnerable to authenticated RCE and privilege escalation | The Daily Swig Benno on Twitter: "I will donate $50 to a charity of @riskybusiness' choice if he puts this in the show." / Twitter Never a dill moment: Exploiting machine learning pickle files PrivacyRaven: Implementing a proof of concept for model inversion GitHub - trailofbits/fickling: A Python pickling decompiler and static analyzer
Willkommen zum Skytale-Podcast Ausgabe 23. Wie gewohnt haben wir für Sie IT-Pannen, Gefahrenpotentiale, Bedrohungen, Angriffe und Betrugsversuche im Internet gesichtet und analysiert. Was ist da schief gelaufen, woraus können wir lernen? Unsere Themen heute sind unter anderem erneut der Dauerbrenner PrintNightmare, ein irrer Krypto-Diebstahl, der irgendwie dann doch keiner war und die immer skurrileren Auswüchse der Ransomware. Wir sprechen über eine neue SMS-Betrugsmasche, über falsche Ferienhäuser und über neue Erkenntnisse beim Social Engineering. Und am Ende werden wir sogar ein wenig musikalisch. The Ransomware Song (Just Blame Math) Proofpoint Threat Report SKYTALE Online Akademie für IT-Sicherheit Folge direkt herunterladen
How far would you go to protect your children from sexual predators? How much privacy would you give up to try to prevent the sharing of child pornography? We are now faced squarely with those questions because Apple has just announced some new initiatives that it believes will curb the viewing and sharing of pornographic images. But we need to be extremely careful here. The Four Horsemen of the Infocalypse are pedophiles, terrorists, drug dealers and organized crime. When someone asks you what privacy and civil liberties you would be willing to give up to stop these undeniably bad things, you need to replace their bogeyman with other straw men and make sure your convictions still hold. Technologies that can be used to stop something you hate today can also be used to stop things you don't tomorrow. Today I'll discuss Apple's new "child safety" initiatives and explain why I think they're making the wrong tradeoffs. And also why they are actually not that effective and even potentially harmful to children. In other news: Both T-Mobile and AT&T appear to have suffered massive data breaches of current and even prospective customers; Microsoft's PrintNightmare continues, despite several attempts to fix the issues; millions of home routers, web cams and baby monitors are vulnerable to a new attacks; Facebook is trying to help Afgans hide their friends lists in the face of Taliban reprisals; your IoT devices are horrible with random numbers, and that's a huge security risk; a secret terrorist watch list with almost 2 million people has leaked; and the OAuth web app authentication system is ripe for hacking, potentially putting several of your accounts at risk. Article Links Blocking the Exploitation of PrintNightmare https://securityboulevard.com/2021/08/blocking-the-exploitation-of-printnightmare/Disabling your Print Spooler (see “Workarounds”): https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527Millions of home Wi-Fi routers under attack by botnet malware https://www.tomsguide.com/news/arcadyan-router-malwareSEE ALSO: Router Security: https://routersecurity.org/ T-Mobile Data Breach: 100 Million Customer Data Records Compromised Including Social Security, Driver's License & Unique Device Numbers https://www.cpomagazine.com/cyber-security/t-mobile-data-breach-100-million-customer-data-records-compromised-including-social-security-drivers-license-unique-device-numbers/Hacker Selling Private Data Allegedly from 70 Million AT&T Customers https://restoreprivacy.com/att-data-breach-70-million-customers/ Millions of Web Camera and Baby Monitor Feeds Are Exposed https://www.wired.com/story/kalay-iot-bug-video-feeds/ Secret terrorist watchlist with 2 million records exposed online https://www.bleepingcomputer.com/news/security/secret-terrorist-watchlist-with-2-million-records-exposed-online/ To protect users, Facebook says it's hiding friends lists on accounts in Afghanistan https://www.nytimes.com/2021/08/20/world/asia/afghanistan-facebook.html Web apps have become so complex that they're unsafe to use, researchers say https://www.tomsguide.com/news/unsafe-web-apps-oauth DEFCON “You're doing IoT RNG” paper: https://labs.bishopfox.com/tech-blog/youre-doing-iot-rng Apple's New ‘Child Safety' Initiatives, and the Slippery Slope https://daringfireball.net/2021/08/apple_child_safety_initiatives_slippery_slopeWe built a system like Apple's to flag child sexual abuse material — and concluded the tech was dangerous https://www.washingtonpost.com/opinions/2021/08/19/apple-csam-abuse-encryption-security-privacy-dangerous/Open letter to Apple from 90+ world orgs https://cdt.org/insights/international-coalition-calls-on-apple-to-abandon-plan-to-build-surveillance-capabilities-into-iphones-ipads-and-other-products/ Tell Apple not to scan our phones: https://act.eff.org/action/tell-apple-don-t-scan-our-phones Further Info Become a Patron! https://www.patreon.com/FirewallsDontStopDragons Would you like me to speak to ...
