Podcasts about proxyshell

Episode Summary: In today's episode of the Daily Decrypt, we delve into several critical cybersecurity topics: - **BianLian Ransomware's Evolving Threat**: Analyzing the shift in tactics by the BianLian ransomware group, highlighting its focus on extortion without encryption and its significant threat to the healthcare and manufacturing sectors. - **Apple's Response to Zero-Day Vulnerability**: Discussing Apple's critical patch for a zero-day flaw in iPhones and Macs, emphasizing the urgency and importance of updating devices. - **New Defense Against Mobile Account Takeovers**: Exploring an innovative method to safeguard against mobile account takeovers, providing insights into preventing complex hacking attacks. Here are the stories discussed: **Threat Assessment of BianLian Ransomware** [Link](https://unit42.paloaltonetworks.com/bianlian-ransomware-group-threat-assessment/?&web_view=true) Published Date: 23 Jan 2024 16:30:00 +0000 GUID: [BianLian Ransomware Group Threat Assessment](https://unit42.paloaltonetworks.com/bianlian-ransomware-group-threat-assessment/?&web_view=true) Description: The BianLian ransomware group has shifted from a double extortion scheme to a focus on extortion without encryption, posing a significant threat to organizations, particularly in the healthcare and manufacturing sectors in the US and Europe. Category: Malware and Vulnerabilities **Apple Issues Patch for Critical Zero-Day in iPhones, Macs - Update Now** [Link](https://thehackernews.com/2024/01/apple-issues-patch-for-critical-zero.html?&web_view=true) Published Date: 23 Jan 2024 14:00:00 +0000 GUID: [Apple Issues Patch for Critical Zero-Day](https://thehackernews.com/2024/01/apple-issues-patch-for-critical-zero.html?&web_view=true) Description: The vulnerability, tracked as CVE-2024-23222, is a type confusion bug in the WebKit browser engine that could lead to arbitrary code execution when processing malicious web content. Category: Malware and Vulnerabilities **New Method To Safeguard Against Mobile Account Takeovers** [Link](https://www.helpnetsecurity.com/2024/01/22/safeguard-against-mobile-account-takeovers/?&web_view=true) Published Date: 23 Jan 2024 13:00:00 +0000 GUID: [Safeguard Against Mobile Account Takeovers](https://www.helpnetsecurity.com/2024/01/22/safeguard-against-mobile-account-takeovers/?&web_view=true) Transcript Offset Keyz: Good morning, everybody. Today, we've got three riveting stories for you. First, we're going to talk about the Beyond the Horn ransomware group, whose sophisticated tactics have put industries like healthcare and manufacturing on high alert. We're also going to discuss Apple's swift action against a critical zero-day vulnerability. And finally, we'll explore an innovative approach to safeguarding mobile accounts against takeover attacks, a method set to revolutionize how we understand and protect our digital identities, which affects everybody. So let's dive right in. Today's first story, from an insightful article by Daniel Frank at Unit 42 Palo Alto Networks, discusses the recent activities of the Beyond the Iron Ransomware Group. Emerging in 2022, this group has been active, targeting sectors like healthcare and manufacturing in North America, the EU, and India. Beyond the Iron's strategy has evolved from a double extortion scheme, encrypting victims' assets and demanding ransom, to a more straightforward approach of stealing data for extortion. A notable attack was on a California-based hospital where they exfiltrated 1.7 terabytes of data, including sensitive patient and employee information. Considering the mostly text-based nature of this data, 1.7 terabytes is substantial. An interesting aspect of Beyond the Iron is their possible connection to the Meiko Ransomware Group, sharing a custom .NET tool for file enumeration, registry, and clipboard data retrieval. This tool, containing Russian language elements, suggests shared tools or developers, a common practice among cybercrime groups. Beyond the Iron executes attacks by gaining initial access through stolen Remote Desktop Protocol (RDP) credentials or by exploiting vulnerabilities like ProxyShell. They use public tools for lateral movement and credential dumping, employing a backdoor component for persistence. For individuals, this underscores the importance of strong password hygiene and regular checks on sites like Have I Been Pwned. For organizations, especially in healthcare and manufacturing, it emphasizes the need for robust security measures like regular patching and threat hunting. Next, we're discussing the critical zero-day patch for Apple devices released on Monday. This addresses a zero-day flaw, CVE-2020-423222, found in the WebKit browser engine, which could allow threat actors to execute arbitrary code. This bug affects a range of devices, from iPhone Xs to the latest macOS versions. Apple's response with improved checks is commendable. Users should update their devices immediately to protect against potential data compromise or device takeover. Finally, we're discussing a new defensive strategy against mobile account takeovers, highlighted in an article from Help Net Security. Developed by Dr. Luca Annibale and others, this method aims to identify weaknesses vulnerable to account takeovers in mobile devices. By cataloging security vulnerabilities and modeling account takeovers, this approach offers a detailed representation of potential security breaches. The researchers tested their methodology against various devices, finding security gaps in brands like Apple, Samsung, and Xiaomi. Google accounts showed resilience against these attack strategies. This research has implications for both users and tech companies, emphasizing the importance of security in shared accounts and the need for continuous innovation in cybersecurity defenses. Thanks for tuning into the Daily Decrypt. Stay tuned for more episodes this week, and don't miss our bonus episode this weekend on responder hijacking attacks in the Windows ecosystem. Again, thanks for listening, and we'll talk to you tomorrow.

