Podcasts about Ransomware

Active Scanning for Apache Vulnerabilities CVE-2021-41773 and 42013 https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/ Warranty Repairs and Non Removable Storage Risks https://isc.sans.edu/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/ Crypto Wallet Compromised on OpenSea NFT Marketplace https://blog.checkpoint.com/2021/10/13/check-point-software-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/ $5.2 Billion worth of Bitcoin Transactions Linked to Ransomware https://www.fincen.gov/sites/default/files/shared/Financial%20Trend%20Analysis_Ransomeware%20508%20FINAL.pdf

Guest Michael DeBolt, Chief Intelligence Officer from Intel471, joins Dave Bittner to discuss their work on "How Groove Gang is shaking up the Ransomware-as-a-Service market to empower affiliates." McAfee Enterprise ATR believes, with high confidence, that the Groove gang is associated with the Babuk gang, either as a former affiliate or subgroup. These cybercriminals are happy to put aside previous Ransomware-as-a-Service hierarchies to focus on the ill-gotten gains to be made from controlling victim's networks, rather than the previous approach which prioritized control of the ransomware itself. The research can be found here: How Groove Gang is shaking up the Ransomware-as-a-Service market to empower affiliates

Guest Michael DeBolt, Chief Intelligence Officer from Intel471, joins Dave Bittner to discuss their work on "How Groove Gang is shaking up the Ransomware-as-a-Service market to empower affiliates." McAfee Enterprise ATR believes, with high confidence, that the Groove gang is associated with the Babuk gang, either as a former affiliate or subgroup. These cybercriminals are happy to put aside previous Ransomware-as-a-Service hierarchies to focus on the ill-gotten gains to be made from controlling victim's networks, rather than the previous approach which prioritized control of the ransomware itself. The research can be found here: How Groove Gang is shaking up the Ransomware-as-a-Service market to empower affiliates

Preventing ransomware attacks when the cyber criminals are already in your network Analysis of the BlackByte ransomware Acer launches antimicrobial PCs Pentagon official resigns because US AI can't compete with China Active Directory security using choke-point analysis Raj Krishna, VP of Strategy & Planning for Cisco Meraki talks SASE solutions and how network security is evolving. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Raj Krishna Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Melissa.com/twit CrowdStrike.com/twit nureva.com/twit

Preventing ransomware attacks when the cyber criminals are already in your network Analysis of the BlackByte ransomware Acer launches antimicrobial PCs Pentagon official resigns because US AI can't compete with China Active Directory security using choke-point analysis Raj Krishna, VP of Strategy & Planning for Cisco Meraki talks SASE solutions and how network security is evolving. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Raj Krishna Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Melissa.com/twit CrowdStrike.com/twit nureva.com/twit

Preventing ransomware attacks when the cyber criminals are already in your network Analysis of the BlackByte ransomware Acer launches antimicrobial PCs Pentagon official resigns because US AI can't compete with China Active Directory security using choke-point analysis Raj Krishna, VP of Strategy & Planning for Cisco Meraki talks SASE solutions and how network security is evolving. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Raj Krishna Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Melissa.com/twit CrowdStrike.com/twit nureva.com/twit

Preventing ransomware attacks when the cyber criminals are already in your network Analysis of the BlackByte ransomware Acer launches antimicrobial PCs Pentagon official resigns because US AI can't compete with China Active Directory security using choke-point analysis Raj Krishna, VP of Strategy & Planning for Cisco Meraki talks SASE solutions and how network security is evolving. Hosts: Louis Maresca, Brian Chee, and Curt Franklin Guest: Raj Krishna Download or subscribe to this show at https://twit.tv/shows/this-week-in-enterprise-tech. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Sponsors: Melissa.com/twit CrowdStrike.com/twit nureva.com/twit

Wir finden Spinnen ok, denn sie fressen Mücken. Wer das anders sieht und nur schon beim Anblick einer Spinne Panik kriegt, kann seine Angst nun selbst therapieren mit einer App der Uni Basel. Darüber sprechen wir. Und auch mal wieder über Ransomware-und andere Cyber-Attacken. Der ganze Podcast im Überblick: (00:02:15) Attacken auf Gemeinden (Montreux) und KMUs (00:07:24) Schpinnele okay dank «Phobys» (00:16:01) Guido und die Guerilla (Lets Play: «Far Cry 6») (00:22:27) Supply-Chain-Attacken: Gespräch mit Chris Kubecka (00:47:46) Ausblick: Selbstfahrende Autos

Roger Grimes is an industry expert and the Data Driven Defense Evangelist for KnowBe4. In this episode, Roger shares more with us about his new book "Ransomware Protection Playbook," how he thinks there's more we can do to prevent breaches, what the future of ransomware looks like, and more. KnowBe4 is the world's first and largest New-school security awareness training and simulated phishing platform that helps you manage the ongoing problem of social engineering. To learn more about our sponsor, KnowBe4, visit https://knowbe4.com

Data breach extortion seems to be an emerging criminal trend. Notes on a darknet market's retirement. Verizon advises Visible users to look to their credentials. Windows users' attention is drawn to seven potentially serious vulnerabilities (all patchable). The Necro botnet is installing Monero cryptojackers. Organizing an international response to ransomware. Carole Theriault shares thoughts on social engineering. Dinah Davis from Arctic Wolf on the supply chain attack framework. And a quick look at the state of cyber risk in higher education. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/198

