Podcasts about Ransomware

On this week's show Patrick Gray, Adam Boileau and Dmitri Alperovitch discuss the week's security news, including: Russia arrests REvil crew Ukraine government hit in messy hacks White House hosts open source pow-wow, but is it pointless? US cyber reporting law will come back from the dead Report: Israeli police targeted activists with NSO but without warrants Much, much more This week's sponsor interview is with HD Moore, the founder of Rumble. We're talking through what how he and his team helped customers respond to the log4j drama. They quickly added the capability to scan customer's environments for log4shell-affected tech. When asset discovery meets rapid vuln response! Links to everything that we discussed are below and you can follow Patrick, Dmitri or Adam on Twitter if that's your thing. Show notes Russia arrests ransomware gang responsible for high-profile cyberattacks Celebrations over REvil ransomware arrests in Russia may be premature | The Daily Swig Ransomware gang behind attacks on 50 companies arrested in Ukraine - The Record by Recorded Future Europol takes down VPNLab, a service used by ransomware gangs - The Record by Recorded Future Albuquerque schools are having a cybersecurity snow day—and they aren't alone - The Record by Recorded Future What We Know and Don't Know about the Cyberattacks Against Ukraine - (updated) Dozens of Computers in Ukraine Wiped with Destructive Malware in Coordinated Attack Belarus: Cyber upstart, or Russian staging ground? White House hosts open-source software security summit in light of expansive Log4j flaw Apache Software Foundation warns its patching efforts are being undercut by use of end-of-life software | The Daily Swig GitLab shifts left to patch high-impact vulnerabilities | The Daily Swig Cyber incident reporting backers pledge to resume push - The Record by Recorded Future Israeli police used spyware to hack its own citizens, a report says : NPR El Salvador journalists hacked with NSO's Pegasus spyware - The Record by Recorded Future Cyber Command ties hacking group to Iranian intelligence - The Record by Recorded Future Earth Lusca threat actor targets governments and cryptocurrency companies alike - The Record by Recorded Future North Korea stole a record $400 million in cryptocurrency last year, researchers say Crypto.com Says Alleged $15 Million Hack Was Just an 'Incident' Who is the Network Access Broker ‘Wazawaka?' – Krebs on Security New Chrome security measure aims to curtail an entire class of Web attack | Ars Technica EA blames support staff for recent hacks of high-profile FIFA accounts - The Record by Recorded Future Researchers discover ‘extremely easy' 2FA bypass in Box cloud management software | The Daily Swig Introducing vAPI – an open source lab environment to learn about API security | The Daily Swig

HAPPY NEW YEAR!!! Our first week returning covers: iOS "DoorLock" vulnerability, Apache Log 4J, US Cyber Command Intel, Ransomware, and more! https://youtu.be/OFJXFgMPbv4

New Mexico town Ransomware attack brings down the jail, school etc, What Router should I get? SYSJOKER provides backdoors to Apple, Windows and Linux Systems, VoIP cutting the cable.  

A White House government-industry summit today addresses open-source software security. The US officially makes its second attribution of the week to a nation-state: it calls out Iran as the operator of the MuddyWater threat group. Israel arrests five on charges related to spying for Iran (they're thought to have been recruited through catphishing). Citizen Lab finds Pegasus in Salvadoran phones. Ukraine arrests a ransomware gang. Thomas Etheridge from CrowdStrike on the importance of threat hunting for zero days. Our guest is Dr. David Bader of New Jersey Institute of Technology discussing the challenges of securing massive-scale analytics. And ransomware hits US state and local governments. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/9

A cybercrime group has been mailing out USB thumb loaded with ransomeware in hopes of getting unsuspecting recipients to install on their computer, per the FBI. https://www.zdnet.com/article/fbi-cybercriminals-are-mailing-out-usb-drives-that-will-install-ransomware/ Subscribe to #NinjaNation: https://economicninja.org

Trainiere dein Hörverstehen mit den Nachrichten der Deutschen Welle von Donnerstag – als Text und als verständlich gesprochene Audio-Datei.Human Rights Watch kritisiert Umgang mit Autokratien Human Rights Watch hat demokratische Länder für die Zusammenarbeit mit autoritären Herrschern kritisiert. Oft unterstützten sie autokratische Systeme, um Migration zu unterbinden, den Terrorismus zu bekämpfen oder für vermeintliche Stabilität zu sorgen, anstatt demokratische Prinzipien zu verteidigen, erklärte die Menschenrechtsorganisation anlässlich der Vorstellung ihres Jahresberichts in Genf. So lieferten etwa die USA weiter Waffen an Ägypten und Saudi-Arabien, obwohl US-Präsident Joe Biden eine menschenrechtsbasierte Außenpolitik versprochen habe. Iran und Venezuela ohne UN-Stimmrecht Der Iran, Venezuela und eine Reihe weiterer Staaten haben ihre Stimmrechte in der UN-Generalversammlung wegen Zahlungsrückständen vorübergehend verloren. Generalsekretär António Guterres teilte mit, der Iran müsse umgerechnet mindestens 16,1 Millionen Euro und Venezuela 34,8 Millionen Euro zahlen, um in dem größten UN-Organ wieder mitbestimmen zu können. Auch der Sudan und die Republik Kongo verloren ihr Stimmrecht. Nach UN-Regularien wird jenen Staaten das Recht darauf entzogen, deren Schulden der Höhe ihrer Mitgliedsbeiträge der vergangenen zwei Jahre entsprechen oder höher sind. Französisch-iranische Wissenschaftlerin wieder in Haft Die im Iran verurteilte Anthropologin Fariba Adelkhah ist wieder in das berüchtigte Evin-Gefängnis bei Teheran gebracht worden. Die französische Regierung reagierte empört und forderte die sofortige Freilassung der 62-jährigen Franko-Iranerin. Ihre erneute Inhaftierung sei "rein politisch und willkürlich" und werde sich negativ auf die Beziehungen zwischen Paris und Teheran auswirken, so ein Sprecher des Außenministeriums. Adelkhah war 2019 festgenommen und im Jahr darauf zu fünf Jahren Haft wegen Propaganda gegen das System verurteilt worden. Seit Oktober 2020 stand sie unter Hausarrest. Urteil im Al-Khatib-Prozess erwartet Vor dem Oberlandesgericht im rheinland-pfälzischen Koblenz wird an diesem Donnerstag das Urteil im weltweit ersten Prozess um Staatsfolter in Syrien erwartet. Dem Angeklagten werden unter anderem Mord in 30 Fällen und Verbrechen gegen die Menschlichkeit vorgeworfen. Unter seiner Führung sollen vor zehn Jahren im berüchtigten Al-Khatib-Gefängnis in Damaskus mindestens 4000 Häftlinge mit Schlägen, Tritten und Elektroschocks gefoltert worden sein. Die Bundesanwaltschaft fordert lebenslange Haft und die Feststellung der besonderen Schwere der Schuld. Die Verteidigung plädiert auf Freispruch. Nigeria hebt Twitter-Sperre auf Nach rund sieben Monaten hat der nigerianische Präsident Mohammadu Buhari den Kurzmitteilungsdienst Twitter wieder zugelassen. Laut Medienberichten hatte das Unternehmen zuvor Bedingungen erfüllt. Unter anderem gehe es dabei um die Besteuerung nach nigerianischem Recht und den Umgang mit verbotenen Veröffentlichungen. Twitter war in Nigeria im Juni "bis auf weiteres" abgeschaltet worden. Die EU, die USA und andere kritisierten das Vorgehen damals scharf. Twitter ist im bevölkerungsreichsten Staat Afrikas beliebt: Fast 40 Millionen der insgesamt 200 Millionen Einwohner haben ein Twitter-Konto. Aus für "goldene Pässe" in Bulgarien Die neue bulgarische Regierung hat das Ende der Vergabe sogenannter goldener Pässe angekündigt. Das Kabinett von Ministerpräsident Kiril Petkow begründete den Schritt damit, dass das 2013 eingeführte Programm nicht wie beabsichtigt zu bedeutenden Investitionen in die bulgarische Wirtschaft geführt habe. Die EU-Kommission hatte die Praxis der Vergabe von Staatsbürgerschaften gegen finanzielle Zusagen lange kritisiert und ihr Ende gefordert. 2020 leitete sie deshalb ein Vertragsverletzungsverfahren gegen Zypern und Malta ein. Im Juni drohte die Brüsseler Behörde auch Bulgarien mit einem Verfahren. Cyberattacke auf US-Haftanstalt Ein Hackerangriff hat ein Gefängnis im US-Bundesstaat New Mexico lahmgelegt. Laut Gerichtsdokumenten wurden vergangene Woche die Sicherheitskameras sowie das automatische Türsystem der Haftanstalt im Bezirk Bernalillo außer Betrieb gesetzt. Auch andere öffentliche Einrichtungen in der Region nahe der Großstadt Albuquerque waren von dem Angriff betroffen. Unbekannte Erpresser hatten offenbar die Festplatten der Computer mit einer sogenannten Ransomware verschlüsselt. Ob sie auch Lösegeld gefordert haben, wurde nicht bekannt.