200 episodes available for free on your favorite podcast platform: /bit.ly/505-updates

The FBI is investigating incidents on its networks. Frebniis backdoors Microsoft servers. ProxyShell vulnerabilities are used to install a cryptominer. Havoc's post-exploitation framework. Atlassian discloses a data breach. German airports sustain a cyber incident. An Aspen Institute report concludes that cyber assistance benefits Ukraine. US announces "Disruptive Technology Strike Force." Robert M. Lee from Dragos on the value of capture the flag events. Our guests are Commander Brandon Campbell of US Navy Cyber Defense Operations Command and Captain Steve Correia, Commanding Officer of Naval Network Warfare Command. And CISA releases fifteen ICS advisories. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/33 Selected reading. Exclusive: FBI says it has 'contained' cyber incident on bureau's computer network (CNN) Frebniis: New Malware Abuses Microsoft IIS Feature to Establish Backdoor (Symantec, by Broadcom Software) ProxyShellMiner Campaign Creating Dangerous Backdoors (Morphisec)  Attacks with novel Havoc post-exploitation framework identified (SC Media) Atlassian says recent data leak stems from third-party vendor hack (BleepingComputer)  German airport websites down in possible hacker attack (Deutsche Welle)  The Cyber Defense Assistance Imperative – Lessons from Ukraine (Aspen Institute) U.S. launches 'disruptive technology' strike force to target national security threats (Reuters) Justice Department to Increase Scrutiny of Technology Exports, Investments (Wall Street Journal) ICS-CERT Advisories (CISA)

Dick O'Brien from Symantec's Threat Hunter team sits down with Dave to discuss their work on "Witchetty - Group Uses Updated Toolset in Attacks on Governments in Middle East." Their research has found that the group known as Witchetty aka LookingFrog, has been progressively updating its toolset, including the new tool, backdoor Trojan (Backdoor.Stegmap) to launch malware attacks on targets in the Middle East and Africa. The research states "The attackers exploited the ProxyShell and ProxyLogon vulnerabilities to install web shells on public-facing servers before stealing credentials, moving laterally across networks, and installing malware on other computers. The researchers describe more on the new tool being used and why this new group is a threat. The research can be found here: Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

Dick O'Brien from Symantec's Threat Hunter team sits down with Dave to discuss their work on "Witchetty - Group Uses Updated Toolset in Attacks on Governments in Middle East." Their research has found that the group known as Witchetty aka LookingFrog, has been progressively updating its toolset, including the new tool, backdoor Trojan (Backdoor.Stegmap) to launch malware attacks on targets in the Middle East and Africa. The research states "The attackers exploited the ProxyShell and ProxyLogon vulnerabilities to install web shells on public-facing servers before stealing credentials, moving laterally across networks, and installing malware on other computers. The researchers describe more on the new tool being used and why this new group is a threat. The research can be found here: Witchetty: Group Uses Updated Toolset in Attacks on Governments in Middle East

Episode 191 of the Unsecurity Podcast is now live! This week, Oscar and Brad discuss some recent vulnerabilities, cybersecurity awareness month, Hacks and Hops 2022, and more!Links:Fortinet Authentication Bypasshttps://projecthyphae.com/threat/fortinet-authentication-bypass-critical/ZeroDay: ProxyShell 2 (or 3?)https://projecthyphae.com/threat/zeroday-proxyshell-2-or-3-even-proxier/Cybersecurity Awareness Monthhttps://www.cisa.gov/cybersecurity-awareness-monthGive episode 191 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com. Don't forget to like and subscribe!

As Vice President of Threat Research & Intelligence at BlackBerry, Ismael Valenzuela leads threat research, intelligence, and defensive innovation. Ismael has participated as a security professional in numerous projects around the world for over the past two decades. In this episode, Ismael discusses his journey to become a top cybersecurity expert. We also explore the cybersecurity trends he and his team are seeing, and how cyber attackers are gaining a foothold and maintaining persistence. Segment Resources: https://www.blackberry.com/us/en/company/research-and-intelligence https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat   This week in the Security News: The secrets of Schneider Electric's UMAS protocol, Pixel 6 bootloader: Emulation, Securing Developer Tools: A New Supply Chain Attack on PHP, Microsoft Exchange double zero-day – “like ProxyShell, only different”, Tech Journalists Offered Bribes to Write Articles for Major Outlets, & Detecting Deepfake Audio!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw759

This week in the Security News: The secrets of Schneider Electric's UMAS protocol, Pixel 6 bootloader: Emulation, Securing Developer Tools: A New Supply Chain Attack on PHP, Microsoft Exchange double zero-day – “like ProxyShell, only different”, Tech Journalists Offered Bribes to Write Articles for Major Outlets, & Detecting Deepfake Audio!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw759