In this episode, Managing Partner of XPAN Law Partners, Rebecca Rakoski, and Senior Account Manager at Contango IT, Schellie Percudani, talk about cybersecurity, especially for small businesses. Today, Rebecca and Schellie talk about business privacy and security practices, cost-effective steps that you can take to protect your business, and the importance of cybersecurity insurance. Why do small businesses have to worry about cybersecurity? Hear about ransomware attacks and how to react to them, data privacy laws and how they impact your business, and the value of hiring lawyers, all on today's episode of The Healthy, Wealthy & Smart Podcast.   Key Takeaways “What we all have in common between the small businesses and the large businesses is we're all human.” “You're only as good as your last backup.” “You can't have privacy without security.” “You definitely don't want to be fudging any kind of information. You definitely want transparency.” There are four basic things that you can do as a business owner: enable multi-factor authentication, provide security awareness training, monitor and patch your systems, and enable software and hardware encryption. “Encryption is your Get Out Of Jail Free card in most jurisdictions.” “60% of small businesses will go out of business within 6 months of a data breach without liability insurance.” “The first thing that businesses need to do is take a proactive posture.” “If you look at data breaches, if it's not caused by an employee in the company, it's caused by an employee at one of their vendors.” “Make sure you put yourself in a legally defensible position.”   More About Schellie Percudani Schellie is a Senior Account Manager at Contango IT located in Midtown, Manhattan. With 75 people, Contango IT services their clients through 4 key areas of technology. IT Service/Support - We offer unlimited onsite and remote support for all covered users and devices with up to 60-90 second response time. In that same fixed monthly price, we also include asset management, budgeting breakdowns, disaster recovery planning, compliance requirement review and planning, technology road mapping, and a lot more. IT Infrastructure / Cabling - Moving offices? Contango IT handles the technology side of the move through Cabling and IT setup. Cybersecurity - 45 people strictly in Cybersecurity keeps Contango IT on top of the biggest buzz In technology. Risk? Compliance? Reach out, looking to help in any way possible. Even if it is just second opinion or advice. Custom Programming - Front-end or Back-end development, Android, iOS, Web-based and much more. Winners of the Microsoft Best Use of Technology Award and the NYU Stern New Venture Competition Any technology questions, reach out! With hundreds of clients over 4 services, Contango IT has seen it before.   More About Rebecca Rakoski Rebecca L. Rakoski is the managing partner at XPAN Law Partners. Rebecca counsels and defends public and private corporations, and their boards, during data breaches and responds to state/federal regulatory compliance and enforcement actions. As an experienced litigator, Rebecca has handled hundreds of matters in state and federal courts. Rebecca skilfully manages the intersection of state, federal, and international regulations that affect the transfer, storage, and collection of data to aggressively mitigate her client's litigation risks. Rebecca is on the Board of Governors for Temple University Health Systems, and an adjunct professor at Drexel University's Thomas R. Kline School of Law and Rowan University.   Suggested Keywords Healthy, Wealthy, Smart, Cybersecurity, Small Business, Privacy, Security, IT, Insurance, Legal, Hacking, Ransomware, Malware, Data, Technology, Data Breaches, Encryption   To learn more, follow Schellie and Rebecca at: Website:          https://www.contangoit.com                         https://xpanlawpartners.com Twitter:            @XPANLawPartners                         @RRakoskiesq Instagram:       @schellie00 LinkedIn:         Schellie Percudani                         Rebecca Rakoski, Esq.   Subscribe to Healthy, Wealthy & Smart: Website:                      https://podcast.healthywealthysmart.com Apple Podcasts:          https://podcasts.apple.com/us/podcast/healthy-wealthy-smart/id532717264 Spotify:                        https://open.spotify.com/show/6ELmKwE4mSZXBB8TiQvp73 SoundCloud:               https://soundcloud.com/healthywealthysmart Stitcher:                       https://www.stitcher.com/show/healthy-wealthy-smart iHeart Radio:               https://www.iheart.com/podcast/263-healthy-wealthy-smart-27628927   Read the Full Transcript Here:  00:02 Hello, Rebecca and Shelly, welcome to the podcast. I'm very excited to have you on to talk all about cybersecurity. So welcome, welcome.   00:13 Thank you for having us.   00:14 Yes, thank you. And   00:16 so this cybersecurity this for me as a small business owner, is brand new to me. Although it probably shouldn't be, but it is, but that's why we're talking about it today. But before we get into it, can you guys give a little bit more detail about yourself and what you do so if the listeners understand why I'm talking to you guys today?   00:41 So I, Rebecca McCroskey, I'm a co founder and managing partner of x Pam law partners, we're a boutique cybersecurity and domestic and international data privacy law firm, which is a really fancy way of saying we help organizations with their cybersecurity, and data privacy needs, right? I have been a practicing attorney for almost four years. I hate to admit that sometimes I'm like, I'm dating myself. But what's great is we really help businesses, small startups, all the way that big multinational corporations because right now businesses are it's, it's really a brave new world that we're facing today. And businesses are getting attacked literally from all different sides. And so we started x pant to really help businesses understand what their legal obligations are, and what their legal liabilities are. And I tell my clients, my job is to avoid those problems for you, or do my best or put you in the best position to address them if and when it becomes an issue. So that's   01:48 what I do in a nutshell. Great, thanks, Shelly. How about you?   01:53 Yes, my name is Shelly perky. Donnie, I am an account manager with contango it and we help businesses and our end organizations if I could speak, we help them manage their day to day it to help build a strong security posture. We also help them with cybersecurity, we have 45 people strictly in cybersecurity, we have 25 penetration testers, eight ethical hackers. So we have a strong, you know, posture to help businesses build a posture so that they at the end, I wouldn't say that they're not going to be attacked, but they are prepared for anything that could happen. And so we help them with that. Got it.   02:43 Well, thank you both for being here to talk about this, because we are seeing more and more things in the news lately about ransomware and cyber attacks. And so oftentimes, we think of that as only happening to the big businesses, right? So why should small businesses, which a lot of listeners that listen to this podcast, are entrepreneurs or small business owners? Why should we have to worry about this?   03:10 So, you know, from a legal perspective, obviously, anybody who's ever come into contact with the legal system knows, it's not just for large businesses. So from a legal perspective, you're going to be subjected to liability from your people who whose information you're collecting, call them data subjects, you can, you're going to have contractual obligations with your vendors and third parties that you use and share data with. So put that and then just put that aside for a moment, then you also have small businesses have a reputation. And in the small business community, I am myself a small business, I'm a small law firm, Chief law firm. And you know, your reputation is everything. And so part of your reputation nowadays is how you're handling security and privacy. What are you doing the data. And so it's really important for small businesses to realize it's not just the big guys, we hear about them in the news, the colonial pipelines and the JPS foods and the Equifax is of the world. What you don't know is that every single day law firms like mine are getting a call from small businesses going help. We just clicked on a bad link, we just got ransomware, what do we do? And that happens all the time. It really you hear about the big guys, but it's the little guys that are really, you know, bearing the brunt of it, I think.   04:32 Now, I would agree. And what we all have in common between the small businesses and the large businesses is we're all human. And like Rebecca said, it's human error. Somebody clicked on an email, and they didn't know you know, they weren't trained. Hey, this is a spoofing and phishing email. This is what they look like, this is what you need to look for. And so that's where we come in, and it's we're all human and we all make mistakes. It's just no Like, you know, you this is what to look out for.   05:04 Got it. And so what are some of the issues facing businesses today, when it comes to cybersecurity?   05:12 What ransomware is obviously one of the biggest issues, right. And for your listeners who don't know what ransomware is, it is, what happens is somebody clicks on a bad link, download the bad, you know, attachment to a file, and the ransomware is downloaded to the system. Depending on how sophisticated the hackers are, they can either deploy it immediately, which means your system starts to, they start to encrypt your files, or it can be that they sit in there and wait for Oh, I don't know, the most inopportune moment that your business has. And then they deploy the ransomware. I've had clients where they deploy ransomware, or they first delete backups before they deploy the ransomware to really add insult to injury there. So but so that's one of the big things and then the your entire system gets encrypted and you can't unencrypted it without the encryption key which you then have to pay for the ransom part of it. And, you know, we hear about the big ransoms, again, the 4.4 million from colonial the 11 million from JBS. But you know, I was speaking with a colleague the other day, and a law firm got ransomware for $50,000. Now, that's a lot to a small business, it's a lot to any business, but they try to make it it's almost like it's commercials with what they think that they can afford and pay and so that they'll pay because they want you to pay the ransom. So that's I think, I think that's probably the   06:35 number one I would say so too. And then you now you're on their list, because you've paid your   06:41 SIR now. Wow, they paid   06:44 from now you're on a list of this hacker of like, Well, you know, was easy to get in before. Yeah. So let's see how we can get in again.   06:55 Right? Oh, my goodness. Hang in and you know Rebecca's right.   