Give us about ten minutes a day and we will give you all the local news, local sports, local weather, and local events you can handle.   SPONSORS: Many thanks to our sponsors... Solar Energy Services because solar should be in your future! The Kristi Neidhardt Team. If you are looking to buy or sell your home, give Kristi a call at 888-860-7369! And Rehab 2 Perform Today... A woman was shot along Route 3 south of Crofton. A lawsuit is in the works over the County mask mandate. Senator Elfreth was elected Chair of the Chesapeake Bay Commission. State admits health department "incident" was ransomware, but is scant on most details. The Annapolis Maritime Museum & Park is reopening after a brief COVID shutdown and their Winter Lecture Series kicks off tonight. A PSA about buying food now in advance of a storm, and keep the suggestions for local businesses and organizations to be spotlighted! It's Thursday, which means that Trevor from  Annapolis Makerspace is here with your Maker Minutes with great ideas to work out your mind and hone your skills. And as usual, George from DCMDVA Weather is here with your local weather forecast! Please download their APP so you can keep on top of the local weather scene! The Eye On Annapolis Daily News Brief is produced every Monday through Friday at 6:00 am and available wherever you get your podcasts and also on our social media platforms--All Annapolis and Eye On Annapolis (FB) and @eyeonannapolis (TW) NOTE: For hearing impaired subscribers, a full transcript is available on Eye On Annapolis

Ransomware hackers recently hit a hospital, and everything from the cardiac machines to IV pumps stopped working. Doctors and nurses had to use pen and paper. There were no electronic patient records. But what happened when the hackers found out it was a hospital will undoubtedly surprise you. Learn more about your ad choices. Visit megaphone.fm/adchoices

The US issues an alert over the prospect of Russian cyberattacks, and the EU begins a series of stress tests, both in apparent response to concerns over the prospect of a Russian attack on Ukraine. NIST updates its guidance on Engineering Trustworthy Secure Systems. NIght Sky ransomware exploits Log4shell. Phishing afflicts a hotel chain. Carole Theriault examines international efforts to stop digital fraud. Ben Yelin fon Seattle Police Faking Radio Chatter. And we're shocked, shocked, to learn of fraud and piracy on a social media platform.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/8

When Alice rents a cabin in Lake Placid, she expects a nice, quiet break from the hustle and bustle of city life. But she's hiding a massive secret – she's the most wanted hacker in America.The Hacker Chronicles is an original series created by the team at Tenable.Additional production support provided by the team at Caspian Studios. 

Kazakhstan shuts down its Internet as civil unrest continues (and one consequence is a disruption of alt-coin mining in that country). The UK's NHS warns of unknown threat actors exploiting Log4j bugs in unpatched VMware Horizon servers. In the US, CISA continues to assist Federal agencies with Log4j remediation, and observers call for more Government support of open-source software security. A major provider of school websites is hit with ransomware. Our guest is John Belizaire of Soluna Computing with a new approach to data center efficiency. Thomas Etheridge from CrowdStrike on supply chain risks. And the US extends the deadline to apply for grants in support of rip-and-replace. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/5

ICS vendors address Log4j vulnerabilities. Regulators and legislators think about addressing issues in the software supply chain. Ransomware gangs were quick to exploit Log4shell. An old, and patched, Windows vulnerability is being exploited by the Malsmoke gang. Social engineering of Google Docs users is up. Mr. Klyshin pleads not guilty. Robert M. Lee from Dragos makes the case for salary transparency. Our guest is George Gerchow from Sumo Logic with new approaches for the modern threat landscape. And call spoofing is making robocalls moderately more plausible. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/4

Ransomware is a major threat to any and all computer networks. All companies large, small, healthcare, nonhealthcare can be impacted by it. Ransomware is a cyber-attack where the user cannot obtain access to their system. They are criminal acts that much be treated as one, swift action must be taken to protect your system and your patients PHI.  Join Jeff Hedges from the Pharmacy Compliance Guide and Becky Templeton from R.J. Hedges & Associates, as they discuss Ransomware, how to determine a HIPAA breach, what to do if you are a victim of Ransomware, how to report cyber-attacks, how to report a breach due to ransomware attack, how cyber insurance may help, what kind of fines may be associated with a cyber-attack, and the real steps to prepare for an OCR inspection. Learn more about how to protect your pharmacy from Ransomware threats: https://www.rjhedges.com/blog/topic/podcasts Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware attacks hit without warning, inflicting serious damage with effects that can linger for years. With strong crisis management capabilities, however, companies can mitigate the damage – and even grow trust with customers, deepening the connection to their values and purpose.

Guest Adam Flatley, Director of Threat Intelligence at Redacted, talks with Dave about "the only way to truly disrupt the ransomware problem is to target the actors themselves," Joe shares some statistics that will help you stay up-to-date on recent cybersecurity trends, Dave's story is about criminal indictments in a case of a Maryland company buying lead paint victims' settlements for a fraction of their value, and our Catch of the Day comes from listener Brady about a slick mail campaign they received from "Amazon." Links to stories: 22 cybersecurity statistics to know for 2022 Criminal indictments filed against Maryland company that targeted Baltimore lead paint victims' settlements Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Ransomware is the biggest problem facing organizations today. These attacks can cause severe IT disruptions but also bring huge financial challenges far beyond the ransom itself. This episode talks about the real costs of ransomware to an organization. Be aware, be safe. Get ExpressVPN, Secure Your Privacy And Support The ShowBecome A Patron! Patreon Page *** Support the podcast with a cup of coffee *** - Ko-Fi Security In Five —————— Where you can find Security In Five —————— Security In Five Reddit Channel r/SecurityInFive Binary Blogger Website Security In Five Website Security In Five Podcast Page - Podcast RSS Twitter @securityinfive iTunes, YouTube, TuneIn, iHeartRadio,

In this week's episode the cyber security experts, Bryan Hornung, Reginald Andre, and Randy Bryan discuss cyber attacks that are happening now in 2022. Also, the team will briefly go over the myth of LastPass and why people should not save passwords within their browsers.

2021 was a tough year for security - how can we do better in 2022? Richard chats with Jess Dodson about working to get better at information security in your organization. Jess talks about the log4j exploit as a great example of "what don't we know" - and the need for a software bill of materials as part of your configuration management database. Having a list of the libraries that internal applications depend on helps you respond in a time of crisis, being able to answer the question "where are we vulnerable?" This leads to a conversation about better DevSecOps - where development, security, and operations all take security seriously and help each other to help the organization succeed!Links:Power AppsAzure SentinelSoftware Bill of MaterialsConfiguration Management DatabaseRecorded December 20, 2021

In today's podcast we cover four crucial cyber and technology topics, including:  1. Portuguese-based media firm impacted by ransomware  2. Hospitality group in Western suffers ransomware attack, loses employee data  3. Criminals undetected for four days in attack against heath care network    4. Threat actors target Israeli media on anniversary of Iranian General death I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

The Ransomware Minute is a rundown of the latest ransomware attacks & news, brought to you by CyberArk. Listen to the podcast weekly and read it daily at https://ransomwareminute.com • CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine. To learn more about our sponsor CyberArk, visit https://cyberark.com

Note: Don't miss Killing IT Live - January 19th at 9am Pacific - Register now at https://killingitlive.com  Topic 1: The “Cyberdemic” will continue, according to Experian. Record breaking number on cyber breaches. Many elements conspire against us. What can you do? Link: https://www.bloomberg.com/press-releases/2021-12-06/the-cyberdemic-will-continue-according-to-the-2022-experian-data-breach-industry-forecast  Topic 2: OpenSource and the internet. Solid code, to a point. Should we have a way to hold someone responsible? Is a "Software Bill of Materials" a good idea or bad idea? Links: https://www.technologyreview.com/2021/12/17/1042692/log4j-internet-open-source-hacking/ https://www.linkedin.com/pulse/sbom-good-intentions-bad-analogies-uglyoutcomes-alex-gantman/  Topic 3: Winning by being human? When cyber criminals are doubling down on AI and expensive programming, perhaps we need to take a lower-tech approach to defeating them. Here are some options. Link: https://www.wsj.com/articles/magnus-carlsen-ian-nepomniachtchi-world-chess-championship-computer-analysis-11639003641 ----- Sponsor Note: Calyptix Cyber security for small business is overwhelming. Unprecedented threats, escalating rhetoric and limited resources. So lean on your community. The Calyptix Community Shield automatically unites small businesses and raise the costs and challenges for cybercriminals by harnessing threat intelligence from our community. If they attack any one of us, everyone gets the benefit with Community Shield. An example? A log4J blocklist for scanners and exploits, rolled out specifically for outbound events - All for no added cost. By working together, we will prevail. Learn more at https://calyptix.com and tell them we sent you. :-)  