In this hot take of Phoenix Cast, hosts John and Kyle discuss the recent “PrintNightmare” and Kaseya Ransomware attack. This isn't the first time ransomware has come up in the podcast and is surely not the last. In this episode, John and Kyle will discuss what was different about these attacks and why they matter. Share your thoughts with us on Twitter: @USMC_TFPhoenix Follow MARFORCYBER & MCCOG on Twitter, LinkedIn, Facebook, and YouTube. Leave your review on Apple Podcasts.
On Windows Weekly, Leo Laporte, Paul Thurrott, and Mary Jo Foley discuss the latest build of Windows 11 and the "inbox" apps that come along with it. Full episode at twit.tv/ww738 Hosts: Leo Laporte, Paul Thurrott, and Mary Jo Foley You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/
On Windows Weekly, Leo Laporte, Paul Thurrott, and Mary Jo Foley discuss the latest build of Windows 11 and the "inbox" apps that come along with it. Full episode at twit.tv/ww738 Hosts: Leo Laporte, Paul Thurrott, and Mary Jo Foley You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/
Windows 11 updates, PrintNightmare continues, Xbox Game Pass Microsoft lights up more Teams Chat features and delivers updated Windows 11 inbox apps for Insider testers Windows 11 Tip: Change Default Apps Microsoft Consumer Microsoft hires former Uber exec in effort to grow its Teams consumer business PrintNightmare Microsoft Tries, Again, to Get in Front of Printing Vulnerabilities Microsoft vs. AWS Microsoft protests Amazon's $10 billion NSA cloud contract win Amazon Retail Sales Surpass Walmart Xbox Microsoft Reveals More Game Pass Titles for August Microsoft is Testing a Higher Resolution Dashboard on Xbox Series X Sea of Thieves Now Has 4.8 Million Active Users Tips and picks Tip of the week: Try Game Pass App pick of the week: elementary OS 6 Enterprise pick of the week: An updated M365 Roadmap site is coming Buzzword pick of the week: Ransomware Beer pick of the week: Off Color Brewing Beer for Beaches Hosts: Leo Laporte, Mary Jo Foley, and Paul Thurrott Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com Check out Mary Jo's blog at AllAboutMicrosoft.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: CrowdStrike.com/twit wwt.com/twit
Picture of the week. Firefox Update. Facebook finally adds end-to-end encryption to Messenger. Exploitation of PrintNightmare has begun. And "Magniber" Ransomware Uses PrintNightmare. Crypto-mining botnet modifies CPU configurations to increase its mining power. NortonLifeLock and Avast are merging their users. ASUS updates 207 motherboard BIOSes! Errata. Closing the Loop. Microsoft's Culpable Negligence. We invite you to read our show notes at https://www.grc.com/sn/SN-832-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: att.com/activearmor expressvpn.com/securitynow CrowdStrike.com/twit
Windows 11 updates, PrintNightmare continues, Xbox Game Pass Microsoft lights up more Teams Chat features and delivers updated Windows 11 inbox apps for Insider testers Windows 11 Tip: Change Default Apps Microsoft Consumer Microsoft hires former Uber exec in effort to grow its Teams consumer business PrintNightmare Microsoft Tries, Again, to Get in Front of Printing Vulnerabilities Microsoft vs. AWS Microsoft protests Amazon's $10 billion NSA cloud contract win Amazon Retail Sales Surpass Walmart Xbox Microsoft Reveals More Game Pass Titles for August Microsoft is Testing a Higher Resolution Dashboard on Xbox Series X Sea of Thieves Now Has 4.8 Million Active Users Tips and picks Tip of the week: Try Game Pass App pick of the week: elementary OS 6 Enterprise pick of the week: An updated M365 Roadmap site is coming Buzzword pick of the week: Ransomware Beer pick of the week: Off Color Brewing Beer for Beaches Hosts: Leo Laporte, Mary Jo Foley, and Paul Thurrott Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com Check out Mary Jo's blog at AllAboutMicrosoft.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: CrowdStrike.com/twit wwt.com/twit