06:59 And that's where you know, also patching and monitoring your systems having a good strong it. posture is important. Because they see that stuff, they see little inklings of, Oh, well, something's going on here. somebody's trying to get in, you know, so they can see that. And you know, you're only as good as your last backup, and where is your backup being stored? And you know, is that in a secure location? Because if not, guess what? It doesn't matter. Because your information is gone.   07:33 Oh, my gosh, yeah, that makes so much more sense. Now, even just explaining what ransomware is. I didn't realize so they hold the encryption key ransom. And that's what you're paying for.   07:46 Correct you in order to get your data back, you have to pay to get the encryption key. And people think Well, okay, so I'll pay the ransom. And I'll get the encryption. I'll get the encryption key. And it's like, like magic? Yeah. You do, to some extent, although there used to be honor amongst thieves. It's not always the case anymore. No. But the other thing is to keep in mind encryption is not perfect. So you're not going to get it back exactly the way it was before. And a lot of laws have been changed now. So the fact that you were ransomware, it is in and of itself, a reportable event for a data breach. So that's another aspect to it. I mean, we're talking more about the technical aspects with the ransomware. But this is the other part where you know, I always say like, ransomware is like three explosions. The first one, oh, my God, my computer has exploded, but yeah, my computer's, what do I do? And then the second one, which is how are we going to, you know, get back up and running. And then the third is really the legal liability that flows from it and holding it together.   08:55 Also to I mean, Rebecca, are you finding that now, too, they're not only holding it, they're selling the data? Yeah. So they're still older data copied it, they're giving you back access to it, but now they're gonna sell it?   09:12 Yes. So what it comes down to is yes,   09:15 there's a lot to do. At that point to now you've got to tell your clients, hey, I've been   09:23 hacked. And that's where that whole reputation part comes in, you know, where you're, you know, these are people who are interesting information to you data. You know, I mean, as a law firm, we obviously hold our clients data. But you know, if you're a business, you could be holding personal information of your clients and business partners. You could be holding sensitive data on your employees or social security, financial information, information about their beneficiaries, which could be kids and things like that. So it really is a problem that just expands exponentially. It's a rabbit Well, I guess you're falling down that rabbit hole for a while.   10:04 You're like Alice in Wonderland.   10:07 Right? Oh, my gosh. Well, now you mentioned Rebecca about laws? And does that? Could you talk a little bit more about like certain data privacy laws and how that works? And if you're a small business, what does that mean?   10:24 Sure, so different. So there are two sets of laws that you need to really be businesses need to be concerned about, right. So one of them are your your data breach notification laws, which won't really be triggered unless and until there is a data breach, there are 50 states, there are 50 different laws, it's super fun for businesses who have to deal with us, then you have data privacy laws, and because nobody can seem to get their act together to come up with a federal law, we are stuck with, again, a patchwork of laws. So different states have passed different laws. And that is in and around a data subjects rights, about the data that's being collected about from them. So for example, California has a law, Virginia passed the law, Colorado passed a law recently, I know there's a proposed one in New Jersey in New York, Pennsylvania, Texas. So you name the state, and it's probably considering Washington State has tried to have made several passes into data privacy law. And what's interesting about this privacy laws is it they're usually, there's usually a threshold, sometimes small businesses will meet that threshold, but you need to understand that and it's all about the data that you're collecting. So the data you're collecting is going to trigger or not trigger requirements under some of these laws. That same data is the attractive nuisance, if you will, to the hacker they want to, they want to so you know, I always say you can't have privacy without security. So they really do go hand in glove.   12:00 What would be like an app if you know this at the top of your head, but an example of data privacy law from one of those states that has them on the books like what would be an example.   12:13 So California has the California consumer Privacy Act, the ccpa, which was amended in November, when the good citizens of California had a ballot initiative to pass the California Privacy Rights Act or the cpra. And those types of so in and around that you have different rights, the right to deletion, the right to correction, or right to a ratio of three, you know, the right to be forgotten is what's commonly known as, or just some of the rights that you're entitled to. And so businesses that fall under the within the purview of the ccpa, which is in effect right now, the cpra, which will go into effect in 2023. And so if you are a data subject, and the business is is under those laws, you can, you know, say to the pay, I want to know what you're doing with my data, hey, I need you to correct or delete my data. And the business has a set statutory period of time to respond to that data subject Access Request. It's about transparency. So anybody who saw all those updated privacy policies online, that's all driven by privacy laws, there's one in Europe called the GDPR, the general data protection regulation. And it really is in and around transparency, and data collection, storage and sharing practices. So that's, I could go much deeper, but I don't want to put anyone to sleep as I talk about loss.   13:42 I think I think that's really helpful just so that people get an idea of like, well, I don't even know what that is, you know, and if you're a small business owner, you've got a million other things on your plate, because you probably don't have a dedicated IT department, you don't have a dedicated cybersecurity department, oftentimes, you're a solopreneur. Or maybe you have less than 10 employees, you know, so all of a sudden, all of this stuff has to come on to somebody. So I think just getting an awareness out there that it exists, is really important so that you can maybe look it up in your own individual state.   14:20 Yeah, and one thing I would say and I know that this is a problem amongst entrepreneurs and startup is within the startup community is that they think well, we can do this ourselves. We can like cut and paste the privacy policy online and somebody Shelley's laughing at me over here. But you know, the purpose of these laws is to provide information about what that business is doing with data. So if you're borrowing it from somebody else, you could be in trouble twice because you're now you're not accurately reflecting what your laws are, what you're doing with the data. And you've basically taken this information and maybe obligating yourself under other laws of regular So for people who are listening, I know nobody likes talking to lawyers. I swear we're not that bad. But hiring a dedicated privacy or security attorney who understands this is really important because you told what to, you know, have an Ono moment on top of it. Oh, no moment when you're you know,   15:19 exactly. You definitely were Rebecca Sade is absolutely correct. There are people that do that they try to manipulate it and do it themselves. What they don't realize is once you're hacked, it's not just, Oh, no, they've got my information. Now I have to pay this ransomware. But guess what, oh, if you weren't following those privacy acts, you're also gonna get fined on that data, too. So you definitely don't want to be fudging any kind of information. You definitely want transparency.   15:47 Yeah. So hire lawyer. I'm a big fan of lawyers. I hire lawyers for for everything, because I don't I'm not a lawyer. I don't know how to do any of it. And I want to make sure that I am protected. So I 100% get it. Now, what? So we're talking about the pitfalls of what could happen if you have a breach, or issues facing businesses. So what can businesses do to help with cyber security? What are some things we can have in place to give us some protection and peace of mind?   16:20 Well, I would like to answer that this is Shelley, I'm someone who's there for simple and very effective basics that you could do as a business owner. And they're very cost effective. In fact, you know, you already have some of them in hand, as far as like Microsoft Office 365, all you have to do is enable your multiple factor authentication, that's a huge one, it's like leaving your light on in your house, if you're going out to dinner, they're gonna move on to the next house, because you have that layer of protection. And then, you know, security awareness training, educating your employees, educating yourself a lot of spoofing and phishing email looks like, that's huge that you know, it, it makes them aware. And that also, you know, it shows your employees that you're protecting them, you're protecting your clients, you know, it shows stability. And then also, you know, monitoring and patching your systems, you know, making sure that someone has an eye on what's going on. I'm looking for those little ticks that someone may be trying to get into your system, because a lot of people that you can have websites, you can tell by is your website going slower, that's usually a sign that someone might be trying to hack into your system. You know, so it's little things like that. And then also, you know, software and hardware encryption, that's a huge one. A lot of people, I know we have all our devices, it's our fingerprint or face that opens it. But if your hardware is not encrypted, they could just steal your laptop, pull out the hard drive, plug it in somewhere else, and guess what the data is theirs. And it's just the simple things that can help a business.   18:10 Yeah, so So to recap, the multiple factor identification that I get, and I do security awareness training, what what are these emails look like? What not to click on? monitoring and patching systems? So when you say patching systems, what exactly does that mean?   18:27 Well, that's where someone is patching in and they're, you know, they're making sure that your system is secure. And it's going somewhere in that secure like firewall, everything like that. So that is exactly   18:39 the basic there. There are systems like so for example, the Equifax data breach was a vulnerability in an Apache struts operating system. And when they found this vulnerability, it was it was a problem. People write code, people make mistakes, you need to fix it. Once they discovered the problem. They went, they were like, Oh, you need to apply this patch. It basically fixes the code. Well, if you don't apply the patch, if you don't have somebody who can help you do that you're not you're leaving your back door   19:11 open or even Yeah, or even like software, like it needs to be updated. So they're patching and updating, they're constantly monitoring, updating any software so like have you ever had where your phone doesn't work and because you haven't upgraded your system? Well that's kind of like it is for monitoring and patching. They make sure that everything is up to date everything is to code   19:34 right because if you're not patching and updating like Shelly said, you can actually leave a hole Yeah, and you're not the it's a lot easier for them to get in because you would not that system isn't being supported anymore by the Microsoft's or the Googles because they've moved on. You got to move on with them. Otherwise, you're you're gonna have a problem.   19:52 Got it. Got it. Okay, that makes a lot more sense.   19:55 They could do that themselves. Like oh, I can do this. I can do this. But as they're growing Their business, they don't have time to focus on that. And that's how little cracks happen.   