Podcasts about Pwn2Own

Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT

Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT

Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT

Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT

Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT

Pwn2Own 2025, Berlin results. PayPal seeks a "newly registered domains" patent. An expert iOS jailbreak developer gives up. The rising abuse of SVG images, via JavaScript. Interesting feedback from our listeners. Four classic science fiction movies not to miss. How OpenAI's o3 model discovered a 0-day in the Linux kernel Show Notes - https://www.grc.com/sn/SN-1028-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: material.security outsystems.com/twit bigid.com/securitynow bitwarden.com/twit joindeleteme.com/twit promo code TWIT

VOV1 - Pwn2Own là cuộc thi an ninh mạng khốc liệt và lớn nhất thế giới, quy tụ các chuyên gia bảo mật giỏi nhất từ khắp nơi đến tranh tài.

Chrome to actively refuse admin privileges. Android Messenger is getting manual key verification. Pwn2Own to add AI "pwning" as in-scope attack targets. AI has already been found to be replicating. Microsoft not killing off Office on Win10 after October. 23andMe's asset purchaser revealed. Many fun talking points thanks to our listeners. Steve's review of "Andor", season 2. What's been discovered inside the U.S. power grid Show Notes - https://www.grc.com/sn/SN-1026-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow material.security joindeleteme.com/twit promo code TWIT bitwarden.com/twit drata.com/securitynow

Chrome to actively refuse admin privileges. Android Messenger is getting manual key verification. Pwn2Own to add AI "pwning" as in-scope attack targets. AI has already been found to be replicating. Microsoft not killing off Office on Win10 after October. 23andMe's asset purchaser revealed. Many fun talking points thanks to our listeners. Steve's review of "Andor", season 2. What's been discovered inside the U.S. power grid Show Notes - https://www.grc.com/sn/SN-1026-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow material.security joindeleteme.com/twit promo code TWIT bitwarden.com/twit drata.com/securitynow

Chrome to actively refuse admin privileges. Android Messenger is getting manual key verification. Pwn2Own to add AI "pwning" as in-scope attack targets. AI has already been found to be replicating. Microsoft not killing off Office on Win10 after October. 23andMe's asset purchaser revealed. Many fun talking points thanks to our listeners. Steve's review of "Andor", season 2. What's been discovered inside the U.S. power grid Show Notes - https://www.grc.com/sn/SN-1026-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow material.security joindeleteme.com/twit promo code TWIT bitwarden.com/twit drata.com/securitynow

Chrome to actively refuse admin privileges. Android Messenger is getting manual key verification. Pwn2Own to add AI "pwning" as in-scope attack targets. AI has already been found to be replicating. Microsoft not killing off Office on Win10 after October. 23andMe's asset purchaser revealed. Many fun talking points thanks to our listeners. Steve's review of "Andor", season 2. What's been discovered inside the U.S. power grid Show Notes - https://www.grc.com/sn/SN-1026-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow material.security joindeleteme.com/twit promo code TWIT bitwarden.com/twit drata.com/securitynow

Chrome to actively refuse admin privileges. Android Messenger is getting manual key verification. Pwn2Own to add AI "pwning" as in-scope attack targets. AI has already been found to be replicating. Microsoft not killing off Office on Win10 after October. 23andMe's asset purchaser revealed. Many fun talking points thanks to our listeners. Steve's review of "Andor", season 2. What's been discovered inside the U.S. power grid Show Notes - https://www.grc.com/sn/SN-1026-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow material.security joindeleteme.com/twit promo code TWIT bitwarden.com/twit drata.com/securitynow

Chrome to actively refuse admin privileges. Android Messenger is getting manual key verification. Pwn2Own to add AI "pwning" as in-scope attack targets. AI has already been found to be replicating. Microsoft not killing off Office on Win10 after October. 23andMe's asset purchaser revealed. Many fun talking points thanks to our listeners. Steve's review of "Andor", season 2. What's been discovered inside the U.S. power grid Show Notes - https://www.grc.com/sn/SN-1026-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow material.security joindeleteme.com/twit promo code TWIT bitwarden.com/twit drata.com/securitynow