Play: 0:00-0:07 I think I agree with Chuck Schumer … and more on today's CrossPolitic Daily News Brief. This is Toby Sumpter. Today is Tuesday, January 4, 2021. VAERS Stats from SEn. Ron Johnson The chart lists Ivermectin, Hydroxychloriquine, Flu vaccines, Dexamethasone, Tylenol, Remdesivir, and Covid Vaccines. While Ivermectin lists 393 total deaths, with 15 deaths per year, and hydroxychloriquine lists 1770 total deaths, averaging 69 deaths per year, and Flu vaccines list 2001 deaths total, with an average of 77 deaths per year, Covid vaccines show a total of 21,002 deaths and since that has only been counting for the last year, that is also the currently annual average: 21,002 deaths from COVID vaccines. Now, were some of those deaths with vaccines instead of from vaccine? Most likely. But something is going on there. Girls-Only Schools Say They Will Only Admit Biological Girls A group of girls-only private schools in Britain are refusing to admit transgender students, worried that it could affect their status as single-sex schools under current law. The Girls' Day School Trust (GDST), which represents 25 schools across Britain, released its policy with regards to gender identity in order to clarify that the schools organizing through this group should reject the admission of transgender children. The GDST believes that an admissions policy based on gender identity rather than the legal sex recorded on a student's birth certificate would jeopardize the status of GDST schools as single-sex schools under the act,” their new guidance states. “For this reason, GDST schools do not accept applications from students who are legally male. We will, however, continue to monitor the legal interpretation of this exemption,” the guidance continues. The Trust hastened to add that all current transgender students are welcome to remain as students. The Trust also sacrificed four oxen, three sheep, and two turtle doves following the announcement, hoping not to be destroyed from the face of the earth. The problem is that men in the UK and in North America have not stood for freedom: DNB AR500 Armor: The Mission of Armored Republic is to Honor Christ by equipping Free Men with Tools of Liberty necessary to preserve God-given rights. In the Armored Republic there is no King but Christ. We are Free Craftsmen. Body Armor is a Tool of Liberty. We create Tools of Liberty. Free men must remain ever vigilant against tyranny wherever it appears. God has given us the tools of liberty needed to defend the rights He bestowed to us. Armored Republic is honored to offer you those Tools. Visit them at www.ar500armor.com. Biden To Promote Meat Industry Overhaul President Biden on Monday will promote an overhaul of the meat-packing industry as he blames rising consumer prices and dwindling farmers' profits on the handful of large “middlemen” who dominate the processing segment of the supply chain. Play: 2:00-2:44 The White House said the administration will spend $1 billion to expand independent processing capacity and instill competition in a market where four meat-packing companies control 85% of the beef market, four firms control 50% of poultry processing, and four big processors control 70% of the pork market. Mr. Biden is under pressure to alleviate inflation and supply chain pressures that are making food, gas, toys and other products more expensive. At times, he's blamed the sticker shock on price gouging by big industry players. The meat-processing industry is his latest target. He said dominant processors are increasing their profits at the expense of farmers and families. Mr. Biden's plan includes $100 million for workforce training and safety after Congress accused the meat-packing industry of forcing workers into unsafe conditions during the pandemic. Ransomware attacks also hit the industry earlier in Mr. Biden's term. The White House said it will strengthen rules that require farmers and ranchers to get a fair price for the meat they provide. Ah… there we go: strengthen rules that require fair prices… That's exactly what you don't the Federal Government to be doing. Rep. Thomas Massie thread: Thread. The Biden administration is over the target. Four companies control the majority of meat processed in the United States. This quad-opoly of corporate middlemen have driven up prices in stores while depressing prices paid to struggling farmers. (tinyurl.com/5bxm87km) We all agree: the solution is to promote competition. Biden advisors recommend antitrust lawsuits against the big packers and subsidies for the little guys. There's a better answer though that's free: Roll back crippling regulations on the little guys and they will flourish. Six years ago, I worked with Democrats and Republicans in the House and Senate to introduce a bill called the PRIME Act, which would right-size regulations and break up the corporate monopoly on meat processing. We've introduced this bill in every congress since 2015. The PRIME Act would allow local farmers to sell meat in local grocery stores using local processors, as long as the commerce doesn't cross state lines, and complies with all state and county regulations (such as monthly inspections by county health departments). Here's the PRIME Act, just a few pages and easy to understand. Check out the House and Senate sponsors from both sides of the aisle: (congress.gov/bill/117th-con…) (congress.gov/bill/117th-con…) So who opposes the PRIME Act and why hasn't it passed? Big Agriculture lobbyists (posing as friends of small farmers) oppose this bill, and I'm sad to tell you they've bought off most members of the House Agriculture committee. But a President could cut through the bull! Meanwhile, critics also pointed out that Biden doesn't seem to be too concerned about Big Pharma monopolies. How many Pharmaceutical companies control the current medicine markets? And speaking of monopolies: Democrats Pushing End to Filibuster Rules Democrats are resuming their push to change Senate filibuster rules in the hope of passing elections legislation, and they plan to use the one-year anniversary of the Capitol riot to win over two hold outs, Senators Joe Manchin and Kyrsten Sinema. Democrats are hopeful that they can sway the two moderates by arguing both publicly and privately that the riot set off a sustained Republican effort to erode voting rights in state capitals across the country, Politico reported Monday. Of course this would be an about-face from previous stances. For example: In 2005, Then-Sen. Joe Biden, D-Del., condemned weakening the Senate's tradition of extended debate as “an example of the arrogance of power,” a “power grab by the majority party” that would “eviscerate the Senate.” It was 2005, and Republicans held the White House and Congress. Chuck Schumer on the Filibuster Play Audio The Senate was established originally as a check against majoritarian impulses. It has an equal voice for all the states - 2 senators per state, and there are six year terms with only a third of the senators up for re-election every two years. The 60 vote filibuster is not required by the constitution, but it is certainly in keeping with the spirit of the constitution. Removing the 60 vote threshold certainly does move it closer to the House. Of course in May 2017, Then-President Donald Trump demanded that Senate Republicans abandon extended debate in order to enact his legislative priorities. Sen. Mitch McConnell, R-Ky., majority leader at the time, rejected “fundamentally changing how the Senate has worked for a very long time.” The difference between playing politics and standing for principle is seen very clearly right here. Principles are things that don't change. They remain the same for everyone, no matter who is in power. Frequently, Republicans are just as bad as Democrats. While there is certainly room to be grateful for some of what Trump did, this is certainly an area where he was rocking the boat in an unprincipled way. If the Democrats were smart, they'd cite Donald Trump as a defense for their move. PSalm of the DAy: Psalm 30 2:48-3:28 Remember you can always find the links to our news stories and these psalms at crosspolitic dot com – just click on the daily news brief and follow the links. This is Toby Sumpter with Crosspolitic News. A reminder: Support Rowdy Christian media, and share this show or become a Fight Laugh Feast Club Member. Remember if you didn't make it to the Fight Laugh Feast Conferences, club members have access to all the talks from Douglas Wilson, Joe Boot, Jeff Durbin, Glenn Sunshine, Nate Wilson, David Bahnsen, Voddie Baucham, Ben Merkle, and many more. Join today and have a great day.