As Vice President of Threat Research & Intelligence at BlackBerry, Ismael Valenzuela leads threat research, intelligence, and defensive innovation. Ismael has participated as a security professional in numerous projects around the world for over the past two decades. In this episode, Ismael discusses his journey to become a top cybersecurity expert. We also explore the cybersecurity trends he and his team are seeing, and how cyber attackers are gaining a foothold and maintaining persistence. Segment Resources: https://www.blackberry.com/us/en/company/research-and-intelligence https://blogs.blackberry.com/en/2022/09/the-curious-case-of-monti-ransomware-a-real-world-doppelganger https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat   This week in the Security News: The secrets of Schneider Electric's UMAS protocol, Pixel 6 bootloader: Emulation, Securing Developer Tools: A New Supply Chain Attack on PHP, Microsoft Exchange double zero-day – “like ProxyShell, only different”, Tech Journalists Offered Bribes to Write Articles for Major Outlets, & Detecting Deepfake Audio!   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/psw759

This week in the Security News: The secrets of Schneider Electric's UMAS protocol, Pixel 6 bootloader: Emulation, Securing Developer Tools: A New Supply Chain Attack on PHP, Microsoft Exchange double zero-day – “like ProxyShell, only different”, Tech Journalists Offered Bribes to Write Articles for Major Outlets, & Detecting Deepfake Audio!   Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw759

Two Microsoft Exchange zero-days exploited in the wild. A supply chain attack, possibly from Chinese intelligence services. There's new Lazarus activity: bring-your-own-vulnerable-driver. The Mexican government falls victim to apparent hacktivism. Flying under partial mobilization's radar. Betsy Carmelite from Booz Allen Hamilton talks about addressing the cyber workforce skills gap. Our guest Rachel Tobac from SocialProof Security brings a musical approach to security awareness training. How's your off-boarding program working out? For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/190 Selected reading. Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server (CISA)  Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center) Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server (GTSC) URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different” (Naked Security) Microsoft confirms two Exchange Server zero days are being used in cyberattacks (The Record by Recorded Future)Microsoft confirms new Exchange zero-days are used in attacks (BleepingComputer)  Two Microsoft Exchange zero-days exploited in the wild. (CyberWre)  CISA Adds Three Known Exploited Vulnerabilities to Catalog (CISA) Suspected Chinese hackers tampered with widely used customer chat program, researchers say (Reuters) Report: Commercial chat provider hijacked to spread malware in supply chain attack (The Record by Recorded Future)  CrowdStrike Falcon Platform Identifies Supply Chain Attack via a Trojanized Comm100 Chat Installer (crowdstrike.com) Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium (WeLiveSecurity) Lazarus & BYOVD: evil to the Windows core (Virus Bulletin) Lazarus hackers abuse Dell driver bug using new FudModule rootkit (BleepingComputer) Mexican government suffers major data hack, president's health issues revealed (Reuters) Mexican president confirms ‘Guacamaya' hack targeting regional militaries (The Record by Recorded Future) Analysis: Mexico data hack exposes government cybersecurity vulnerability (Reuters) Russians dodging mobilization behind flourishing scam market (BleepingComputer)  Honolulu Man Pleads Guilty to Sabotaging Former Employer's Computer Network (US Department of Justice)

Grâce à la vigilance de chercheurs en cybersécurité travaillant pour un éditeur de logiciel antivirus, on a pu découvrir l'existence d'un groupe de hackers spécialiste du vol d'information. Si leurs méfaits semblent pour l'instant se concentrer principalement sur l'Asie, force est de constater que ce groupe baptisé Worok est très dangereux.Dans leur dernier rapport, les chercheurs de l'entreprise Eset ont découvert qu'un groupe de hackers qu'ils ont baptisé Worok utilisait des outils jusqu'alors inconnus pour commettre leurs vols. Dans le détail, Worok s'attaque aux gouvernements du continent asiatique, ainsi que plusieurs pays du Moyen-Orient et du sud de l'Afrique. Les premières traces de ces malfaiteurs ont été découvertes il y a un an et demi, début 2021, plus ou moins au même moment que la découverte des failles ProxyShell. D'après les chercheurs, le profil de Worok est très similaire à celui d'un autre groupe de hackers : TA428. Si tout laisse à penser qu'il s'agit des mêmes personnes, les chercheurs ont pu différencier leurs activités grâce aux outils utilisés lors de chaque attaque informatique, et ainsi dater les premières attaques de Worok à fin 2020. Je cite le rapport des chercheurs : « nous considérons que les liens ne sont pas assez forts pour considérer que Worok soit le même groupe que TA428, mais les deux pourraient partager des outils et avoir des intérêts communs » fin de citation.Ce qui est intéressant avec Worok, c'est que le groupe a été très actif entre fin 2020 et mai 2021, puis a disparu des radars, avant de réapparaître en février dernier en ciblant une entreprise du secteur de l'énergie en Asie Centrale, ainsi qu'un organisme du secteur public d'Asie du Sud-Est. Si ces méfaits ont pu être attribués à ce groupe de hacker avec certitude, difficile toutefois de savoir avec quel outil les attaques ont eu lieu. Ceci dit, d'après les chercheurs, il est fort possible que Worok ait exploité les failles ProxyShell pour implanter du code malveillant sur les serveurs des victimes, et ainsi pouvoir se connecter au réseau à leur guise. Dans le détail, les hackers utilisent des outils totalement gratuits et libres disponibles sur Internet afin d'explorer les réseaux comportant des failles. On peut citer Mimikatz, EarthWorm, ReGeorg u encore NBTscan. Les hackers installent ensuite un premier programme pour prendre le contrôle des machines, on peut penser à PowHeartBeat, un logiciel écrit avec le langage de script PowerShell qui possède notamment la capacité de se connecter à un serveur afin de recevoir des commandes et télécharger d'autres programmes. Le programme sert alors à charger un second outil, PNGLoad, qui lui s'appuie sur la stéganographie, un message caché dans un autre message, pour installer le virus final. D'après les chercheurs d'Eset, il s'agit le plus souvent d'une image au format PNG contenant du code caché malgré un aspect parfaitement valide et donc paraître complètement inoffensive pour la victime.Pour l'instant, les chercheurs n'ont pas eu la possibilité d'analyser les fichiers PNG que je viens de vous décrire, ce qui signifie qu'ils ne savent pas avec précision quel programme final est été chargé et donc quel est le but exact de Worok. Et c'est justement toute cette incertitude et ce flou entourant le groupe de hacker qui le rend aussi dangereux. Ceci dit, compte tenu, je cite « du profil des cibles et des outils que nous avons vus déployés contre ces victimes », tout porte à croire que l'objectif principal des hackers reste l'espionnage. Reste désormais à savoir dans quel but, et éventuellement pour qui ? Hébergé par Acast. Visitez acast.com/privacy pour plus d'informations.