20:04 Got it? Okay, that makes a lot of sense. And number four was making sure that your software and your hardware was encrypted. Right? And does that. I mean, this might be a stupid question. But does it come that way?   20:19 No, that's not a stupid question. I mean, a lot of us think that because, you know, I mean, we're on a computer right now that if I shut it and locked it, I opened it again, I could put my finger on it, it would open it, I wouldn't have to type my password in. But if my hard drive wasn't encrypted, didn't have that same protection on it, where someone could steal it, and then just pull out the hard drive, because these people are very talented, plug in the hard drive. So you need to make sure that your hard drive has that same protection with your fingerprint of code that, you know that if they would have to, they wouldn't plug it in somewhere else, they're gonna have to know that code, because it's not going to work.   21:06 Keep in mind, too, that encryption, like we're always talking about is, in most jurisdictions, if you have an encrypted hard drive, if even if they get it, they can't access it. It's not a data breach. So I like to say encryption is your get out of jail free card in most jurisdictions, okay. There are 50 of them. There's a lot, but in most of them, that's your get out of jail free card. So it's one of the biggest, that multifactor I guess, are probably two of the biggest bang for your buck. There they are. And how do you   21:37 know if your software and hardware is in is encrypted? Again, perhaps another silly question, but I just don't know.   21:43 So first of all, I don't encrypt my own hard drive. I know a lot about technology. But I, you know, I don't go to my dentist for brain surgery. professionals, who are IT professionals, like Shelley's company, and I say, here, encrypt my hard drive, and they take care of it for you. So having it's really important   22:06 night. Yeah, I can. And does that literally mean you hand your computer over to someone and say, encrypt my hard drive? Not necessarily No, no, okay.   22:16 No, no, no, a lot of times what you know, like our text can do, they can come in, they can work in remotely in and you know, just like when they have when we monitor and patch, they do it remotely. You know, if you don't even know what's going on. It's just and it shouldn't, it shouldn't interrupt your day, it should then to wreck your workflow. It should be seamless. And usually, you know, it's something that, you know, our techs are very, you know, highly educated, I love text, I always think, Oh, my gosh, what they do is so cool, because they can just, they can fix everything, and they just go in and they're they're magicians.   22:56 Got it? Got it. Okay, how it should be you.   22:59 I mean, a lot of times, and this is true, too. I think Rebecca, a lot of rules now are making sure that you actually have a credible IT team. Because if you don't, you can now get fined. Or   23:14 Yeah, there are different laws where you can if you're not doing the things you're supposed to be doing, if you're not monitoring if you don't have your asset, you know, management, those kinds of things. I mean, one of the classic examples of that is is HIPAA. Now they don't say you have to have it on teaching but they do say you have to encrypt your heart you know, encryption, or they say you show it or they say you have to monitor monitor your devices and let's face facts, do you want to be I don't want to be monitoring my devices, I want my IT guys or gals to be monitoring my devices, I want to be practicing law. So that's the beauty of it is that it's it's Charlie says it's running seamlessly in the background, and you're doing what you should be doing much with running   23:55 your business. Got it? All right. Now let's move on to so let's say you have all of this in place. You've done your basics for cybersecurity. Do you have to have cyber security insurance? Or can you just say, Well, I did all this. So what do I need the insurance for? No,   24:15 that's like driving around without your seatbelt on. Like, you know, I, I frequently wanted to ram the car in front of me, but I don't I don't do that. So cyber insurance. When I will tell you this as when I started my own law firm. The first thing I bought was malpractice insurance. The second thing I bought was cyber liability, a separate standalone cyber liability policy. They are getting more expensive, but for a small business depending on the data you're collecting, they can be very reasonable. But I sleep at night because I know that if something goes horribly wrong, it's there. All of the things you're doing. me that all The good cyber practices that Shelly and I have been talking about that just means they're going to cover you when the when the stuff hits the fan. Because if you're not doing all of that, you've probably told they've sent you a questionnaire with your cyber liability policy and you filled it out and you're like, Oh, do I have multi factor authentication? Oh sure. I encrypt my hard drive. If you lie to them, they don't cover you. But if you're doing all these good cyber practices, and you have insurance, it's you know that every single one of my clients first thing I ask, Where is your data? What is it doing? Where is your cyber liability policy? Those are the   25:35 those are the big three Yeah. Okay. To help you too, because how are you going to get that money out? Right, how do you get that money back? How do you recoup your business? I mean $50,000 is a lot Oh yeah. And you know, you're a small business and yeah, you you could take a hit you can take a loan but wouldn't it be better if somebody covered it for you it's kind of like you You get a car accident you know, it was like that rental car where your car is getting fixed. You would like to get a new car that new car smell   26:11 Yeah, cyber liability insurance is absolutely critical for small business every this statistic might be a little bit old, but I will pull it out anyway for just as an example 60% of small businesses will go out of business within six months of a data breach without live liability insurance. So that's an I know that statistic has gone up it's a it's a little stale, but I think that's about a year old and every year they put out new stats I just haven't brushed up on my statistics today. But   26:41 well that is true because as many business owners as I talked to in everything, you would not believe how many of them I've had friends that had successful businesses and everything was going great. They got hacked, and they just couldn't recoup the money that they need it breaks my heart because they never thought it would happen to them because they weren't trading money they weren't doing anything like that. It was just common goods like e commerce that they were just like, yeah, and then something happened.   27:09 I mean, I get a call at least once a week from a crime business person literally tears I don't know what am I going to do? I have a little bit of a policy or something. It's like a rider on my my general liability policy, but now it's going out because it runs out like that and so quick, and they're like now what do I do? I don't I don't have an answer for them. They're gonna have to you know, they have to pay for it out of pocket. A lot of them can't It is really heartbreaking.   27:37 Yeah. Oh my goodness. Well, so you know, we talked about some issues facing businesses today. basics for cybersecurity, the need for cybersecurity liability, which I am in the process of getting after speaking with Celli a couple of weeks ago, so I'm there I'm doing it I'm in. You don't have to I You don't have to tell me twice when it comes to important insurances, I will get it. So is there anything else that you guys wanted to let the listeners know when it comes to cybersecurity for their businesses?   28:14 Um, I think the first thing that businesses need to do is take a proactive posture. So doing the technical things that Shelley's talking about, shoring up some of their legal obligations, like I'm talking about with, you know, appropriate privacy policies, contract language and things like that. The other thing is, they have to also be aware of their vendors, which I think is another big issue facing organizations if you look at data breaches, it's not caused by an employee in the company it's caused by an employee at one of their vendors. And so you know, it's a big issue and so I would say that for all small businesses, all of the technical aspects and then make sure your your legal, you put yourself in a legally defensible position because unfortunately, these things are going to happen. And you want to make sure that you not just survive but thrive after after an event like this.   29:09 Yeah, and I agree with Rebecca, those are the key things that you need to do as a business owner, but it's also helping yourself to educate been growing your business and I know at times it can be scary because like, Oh my goodness, I got to talk to a lawyer. That's more money. Oh, I gotta have someone you know, outsource it person. When I've had my cousin, he knows computers, he knows everything. You know, everything's going but if you're looking to move your business to that next level, and you're looking to flourish, you really just like anything else, you need to make sure you understand and you are doing what is required of you to do to help your business flourish.   29:53 Got it. Well, this was great. I mean, hopefully people listening to this, it will set a match under them. To get them to really take a look at this in their business because like you said when you're a small business owner you've got a million things going on. But this is super important and I think something that people really need to focus on so I thank you for bringing this topic to me Shelly and for bringing Rebecca on because I think this is really great and I do hope that all the listeners out there will now start to take a better look at their businesses and are they protected Do they have the right things in place so thank you thank you now where can people find you? if they have questions? If God forbid they have a breach and they need a lawyer or they need someone to help do an IT assessment of their business so where can people find you? So   30:47 I obviously have a website expand law partners com Also you can follow us on Twitter and on LinkedIn please connect you can connect connect with me personally and my business we put out for small businesses out there who have a lot of questions we are constantly pushing out different topics raising issues bringing attention to different ones so please act x Pam law partners connect with us and hopefully will will provide you with some of that information that Shelley was talking about   31:23 excellent Shelly Go ahead.   31:24 You can reach me at contango it calm is our website I can also link in with me you know I love to meet new people and I always like to offer any kind of advice or second opinions I can help with if I if there's anyone I can point you into the direction to you know help your business I would love to do that.   31:46 Excellent. Shelley is a great super connector for sure. So definitely reach out to them now ladies one last question and I asked everyone this is knowing where you are now in your life in your career. What advice would you give to your younger self?   32:01 see somebody asked me this I'm gonna have to steal from my prior answer was start my law firm earlier. I wish I had done it earlier. I cherish the time I spent at a large law firm but I love what I do now. I love helping businesses so this I would do it earlier. So amazing. I would become an ethical hacker. Love that. I want to change my answer. That's a great answer. I love it.   32:35 I love it. Well, ladies, thank you so much for coming on the podcast sharing all this vitally important information. I do appreciate it. Thank you so much for having us. Pleasure and everyone. Thank you for listening. Reach out to these ladies if you are a small business because you may need some cyber help. Thank you for listening, have a great couple of days and stay healthy, wealthy and smart.