In this episode of 'Cybersecurity Today,' host Jim Love discusses several urgent cybersecurity topics. Microsoft has released an emergency patch after a recent Windows update caused BitLocker recovery mode on certain systems, locking users out without warning. The issue stems from the May security update affecting systems using Intel, vPro chips, and TXT. Tech enthusiasts may manually download the patch through the Microsoft Update catalog, while Microsoft urges users to secure their BitLocker recovery keys. The episode also highlights day one of Pwn2Own Berlin 2025, where hackers successfully breached Windows 11, Red Hat Linux, and Oracle Virtual Box, earning a combined $260,000 in prize money. Additionally, US experts discovered hidden communication hardware in Chinese-made solar equipment, raising concerns about remote access risks to the power grid. The FBI warns of a new wave of AI-generated phishing attacks that bypass traditional security measures. Finally, the Consumer Financial Protection Bureau has quietly backed down from regulating data brokers, sparking controversy among privacy advocates. Jim Love offers insights and reminds listeners of the importance of cybersecurity. 00:00 Introduction and Headlines 00:27 Microsoft's Urgent Patch for BitLocker Issue 02:26 Pwn2Own Berlin 2025: Major Security Breaches 04:11 Hidden Devices in Chinese Solar Equipment 06:05 FBI Warns of New Linkless Phishing Attacks 07:58 CFPB Withdraws Rule on Data Brokers 09:33 Conclusion and Contact Information

Chrome to actively refuse admin privileges. Android Messenger is getting manual key verification. Pwn2Own to add AI "pwning" as in-scope attack targets. AI has already been found to be replicating. Microsoft not killing off Office on Win10 after October. 23andMe's asset purchaser revealed. Many fun talking points thanks to our listeners. Steve's review of "Andor", season 2. What's been discovered inside the U.S. power grid Show Notes - https://www.grc.com/sn/SN-1026-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow material.security joindeleteme.com/twit promo code TWIT bitwarden.com/twit drata.com/securitynow

Chrome to actively refuse admin privileges. Android Messenger is getting manual key verification. Pwn2Own to add AI "pwning" as in-scope attack targets. AI has already been found to be replicating. Microsoft not killing off Office on Win10 after October. 23andMe's asset purchaser revealed. Many fun talking points thanks to our listeners. Steve's review of "Andor", season 2. What's been discovered inside the U.S. power grid Show Notes - https://www.grc.com/sn/SN-1026-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Join Club TWiT for Ad-Free Podcasts! Support what you love and get ad-free shows, a members-only Discord, and behind-the-scenes access. Join today: https://twit.tv/clubtwit Sponsors: bigid.com/securitynow material.security joindeleteme.com/twit promo code TWIT bitwarden.com/twit drata.com/securitynow

WSL, Defendnot, Clippy, Crawlomatic, Take It Down, Pwn2Own, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-478

WSL, Defendnot, Clippy, Crawlomatic, Take It Down, Pwn2Own, Aaran Leyland, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-478

WSL, Defendnot, Clippy, Crawlomatic, Take It Down, Pwn2Own, Aaran Leyland, and more on the Security Weekly News. Show Notes: https://securityweekly.com/swn-478

xorsearch.py: Python Functions Didier s xorsearch tool now supports python functions to filter output https://isc.sans.edu/diary/xorsearch.py%3A%20Python%20Functions/31858 Pwn2Own Berlin 2025 Last weeks Pwn2Own contest in Berlin allowed researchers to demonstrate a number of new exploits with a large focus on privilege escalation and virtual machine escape. https://www.zerodayinitiative.com/blog/2025/5/17/pwn2own-berlin-2025-day-three-results Senior US Officials Impersonated in Malicious Messaging Campaign The FBI warns of senior US officials being impersonated in text and voice messages. https://www.ic3.gov/PSA/2025/PSA250515 Scattered Spider: TTP Evolution in 2025 Pushscurity provided an update on how Scattered Spider evolved. One thing they noted was that Scattered Spider takes advantage of legit dynamic domain name systems to make detection more difficult https://pushsecurity.com/blog/scattered-spider-ttp-evolution-in-2025/

Coinbase says hackers bribed staff to steal customer data and are demanding $20 million ransom Windows 11 and Red Hat Linux hacked on first day of Pwn2Own The Internet's biggest-ever black market just shut down amid a Telegram purge  Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like...right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines.