Windows 11 updates, PrintNightmare continues, Xbox Game Pass Microsoft lights up more Teams Chat features and delivers updated Windows 11 inbox apps for Insider testers Windows 11 Tip: Change Default Apps Microsoft Consumer Microsoft hires former Uber exec in effort to grow its Teams consumer business PrintNightmare Microsoft Tries, Again, to Get in Front of Printing Vulnerabilities Microsoft vs. AWS Microsoft protests Amazon's $10 billion NSA cloud contract win Amazon Retail Sales Surpass Walmart Xbox Microsoft Reveals More Game Pass Titles for August Microsoft is Testing a Higher Resolution Dashboard on Xbox Series X Sea of Thieves Now Has 4.8 Million Active Users Tips and picks Tip of the week: Try Game Pass App pick of the week: elementary OS 6 Enterprise pick of the week: An updated M365 Roadmap site is coming Buzzword pick of the week: Ransomware Beer pick of the week: Off Color Brewing Beer for Beaches Hosts: Leo Laporte, Mary Jo Foley, and Paul Thurrott Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com Check out Mary Jo's blog at AllAboutMicrosoft.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: CrowdStrike.com/twit wwt.com/twit
Windows 11 updates, PrintNightmare continues, Xbox Game Pass Microsoft lights up more Teams Chat features and delivers updated Windows 11 inbox apps for Insider testers Windows 11 Tip: Change Default Apps Microsoft Consumer Microsoft hires former Uber exec in effort to grow its Teams consumer business PrintNightmare Microsoft Tries, Again, to Get in Front of Printing Vulnerabilities Microsoft vs. AWS Microsoft protests Amazon's $10 billion NSA cloud contract win Amazon Retail Sales Surpass Walmart Xbox Microsoft Reveals More Game Pass Titles for August Microsoft is Testing a Higher Resolution Dashboard on Xbox Series X Sea of Thieves Now Has 4.8 Million Active Users Tips and picks Tip of the week: Try Game Pass App pick of the week: elementary OS 6 Enterprise pick of the week: An updated M365 Roadmap site is coming Buzzword pick of the week: Ransomware Beer pick of the week: Off Color Brewing Beer for Beaches Hosts: Leo Laporte, Mary Jo Foley, and Paul Thurrott Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com Check out Mary Jo's blog at AllAboutMicrosoft.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: CrowdStrike.com/twit wwt.com/twit
Windows 11 updates, PrintNightmare continues, Xbox Game Pass Microsoft lights up more Teams Chat features and delivers updated Windows 11 inbox apps for Insider testers Windows 11 Tip: Change Default Apps Microsoft Consumer Microsoft hires former Uber exec in effort to grow its Teams consumer business PrintNightmare Microsoft Tries, Again, to Get in Front of Printing Vulnerabilities Microsoft vs. AWS Microsoft protests Amazon's $10 billion NSA cloud contract win Amazon Retail Sales Surpass Walmart Xbox Microsoft Reveals More Game Pass Titles for August Microsoft is Testing a Higher Resolution Dashboard on Xbox Series X Sea of Thieves Now Has 4.8 Million Active Users Tips and picks Tip of the week: Try Game Pass App pick of the week: elementary OS 6 Enterprise pick of the week: An updated M365 Roadmap site is coming Buzzword pick of the week: Ransomware Beer pick of the week: Off Color Brewing Beer for Beaches Hosts: Leo Laporte, Mary Jo Foley, and Paul Thurrott Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com Check out Mary Jo's blog at AllAboutMicrosoft.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: CrowdStrike.com/twit wwt.com/twit
Picture of the week. Firefox Update. Facebook finally adds end-to-end encryption to Messenger. Exploitation of PrintNightmare has begun. And "Magniber" Ransomware Uses PrintNightmare. Crypto-mining botnet modifies CPU configurations to increase its mining power. NortonLifeLock and Avast are merging their users. ASUS updates 207 motherboard BIOSes! Errata. Closing the Loop. Microsoft's Culpable Negligence. We invite you to read our show notes at https://www.grc.com/sn/SN-832-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: att.com/activearmor expressvpn.com/securitynow CrowdStrike.com/twit