Have You Checked If Your Email Is On The Dark Web? Let's Do It Now! Do you know how to find out if you have had your private information stolen? Well, you know, the odds are probably pretty bad, but where was it stolen? When? What has been stolen? How about your password and how safe is that password? We're going to show you real hard evidence, and what you can do to fix things! [Following is an automated transcript] [00:00:16] Knowing whether or not your data has been stolen and what's been stolen is very important. [00:00:24] And there is a service out there that you can go to. They don't charge you a thin dime, nothing, and you can right there find out which of your account has been compromised. And. Out on the dark web. Now the dark web is the place that the criminals go. That's where they exchange information they've stolen. [00:00:49] That's where they sell it. That's where you can buy a tool to do ransomware hacking all on your own. Far less than 50 bucks. In fact, ransomware as a service is available where they'll do absolutely everything except infect people. So you just go ahead and you sign up with them, you pay them a 20% or sometimes more commission. [00:01:12] You get somebody to download in fact to themselves with the ransomware and they do everything else. They take the phone call, they find out what it is. Company is doing and they set the ransom and they provide tech support for the person that got ransomed in order to buy Bitcoin or sometimes some of these other cryptocurrencies. [00:01:38] In fact, we've got another article in the newsletter this week about cryptocurrencies and how they may be falling through. Floor because of ransomware. We're going to talk about that a little later here, but here's the bottom line. You really want to know this. You want to know if the bad guys are trading your information on the dark web, you want to know what information they have, so you can keep an eye on. [00:02:11] Now you guys are the best and brightest, you know, you gotta be cautious or you wouldn't be listening today. And because, you know, you've been caught need to be cautious. You have been cautious, but the time you need to be the most cautious is right after one of the websites that you use, that hasn't been hacked because the fresher, the information, the more it's worth on the dark web, your identity can be bought on the dark web for. [00:02:38] Penny's depending on how much information is there. If a bad guy has your name, your email, the password you've used on a few different website, your home address, social security number, basically the whole shooting match. They can sell your personal information for as little as. $2 on the dark web. That is really bad. [00:03:02] That's sad. In fact, because it takes you a hundred or more hours. A few years ago, they were saying about 300 hours nowadays. It's less in order to get your identity kind of back in control. I suspect it probably is closer to 300, frankly, because you. To call anybody that pops up on your credit report. Oh, and of course you have to get your credit report. [00:03:29] You have to review them closely. You have to put a freeze on your. Got an email this week from a listener whose wife had her information stolen. He had lost a wallet some years ago and she found because of a letter that came saying, Hey, thanks for opening an account that someone had opened an account in her name. [00:03:51] Now the good news for her is that it had a zero balance. Caught it on time. And because it was a zero balance, it was easy for her to close the account and he's had some problems as well because of the lost wallet a few years back. So again, some basic tips don't carry things like your social security card in your wallet. [00:04:17] Now you got to carry your driver's license because if you're driving, the police wanted, okay. Nowadays there's in some ways less and less of a reason to have that, but our driver's license, as you might've noticed on the back, many of them have either a QR code or they've got a kind of a bar code scan on them, but that big QR code contains all kinds of information about. [00:04:41] You that would normally be in the online database. So maybe you don't want to carry a bunch of cash. Although, you know, cash is king and credit cards can be problematic. It kind of depends. And the same thing is true with any other personal identifiable information. Keep it to a minimum in your wall. But there is a place online that I mentioned just a minute ago that does have the ability to track much of the dark web. [00:05:13] Now this guy that put it together, his name's Troy hunt, and Troy's an Australian he's been doing this. Public service for forever. He tried to sell his little company, but the qualifications for buying it included, you will keep it free. And there are billions of people, or I shouldn't say people there's billions of requests to his website about people's private information. [00:05:42] So, how do you deal with this? What do you do? Well, the website is called, have I been poned? Have I been E and poned P w N E D. Ponying is an old term that comes from. Uh, these video games before they were online. And it means that basically I own you, I own all of your properties. You've been postponed and that's what Troy kind of followed here. [00:06:11] Have I been postponed to.com is a website that you can go to now. They have a whole bunch of other things. They have API calls. For those of you who are programmers and might want to keep an eye out for your company's record. Because it does have that ability as well. And it has a tie ins too, with some of the password managers, like one password to be able to tell is my new password, any good. [00:06:41] And which websites have been hacked. Does that make sense? And so that is a very good thing, too, because if you know that a website that you use has been hacked, I would like to get an email from them. So the first thing right there in the homepage, you're going to want to do. Is click on notify me. So you ensure in your email address, I'm going to do that right now, while we're talking, they've got a recapture. [00:07:12] I'm not a robot. So go ahead and click that. And then you click on the button. Notify. a lot of people are concerned nowadays about the security and safety of their information. They may not want to put their email address into a site like this. Let me assure you that Troy. Is on the op and up, he really is trying to help. [00:07:39] He does not use any of the information that you provide on his website for evil. He is just trying to be very, very helpful. Now his site might get hacked, I suppose, but it has been just a huge target of. Characters and because of that, he has a lot of security stuff in place. So once you've put your email address right into the notify me box, click on notify me of [00:08:06] Of course you got to click the I'm not a robot. So once you've done that, It sends you a verification email. So all you have to do at that point, it's just like my website. When you sign up for my newsletter, keep an eye out for an email from Troy from have I been poned.com asking you if you signed up for his notification service? [00:08:31] Obviously it is a very good idea to click on his link in the email. Now I caution people, it costs. And you guys all of the time about clicking on links and emails, because so many of them are malicious, but in the case of like Troy or my website, or maybe another one that you sign up for, if you just signed up for. [00:08:54] You should expect an email to come to your mailbox within a matter of a couple of minutes, and then you should spend just that minute or so. It takes to click on that email to confirm that you do want to get the emails from the website, because if you don't hit that confirmation, you're not going to get the emails. [00:09:17] Let me explain a little bit about why that is. Good guys on the internet don't want to spam you. They don't want to overload you with all kinds of emails that may matter may not matter, et cetera. They just want to get you information. So every legitimate, basic a guy out there business, a organization, charity that is legitimate is going to send you a confirmation email. [00:09:50] The reason is they don't want someone to who doesn't like you let's say to sign you up on a few hundred different emails site. And now all of a sudden you're getting. Well, these emails that you didn't want, I had that happen to me years and years ago, and it wasn't sites that I had signed up for. In fact, some of them were rather pornographic and they kept sending me emails all of the time. [00:10:19] So Troy is going to send you just like I do another legitimate website, send you an email. The link that you must click. If you do not click his link, you are not going to get the emails. It's really that simple. Now, Troy looking at a site right now has information on 11 billion pond account poned accounts. [00:10:47] Really? That is huge. It is the largest collection that's publicly available of. To count. So I'm, we're going to talk about that a little bit more. And what information does he have? How does he protect it? What else can you find out from? Have I been poned? This is an important site. One of the most important sites you can visit in order to keep yourself safe. [00:11:16] Next to mine. Right? Make sure you visit right now. Craig peterson.com/subscribe and sign up for my newsletter and expect that confirmation email to. [00:11:29] Have you been hit by ransomware before? Well, it is a terrible thing if you have, but what's the future of ransomware? Where is it going? We've talked about the past and we'll start with that and then move into what we're expecting to come. [00:11:46] The future of ransomware is an interesting one. And we kind of have to look at the past in ransomware. [00:11:55] Ransomware was pretty popular in that bad guy. Just loved it. They still do because it is a simple thing to do. And it gives them incredible amounts of flexibility in going after whoever they want to go. After initially they were sending out ransomware to anybody's email address. They could find and hoping people would click on it. [00:12:24] And unfortunately, many people did click. But back then the ransoms were maybe a couple hundred dollars and you paid the ransom and 50% chance you got your data back. Isn't that terrible 50% chance. So what do you do? How do you make all of this better? Make your life better? Well, ransomware really, really drove up the value of Bitcoin. [00:12:54] Bitcoins Ascension was largely based on ransomware because the bad guys needed a way that was difficult to trace in order to get paid. They didn't want the bank to just sweep the money back out of your account. They didn't want the FBI or other agencies to know what they were doing and where they were located. [00:13:20] So, what they did is, uh, they decided, Hey, wait a minute. Now this whole crypto game sounds interesting. And of course talking about crypto currency game, because from their viewpoint, it was anonymous. So they started demanding ransoms instead of dollars, PayPal, even gift certificates that they would receive from you. [00:13:46] They decided we're going to use some of the cryptocurrencies. And of course the big one that they started using was Bitcoin and Bitcoin has been rather volatile. Hasn't it over the years. And its founding was ethically. Empty, basically what they did and how they did it. It's just disgusting again, how bad some people really are, but they managed to manipulate the cryptocurrency themselves. [00:14:17] These people that were the early. There's of the cryptocurrency called Bitcoin and they manipulated it. They manipulated people into buying it and accepting it, and then they managed to drive the price up. And then the, the hackers found, oh, there's a great way to do it. We're going to use Bitcoin. And so they demanded ransoms and Bitcoin, and they found that no longer did they have to get like a hundred dollar gifts, different kid for Amazon. [00:14:46] Now they could charge a thousand dollars, maybe even a million dollars or more, which is what we saw in 2021 and get it paid in Bitcoin. Now Bitcoin is kind of useful, kind of not useful. Most places don't take Bitcoin as payment, some have started to because they see it might be an investment in the future. [00:15:11] I do not use Bitcoin and I don't promote it at all, but here's what we've been seeing. Uh, and this is from the chief technology officer over tripwire, his name's Dave Meltzer. What we've seen with ransom. Attacks here. And the tie to Bitcoin want to cry back in 2017 was terrible and it destroyed multiple companies. [00:15:39] One of our clients had us protecting one of their divisions and. We were using really good software. We were keeping an eye on it. In fact, in the 30 years I've been protecting businesses from cyber intrusions. We have never, ever had a successful intrusion. That's how effectively. And I'm very, very proud of that. [00:16:05] Very proud of that. We've we've seen ransomware attacks come and go. This wanna cry. Ransomware attack destroyed every part of the company, except for. The one division we were protecting, and this is a big company that had professional it, people who really weren't very professional. Right. And how, how do you decide, how do you figure out if someone really knows what they're talking about? [00:16:32] If all they're doing is throwing around buzzwords, aren't, that's a huge problem for the hiring managers. But anyways, I digress because having a. Particular series of letters after your name representing tests that you might've passed doesn't mean you're actually any good at anything. That's always been one of my little pet peeves over the decades. [00:16:55] Okay. But another shift in the targeting of ransomware now is showing a major uptick in attacks. Operational technology. Now that's a real big thing. We've had some huge hits. Uh, we think of what happened with solar winds and how it got into solar wind software, which is used to monitor computers had been. [00:17:24] And had inserted into it. This one little nice little piece of code that let the bad guys into thousands of networks. Now we've got another operational technology hack in progress. As we speak called vog for J or log for shell. Huge right now, we're seeing 40% of corporate networks are right now being targeted by attackers who are trying to exploit this log for J. [00:17:53] So in both cases, it's operational software. It's software businesses are using. Part of their operations. So we're, and part of that is because we're seeing this convergence of it, which is of course information technology and operational technology environment. In many times in the past, we've seen, for instance, the sales department going out and getting sales force or, or something else online or off. [00:18:25] They're not it professionals in the sales department or the marketing department. And with all of these kids now that have grown up and are in these it departments in their thirties and think, wow, you know, I've been using technology my whole life. I understand this stuff. No, you don't. That has really hurt a lot of bigger companies. [00:18:48] Then that's why some companies have come to me and saying, Hey, we need help. We need some real adult supervision. There's, there's so many people who don't have the decades of experience that you need in order to see the types of holes. So. We've got the it and OT kind of coming together and they've exposed a technology gap and a skills gap. [00:19:16] The businesses are trying to solve right now in order to protect themselves. They're moving very quickly in order to try and solve it. And there they've been pretty much unable to. And w we use for our clients, some very advanced systems. Hardware software and tools, because again, it goes back to the kind of the one pane of glass. [00:19:38] Cisco doesn't really only have one pane of glass, but that's where it goes back to. And there's a lot of potential for hackers to get into systems, but having that unified system. That Cisco offers really helps a lot. So that's kinda my, my little inside secret there, but we walk into companies that have Cisco and they're completely misusing them. [00:20:02] In fact, one of these, uh, what do you, would you call it? Well, it's called a school administrative unit in my state and it's kind of a super school board, super school district where there's multiple school districts. Hold two. And they put out an RFP because they knew we liked Cisco and what some of the advantages were. [00:20:22] So they put out a request for proposal for Cisco gear and lo and behold, they got Cisco gear, but they didn't get it configured properly, not even close. They would have been better off buying something cheap and being still exposed. Like, you know, uh, I'm not going to name some of this stuff you don't want to buy. [00:20:42] Don't want to give them any, uh, any airtime as it were. But