Cette française a gagné 3 fois la compétition de hacking la plus dure du monde…

In this in-depth conversation, Jason Waits, Chief Information Security Officer (CISO) at Inductive Automation, provides a comprehensive exploration of Industrial Control System (ICS) cybersecurity. With decades of experience securing critical infrastructure and navigating the complexities of Operational Technology (OT) environments, Jason offers actionable insights into the current state and future of cybersecurity in industrial sectors like manufacturing, energy, and water treatment.The discussion begins with an overview of what makes ICS cybersecurity distinct from traditional IT security. Jason explains how OT systems prioritize availability and safety, presenting unique challenges compared to the confidentiality-driven focus of IT. The conversation highlights key vulnerabilities in ICS environments, such as legacy systems that lack modern security features, poorly designed protocols without encryption, and the risks posed by IT/OT convergence.Jason dives into common attack vectors, including social engineering (phishing), lateral movement from IT to OT networks, and physical access breaches. He explores real-world case studies like the Colonial Pipeline ransomware attack, the Oldsmar water treatment plant hack, and the Stuxnet worm, illustrating how these vulnerabilities have been exploited and the lessons they offer for building stronger defenses.The video also emphasizes the critical role of compliance and standards, such as ISA/IEC 62443, the NIST Cybersecurity Framework, and CIS Controls. Jason underscores the difference between compliance and real security, advocating for a "security first, compliance second" philosophy to ensure that organizations focus on mitigating actual risks rather than merely checking regulatory boxes.As the conversation unfolds, Jason discusses the role of vendors and OEMs in securing ICS environments, detailing how Inductive Automation uses proactive measures like Pwn2Own competitions, bug bounty programs, and detailed security hardening guides to improve the security of their products. He highlights the importance of collaboration between vendors and customers to address challenges like long equipment lifecycles and the growing adoption of cloud services.Emerging technologies also take center stage, with Jason exploring how artificial intelligence (AI) is transforming threat detection and response, while also enabling more sophisticated attacks like personalized phishing and adaptive malware. He addresses the implications of IT/OT convergence, emphasizing the need for collaboration between traditionally siloed teams and the importance of building shared security frameworks.For organizations looking to strengthen their cybersecurity posture, Jason offers practical steps, starting with foundational measures like asset management and configuration baselines. He explains how leveraging free resources, such as CIS Benchmarks, and creating a roadmap for cybersecurity maturity can help organizations of all sizes navigate these challenges, even with limited budgets.Timestamps0:00 – Introduction and Overview of ICS Cybersecurity3:15 – Meet Jason Waits: Background and Journey to CISO6:45 – What Is ICS Cybersecurity? Key Differences Between IT and OT10:30 – The Importance of Availability and Safety in OT Systems13:50 – Challenges of Legacy Systems and Long Equipment Lifecycles17:20 – Attack Vectors: Social Engineering, Lateral Movement, and Physical Access20:10 – Case Studies: Colonial Pipeline, Oldsmar Water Treatment Plant, and Stuxnet25:35 – Compliance vs. Security: Jason's “Security First, Compliance Second” Philosophy30:00 – The Role of Vendors and OEMs in Cybersecurity34:45 – Inductive Automation's Approach: Pwn2Own, Bug Bounties, and Security Hardening Guides40:00 – Emerging Technologies: AI in Threat Detection and the Risks of Sophisticated Phishing45:10 – The Growing Adoption of Cloud in ICS and Its Implications50:00 – IT/OT Convergence: Opportunities and Challenges55:15 – Practical Steps for Organizations: Asset Management and Roadmaps1:00:10 – Building a Security Culture: Collaboration Between IT and OT Teams1:05:30 – Future Outlook: Increasing Regulations, Ransomware Risks, and Innovation1:10:00 – Using Cybersecurity as a Competitive Advantage1:15:00 – Closing Thoughts: The Need for Continuous Learning and Proactive ActionAbout Manufacturing Hub:Manufacturing Hub Network is an educational show hosted by two longtime industrial practitioners Dave Griffith and Vladimir Romanov. Together they try to answer big questions in the industry while having fun conversations with other interesting people. Come join us weekly! ******Connect with UsVlad RomanovDave GriffithManufacturing HubSolisPLCJoltek