It's the spookiest time of the year – Cybersecurity Awareness Month! For the Season 3 premier, host Ed McNamara explores the rising threat of ransomware supply chain attacks, the future of security and what conversations you need to be having, right now, to avoid being the next target. Featuring resident security expert, Michael Wilcox, the field Chief Information Security Officer at Stratascale. Discover more research and thought leadership from Michael and Stratascale at Stratascale.com/Insights.    This episode of Innovation Heroes is brought to you by Windows Autopilot. Unbox, log in, and take off with Window's Autopilot today. Visit SHI.com/WindowsAutopilot for more info. 

A Chinese-speaking APT is distributing the MysterySnail RAT in what appears to be a cyberespionage campaign. Some users still haven't patched vulnerable SolarWinds instances. Notes on yesterday's Patch Tuesday. The US-convened international ransomware conference kicked off today, and Russia wasn't invited. Former users of a criminal booter service get a stern warning letter from the Dutch police. Caleb Barlow reacts to a recent ransomware tragedy. Our guest is Rob Gurzeev of CyCognito on the security issues with subsidiaries. And a Florida woman is charged with altering aircraft records. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/197

Ransomware infections have been rampant in recent months. But typically, we hear more about the aftermath then what leads to a successful attack. In this episode we get the other angle. Sophos VP of Managed Threat Operations Mat Gangwer shares the multi-week story of an attack, from unpatched vulnerability to execution. The responsible ransomware cell? A new name on the scene called Atom Silo. Hear how they got in, what they did when they were there, and what steps to take to avoid a similar fate.Here's the full story of this attack: https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/In the news, we cover a couple of very high profile cyber incidents - the Facebook/Instagram/Whats App outage and the Twitch breach. Plus we discuss burnout among cybersecurity pros.See the headlines:Facebook apologizes for second outage in a week, services back uphttps://www.reuters.com/technology/instagram-feeds-not-loading-some-users-2021-10-08/10 Biggest Revelations from the Unprecedented Twitch Leakhttps://www.inverse.com/gaming/twitch-leak-hack-data-breach-streamer-payout-earningsYour cybersecurity team will face burnout, and you need to helphttps://venturebeat.com/2021/10/09/your-cybersecurity-team-will-face-burnout-and-you-need-to-help/Get info on all things network security through our blog, https://firewalls.com/blog.And please do reach out, as we want to hear from you. Suggest an episode topic, ask a question, or just say hi in a review, or by emailing podcast@firewalls.com. New episodes are normally released every other Wednesday, so subscribe/follow to ensure you get the latest first - and again, please rate and review.Thanks for listening!

Interview linksFollow Michael on Twitter @CyAlliancePrezLearn more about the Cyber Threat AllianceCheck out the Ransomware Task Force, which Michael co-chairsRead Jen's position piece on hack backRapid Rundown linksRead the full text of the Cyber Incident Reporting ActRefresh your memory on the SolarWinds data breachSee who's on the House Homeland Security Committee 

In this episode of the Futurum Tech Webcast, Cybersecurity Shorts series, analysts Shelly Kramer and Fred McClimans cover the goings on in the world of cybersecurity. This week's conversation includes the Facebook outage and (unrelated) claims of scraped data from 1.5 billion Facebook users available in a hacker forum, as well as a deep dive into the deets on the Twitch hack. They also covered the Syniverse hack that provided access to millions of text messages and customer information for a period of many years (and the impact on Syniverse's teleco customers), the Atos win of an R&D project with ESA, along with a new bill proposed by Senator Elizabeth Warren given victims of ransomware attacks 48 hours to report payments to their hackers. 

Show Notes Backup and Recovery in the Age of Ransomware Episode 67 Chris and special guest Vic Simon are joined by Fidel Michieli, Sr. Systems Engineer from Cohesity to talk backup and recovery. They discuss the history of backups and the changing philosophy around their importance. Data stewardship and data protection are at the heart of the Cohesity strategy, which is built around the NIST Cybersecurity framework. Each step of the framework is examined. Hosts Chris Hayner, Enterprise Solutions Architect, Anexinet Guests Fidel Torre Michieli, Sr. Systems Engineer – Sales, Cohesity Vic Simon, Infrastructure Presales Architect, Anexinet Audio Editor Dustin Karrat Music Credits lophiile : Preach djscoutmusic@gmail.com https://soundcloud.com/lophiile Twitter/Instagram: @lophiile About Us The Anexinet Infrastructure Modernization Podcast is a product of Anexinet. We use this platform to allow industry professionals and subject matter experts to discuss current trends and technology topics. If you have any questions please call us at (610)-239-8100, or email us at info@anexinet.com. We are online at https://anexinet.com.