what we're finding now is law enforcement has gotten better at tracking the digital paper trail from cryptocurrencies because cryptocurrencies do have a. Paper trail and the bad guys didn't realize this. At first, they're starting to now because the secret service and the FBI have been taking down a number of these huge ransomware gangs, which is great. [00:21:16] Thank you very much for doing that. It has been phenomenal because they've been able to stop much of the ransomware by taking down these gangs. But criminal activity that's been supported by nation states like North Korea, China, and Russia is much harder to take down. There's not much that our law enforcement can do about it. [00:21:42] So w how does this tie into ransomware and cryptocurrency while ultimately. The ability to tr address the trail. That's left behind a ransom payment. There's been a massive shift in the focus from government trying to tackle the underlying problem of these parolees secured curdle Infor critical infrastructure sites. [00:22:06] And that's what I did training for. The eyes infra guard program on for a couple of years, it has shifted. Now we've got executive orders. As I mentioned earlier, from various presidents to try and tighten it up and increase government regulation mandate. But the big question is, should you pay or not? And I recommend to everyone out there, including the federal government recommends this, by the way, don't pay ransoms because you're just encouraging them. [00:22:40] Well, as fewer and fewer ransoms are paid, what's going to happen to Bitcoin. What's going to happen to cryptocurrencies while the massive rise we saw in the value of Bitcoins will deteriorate. Because we won't have businesses trying to buy Bitcoin before they're even ransomed in order to mitigate any future compromise. [00:23:06] So I love this. I think this is great. And I think that getting more sophisticated systems like what, like my company mainstream does for businesses that I've been doing for over 30 years is going to draw. Well, some of these cryptocurrencies like Bitcoin down no longer will the cryptocurrencies be supported by criminals and ransomware. [00:23:35] So that's my hope anyways. And that's also the hope of David Meltzer, chief technology officer over at tripwire hope you're having a great year so far. You're listening to Craig Peter sohn.com. Sign up for my. At Craig peterson.com. And hopefully I can help you have a little bit of a better year ahead. [00:23:57] All of these data breaches that the hackers got are not graded equal. So we're going to go through a few more types of hacks, what they got. And what does it mean to you and what can you do about it? [00:24:13] Have I been B EEN poned P w N E d.com. And this is a website that has been put together by a guy by the name of Troy hunt. He's an Australian and it goes through the details of various. So that he has found now it's not just him. There are a lot of people who are out there on the dark web, looking for hacks, and there's a few different types of hacks. [00:24:43] And of course, a lot of different types of information that has been compromised and gathered by the bad guys. And, um, stat just out this week is talking about how businesses are so easy. To compromise. It is crazy. This was a study that was done by a company called positive technologies, and they had a look at businesses. [00:25:11] Basically they did white hacking of those businesses and found that 93% of tested networks now. 3% of tested networks are vulnerable to breaches. Now that is incredible. And according to them in dark reading, it says the vast majority of businesses can be compromised within one month by a motivated attacker using common tech. [00:25:42] Such as compromising credentials, exploiting, known vulnerabilities in software and web applications or taking advantage of configuration flaw. Isn't that something in 93% of cases, an external attacker could breach a target company's network and gain access to local devices and systems in 71% of cases, the attacker could affect the business in a way deemed unacceptable. [00:26:13] For example, every. Bank tested by positive technologies could be attacked in a way, the disrupted business processes and reduced their quality of service. It's a very big deal. And much of this has to do with the fact that we're not taking cyber secure. Seriously as businesses or as government agencies. [00:26:41] Now, the government agencies have been trying to pull up their socks. I got to give a handout to president Biden. He really started squeezing many of these federal contractors to get security in place. President Trump really pushed it even back to president Obama, who. Pushed this fairly heavily. Now we're starting to see a little bit of movement, but how about the smaller guys? [00:27:08] How about private businesses? What are you doing? So I'm going through right now. Some of the basic things you can get from, have I been poned and what you can do with all of that data, all of that information, what does it mean to you? So I'm looking right now at my business email address, which isCraig@mainstream.net, pretty simple Craig and mainstream gotten that. [00:27:36] And I found because this email address is about 30 years old. Yeah. I've been using it a long time, about 14 data breaches and. Paste. All right. So what does that mean? What is a paste? Well, pastes are a little bit different than a regular hack. All right. The paste is information that has been pasted to a publicly facing. [00:28:03] Website. Now there's many of them out there. There've been a lot of breaches of Amazon site of Amazon databases, Azure, all of these types of things. But we're, we're talking about here are these websites that are designed to. People to share whatever they want. So for instance, you might have a real cool program, wants to people, those to try out to you don't have the bandwidth to send it to them. [00:28:28] You certainly can send it via email because it's much, much, much too big. So sites like Pastebin or out there to allow you to go ahead and paste stuff in and share the link. Pretty simple, fairly straightforward. Well, these pay sites are also used by hackers to make it even easier for them to anonymously share information. [00:28:55] And many times the first place that a breach appears is on one of these paste sites. So have I been poned searches through these different pastes that are broadcast by a Twitter account called dump Mon, which is a site where again, bad guys are putting information out about dumps had been found as well as good guys. [00:29:20] All right. And they. Port, uh, on, in the dump mom dump MUN Twitter account. If you're interested, it's at D U M P M O N. They report emails that are potential indicator of a breach. So finding an email address in a paste. Necessarily mean it's been disclosed as a result of a breach, but you should have a look at the paste and determine whether or not your account has been legitimately compromised as part of that breach or not. [00:29:53] All right. So in my case again, for theCraig@mainstream.net email address, it was involved. In a paste. So let me see what it says. So let me see. It shows it involved in a pace. This is pace title AA from July, 2015. So this is information from published to a publicly facing website. I don't know if I click on that. [00:30:22] What does it do? Yeah. Okay. So it actually has a link to the paste on AEs to ban. And in this case it's gone, right? It's been deleted. It could have been deleted by the Pastebin staff. Somebody told them to take it down, whatever it is. But again, have I been poned allows you to see all of the information that has been found by the top security. [00:30:48] Researchers in the world, including various government agencies and allows you to know what's up. So let's have a look here at passwords. So if you click passwords at the very top, this is the other tool you should be looking at. You can safely type in the passwords you use. What have I been poned does is instead of taking the passwords from these hacks in the clear and storing them, it creates a check some of the password. [00:31:21] So if you type a password into this, I'm going to type in P a S S w Z. Oh, excuse me. Uh, oh, is that, let me use a better password. P at S S w zero RD. One of the most common passwords on the internet, common passwords ever. Okay. So it says, oh no, poned this password has been seen 73,586 times B four. Okay. It says it, the passwords previously. [00:31:53] Appeared in a data breach and should never be used if you've ever used it anywhere before change it. You see, that's why you need to check your passwords here. Are they even safe to use because what the bad guys have done in order to counter us using. Longer passwords. Cause it's not the complexity of the password that matters so much. [00:32:16] It's the length of the password. So they don't have enough CPU resources in order to try every possible password from eight characters through 20 characters long, they could never do that. Would take forever or going to try and hack in. So what they do is they use the database of stolen passwords in order to try and get in to your account. [00:32:42] Hey, I'm going to try and summarize all of this in the newsletter. So keep your eye. For that. And again, the only way you're going to find that out and get my summary today, including the links to all of this stuff is by being on my email list. Craig Peterson.com/subscribe. That's Craig Peterson, S O n.com/subscribe, stick around. [00:33:09] Did you know, there is a site you can check your password against to see if other people have used it. And if that password has been stolen, it's a really great site called have I been postponed? And we're going to talk about it more right now. [00:33:26] You know, I've been doing cyber security pretty much as a primary job function here in my career for about, let me see. [00:33:37] Not since 92. So my goodness, uh, yeah, an anniversary this year. Okay. 30 years. So you're listening to a lot of experience here as I have. Protect some of the biggest companies in the world, the department of defense, defense, and military contractors all the way down through our local dentist's office. So over 5,000 companies over the years, and I helped perform what are called virtual CIS services. [00:34:11] Which are services to help companies make sure that they have their security all lined up. And we also have kind of a hacker audit whether or not you are vulnerable as a business to being hacked. So we'll go in, we'll look at your systems. We can even do a little bit of white hat hacking in order to let you know what information is out there available about your company. [00:34:39] And that's really where. Have I been poned comes in. It's a very simple tool to use and it gives you some great information, some really good information about what it is that you should be doing. What is that? I had a meeting with the FBI, one of my client's sites, because they had been hacked and my client said, yeah, go ahead and bring them in. [00:35:03] And it turned out to be the worst infection that the Boston office of the FBI has ever seen. There were active Chinese backdoors in there stealing their information. Their plans are designed everything from them. Right there. Right. And, oh, it was just incredible to see this thing that it all started because they said they had an email problem. [00:35:30] We started looking at more closely and we found him indications of compromise, et cetera. So it gets bad. I've been doing this for a long time. But one of the things that you can do, cause I understand not everybody can do what we do. There are some very complicated tools we use and methods, methodologies, but this is something anyone can do. [00:35:53] Again, this site's called, have I been poned.com? You don't have to be a white hat hacker to use this. This is not a tool for the black hats, for another words, for the bad guys, for the hackers out there. This is a tool for you, whether you're a business person or a home user. And we talked about how you can sign up there to get a notification. [00:36:18] If your account has been hacked. So I'm going to the site right now. Have I been poned, which is spelled P w N E D. Have I being B E N poned P w N E d.com. And I'm going to type in me@craigpetersong.com, which is my main email address for the radio show and others. So good news. It says. Postage found. In other words, this particular email address has not been found in any of the hacks on the dark web that Troy has access to. [00:36:56] Now, remember, Troy does not know about every hack that's occurred. He does not know about every data breach that has occurred, but he knows about a whole lot of them. And I mean, a lot. If you look on his site right there in the homepage, you'll see the largest breaches that he knows about drug. For instance, 510 million Facebook accounts that were hacked. [00:37:24] He has the most recently added breaches. We just got an addition from the United Kingdom, from their police service over there. Some of the more recent ones include Gravatar accounts. Gravatar you might have a, it's a very common, in fact, 114 million Gravatar accounts information were compromised. So me at Craig Peterson is safe. [00:37:52] Well, let me check. My mainstream email address now, mainstream.net is the website that I've been using for about 30 years now online. And this is the company that I own that is looking at how do we protect businesses? No. And we're a small company, basically a family operation, and we use a lot of different people to help out with specific specialties. [00:38:21] But let me seeCraig@mainstream.net, this one's guaranteed to be poned all right, because again, that email addressCraig@mainstream.net is close to 30 years old. Uh, okay. So here we go. 14 data breaches. It says my business email address has been involved. Eight tracks back in 2017 and it says compromised data was emails and passwords. [00:38:48] The Apollo breach in July of 2018. This was a sales engagement startup email address, employer, geographic location, job, title, name, phone number salutation, social media profiles. Now you see this information that they got about me from this Apollo breach. Is the type of information that they need in order to fish you now, we're talking about phishing, P H I S H I N G. [00:39:17] And the whole idea behind fishing is they trick you into doing something that you probably. Should not do. And boy, do they trick you into it? Okay. So the data left, exposed by a Paulo was used in their revenue acceleration platform and it's data that they had gathered. That's fishing stuff. So for instance, I know my company name, they know where it's located. [00:39:44] They know what my job title is, uh, phone numbers, uh, how to address me, right. Not my pronouns, but salutations, uh, and social media profile information interest in it. So think about all of that and how they could try and trick me into doing something that really is against my best judgment. My better interest makes sense. [00:40:09] Co this big collection collection. Number one in January, 2019, they found this massive collection of, of a credential stuffing lists. So that's combinations of email addresses and passwords. It's the, uh, 773 million record collection. So what password stuffing is, is where they have your username. They have your passwords that are used on multiple accounts. [00:40:40] Now, usually the username is your email address and that's a problem. And it really bothers me when websites require your email address for you to log in, as opposed to just some name that you make up. And I make up a lot of really cool names based on random words. Plus I have 5,000 identities that are completely fabricated that I use on various social media sites or other sites where I don't care if they have my right information. [00:41:14] Now, obviously the bank's gonna need your information. You can't give it to the, you know, the fake stuff to law enforcement. Too anyways, but that's what credential stuffing is. They will use the email address that you have, that they found online in one of these massive dumps, or maybe one of the smaller ones are long with the passwords. [00:41:39] They found that you use on those websites and they will stuff them and other. They'll use them on a website. They will continually go ahead and just try different username, different password combinations until they get in. Now, that is a very, very big problem called credential stuffing. And that's why you want to make sure that you change your password when a breach occurs. [00:42:10] And it isn't a bad idea to change it every six months or so. We'll talk more about this when we get back, but I want you to make sure you go right now because we've got bootcamps and other things starting up with just probably mid to late January. And you only find out about them@craigpeterson.com. [00:42:32] Make sure you subscribed. .