Windows 11 updates, PrintNightmare continues, Xbox Game Pass Microsoft lights up more Teams Chat features and delivers updated Windows 11 inbox apps for Insider testers Windows 11 Tip: Change Default Apps Microsoft Consumer Microsoft hires former Uber exec in effort to grow its Teams consumer business PrintNightmare Microsoft Tries, Again, to Get in Front of Printing Vulnerabilities Microsoft vs. AWS Microsoft protests Amazon's $10 billion NSA cloud contract win Amazon Retail Sales Surpass Walmart Xbox Microsoft Reveals More Game Pass Titles for August Microsoft is Testing a Higher Resolution Dashboard on Xbox Series X Sea of Thieves Now Has 4.8 Million Active Users Tips and picks Tip of the week: Try Game Pass App pick of the week: elementary OS 6 Enterprise pick of the week: An updated M365 Roadmap site is coming Buzzword pick of the week: Ransomware Beer pick of the week: Off Color Brewing Beer for Beaches Hosts: Leo Laporte, Mary Jo Foley, and Paul Thurrott Download or subscribe to this show at https://twit.tv/shows/windows-weekly Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Check out Paul's blog at thurrott.com Check out Mary Jo's blog at AllAboutMicrosoft.com The Windows Weekly theme music is courtesy of Carl Franklin. Sponsors: CrowdStrike.com/twit wwt.com/twit
Picture of the week. Firefox Update. Facebook finally adds end-to-end encryption to Messenger. Exploitation of PrintNightmare has begun. And "Magniber" Ransomware Uses PrintNightmare. Crypto-mining botnet modifies CPU configurations to increase its mining power. NortonLifeLock and Avast are merging their users. ASUS updates 207 motherboard BIOSes! Errata. Closing the Loop. Microsoft's Culpable Negligence. We invite you to read our show notes at https://www.grc.com/sn/SN-832-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: att.com/activearmor expressvpn.com/securitynow CrowdStrike.com/twit
Picture of the week. Firefox Update. Facebook finally adds end-to-end encryption to Messenger. Exploitation of PrintNightmare has begun. And "Magniber" Ransomware Uses PrintNightmare. Crypto-mining botnet modifies CPU configurations to increase its mining power. NortonLifeLock and Avast are merging their users. ASUS updates 207 motherboard BIOSes! Errata. Closing the Loop. Microsoft's Culpable Negligence. We invite you to read our show notes at https://www.grc.com/sn/SN-832-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: att.com/activearmor expressvpn.com/securitynow CrowdStrike.com/twit
Picture of the week. Firefox Update. Facebook finally adds end-to-end encryption to Messenger. Exploitation of PrintNightmare has begun. And "Magniber" Ransomware Uses PrintNightmare. Crypto-mining botnet modifies CPU configurations to increase its mining power. NortonLifeLock and Avast are merging their users. ASUS updates 207 motherboard BIOSes! Errata. Closing the Loop. Microsoft's Culpable Negligence. We invite you to read our show notes at https://www.grc.com/sn/SN-832-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: att.com/activearmor expressvpn.com/securitynow CrowdStrike.com/twit
Picture of the week. Firefox Update. Facebook finally adds end-to-end encryption to Messenger. Exploitation of PrintNightmare has begun. And "Magniber" Ransomware Uses PrintNightmare. Crypto-mining botnet modifies CPU configurations to increase its mining power. NortonLifeLock and Avast are merging their users. ASUS updates 207 motherboard BIOSes! Errata. Closing the Loop. Microsoft's Culpable Negligence. We invite you to read our show notes at https://www.grc.com/sn/SN-832-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: att.com/activearmor expressvpn.com/securitynow CrowdStrike.com/twit
Learning from computer virus history. The PrintNightmare saga continues. Apple puts out a patch, but doesn't say why. Snitch on a crook and earn $10 million. Scammers do grammar. And the Business Email Compromise that wasn't. With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity
We explain how a format string bug could lock your iPhone out of your own network. We revisit the PrintNightmare saga, which is sort-of fixed but not really. We look back at the 20-year-old Code Red virus. We look at what cybercriminals spend money on (hint: more cybercrime). And in this week's "Oh! No!", we learn how farm animals can disrupt your network. With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity
Recorded 11th July 2021 Simon is joined once again by Nick, Jim (who appears to be demolishing his living room in the background) and Steve (who barely gets a word in) and they talk about a host of weird and wonderful stories - including why setting up an iPad isn't as simple as it could be, an ancient ‘Easter Egg', resurrecting 35 year old files from the dead, the Audacity furore and more... GIVEAWAYS & OFFERS Glenn Fleishman's book Take Control of Securing Your Mac can be found at takecontrolbooks.com along with many other titles by him, Joe Kissell, Jeff Carlson and others. Steve at Geeks Corner has a podcast which is usually a 5-15 min show of his thoughts on tech. Also keep an eye on his site or follow him on Twitter @GeekCorner_uk to watch for regular giveaways. Why not come and join the Slack community? You can now just click on this Slackroom Link to sign up and join in the chatter! On this week's show: NICK RILEY Big Show on the @spligosh on Twitter very occasionally. Sometimes appears on Bart Busschots' Let's Talk Apple Sutton Park Circuit church worship on YouTube Nick's church stream videos – You Tube JAMES ORMISTON MacJim in the Slack Also on Flickr as thesrpspaintshop Has videos on Vimeo STEVE DURBIN Runs the Geeks Corner website Produces the Geeks Corner podcast @GeekCorner_uk on Twitter APPLE M1 MacBook battery life so good Apple thought it was a bug – 9to5Mac Apple Co-Founder Steve Wozniak Declares Support for Right to Repair – Vice 12 Tips & Tricks For HomePod & HomePod mini – Forbes iOS 14.7 beta 5 fixes annoying iPhone bug that disables Wi-Fi connections– BGR “So I took what is my son's old computer and added an account for my wife and was going to delete his account. For some reason deleting an old account never seems to work right. After several hours I still could not close system preferences because it said it was deleting the account. I decided just to wipe the computer and start fresh. I did that and during set up it asked for the previous account password I set up before wiping the computer??? Never seen that before. Wouldn't that be gone since I wiped it? Entered the password and it worked fine, but kind of strange?” – Donny YouTuber takes a broken iPhone 8 and turns it into a working faux iPhone 12 – iMore Simon's recovered 35 year old files... A tale TECHNOLOGY Microsoft Surface Neo Is Taking So Long to Come Out that Its Processor Got Discontinued – ReviewGeek Karateka upside down – YouTube SECURITY & PRIVACY Microsoft issues emergency Windows patch to fix critical ‘PrintNightmare' – The Verge Microsoft's emergency 'PrintNightmare' patch fails to fix critical exploit – IT Pro Audacity Is Now A Possible Spyware, Remove It ASAP – FOSS Post Tenacity - Audacity Fork – GitHub Telemetry Debate Rocks Audacity Community In Open Source Dustup – Hadaday 10 best free DAWS for Mac – [FOSS Mint](https://www.fossmint.com/best-free-daws-for-mac/ The best DAWs 2021: the best digital audio workstations for PC and Mac – MusicRadar Best beginner DAWs 2021: 11 music production software recommendations for newcomers – MusicRadar WORTH A CHIRP / ESSENTIAL TIPS Scan Thing: Scan Anything – App Store How do you resize the apps in iOS 15? After install, they've all gone small. There used to be an option to make apps large or small on the display... – Jim JUST A SNIPPET For things that are not worth more than a flypast Macbook M1 Air Teaser Review – Mark on YouTube How to Install Windows 11 on Unsupported Devices – YTechB I made GameCube Joy-Cons – YouTube Essential Apple Recommended Services: All Things Secured – Online security made simple by Josh Summers. Pixel Privacy – a fabulous resource full of excellent articles and advice on how to protect yourself online. Doug.ee Blog for Andy J's security tips. Ghostery – protect yourself from trackers, scripts and ads while browsing. Simple Login – Email anonymisation and disposable emails for login/registering with 33mail.com – Never give out your real email address online again. AnonAddy – Disposable email addresses Sudo – get up to 9 “avatars” with email addresses, phone numbers and more to mask your online identity. Free for the first year and priced from $0.99 US / £2.50 UK per month thereafter... You get to keep 2 free avatars though. ProtonMail – end to end encrypted, open source, based in Switzerland. Prices start from FREE... what more can you ask? ProtonVPN – a VPN to go with it perhaps? Prices also starting from nothing! Comparitech DNS Leak Test – simple to use and understand VPN leak test. Fake Name Generator – so much more than names! Create whole identities (for free) with all the information you could ever need. Wire and on the App Stores – free for personal use, open source and end