Apple is going to produce 10 million less iPhones this year because of chip shortages. When Apple can't get chips you know it's bad. Also, Ransomware as a Service is a new weapon for the Cancel Culture. Are there any deterrents for this?

Teheran is running password spraying attacks (especially on Thursdays and Sundays). More on the renewed popularity of DDoS attacks. NCSC warns British businesses against ransomware. Two journalists win the Nobel Peace Prize. Joe Carrigan shares his thoughts on GriftHorse. Our guest is Bindu Sundaresan from AT&T Cybersecurity football season and cyber risks. And watch out for small data cards in your peanut butter sandwiches, kids. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/196

Ransomware attacks, brain interfaces and power grid fluctuations + this day in history w/the end of the Salem Witch Trials and our song of the day by Massive Ego on your Morning Monarchy for October 12, 2021.

The Ransomware Minute is a rundown of the latest ransomware attacks & news, brought to you by CyberArk. Listen to the podcast weekly and read it daily at https://ransomwareminute.com • CyberArk is the global leader in Identity Security. Centered on privileged access management, CyberArk provides the most comprehensive security offering for any identity – human or machine. To learn more about our sponsor CyberArk, visit https://cyberark.com

Ivan Pittaluga, CTO at Arcserve provides his view and details on filesystem theory, why you should understand the metadata of very large filesystems especially Network Accessible Filesystems, and a few nuggets of using tape and immutable storage.

On this week's Phishy Business, we're joined by Bruce McCully, Chief Security Officer at Galactic Advisors, cyber security consultancy, and author of multiple books. We discuss the importance of story-telling in cyber security, why MSPs (Managed Service Providers) have a target on their backs when it comes to ransomware, the vital importance of having properly set up back-ups in place and how Bruce is achieving his goal of helping a million people. In ‘How to ‘level up' ransomware protection and the curious case of the $55,000 ransom', we discuss: How storytelling when warning on the dangers of cyber threats is important No matter how small or ‘uninteresting' you think your business is, it is a target for cyber criminals Why MSPs are particularly targeted when it comes to ransomware Why anyone would target hospitals in cyber attacks The, perhaps unsexy, but critical importance of having proper data back-ups in place About Phishy Business Fed up with the same old cybersecurity stories? Come with us on a journey that explores the lesser-known side. Whether it's social engineering, taking criminals to court or the journalists hunting down hackers — our new podcast series, Phishy Business, looks for new ways to think about cybersecurity. Mimecast's very own Brian Pinnock and Alice Jeffery are joined by guests from a range of unique security specialisms. Each episode explores tales of risk, reward and just a dash of ridiculousness to learn how we can all improve in the fight to stay safe. For more tales of risk, reward and ridiculousness, subscribe to Phishy Business on iTunes, Spotify, Anchor or wherever you get your podcasts. www.mimecast.com

As we approach the next Security Field Day event, do data protection solutions actually solve the problem of ransomware? Find out here. © Gestalt IT, LLC for Gestalt IT: Data Protection Software Doesn't Solve Ransomware Issues

Matt Warner, Blumira CTO and Co-Founder, talks ransomware investigations.

First in a two-part series for Cybersecurity Awareness Month: Ransomware became a household word earlier this year when the Colonial Pipeline, a major fuel delivery source on the East Coast, was shut down for several days after hackers attacked the company's billing system. These highly disruptive and costly network intrusions are on the rise in the United States and globally, and businesses across the spectrum are being targeted. How can electric cooperatives avoid becoming victims of this sophisticated malware? And what should they do if they are attacked? To answer those and other questions, we're joined by Ryan Newlon, NRECA's principal for cybersecurity solutions, and Dave Eisenreich, a special agent with the FBI in the Cyber Division and that group's liaison to the energy sector. Stay tuned next week for more on cybersecurity from Along Those Lines.

Welcome to this week's episode of the PEBCAK Podcast!  We've got three amazing stories this week so sit back, relax, and keep being awesome!  Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”

This week on the Blue Security Podcast, Adam and Andy talk about planning to be a victim of ransomware. This is a mindset shift. Instead of focusing on prevention, cybersecurity defenders should plan and practice how to mitigate the damage against a ransomware attack. ------------------------------------------- Youtube Video Link: https://youtu.be/MOq2KhhCjAI ------------------------------------------- Documentation: https://www.darkreading.com/vulnerabilities-threats/you-re-going-to-be-the-victim-of-a-ransomware-attack ------------------------------------------- Contact Us: Website: http://bluesecuritypod.com Twitter: https://twitter.com/bluesecuritypod Instagram: https://www.instagram.com/bluesecuritypodcast/ Facebook: https://www.facebook.com/bluesecpod ------------------------------------------- Andy Jaw Twitter: https://twitter.com/ajawzero LinkedIn: https://www.linkedin.com/in/andyjaw/ Email: andy@bluesecuritypod.com ------------------------------------------- Adam Brewer Twitter: https://twitter.com/ajbrewer LinkedIn: https://www.linkedin.com/in/adamjbrewer/ Email: adam@bluesecuritypod.com --- Send in a voice message: https://anchor.fm/blue-security-podcast/message

There were more ransomware attacks in the first half of 2021 than in all of 2020, and attacks are up 185% year over year in the U.S. alone, per recent research.To make matters worse, not only is the upsurge in ransomware attacks likely to continue, but businesses are also much more susceptible than they realize. Fortunately, they can do something about it. In this episode of IT Availability Now, Shawn Burke, Global Chief Security Officer at Sungard Availability Services (Sungard AS), and Shannon Davis, Global Partner Security Expert at Alert Logic, examine preventive measures organizations can take to combat this growing threat. Listen to the full episode to learn:●        The most vital technology components every company needs in its security program●        The importance of managed detection and response (MDR), how it gives businesses a complete 360-degree view of their security landscape and what it requires to be effective●        How a strong incident response plan can minimize disruption●        How Sungard AS' new advanced security solutions powered by Alert Logic will allow businesses to take a more proactive approach to cybersecurityBrian Fawcett is a Senior Manager of Global Sales Engagement at Sungard AS. With over 15 years of experience in a range of industries, he specializes in forming enterprise-wide global talent and learning development programs. Brian has enriched corporate learning culture by matching organizational vision and core values to curricula, leading to application and impact.As Sungard AS' Global Chief Security Officer, Shawn Burke is responsible for security governance across the enterprise and real-time protection of the company's global infrastructure. With 17 years of service provider-oriented expertise, Shawn advises on infrastructure evolution and product direction. His core responsibilities include overseeing security strategy, compliance, physical and cyber security, policy, and operations support.Shannon Davis is a Global Partner Security Expert at Alert Logic.As a security expert, he regularly consults with customers and prospects to increase awareness of the current threat landscape and the security solutions and best practices available to protect from and respond to threats. As a partner enablement leader, he is focused on developing and investing in strategic relationships that allow those concepts and conversations to scale globally across a network of Alert Logic partners. Listen and subscribe to IT Availability Now on Apple Podcasts, Spotify, Google Podcasts, Podchaser, deezer, Podcast Addict, Listen Notes, and more.

We are from the first (or last) people to say this, but 2021 is the year of ransomware. It's by far the biggest story on the security landscape right now. And everything from oil pipelines, to grain co-ops, to hospitals and schools have been targeted by ransomware this year. Azim Khodjibaev joins the show for National Cybersecurity Awareness Month to wrap up everything we've seen on the ransomware landscape this year. Azim reflects on his interview with a LockBit operator, the research he's done into “double extortion campaigns,” and discusses the lessons defenders can learn from the past 10 months.