Episode 98: In this episode of Critical Thinking - Bug Bounty Podcast Justin Gardner sits down with Sharon,to discuss his journey from early iOS development to leading a research team at Claroty. They address the differences between HackerOne and Pwn2Own, and talk through some intricacies of IoT security, and some less common IoT attack surfaces.Follow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Sponsor - ThreatLocker: Check out Network Control!https://www.criticalthinkingpodcast.io/tl-ncAnd AssetNote: Check out their ASMR board (no not that kind!)https://assetnote.io/asmrToday's Guest: https://sharonbrizinov.com/ResourcesThe Claroty Research Teamhttps://claroty.com/team82Pwntoolshttps://github.com/Gallopsled/pwntoolsScan My SMShttp://scanmysms.comGotta Catch 'Em All: Phishing, Smishing, and the birth of ScanMySMShttps://www.youtube.com/watch?v=EhNsXXbDp3UTimestamps(00:00:00) Introduction(00:03:31) Sharon's Origin Story(00:21:58) Transition to Bug Bounty and Pwn2Own vs HackerOne(00:47:05) IoT/ICS Hacking Methodology(01:10:13) Cloud to Device Communication(01:18:15) Bug replication and uncommon attack surfaces(01:30:58) Documentation tracker, reCaptcha bypass, and ScanMySMS

Video Episode: https://youtu.be/yDNIBS8OBoE In today’s episode, we delve into the alarming rise of cybercrime as a 26-year-old Canadian, Alexander Moucka, is arrested for allegedly extorting over 160 companies using the Snowflake cloud data service. We also discuss the emergence of the Android banking malware “ToxicPanda,” designed to bypass security measures for fraudulent transactions, and Google’s urgent patching of two vulnerabilities threatening millions of Android users. Furthermore, we highlight Synology’s critical zero-click vulnerability impacting NAS devices, emphasizing the ongoing threats to data security. Sources: 1. https://krebsonsecurity.com/2024/11/canadian-man-arrested-in-snowflake-data-extortions/ 2. https://thehackernews.com/2024/11/new-android-banking-malware-toxicpanda.html 3. https://www.helpnetsecurity.com/2024/11/05/cve-2024-43093/ 4. https://thehackernews.com/2024/11/synology-urges-patch-for-critical-zero.html Timestamps 00:00 – Introduction 01:06 – Snowflake Canadian Arrested 02:41 – Android ToxicPanda Banking Malware 04:24 – Android Patches 05:30 – Synology NAS Zero-Click 1. What are today’s top cybersecurity news stories? 2. Who was arrested in connection with the Snowflake data extortions? 3. What is the ToxicPanda malware and how does it work? 4. What vulnerabilities were recently patched in Android by Google? 5. How are hackers exploiting vulnerabilities in Synology NAS devices? 6. What were the implications of the Snowflake data breach on major companies? 7. How does the Android banking malware ToxicPanda conduct fraud? 8. What security measures should companies implement to prevent data extortion? 9. What are the latest updates on the UNC5537 hacking group? 10. How do recent Android vulnerabilities affect user security? data theft, Snowflake, cybercrime, Alexander ‘Connor’ Moucka, ToxicPanda, malware, banking, android, Google, vulnerabilities, Qualcomm, spyware, RISK:STATION, Synology, vulnerability, Pwn2Own, # Intro A Canadian man has been arrested in a massive data theft operation, allegedly extorting over 160 companies using Snowflake’s cloud service and linking to notorious cybercriminal Alexander ‘Connor’ Moucka. With ties to extremist groups and millions made from ransom attempts, Moucka’s arrest unveils the destructive potential of cybercrime fueled by misconfigured security settings. How did hackers manage to compromise so many companies using Snowflake’s data service, and what role did lax security measures play in their success? ToxicPanda, a sinister new Android banking malware, has already compromised over 1,500 devices by bypassing advanced security measures to conduct fraudulent money transfers. Masquerading as popular apps and exploiting accessibility services, this threat marks a rare attack by Chinese cybercriminals on European and Latin American banking users, leaving a trail of financial havoc. How does ToxicPanda manage to bypass advanced banking security measures while targeting international users? In a crucial security update, Google has patched actively exploited vulnerabilities that could allow hackers to target Android users, with one flaw affecting Qualcomm chipsets and another in the Google Play framework potentially being used for cyber espionage. Join us as we uncover how these vulnerabilities could be leveraged in campaigns against journalists and activists around the globe. What kind of specialized spyware exploits are these vulnerabilities likely implicated in? Millions of Synology NAS devices are at risk due to a critical zero-click vulnerability, dubbed RISK:STATION, that allows attackers root-level access without user interaction, prompting an urgent patch release. Exploited during the Pwn2Own 2024 contest, this flaw underscores the critical need for users to update their devices to prevent potential data breaches and malware attacks. How does the zero-click nature of the RISK:STATION vulnerability provide such a significant threat to Synology NAS devices?