to end encryted messenger and VoIP. Pinecast – a fabulous podcast hosting service with costs that start from nothing. Essential Apple is not affiliated with or paid to promote any of these services... We recommend services that we use ourselves and feel are either unique or outstanding in their field, or in some cases are just the best value for money in our opinion. Social Media and Slack You can follow us on: Twitter / Slack / EssentialApple.com / Soundcloud / Spotify / Facebook / Pinecast Also a big SHOUT OUT to the members of the Slack room without whom we wouldn't have half the stories we actually do – we thank you all for your contributions and engagement. You can always help us out with a few pennies by using our Amazon Affiliate Link so we get a tiny kickback on anything you buy after using it. If you really like the show that much and would like to make a regular donation then please consider joining our Patreon or using the Pinecast Tips Jar (which accepts one off or regular donations) And a HUGE thank you to the patrons who already do. Support The Essential Apple Podcast by contributing to their Tip Jar: https://tips.pinecast.com/jar/essential-apple-show This podcast is powered by Pinecast.
PrintNightmare and the out of band patch forced us to change. We needed to evaluate the way we handle out of band patches. Fortunately for us, this wasn't a big deal. LINKS1. CVE-2021-34527 - For those that want to dive a little deeper. 2. Sans Internet Storm Center Podcast - Episode that talks about PrintNightmareFIND US ON1. Twitter - DamienHull
Email and Forum Questions, Profiles in IT (John McAfee, creator of AV software), evolution of Silicon Valley (hardware to software exploitation),emergency Windows patch (PrintNightmare), Russian ransomware revealed, GPS at risk (signals are vulnerable), and El Salvador beach town rides crypto wave. This show originally aired on Saturday, July 10, 2021, at 9:00 AM EST on WFED (1500 AM).
The "Independence Day Weekend" ransomware drama. The PrintNightmare nightmare continues. An email hacker gets his conviction overturned. In this week's Oh! No! story, a server room fills with toxic fumes... With Doug Aamoth and Paul Ducklin. Original music by Edith Mudge Got questions/suggestions/stories to share? Email tips@sophos.com Twitter @NakedSecurity Instagram @NakedSecurity
PrintNightmare and the Kaseya ransomware attack are two recent cyber incidents making waves in the news about the escalating threat environment. Nozomi Networks Labs security researcher Ivan Speziale shares his insights into what went wrong in these attacks, and what can be done to mitigate their impact.
I swore up and down I would not release a newsletter this week owing to the July 4th holiday (Treason day for the Brits out there), and then Microsoft's Github announced and released Github Copilot, and my promise fell apart.CoPilot is an ML trained code snippet generator. What is it trained on, you ask? All the public code on Github, GPL'd or otherwise. This has angered the internet lawyers and is generally considered to be a Dick Move™ by everyone else (except those that have read the parable of the Scorpion and the Frog). And since there really isn't any magic in ML, that's led to some interesting bugs... like reproducing the inverse-sine function from Quake to include the PG-13 rated comments. Or giving internet randos the API keys that Sendgrid users put in their source code on accident, or even reproducing the GPL in its entirety in a source code header file and none of this includes the mundane but possibly Office Space plot inducing every day bugs present in CoPilot.It's almost trite to call these 'bugs', these aren't bugs. These aren't misunderstandings of product requirements, or bad coding. No, these are Ian Malcoms:Your scientists engineers were so preoccupied with whether or not they could, they didn't stop to think if they should. (original source)AI and ML have given us a new class of software defect: the Ian Malcom, and we can thank Github for playing the role of movie villian here.With that out of the way, here's what else happened last week in .NET.
SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
Print Spooler printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ https://github.com/LaresLLC/CVE-2021-1675