Our guest Doel Santos, Threat Research Analyst at Palo Alto Networks, joins Dave Bittner to talk about Unit 42's work on "Ransomware Groups to Watch: Emerging Threats." As part of Unit 42's commitment to stop ransomware attacks, they monitor the activity of existing groups, search for dark web leak sites and fresh onion sites, identify up-and-coming players and study tactics, techniques and procedures. During their operations, Unit 42 observed four emerging ransomware groups that are currently affecting organizations and show signs of having the potential to become more prevalent in the future. Doel discusses these (AvosLocker, Hive Ransomware, HelloKitty, and LockBit 2.0) with Dave. The research can be found here: Ransomware Groups to Watch: Emerging Threats

Our guest Doel Santos, Threat Research Analyst at Palo Alto Networks, joins Dave Bittner to talk about Unit 42's work on "Ransomware Groups to Watch: Emerging Threats." As part of Unit 42's commitment to stop ransomware attacks, they monitor the activity of existing groups, search for dark web leak sites and fresh onion sites, identify up-and-coming players and study tactics, techniques and procedures. During their operations, Unit 42 observed four emerging ransomware groups that are currently affecting organizations and show signs of having the potential to become more prevalent in the future. Doel discusses these (AvosLocker, Hive Ransomware, HelloKitty, and LockBit 2.0) with Dave. The research can be found here: Ransomware Groups to Watch: Emerging Threats

Join Lou Maresca, Brian Chee, and Curt Franklin as we look back at some of the most important enterprise news stories of 2021. Hospitals hiding prices from search engines Palestinian hackers tricked victims into installing spyware on iOS devices Casino gets hacked through a fish tank thermometer President Biden's Right-to-Repair order issued Tesla Autopilot investigation after crashes into emergency vehicles Supply chain attacks are escalating EFF deprecates the HTTPS Everywhere browser plugin Report reveals 83% of ransomware victims pay to get data back Enterprise cybersecurity strategies are getting more attention Hosts: Louis Maresca, Brian Chee, and Curt Franklin Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

Join Lou Maresca, Brian Chee, and Curt Franklin as we look back at some of the most important enterprise news stories of 2021. Hospitals hiding prices from search engines Palestinian hackers tricked victims into installing spyware on iOS devices Casino gets hacked through a fish tank thermometer President Biden's Right-to-Repair order issued Tesla Autopilot investigation after crashes into emergency vehicles Supply chain attacks are escalating EFF deprecates the HTTPS Everywhere browser plugin Report reveals 83% of ransomware victims pay to get data back Enterprise cybersecurity strategies are getting more attention Hosts: Louis Maresca, Brian Chee, and Curt Franklin Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