- Đội ngũ an ninh mạng của Viettel (thuộc Tập đoàn Công nghiệp - Viễn thông Quân đội (Viettel) vừa giành ngôi vô địch tại cuộc thi Pwn2Own 2024 - một trong những cuộc thi an ninh mạng lớn nhất và uy tín nhất thế giới, được tổ chức tại Ireland. Đây là lần thứ hai liên tiếp đội ngũ an ninh mạng Viettel vô địch tại cuộc thi này. Chủ đề : Việt Nam, An ninh mạng --- Support this podcast: https://podcasters.spotify.com/pod/show/vov1tintuc/support

Three Buddy Problem - Episode 9: On this episode, we look at the hacking scene in Taiwan, the sad state of visibility into big malware campaigns, the absence of APTs linked to the prolific MIVD Dutch intelligence agency, the blurring lines between big ransomware heists and nation-state actors caught using ransomware as a tool for sabotage and misattribution. Plus, Chinese mobile OS vendor Xiaoimi caught disabling parts of its infrastructure -- including its global app store -- to thwart Pwn2Own contestants; and news of an addition to the LABScon 2024 keynote stage. Hosts: Juan Andres Guerrero-Saade (SentinelLabs), Costin Raiu (Art of Noh), Ryan Naraine (SecurityWeek)

Episode 80: In this episode of Critical Thinking - Bug Bounty Podcast Justin is joined by Sina Kheirkhah to talk about the start of his hacking journey and explore the differences between the Pwn2Own and HackerOne EventsFollow us on twitter at: @ctbbpodcastWe're new to this podcasting thing, so feel free to send us any feedback here: info@criticalthinkingpodcast.ioShoutout to YTCracker for the awesome intro music!------ Links ------Follow your hosts Rhynorater & Teknogeek on twitter:https://twitter.com/0xteknogeekhttps://twitter.com/rhynorater------ Ways to Support CTBBPodcast ------Hop on the CTBB Discord at https://ctbb.show/discord!We also do Discord subs at $25, $10, and $5 - premium subscribers get access to private masterclasses, exploits, tools, scripts, un-redacted bug reports, etc.Today's Guest: https://x.com/SinSinologyBlog: https://sinsinology.medium.com/Resources:WhatsUp Gold Pre-Auth RCEAdvanced .NET Exploitation TrainingdnSpyExQEMUUnicorn EngineQilinglibAFLAlex Plaskett interviewTippingPointFlashback TeamTimestamps:(00:00:00) Introduction(00:12:45) Learning, Mentorship, and Failure(00:29:34) Pentesting and Pwn2Own(00:40:05) Hacking methodology(01:01:57) Debuggers and shells in IoT Devices(01:35:40) Differences between ZDI and HackerOne(02:02:27) Pwn2Own Steps and Stories(02:14:06) Master of Pwn Title(02:29:54) Bug reports

Nissan North America breach impacts over 53,000 employees VMware fixes workstation flaws, thanks Pwn2Own hackers Security flaws discovered in GE Ultrasound machines  Thanks to today's episode sponsor, Vanta Are lengthy security reviews pulling attention away from your security program? With the largest network of Trust Centers, Vanta can help you streamline security reviews to win customer trust, save time, and close deals fast. Proactively demonstrate security by showcasing key resources like your SOC 2 or ISO 27001 and provide real-time evidence for passing controls. And when a security questionnaire is required, Vanta takes the first pass for you. Visit vanta.com/ciso to take a tour. For the stories behind the headlines, head to CISOseries.com.