[Referências do Episódio] - Wiper usado contra a Ucrânia, Lituania e Letônia - https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/ - Detalhes dos recentes ataques DDoS contra a Ucrânia e a Rússia - https://blog.netlab.360.com/wo-men-kan-dao-de-wu-ke-lan-bei-ddosgong-ji-xi-jie/ - CISA aleta para exploração de falhas no Zabbix - https://thehackernews.com/2022/02/cisa-alerts-on-actively-exploited-flaws.html - Abuso das falhas do ProxyLogon e ProxyShell em campanha do UNC2596 - https://www.mandiant.com/resources/unc2596-cuba-ransomware [Ficha técnica] Roteiro e apresentação: Carlos Cabral Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia Projeto gráfico: Julian Prieto

6 décembre 2021 - Au pays des ransomwares Shamelessplug Revoir le Byebye de la sécurité 2021 Hackfest Shop Join Hackfest/La French Connection Discord Conférence LePoint - 10 Février 2022 Shownotes and Links Nouvelles 20211206 - Lettre ouvertes ministres fédéraux sur le Rançongiciel Guide sur les rançongiciels ITSM.00.099 20211206 - CSE: More than half the ransomware attacks in Canada target critical infrastructure providers Ransomware screenshot - compagnie francophone: 20211103 - FBI: Cuba ransomware breached 49 US critical infrastructure orgs CEPEO: Cyberattaque au CEPEO: des milliers de personnes pourraient être touchées https://www.lesoleil.com/2021/12/01/ces-terrifiants-pirates-du-web-5736bcbb6dc4fb73c47bc75efda41c9e 150 modèles d'imprimantes HP vulnérables à un buffer overflow Projets de lois Desjardins, mauvaise clé remise à la police? 20211203 - Germany warns of ransomware attacks over Christmas, citing Emotet return, unpatched Exchange servers Enchainement: IKEA fait face à une attaque via son système Exchange Possiblement SquirrelWaffle Rappelons-nous que les correctifs pour ProxyShell et ProxyLogon sont disponibles depuis mai et juillet de cette année Teams permet le spam et le phishing as a feature! 196 millions volés sur un crypto exchange Des acteurs inconnus tentent de contrôler le réseau TOR en créant des centaines de nodes de sortie Une nouvelle arnaque autour de TSA Pre-check et Nexus: 20211201 - Former Ubiquiti employee charged with hacking and extorting company IrResponsible disclosure CAI - Achète une Certificat SSL le vendredi 27 novembre 2021, le site est annoncé “hors-ligne” le lundi 29 novembre 2021 vers 20h19 -> Certificat expiré….. Ils ne l'ont pas remplacé….. Seulement le lendemain matin ! Bonne nouvelle 1803 arrestations Crew Steve Waterhouse Patrick Mathieu Richer Dinelle Jacques Sauvé Vanessa Guillaume Morissette Crédits Montage audio par Hackfest Communication Musique par Cryomatter - Cryomatter - Reassembly Locaux virtuels par 8x8

Welcome to Source Code: Decipher's behind the scenes look at the weekly news with input from our sources.  Topping the headlines this week,  the Emotet malware has returned almost a year after law enforcement disrupted its infrastructure. In other news, CISA warned that Iranian threat actors are exploiting known vulnerabilities in Fortinet security appliances and the ProxyShell flaw in Microsoft Exchange servers. Finally, the DHS launched a new talent management system that aims to improve the government's efforts in recruiting top cyber talent.