Join Lou Maresca, Brian Chee, and Curt Franklin as we look back at some of the most important enterprise news stories of 2021. Hospitals hiding prices from search engines Palestinian hackers tricked victims into installing spyware on iOS devices Casino gets hacked through a fish tank thermometer President Biden's Right-to-Repair order issued Tesla Autopilot investigation after crashes into emergency vehicles Supply chain attacks are escalating EFF deprecates the HTTPS Everywhere browser plugin Report reveals 83% of ransomware victims pay to get data back Enterprise cybersecurity strategies are getting more attention Hosts: Louis Maresca, Brian Chee, and Curt Franklin Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

Join Lou Maresca, Brian Chee, and Curt Franklin as we look back at some of the most important enterprise news stories of 2021. Hospitals hiding prices from search engines Palestinian hackers tricked victims into installing spyware on iOS devices Casino gets hacked through a fish tank thermometer President Biden's Right-to-Repair order issued Tesla Autopilot investigation after crashes into emergency vehicles Supply chain attacks are escalating EFF deprecates the HTTPS Everywhere browser plugin Report reveals 83% of ransomware victims pay to get data back Enterprise cybersecurity strategies are getting more attention Hosts: Louis Maresca, Brian Chee, and Curt Franklin Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit

Velkommen til anden del af Techlivs jule- og nytårskavalkade. Denne gang ser vi især på kryptoscenen og metaverset, og dimser igennem med foldables, hjemmerobotter og elbiler. Der bliver også tid til at sige farvel til både tjenester og direktører, og til at høre om de fortsatte udfordringer med spyware og it-sikkerhed. Og så slutter vi med en lille profet-tipskupon om 2022. Godt nytår! Nic & Anders

Mehr als 100 Mal sind Computer öffentlicher Verwaltungen und Behörden 2021 erfolgreich angegriffen worden - so das Fazit auf dem Remote Chaos Communication Congress. Wieso werden gerade diese das Ziel von organisierter Kriminalität? Welchering, Peterwww.deutschlandfunk.de, Forschung aktuellDirekter Link zur Audiodatei

In today's podcast we cover four crucial cyber and technology topics, including:  1. Log4j newest patch flawed, could allow remote code execution   2. Norway media firm shuts down in seeming ransomware attack  3. Shutterfly addressing Conti ransomware attack   4. LastPass users have usernames, passwords guessed, potentially compromised I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

Have you ever heard of ransomware as a service? Listen now to find out how these attacks will soon become more common. Learn more about your ad choices. Visit megaphone.fm/adchoices

Want to be featured as a guest on Making Data Simple? Reach out to us at [almartintalksdata@gmail.com] and tell us why you should be next. AbstractMaking Data Simple Podcast is hosted by Al Martin, VP, IBM Expert Services Delivery, where we explore trending technologies, business innovation, and leadership ... while keeping it simple & fun.This week on Making Data Simple, we have Greg Edwards, CEO at Cryptostopper.  Greg has been a technology entrepreneur since 1998. Before Greg founded CryptoStopper, Greg started Axis Backup, a backup and disaster recovery company for the insurance industry. Greg  saw firsthand the rapid increase in the damage cyber criminals were doing with debilitating malware resulting in high financial loss to vulnerable companies. Between 2012 and 2015, one in five of Axis Backup's clients was hit by cybercrime. Greg realized effective cyber security could save businesses from costly downtime and compromised systems. In 2015, Axis Backup was acquired by J2 Global, freeing Greg to create CryptoStopper and focus exclusively on cybersecurity.Show Notes1:29 – Greg's background6:20 – Why the name CryptoStopper?8:06 – How do you define ransomware? 12:18 – 1 in 5 backups were hit by cybercrime?16:05 – How bad is it?24:38 – What does your technology do?29:36 – What makes your product different?33:31 – Ransomware is the # 2 threat to businessesgetcryptostopper.comGreg's email: gedwards@ getcryptostopper.comConnect with the TeamProducer Kate Brown - LinkedIn. Producer Steve Templeton - LinkedIn. Host Al Martin - LinkedIn and Twitter. 

In this weeks episode, the cybersecurity experts Bryan Hornung, Reginald Andre & Randy Bryan discuss 10 of the biggest cyber and ransomware attacks of 2021- Colonial Pipeline, Brenntag, JBS, KIA, Ireland's Health Service Executive (HSE), CNA Financial, Quanta, Acer, Accenture, and Kaseya. The crew also talks about two ransomware attacks, the Shutterfly services that was disrupted by Conti and the natural gas supplier Superior Plus that is similar to the Colonial Pipeline attack.

A group known as REvil has been pulling off ransomware attacks on businesses and government entities across the U.S., including in Texas. Ransomware is a kind of malware that is used to lock users out of computer data until they pay a ransom.         In 2019, REvil (also referred to as Sodinokibi) stole files from 22 Texas municipalities, hoping to get millions of dollars in ransom. Texas cities never coughed up the cash, but REvil kept pulling off attacks around the world.         But recently, the U.S. Department of Justice announced two foreign nationals have been charged for their involvement in deploying REvil ransomware attacks. The feds also seized $6.1 million allegedly traceable to ransom payments. The Dallas and Jackson FBI field offices have lead the investigation. In this episode, I talk to Dan Cogdell, a partner with the law firm JonesWalker, who specializes in white-color criminal defense, to put the REvil indictments in perspective. I also talk about a recent ransomware attack that affected city of Dallas employees, and read the headlines from stories I've had published in the last week. For more on these stories, visit DallasObserver.com. This episode is an audio adaptation of reporting I've done for the Dallas Observer. It is recorded and produced by me. REvil Ransomware Attacks Targeted 22 Texas Cities. Now, Two Men Have Been Charged.https://www.dallasobserver.com/news/feds-charge-two-allegedly-involved-in-revil-ransomware-attacks-12777965 Ransomware Attack Affects More Than 2,400 City of Dallas Employeeshttps://www.dallasobserver.com/news/ransomware-attack-affects-2411-city-of-dallas-employees-13038485 Protest Photographer Is Suing Dallas Police and City Over Injury Caused by 'Less-Lethal' Roundhttps://www.dallasobserver.com/news/warrant-obtained-for-dpd-officer-over-actions-during-dallas-george-floyd-protests-13056327 Dallas First Responders Sue the City Over Pay Disputehttps://www.dallasobserver.com/news/dallas-first-responders-sue-city-over-pay-13063269 Dallas Observer print edition:https://voice-media-group.dcatalog.com/v/Dallas-Observer-flipbook-12-23-21/?page=1

Happy holidays! Another year, another set of predictions around the life of IT Pros – now in 2022! The pandemic continues to evolve, with new variants appearing and vaccination levels getting high. Will the pandemic still be a significant factor next year? What about back-to-work plans? Or is working-from-home the new normal? The past year was tough on the security side of things with notable ransomware and business-email-compromise attacks – are you prepared? What will we be doing differently in the next year? And how did Richard's predictions from last year stand up to reality? Thanks again for listening!Recorded December 2021

Neste episódio, Samuel Leite comenta sobre o possível crescimento do número de ataques virtuais e como toda a agenda de cibersegurança deve ser importante ao longo de 2022.

In today's podcast we cover four crucial cyber and technology topics, including:  1. Dridex uses Omicron exposure lures in new phishing attacks  2. Inetum Group in France hit with BlackCat ransomware   3. Albania Prime Minister apologies for massive data leak  4. D.W. Morgan exposed client data via misconfigured cloud database I'd love feedback, feel free to send your comments and feedback to  | cyberandtechwithmike@gmail.com

The Chief Technology Officer of Inquest, Pedram Amini joins host George Rettas on Episode #192 of Task Force Radio to talk about the recent high profile ransomware attacks, why ransomware attacks are so successful, both from an attacker perspective and the practitioner's perspective, and he also breaks down what companies can do to harden then security postures against these types of the attacks. Amini also broke down the Trystero Project and his passion for research and development into the most recent malware tactics the bad guys are using. All this and much, much more on Episode #192 of Task Force 7 Radio.