Episode sponsors: Binarly, the supply chain security experts (https://binarly.io) XZ.fail backdoor detector (https://xz.fail) Cris Neckar is a veteran security researcher now working as a partner at Two Bear Capital. In this episode, he reminisces on the early days of hacking at Neohapsis, his time on the Google Chrome security team, shenanigans at Pwn2Own/Pwnium, and the cat-and-mouse battle for browser exploit chains. We also discuss the zero-day exploit marketplace, the hype and promise of AI, and his mission to help highly technical founders bring products to market.

In this thrilling episode of our cybersecurity series, we dive deep into the shadowy world of cyber espionage waged by two Chinese Advanced Persistent Threat (APT) groups against the nations of the Association of Southeast Asian Nations (ASEAN). Discover the tactics employed by infamous threat actors like Mustang Panda in their sophisticated digital attacks, leveraging malware, phishing emails, and zero-day vulnerabilities to infiltrate and spy on Southeast Asian countries. We unravel the complexities of these cyber operations, examining the implications for regional security and the global fight against digital crime. From brute force attacks to the subtle nuances of cyber warfare, join us as we shed light on the unseen battles shaping our digital landscape. Don't forget to subscribe, hit the bell icon, and like this video for more insightful content on cybersecurity threats and defenses.

Apple vs U.S. DoJ G.M.'s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming ".INTERNAL" TLD The United Nations vs AI. Telegram now blocked throughout Spain Vancouver Pwn2Own 2024 China warns of incoming hacks Annual Tax Season Phishing Deluge SpinRite update Authentication without a phone Are Passkeys quantum safe? GoFetch: The Unpatchable vulnerability in Apple chips Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI bitwarden.com/twit canary.tools/twit - use code: TWIT panoptica.app kolide.com/securitynow

Apple vs U.S. DOJ G.M.'s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming ".INTERNAL" TLD The United Nations vs AI. Telegram now blocked throughout Spain Vancouver Pwn2Own 2024 China warns of incoming hacks Annual Tax Season Phishing Deluge SpinRite update Authentication without a phone Are Passkeys quantum safe? GoFetch: The Unpatchable vulnerability in Apple chips Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI bitwarden.com/twit canary.tools/twit - use code: TWIT panoptica.app kolide.com/securitynow

Apple vs U.S. DoJ G.M.'s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming ".INTERNAL" TLD The United Nations vs AI. Telegram now blocked throughout Spain Vancouver Pwn2Own 2024 China warns of incoming hacks Annual Tax Season Phishing Deluge SpinRite update Authentication without a phone Are Passkeys quantum safe? GoFetch: The Unpatchable vulnerability in Apple chips Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI bitwarden.com/twit canary.tools/twit - use code: TWIT panoptica.app kolide.com/securitynow

Apple vs U.S. DoJ G.M.'s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming ".INTERNAL" TLD The United Nations vs AI. Telegram now blocked throughout Spain Vancouver Pwn2Own 2024 China warns of incoming hacks Annual Tax Season Phishing Deluge SpinRite update Authentication without a phone Are Passkeys quantum safe? GoFetch: The Unpatchable vulnerability in Apple chips Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI bitwarden.com/twit canary.tools/twit - use code: TWIT panoptica.app kolide.com/securitynow

Apple vs U.S. DOJ G.M.'s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming ".INTERNAL" TLD The United Nations vs AI. Telegram now blocked throughout Spain Vancouver Pwn2Own 2024 China warns of incoming hacks Annual Tax Season Phishing Deluge SpinRite update Authentication without a phone Are Passkeys quantum safe? GoFetch: The Unpatchable vulnerability in Apple chips Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI bitwarden.com/twit canary.tools/twit - use code: TWIT panoptica.app kolide.com/securitynow

Apple vs U.S. DoJ G.M.'s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming ".INTERNAL" TLD The United Nations vs AI. Telegram now blocked throughout Spain Vancouver Pwn2Own 2024 China warns of incoming hacks Annual Tax Season Phishing Deluge SpinRite update Authentication without a phone Are Passkeys quantum safe? GoFetch: The Unpatchable vulnerability in Apple chips Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI bitwarden.com/twit canary.tools/twit - use code: TWIT panoptica.app kolide.com/securitynow