Upozornění na zranitelnost MS Exchange Server a MS Excel: Národní úřad pro kybernetickou a informační bezpečnost - Upozornění na zranitelnost MS Exchange Server a MS Excel (nukib.cz) Kybernetické incidenty pohledem NÚKIB: říjen 2021: Národní úřad pro kybernetickou a informační bezpečnost - Kybernetické incidenty pohledem NÚKIB: říjen 2021 (nukib.cz) Útoční aktéři přesměrovávali zákazníky společnosti Angling Direct na web pro dospělé; Ministerstvo spravedlnosti Spojených států amerických oznámilo minulý týden v pondělí vznesení obvinění proti osobě z ransomwarové skupiny REvil; Útočníci zůstali neodhaleni na serveru dodavatele vody Queenslandu po dobu 9 měsíců; NÚKIB vydal zprávu Kybernetické incidenty pohledem NÚKIB za ŘÍJEN 2021.; Zero-day zranitelnosti postihující Microsoft Exchange Server (CVE-2021-42321) a Microsoft Excel (CVE-2021-42292) Sledujte nás na Twitteru @AlefSecurity a @Jk0pr.

Today's Headlines and the latest #cybernews from the desk of the #CISO: Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware Two NPM Packages With 22 Million Weekly Downloads Found Backdoored State hackers breach defense, energy, healthcare orgs worldwide Scams Involving Cryptocurrency ATMs and QR Codes on the Rise Six Arrested for Roles in Clop Ransomware Operation   Story Links: https://www.bleepingcomputer.com/news/security/microsoft-exchange-proxyshell-exploits-used-to-deploy-babuk-ransomware/ https://thehackernews.com/2021/11/two-npm-packages-with-22-million-weekly.html https://www.bleepingcomputer.com/news/security/state-hackers-breach-defense-energy-healthcare-orgs-worldwide/ https://www.securityweek.com/fbi-scams-involving-cryptocurrency-atms-and-qr-codes-rise https://www.securityweek.com/six-arrested-roles-clop-ransomware-operation   “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine   The Practitioner Brief is sponsored by: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub  **** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Tech Town Square, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-j-azar/ James on Parler: @realjamesazar Telegram: CyberHub Podcast Locals: https://cyberhubpodcast.locals.com ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast   The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Hello everyone! This is a new episode with my comments on the latest Information Security news. Watch the video version of this episode on my YouTube channel. Read the full text of this episode with all links on avleonov.com blog.

The biggest news this week (and will likely trump any sort of news for the next couple of weeks in the Microsoft space) is that Azure has a vulnerability dubbed “ChaosDB” that exposed its customers keys to the world, leaving every single CosmosDB customer's database data exposed for the taking. There's a technical deep-dive into this vulnerability as well. I hope the Azure team is wearing their brown pants.This is as bad as it gets. Good news though! They gave out a bounty of $40,000 to the finder of this vulnerability. Which values this vulnerability as akin to a Tesla Model 3 — and not even a fully decked out one.Apply rounded corners in desktop apps for Windows 11. In some cases, rounded corners will be applied to your applications automatically, in others, here's what you can do to make them rounded. As Apple intended.Razer Bug lets you become a Windows 10 admin by plugging in a mouse. This is a pretty easy exploit to… well.. exploit, so if you're using Razer mouses in a corporate context, you may want to rethink that decision.The real names of features in Visual Studio. It's a bit inside baseball, but still a wonderful walkthrough.David Fowler writes to tell us that New .NET 6 APIS [are] driven by the developer community. In this blog post, David details new APIs available in .NET 6, and highlights the fact that well, they were authored by members of the community. I'm a fan of Parallel.ForEachAsync, as that seems rather useful for my needs.This is your warning: Get out of the Dev Channel for Windows 11 unless you want to experience some turbelance. If you want stability, use the beta channel or get out of the insider program entirely. If you want to see new builds of Windows 11 that may have the stability of Windows Vista, stay in the Dev channel.Nicole Miller-Abuhakmeh is the new Community Manager for the .NET Foundation. This is a wonderful choice for CM, congrats Nicole and the .NET foundation.Looks like there's another tactic available to exploit Proxyshell vulnerabilities. A few weeks ago, a researcher showed off an exploit of Microsoft Exchange Server dubbed ‘ProxyShell' and it seems like the gift that keeps on giving to attackers. Bottom line: keep your Exchange servers up to date.In .NET 6, FirstOrDefault(), LastOrDefault() and SingleOrDefault() now let's you specify a default value. Sadly it has to be a compile-time constant so you can't have something like new Random().Next() available.Microsoft Ignite is November 2-4, 2021 and is virtual again this year because people can't bother to vaccinate.Github's Copilot can get you in trouble 40% of the time and if you're the type to use AI to write code, maybe you deserve to have problems.Using SignalR in your Blazor applications This is an nice pairing of technologies. Like Chardonnay and Brie, or Hotdog and Chili. Ketchup is forbidden, Mustard is recommended, however.And I say this with a twing of irony, but that's it for what happened Last Week in .NET.