Biggest stories of the year including Meta, mRNA, Log4j, NFTs, Ransomware COVID-19's impact on tech. Elon Musk in 2021. The World Is Still Short of Everything. Get Used to It. GM's heated seats and steering wheels are the latest casualties of the chip shortage. Baby Driver: Philadelphia woman gives birth in the front seat of Tesla on autopilot. The tangled history of mRNA vaccines. Ransomware Jerks Helped Cause the Cream Cheese Shortage. The Harvard Job Offer No One at Harvard Ever Heard Of. Microsoft's very bad year for security: A timeline. Log4j: The 'most serious' security breach ever is unfolding right now. REvil Ransom Arrest, $6M Seizure, and $10M Reward. Billionaires in space. FAA: No more commercial astronaut wings, too many launching. Fact check: Jeff Bezos' New Shepard rocket launch didn't emit carbon. Jeff Bezos steps down as Amazon's C.E.O., handing the reins to Andy Jassy. In a surprise tweet, Twitter CEO Jack Dorsey said he's stepping down. Square is changing its name to Block. The Metaverse Is Mark Zuckerberg's Escape Hatch. A Global Tipping Point for Reining In Tech Has Arrived. Lina Khan's Battle to Rein in Big Tech. Top trend of 2021: The Metaverse. 2021 ends with a question: Are NFTs here to stay? Android 12: Everything you need to know about Google's new big update to the popular OS! Colonial Pipeline: How a major oil pipeline got held for ransom. Sinclair Confirms Ransomware Attack That Disrupted TV Stations. A comprehensive breakdown of the Epic v. Apple Ruling. Tardigrade is first multicellular organism to be quantum entangled. Ever Given container ship leaves Suez Canal 106 days after getting stuck. VW rebrand turns out to be April Fool's joke. Olympics Broadcaster Announces His Computer Password on Live TV. Don't be fooled — Amazon's Astro isn't a home robot, it's a camera on wheels. I swallowed one of my AirPods. Woman swallows AirPods accidentally; claims device recorded audio from her stomach. Host: Leo Laporte Guests: Ant Pruitt, Mikah Sargent, and Jason Howell Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Blueland.com/TWIT noom.com/twit UserWay.org/twit

Biggest stories of the year including Meta, mRNA, Log4j, NFTs, Ransomware COVID-19's impact on tech. Elon Musk in 2021. The World Is Still Short of Everything. Get Used to It. GM's heated seats and steering wheels are the latest casualties of the chip shortage. Baby Driver: Philadelphia woman gives birth in the front seat of Tesla on autopilot. The tangled history of mRNA vaccines. Ransomware Jerks Helped Cause the Cream Cheese Shortage. The Harvard Job Offer No One at Harvard Ever Heard Of. Microsoft's very bad year for security: A timeline. Log4j: The 'most serious' security breach ever is unfolding right now. REvil Ransom Arrest, $6M Seizure, and $10M Reward. Billionaires in space. FAA: No more commercial astronaut wings, too many launching. Fact check: Jeff Bezos' New Shepard rocket launch didn't emit carbon. Jeff Bezos steps down as Amazon's C.E.O., handing the reins to Andy Jassy. In a surprise tweet, Twitter CEO Jack Dorsey said he's stepping down. Square is changing its name to Block. The Metaverse Is Mark Zuckerberg's Escape Hatch. A Global Tipping Point for Reining In Tech Has Arrived. Lina Khan's Battle to Rein in Big Tech. Top trend of 2021: The Metaverse. 2021 ends with a question: Are NFTs here to stay? Android 12: Everything you need to know about Google's new big update to the popular OS! Colonial Pipeline: How a major oil pipeline got held for ransom. Sinclair Confirms Ransomware Attack That Disrupted TV Stations. A comprehensive breakdown of the Epic v. Apple Ruling. Tardigrade is first multicellular organism to be quantum entangled. Ever Given container ship leaves Suez Canal 106 days after getting stuck. VW rebrand turns out to be April Fool's joke. Olympics Broadcaster Announces His Computer Password on Live TV. Don't be fooled — Amazon's Astro isn't a home robot, it's a camera on wheels. I swallowed one of my AirPods. Woman swallows AirPods accidentally; claims device recorded audio from her stomach. Host: Leo Laporte Guests: Ant Pruitt, Mikah Sargent, and Jason Howell Download or subscribe to this show at https://twit.tv/shows/this-week-in-tech Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Blueland.com/TWIT noom.com/twit UserWay.org/twit

So you got elected Delegate... now what? Alfonso Lopez explains the nitty gritty of being a new legislator, what to expect, and how to set yourself up for success. But first, critics of the Department of Corrections want an ombudsman to provide oversight over the conditions in Virginia jails. Also, the Division of Legislative Automated Systems has been crippled by ransomware right before the session, when lawyers and legislators scramble to make their final requests and revisions. The team also responds to listener tweets about their interviews with Clark Mercer and Tom Garrett. See more at: https://linktr.ee/JacklegMedia.

Health care has long lagged behind other industries when it comes to cybersecurity. But with ransomware attacks against the industry on the rise, providers are quickly trying to close the gap and protect their systems and patients.Guests:Karen Sprenger, CISSP, GCFE, Chief Operating Officer and Chief Ransomware Negotiator, LMG SecurityM. Eric Johnson, PhD, Ralph Owen Dean and Bruce D. Henderson Professor of Strategy, Vanderbilt University Owen Graduate School of ManagementAnahi Santiago, Chief Information Security Officer, ChristianaCareSaad Chaudhry, MPP, Chief Information Officer, Luminis HealthRead a full transcript, dig into the numbers, and learn more about ransomware negotiator Karen Sprenger on our website.Support this type of journalism today, with a year-end tax deductible gift (plus your gift will be matched!).Sign up for our weekly newsletter to see what research health policy experts are reading right now, plus recommendations from our staff.Follow us on Twitter. See acast.com/privacy for privacy and opt-out information.

More criminals exploit vulnerabilities in Log4j. The Five Eyes issue a joint advisory on Log4j-related vulnerabilities, as other government organizations look into defending themselves against Log4shell. Ransomware updates. Russo-Ukrainian tensions rise, as does the likelihood of Russian cyberattacks against its neighbor. Uganda and NSO Group's troubles. CISA issues six ICS advisories. Malek Ben Salem explains synthetic voices. Our guest is Dr. David Lanc from Ionburst on embracing Data Out protection. And some advice on how to be the family help desk and CISO during the holiday season. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/244

Ransomware attacks have been growing in popularity, especially in critical infrastructure. Due to the importance of critical infrastructure, the need to secure the environments is an impending issue. The technology used in ICS environments is sensitive and often based on older protocols. The desire for connectivity has created an opportune target for malicious actors. Join […] The post Webcast: Intro to Ransomware and Industrial Control Systems (ICS) appeared first on Black Hills Information Security.

Jess Symington, research lead at Elliptic, a blockchain forensics company, discusses the massive upswing in DeFi hacks during 2021, resulting in over $10 billion of DeFi value lost. Show topics: the state of crime in DeFi how much value has been lost to exploits whether the majority of hacks are the result of user or developer error the various types of exploits how to confirm when a project did, in fact, rug pull which blockchains are most susceptible to having exploits what has been happening recently in ransomware how DeFi hackers cash out why ransomware attackers, who usually request payment in Bitcoin, have a tougher time cashing out than DeFi hackers  whether hackers trend towards a specific profile/demographics  how easy it is for law enforcement to find hackers  whether blockchain's transparency is proving to be a helpful tool for regulators Jess's advice on how to prevent hacks for both protocols and users   Thank you to our sponsors! Avado: ava.do Crypto.com: https://crypto.onelink.me/J9Lg/unconfirmedcardearnfeb2021    Nodle: https://bit.ly/3AXGydJ      Episode Links   Elliptic Website: https://www.elliptic.co/  Blog: https://www.elliptic.co/blog    Hack Coverage Elliptic Research DeFi: Risk, Regulation and the Rise of DeCrime: https://www.elliptic.co/resources/defi-risk-regulation-and-the-rise-of-decrime https://www.cnbc.com/2021/12/14/common-defi-crypto-related-scams-and-how-to-protect-your-wallet.html  https://cryptobriefing.com/elliptic-estimates-12b-lost-to-defi-exploits/  Rekt Leaderboard (giving a dollar figure for recent hacks along with a summary of what happened) https://rekt.news/leaderboard/    Unchained Podcast on Ransomware https://unchainedpodcast.com/how-ransomware-evolved-into-a-big-business/   

According to a new report, in 2020 2,400 U.S.-based healthcare facilities, local governments, schools, and other institutions were victims of ransomware—a form of cyber-attack in which a hacker holds a person's data hostage and demands a ransom to permit them to access it again. Ransomware has become such a problem that in October the U.S. […]

Log4Shell is exploited by criminals and intelligence services. Private sector offensive cyber capabilities are on par with nation-states. Noberus ransomware is used in double-extortion attacks. Malek Ben Salem from Accenture looks at cyber twins. Our guest is Tom Kellermann from VMware with reaction to CISA's Binding Operational Directive. And Squid Game phishbait. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/240

An update on the Log4shell, and how it's being exploited in the wild. A ransomware attack disrupts a cloud-based business service provider. NSO Group is said to be considering selling off its Pegasus unit. A marketing presentation suggests Huawei has been deeply implicated in providing tools for Chinese repression. Nigeria's cyber gangs are actng like Murder, Inc. An arrest in Romania, sentences in Germany. Joe Carrigan looks at the language of cyber security. Our guest Brad Hawkins of SaferNet wonders if digital privacy even exists anymore. And news from Mars. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/238