Apple vs U.S. DOJ G.M.'s Unbelievably Horrible Driver Data Sharing Ends Super Sushi Samurai Apple has effectively abandoned HomeKit Secure Routers The forthcoming ".INTERNAL" TLD The United Nations vs AI. Telegram now blocked throughout Spain Vancouver Pwn2Own 2024 China warns of incoming hacks Annual Tax Season Phishing Deluge SpinRite update Authentication without a phone Are Passkeys quantum safe? GoFetch: The Unpatchable vulnerability in Apple chips Show Notes - https://www.grc.com/sn/SN-967-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: zscaler.com/zerotrustAI bitwarden.com/twit canary.tools/twit - use code: TWIT panoptica.app kolide.com/securitynow

U.S. versus Apple: A first reaction Critics of the TikTok Bill Are Missing the Point Tennessee becomes first US state with law protecting musicians from AI In One Key A.I. Metric, China Pulls Ahead of the U.S.: Talent Murthy v Missouri at SCOTUS Unpatchable vulnerability in Apple chip leaks secret encryption keys Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver Vernor Vinge (1944-2024) Host: Leo Laporte Guests: Cathy Gellis, Rob Pegoraro, and Brianna Wu Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: zscaler.com/zerotrustAI ecamm.com/twit or use Promo Code TWIT canary.tools/twit - use code: TWIT hims.com/twit rocketmoney.com/twit kolide.com/twit

A supply chain attack targets python developers. Russia targets German political parties. Romanian and Spanish police dismantle a cyber-fraud gang. Pwn2Own prompts quick patches from Mozilla. President Biden nominates the first assistant secretary of defense for cyber policy at the Pentagon. An influential think tank calls for a dedicated cyber service in the US. Unit42 tracks a StrelaStealer surge. GM reverses its data sharing practice. Our guest is Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, who shares trends in cloud-native security. And a Fordham Law School professor suggests AI creators take a page from medical doctors.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, shares trends in cloud-native security. To learn more, you can check out Sysdig's 2024 Cloud-Native Security and Usage Report.  Selected Reading Top Python Developers Hacked in Sophisticated Supply Chain Attack (SecurityWeek) Russian hackers target German political parties with WineLoader malware (Bleeping Computer) Police Bust Multimillion-Dollar Holiday Fraud Gang (Infosecurity Magazine) Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own (SecurityWeek) Biden nominates first assistant defense secretary for cyber policy (Nextgov/FCW) Pentagon, Congress have a ‘limited window' to properly create a Cyber Force (The Record) StrelaStealer targeted over 100 organizations across the EU and US (Security Affairs) General Motors Quits Sharing Driving Behavior With Data Brokers (The New York Times) AI's Hippocratic Oath by Chinmayi Sharma (SSRN) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

U.S. versus Apple: A first reaction Critics of the TikTok Bill Are Missing the Point Tennessee becomes first US state with law protecting musicians from AI In One Key A.I. Metric, China Pulls Ahead of the U.S.: Talent Murthy v Missouri at SCOTUS Unpatchable vulnerability in Apple chip leaks secret encryption keys Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver Vernor Vinge (1944-2024) Host: Leo Laporte Guests: Cathy Gellis, Rob Pegoraro, and Brianna Wu Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: zscaler.com/zerotrustAI ecamm.com/twit or use Promo Code TWIT canary.tools/twit - use code: TWIT hims.com/twit rocketmoney.com/twit kolide.com/twit

U.S. versus Apple: A first reaction Critics of the TikTok Bill Are Missing the Point Tennessee becomes first US state with law protecting musicians from AI In One Key A.I. Metric, China Pulls Ahead of the U.S.: Talent Murthy v Missouri at SCOTUS Unpatchable vulnerability in Apple chip leaks secret encryption keys Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver Vernor Vinge (1944-2024) Host: Leo Laporte Guests: Cathy Gellis, Rob Pegoraro, and Brianna Wu Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: zscaler.com/zerotrustAI ecamm.com/twit or use Promo Code TWIT canary.tools/twit - use code: TWIT hims.com/twit rocketmoney.com/twit kolide.com/twit

U.S. versus Apple: A first reaction Critics of the TikTok Bill Are Missing the Point Tennessee becomes first US state with law protecting musicians from AI In One Key A.I. Metric, China Pulls Ahead of the U.S.: Talent Murthy v Missouri at SCOTUS Unpatchable vulnerability in Apple chip leaks secret encryption keys Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver Vernor Vinge (1944-2024) Host: Leo Laporte Guests: Cathy Gellis, Rob Pegoraro, and Brianna Wu Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: zscaler.com/zerotrustAI ecamm.com/twit or use Promo Code TWIT canary.tools/twit - use code: TWIT hims.com/twit rocketmoney.com/twit kolide.com/twit