Picture of the week. Firefox soon to be blocking mixed-content downloads by default. The news from T-Mobile is all bad. Introducing ProxyLogon's kissing cousin, ProxyShell. The Razer mouse hack. A critical ThroughTek SDK flaw enables IoT spying. Overlay Networks. Closing the Loop. Microsoft's Reasoned Neglect. We invite you to read our show notes at https://www.grc.com/sn/SN-833-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: udacity.com/TWiT offer code TWIT75 barracuda.com/securitynow att.com/activearmor

Picture of the week. Firefox soon to be blocking mixed-content downloads by default. The news from T-Mobile is all bad. Introducing ProxyLogon's kissing cousin, ProxyShell. The Razer mouse hack. A critical ThroughTek SDK flaw enables IoT spying. Overlay Networks. Closing the Loop. Microsoft's Reasoned Neglect. We invite you to read our show notes at https://www.grc.com/sn/SN-833-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: udacity.com/TWiT offer code TWIT75 barracuda.com/securitynow att.com/activearmor

On this week's show Patrick Gray and Adam Boileau discuss recent security news, including: T-Mobile owned hard USA no fly list winds up on unsecured ElasticSearch in Bahrain… because reasons Facebook scrambles to secure Afghani accounts Hacker steals and returns $600 from de-fi platform Healthcare sector struggles with ransomware attacks A very sweet TCP-based amplification technique that will be A Problem Much, much more Evan Sultanik and Dan Guido will be joining us to talk about Fickling – a tool developed by Trail of Bits to do unnatural things to the Python Pickle files that are heavily used as a means to share machine learning models. The machine learning supply chain is really quite wobbly, and they'll be joining us later to talk about that. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes T-Mobile breach climbs to over 50 million people T-Mobile: Breach Exposed SSN/DOB of 40M+ People – Krebs on Security 1.9 million records from the FBI's terrorist watchlist leaked online - The Record by Recorded Future Facebook, other platforms scramble to secure user accounts in Afghanistan This $600 Million Crypto Heist Is the Most Bizarre Hack in Recent Memory A Hacker Stole and Then Returned $600 Million Japanese crypto-exchange Liquid hacked for $94 million - The Record by Recorded Future Operator of the Helix bitcoin mixer pleads guilty to money laundering - The Record by Recorded Future Healthcare provider expected to lose $106.8 million following ransomware attack - The Record by Recorded Future Hospitals hamstrung by ransomware are turning away patients | Ars Technica US healthcare org sends data breach warning to 1.4m patients following ransomware attack | The Daily Swig The pandemic revealed the health risks of hospital ransomware attacks - The Verge Ransomware hackers could hit U.S. supply chain, experts warn Ransomware hits Lojas Renner, Brazil's largest clothing store chain - The Record by Recorded Future RansomClave project uses Intel SGX enclaves for ransomware attacks - The Record by Recorded Future Wanted: Disgruntled Employees to Deploy Ransomware – Krebs on Security Japan's Tokio Marine is the latest insurer to be victimized by ransomware Cyber insurance market encounters ‘crisis moment' as ransomware costs pile up White House to tackle cyber challenges with Apple, IBM, insurance CEOs | Reuters FBI sends its first-ever alert about a 'ransomware affiliate' - The Record by Recorded Future New LockFile ransomware gang weaponizes ProxyShell and PetitPotam attacks - The Record by Recorded Future Multiple ransomware gangs pounce on 'PrintNightmare' vulnerability Peterborough NH Cyberattack: Town Loses $2.3M in Taxpayer Money – NBC Boston Almost 2,000 Exchange servers hacked using ProxyShell exploit - The Record by Recorded Future ALTDOS hacking group wreaks havoc across Southeast Asia - The Record by Recorded Future Hackers Leak Surveillance Camera Videos Purportedly Taken From Inside Iran's Evin Prison - by Kim Zetter - Zero Day Apple reopens legal fight against security firm Corellium, raising concerns for ethical hackers Apple says researchers can vet its child safety features. But it's suing a startup that does just that. | MIT Technology Review This $500 Million Russian Cyber Mogul Planned To Take His Company Public—Then America Accused It Of Hacking For Putin's Spies Cisco: Security devices are vulnerable to SNIcat data exfiltration technique - The Record by Recorded Future SNIcat: Circumventing the guardians | mnemonic BlackBerry's popular operating system for medical devices affected by critical vulnerabilities, drawing fed warnings Realtek SDK vulnerabilities impact dozens of downstream IoT vendors | The Daily Swig Hundreds of thousands of Realtek-based devices under attack from IoT botnet - The Record by Recorded Future Accellion Kiteworks Vulnerabilities | Insomnia Security Firewalls and middleboxes can be weaponized for gigantic DDoS attacks - The Record by Recorded Future Hackers tried to exploit two zero-days in Trend Micro's Apex One EDR platform - The Record by Recorded Future Exhaustive study puts China's infamous Great Firewall under the microscope | The Daily Swig Web hosting platform cPanel & WHM is vulnerable to authenticated RCE and privilege escalation | The Daily Swig Benno on Twitter: "I will donate $50 to a charity of @riskybusiness' choice if he puts this in the show." / Twitter Never a dill moment: Exploiting machine learning pickle files PrivacyRaven: Implementing a proof of concept for model inversion GitHub - trailofbits/fickling: A Python pickling decompiler and static analyzer

Picture of the week. Firefox soon to be blocking mixed-content downloads by default. The news from T-Mobile is all bad. Introducing ProxyLogon's kissing cousin, ProxyShell. The Razer mouse hack. A critical ThroughTek SDK flaw enables IoT spying. Overlay Networks. Closing the Loop. Microsoft's Reasoned Neglect. We invite you to read our show notes at https://www.grc.com/sn/SN-833-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: udacity.com/TWiT offer code TWIT75 barracuda.com/securitynow att.com/activearmor