Yesterday I was happy to host John Gaede CIO for Sky Lakes Medical Center and Dr. Lee Milligan the CIO for Asante Health system (community connect host for Sky Lakes) as they discussed the Sky Lakes Medical Center ransomware event from last fall. It was a great conversation. I decided to give you some of my thoughts as I reflected on the conversation. If you register for the event you will get a link to the full video recording plus we will share a memorandum of understanding that was developed for ensuring a safe re-connection between these two community connect partners. Register at https://www.thisweekhealth.com/register (https://www.thisweekhealth.com/register) #healthcare #healthIT #cybersecurity #cio #cmio #ciso #chime #himss

Mai menü:Ransomware... fel vagyunk rá készülve? A cégek vezetése fel van rá készülve?Apple AirTag mint tömegpusztító fegyver0day folyik a csapból is idén2FA kódokat lopó botokÚj OWASP top 10 van!Elérhetőségeink:TelegramTwitterInstagramFacebookMail: info@hackeslangos.show

Episode 79: Understanding Ransomware Vanessa is joined by Brian Kirk, director of cybersecurity for Elliott Davis, LLC, a Southeast-based accounting and consulting firm. The subject is ransomware, specifically ransomware, as it impacts small businesses. Ransomware attacks on companies with 100 or fewer employees get little publicity, says Vanessa, and most small business owners underestimate the danger. Brian explains that fully half of the ransomware attacks are against small companies. Brian and Vanessa make the following additional points: • Small business owners should not assume their managed IT service providers will protect them from ransomware attacks or give assistance if attacks occur. • Small businesses are strongly advised to set up offsite data backups, implement audit logging, purchase cyber insurance, and devise an incident response plan. • Obscurity does not equal security. Cybercriminals are proficient at finding vulnerable companies, even ones with few employees and a low profile. Vanessa also points out that small businesses provide most jobs in America and make up the supply chain for the Fortune 500 companies. Brian shares the bizarre story of a doctor's office that was hacked and—after paying the ransom—was coached on how to recover its files by a help desk person working for the hacker. [LINKS MENTIONED] Disaster Recovery Journal: Register for DRJ's weekly (Wednesday) webinar series at https://drj.com/webinars/up-coming/ Register for DRJ Fall 2021: A Virtual Experience at https://drj.com/fall2021/virtual/ Asfalis Advisors: https://www.asfalisadvisors.com Apply to be a guest on the podcast: https://www.asfalisadvisors.com/decoded/ Download the 5 Step Crisis Strategy: https://www.asfalisadvisors.com/services/ Request Vanessa Mathews as a Speaker: https://bit.ly/VanessaMathews Connect with the podcast! • Email us at podcast@drj.com • Podcast Website: https://drj.com/decoded/ • Twitter: https://twitter.com/BRDecoded • LinkedIn: https://www.linkedin.com/showcase/business-resilience-decoded/ Brian Kirk, guest Brian Kirk is the director of cybersecurity at Elliott Davis, LLC. Based in Greenville, South Carolina, he has worked in the information security field for 11 years and in IT for a total of 29 years. He was formerly the head of information security for a Fortune 500 engineering and construction firm and is a graduate of Clemson University. • Elliott Davis, LLC: https://www.elliottdavis.com/professionals/brian-kirk/ • LinkedIn: https://www.linkedin.com/in/brianekirk Vanessa Mathews, host Vanessa Mathews is the founder and chief resilience officer of Asfalis Advisors, where they are focused on protecting the legacy of the leaders they serve through business resilience. Before becoming an entrepreneur, Mathews developed global crisis management and business continuity programs for government and private sector organizations to include Lowe's Companies, Gulfstream Aerospace, and the Department of Homeland Security. • LinkedIn: https://www.linkedin.com/in/vanessa-vaughn-mathews-mba-cbcp-70916b4b/ • Book Mathews as a speaker: https://www.asfalisadvisors.com/public-speaking/ • Asfalis Advisors: https://www.asfalisadvisors.com/ Jon Seals, producer Jon Seals is the editor in chief at Disaster Recovery Journal, the leading magazine/event in business continuity. Seals is an award-winning journalist with a background in publication design, business media, content management, sports journalism, social media, and podcasting. • LinkedIn: https://www.linkedin.com/in/jonseals/ • Disaster Recovery Journal: https://drj.com/

On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss how the UK and the U.S. are planning to increase their efforts to tackle cyber crime, ransomware being blamed in court for the death of a baby, and the arrests of some ransomware criminals in Ukraine. Also, the Conti ransomware gang makes some threats, evidence of the Pegasus spyware allegedly found on the phones of French cabinet ministers, and an interesting targeted phishing campaign.

Twitch is breached. A newly discovered Iranian threat group is described. A Chinese cyberespionage campaign in India proceeds by phishing. SafeMoon alt-coin is trendy phishbait in criminal circles. As the US prepares to convene an anti-ransomware conference, Russian gangs show no signs of slacking off. Betsy Carmelite from BAH on AI/ ML in cyber defensive operations. Our guest is Adam Flatley of Redacted with recommendations from the Ransomware Task Force. And observations on what counts as compromising material. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/193

This Week on Privacy Please: Breaking News, we cover a story on a coordinated effort by law enforcement agencies that are viewed as a good sign, but security analysts fear this is just the tip of the iceberg.Article: https://www.darkreading.com/threat-intelligence/law-enforcement-agencies-seize-375k-in-ukraine-ransomware-bust - Contributing Writer: Steve Zurier***Give us your feedback, send in email questions, and please leave a review on iTunes or wherever you get your podcast to help us reach more people like you! 

With the first recorded death from a Ransomware attack during the Pandemic, it's time to take medical device security seriously. Dan Purvis, CEO at Velentium, joins Business Security Weekly to discuss the challenges of embedded device security, but also the ramifications to public health. Dan will discuss how to address vulnerabilities in code and firmware, plus the importance of secrets and the software bill of materials.   We kick-off Cybersecurity Awareness Month with Alaina Clark, Assistant Director for Stakeholder Engagement at the Cybersecurity and Infrastructure Security Agency (CISA). Jill Aitoro, Editor in Chief at SC Media, joins Business Security Weekly for this special interview covering: CISA's Initiatives, Public-Private Partnerships, Cybersecurity Awareness Month, and their 4th annual Cyber Summit.   Show Notes: https://securityweekly.com/bsw234 Segment Resources: https://www.velentium.com/cybersecurity-training?hsCtaTracking=55e5cb87-6198-4b79-8652-a7ce03738c75%7C94d6bbbb-613b-4377-a95d-b679c8acc53b   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Picture of the Week. Another two, in-the-wild, true 0-days found and fixed in Chrome. Windows 11 arrives. A known memory leak in Windows Explorer. Ransomware and cyber warfare. On the topic of thwarting SIM swapping attacks... A widespread Android Trojan is making someone a bunch of money! There's a problem with Apple Pay and Visa. Foundation update. SpinRite update. "Something Went Wrong" We invite you to read our show notes at https://www.grc.com/sn/SN-839-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Bitwarden.com/twit business.eset.com/twit itpro.tv/securitynow promo code SN30

Picture of the Week. Another two, in-the-wild, true 0-days found and fixed in Chrome. Windows 11 arrives. A known memory leak in Windows Explorer. Ransomware and cyber warfare. On the topic of thwarting SIM swapping attacks... A widespread Android Trojan is making someone a bunch of money! There's a problem with Apple Pay and Visa. Foundation update. SpinRite update. "Something Went Wrong" We invite you to read our show notes at https://www.grc.com/sn/SN-839-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Bitwarden.com/twit business.eset.com/twit itpro.tv/securitynow promo code SN30