U.S. versus Apple: A first reaction Critics of the TikTok Bill Are Missing the Point Tennessee becomes first US state with law protecting musicians from AI In One Key A.I. Metric, China Pulls Ahead of the U.S.: Talent Murthy v Missouri at SCOTUS Unpatchable vulnerability in Apple chip leaks secret encryption keys Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver Vernor Vinge (1944-2024) Host: Leo Laporte Guests: Cathy Gellis, Rob Pegoraro, and Brianna Wu Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: zscaler.com/zerotrustAI ecamm.com/twit or use Promo Code TWIT canary.tools/twit - use code: TWIT hims.com/twit rocketmoney.com/twit kolide.com/twit

Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-371

Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-371

Robots gone wild, UDP, GoFetch, Domain Controllers, Pwn2Own, Verner Vinge, Reddit, Aaran Leyland, and More on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-371

Welcome to this week's episode of the PEBCAK Podcast!  We've got four amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”   SEC latest victim of SIM swapping https://www.bleepingcomputer.com/news/security/sec-confirms-x-account-was-hacked-in-sim-swapping-attack/ https://www.bleepingcomputer.com/news/security/x-adds-passkeys-support-for-ios-users-in-the-united-states/   TurboTax ordered to stop saying free https://www.bleepingcomputer.com/news/technology/ftc-orders-intuit-to-stop-pushing-free-software-that-isnt-really-free/   Vulnerable cars hacked at Pwn2Own https://www.bleepingcomputer.com/news/security/tesla-hacked-24-zero-days-demoed-at-pwn2own-automotive-2024/   Brand loyalty and boycotts https://www.cbsnews.com/colorado/news/dicks-sporting-goods-destroyed-guns-c/   Dad Joke of the Week (DJOW)   Please share this podcast with someone you know!  It helps us grow the podcast and we really appreciate it!   Find the hosts on LinkedIn: Chris - https://www.linkedin.com/in/chlouie/ Brian - https://www.linkedin.com/in/briandeitch-sase/ Glenn - https://www.linkedin.com/in/glennmedina/

BlackCat (ALPHV) follows Cl0p, exploiting the GoAnywhere MFA vulnerability. The Mirai botnet exploits a vulnerability disclosed at Pwn2Own. An RSAC presentation describes US response to Russian prewar and wartime cyber operations. The US Department of Homeland Security outlines cyber priorities. Andrea Little Limbago from Interos shares insights from her RSAC 2023 panels. US indicts, sanctions DPRK operators in crypto-laundering campaign. My guest is Marc van Zadelhoff, CEO of Devo, with insights from the conference. And the latest on KillNet. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/79 Selected reading. BlackCat Ransomware Group Exploits GoAnywhere Vulnerability (At-Bay)  Zero Day Initiative — TP-Link WAN-side Vulnerability CVE-2023-1389 Added to the Mirai Botnet Arsenal (Zero Day Initiative) Years after discovery of SolarWinds breach, Russian hackers could be struggling (Washington Post)  U.S. deploys more cyber forces abroad to help fight hackers (Reuters) DHS Outlines Cyber Priorities in Release of Delayed Review (Nextgov.com)  US sanctions supporters of North Korean hackers, Iranian cyberspace head (Record)  North Korean Foreign Trade Bank Rep Charged for Role in Two Crypto Laundering Conspiracies (Department of Justice. U.S. Attorney's Office District of Columbia)  Treasury Targets Actors Facilitating Illicit DPRK Financial Activity in Support of Weapons Programs (U.S. Department of the Treasury)

Picture of the Week. Synacktiv wins this year's CanSecWest Pwn2Own GitHub: Mistakes happen DDoS for Hire. . .Or Not 144,000 malicious packages published No iPhones For Russian Presidential Staff I NUIT Edge Gets Crypto Microsoft's Email Extortion Show Notes: https://www.grc.com/sn/sn-916-notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: lookout.com kolide.com/securitynow Melissa.com/twit