Picture of the week. Firefox soon to be blocking mixed-content downloads by default. The news from T-Mobile is all bad. Introducing ProxyLogon's kissing cousin, ProxyShell. The Razer mouse hack. A critical ThroughTek SDK flaw enables IoT spying. Overlay Networks. Closing the Loop. Microsoft's Reasoned Neglect. We invite you to read our show notes at https://www.grc.com/sn/SN-833-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: udacity.com/TWiT offer code TWIT75 barracuda.com/securitynow att.com/activearmor

This week in the Security News, Dr.Doug talks: Liquid, proxyshell redux redux, Realtek and Mirai, The Spaghetti Detective, the Taliban, Powerapps, and Hong Kong censorship, and the returning Expert Commentary of Jason Wood!   Show Notes: https://securityweekly.com/swn145 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week in the Security News, Dr.Doug talks: Liquid, proxyshell redux redux, Realtek and Mirai, The Spaghetti Detective, the Taliban, Powerapps, and Hong Kong censorship, and the returning Expert Commentary of Jason Wood!   Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn145

Picture of the week. Firefox soon to be blocking mixed-content downloads by default. The news from T-Mobile is all bad. Introducing ProxyLogon's kissing cousin, ProxyShell. The Razer mouse hack. A critical ThroughTek SDK flaw enables IoT spying. Overlay Networks. Closing the Loop. Microsoft's Reasoned Neglect. We invite you to read our show notes at https://www.grc.com/sn/SN-833-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: udacity.com/TWiT offer code TWIT75 barracuda.com/securitynow att.com/activearmor

Picture of the week. Firefox soon to be blocking mixed-content downloads by default. The news from T-Mobile is all bad. Introducing ProxyLogon's kissing cousin, ProxyShell. The Razer mouse hack. A critical ThroughTek SDK flaw enables IoT spying. Overlay Networks. Closing the Loop. Microsoft's Reasoned Neglect. We invite you to read our show notes at https://www.grc.com/sn/SN-833-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: udacity.com/TWiT offer code TWIT75 barracuda.com/securitynow att.com/activearmor

Picture of the week. Firefox soon to be blocking mixed-content downloads by default. The news from T-Mobile is all bad. Introducing ProxyLogon's kissing cousin, ProxyShell. The Razer mouse hack. A critical ThroughTek SDK flaw enables IoT spying. Overlay Networks. Closing the Loop. Microsoft's Reasoned Neglect. We invite you to read our show notes at https://www.grc.com/sn/SN-833-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: udacity.com/TWiT offer code TWIT75 barracuda.com/securitynow att.com/activearmor

Picture of the week. Firefox soon to be blocking mixed-content downloads by default. The news from T-Mobile is all bad. Introducing ProxyLogon's kissing cousin, ProxyShell. The Razer mouse hack. A critical ThroughTek SDK flaw enables IoT spying. Overlay Networks. Closing the Loop. Microsoft's Reasoned Neglect. We invite you to read our show notes at https://www.grc.com/sn/SN-833-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: udacity.com/TWiT offer code TWIT75 barracuda.com/securitynow att.com/activearmor

Picture of the week. Firefox soon to be blocking mixed-content downloads by default. The news from T-Mobile is all bad. Introducing ProxyLogon's kissing cousin, ProxyShell. The Razer mouse hack. A critical ThroughTek SDK flaw enables IoT spying. Overlay Networks. Closing the Loop. Microsoft's Reasoned Neglect. We invite you to read our show notes at https://www.grc.com/sn/SN-833-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: udacity.com/TWiT offer code TWIT75 barracuda.com/securitynow att.com/activearmor

This week in the Security News, Dr.Doug talks: Liquid, proxyshell redux redux, Realtek and Mirai, The Spaghetti Detective, the Taliban, Powerapps, and Hong Kong censorship, and the returning Expert Commentary of Jason Wood!   Show Notes: https://securityweekly.com/swn145 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

In today's podcast we cover four crucial cyber and technology topics, including: 1. Pakistan's Federal Bureau of Revenue hacked, impact unknown 2. LockFile uses a series of windows vulnerabilities to exploit exchange servers 3. North Korea targets Internet Explorer uses in latest campaign 4. U.S. State Department faces apparent cyber attack, details unknown I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

ProxyShell útoky na Exchange servery zesílily; Nová sextortion kampaň využívá jméno spywaru Pegasus; Cloudflare zablokoval DDoS útok o síle 17,2M rps; S pomocí periferií Razer si uživatel může zvýšit oprávnění na úroveň účtu SYSTEM Sledujte nás na Twitteru @AlefSecurity a @Jk0pr.

Microsoft Exchange under attack with ProxyShell flaws Australians hit by ‘Flubot' malware that arrives by text message Cyberattack hits State Department Thanks to our episode sponsor, Privacy.com Privacy.com lets you buy things online using virtual cards instead of having to use your real ones, protecting your identity and bank information on the internet. For example, when you're shopping online and ready to check out, simply generate a Privacy Card that will enter in random variables. Should the merchant ever get hacked, the fraudsters will never have access to your real information. Privacy Cards are also great for monitoring subscriptions and signing up for free trials where a card number is required. Simply close cards whenever you want to ensure you're never charged without your consent. Sign up for free today at privacy.com/ciso. New users will instantly receive a $5 credit, to be used for any online purchase you make! For the stories behind the headlines, head to CISOseries.com.  