Picture of the Week. Another two, in-the-wild, true 0-days found and fixed in Chrome. Windows 11 arrives. A known memory leak in Windows Explorer. Ransomware and cyber warfare. On the topic of thwarting SIM swapping attacks... A widespread Android Trojan is making someone a bunch of money! There's a problem with Apple Pay and Visa. Foundation update. SpinRite update. "Something Went Wrong" We invite you to read our show notes at https://www.grc.com/sn/SN-839-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Bitwarden.com/twit business.eset.com/twit itpro.tv/securitynow promo code SN30

Picture of the Week. Another two, in-the-wild, true 0-days found and fixed in Chrome. Windows 11 arrives. A known memory leak in Windows Explorer. Ransomware and cyber warfare. On the topic of thwarting SIM swapping attacks... A widespread Android Trojan is making someone a bunch of money! There's a problem with Apple Pay and Visa. Foundation update. SpinRite update. "Something Went Wrong" We invite you to read our show notes at https://www.grc.com/sn/SN-839-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Bitwarden.com/twit business.eset.com/twit itpro.tv/securitynow promo code SN30

Picture of the Week. Another two, in-the-wild, true 0-days found and fixed in Chrome. Windows 11 arrives. A known memory leak in Windows Explorer. Ransomware and cyber warfare. On the topic of thwarting SIM swapping attacks... A widespread Android Trojan is making someone a bunch of money! There's a problem with Apple Pay and Visa. Foundation update. SpinRite update. "Something Went Wrong" We invite you to read our show notes at https://www.grc.com/sn/SN-839-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Bitwarden.com/twit business.eset.com/twit itpro.tv/securitynow promo code SN30

Picture of the Week. Another two, in-the-wild, true 0-days found and fixed in Chrome. Windows 11 arrives. A known memory leak in Windows Explorer. Ransomware and cyber warfare. On the topic of thwarting SIM swapping attacks... A widespread Android Trojan is making someone a bunch of money! There's a problem with Apple Pay and Visa. Foundation update. SpinRite update. "Something Went Wrong" We invite you to read our show notes at https://www.grc.com/sn/SN-839-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to this show at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now! at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: Bitwarden.com/twit business.eset.com/twit itpro.tv/securitynow promo code SN30

On this week's show Patrick Gray and Adam Boileau discuss the week's security news, including: Group-IB CEO arrested in Russia for treason Lawsuit alleges ransomware contributed to hospitalised baby's death Nakasone outs self as hound release advocate Syniverse owned, but we don't know how badly Why Google keyword warrants are awesome Much, much more… Nucleus co-founder Scott Kuffer is this week's sponsor guest and the topic is actually a bit hilarious. They've found a killer use case that customers are clamouring for: Being able to map vulnerabilities to org groups within your enterprise so you can see who's slacking off when it comes to patching. Links to everything that we discussed are below and you can follow Patrick or Adam on Twitter if that's your thing. Show notes Group-IB founder arrested in Moscow on state treason charges - The Record by Recorded Future Baby died because of ransomware attack on hospital, suit says Conti gang threatens to dump victim data if ransom negotiations leak to reporters - The Record by Recorded Future US to work with 30 countries to tackle ransomware problem - The Record by Recorded Future Two ransomware operators arrested in Ukraine - The Record by Recorded Future Ransomware gangs are starting more drama on cybercrime forums, upending 'honor among thieves' conventions Ransomware attack disrupts hundreds of bookstores across France, Belgium, and the Netherlands - The Record by Recorded Future NSA chief predicts U.S. will face ransomware 'every single day' for years to come - The Record by Recorded Future Company That Routes Billions of Text Messages Quietly Says It Was Hacked Hackers bypass Coinbase 2FA to steal customer funds - The Record by Recorded Future The Rise of One-Time Password Interception Bots – Krebs on Security FCC to work on rules to prevent SIM swapping attacks - The Record by Recorded Future Exclusive: Government Secretly Orders Google To Identify Anyone Who Searched A Sexual Assault Victim's Name, Address And Telephone Number How a Secret Google Geofence Warrant Helped Catch the Capitol Riot Mob | WIRED EXCLUSIVE U.S. lawmakers push for new controls on ex-spies working overseas | Reuters DHS and NIST release post-quantum cryptography guidance - The Record by Recorded Future New emergency cyber regulations lay out ‘urgently needed' rules for pipelines but draw mixed reviews - The Washington Post Rep. Katko introduces bill that would prioritize security for key US critical infrastructure Let's Encrypt root cert update catches out many big-name tech firms | The Daily Swig Academics discover hidden layer in China's Great Firewall - The Record by Recorded Future Bandwidth.com is latest victim of DDoS attacks against VoIP providers A Simple Bug Is Leaving AirTag Users Vulnerable to an Attack | WIRED Apache fixes actively exploited web server zero-day - The Record by Recorded Future Hackers posed as Amnesty International, promising anti-spyware tool that actually collects passwords Around the world with the NSA's cyber chief - The Record by Recorded Future Facebook blames 'faulty configuration change' for major outages Report: New PCR test intelligence around Wuhan suggests COVID-19 was virulent earlier than thought - The Record by Recorded Future Does This Exposed Chinese Database Pose a Security Threat?

This Week Dr. Doug talks: Facebook BGP, Disabled Vets, Coinbase, Cybermonth, Windows 11, Python Ransomware, fake plumbuses, & the Special Guest Expert Commentary of Adrian Sanabria on this episode of the Security Weekly News!   Show Notes: https://securityweekly.com/swn155 Visit https://www.securityweekly.com/swn for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Facebook restores service after dealing with an accidental BGP configuration issue. There's now a data auction site for AvosLocker ransomware. Atom Silo ransomware is quiet, patient, and stealthy. The state of investigation into those two guys collared on a ransomware beef in Kyiv last week. Ben Yelin is skeptical of data privacy poll results. Our guest is Microsoft's Ann Johnson, host of the newest show to join the CyberWire network, Afternoon Cyber Tea. And what would they have thought of the Pandora Papers in Deadwood, back in the day? For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/192

From your Visa card to your Outlook account, and from the gas you pump into your Ford to your Windows operating system, a cyber struggle is taking place all around us. In this episode Andrew spoke to founder of Microsoft's threat hunting intelligence center John Lambert, which tracks the world's most dangerous cybercriminals and state-affiliated hackers, and the head of the Digital Security Unit Cristin Goodwin, who helps provide security support to governments and works closely with John's team. Microsoft has billions of customers, serves millions of businesses, and works with almost every government department: to say it might have something to do with information and intelligence would be like saying perhaps it would have been a good idea to buy some shares when it first went public in 1986 (June 2021 it was valued at 2 trillion dollars!).

The Pandora Papers leak erstwhile private financial transactions by the rich and well-connected (and it's 150 mainstream news organizations who cooperated in bringing them to light). Flubot is using itself to scare victims into installing Flubot. Coinbase thieves exploited account recovery systems to obtain 2FA credentials. The US plans to convene an international conference on fighting cybercrime. Conti warns its victims not to talk to reporters. Andrea Little Limbago from Interos on modeling cyber risk. Carole Theriault has thoughts on facial recognition software. And a ransomware bust in Ukraine leads us to ask, why Capri Sun. (Think about it, kids.) For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/191