Útočníci začali zneužívat zranitelné Exchange servery s pomocí útoku ProxyShell; Microsoft publikoval workaround pro další závažnou zranitelnost v tiskových službách; Provozovatelé ransomwaru SynAck publikovali šifrovací klíče. Sledujte nás na Twitteru @AlefSecurity a @Jk0pr.

eCh0raix ransomware now targets both QNAP and Synology NAS devices At Least 30,000 internet-exposed exchange servers vulnerable to Proxyshell attacks US Senate sends infrastructure bill to House Thanks to our episode sponsor, Sotero It's a new CISO security brief that helps you cut through all the vendor noise and zero in on the best data security solution for your requirements. It includes info on data security technology advances, tips to help you meet your security requirements, and new rapid development capabilities so your development team can implement security features much, much faster. To get the brief, just go to soterosoft.com and click the link at the top of the page. For the stories behind the headlines, head to CISOseries.com.

Microsoft Exchange ProxyShell https://isc.sans.edu/forums/diary/ProxyShell+how+many+Exchange+servers+are+affected+and+where+are+they/27732/ Synology Warns of Brute Force Attacks https://www.synology.com/en-global/company/news/article/BruteForce/Synology %20Investigates%20Ongoing%20Brute-Force%20Attacks%20From%20Botnet Router Auth Bypass https://threatpost.com/auth-bypass-bug-routers-exploited/168491/ Firefox Version 100 Experiment https://bugzilla.mozilla.org/show_bug.cgi?id=1719070 Interaction Less Vulnerabilities in Messaging Apps https://www.ehackingnews.com/2021/08/the-interaction-less-flaws-in-messaging.html HTTP2 Vulnerabilities https://portswigger.net/research/http2#conclusion

Microsoft Exchange ProxyShell https://isc.sans.edu/forums/diary/ProxyShell+how+many+Exchange+servers+are+affected+and+where+are+they/27732/ Synology Warns of Brute Force Attacks https://www.synology.com/en-global/company/news/article/BruteForce/Synology %20Investigates%20Ongoing%20Brute-Force%20Attacks%20From%20Botnet Router Auth Bypass https://threatpost.com/auth-bypass-bug-routers-exploited/168491/ Firefox Version 100 Experiment https://bugzilla.mozilla.org/show_bug.cgi?id=1719070 Interaction Less Vulnerabilities in Messaging Apps https://www.ehackingnews.com/2021/08/the-interaction-less-flaws-in-messaging.html HTTP2 Vulnerabilities https://portswigger.net/research/http2#conclusion

In today's podcast we cover four crucial cyber and technology topics, including: 1. GIGABYTE hit with RansomEXX attack, data stolen 2. ProxyShell vulnerabilities being scanned for by attackers 3. Zoom forced to pay 85 Million USD for poor security practices 4. Apple to scan iCloud images, iMessages to help prevent child abuse I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Good Morning and Welcome to the ProactiveIT Cyber Security Daily number 413 It is Monday August 9th 2021. I am your host Scott Gombar and Exchange Admins Patch NOW! Ivanti Releases Security Update for Pulse Connect Secure Amazon Kindle Vulnerable to Malicious EBooks Zoom Settlement: An $85M Business Case for Security Investment Australian govt warns of escalating LockBit ransomware attacks Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now Computer hardware giant GIGABYTE hit by RansomEXX ransomware NCH Corporation and Others Announce Data Breaches Gastroenterology Consultants Notifies Patients About January 2021 Ransomware Attack

Today's Headlines and the latest #cybernews from the desk of the #CISO: Microsoft Exchange servers scanned for ProxyShell vulnerability, Patch Now VMware Patches Severe Vulnerability in Workspace ONE Access, Identity Manager Windows PetitPotam vulnerability gets an unofficial free patch Pulse Secure VPNs Get New Urgent Update for Poorly Patched Critical Flaw Apple Revives Encryption Debate With Move on Child Exploitation   Story Links: https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-scanned-for-proxyshell-vulnerability-patch-now/ https://www.securityweek.com/vmware-patches-severe-vulnerability-workspace-one-access-identity-manager https://www.bleepingcomputer.com/news/microsoft/windows-petitpotam-vulnerability-gets-an-unofficial-free-patch/ https://thehackernews.com/2021/08/pulse-secure-vpns-get-new-urgent-update.html https://www.securityweek.com/apple-revives-encryption-debate-move-child-exploitation   “The Microsoft Doctrine” by James Azar now on Substack https://jamesazar.substack.com/p/the-microsoft-doctrine   The Practitioner Brief is sponsored by: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub  Attivo Networks: www.attivonetworks.com **** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Tech Town Square, and Other Side of Cyber James on Linkedin: https://www.linkedin.com/in/james-j-azar/ James on Parler: @realjamesazar Telegram: CyberHub Podcast Locals: https://cyberhubpodcast.locals.com ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen here: https://linktr.ee/cyberhubpodcast   The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.